Rebase to flake parts #9

2026-05-10 01:45:16 -03:00
parent 34b89af77f
commit f02606902c
46 changed files with 2382 additions and 166 deletions
@@ -0,0 +1,113 @@
+{ config, ... }:
+let
+  secretFilePath = ../secrets.yaml;
+in
+{
+  sops.secrets."swiftshare/ghcr-token".sopsFile = secretFilePath;
+  sops.secrets."swiftshare/database-password".sopsFile = secretFilePath;
+  sops.secrets."swiftshare/oauth-discord-client-secret".sopsFile = secretFilePath;
+  sops.secrets."swiftshare/oauth-github-client-secret".sopsFile = secretFilePath;
+  sops.secrets."swiftshare/auth-secret".sopsFile = secretFilePath;
+  sops.secrets."swiftshare/oauth-google-client-id".sopsFile = secretFilePath;
+  sops.secrets."swiftshare/oauth-google-client-secret".sopsFile = secretFilePath;
+  sops.secrets."swiftshare/smtp-pass".sopsFile = secretFilePath;
+  sops.secrets."swiftshare/minio-access-key".sopsFile = secretFilePath;
+  sops.secrets."swiftshare/minio-secret-key".sopsFile = secretFilePath;
+
+  # Docker `--env-file` expects `KEY=value`. Separate snippets for DB/MinIO so only `swiftshare.env` hits the app container.
+  sops.templates."swiftshare-postgres.env" = {
+    content = ''
+      POSTGRES_PASSWORD=${config.sops.placeholder."swiftshare/database-password"}
+    '';
+  };
+
+  sops.templates."swiftshare-minio.env" = {
+    content = ''
+      MINIO_ROOT_USER=${config.sops.placeholder."swiftshare/minio-access-key"}
+      MINIO_ROOT_PASSWORD=${config.sops.placeholder."swiftshare/minio-secret-key"}
+    '';
+  };
+
+  sops.templates."swiftshare.env" = {
+    content = ''
+      DATABASE_URL=postgresql://swiftshare:${config.sops.placeholder."swiftshare/database-password"}@swiftshare-db:5432/swiftshare
+      AUTH_SECRET=${config.sops.placeholder."swiftshare/auth-secret"}
+      AUTH_DISCORD_SECRET=${config.sops.placeholder."swiftshare/oauth-discord-client-secret"}
+      AUTH_GITHUB_SECRET=${config.sops.placeholder."swiftshare/oauth-github-client-secret"}
+      AUTH_GOOGLE_SECRET=${config.sops.placeholder."swiftshare/oauth-google-client-secret"}
+      AUTH_GOOGLE_ID=${config.sops.placeholder."swiftshare/oauth-google-client-id"}
+      SMTP_PASS=${config.sops.placeholder."swiftshare/smtp-pass"}
+      STORAGE_ACCESS_KEY=${config.sops.placeholder."swiftshare/minio-access-key"}
+      STORAGE_SECRET_KEY=${config.sops.placeholder."swiftshare/minio-secret-key"}
+    '';
+  };
+
+  services.swiftshare = {
+    enable = true;
+
+    app = {
+      image = "ghcr.io/olivierchiasson/swiftshare:main";
+      ghcr = {
+        username = "olivierchiasson";
+        passwordFile = config.sops.secrets."swiftshare/ghcr-token".path;
+      };
+
+      origin = "https://swiftshare.cloud";
+      port = 3000;
+      uploadBodySizeLimit = "100mb";
+      disableTelemetry = true;
+      environmentFiles = [ config.sops.templates."swiftshare.env".path ];
+    };
+
+    database = {
+      user = "swiftshare";
+      #password = ""; # Defined in sops.templates."swiftshare-postgres.env"
+      name = "swiftshare";
+      environmentFiles = [ config.sops.templates."swiftshare-postgres.env".path ];
+      #exposePort.enable = true;
+    };
+
+    auth = {
+      #secret = "";
+
+      discord = {
+        clientId = "1400660345068191855";
+        #clientSecret = ""; # Defined in sops.templates."swiftshare.env"
+      };
+
+      # GitHub OAuth App (https://github.com/settings/developers) — replace placeholders.
+      github = {
+        clientId = "Ov23lifcVKR6B1iYDicU";
+        #clientSecret = ""; # Defined in sops.templates."swiftshare.env"
+      };
+
+      # Google Cloud OAuth 2.0 client — replace placeholders.
+      #google = {
+      #  clientId = ""; # Defined in sops.templates."swiftshare.env"
+      #  clientSecret = ""; # Defined in sops.templates."swiftshare.env"
+      #};
+
+      # SMTP for Better Auth email verification / password reset.
+      smtp = {
+        host = "smtp.purelymail.com";
+        port = 465;
+        secure = true;
+        user = "noreply@swiftshare.cloud";
+        #pass = ""; # Defined in sops.templates."swiftshare.env"
+        from = "noreply@swiftshare.cloud";
+      };
+    };
+
+    minio = {
+      #accessKey = ""; # Defined in sops.templates."swiftshare-minio.env"
+      #secretKey = ""; # Defined in sops.templates."swiftshare-minio.env"
+      bucketName = "swiftshare-assets";
+      environmentFiles = [ config.sops.templates."swiftshare-minio.env".path ];
+    };
+
+    umami = {
+      websiteId = "b4e1240d-a9d8-4075-b64d-0d3e0329cac8";
+      scriptUrl = "https://analytics.chiasson.cloud/script.js";
+    };
+  };
+}