{ lib, config, inputs, ... }: let port = builtins.toString (lib.custom.autoport "booklore"); volumePath = "/overseer/services"; sopsFolder = inputs.nix-secrets + "/sops"; in { systemd.tmpfiles.rules = [ "d ${volumePath}/booklore" "d ${volumePath}/booklore/books" "d ${volumePath}/booklore/bookdrop" "d ${volumePath}/booklore/data" "d ${volumePath}/booklore/database" ]; sops.secrets = { "booklore/db/root_pass" = { sopsFile = "${sopsFolder}/services.yaml"; }; "booklore/db/pass" = { sopsFile = "${sopsFolder}/services.yaml"; }; }; sops.templates."booklore-env".content = '' MYSQL_ROOT_PASSWORD = ${config.sops.placeholder."booklore/db/root_pass"} MYSQL_PASSWORD = ${config.sops.placeholder."booklore/db/pass"} DATABASE_PASSWORD = ${config.sops.placeholder."booklore/db/pass"} ''; services.caddy.virtualHosts."booklore.wanderingcrow.net".extraConfig = '' reverse_proxy localhost:${port} ''; virtualisation.quadlet = { containers = { booklore-web.containerConfig = { image = "ghcr.io/booklore-app/booklore:v1.14.1"; pod = config.virtualisation.quadlet.pods.booklore.ref; environments = { DATABASE_URL = "jdbc:mariadb://localhost:3306/booklore"; DATABASE_USERNAME = "booklore"; BOOKLORE_PORT = "6060"; # FIXME: convert to secrets DATABASE_PASSWORD = "changeme"; }; environmentFiles = [ config.sops.templates."booklore-env".path ]; volumes = [ "${volumePath}/booklore/books:/books" "${volumePath}/booklore/bookdrop:/bookdrop" "${volumePath}/booklore/data:/app/data" ]; }; booklore-db.containerConfig = { image = "lscr.io/linuxserver/mariadb:11.4.8"; pod = config.virtualisation.quadlet.pods.booklore.ref; environments = { TZ = "Etc/UTC"; PUID = "0"; PGID = "0"; MYSQL_USER = "booklore"; MYSQL_DATABASE = "booklore"; # FIXME: convert to secrets MYSQL_ROOT_PASSWORD = "changeme"; MYSQL_PASSWORD = "changeme"; }; environmentFiles = [ config.sops.templates."booklore-env".path ]; volumes = [ "${volumePath}/booklore/database:/config" ]; }; }; pods.booklore = { podConfig.publishPorts = [ "${port}:6060" ]; }; }; }