From 1b40ddcb978dec8cf52a82319f1f8b4e4eedd3f8 Mon Sep 17 00:00:00 2001
From: tdback <tyler@tdback.net>
Date: Sun, 26 Jan 2025 11:31:39 -0500
Subject: containers: reworked each container to be a standalone module

---
 modules/containers/freshrss/default.nix | 88 ++++++++++++++++++++++++++-------
 1 file changed, 69 insertions(+), 19 deletions(-)

(limited to 'modules/containers/freshrss/default.nix')

diff --git a/modules/containers/freshrss/default.nix b/modules/containers/freshrss/default.nix
index 7cbe944..7d2e5eb 100644
--- a/modules/containers/freshrss/default.nix
+++ b/modules/containers/freshrss/default.nix
@@ -1,27 +1,77 @@
-{ ... }:
+{
+  config,
+  lib,
+  ...
+}:
+with lib;
 let
-  directory = "/opt/freshrss";
-  port = "8888";
+  service = "freshrss";
+  cfg = config.modules.containers.${service};
 in
 {
-  systemd.tmpfiles.rules = builtins.map (x: "d ${x} 0755 share share - -") [ directory ];
+  options.modules.containers.${service} = {
+    enable = mkEnableOption service;
+    user = mkOption {
+      default = "share";
+      type = types.str;
+    };
+    group = mkOption {
+      default = "share";
+      type = types.str;
+    };
+    port = mkOption {
+      default = 8888;
+      type = types.int;
+    };
+    url = mkOption {
+      default = null;
+      type = types.str;
+    };
+    configDir = mkOption {
+      default = "/opt/${service}";
+      type = types.str;
+    };
+  };
+
+  config = mkIf cfg.enable {
+    users.users.${cfg.user} = {
+      isSystemUser = true;
+      group = cfg.group;
+    };
+
+    users.groups.${cfg.group} = { };
 
-  virtualisation.oci-containers.containers.freshrss = {
-    image = "freshrss/freshrss:latest";
-    autoStart = true;
-    ports = [ "${port}:80" ];
-    volumes = [
-      "${directory}/data:/var/www/FreshRSS/data"
-      "${directory}/extensions:/var/www/FreshRSS/extensions"
+    networking.firewall.allowedTCPPorts = [
+      80
+      443
     ];
-    environment = {
-      TZ = "America/Detroit";
-      CRON_MIN = "*/20";
+
+    services.caddy = {
+      enable = true;
+      virtualHosts = {
+        ${cfg.url}.extraConfig = ''
+          encode zstd gzip
+          reverse_proxy http://localhost:${builtins.toString cfg.port}
+        '';
+      };
     };
-  };
 
-  services.caddy.virtualHosts."fresh.brownbread.net".extraConfig = ''
-    encode zstd gzip
-    reverse_proxy http://localhost:${port}
-  '';
+    systemd.tmpfiles.rules = builtins.map (f: "d ${f} 0755 ${cfg.user} ${cfg.group} - -") [
+      cfg.configDir
+    ];
+
+    virtualisation.oci-containers.containers.${service} = {
+      image = "${service}/${service}:latest";
+      autoStart = true;
+      ports = [ "${builtins.toString cfg.port}:80" ];
+      volumes = [
+        "${cfg.configDir}/data:/var/www/FreshRSS/data"
+        "${cfg.configDir}/extensions:/var/www/FreshRSS/extensions"
+      ];
+      environment = {
+        TZ = "America/Detroit";
+        CRON_MIN = "*/20";
+      };
+    };
+  };
 }
-- 
cgit v1.2.3