{ pkgs, config, lib, ... }: { config = { users.groups.maloja = {}; users.users.maloja = { isSystemUser = true; description = "maloja"; group = "maloja"; home = "/var/lib/maloja"; }; security.lockKernelModules = lib.mkForce false; virtualisation.oci-containers.containers.maloja = { ports = ["42010:42010"]; image = "krateng/maloja"; volumes = [ "/var/lib/maloja:/data" ]; environment = { MALOJA_DATA_DIRECTORY = "/data"; MALOJA_SKIP_SETUP = "True"; MALOJA_NAME = "tzlil"; MAlOJA_PROXY_IMAGES = "True"; }; }; # systemd.services.podman-maloja.serviceConfig.User = "maloja"; # systemd.services.podman-maloja.serviceConfig.Group = "maloja"; networking.firewall.allowedTCPPorts = [42010]; environment.persistence."/nix/persist".directories = [ { directory = "/var/lib/maloja"; user = "maloja"; group = "maloja"; } ]; services.caddy = { virtualHosts."fm.tzlil.net".extraConfig = '' bind 0.0.0.0 reverse_proxy :42010 ''; }; }; }