xeovalyte/nix
1
1
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
nix/modules/home/containers/pingvin-share.nix

74 lines
1.9 KiB
Nix
Raw Blame History

{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.settings.containers.pingvin-share;
in {
options = {
settings.containers.pingvin-share.enable = lib.mkOption {
type = lib.types.bool;
default = false;
description = ''
Enable Pingvin share container
'';
};
};
config = mkIf cfg.enable {
settings.services.sops.enable = true;
services.podman.containers.pingvin-share = {
image = "ghcr.io/stonith404/pingvin-share";
network = "proxy";
volumes = [
"%h/containers/pingvin-share/data:/opt/app/backend/data"
# "%h/containers/pingvin-share/config.yaml:/opt/app/config.yaml"
"${config.sops.templates."container-pingvin.yaml".path}:/opt/app/config.yaml"
];
environment = {
TRUST_PROXY = true;
};
userNS = "keep-id";
extraConfig = {
Unit = {
After = [
"sops-nix.service"
];
};
};
};
sops.templates = {
"container-pingvin.yaml" = {
content = /*yaml*/ ''
general:
secureCookies: "true"
appUrl: https://share.tbmrs.nl
showHomePage: "false"
share:
allowRegistration: "true"
maxSize: "10000000000"
oauth:
disablePassword: "false"
oidc-enabled: "true"
oidc-discoveryUri: "https://auth.tbmrs.nl/oauth2/openid/pingvin/.well-known/openid-configuration"
oidc-clientId: pingvin
oidc-clientSecret: "${config.sops.placeholder."containers/pingvin-share/oidc-secret"}"
initUser:
enabled: "true"
username: "admin"
email: "admin@example.com"
password: "my-secure-password"
isAdmin: true
ldapDN: ""
'';
};
};
sops.secrets = {
"containers/pingvin-share/oidc-secret" = { };
};
};
}
Reference in New Issue View Git Blame Copy Permalink