hosts/vps/maloja.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51

{
  pkgs,
  config,
  lib,
  ...
}: {
  config = {
    users.groups.maloja = {};
    users.users.maloja = {
      isSystemUser = true;
      description = "maloja";
      group = "maloja";
      home = "/var/lib/maloja";
    };

    security.lockKernelModules = lib.mkForce false;
    virtualisation.oci-containers.containers.maloja = {
      ports = ["42010:42010"];
      image = "krateng/maloja";
      volumes = [
        "/var/lib/maloja:/data"
      ];
      environment = {
        MALOJA_DATA_DIRECTORY = "/data";
        MALOJA_SKIP_SETUP = "True";
        MALOJA_NAME = "tzlil";
        MAlOJA_PROXY_IMAGES = "True";
      };
    };

    # systemd.services.podman-maloja.serviceConfig.User = "maloja";
    # systemd.services.podman-maloja.serviceConfig.Group = "maloja";

    networking.firewall.allowedTCPPorts = [42010];

    environment.persistence."/nix/persist".directories = [
      {
        directory = "/var/lib/maloja";
        user = "maloja";
        group = "maloja";
      }
    ];

    services.caddy = {
      virtualHosts."fm.tzlil.net".extraConfig = ''
        bind 0.0.0.0
        reverse_proxy :42010
      '';
    };
  };
}