{pkgs, ...}: { project.name = "signal"; networks.dmz = { name = "dmz"; external = true; }; services = { mollysocket.service = { image = "ghcr.io/mollyim/mollysocket:1.3.0"; container_name = "mollysocket"; useHostStore = true; ports = [ "8020:8020" ]; command = "server"; working_dir = "/data"; labels = { "traefik.enable" = "true"; "traefik.http.routers.mollysocket.rule" = "Host(`signal.ghoscht.com`)"; "traefik.http.routers.mollysocket.entrypoints" = "websecure"; "traefik.http.services.mollysocket.loadbalancer.server.port" = "8020"; "traefik.http.routers.mollysocket.tls" = "true"; "traefik.http.routers.mollysocket.tls.certresolver" = "letsencrypt"; }; environment = { MOLLY_DB = "/data/mollysocket.db"; MOLLY_ALLOWED_ENDPOINTS = "[\"https://push.ghoscht.com\",\"*\"]"; MOLLY_ALLOWED_UUIDS = "[\"*\"]"; MOLLY_HOST = "0.0.0.0"; MOLLY_PORT = 8020; RUST_LOG = "info"; }; restart = "always"; networks = [ "dmz" ]; }; }; }