[Offen] Sets up offen.

system/hosts/mcp/containers/offen.nix

@@ -0,0 +1,47 @@
+{ config, ... }:
+let
+  inherit (import ./lib.nix config) mkContainer terakoda;
+  userIds = import ./user-ids.nix;
+in {
+  users = userIds.mkUserAndGroup "offen" userIds.offen;
+
+  sops = {
+    secrets = {
+      "offen/smtp-token" = {};
+      "offen/secret" = {};
+    };
+    templates."offen.env" = {
+      mode = "0400";
+      owner = config.users.users.offen.name;
+      group = config.users.users.offen.group;
+      content = ''
+        OFFEN_SECRET="${config.sops.placeholder."offen/secret"}"
+        OFFEN_SMTP_USER="offen@terakoda.com"
+        OFFEN_SMTP_PASSWORD="${config.sops.placeholder."offen/smtp-token"}"
+        OFFEN_SMTP_HOST="smtp.protonmail.ch"
+        OFFEN_SMTP_PORT="587"
+        OFFEN_SMTP_SENDER="offen@terakoda.com"
+        OFFEN_SMTP_AUTHTYPE="LOGIN"
+      '';
+    };
+  };
+
+  virtualisation.oci-containers.containers.offen = mkContainer {
+    image = "offen/offen";
+    hostName = "offen";
+    domain = terakoda;
+    user = "${toString userIds.offen.uid}:${toString userIds.offen.gid}";
+    port = 80;
+    volumes = [
+      "${config.sops.templates."offen.env".path}:/etc/offen/offen.env:ro"
+      "/tank/offen/data:/var/opt/offen"
+    ];
+    # TODO: When running with this option the service fails to start with errors:
+    #   Unmounting /var/lib/containers/storage/overlay/{hash}/merged: invalid argument
+    #   Error: mounting storage for container {hash}: creating overlay mount to {overlay info}
+    # extraOptions = [
+    #   "--uidmap=10000:${toString userIds.offen.uid}"
+    #   "--gidmap=10001:${toString userIds.offen.gid}"
+    # ];
+  };
+}