From 544ea1236dd87bd27aac54170f11ff42eb404ae1 Mon Sep 17 00:00:00 2001
From: Tigor Hutasuhut <tigor.hutasuhut@gmail.com>
Date: Wed, 12 Jun 2024 23:37:10 +0700
Subject: [PATCH] moved from podman to docker

---
 options/default.nix                           |  2 +-
 options/docker.nix                            | 10 +++++
 profiles/homeserver.nix                       |  8 +++-
 secrets/secrets.yaml                          |  6 +--
 system/default.nix                            |  3 +-
 system/docker/caddy.nix                       | 40 +++++++++++++++++++
 .../docker.nix => docker/default.nix}         |  6 +++
 system/modules/default.nix                    |  1 -
 8 files changed, 68 insertions(+), 8 deletions(-)
 create mode 100644 options/docker.nix
 create mode 100644 system/docker/caddy.nix
 rename system/{modules/docker.nix => docker/default.nix} (50%)

diff --git a/options/default.nix b/options/default.nix
index f9e506b..1486c43 100644
--- a/options/default.nix
+++ b/options/default.nix
@@ -3,6 +3,7 @@
   imports = [
     ./programs.nix
     ./hyprland.nix
+    ./docker.nix
     ./podman.nix
   ];
   options.profile = {
@@ -49,7 +50,6 @@
     android.enable = lib.mkEnableOption "android";
     avahi.enable = lib.mkEnableOption "avahi";
     bluetooth.enable = lib.mkEnableOption "bluetooth";
-    docker.enable = lib.mkEnableOption "docker";
     flatpak.enable = lib.mkEnableOption "flatpak";
     gnome.enable = lib.mkEnableOption "gnome";
     kde.enable = lib.mkEnableOption "kde";
diff --git a/options/docker.nix b/options/docker.nix
new file mode 100644
index 0000000..4af3501
--- /dev/null
+++ b/options/docker.nix
@@ -0,0 +1,10 @@
+{ lib, ... }:
+{
+  options.profile.docker = {
+    enable = lib.mkEnableOption "docker";
+    caddy.enable = lib.mkOption {
+      type = lib.types.bool;
+      default = true;
+    };
+  };
+}
diff --git a/profiles/homeserver.nix b/profiles/homeserver.nix
index 57670aa..c7977ca 100644
--- a/profiles/homeserver.nix
+++ b/profiles/homeserver.nix
@@ -18,12 +18,16 @@
     security.sudo.wheelNeedsPassword = false;
 
     podman = {
-      enable = true;
+      enable = false;
     };
     openssh.enable = true;
     go.enable = true;
     networking.firewall.enable = true;
     networking.firewall.allowedTCPPorts = [ 80 443 ];
-    cockpit.enable = true;
+    cockpit.enable = false;
+    docker = {
+      enable = true;
+      caddy.enable = true;
+    };
   };
 }
diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml
index 4410b40..848cfcb 100644
--- a/secrets/secrets.yaml
+++ b/secrets/secrets.yaml
@@ -7,7 +7,7 @@ spotify:
     password: ENC[AES256_GCM,data:Yf2NCLuXVd28kPCHLLc=,iv:Ip4tAMOW5h8TPKavB7pTMt/ojtCq1wxw3Syhey4dGQI=,tag:b2FGiXAo66S6goiH43NQBA==,type:str]
 copilot: ENC[AES256_GCM,data:wxevVVvWYQv5iGH5I4BldwBJWMwL2BYH2b5GbemzbZRhTzNkgvNovQ2fE9gWqBginQwW5TSLgIHJnAqCYEokS26jOHXI7c1r2C1CKEp44AIwD2wb61KACH4nFCa71Blx/w==,iv:QvcwaasP8sVz8qdRWdt3aAMXV+E9eMotc74ARsSRLbw=,tag:OiktpnOw2UovNod3W41zZQ==,type:str]
 docker:
-    config: ENC[AES256_GCM,data:zVV89tPNeaJUHHGVZjFtfps1KRiVa6/+FEpmaHTp5oy9KcNG/AOO75bypW2jzoRjaCigFzPElzSYZidD7Nt1x6XSzAT+y/YrDRosWUBqadnm/5U4DAP3HfLT9AuTzBCd/qNN3GZvdzXO+SLWpZszcL99V1JUOYLgU4fnQ7bS59ilMqKco0YJsohPcDZHyOIQiKRaPP8HmsxjBtlMzjWnqho4JUMQRT/2jO6wQiJ2dwD+5WR3EFWXcmGAhmhTISHjoMWUnK0iyYe0miVMVAKDgFEN4LKYaQMDFjU=,iv:hsQB+woy8NZYxFI5ZVtWyV9eJQVyNbNfLDS8Jho1tmk=,tag:MeWjOkLOUuMWBWE+2QfJCw==,type:str]
+    config: ENC[AES256_GCM,data:H/m7lUf5UQY61QhKV9zOBnsHhrzwowj7sJ8iTwejNdUlL/JFOTCymsPA0ND4GBGAlInMMSsfBf3HYTSlTx9izjM203Hh09kjFkUxgvrJPFwATsBswQz09GBE5Rk7qxcEIKlhsEMP8I0lwJRNzqpfw/i+dLYzDiboYnNxZ9wbRKEc7pOxbboDAJkwNLyIsQP+JbVXOYw1cyieXhP4VB0h95qukP+5RWA+0REPeUVYObDI1ZWm7rU0KjwYM0E1ZlwC7Tnu1N5A5UC5zkSCv4U21lkTLYVaesgYqp3qg50SEM2cQFygfFzZ1j7H0kKKKzO4d9d0MtLYLAfcq2v/cWUuB7dQPjcbhpBD5jnF03twLAH0ynMpvzinncCG00YTqrNWUJqsPwn7/enKmIsl55zPd0fc,iv:pJzMZrq+V7yPR+czDTTZspUTcajELPRHZevB5a7CtOo=,tag:jtSJZQ3lsuBUtFDGHuWibQ==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -23,8 +23,8 @@ sops:
             UFFON2V5UWp1UUpETzZNSnVJdk5GcWsKupkOEN8OI/EOeu4Kkjo/SNhxMw2pa/gs
             DzlsQRvytwCvAtr7zqHJvS6oeWlyjbirAHlpSzNS4QcqtbtK3mHC/Q==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-06-12T12:14:30Z"
-    mac: ENC[AES256_GCM,data:eqs0sX5bmfWCW7b3qxRpEV+4DdED1j6Pw6w5tK1Acti2SKaG5EyIN2FH+w6BxrKMkjbhU4/YFFSolztt9BWHQzaxe77oMH24fbb/ki6JAv58Pq8T2uZF0t7WOV+NZWJcLCCku4Vq3ar1bIQ/skJolRCZCHvvojY8Viy+L44j7no=,iv:QpmN2jAK9jlIovDDhT/N8BQlxmRsNV10z8BRDTng0sg=,tag:t6+G6a2Aw5Oz8XhXc+ajsQ==,type:str]
+    lastmodified: "2024-06-12T16:32:51Z"
+    mac: ENC[AES256_GCM,data:dHh4kDSHDQAKLgGaW2TjBH09pEdpPSnNLvFb/EqfHWhUuXqjniFGOsR/KkhoYP2aVfQXBoRUyDvC0cspD6//wSqZuWNAwfVhP20XUQ6fNRaV/3RIU4Btp641Mg+wE3RkwANspkF9o5CD0wicDxNoirf60qPTWnD9ABmBPvd6bdI=,iv:nTg9WWP4WnnCmvMb91h8RH4ZS1Jh9xRmawF5k+IzEbw=,tag:B0uncQm5J9T2Q/ZwVrbjug==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.8.1
diff --git a/system/default.nix b/system/default.nix
index eee496e..7820218 100644
--- a/system/default.nix
+++ b/system/default.nix
@@ -4,7 +4,8 @@
     profile-path
     hardware-configuration
     ./modules
-    ./podman
+    # ./podman
+    ./docker
     ./programs.nix
     ./user.nix
     ./keyboard.nix
diff --git a/system/docker/caddy.nix b/system/docker/caddy.nix
new file mode 100644
index 0000000..a095205
--- /dev/null
+++ b/system/docker/caddy.nix
@@ -0,0 +1,40 @@
+{ config, lib, pkgs, ... }:
+let
+  user = config.profile.user;
+  docker = config.profile.docker;
+  cache = "/home/${user.name}/.cache/docker/caddy";
+  image = "lucaslorentz/caddy-docker-proxy:ci-alpine";
+in
+{
+  config = lib.mkIf (docker.enable && docker.caddy.enable) {
+    system.activationScripts.docker-caddy = ''
+      mkdir -p ${cache}
+      chown -R ${config.profile.user.name} ${cache}
+    '';
+    systemd.services.create-caddy-network = with config.virtualisation.oci-containers; {
+      serviceConfig = {
+        Type = "oneshot";
+        # ExecStop = "${pkgs.docker}/bin/docker network rm -f caddy";
+      };
+      wantedBy = [ "${backend}-caddy.service" ];
+      script = ''${pkgs.docker}/bin/docker network inspect caddy || ${pkgs.docker}/bin/docker network create caddy'';
+    };
+    virtualisation.oci-containers.containers = {
+      caddy = {
+        inherit image;
+        environment = {
+          TZ = "Asia/Jakarta";
+        };
+        ports = [ "80:80" "443:443" ];
+        autoStart = true;
+        volumes = [
+          "/var/run/docker.sock:/var/run/docker.sock:z"
+          "${cache}:/data"
+        ];
+        extraOptions = [
+          "--network=caddy"
+        ];
+      };
+    };
+  };
+}
diff --git a/system/modules/docker.nix b/system/docker/default.nix
similarity index 50%
rename from system/modules/docker.nix
rename to system/docker/default.nix
index 15ebe57..1686952 100644
--- a/system/modules/docker.nix
+++ b/system/docker/default.nix
@@ -5,5 +5,11 @@ in
 {
   config = lib.mkIf cfg.enable {
     virtualisation.docker.enable = true;
+    virtualisation.docker.autoPrune.enable = true;
+    virtualisation.oci-containers.backend = "docker";
   };
+
+  imports = [
+    ./caddy.nix
+  ];
 }
diff --git a/system/modules/default.nix b/system/modules/default.nix
index 91179d5..31f8bfa 100644
--- a/system/modules/default.nix
+++ b/system/modules/default.nix
@@ -8,7 +8,6 @@
     ./boot_loader.nix
     ./brightnessctl.nix
     ./cockpit.nix
-    ./docker.nix
     ./flatpak.nix
     ./font.nix
     ./gnome.nix