update podman config

This commit is contained in:
Tigor Hutasuhut 2024-06-12 22:56:21 +07:00
parent e4c0b2380b
commit 29f748adfd
4 changed files with 65 additions and 0 deletions

View file

@ -20,6 +20,14 @@
fullName = lib.mkOption { fullName = lib.mkOption {
type = lib.types.str; type = lib.types.str;
}; };
uid = lib.mkOption {
type = lib.types.int;
default = 1000;
};
gid = lib.mkOption {
type = lib.types.int;
default = 100;
};
getty.autoLogin = lib.mkEnableOption "auto-login to getty"; getty.autoLogin = lib.mkEnableOption "auto-login to getty";
}; };

View file

@ -2,5 +2,9 @@
{ {
options.profile.podman = { options.profile.podman = {
enable = lib.mkEnableOption "podman"; enable = lib.mkEnableOption "podman";
caddy.enable = lib.mkOption {
type = lib.types.bool;
default = true;
};
}; };
} }

41
system/podman/caddy.nix Normal file
View file

@ -0,0 +1,41 @@
{ config, lib, pkgs, ... }:
let
user = config.profile.user;
podman = config.profile.podman;
cache = "/home/${user.name}/.cache/podman/caddy";
in
{
config = lib.mkIf (podman.enable && podman.caddy.enable) {
system.activationScripts.podman-caddy = ''
mkdir -p ${cache}
chown -R ${config.profile.user.name} ${cache}
'';
# https://fictionbecomesfact.com/caddy-container
systemd.services.create-caddy-network = with config.virtualisation.oci-containers; {
serviceConfig.Type = "oneshot";
wantedBy = [ "${backend}-caddy.service" ];
script = ''${pkgs.podman}/bin/podman network exists caddy || ${pkgs.podman}/bin/podman network create caddy'';
};
virtualisation.oci-containers.containers = {
caddy = {
image = "lucaslorentz/caddy-docker-proxy:ci-alpine";
environment = {
TZ = "Asia/Jakarta";
};
ports = [ "80:80" "443:443" ];
autoStart = true;
volumes = [
"/run/user/${toString(user.uid)}/podman/podman.sock:/var/run/docker.sock:z"
"${cache}:/data"
];
extraOptions = [
"--network=caddy"
];
labels = {
"caddy" = "cockpit.tigor.web.id";
"caddy.reverse_proxy" = "hosts.container.internal:9090";
};
};
};
};
}

View file

@ -10,11 +10,23 @@ in
podman-compose # start group of containers for dev podman-compose # start group of containers for dev
]; ];
virtualisation.containers.enable = true;
virtualisation.oci-containers.backend = "podman";
virtualisation.podman = { virtualisation.podman = {
enable = true; enable = true;
dockerSocket.enable = true; dockerSocket.enable = true;
autoPrune.enable = true; # Default weekly autoPrune.enable = true; # Default weekly
dockerCompat = true; dockerCompat = true;
defaultNetwork.settings.dns_enabled = true;
};
# https://madison-technologies.com/take-your-nixos-container-config-and-shove-it/
networking.firewall.interfaces.podman1 = {
allowedUDPPorts = [ 53 ]; # this needs to be there so that containers can look eachother's names up over DNS
}; };
}; };
imports = [
./caddy.nix
];
} }