feat: initial

services/kiwix.nix

@@ -0,0 +1,36 @@
+{ config, pkgs, lib, ... }:
+let
+  net = import ../data/network.nix;
+  service_data = import ../data/services.nix;
+  kiwix = service_data.kiwix;
+in { 
+  systemd.tmpfiles.rules = [
+    "d ${kiwix.root_dir} 0755 root root - -"
+    "d ${kiwix.root_dir}/data 0755 root root - -"
+  ];
+
+  virtualisation.oci-containers.containers = {
+    kiwix-serve = {
+      image = "ghcr.io/kiwix/kiwix-serve:3.8.2";
+      ports = ["8086:8080"];
+      volumes = ["${kiwix.root_dir}/:/data:ro"];
+      cmd = [
+        "--monitorLibrary"
+        "--library" "/data/library.xml"
+      ];
+      environment = {
+        TZ = "Europe/Berlin";
+      };
+      extraOptions = [
+        "--memory=512m"  # Limit container to 512MB RAM
+        "--memory-swap=512m"  # Disable swap usage
+        "--cpus=1"  # Limit to 1 CPU core
+      ];
+      autoStart = true;
+    };
+  };
+
+  networking.firewall = {
+    allowedTCPPorts = [8086];
+  };
+}