# Organizr — homelab dashboard (Docker). UI: http://<host>:8888
# Official image: https://github.com/organizr/docker-organizr
#
# Wizard errors like "API … /default/ not writable" are almost always host permissions on
# `/var/lib/organizr`: the first container run may leave root-owned files under `/config`.
{ lib, pkgs, ... }:
{
  users.groups.organizr = { gid = 950; };
  users.users.organizr = {
    isSystemUser = true;
    uid = 950;
    group = "organizr";
  };

  systemd.tmpfiles.settings."nix-server-organizr-config" = {
    "/var/lib/organizr"."d" = {
      mode = "0755";
      user = "organizr";
      group = "organizr";
    };
  };

  # Recursively reset ownership (handles root-owned files from an earlier container run).
  systemd.tmpfiles.settings."nix-server-organizr-config-perms" = {
    "/var/lib/organizr"."Z" = {
      mode = "0755";
      user = "organizr";
      group = "organizr";
    };
  };

  systemd.services.docker-organizr.preStart = lib.mkBefore ''
    ${pkgs.coreutils}/bin/mkdir -p /var/lib/organizr
    ${pkgs.coreutils}/bin/chown -R organizr:organizr /var/lib/organizr
  '';

  virtualisation.oci-containers.containers.organizr = {
    image = "ghcr.io/organizr/organizr:latest";
    ports = [ "8888:80" ];
    volumes = [
      "/var/lib/organizr:/config"
    ];
    environment = {
      PUID = "950";
      PGID = "950";
      TZ = "America/Moncton";
      # v2-master / master are stable v2; optional override:
      # branch = "v2-master";
    };
  };

  networking.firewall.allowedTCPPorts = [ 8888 ];
}