From e8d9329e8ebcc73144618687b835fd7f87532686 Mon Sep 17 00:00:00 2001 From: JuliusFreudenberger Date: Sat, 25 Apr 2026 02:32:41 +0200 Subject: [PATCH] Add containerized pocket-id module --- modules/pocket-id.nix | 58 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 58 insertions(+) create mode 100644 modules/pocket-id.nix diff --git a/modules/pocket-id.nix b/modules/pocket-id.nix new file mode 100644 index 0000000..48ac9cb --- /dev/null +++ b/modules/pocket-id.nix @@ -0,0 +1,58 @@ +{ + config, + lib, + ... +}: +let + + cfg = config.services.pocket-id-docker; + pocketidCfg = config.services.pocket-id; + version = "2.6.2"; + +in { + + options.services.pocket-id-docker = { + enable = lib.mkEnableOption "Pocket ID server hosted as OCI container"; + }; + + config = lib.mkIf cfg.enable { + virtualisation.oci-containers.containers = { + pocket-id = { + image = "ghcr.io/pocket-id/pocket-id:v${version}"; + autoStart = true; + networks = [ + "webproxy" + ]; + environment = { + APP_URL = pocketidCfg.settings.APP_URL; + TRUST_PROXY = lib.boolToString pocketidCfg.settings.TRUST_PROXY; + ANALYTICS_DISABLED = lib.boolToString pocketidCfg.settings.ANALYTICS_DISABLED; + }; + environmentFiles = [ pocketidCfg.environmentFile ]; + extraOptions = [ + ''--mount=type=volume,source=data,target=/app/data,volume-driver=local'' + "--health-cmd=/app/pocket-id healthcheck" + "--health-interval=1m30s" + "--health-timeout=5s" + "--health-retries=2" + "--health-start-period=10s" + ]; + labels = { + "traefik.enable" = "true"; + "traefik.http.routers.pocket-id.rule" = "Host(`${lib.removePrefix "https://" pocketidCfg.settings.APP_URL}`)"; + "traefik.http.routers.pocket-id.entrypoints" = "websecure"; + }; + }; + }; + + systemd.services."docker-pocket-id" = { + after = [ + "docker-traefik.service" + ]; + requires = [ + "docker-traefik.service" + ]; + }; + + }; +}