update podman config
This commit is contained in:
parent
e4c0b2380b
commit
29f748adfd
|
|
@ -20,6 +20,14 @@
|
||||||
fullName = lib.mkOption {
|
fullName = lib.mkOption {
|
||||||
type = lib.types.str;
|
type = lib.types.str;
|
||||||
};
|
};
|
||||||
|
uid = lib.mkOption {
|
||||||
|
type = lib.types.int;
|
||||||
|
default = 1000;
|
||||||
|
};
|
||||||
|
gid = lib.mkOption {
|
||||||
|
type = lib.types.int;
|
||||||
|
default = 100;
|
||||||
|
};
|
||||||
|
|
||||||
getty.autoLogin = lib.mkEnableOption "auto-login to getty";
|
getty.autoLogin = lib.mkEnableOption "auto-login to getty";
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -2,5 +2,9 @@
|
||||||
{
|
{
|
||||||
options.profile.podman = {
|
options.profile.podman = {
|
||||||
enable = lib.mkEnableOption "podman";
|
enable = lib.mkEnableOption "podman";
|
||||||
|
caddy.enable = lib.mkOption {
|
||||||
|
type = lib.types.bool;
|
||||||
|
default = true;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
||||||
41
system/podman/caddy.nix
Normal file
41
system/podman/caddy.nix
Normal file
|
|
@ -0,0 +1,41 @@
|
||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
let
|
||||||
|
user = config.profile.user;
|
||||||
|
podman = config.profile.podman;
|
||||||
|
cache = "/home/${user.name}/.cache/podman/caddy";
|
||||||
|
in
|
||||||
|
{
|
||||||
|
config = lib.mkIf (podman.enable && podman.caddy.enable) {
|
||||||
|
system.activationScripts.podman-caddy = ''
|
||||||
|
mkdir -p ${cache}
|
||||||
|
chown -R ${config.profile.user.name} ${cache}
|
||||||
|
'';
|
||||||
|
# https://fictionbecomesfact.com/caddy-container
|
||||||
|
systemd.services.create-caddy-network = with config.virtualisation.oci-containers; {
|
||||||
|
serviceConfig.Type = "oneshot";
|
||||||
|
wantedBy = [ "${backend}-caddy.service" ];
|
||||||
|
script = ''${pkgs.podman}/bin/podman network exists caddy || ${pkgs.podman}/bin/podman network create caddy'';
|
||||||
|
};
|
||||||
|
virtualisation.oci-containers.containers = {
|
||||||
|
caddy = {
|
||||||
|
image = "lucaslorentz/caddy-docker-proxy:ci-alpine";
|
||||||
|
environment = {
|
||||||
|
TZ = "Asia/Jakarta";
|
||||||
|
};
|
||||||
|
ports = [ "80:80" "443:443" ];
|
||||||
|
autoStart = true;
|
||||||
|
volumes = [
|
||||||
|
"/run/user/${toString(user.uid)}/podman/podman.sock:/var/run/docker.sock:z"
|
||||||
|
"${cache}:/data"
|
||||||
|
];
|
||||||
|
extraOptions = [
|
||||||
|
"--network=caddy"
|
||||||
|
];
|
||||||
|
labels = {
|
||||||
|
"caddy" = "cockpit.tigor.web.id";
|
||||||
|
"caddy.reverse_proxy" = "hosts.container.internal:9090";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
@ -10,11 +10,23 @@ in
|
||||||
podman-compose # start group of containers for dev
|
podman-compose # start group of containers for dev
|
||||||
];
|
];
|
||||||
|
|
||||||
|
virtualisation.containers.enable = true;
|
||||||
|
virtualisation.oci-containers.backend = "podman";
|
||||||
virtualisation.podman = {
|
virtualisation.podman = {
|
||||||
enable = true;
|
enable = true;
|
||||||
dockerSocket.enable = true;
|
dockerSocket.enable = true;
|
||||||
autoPrune.enable = true; # Default weekly
|
autoPrune.enable = true; # Default weekly
|
||||||
dockerCompat = true;
|
dockerCompat = true;
|
||||||
|
defaultNetwork.settings.dns_enabled = true;
|
||||||
|
};
|
||||||
|
# https://madison-technologies.com/take-your-nixos-container-config-and-shove-it/
|
||||||
|
networking.firewall.interfaces.podman1 = {
|
||||||
|
allowedUDPPorts = [ 53 ]; # this needs to be there so that containers can look eachother's names up over DNS
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
|
imports = [
|
||||||
|
./caddy.nix
|
||||||
|
];
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue