Configure podman and koito

2025-06-21 19:39:41 +00:00 · 2025-06-21 19:39:41 +00:00 · a339897c48
commit a339897c48
parent 547365c5c3
6 changed files with 104 additions and 7 deletions
--- a/hosts/greatyamada/services/koito.nix
+++ b/hosts/greatyamada/services/koito.nix
@ -0,0 +1,71 @@
+{ pkgs, lib, config, ... }:
+let
+  portDefinitions = import ./_port-definitions.nix;
+  nginxLocalConfig = import ./nginx-local-config.nix;
+in {
+  virtualisation.oci-containers.containers."koito" = {
+    image = "gabehf/koito:latest";
+    environment = {
+      "KOITO_ALLOWED_HOSTS" = "koito.rcia.dev";
+      "KOITO_ENABLE_LBZ_RELAY" = "true";
+      "KOITO_LBZ_RELAY_URL" = "https://api.listenbrainz.org/1";
+    };
+    environmentFiles = [ config.sops.templates."koito.env".path ];
+    volumes = [ "/mnt/hdd-01/koito:/etc/koito:rw" ];
+    ports = [ "${toString portDefinitions.koito}:4110/tcp" ];
+    log-driver = "journald";
+    extraOptions = [ "--network-alias=koito" "--network=koito_default" ];
+  };
+  systemd.services."podman-koito" = {
+    serviceConfig = { Restart = lib.mkOverride 90 "always"; };
+    after = [ "podman-network-koito_default.service" ];
+    requires = [ "podman-network-koito_default.service" ];
+    partOf = [ "podman-compose-koito-root.target" ];
+    wantedBy = [ "podman-compose-koito-root.target" ];
+  };
+
+  services.nginx.virtualHosts."koito.rcia.dev" = {
+    locations."/".proxyPass =
+      "http://localhost:${toString portDefinitions.koito}";
+    forceSSL = true;
+    useACMEHost = "rcia.dev";
+  };
+
+  sops = {
+    secrets = {
+      "koito/database_url" = { };
+      "koito/listenbrainz_token" = { };
+    };
+    templates."koito.env".content = ''
+      KOITO_DATABASE_URL=${config.sops.placeholder."koito/database_url"}
+      KOITO_LBZ_RELAY_TOKEN=${
+        config.sops.placeholder."koito/listenbrainz_token"
+      }
+    '';
+  };
+
+  # Networks
+  systemd.services."podman-network-koito_default" = {
+    path = [ pkgs.podman ];
+    serviceConfig = {
+      Type = "oneshot";
+      RemainAfterExit = true;
+      ExecStop = "podman network rm -f koito_default";
+    };
+    script = ''
+      podman network inspect koito_default || podman network create koito_default
+    '';
+    partOf = [ "podman-compose-koito-root.target" ];
+    wantedBy = [ "podman-compose-koito-root.target" ];
+  };
+
+  # Root service
+  # When started, this will automatically create all resources and start
+  # the containers. When stopped, this will teardown all resources.
+  systemd.targets."podman-compose-koito-root" = {
+    unitConfig = { Description = "Root target generated by compose2nix."; };
+    after = [ "postgresql.service" ];
+    requires = [ "postgresql.service" ];
+    wantedBy = [ "multi-user.target" ];
+  };
+}