{ container, pkgs, config, lib, util, ... }: with lib; let cfg = config.container.module.fsight; hostConfig = config; in { options = { container.module.fsight = { enable = mkEnableOption "Fsight temporary servers."; address = mkOption { default = "10.1.0.29"; type = types.str; }; # port = mkOption { # default = 3000; # type = types.int; # }; # domain = mkOption { # default = "git.${config.container.domain}"; # type = types.str; # }; storage = mkOption { default = "${config.container.storage}/fsight"; type = types.str; }; }; }; config = mkIf cfg.enable { systemd.tmpfiles.rules = container.mkContainerDir cfg [ "git" "cloud" "postgres" ]; containers.fsight = container.mkContainer cfg { bindMounts = { "/var/lib/gitea" = { hostPath = "${cfg.storage}/git"; isReadOnly = false; }; "/var/lib/postgresql" = { hostPath = "${cfg.storage}/postgres"; isReadOnly = false; }; "/var/lib/nextcloud" = { hostPath = "${cfg.storage}/cloud"; isReadOnly = false; }; }; config = { config, ... }: container.mkContainerConfig cfg { environment.systemPackages = with pkgs; [ gitea postgresql ]; services.gitea = let domain = "fmp-git.${hostConfig.container.domain}"; in { enable = true; stateDir = "/var/lib/gitea"; database = { type = "postgres"; # host = postgre.address; # port = postgre.port; user = "gitea"; name = "gitea"; createDatabase = true; }; settings = let gcArgs = "--aggressive --no-cruft --prune=now"; gcTimeout = 600; in { "service".DISABLE_REGISTRATION = true; "log".LEVEL = "Error"; "server" = { DISABLE_SSH = true; DOMAIN = domain; HTTP_ADDR = cfg.address; ROOT_URL = "https://${domain}"; }; "ui" = { AMBIGUOUS_UNICODE_DETECTION = false; }; "service.explore" = { REQUIRE_SIGNIN_VIEW = true; }; "repository" = { DEFAULT_PRIVATE = "private"; DEFAULT_PUSH_CREATE_PRIVATE = true; }; "repository.pull-request".DEFAULT_MERGE_STYLE = "rebase"; "repository.issue".MAX_PINNED = 99999; "cron" = { ENABLED = true; RUN_AT_START = true; }; "repo-archive".ENABLED = false; "cron.update_mirrors".SCHEDULE = "@midnight"; "cron.cleanup_actions".ENABLED = true; "cron.git_gc_repos" = { ENABLED = true; SCHEDULE = "@midnight"; TIMEOUT = gcTimeout; ARGS = gcArgs; }; "git" = { GC_ARGS = gcArgs; }; "git.timeout".GC = gcTimeout; }; }; services.nextcloud = let domain = "fmp-cloud.${hostConfig.container.domain}"; in { enable = true; # package = pkgs.nextcloud29; hostName = domain; # phpOptions = { # memory_limit = lib.mkForce "20G"; # }; config = { adminuser = "root"; adminpassFile = "${pkgs.writeText "NextcloudPassword" "root"}"; # dbhost = postgres.address; dbname = "nextcloud"; dbpassFile = "${pkgs.writeText "NextcloudDbPassword" "nextcloud"}"; dbtype = "pgsql"; dbuser = "nextcloud"; }; extraApps = { inherit (config.services.nextcloud.package.packages.apps) deck notes onlyoffice; }; extraAppsEnable = true; settings = { trusted_domains = [ domain ]; trusted_proxies = [ hostConfig.container.module.proxy.address ]; allow_local_remote_servers = true; }; }; services.postgresql = let authentication = util.trimTabs '' local all all trust host all all 0.0.0.0/0 trust ''; ensureDatabases = [ "root" "gitea" "nextcloud" ]; ensureUsers = [ { name = "root"; ensureClauses = { superuser = true; createrole = true; createdb = true; }; ensureDBOwnership = true; } { name = "gitea"; ensureClauses = { createrole = true; createdb = true; }; ensureDBOwnership = true; } { name = "nextcloud"; ensureClauses = { createrole = true; createdb = true; }; ensureDBOwnership = true; } ]; in { inherit authentication ensureDatabases ensureUsers; enable = true; package = pkgs.postgresql_16; dataDir = "/var/lib/postgresql/data/16"; enableTCPIP = true; # NOTE: Debug mode. # settings = { # log_connections = true; # log_destination = lib.mkForce "syslog"; # log_disconnections = true; # log_statement = "all"; # logging_collector = true; # }; }; }; }; }; }