CrOS/modules/users/overseer/services/openhab.nix

let
  volumePath = "/overseer/services";
in
  {
    lib,
    config,
    ...
  }:
    lib.mkIf config.user.overseer.enable {
      systemd.tmpfiles.rules = [
        "d ${volumePath}/openhab openhab"
        "d ${volumePath}/openhab/conf openhab"
        "d ${volumePath}/openhab/userdata openhab"
        "d ${volumePath}/openhab/addons openhab"
      ];
      ###########
      # Service #
      ###########

      virtualisation.oci-containers = {
        backend = "podman";
        containers."openhab" = {
          image = "openhab/openhab:5.0.0.M1";
          extraOptions = ["--ip=10.88.0.9"];
          volumes = [
            "${volumePath}/openhab/conf:/openhab/conf"
            "${volumePath}/openhab/userdata:/openhab/userdata"
            "${volumePath}/openhab/addons:/openhab/addons"
          ];
        };
      };

      services.nginx = {
        enable = true;
        recommendedProxySettings = true;
        virtualHosts = {
          "openhab.wanderingcrow.net" = {
            forceSSL = true;
            useACMEHost = "openhab.wanderingcrow.net";
            locations."/" = {
              extraConfig = ''
                allow 192.168.0.0/16;
                allow 10.8.0.0/24;
                allow 172.220.132.255;
                deny all;
              '';
              proxyPass = "http://10.88.0.9:8080";
            };
          };
        };
      };
    }