pi/services/kiwix.nix

{ config, pkgs, lib, ... }:
let
  net = import ../data/network.nix;
  service_data = import ../data/services.nix;
  kiwix = service_data.kiwix;
in { 
  systemd.tmpfiles.rules = [
    "d ${kiwix.root_dir} 0755 root root - -"
    "d ${kiwix.root_dir}/data 0755 root root - -"
  ];

  virtualisation.oci-containers.containers = {
    kiwix-serve = {
      image = "ghcr.io/kiwix/kiwix-serve:3.8.2";
      ports = ["8086:8080"];
      volumes = ["${kiwix.root_dir}/:/data:ro"];
      cmd = [
        "--monitorLibrary"
        "--library" "/data/library.xml"
      ];
      environment = {
        TZ = "Europe/Berlin";
      };
      extraOptions = [
        "--memory=512m"  # Limit container to 512MB RAM
        "--memory-swap=512m"  # Disable swap usage
        "--cpus=1"  # Limit to 1 CPU core
      ];
      autoStart = true;
    };
  };

  networking.firewall = {
    allowedTCPPorts = [8086];
  };
}