dotfiles/nixos/boxes/vpsfree1/fossil.nix

{ config, pkgs, inputs, lib, ... }:
let
  port = 8081;
  domain = "fossil.cyplo.dev";
  baseurl = "https://${domain}";
  path = "/var/lib/fossil";
in {
  imports = [ ../nginx.nix ];

  services.nginx = {
    virtualHosts = {
      "${domain}" = {
        forceSSL = true;
        enableACME = true;
        locations."/" = { proxyPass = "http://localhost:" + toString port; };
      };
    };
  };

  containers.fossil = {
    autoStart = true;
    forwardPorts = [{
      containerPort = port;
      hostPort = port;
    }];
    bindMounts = {
      "${path}" = {
        hostPath = "${path}";
        isReadOnly = false;
      };
    };
    config = { config, pkgs, ... }:
      let
        user = "fossil";
        group = "fossil";
      in {
        system.stateVersion = "23.05";
        environment.systemPackages = [ pkgs.fossil ];
        users.groups = { "${group}" = { }; };
        users.users = {
          fossil = {
            inherit group;
            description = "Fossil Service";
            home = path;
            useDefaultShell = true;
            isSystemUser = true;
          };
        };

        systemd.tmpfiles.rules = [ "d '${path}' 0770 ${user} ${group} - -" ];
        systemd.services.fossil = {
          description = "fossil server";
          after = [ "network-online.target" ];
          wantedBy = [ "multi-user.target" ];
          path = [ pkgs.fossil pkgs.git ];

          serviceConfig = {
            User = user;
            Group = group;
            WorkingDirectory = path;
            ReadWritePaths = [ path ];
            ExecStart = "${pkgs.fossil}/bin/fossil server" + " --localhost"
              + " --https" + " --port ${toString port}"
              + " --baseurl ${baseurl}" + " --repolist ${path}";
            Restart = "always";
            RestartSec = 3;
          };
        };
      };
  };
}