nixos/docuum: add module for docuum package

Co-Authored-By: Martin Weinelt <mweinelt@users.noreply.github.com>

nixos/modules/module-list.nix

@@ -330,6 +330,7 @@
   ./security/systemd-confinement.nix
   ./security/tpm2.nix
   ./security/wrappers/default.nix
+  ./services/admin/docuum.nix
   ./services/admin/meshcentral.nix
   ./services/admin/oxidized.nix
   ./services/admin/pgadmin.nix

nixos/modules/services/admin/docuum.nix

@@ -0,0 +1,45 @@
+{ config, pkgs, lib, utils, ... }:
+
+let
+  cfg = config.services.docuum;
+  inherit (lib) mkIf mkEnableOption mkOption getExe types;
+in
+{
+  options.services.docuum = {
+    enable = mkEnableOption "docuum daemon";
+
+    threshold = mkOption {
+      description = "Threshold for deletion in bytes, like `10 GB`, `10 GiB`, `10GB` or percentage-based thresholds like `50%`";
+      type = types.str;
+      default = "10 GB";
+      example = "50%";
+    };
+  };
+
+  config = mkIf cfg.enable {
+    assertions = [
+      {
+        assertion = config.virtualisation.docker.enable;
+        message = "docuum requires docker on the host";
+      }
+    ];
+
+    systemd.services.docuum = {
+      after = [ "docker.socket" ];
+      requires = [ "docker.socket" ];
+      wantedBy = [ "multi-user.target" ];
+      path = [ config.virtualisation.docker.package ];
+      environment.HOME = "/var/lib/docuum";
+
+      serviceConfig = {
+        DynamicUser = true;
+        StateDirectory = "docuum";
+        SupplementaryGroups = [ "docker" ];
+        ExecStart = utils.escapeSystemdExecArgs [
+          (getExe pkgs.docuum)
+          "--threshold" cfg.threshold
+        ];
+      };
+    };
+  };
+}