{ inputs, config, pkgs, lib, ... }: with lib; let # Define an option to enable/disable the flake cfg = config.services.sneedstr; DB_PATH = "/var/sneedstr"; in { options.services.sneedstr = { enable = mkEnableOption "Sneedstr Nostr relay"; host = mkOption { type = types.nullOr types.str; default = ""; description = '' domain from which the sneedstr will be acessible. ''; }; adminPubkey = mkOption { type = types.str; description = '' 'npub' of the administrator account. Must be defined! ''; }; sslEnable = mkEnableOption "Whether to enable ACME SSL for nginx proxy"; hostAddress = mkOption { type = types.nullOr types.str; default = "192.168.100.12"; description = '' Host machine ip address for nixos-container. ''; }; localAddress = mkOption { type = types.nullOr types.str; default = "192.168.100.13"; description = '' Local nixos-container ip address ''; }; }; config = mkIf cfg.enable { containers.sneedstr = { autoStart = true; privateNetwork = true; hostAddress = cfg.hostAddress; localAddress = cfg.localAddress; # hostAddress6 = "fc00::3"; # localAddress6 = "fc00::4"; ephemeral = true; bindMounts = { "${DB_PATH}" = { hostPath = "/persist${DB_PATH}"; isReadOnly = false; }; }; config = { config, pkgs, packages, ... }: { systemd.services.sneedstr = { enable = true; description = "Sneedstr Nostr relay"; environment = { DATABASE_URL = "${DB_PATH}/sneedstr.db"; ADMIN_PUBKEY = cfg.adminPubkey; }; startLimitBurst = 1; startLimitIntervalSec = 10; unitConfig = { Type = "simple"; # ... }; serviceConfig = { ExecStart = "${inputs.sneedstr.packages.x86_64-linux.default}/bin/sneedstr"; }; wantedBy = [ "multi-user.target" ]; }; system.stateVersion = "23.11"; networking = { firewall = { enable = true; allowedTCPPorts = [ 8080 8085 ]; }; # Use systemd-resolved inside the container # Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686 useHostResolvConf = lib.mkForce true; }; environment.etc."resolv.conf".text = '' nameserver 192.168.122.1 nameserver 1.1.1.1 nameserver 9.9.9.9 options edns0 ''; }; }; services.nginx.virtualHosts = { "${cfg.host}" = { addSSL = mkIf cfg.sslEnable true; enableACME = mkIf cfg.sslEnable true; http3 = true; locations."/" = { proxyPass = "http://${cfg.localAddress}:8080"; proxyWebsockets = true; # needed if you need to use WebSocket recommendedProxySettings = true; }; }; }; }; }