moved from podman to docker

This commit is contained in:
Tigor Hutasuhut 2024-06-12 23:37:10 +07:00
parent 29f748adfd
commit 544ea1236d
8 changed files with 68 additions and 8 deletions

View file

@ -3,6 +3,7 @@
imports = [ imports = [
./programs.nix ./programs.nix
./hyprland.nix ./hyprland.nix
./docker.nix
./podman.nix ./podman.nix
]; ];
options.profile = { options.profile = {
@ -49,7 +50,6 @@
android.enable = lib.mkEnableOption "android"; android.enable = lib.mkEnableOption "android";
avahi.enable = lib.mkEnableOption "avahi"; avahi.enable = lib.mkEnableOption "avahi";
bluetooth.enable = lib.mkEnableOption "bluetooth"; bluetooth.enable = lib.mkEnableOption "bluetooth";
docker.enable = lib.mkEnableOption "docker";
flatpak.enable = lib.mkEnableOption "flatpak"; flatpak.enable = lib.mkEnableOption "flatpak";
gnome.enable = lib.mkEnableOption "gnome"; gnome.enable = lib.mkEnableOption "gnome";
kde.enable = lib.mkEnableOption "kde"; kde.enable = lib.mkEnableOption "kde";

10
options/docker.nix Normal file
View file

@ -0,0 +1,10 @@
{ lib, ... }:
{
options.profile.docker = {
enable = lib.mkEnableOption "docker";
caddy.enable = lib.mkOption {
type = lib.types.bool;
default = true;
};
};
}

View file

@ -18,12 +18,16 @@
security.sudo.wheelNeedsPassword = false; security.sudo.wheelNeedsPassword = false;
podman = { podman = {
enable = true; enable = false;
}; };
openssh.enable = true; openssh.enable = true;
go.enable = true; go.enable = true;
networking.firewall.enable = true; networking.firewall.enable = true;
networking.firewall.allowedTCPPorts = [ 80 443 ]; networking.firewall.allowedTCPPorts = [ 80 443 ];
cockpit.enable = true; cockpit.enable = false;
docker = {
enable = true;
caddy.enable = true;
};
}; };
} }

View file

@ -7,7 +7,7 @@ spotify:
password: ENC[AES256_GCM,data:Yf2NCLuXVd28kPCHLLc=,iv:Ip4tAMOW5h8TPKavB7pTMt/ojtCq1wxw3Syhey4dGQI=,tag:b2FGiXAo66S6goiH43NQBA==,type:str] password: ENC[AES256_GCM,data:Yf2NCLuXVd28kPCHLLc=,iv:Ip4tAMOW5h8TPKavB7pTMt/ojtCq1wxw3Syhey4dGQI=,tag:b2FGiXAo66S6goiH43NQBA==,type:str]
copilot: ENC[AES256_GCM,data:wxevVVvWYQv5iGH5I4BldwBJWMwL2BYH2b5GbemzbZRhTzNkgvNovQ2fE9gWqBginQwW5TSLgIHJnAqCYEokS26jOHXI7c1r2C1CKEp44AIwD2wb61KACH4nFCa71Blx/w==,iv:QvcwaasP8sVz8qdRWdt3aAMXV+E9eMotc74ARsSRLbw=,tag:OiktpnOw2UovNod3W41zZQ==,type:str] copilot: ENC[AES256_GCM,data:wxevVVvWYQv5iGH5I4BldwBJWMwL2BYH2b5GbemzbZRhTzNkgvNovQ2fE9gWqBginQwW5TSLgIHJnAqCYEokS26jOHXI7c1r2C1CKEp44AIwD2wb61KACH4nFCa71Blx/w==,iv:QvcwaasP8sVz8qdRWdt3aAMXV+E9eMotc74ARsSRLbw=,tag:OiktpnOw2UovNod3W41zZQ==,type:str]
docker: docker:
config: ENC[AES256_GCM,data:zVV89tPNeaJUHHGVZjFtfps1KRiVa6/+FEpmaHTp5oy9KcNG/AOO75bypW2jzoRjaCigFzPElzSYZidD7Nt1x6XSzAT+y/YrDRosWUBqadnm/5U4DAP3HfLT9AuTzBCd/qNN3GZvdzXO+SLWpZszcL99V1JUOYLgU4fnQ7bS59ilMqKco0YJsohPcDZHyOIQiKRaPP8HmsxjBtlMzjWnqho4JUMQRT/2jO6wQiJ2dwD+5WR3EFWXcmGAhmhTISHjoMWUnK0iyYe0miVMVAKDgFEN4LKYaQMDFjU=,iv:hsQB+woy8NZYxFI5ZVtWyV9eJQVyNbNfLDS8Jho1tmk=,tag:MeWjOkLOUuMWBWE+2QfJCw==,type:str] config: ENC[AES256_GCM,data:H/m7lUf5UQY61QhKV9zOBnsHhrzwowj7sJ8iTwejNdUlL/JFOTCymsPA0ND4GBGAlInMMSsfBf3HYTSlTx9izjM203Hh09kjFkUxgvrJPFwATsBswQz09GBE5Rk7qxcEIKlhsEMP8I0lwJRNzqpfw/i+dLYzDiboYnNxZ9wbRKEc7pOxbboDAJkwNLyIsQP+JbVXOYw1cyieXhP4VB0h95qukP+5RWA+0REPeUVYObDI1ZWm7rU0KjwYM0E1ZlwC7Tnu1N5A5UC5zkSCv4U21lkTLYVaesgYqp3qg50SEM2cQFygfFzZ1j7H0kKKKzO4d9d0MtLYLAfcq2v/cWUuB7dQPjcbhpBD5jnF03twLAH0ynMpvzinncCG00YTqrNWUJqsPwn7/enKmIsl55zPd0fc,iv:pJzMZrq+V7yPR+czDTTZspUTcajELPRHZevB5a7CtOo=,tag:jtSJZQ3lsuBUtFDGHuWibQ==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -23,8 +23,8 @@ sops:
UFFON2V5UWp1UUpETzZNSnVJdk5GcWsKupkOEN8OI/EOeu4Kkjo/SNhxMw2pa/gs UFFON2V5UWp1UUpETzZNSnVJdk5GcWsKupkOEN8OI/EOeu4Kkjo/SNhxMw2pa/gs
DzlsQRvytwCvAtr7zqHJvS6oeWlyjbirAHlpSzNS4QcqtbtK3mHC/Q== DzlsQRvytwCvAtr7zqHJvS6oeWlyjbirAHlpSzNS4QcqtbtK3mHC/Q==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-06-12T12:14:30Z" lastmodified: "2024-06-12T16:32:51Z"
mac: ENC[AES256_GCM,data:eqs0sX5bmfWCW7b3qxRpEV+4DdED1j6Pw6w5tK1Acti2SKaG5EyIN2FH+w6BxrKMkjbhU4/YFFSolztt9BWHQzaxe77oMH24fbb/ki6JAv58Pq8T2uZF0t7WOV+NZWJcLCCku4Vq3ar1bIQ/skJolRCZCHvvojY8Viy+L44j7no=,iv:QpmN2jAK9jlIovDDhT/N8BQlxmRsNV10z8BRDTng0sg=,tag:t6+G6a2Aw5Oz8XhXc+ajsQ==,type:str] mac: ENC[AES256_GCM,data:dHh4kDSHDQAKLgGaW2TjBH09pEdpPSnNLvFb/EqfHWhUuXqjniFGOsR/KkhoYP2aVfQXBoRUyDvC0cspD6//wSqZuWNAwfVhP20XUQ6fNRaV/3RIU4Btp641Mg+wE3RkwANspkF9o5CD0wicDxNoirf60qPTWnD9ABmBPvd6bdI=,iv:nTg9WWP4WnnCmvMb91h8RH4ZS1Jh9xRmawF5k+IzEbw=,tag:B0uncQm5J9T2Q/ZwVrbjug==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.8.1

View file

@ -4,7 +4,8 @@
profile-path profile-path
hardware-configuration hardware-configuration
./modules ./modules
./podman # ./podman
./docker
./programs.nix ./programs.nix
./user.nix ./user.nix
./keyboard.nix ./keyboard.nix

40
system/docker/caddy.nix Normal file
View file

@ -0,0 +1,40 @@
{ config, lib, pkgs, ... }:
let
user = config.profile.user;
docker = config.profile.docker;
cache = "/home/${user.name}/.cache/docker/caddy";
image = "lucaslorentz/caddy-docker-proxy:ci-alpine";
in
{
config = lib.mkIf (docker.enable && docker.caddy.enable) {
system.activationScripts.docker-caddy = ''
mkdir -p ${cache}
chown -R ${config.profile.user.name} ${cache}
'';
systemd.services.create-caddy-network = with config.virtualisation.oci-containers; {
serviceConfig = {
Type = "oneshot";
# ExecStop = "${pkgs.docker}/bin/docker network rm -f caddy";
};
wantedBy = [ "${backend}-caddy.service" ];
script = ''${pkgs.docker}/bin/docker network inspect caddy || ${pkgs.docker}/bin/docker network create caddy'';
};
virtualisation.oci-containers.containers = {
caddy = {
inherit image;
environment = {
TZ = "Asia/Jakarta";
};
ports = [ "80:80" "443:443" ];
autoStart = true;
volumes = [
"/var/run/docker.sock:/var/run/docker.sock:z"
"${cache}:/data"
];
extraOptions = [
"--network=caddy"
];
};
};
};
}

View file

@ -5,5 +5,11 @@ in
{ {
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
virtualisation.docker.enable = true; virtualisation.docker.enable = true;
virtualisation.docker.autoPrune.enable = true;
virtualisation.oci-containers.backend = "docker";
}; };
imports = [
./caddy.nix
];
} }

View file

@ -8,7 +8,6 @@
./boot_loader.nix ./boot_loader.nix
./brightnessctl.nix ./brightnessctl.nix
./cockpit.nix ./cockpit.nix
./docker.nix
./flatpak.nix ./flatpak.nix
./font.nix ./font.nix
./gnome.nix ./gnome.nix