rework pocket-id to be more generic

2025-07-30 10:21:32 +07:00
parent 49ed4d78c3
commit dc19d20d73
14 changed files with 169 additions and 58 deletions
--- a/modules/clan/pocket-id/default.nix
+++ b/modules/clan/pocket-id/default.nix
@@ -1,4 +1,4 @@
-{ lib, ... }:
+{ ... }:
 {
  _class = "clan.service";
  manifest.name = "pocket-id";
@@ -6,64 +6,40 @@
  manifest.categories = [ "System" ];

  roles.default = {
-    interface.options = {
-      domain = lib.mkOption {
-        type = lib.types.str;
-        default = "auth";
-        description = "";
-      };
-    };

-    perInstance =
+    perInstance.nixosModule =
      {
-        settings,
+        config,
+        pkgs,
+        lib,
        ...
      }:
      {
-        nixosModule =
-          {
-            config,
-            pkgs,
-            ...
-          }:
-          let
-            domain = "${settings.domain}.${config.networking.fqdn}";
-          in
-          {
-            clan.core.vars.generators.pocket-id = {
-              files = {
-                encryption-key = {
-                  owner = "${config.services.pocket-id.user}";
-                  group = "${config.services.pocket-id.group}";
-                  secret = true;
-                };
-              };
-              runtimeInputs = [ pkgs.pwgen ];
-              script = ''
-                pwgen -s 32 1 > $out/encryption-key
-              '';
+        clan.core.vars.generators.pocket-id = {
+          files = {
+            encryption-key = {
+              owner = "${config.services.pocket-id.user}";
+              group = "${config.services.pocket-id.group}";
+              secret = true;
            };
-            services.pocket-id = {
-              enable = true;
-              settings = {
-                ENCRYPTION_KEY_FILE = config.clan.core.vars.generators.pocket-id.files.encryption-key.path;
-                APP_ENV = "production";
-                APP_URL = "https://${domain}";
-                TRUST_PROXY = true;
-                PORT = 1411;
-
-                UI_CONFIG_DISABLED = true;
-              };
-            };
-            services.nginx.virtualHosts."${domain}" = {
-              forceSSL = true;
-              enableACME = true;
-              locations."/" = {
-                proxyPass = "http://localhost:${builtins.toString config.services.pocket-id.settings.PORT}";
-              };
-            };
-
          };
+          runtimeInputs = [ pkgs.pwgen ];
+          script = ''
+            pwgen -s 32 1 > $out/encryption-key
+          '';
+        };
+
+        clan.core.state.pocket-id.folders = [ config.services.pocket-id.dataDir ];
+
+        services.pocket-id = {
+          enable = lib.mkDefault true;
+          settings = {
+            ENCRYPTION_KEY_FILE = config.clan.core.vars.generators.pocket-id.files.encryption-key.path;
+            PORT = lib.mkDefault 1411;
+            ANALYTICS_DISABLED = lib.mkDefault true;
+            UI_CONFIG_DISABLED = lib.mkDefault true;
+          };
+        };
      };
  };
 }