70 lines
1.8 KiB
Nix
70 lines
1.8 KiB
Nix
{
|
|
lib,
|
|
config,
|
|
namespace,
|
|
...
|
|
}:
|
|
with lib;
|
|
let
|
|
name = "termix";
|
|
cfg = config.${namespace}.services.${name};
|
|
|
|
termixConfig = lib.${namespace}.mkModule {
|
|
inherit config name;
|
|
serviceName = "podman-${name}";
|
|
description = "termix";
|
|
options = { };
|
|
moduleConfig = {
|
|
sops = {
|
|
secrets = {
|
|
"jallen-nas/termix/client-id" = {
|
|
sopsFile = (lib.snowfall.fs.get-file "secrets/nas-secrets.yaml");
|
|
};
|
|
"jallen-nas/termix/client-secret" = {
|
|
sopsFile = (lib.snowfall.fs.get-file "secrets/nas-secrets.yaml");
|
|
};
|
|
};
|
|
templates = {
|
|
"termix.env" = {
|
|
mode = "660";
|
|
owner = "nix-apps";
|
|
group = "jallen-nas";
|
|
restartUnits = [ "podman-termix.service" ];
|
|
content = ''
|
|
OIDC_CLIENT_ID=${config.sops.placeholder."jallen-nas/termix/client-id"}
|
|
OIDC_CLIENT_SECRET=${config.sops.placeholder."jallen-nas/termix/client-secret"}
|
|
'';
|
|
};
|
|
};
|
|
};
|
|
|
|
virtualisation.oci-containers.containers.${name} = {
|
|
autoStart = true;
|
|
image = "ghcr.io/lukegus/termix";
|
|
volumes = [
|
|
"${cfg.configDir}/termix:/app/data"
|
|
];
|
|
ports = [
|
|
"${toString cfg.port}:8080"
|
|
];
|
|
environment = {
|
|
OIDC_ISSUER_URL = "https://authentik.mjallen.dev/application/o/termix/";
|
|
OIDC_AUTHORIZATION_URL = "https://authentik.mjallen.dev/application/o/authorize/";
|
|
OIDC_TOKEN_URL = "https://authentik.mjallen.dev/application/o/token/";
|
|
OIDC_FORCE_HTTPS = "true";
|
|
GUACD_HOST = "10.0.1.3";
|
|
PUID = cfg.puid;
|
|
PGID = cfg.pgid;
|
|
TZ = cfg.timeZone;
|
|
};
|
|
};
|
|
};
|
|
};
|
|
in
|
|
{
|
|
imports = [
|
|
./guacd.nix
|
|
termixConfig
|
|
];
|
|
}
|