From c544c417458abb63202980283b6a21aa4ddea43e Mon Sep 17 00:00:00 2001
From: niten <niten@fudo.org>
Date: Sat, 20 Jan 2024 11:25:09 -0800
Subject: [PATCH] Iniital checkin

---
 lemmy-container.nix | 114 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 114 insertions(+)
 create mode 100644 lemmy-container.nix

diff --git a/lemmy-container.nix b/lemmy-container.nix
new file mode 100644
index 0000000..3f56a90
--- /dev/null
+++ b/lemmy-container.nix
@@ -0,0 +1,114 @@
+{ config, lib, pkgs, ... }@toplevel:
+
+with lib;
+let
+  cfg = config.services.lemmyContainer;
+
+  lemmyImage = { ... }:
+    { pkgs, ... }: {
+      project.name = "lemmy";
+      networks = {
+        internal_network.internal = true;
+        external_network.internal = false;
+      };
+
+      docker-compose.volumes = {
+        postgres-data = { };
+        lemmy-data = { };
+      };
+
+      services = {
+        lemmy = { pkgs, ... }: {
+          service = {
+            restart = "always";
+            volumes = [
+              "postgres-data:/var/lib/postgres/data"
+              "pictrs-data:/var/lib/pict-rs"
+            ];
+            ports = "${toString cfg.port}:80";
+            networks = [ "internal_network" "internal_network" ];
+          };
+          nixos = {
+            useSystemd = {
+              boot.tmp.useTmpfs = true;
+              system.nssModules = mkForce [ ];
+              services = {
+                nscd.enable = false;
+                postgresql.enable = true;
+                pict-rs.enable = true;
+                lemmy = {
+                  enable = true;
+                  database.createLocally = true;
+                  adminPasswordFile = cfg.admin-password-file;
+                  nginx.enable = true;
+                  settings = {
+                    email = {
+                      smtp_server = cfg.smtp.server;
+                      smtp_from_address = "noreply@${cfg.hostname}";
+                    };
+                    hostname = cfg.hostname;
+                    setup.site_name = cfg.site-name;
+                  };
+                };
+                nginx = {
+                  recommendedGzipSettings = true;
+                  recommendedOptimisation = true;
+                  recommendedProxySettings = true;
+                  commonHttpConfig = ''
+                    log_format with_response_time '$remote_addr - $remote_user [$time_local] '
+                                 '"$request" $status $body_bytes_sent '
+                                 '"$http_referer" "$http_user_agent" '
+                                 '"$request_time" "$upstream_response_time"';
+                    access_log /var/log/nginx/access.log with_response_time;
+                  '';
+                };
+              };
+            };
+          };
+        };
+      };
+    };
+in {
+  options.services.lemmy-container = with types; {
+    enable = mkEnableOption "Enable Lemmy server in a Podman container.";
+
+    hostname = mkOption {
+      type = str;
+      description = "Host of the Lemmy server.";
+    };
+
+    port = mkOption {
+      type = port;
+      description = "Port on which to listen for requests.";
+      default = 1234;
+    };
+
+    site-name = mkOption {
+      type = str;
+      description = "Name of the Lemmy site.";
+    };
+
+    admin-password-file = mkOption {
+      type = str;
+      description = "Path to a file containing the administrator password.";
+    };
+  };
+
+  config = mkIf cfg.enable {
+    virtualisation.arion.projects.lemmy.settings = let image = lemmyImage { };
+    in { imports = [ image ]; };
+
+    services.nginx = {
+      enable = true;
+      virtualHosts."${cfg.hostname}" = {
+        enableACME = true;
+        forceSSL = true;
+        locations."/" = {
+          proxyPass = "http://127.0.0.1:${toString cfg.port}/";
+          proxyWebsockets = true;
+          recommendedProxySettings = true;
+        };
+      };
+    };
+  };
+}