grimm-nix-server/modules/puffer.nix

{ lib, config, inputs, pkgs, ... }:
let
  root_host = "grimmauld.de";
  puffer_port = 8080;
  puffer_sftp_port = 5657;
  puffer_host = "puffer.${root_host}";
in {
  services.pufferpanel = {
    enable = true;
    environment = {
      PUFFER_WEB_HOST = ":${builtins.toString puffer_port}";
      PUFFER_DAEMON_SFTP_HOST = ":${builtins.toString puffer_sftp_port}";
    };
    extraPackages = with pkgs; [ jdk17_headless ];
    extraGroups = [ "podman" "docker" ];
  };

  services.nginx = {
    enable = true;
    virtualHosts."${puffer_host}" = {
      serverName = puffer_host;
      forceSSL = true;
      useACMEHost = root_host;
      locations."/" = {
        proxyPass = "http://127.0.0.1:${builtins.toString puffer_port}";
      };
    };
  };
  security.acme.certs."${root_host}".extraDomainNames = [ puffer_host ];
  networking.firewall.allowedTCPPorts = [ puffer_sftp_port 25565 ];

  virtualisation.podman.enable = true;
  virtualisation.docker.enable = true;

}