diff --git a/machines/deedee/configuration.nix b/machines/deedee/configuration.nix index 57dead75..63132b53 100644 --- a/machines/deedee/configuration.nix +++ b/machines/deedee/configuration.nix @@ -287,6 +287,7 @@ rec { vaultwarden.enable = true; vikunja.enable = false; wakapi.enable = true; + wallos.enable = true; whoogle.enable = true; }; diff --git a/modules/system/containers/default.nix b/modules/system/containers/default.nix index cae637ed..1d630213 100644 --- a/modules/system/containers/default.nix +++ b/modules/system/containers/default.nix @@ -37,6 +37,7 @@ _: { ./vaultwarden ./vikunja ./wakapi + ./wallos ./wg-easy ./whoogle ./zigbee2mqtt diff --git a/modules/system/containers/wallos/default.nix b/modules/system/containers/wallos/default.nix new file mode 100644 index 00000000..e1d82623 --- /dev/null +++ b/modules/system/containers/wallos/default.nix @@ -0,0 +1,77 @@ +{ + config, + lib, + svc, + ... +}: +let + cfg = config.mySystemApps.wallos; +in +{ + options.mySystemApps.wallos = { + enable = lib.mkEnableOption "wallos container"; + backup = lib.mkEnableOption "data backup" // { + default = true; + }; + dataDir = lib.mkOption { + type = lib.types.str; + description = "Path to directory containing data."; + default = "/var/lib/wallos"; + }; + }; + + config = lib.mkIf cfg.enable { + warnings = [ (lib.mkIf (!cfg.backup) "WARNING: Backups for wallos are disabled!") ]; + + virtualisation.oci-containers.containers.wallos = svc.mkContainer { + cfg = { + image = "ghcr.io/deedee-ops/wallos:2.41.0@sha256:14fc6f16aef48873df160863004ce53b8761e15eb0cb79a92f592ac01b3332e4"; + volumes = [ + "${cfg.dataDir}/config:/config" + "${cfg.dataDir}/data:/data" + ]; + }; + opts = { + # fetching logos + allowPublic = true; + }; + }; + + services = { + nginx.virtualHosts.wallos = svc.mkNginxVHost { + host = "wallos"; + proxyPass = "http://wallos.docker:9000"; + customCSP = '' + default-src 'self' 'unsafe-eval' 'wasm-unsafe-eval' 'unsafe-inline' data: + mediastream: blob: wss: https://*.${config.mySystem.rootDomain}; + object-src 'none'; + img-src 'self' data: blob: https:; + ''; + }; + restic.backups = lib.mkIf cfg.backup ( + svc.mkRestic { + name = "wallos"; + paths = [ cfg.dataDir ]; + } + ); + }; + + systemd.services.docker-wallos = { + preStart = lib.mkAfter '' + mkdir -p "${cfg.dataDir}/config" "${cfg.dataDir}/data" + chown 65000:65000 "${cfg.dataDir}/config" "${cfg.dataDir}/data" + ''; + }; + + environment.persistence."${config.mySystem.impermanence.persistPath}" = + lib.mkIf config.mySystem.impermanence.enable + { directories = [ cfg.dataDir ]; }; + + mySystemApps.homepage = { + services.Apps.wallos = svc.mkHomepage "wallos" // { + icon = "wallos.png"; + description = "Subscriptions manager"; + }; + }; + }; +}