{ config, ... }: let secretFilePath = ../secrets.yaml; in { sops.secrets."swiftshare/ghcr-token".sopsFile = secretFilePath; sops.secrets."swiftshare/database-password".sopsFile = secretFilePath; sops.secrets."swiftshare/oauth-discord-client-secret".sopsFile = secretFilePath; sops.secrets."swiftshare/oauth-github-client-secret".sopsFile = secretFilePath; sops.secrets."swiftshare/auth-secret".sopsFile = secretFilePath; sops.secrets."swiftshare/oauth-google-client-id".sopsFile = secretFilePath; sops.secrets."swiftshare/oauth-google-client-secret".sopsFile = secretFilePath; sops.secrets."swiftshare/smtp-pass".sopsFile = secretFilePath; sops.secrets."swiftshare/minio-access-key".sopsFile = secretFilePath; sops.secrets."swiftshare/minio-secret-key".sopsFile = secretFilePath; # Docker `--env-file` expects `KEY=value`. Separate snippets for DB/MinIO so only `swiftshare.env` hits the app container. sops.templates."swiftshare-postgres.env" = { content = '' POSTGRES_PASSWORD=${config.sops.placeholder."swiftshare/database-password"} ''; }; sops.templates."swiftshare-minio.env" = { content = '' MINIO_ROOT_USER=${config.sops.placeholder."swiftshare/minio-access-key"} MINIO_ROOT_PASSWORD=${config.sops.placeholder."swiftshare/minio-secret-key"} ''; }; sops.templates."swiftshare.env" = { content = '' DATABASE_URL=postgresql://swiftshare:${config.sops.placeholder."swiftshare/database-password"}@swiftshare-db:5432/swiftshare AUTH_SECRET=${config.sops.placeholder."swiftshare/auth-secret"} AUTH_DISCORD_SECRET=${config.sops.placeholder."swiftshare/oauth-discord-client-secret"} AUTH_GITHUB_SECRET=${config.sops.placeholder."swiftshare/oauth-github-client-secret"} AUTH_GOOGLE_SECRET=${config.sops.placeholder."swiftshare/oauth-google-client-secret"} AUTH_GOOGLE_ID=${config.sops.placeholder."swiftshare/oauth-google-client-id"} SMTP_PASS=${config.sops.placeholder."swiftshare/smtp-pass"} STORAGE_ACCESS_KEY=${config.sops.placeholder."swiftshare/minio-access-key"} STORAGE_SECRET_KEY=${config.sops.placeholder."swiftshare/minio-secret-key"} ''; }; services.swiftshare = { enable = true; app = { image = "ghcr.io/olivierchiasson/swiftshare:main"; ghcr = { username = "olivierchiasson"; passwordFile = config.sops.secrets."swiftshare/ghcr-token".path; }; origin = "https://swiftshare.cloud"; port = 3000; uploadBodySizeLimit = "100mb"; disableTelemetry = true; environmentFiles = [ config.sops.templates."swiftshare.env".path ]; }; database = { user = "swiftshare"; #password = ""; # Defined in sops.templates."swiftshare-postgres.env" name = "swiftshare"; environmentFiles = [ config.sops.templates."swiftshare-postgres.env".path ]; #exposePort.enable = true; }; auth = { #secret = ""; discord = { clientId = "1400660345068191855"; #clientSecret = ""; # Defined in sops.templates."swiftshare.env" }; # GitHub OAuth App (https://github.com/settings/developers) — replace placeholders. github = { clientId = "Ov23lifcVKR6B1iYDicU"; #clientSecret = ""; # Defined in sops.templates."swiftshare.env" }; # Google Cloud OAuth 2.0 client — replace placeholders. #google = { # clientId = ""; # Defined in sops.templates."swiftshare.env" # clientSecret = ""; # Defined in sops.templates."swiftshare.env" #}; # SMTP for Better Auth email verification / password reset. smtp = { host = "smtp.purelymail.com"; port = 465; secure = true; user = "noreply@swiftshare.cloud"; #pass = ""; # Defined in sops.templates."swiftshare.env" from = "noreply@swiftshare.cloud"; }; }; minio = { #accessKey = ""; # Defined in sops.templates."swiftshare-minio.env" #secretKey = ""; # Defined in sops.templates."swiftshare-minio.env" bucketName = "swiftshare-assets"; environmentFiles = [ config.sops.templates."swiftshare-minio.env".path ]; }; umami = { websiteId = "b4e1240d-a9d8-4075-b64d-0d3e0329cac8"; scriptUrl = "https://analytics.chiasson.cloud/script.js"; }; }; }