From 0001f0a5a48d6c3ca29a66d737489ce0fa7109a0 Mon Sep 17 00:00:00 2001
From: teidesu <alina@tei.su>
Date: Sat, 26 Oct 2024 23:35:48 +0300
Subject: [PATCH] feat(koi): memos

---
 hosts/koi/configuration.nix             |  1 +
 hosts/koi/containers/kanidm/default.nix |  2 +-
 hosts/koi/containers/memos/default.nix  | 44 +++++++++++++++++++++++++
 3 files changed, 46 insertions(+), 1 deletion(-)
 create mode 100644 hosts/koi/containers/memos/default.nix

diff --git a/hosts/koi/configuration.nix b/hosts/koi/configuration.nix
index 8813f49..95d7666 100755
--- a/hosts/koi/configuration.nix
+++ b/hosts/koi/configuration.nix
@@ -32,6 +32,7 @@
     ./containers/zond
     ./containers/kanidm
     ./containers/siyuan
+    ./containers/memos
     ./containers/teisu.nix
     ./containers/bots/pcre-sub-bot.nix
     ./containers/bots/channel-logger-bot.nix
diff --git a/hosts/koi/containers/kanidm/default.nix b/hosts/koi/containers/kanidm/default.nix
index cb899ab..a2982ca 100644
--- a/hosts/koi/containers/kanidm/default.nix
+++ b/hosts/koi/containers/kanidm/default.nix
@@ -32,7 +32,7 @@ in {
       "${(secrets.file config "kanidm-tls-cert")}:/data/chain.pem"
     ];
     
-    user = "${builtins.toString UID}:60";
+    user = "${builtins.toString UID}";
   };
 
   systemd.tmpfiles.rules = [
diff --git a/hosts/koi/containers/memos/default.nix b/hosts/koi/containers/memos/default.nix
new file mode 100644
index 0000000..8a604d1
--- /dev/null
+++ b/hosts/koi/containers/memos/default.nix
@@ -0,0 +1,44 @@
+{ abs, pkgs, config, ... }@inputs:
+
+let 
+  UID = 1114;
+in {
+  users.users.memos = {
+    isNormalUser = true;
+    uid = UID;
+  };
+
+  services.postgresql.ensureUsers = [
+    { name = "memos"; ensureDBOwnership = true; }
+  ];
+  services.postgresql.ensureDatabases = [ "memos" ];
+  desu.postgresql.ensurePasswords.memos = "memos";
+
+  virtualisation.oci-containers.containers.memos = {
+    image = "neosmemo/memos:0.22.5";
+    volumes = [
+      "/srv/memos/data:/var/opt/memoss"
+    ];
+
+    environment = {
+      MEMOS_DRIVER = "postgres";
+      MEMOS_DSN = "postgresql://memos:memos@172.17.0.1:5432/memos?sslmode=disable";
+    };
+    
+    user = "${builtins.toString UID}";
+  };
+
+  systemd.tmpfiles.rules = [
+    "d /srv/memos/data 0700 ${builtins.toString UID} ${builtins.toString UID} -"
+  ];
+
+  services.nginx.virtualHosts."lore.stupid.fish" = {
+    forceSSL = true;
+    useACMEHost = "stupid.fish";
+
+    locations."/" = {
+      proxyPass = "http://memos.docker:5230$request_uri";
+      proxyWebsockets = true;
+    };
+  };
+}
\ No newline at end of file