56 lines
1.8 KiB
Nix
56 lines
1.8 KiB
Nix
{ lib, config, ... }:
|
|
let
|
|
cfg = config.my.servers.flame;
|
|
cfgS = config.my.servers.flameSecret;
|
|
enable = (cfg.enable || cfgS.enable);
|
|
setup = import ./setup.nix { inherit lib config; };
|
|
in
|
|
{
|
|
options.my.servers = {
|
|
flame = setup.mkOptions "flame" "start" 5005;
|
|
flameSecret = setup.mkOptions "flameSecret" "qampqwn4wprhqny8h8zj" 5007;
|
|
};
|
|
config = {
|
|
networking.firewall.allowedTCPPorts = lib.mkIf (!cfg.isLocal || !cfgS.isLocal) [
|
|
cfg.port
|
|
cfgS.port
|
|
];
|
|
sops.secrets = lib.mkIf enable { flame.sopsFile = ../../secrets/env.yaml; };
|
|
virtualisation.oci-containers.containers = lib.mkIf enable {
|
|
flame = lib.mkIf cfg.enable {
|
|
autoStart = true;
|
|
image = "pawelmalak/flame";
|
|
ports = [ "${toString cfg.port}:${toString cfg.port}" ];
|
|
volumes = [
|
|
"${config.my.containerData}/flame:/app/data"
|
|
"${config.my.containerSocket}:${config.my.containerSocket}"
|
|
];
|
|
environmentFiles = [ config.sops.secrets.flame.path ];
|
|
environment = {
|
|
TZ = config.my.timeZone;
|
|
PUID = "1000";
|
|
PGID = "100";
|
|
};
|
|
};
|
|
flame-nsfw = lib.mkIf cfgS.enable {
|
|
autoStart = true;
|
|
image = "pawelmalak/flame";
|
|
ports = [ "${toString cfgS.port}:${toString cfg.port}" ];
|
|
volumes = [ "${config.my.containerData}/flame-nsfw:/app/data" ];
|
|
environmentFiles = [ config.sops.secrets.flame.path ];
|
|
environment = {
|
|
TZ = config.my.timeZone;
|
|
PUID = "1000";
|
|
PGID = "100";
|
|
};
|
|
};
|
|
};
|
|
services.nginx = {
|
|
virtualHosts = lib.mkIf (cfg.enableProxy || cfgS.enableProxy) {
|
|
"${cfg.host}" = setup.proxyReverse cfg.hostName cfg.port // { };
|
|
"${cfgS.host}" = setup.proxyReverse cfgS.hostName cfgS.port // { };
|
|
};
|
|
};
|
|
};
|
|
}
|