switched navidrome to podman

modules/navidrome.nix

@@ -1,39 +1,55 @@
-{ ... }:
+{ config, ... }:
 let
+  cfg = import ./vars.nix;
   domain = "music.mc-fucker.cool";
+  port = cfg.navidrome.port;
 in
 {
 
-  #nixpkgs.config.packageOverrides = pkgs:
-  #{
-  #  navidrome = pkgs.callPackage ../packages/navidrome {};
-  #};
+  imports = [
+    ./nginx.nix
+  ];
 
-  services.navidrome = {
-    enable = true;
-    settings = {
-      MusicFolder = "/mnt/genc/Musik";
+  sops.secrets."navidrome" = {};
+
+  virtualisation.oci-containers.containers.navidrome = {
+    image = "docker.io/deluan/navidrome";
+    environment = {
+      TZ = "Europe/Berlin";
+      ND_SESSIONTIMEOUT = "336h";
     };
+    environmentFiles = [ config.sops.secrets.navidrome.path ];
+    ports = [
+      "${port}:${port}"
+    ];
+    volumes = [
+      "/var/lib/navidrome:/data"
+      "/mnt/mergerfs/media/music:/music:ro"
+    ];
+    extraOptions = cfg.podman.extraOptions;
+    autoStart = false;
   };
+
   services.nginx.virtualHosts."${domain}" = {
     forceSSL = true;
     enableACME = true;
     locations."/" = {
-      proxyPass = "http://localhost:4533";
+      proxyPass = "http://127.0.0.1:${port}";
+      extraConfig = ''
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Forwarded-Protocol $scheme;
+        proxy_set_header X-Forwarded-Host $http_host;
+        proxy_buffering off;
+      '';
     };
     extraConfig = ''
       access_log  /var/log/nginx/${domain}_access.log;
       error_log   /var/log/nginx/${domain}_error.log;
     '';
   };
-  systemd.services.navidrome = {
-    # fixes failing DNS lookup
-    serviceConfig.BindReadOnlyPaths = [ "/etc" ];
-    after = [ "genc_mount.service" ];
-    serviceConfig = {
-      Restart = "on-failure";
-      RestartSec = "5s";
-    };
-  };
+
 }
 # vim: set et ts=2 sw=2 ai: