{ config, pkgs, lib, ... }: let hostAddress = "192.168.100.10"; localAddress = "192.168.100.11"; localPort = 4000; domain = "akkotest.local"; in { imports = [ ./akkoma/akkontainer.nix ]; networking.extraHosts = '' 127.0.0.1 ${domain} ''; services.nginx = { enable = true; virtualHosts."${domain}" = { serverName = "${domain}"; forceSSL = true; sslCertificate = "/data/selfcerts/nginx-selfsigned.crt"; sslCertificateKey = "/data/selfcerts/nginx-selfsigned.key"; locations."/" = { proxyPass = "http://${localAddress}:${toString localPort}"; proxyWebsockets = true; recommendedProxySettings = true; }; }; }; sops.secrets = let sopsFile = ../../secrets/akkotest.yaml; format = "yaml"; sopsPrefix = "akkotest"; mkSopsSecret = secretList: builtins.listToAttrs(map (name: { name = "${sopsPrefix}/${name}"; value = { inherit sopsFile; inherit format; }; }) secretList); in mkSopsSecret [ "vapid-private" "vapid-public" "liveview-salt" "signing-salt" "jwt-signer" "key-base" ]; # sops.secrets."akkotest/vapid-private" = { # sopsFile = ../../secrets/akkotest.yaml; # format = "yaml"; # }; myAkkomaContainerOptions = { enable = true; hostAddress = "192.168.100.10"; localAddress = "192.168.100.11"; localPort = 4000; domain = "akkotest.local"; containerName = "akkotest"; }; containers.akkotest = let outerConfig = config; hostDataPrefix = "/data/akkotest"; containerDataPrefix = "/data/akkotest"; in { ephemeral = true; privateNetwork = true; inherit hostAddress; inherit localAddress; allowedDevices = [ { modifier = "rwm"; node = "/dev/fuse"; } ]; bindMounts."/dev/fuse" = {}; bindMounts.static = { hostPath = "/data/static_i_akkotest"; mountPoint = "/data/akkoma/static_i"; isReadOnly = false; }; bindMounts.db = { hostPath = "/data/postgresql_akkotest"; mountPoint = "/data/postgresql"; isReadOnly = false; }; bindMounts.uploads = { hostPath = "/data/uploads_akkotest"; mountPoint = "/data/uploads"; isReadOnly = false; }; bindMounts.secrets = { hostPath = "/data/secrets_akkotest"; mountPoint = "/var/akkosecrets"; isReadOnly = true; }; bindMounts."/run/secrets/akkotest" = { isReadOnly = true; }; config = { config, pkgs, ... }: { imports = [ ./akkoma/akkontainer.nix ./akkoma/akkoma.nix ./akkoma/akkoma-static.nix ../../modules/akkoma-patches.nix ]; # myAkkomaContainerOptions = outerConfig.myAkkomaContainerOptions.mkInnerConfig; # myAkkomaContainerOptions = { # inherit hostAddress; # inherit localAddress; # inherit localPort; # inherit domain; # isContainer = true; # }; environment.systemPackages = with pkgs; [ zip unzip ]; systemd.tmpfiles.rules = [ "d /data/postgresql 700 postgres postgres -" # "d /data/uploads 700 akkoma akkoma -" "d /var/akkosecrets 500 akkoma akkoma -" ]; services.postgresql = { enable = true; package = pkgs.postgresql_15; dataDir = "/data/postgresql"; }; networking.firewall.allowedTCPPorts = [ localPort ]; }; }; }