summary refs log tree commit diff
path: root/hosts/vps/hydrus.nix
blob: c967fbcef0c8c6b236124afb0ee83054ce5987ab (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
{
  pkgs,
  config,
  lib,
  ...
}: {
  config = {
    users.groups.hydrus = {};
    users.users.hydrus = {
      isSystemUser = true;
      description = "hydrus";
      group = "hydrus";
      home = "/home/hydrus";
    };

    systemd.services.Xvnc = {
      description = "Xvnc";
      wantedBy = ["multi-user.target"];

      serviceConfig = {
        ExecStart = "${pkgs.turbovnc}/bin/Xvnc :30 -iglx -depth 24 -rfbwait 120000 -deferupdate 1 -localhost -verbose -securitytypes none";
        User = "hydrus";
        Group = "hydrus";
        Restart = "on-failure";
        RestartSec = "5s";
      };
    };

    systemd.services.hydrus = {
      description = "Hydrus";
      wantedBy = ["multi-user.target" "Xvnc.service"];
      wants = ["podman-hydrus-web.service"];

      serviceConfig = {
        Environment = "DISPLAY=:30";
        ExecStart = "${pkgs.hydrus}/bin/hydrus-client -d /home/hydrus";
        User = "hydrus";
        Group = "hydrus";
        Restart = "on-failure";
        RestartSec = "5s";
      };
    };

    security.lockKernelModules = lib.mkForce false;
    virtualisation.oci-containers.containers.hydrus-web = {
      ports = ["100.67.217.90:8080:80"];
      image = "ghcr.io/floogulinc/hydrus-web:dev";
    };

    networking.firewall.allowedTCPPorts = [45869];

    environment.persistence."/nix/persist".directories = [
      {
        directory = "/home/hydrus";
        user = "hydrus";
        group = "hydrus";
      }
    ];
  };
}