[pocket-id] Creates Pocket ID service.

2025-03-19 12:14:54 -07:00
parent 8bd3088bcf
commit bd932a19c4
3 changed files with 51 additions and 0 deletions
--- a/system/hosts/mcp/containers/pocket-id.nix
+++ b/system/hosts/mcp/containers/pocket-id.nix
@@ -0,0 +1,42 @@
+{ config, ... }:
+let 
+  inherit (import ./lib.nix config) mkContainer blazestar;
+  userIds = import ./user-ids.nix;
+in
+{
+  users.groups.pocket-id = {
+    gid = userIds.pocket-id.gid;
+  };
+
+  users.users.pocket-id = {
+    uid = userIds.pocket-id.uid;
+    isSystemUser = true;
+    description = "System User for Pocket ID";
+    group = "pocket-id";
+  };
+
+  virtualisation.oci-containers.containers.pocket-id = mkContainer {
+    image = "ghcr.io/pocket-id/pocket-id";
+    dependsOn = [];
+    hostName = "auth";
+    port = 3000;
+    public = false;
+    domain = blazestar;
+    homepageOpts = {
+      group = "Infra";
+      name = "Pocket ID";
+      icon = "pocket-id";
+      description = "Pocket ID Auth Server";
+    };
+    volumes = [
+      "/tank/pocket-id/data:/app/backend/data"
+    ];
+    environment = {
+      PUBLIC_APP_URL = "https://auth.${blazestar}";
+      # Whether the app is behind a reverse proxy.
+      TRUST_PROXY = "true";
+      PUID = toString userIds.pocket-id.uid;
+      PGID = toString userIds.pocket-id.gid;
+    };
+  };
+}
--- a/system/hosts/mcp/containers/user-ids.nix
+++ b/system/hosts/mcp/containers/user-ids.nix
@@ -0,0 +1,8 @@
+{
+  gitea = 2001;
+  timetagger = 2002;
+  pocket-id = {
+    uid = 2003;
+    gid = 2003;
+  };
+}