49 lines
1.4 KiB
Nix
49 lines
1.4 KiB
Nix
{
|
|
lib,
|
|
config,
|
|
namespace,
|
|
...
|
|
}:
|
|
let
|
|
cfg = config.${namespace}.services.termix;
|
|
net = lib.${namespace}.network;
|
|
inherit (lib.${namespace}) mkSopsEnvFile mkContainerService;
|
|
in
|
|
{
|
|
imports = [
|
|
./guacd.nix
|
|
|
|
# Sops env-file for OIDC credentials
|
|
{
|
|
config = lib.mkIf cfg.enable (mkSopsEnvFile {
|
|
name = "termix.env";
|
|
restartUnit = "podman-termix.service";
|
|
secrets = {
|
|
"jallen-nas/termix/client-id" = { };
|
|
"jallen-nas/termix/client-secret" = { };
|
|
};
|
|
content = ''
|
|
OIDC_CLIENT_ID=${config.sops.placeholder."jallen-nas/termix/client-id"}
|
|
OIDC_CLIENT_SECRET=${config.sops.placeholder."jallen-nas/termix/client-secret"}
|
|
'';
|
|
});
|
|
}
|
|
|
|
(mkContainerService {
|
|
inherit config;
|
|
name = "termix";
|
|
image = "ghcr.io/lukegus/termix";
|
|
internalPort = 8080;
|
|
volumes = [ "${cfg.configDir}/termix:/app/data" ];
|
|
environmentFiles = [ config.sops.templates."termix.env".path ];
|
|
environment = {
|
|
OIDC_ISSUER_URL = "https://authentik.mjallen.dev/application/o/termix/";
|
|
OIDC_AUTHORIZATION_URL = "https://authentik.mjallen.dev/application/o/authorize/";
|
|
OIDC_TOKEN_URL = "https://authentik.mjallen.dev/application/o/token/";
|
|
OIDC_FORCE_HTTPS = "true";
|
|
GUACD_HOST = net.hosts.nas.lan;
|
|
};
|
|
})
|
|
];
|
|
}
|