dotfiles/mods/fusu-services.nix

{ pkgs, dataDir, config, inputs, system, secretsDir, ... }: let

#################################### ports ##############################
# 49388 ssh
# 8001 backup-c2vi
# 8002 backup-mom
# 8003 backup-dad
# 8004 backup-brother
# 9001 fwin vnc
# 9002 fwin rdp
# 9003 fwin ssh
# 61333 c2vi private matrix

  /**
    thanks: @melektron
    This builder creates a small shell script that wraps arion to specify
    it to operate on a specific registered arion service identified by `srv_name`.
    This can be used to manage the docker-compose functionality of an arion service
    that is defined in the NixOS system, independently from the systemctl service that 
    starts it. If you start/stop compose projects using this, you should first stop 
    the systemctl service. 
   */
  createArionServiceManager = srv_name: setup: (
    pkgs.writeShellScriptBin "manage-arion-${srv_name}" ''
      echo operating on: ${config.virtualisation.arion.projects."${srv_name}".settings.out.dockerComposeYaml}
      ${setup}
      ${pkgs.lib.getExe inputs.arion.packages."${system}".arion} --prebuilt-file ${config.virtualisation.arion.projects."${srv_name}".settings.out.dockerComposeYaml} $@
    ''
  );
  
  backupContainers = configs: builtins.listToAttrs (map (config: {
    name = config.name;
    # virtualisation.arion.projects.backup.services.settings = 
    value.service = {
        image = "restic/rest-server";
        volumes = [ "/data/backups/${config.name}:/data" ];
        ports = [ "${builtins.toString config.port}:8000" ];
        environment.OPTIONS = "--debug";
      };
  }) configs);

in {
  
  imports = [
    inputs.arion.nixosModules.arion
  ];

  environment.systemPackages = [
    (createArionServiceManager "backup" "")
    pkgs.arion

    # Do install the docker CLI to talk to podman.
    # Not needed when virtualisation.docker.enable = true;
    pkgs.docker-client

    # add all the service managers
  ];

  # Arion works with Docker, but for NixOS-based containers, you need Podman
  # since NixOS 21.05.
  virtualisation.docker.enable = false;
  virtualisation.podman.enable = true;
  virtualisation.podman.dockerSocket.enable = true;
  # https://github.com/containers/netavark/issues/274#issuecomment-4215665765
  virtualisation.containers.containersConf.settings = {
    network = {
      network_backend = "netavark";
      firewall_driver = "none";
    };
  };

  users.extraUsers.me.extraGroups = ["podman"];
  users.extraUsers.server.extraGroups = ["podman"];


  virtualisation.arion = {
    backend = "podman-socket";
  };
  
  virtualisation.arion.projects.backup.serviceName = "backup";
  virtualisation.arion.projects.backup.settings.services = backupContainers [
    { name = "c2vi"; port = 8001; }
    { name = "mom"; port = 8002; }
    { name = "dad"; port = 8003; }
    { name = "brother"; port = 8004; }
  ];

}