NixOS/modules/servers/flame.nix

{ lib, config, ... }:
let
  cfg = config.my.servers.flame;
  cfgS = config.my.servers.flameSecret;
  enable = (cfg.enable || cfgS.enable) && config.my.secureHost;
  setup = import ../factories/mkserver.nix { inherit lib config; };
in
{
  options.my.servers = {
    flame = setup.mkOptions "flame" "start" 5005;
    flameSecret = setup.mkOptions "flameSecret" "qampqwn4wprhqny8h8zj" 5007;
  };
  config = lib.mkIf enable {
    sops.secrets = {
      flame.sopsFile = ../../secrets/env.yaml;
    };
    virtualisation.oci-containers.containers = lib.mkIf enable {
      flame = lib.mkIf cfg.enable {
        autoStart = true;
        image = "pawelmalak/flame";
        ports = [ "${toString cfg.port}:${toString cfg.port}" ];
        volumes = [
          "${config.my.containerData}/flame:/app/data"
          "${config.my.containerSocket}:${config.my.containerSocket}"
        ];
        environmentFiles = [ config.sops.secrets.flame.path ];
        environment = {
          TZ = config.my.timeZone;
          PUID = toString config.users.users.jawz.uid;
          PGID = toString config.users.groups.users.gid;
        };
      };
      flame-nsfw = lib.mkIf cfgS.enable {
        autoStart = true;
        image = "pawelmalak/flame";
        ports = [ "${toString cfgS.port}:${toString cfg.port}" ];
        volumes = [ "${config.my.containerData}/flame-nsfw:/app/data" ];
        environmentFiles = [ config.sops.secrets.flame.path ];
        environment = {
          TZ = config.my.timeZone;
          PUID = toString config.users.users.jawz.uid;
          PGID = toString config.users.groups.users.gid;
        };
      };
    };
  };
}