zion/modules/containers.nix

{
  config,
  lib,
  pkgs,
  ...
}:

{
  # Podman setup
  virtualisation = {
    containers.enable = true;
    podman = {
      enable = true;
      dockerCompat = true;
      extraPackages = with pkgs; [ zfs ];
    };

    oci-containers = {
      backend = "podman";
      containers = {
        # Openbooks configuration
        openbooks = {
          image = "evanbuss/openbooks@sha256:4fa9188885368c2303b7dc527d48b3159aaa7022010e29b3ed96842018793590";
          ports = [ "127.0.0.1:9000:80" ];
          cmd = [
            "--name"
            "bradar"
            "--searchbot"
            "searchook"
            "--persist"
            "--tls"
            "false"
          ];
        };
        # Prometheus MQTT integration
        mqtt2prometheus = {
          image = "hikhvar/mqtt2prometheus@sha256:8e166d36feaa5ddcad703eef3a2c5167a154d6eef306a40fe6509861580c0714";
          ports = [ "127.0.0.1:9641:9641" ];
          volumes = [ "/vault/mqtt2prometheus/config.yaml:/config.yaml" ];
        };
        # Podcast synchronization
        opodsync = {
          image = "ganeshlab/opodsync@sha256:32626b732fe38687a5dfd703d515136e413c4b16f286b38656718ad03f0d94c1";
          ports = [ "127.0.0.1:9090:8080" ];
          volumes = [ "/vault/opodsync:/var/www/server/data" ];
        };
        # Wallabag
        wallabag = {
          image = "wallabag/wallabag@sha256:a87160e4445e11f9bcec0f4b201c31e1eb0d201d7bcd1aac421e8f3c2b8f553c";
          environmentFiles = [ config.age.secrets.wallabag.path ];
          dependsOn = [ "postgresql" ];
          extraOptions = [ "--pod=wallabag-pod" ];
        };
        # Wallabag database
        postgresql = {
          image = "postgres:16.8@sha256:e95b0cb95f719e0ce156c2bc5545c89fbd98a1a692845a5331ddc79ea61f1b1e";
          environmentFiles = [ config.age.secrets.wallabag-postgres.path ];
          extraOptions = [ "--pod=wallabag-pod" ];
          volumes = [ "/var/lib/postgresql-wallabag:/var/lib/postgresql/data" ];
        };
      };
    };
  };
  # Allow networking between Wallabag and Postgresql
  systemd.services.create-wallabag-pod = {
    serviceConfig.Type = "oneshot";
    wantedBy = [ "podman-postgresql.service" ];
    script = with pkgs; ''
      ${podman}/bin/podman pod exists wallabag-pod || ${podman}/bin/podman pod create -n wallabag-pod -p '127.0.0.1:8090:80'
    '';
  };

  # Start services after ZFS mount
  systemd.services.podman-mqtt2prometheus.unitConfig.RequiresMountsFor = [ /vault/mqtt2prometheus ];
}