55 lines
1.5 KiB
Nix
55 lines
1.5 KiB
Nix
{
|
|
config,
|
|
pkgs,
|
|
...
|
|
}: let
|
|
service-name = "discord-autodelete";
|
|
uid = 989;
|
|
gid = 5638;
|
|
in {
|
|
age.secrets.discord-autodelete-config.file = ../../secrets/discord-autodelete-config.age;
|
|
|
|
users = {
|
|
users.${service-name} = {
|
|
isSystemUser = true;
|
|
group = service-name;
|
|
home = "/var/lib/${service-name}";
|
|
inherit uid;
|
|
subUidRanges = [{
|
|
startUid = 200000;
|
|
count = 65536;
|
|
}];
|
|
subGidRanges = [{
|
|
startGid = 200000;
|
|
count = 65536;
|
|
}];
|
|
};
|
|
groups = {
|
|
${service-name}.gid = gid;
|
|
};
|
|
};
|
|
|
|
services.dbus.enable = true;
|
|
|
|
environment.systemPackages = with pkgs; [ dbus ];
|
|
|
|
systemd.tmpfiles.rules = [
|
|
"d /var/lib/${service-name} 0700 ${service-name} ${toString gid}"
|
|
"d /var/lib/${service-name}/data 0700 ${service-name} ${toString gid}"
|
|
];
|
|
|
|
systemd.services."${config.virtualisation.oci-containers.backend}-${service-name}".serviceConfig = {
|
|
User = service-name;
|
|
};
|
|
|
|
virtualisation.oci-containers.containers.${service-name} = {
|
|
image = "ksurl/autodelete-discord";
|
|
autoStart = true;
|
|
ports = [ "5638:5638" ];
|
|
volumes = [
|
|
"/var/lib/${service-name}/data:/${service-name}/data"
|
|
"${config.age.secrets.discord-autodelete-config.path}:/${service-name}/config.yml"
|
|
];
|
|
user = "${service-name}:${service-name}";
|
|
};
|
|
}
|