{ config, ... }: { sops = { secrets = { authKey = { sopsFile = ./secrets/zeus/romm.yaml; }; "db/root" = { sopsFile = ./secrets/zeus/romm.yaml; }; "db/user" = { sopsFile = ./secrets/zeus/romm.yaml; }; "igdb/client" = { sopsFile = ./secrets/zeus/romm.yaml; }; "igdb/secret" = { sopsFile = ./secrets/zeus/romm.yaml; }; }; templates = { "romm.env".content = '' DB_PASSWD=${config.sops.placeholder."db/user"} IGDB_CLIENT_ID=${config.sops.placeholder."igdb/client"} IGDB_CLIENT_SECRET=${config.sops.placeholder."igdb/secret"} ROMM_AUTH_SECRET_KEY=${config.sops.placeholder.authKey} ''; "romm-db.env".content = '' MYSQL_ROOT_PASSWORD=${config.sops.placeholder."db/root"} MYSQL_PASSWORD=${config.sops.placeholder."db/user"} ''; }; }; virtualisation = { containers.enable = true; podman.enable = true; oci-containers.containers = { romm = { image = "rommapp/romm:latest"; volumes = [ "romm_resources:/romm/resources" "romm_redis_data:/redis-data" "romm_library:/romm/library" "romm_assets:/romm/assets" "romm_config:/romm/config" ]; environment = { TZ = "America/New_York"; DB_HOST = "romm-db"; DB_NAME = "romm"; DB_USER = "romm-user"; }; environmentFiles = [ config.sops.templates."romm.env".path ]; labels = { swag = "enable"; swag_url = "romm.icanttype.org"; swag_port = "8080"; }; extraOptions = [ "--pull=newer" "--network=www,romm" ]; dependsOn = [ "romm-db" ]; }; romm-db = { image = "mariadb:latest"; volumes = [ "romm_maria_db:/var/lib/mysql" ]; environment = { TZ = "America/New_York"; MYSQL_DATABASE = "romm"; MYSQL_USER = "romm-user"; }; environmentFiles = [ config.sops.templates."romm-db.env".path ]; extraOptions = [ "--pull=newer" "--network=romm" ]; }; }; }; }