{ config, pkgs, ... }: { users.extraUsers.webserver = { uid = config.ids.uids.webserver; isSystemUser = true; description = "tlater.net web server user"; }; virtualisation.oci-containers.containers.webserver = { image = "tlaternet/webserver"; imageFile = pkgs.dockerTools.buildImage { name = "tlaternet/webserver"; tag = "latest"; contents = pkgs.tlaternet-webserver.webserver; config = let user = config.users.extraUsers.webserver; group = config.users.groups.${user.group}; uid = toString user.uid; gid = toString group.gid; in { Cmd = [ "tlaternet-webserver" ]; Volumes = { "/srv/mail" = { }; }; Env = [ "ROCKET_PORT=3002" "ROCKET_TEMPLATE_DIR=${pkgs.tlaternet-templates.templates}/browser/" ]; ExposedPorts = { "3002" = { }; }; User = "${uid}:${gid}"; }; }; ports = [ "3002:3002" ]; volumes = [ "tlaternet-mail:/srv/mail" ]; extraOptions = [ "--hostname=tlater.net" # This can change with rocket 0.5. "--stop-signal=SIGKILL" ]; }; }