2 files changed, 61 insertions, 0 deletions

diff --git a/modules/by-name/co/constants/module.nix b/modules/by-name/co/constants/module.nix
index 3de9608..b94020b 100644
--- a/modules/by-name/co/constants/module.nix
+++ b/modules/by-name/co/constants/module.nix
@@ -55,6 +55,7 @@
       grocy = 341;
       anubis = 342;
       postfix-tlspol = 343;
+      rocie = 344;
 
       # As per the NixOS file, the uids should not be greater or equal to 400;
     };
@@ -94,6 +95,7 @@
         systemd-coredump # matches systemd-coredump user
         resolvconf # This group is not matched to an user?
         stalwart-mail-certificates # This group is used to connect nginx and stalwart-mail
+        rocie
         ;
 
       # The gid should match the uid. Thus should not be >= 400;
diff --git a/modules/by-name/ro/rocie/module.nix b/modules/by-name/ro/rocie/module.nix
new file mode 100644
index 0000000..1e419b8
--- /dev/null
+++ b/modules/by-name/ro/rocie/module.nix
@@ -0,0 +1,59 @@
+{
+  config,
+  lib,
+  ...
+}: let
+  cfg = config.vhack.rocie;
+  data = "/var/lib/rocie";
+in {
+  options.vhack.rocie = {
+    enable = lib.mkEnableOption "Rocie integration into vhack.eu";
+
+    domain = lib.mkOption {
+      type = lib.types.str;
+      description = "The domain where to deploy rocie";
+    };
+
+    loginSecret = lib.mkOption {
+      type = lib.types.path;
+      description = "The age encrypted secret file for rocie, passed to agenix";
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    rocie = {
+      enable = true;
+      inherit (cfg) domain;
+
+      dbPath = "${data}/database.db";
+
+      secretKeyFile = config.age.secrets.rocie_secret.path;
+    };
+
+    vhack.persist.directories = [
+      {
+        directory = data;
+        user = "rocie";
+        group = "rocie";
+        mode = "0700";
+      }
+    ];
+
+    users = {
+      groups.rocie = {
+        gid = config.vhack.constants.ids.gids.rocie;
+      };
+      users.rocie = {
+        group = "rocie";
+        uid = config.vhack.constants.ids.uids.rocie;
+      };
+    };
+
+    age.secrets.rocie_secret = {
+      file = cfg.loginSecret;
+      mode = "700";
+      owner = "rocie";
+      group = "rocie";
+    };
+  };
+}