{ config, lib, pkgs, ... }: with lib; let cfg = config.settings.containers.pingvin-share; in { options = { settings.containers.pingvin-share.enable = lib.mkOption { type = lib.types.bool; default = false; description = '' Enable Pingvin share container ''; }; }; config = mkIf cfg.enable { settings.services.sops.enable = true; services.podman.containers.pingvin-share = { image = "ghcr.io/stonith404/pingvin-share"; network = "proxy"; volumes = [ "%h/containers/pingvin-share/data:/opt/app/backend/data" # "%h/containers/pingvin-share/config.yaml:/opt/app/config.yaml" "${config.sops.templates."container-pingvin.yaml".path}:/opt/app/config.yaml" ]; environment = { TRUST_PROXY = true; }; userNS = "keep-id"; extraConfig = { Unit = { After = [ "sops-nix.service" ]; }; }; }; settings.containers.caddy.routes.tbmrs.routes = [{ name = "pingvin-share"; host = "share"; url = "pingvin-share:3000"; }]; sops.templates = { "container-pingvin.yaml" = { content = /*yaml*/ '' general: secureCookies: "true" appUrl: https://share.tbmrs.nl showHomePage: "false" share: allowRegistration: "true" maxSize: "10000000000" oauth: disablePassword: "false" oidc-enabled: "true" oidc-discoveryUri: "https://auth.tbmrs.nl/oauth2/openid/pingvin/.well-known/openid-configuration" oidc-clientId: pingvin oidc-clientSecret: "${config.sops.placeholder."containers/pingvin-share/oidc-secret"}" initUser: enabled: "true" username: "admin" email: "admin@example.com" password: "my-secure-password" isAdmin: true ldapDN: "" ''; }; }; sops.secrets = { "containers/pingvin-share/oidc-secret" = { }; }; }; }