{ config, ... }: let inherit (import ./lib.nix config) mkContainer mkPostgresContainer terakoda; in { imports = [ (mkPostgresContainer { name = "focalboard"; directory = "/tank/focalboard/db"; uid = config.users.users.focalboard.uid; gid = config.users.groups.focalboard.gid; passwordSecret = "focalboard/database"; }) ]; sops.secrets = { "focalboard/database" = { restartUnits = [ "podman-focalboard.service" "podman-focalboard-postgres.service" ]; mode = "0400"; owner = config.users.users.focalboard.name; }; }; sops.templates."focalboard-config.json" = { restartUnits = [ "podman-focalboard.service" ]; owner = config.users.users.focalboard.name; content = builtins.toJSON { # Defaults from https://github.com/mattermost-community/focalboard/blob/main/config.json "serverRoot" = "https://focalboard.terakoda.com"; "port" = 8000; "dbtype" = "postgres"; "dbconfig" = "postgres://focalboard:${config.sops.placeholder."focalboard/database"}@focalboard-postgres/focalboard?sslmode=disable&connect_timeout=10"; "useSSL" = true; "prometheus_address" = ":9092"; "session_expire_time" = 2592000; "session_refresh_time" = 18000; "postgres_dbconfig" = "dbname=focalboard sslmode=disable"; "webpath" = "./pack"; "filespath" = "./data/files"; "telemetry" = true; "prometheusaddress" = ":9092"; "enableLocalMode" = true; "localModeSocketLocation" = "/var/tmp/focalboard_local.socket"; }; }; virtualisation.oci-containers.containers = { focalboard = mkContainer { image = "mattermost/focalboard"; hostName = "focalboard"; domain = terakoda; dependsOn = [ "focalboard-postgres" ]; port = 8000; user = "${toString config.users.users.focalboard.name}:${config.users.groups.focalboard.name}"; volumes = [ "/tank/focalboard/data/files:/opt/focalboard/data/files" "${config.sops.templates."focalboard-config.json".path}:/opt/focalboard/config.json:ro" ]; }; }; }