Setup PsiTransfer as an oci-container

modules/hosts/nixos/nixnuc/containers/psitransfer.nix

@@ -0,0 +1,32 @@
+{ config, ... }: let
+  volume_base = "/orico/psitransfer";
+  http_port = "3000";
+  psitransfer_dot_env = "${config.sops.secrets.psitransfer_dot_env.path}";
+in {
+
+  #############################################################################
+  # My intent as of now is to only make this available to the outside world   #
+  # on an as-needed basis, maybe via Tailscale Funnel.                        #
+  # For example: $ tailscale funnel localhost:3000                            #
+  #############################################################################
+
+  sops.secrets.psitransfer_dot_env = {
+    sopsFile = ../secrets.yaml;
+    restartUnits = [
+      "podman-psitransfer.service"
+    ];
+  };
+
+  virtualisation.oci-containers.containers = {
+    "psitransfer" = {
+      autoStart = true;
+      image = "psitrax/psitransfer";
+      environmentFiles = [ psitransfer_dot_env ];
+      ports = [ "${http_port}:3000" ];
+      volumes = [
+        "${volume_base}/data:/data"
+      ];
+    };
+  };
+}
+

modules/hosts/nixos/nixnuc/default.nix

@@ -2,6 +2,7 @@
   imports = [
     ./hardware-configuration.nix
     ./containers/audiobookshelf.nix
+    ./containers/psitransfer.nix
     ./containers/nginx-proxy.nix
     ../../../system/common/linux/restic.nix
   ];
@@ -51,6 +52,7 @@
     firewall.allowedTCPPorts = [
       22 # ssh
       80 # http to local Nginx
+      3000 # PsiTransfer in oci-container
       8080 # Tandoor in podman compose
       8090 # Wallabag in podman compose
       13378 # Audiobookshelf in oci-container

modules/hosts/nixos/nixnuc/secrets.yaml

@@ -1,6 +1,7 @@
 tailscale_key: ENC[AES256_GCM,data:aB3KUD4QYm+ZDrjjLcU3gQ8kneVGkVYBsrkVcioOhxunal2FekLDrpKxJwNXuiwx2M5vipnGAEPO,iv:e+tPPfVYkv4U0KRGwspWb1O3ZQom/WFFGm9H9cd/KKE=,tag:ZG5z1C18bj1L7DcGzunQ0w==,type:str]
 local_git_config: ENC[AES256_GCM,data:Nqwog5C4wnRzNoS4oqaYQ4J1DIj7fUL1y/nXESquR0N7KQ+ebhvuJnM=,iv:Q6o45LZStS3k8iO7s2P6u7OrKFu5alplshZuGgeRKmk=,tag:NcLJrI9AK4eDroODX15lcA==,type:str]
 local_private_env: ENC[AES256_GCM,data:qOPXTS2uo/1jyVEKCtBvuK/dzZaPf1K5tHuSVF2hBg4fdPYIsDPkM108cGVxJviebB3xVZejn/JVOdUDXQj6,iv:TtyMTOJXaPUrbSaAdtMaGPBlwLl/Y/IBYVCzhhiZozY=,tag:hUyVL8xk3w1iMwNAZw5QUw==,type:str]
+psitransfer_dot_env: ENC[AES256_GCM,data:bhvU0AOCjecZ62BtLw4H1DdkLeatI+uUl6L7UkdDRkBF3sayO45Z1eR4q60tflXucyTGhT8WgKFz53I+C2dn265wzojIRc3Xr4TBLyWpfJ7/dct40SckgUiRvOnrefiriWQ=,iv:DGMhDkzgeupzzTJnCdVWDPUSo2wxI3MAypKQwVfHExE=,tag:KbteGqrkqgj2XB1lvlk/yQ==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -16,8 +17,8 @@ sops:
             bHZlNTZDV2NYU1hQQy9mem80SFF6TFkKfmjkJBfTdh0vTtGaVx1t3tHJvSsAwdYD
             PF025X9U+yG2oIopwXEVBkxcD70eyuJn3OqH0xoVLBkbhNM9i8LHrA==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-12-21T01:11:58Z"
-    mac: ENC[AES256_GCM,data:Yr41oSVmHr6UJ5H9tSTq5Cv5yZJH3Mfi7QQowJ6uu/L9WO4Ehjij3z7WGhsYk3EQvZjH0C2pcFKZY4ldaMLJNGN3pn0xmIvs3H4KIpVcmJLbPjUzRguCDV4ETSrBcB1z6IF1YPnCzUGmGWLkEePIZmeVvXMkBvKWITXzm9ApCHM=,iv:crQ9DBzq3btjrTZt+Pcch+evJszzVmokLM4pyRhGTo8=,tag:6GfDtzoCdFMw65VWL4CU/A==,type:str]
+    lastmodified: "2024-04-12T12:45:07Z"
+    mac: ENC[AES256_GCM,data:SdLYmMEPe3UilHiSifRvLYFd9gJR7KlmcaGtkKB5X+Xj94KMALsfrU0NsRmrlMr5XGYSwhBIaJrgz9RPFUu5VmG1Lli2K8D8QNyc/qSr7AHTWU9uBFfmFJEau0VyD6oFmi/nJPObwJlTfoUn5H7BU0jCFjNnsf1BYHXS8Qafh4Y=,iv:vEwboA3iz/6tHpWh5ZQhkok9ZAOGXf1WHI+6VrR4fnA=,tag:lfTIRhg99Vs57hFQE/n84g==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.8.1