From bd932a19c4b538dff0dd295323ec54da88be180c Mon Sep 17 00:00:00 2001
From: Drew Haven <drew.haven@gmail.com>
Date: Wed, 19 Mar 2025 12:14:54 -0700
Subject: [PATCH] [pocket-id] Creates Pocket ID service.

---
 system/hosts/mcp/containers.nix           |  1 +
 system/hosts/mcp/containers/pocket-id.nix | 42 +++++++++++++++++++++++
 system/hosts/mcp/containers/user-ids.nix  |  8 +++++
 3 files changed, 51 insertions(+)
 create mode 100644 system/hosts/mcp/containers/pocket-id.nix
 create mode 100644 system/hosts/mcp/containers/user-ids.nix

diff --git a/system/hosts/mcp/containers.nix b/system/hosts/mcp/containers.nix
index 30fce53..f40a6db 100644
--- a/system/hosts/mcp/containers.nix
+++ b/system/hosts/mcp/containers.nix
@@ -8,6 +8,7 @@
     ./containers/jobhunt.nix
     ./containers/nextcloud.nix
     ./containers/prometheus.nix
+    ./containers/pocket-id.nix
     ./containers/public-homepage.nix
     ./containers/searxng.nix
     ./containers/shared-postgres.nix
diff --git a/system/hosts/mcp/containers/pocket-id.nix b/system/hosts/mcp/containers/pocket-id.nix
new file mode 100644
index 0000000..9286c4d
--- /dev/null
+++ b/system/hosts/mcp/containers/pocket-id.nix
@@ -0,0 +1,42 @@
+{ config, ... }:
+let 
+  inherit (import ./lib.nix config) mkContainer blazestar;
+  userIds = import ./user-ids.nix;
+in
+{
+  users.groups.pocket-id = {
+    gid = userIds.pocket-id.gid;
+  };
+
+  users.users.pocket-id = {
+    uid = userIds.pocket-id.uid;
+    isSystemUser = true;
+    description = "System User for Pocket ID";
+    group = "pocket-id";
+  };
+
+  virtualisation.oci-containers.containers.pocket-id = mkContainer {
+    image = "ghcr.io/pocket-id/pocket-id";
+    dependsOn = [];
+    hostName = "auth";
+    port = 3000;
+    public = false;
+    domain = blazestar;
+    homepageOpts = {
+      group = "Infra";
+      name = "Pocket ID";
+      icon = "pocket-id";
+      description = "Pocket ID Auth Server";
+    };
+    volumes = [
+      "/tank/pocket-id/data:/app/backend/data"
+    ];
+    environment = {
+      PUBLIC_APP_URL = "https://auth.${blazestar}";
+      # Whether the app is behind a reverse proxy.
+      TRUST_PROXY = "true";
+      PUID = toString userIds.pocket-id.uid;
+      PGID = toString userIds.pocket-id.gid;
+    };
+  };
+}
diff --git a/system/hosts/mcp/containers/user-ids.nix b/system/hosts/mcp/containers/user-ids.nix
new file mode 100644
index 0000000..a93dc3f
--- /dev/null
+++ b/system/hosts/mcp/containers/user-ids.nix
@@ -0,0 +1,8 @@
+{
+  gitea = 2001;
+  timetagger = 2002;
+  pocket-id = {
+    uid = 2003;
+    gid = 2003;
+  };
+}