{ config, ... }: { sops.secrets.shlink-db-password = { sopsFile = ../../secrets/shlink.yaml; }; sops.secrets.shlink-api-key = { sopsFile = ../../secrets/shlink.yaml; }; sops.templates.shlink-env = { content = '' INITIAL_API_KEY=${config.sops.placeholder.shlink-api-key} DB_PASSWORD=${config.sops.placeholder.shlink-db-password} ''; owner = "podman"; }; services.postgresql = { enable = true; ensureDatabases = [ "shlink" ]; ensureUsers = [{ name = "shlink"; ensureDBOwnership = true; ensureClauses = { login = true; password = "SCRAM-SHA-256$4096:nhQwTFK7rhy8FOrhlgDnvg==$3eB9AlBwUxK1UOiwXAlP5wzxnmKUsBpB1UTsF0cRDIo=:GmxUtrGP6haTPnhPSOL42qsuPwEHV7tME1WfBNucGrU="; }; }]; authentication = '' host shlink shlink 127.0.0.1/32 scram-sha-256 host shlink shlink ::1/128 scram-sha-256 ''; }; services.caddy.virtualHosts."ily.rs" = { extraConfig = '' redir / https://wynne.rs permanent reverse_proxy localhost:8080 encode zstd gzip ''; }; services.caddy.virtualHosts."links.ily.rs" = { extraConfig = '' import tinyauth reverse_proxy localhost:8081 encode zstd gzip ''; }; virtualisation.oci-containers.containers.shlink = { image = "shlinkio/shlink:4.4.0"; podman.user = "podman"; ports = [ "127.0.0.1:8080:8080" ]; environment = { DEFAULT_DOMAIN = "ily.rs"; IS_HTTPS_ENABLED = "true"; DB_DRIVER = "postgres"; DB_HOST = "host.containers.internal"; DB_NAME = "shlink"; DB_USER = "shlink"; PORT = "8080"; }; environmentFiles = [ config.sops.templates.shlink-env.path ]; }; # Workaround for NixOS/nixpkgs#410857 until backport of #475089 lands systemd.services.podman-shlink = { after = [ "postgresql-setup.service" ]; requires = [ "postgresql-setup.service" ]; serviceConfig.Delegate = true; }; virtualisation.oci-containers.containers.shlink-web-client = { image = "shlinkio/shlink-web-client:4.3.1"; podman.user = "podman"; ports = [ "127.0.0.1:8081:8080" ]; }; # Workaround for NixOS/nixpkgs#410857 until backport of #475089 lands systemd.services.podman-shlink-web-client.serviceConfig.Delegate = true; }