53 lines
1.4 KiB
Nix
53 lines
1.4 KiB
Nix
{ config, ... }:
|
|
let
|
|
inherit (import ./lib.nix config) mkContainer blazestar;
|
|
userIds = import ./user-ids.nix;
|
|
# The default is to run on port 80, which the pocket-id user cannot bind to.
|
|
# We need a different port to be able to serve traffic.
|
|
# The following ports in the container are already taken:
|
|
# - 8080: API
|
|
# - 3000: Web UI
|
|
# - 2019: Admin endpoint
|
|
port = 8888;
|
|
in
|
|
{
|
|
users.groups.pocket-id = {
|
|
gid = userIds.pocket-id.gid;
|
|
};
|
|
|
|
users.users.pocket-id = {
|
|
uid = userIds.pocket-id.uid;
|
|
isSystemUser = true;
|
|
description = "System User for Pocket ID";
|
|
group = "pocket-id";
|
|
};
|
|
|
|
virtualisation.oci-containers.containers.pocket-id = mkContainer {
|
|
image = "ghcr.io/pocket-id/pocket-id";
|
|
dependsOn = [];
|
|
hostName = "auth";
|
|
port = port;
|
|
public = false;
|
|
domain = blazestar;
|
|
homepageOpts = {
|
|
group = "Infra";
|
|
name = "Pocket ID";
|
|
icon = "pocket-id";
|
|
description = "Pocket ID Auth Server";
|
|
};
|
|
volumes = [
|
|
"/tank/pocket-id/data:/app/backend/data"
|
|
];
|
|
environment = {
|
|
PUBLIC_APP_URL = "https://auth.${blazestar}";
|
|
# Whether the app is behind a reverse proxy.
|
|
TRUST_PROXY = "false";
|
|
CADDY_PORT = toString port;
|
|
# PORT = "3000"; # Frontend port
|
|
# BACKEND_PORT = "8080"; # Backend port
|
|
PUID = toString userIds.pocket-id.uid;
|
|
PGID = toString userIds.pocket-id.gid;
|
|
};
|
|
};
|
|
}
|