{ pkgs, lib, config, ... }: let enabled = config.mod.romm.enable; nginxEnabled = config.mod.nginx.enable; configFile = pkgs.writeText "romm-config.yml" '' filesystem: skip_hash_calculation: false exclude: roms: single_file: extensions: - xml - txt - nfo - dat - jpg - png names: - '._*' - 'Thumbs.db' - '.DS_Store' ''; in { options = { mod.romm = { enable = lib.mkEnableOption "Enable romm module"; }; }; config = lib.mkIf enabled { mod.homepage.services = [ { name = "RomM"; port = 8085; description = "ROM library manager"; } ]; systemd.tmpfiles.rules = [ "d /var/lib/romm 0755 root root -" "d /var/lib/romm/db 0755 root root -" "d /var/lib/romm/redis 0755 999 1000 -" "d /var/lib/romm/resources 0755 root root -" "d /var/lib/romm/assets 0755 root root -" ]; systemd.services.romm-net = { description = "Create Podman network for RomM"; after = [ "podman.service" ]; requires = [ "podman.service" ]; before = [ "podman-romm.service" "podman-romm-db.service" "podman-romm-redis.service" ]; requiredBy = [ "podman-romm.service" "podman-romm-db.service" "podman-romm-redis.service" ]; serviceConfig = { Type = "oneshot"; RemainAfterExit = true; ExecStart = pkgs.writeShellScript "romm-net-create" '' ${pkgs.podman}/bin/podman network exists romm-net \ || ${pkgs.podman}/bin/podman network create romm-net ''; ExecStop = "${pkgs.podman}/bin/podman network rm -f romm-net"; }; }; virtualisation.oci-containers = { backend = "podman"; containers.romm-db = { image = "mariadb:latest"; environment = { MARIADB_DATABASE = "romm"; MARIADB_USER = "romm"; }; environmentFiles = [ config.age.secrets.romm-db-password.path ]; volumes = [ "/var/lib/romm/db:/var/lib/mysql" ]; extraOptions = [ "--network=romm-net" ]; }; containers.romm-redis = { image = "redis:alpine"; volumes = [ "/var/lib/romm/redis:/data" ]; extraOptions = [ "--network=romm-net" "--user=root" ]; }; containers.romm = { image = "rommapp/romm:latest"; dependsOn = [ "romm-db" "romm-redis" ]; environment = { DB_HOST = "romm-db"; DB_PORT = "3306"; DB_NAME = "romm"; DB_USER = "romm"; REDIS_HOST = "romm-redis"; REDIS_PORT = "6379"; ROMM_AUTH_ENABLED = "true"; }; environmentFiles = [ config.age.secrets.romm-auth-secret-key.path config.age.secrets.romm-db-password.path config.age.secrets.romm-metadata-api-keys.path ]; ports = [ "127.0.0.1:8086:8080" ]; volumes = [ "${configFile}:/romm/config/config.yml:ro" "/mnt/media/public/games:/romm/library" "/var/lib/romm/resources:/romm/resources" "/var/lib/romm/assets:/romm/assets" ]; extraOptions = [ "--network=romm-net" ]; }; }; services.nginx = lib.mkIf nginxEnabled { virtualHosts."romm-local" = { listen = [ { addr = "0.0.0.0"; port = 8085; } ]; extraConfig = '' client_max_body_size 0; ''; locations."/" = { proxyPass = "http://127.0.0.1:8086"; proxyWebsockets = true; }; }; virtualHosts."romm.ppp.pm" = { forceSSL = true; useACMEHost = "romm.ppp.pm"; extraConfig = '' client_max_body_size 0; ''; locations."/" = { proxyPass = "http://127.0.0.1:8086"; proxyWebsockets = true; }; }; }; boot.kernel.sysctl."net.ipv4.ip_forward" = 1; networking.firewall.allowedTCPPorts = [ 8085 ]; age.secrets = { "romm-auth-secret-key" = { file = ../../../../secrets/manatee/romm-auth-secret-key.age; owner = "root"; group = "root"; }; "romm-db-password" = { file = ../../../../secrets/manatee/romm-db-password.age; owner = "root"; group = "root"; }; "romm-metadata-api-keys" = { file = ../../../../secrets/manatee/romm-metadata-api-keys.age; owner = "root"; group = "root"; }; }; }; }