update: system update & refactor

# Breaking Changes - sops location movod to "system/dev/<dev-name>/sops/sops-conf.nix" - flake devices declaration changes - whole flake update
2025-10-14 16:49:03 +08:00 · 2025-10-14 16:49:03 +08:00 · 6a71b601f5
commit 6a71b601f5
parent 321f740af0
116 changed files with 2576 additions and 3634 deletions
--- a/system/modules/docmost.nix
+++ b/system/modules/docmost.nix
@ -0,0 +1,86 @@
+{
+  fqdn ? null,
+  port ? 32000,
+  https ? true,
+  openFirewall ? false,
+  extraConf ? { },
+  envFile ? null,
+}:
+{
+  lib,
+  config,
+  ...
+}:
+let
+  inherit (lib) optionalString mkIf;
+in
+{
+  networking.firewall.allowedTCPPorts = mkIf openFirewall [
+    port
+  ];
+
+  services.redis.servers."docmost" = {
+    enable = true;
+    port = 32001;
+  };
+
+  services.postgresql = {
+    ensureDatabases = [ "docmost" ];
+    ensureUsers = [
+      {
+        name = "docmost";
+        ensureDBOwnership = true;
+      }
+    ];
+  };
+
+  virtualisation.oci-containers = {
+    backend = lib.mkDefault "docker";
+    containers = {
+      docmost = {
+        image = "docmost/docmost:latest";
+        environment = (
+          {
+            PORT = "${toString port}";
+            APP_URL = "${
+              if (fqdn != null) then
+                "${if https then "https" else "http"}://${fqdn}"
+              else
+                "http://localhost:${toString port}"
+            }";
+            DATABASE_URL = "postgresql://docmost@docmost?schema=public&host=/var/run/postgresql";
+            REDIS_URL = "redis://localhost:${toString config.services.redis.servers.docmost.port}";
+          }
+          // extraConf
+        );
+        extraOptions = [
+          "--network=host"
+          "${optionalString (envFile != null) "--env-file=${envFile}"}"
+        ];
+        volumes = [
+          "/var/run/postgresql:/var/run/postgresql"
+          "docmost:/app/data/storage"
+        ];
+      };
+    };
+  };
+
+  services.nginx = {
+    enable = lib.mkDefault true;
+    enableReload = lib.mkDefault true;
+    recommendedGzipSettings = lib.mkDefault true;
+    recommendedOptimisation = lib.mkDefault true;
+    recommendedTlsSettings = lib.mkDefault true;
+    recommendedProxySettings = lib.mkDefault true;
+    virtualHosts = lib.mkIf (fqdn != null) {
+      "${fqdn}" = {
+        enableACME = lib.mkIf https true;
+        forceSSL = lib.mkIf https true;
+        locations."/" = {
+          proxyPass = "http://localhost:${toString port}";
+          proxyWebsockets = true;
+        };
+      };
+    };
+  };
+}