45 lines
No EOL
1.1 KiB
Nix
45 lines
No EOL
1.1 KiB
Nix
{ config, pkgs, ... }:
|
|
|
|
let
|
|
UID = 1128;
|
|
in {
|
|
users.users.picard = {
|
|
isNormalUser = true;
|
|
uid = UID;
|
|
extraGroups = [ "geesefs" ];
|
|
};
|
|
|
|
virtualisation.oci-containers.containers.picard = {
|
|
image = "mikenye/picard:2.12.3";
|
|
environment = {
|
|
USER_ID = builtins.toString UID;
|
|
GROUP_ID = builtins.toString config.users.groups.geesefs.gid;
|
|
TZ = "Europe/Moscow";
|
|
KEEP_APP_RUNNING = "1";
|
|
WEB_AUDIO = "1";
|
|
# ENABLE_CJK_FONT = "1";
|
|
};
|
|
extraOptions = [
|
|
"--mount=type=bind,source=/mnt/s3-desu-priv-encrypted/music,target=/storage/s3"
|
|
"--mount=type=bind,source=/srv/picard,target=/config"
|
|
];
|
|
};
|
|
systemd.services.docker-picard.requires = [ "gocryptfs.service" ];
|
|
|
|
systemd.tmpfiles.rules = [
|
|
"d /srv/picard 0700 ${builtins.toString UID} ${builtins.toString UID} -"
|
|
];
|
|
|
|
services.nginx.virtualHosts."picard.stupid.fish" = {
|
|
forceSSL = true;
|
|
useACMEHost = "stupid.fish";
|
|
extraConfig = ''
|
|
allow 10.0.0.0/8;
|
|
deny all;
|
|
'';
|
|
|
|
locations."/" = {
|
|
proxyPass = "http://picard.docker:5800$request_uri";
|
|
};
|
|
};
|
|
} |