{ config, pkgs, lib, ... }: let rootDomain = "lgmrszd.xyz"; hostAddress = "192.168.100.10"; localAddress = "192.168.100.11"; localPort = 4000; domain = "akko429164.testdrive.${rootDomain}"; in { imports = [ ./akkoma/akkontainer.nix ]; services.nginx.virtualHosts."${domain}" = { serverName = "${domain}"; forceSSL = true; useACMEHost = "${rootDomain}"; locations."/" = { proxyPass = "http://${localAddress}:${toString localPort}"; proxyWebsockets = true; recommendedProxySettings = true; }; }; sops.secrets = let sopsFile = ../../secrets/akkotest-vps.yaml; format = "yaml"; sopsPrefix = "akkotest-vps"; mkSopsSecret = secretList: builtins.listToAttrs(map (name: { name = "${sopsPrefix}/${name}"; value = { inherit sopsFile; inherit format; }; }) secretList); in mkSopsSecret [ "vapid-private" "vapid-public" "liveview-salt" "signing-salt" "jwt-signer" "key-base" ]; myAkkomaContainerOptions = { enable = true; # hostAddress = "192.168.100.10"; # localAddress = "192.168.100.11"; # localPort = 4000; # domain = "akkotest.local"; inherit hostAddress; inherit localAddress; inherit localPort; inherit domain; containerName = "akkotest"; }; users = { users."akkoma" = { description = "Fake Akkoma user to set up files permissions"; group = "akkoma"; isSystemUser = true; uid = 1234; }; groups."akkoma" = { gid = 1234; }; }; containers.akkotest = let outerConfig = config; hostDataPrefix = "/data/akkotest"; containerDataPrefix = "/data/akkotest"; in { ephemeral = true; privateNetwork = true; inherit hostAddress; inherit localAddress; allowedDevices = [ { modifier = "rwm"; node = "/dev/fuse"; } ]; bindMounts."/dev/fuse" = {}; bindMounts.static = { hostPath = "/data/akkotest/static_i"; mountPoint = "/data/akkoma/static_i"; isReadOnly = false; }; bindMounts.db = { hostPath = "/data/akkotest/postgresql"; mountPoint = "/data/postgresql"; isReadOnly = false; }; bindMounts.uploads = { hostPath = "/data/akkotest/uploads"; mountPoint = "/data/akkoma/uploads"; isReadOnly = false; }; # bindMounts.secrets = { # hostPath = "/data/secrets_akkotest"; # mountPoint = "/var/akkosecrets"; # isReadOnly = true; # }; bindMounts."/run/secrets/akkotest-vps" = { isReadOnly = true; }; config = { config, pkgs, ... }: { imports = [ ./akkoma/akkontainer.nix ./akkoma/akkoma.nix ./akkoma/akkoma-static.nix ../../modules/akkoma-patches.nix ]; users = { users."akkoma" = { description = "Akkoma user"; group = "akkoma"; isSystemUser = true; uid = 1234; }; groups."akkoma" = { gid = 1234; }; }; # myAkkomaContainerOptions = outerConfig.myAkkomaContainerOptions.mkInnerConfig; # myAkkomaContainerOptions = { # inherit hostAddress; # inherit localAddress; # inherit localPort; # inherit domain; # isContainer = true; # }; environment.systemPackages = with pkgs; [ zip unzip ]; systemd.tmpfiles.rules = [ "d /data/postgresql 700 postgres postgres -" # "d /data/uploads 700 akkoma akkoma -" # "d /var/akkosecrets 500 akkoma akkoma -" ]; services.postgresql = { enable = true; package = pkgs.postgresql_15; dataDir = "/data/postgresql"; }; networking.firewall.allowedTCPPorts = [ localPort ]; }; }; }