moved from podman to docker

2024-06-12 23:37:10 +07:00 · 2024-06-12 23:37:10 +07:00 · 544ea1236d
parent 29f748adfd
commit 544ea1236d
8 changed files with 68 additions and 8 deletions
--- a/options/default.nix
+++ b/options/default.nix
@ -3,6 +3,7 @@
  imports = [
    ./programs.nix
    ./hyprland.nix
    ./docker.nix
    ./podman.nix
  ];
  options.profile = {
@ -49,7 +50,6 @@
    android.enable = lib.mkEnableOption "android";
    avahi.enable = lib.mkEnableOption "avahi";
    bluetooth.enable = lib.mkEnableOption "bluetooth";
    docker.enable = lib.mkEnableOption "docker";
    flatpak.enable = lib.mkEnableOption "flatpak";
    gnome.enable = lib.mkEnableOption "gnome";
    kde.enable = lib.mkEnableOption "kde";
--- a/options/docker.nix
+++ b/options/docker.nix
@ -0,0 +1,10 @@
 { lib, ... }:
 {
  options.profile.docker = {
    enable = lib.mkEnableOption "docker";
    caddy.enable = lib.mkOption {
      type = lib.types.bool;
      default = true;
    };
  };
 }
--- a/profiles/homeserver.nix
+++ b/profiles/homeserver.nix
@ -18,12 +18,16 @@
    security.sudo.wheelNeedsPassword = false;
    podman = {
-      enable = true;
+      enable = false;
    };
    openssh.enable = true;
    go.enable = true;
    networking.firewall.enable = true;
    networking.firewall.allowedTCPPorts = [ 80 443 ];
-    cockpit.enable = true;
+    cockpit.enable = false;
    docker = {
      enable = true;
      caddy.enable = true;
    };
  };
 }
--- a/secrets/secrets.yaml
+++ b/secrets/secrets.yaml
@ -7,7 +7,7 @@ spotify:
    password: ENC[AES256_GCM,data:Yf2NCLuXVd28kPCHLLc=,iv:Ip4tAMOW5h8TPKavB7pTMt/ojtCq1wxw3Syhey4dGQI=,tag:b2FGiXAo66S6goiH43NQBA==,type:str]
 copilot: ENC[AES256_GCM,data:wxevVVvWYQv5iGH5I4BldwBJWMwL2BYH2b5GbemzbZRhTzNkgvNovQ2fE9gWqBginQwW5TSLgIHJnAqCYEokS26jOHXI7c1r2C1CKEp44AIwD2wb61KACH4nFCa71Blx/w==,iv:QvcwaasP8sVz8qdRWdt3aAMXV+E9eMotc74ARsSRLbw=,tag:OiktpnOw2UovNod3W41zZQ==,type:str]
 docker:
-    config: ENC[AES256_GCM,data:zVV89tPNeaJUHHGVZjFtfps1KRiVa6/+FEpmaHTp5oy9KcNG/AOO75bypW2jzoRjaCigFzPElzSYZidD7Nt1x6XSzAT+y/YrDRosWUBqadnm/5U4DAP3HfLT9AuTzBCd/qNN3GZvdzXO+SLWpZszcL99V1JUOYLgU4fnQ7bS59ilMqKco0YJsohPcDZHyOIQiKRaPP8HmsxjBtlMzjWnqho4JUMQRT/2jO6wQiJ2dwD+5WR3EFWXcmGAhmhTISHjoMWUnK0iyYe0miVMVAKDgFEN4LKYaQMDFjU=,iv:hsQB+woy8NZYxFI5ZVtWyV9eJQVyNbNfLDS8Jho1tmk=,tag:MeWjOkLOUuMWBWE+2QfJCw==,type:str]
+    config: ENC[AES256_GCM,data:H/m7lUf5UQY61QhKV9zOBnsHhrzwowj7sJ8iTwejNdUlL/JFOTCymsPA0ND4GBGAlInMMSsfBf3HYTSlTx9izjM203Hh09kjFkUxgvrJPFwATsBswQz09GBE5Rk7qxcEIKlhsEMP8I0lwJRNzqpfw/i+dLYzDiboYnNxZ9wbRKEc7pOxbboDAJkwNLyIsQP+JbVXOYw1cyieXhP4VB0h95qukP+5RWA+0REPeUVYObDI1ZWm7rU0KjwYM0E1ZlwC7Tnu1N5A5UC5zkSCv4U21lkTLYVaesgYqp3qg50SEM2cQFygfFzZ1j7H0kKKKzO4d9d0MtLYLAfcq2v/cWUuB7dQPjcbhpBD5jnF03twLAH0ynMpvzinncCG00YTqrNWUJqsPwn7/enKmIsl55zPd0fc,iv:pJzMZrq+V7yPR+czDTTZspUTcajELPRHZevB5a7CtOo=,tag:jtSJZQ3lsuBUtFDGHuWibQ==,type:str]
 sops:
    kms: []
    gcp_kms: []
@ -23,8 +23,8 @@ sops:
            UFFON2V5UWp1UUpETzZNSnVJdk5GcWsKupkOEN8OI/EOeu4Kkjo/SNhxMw2pa/gs
            DzlsQRvytwCvAtr7zqHJvS6oeWlyjbirAHlpSzNS4QcqtbtK3mHC/Q==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-06-12T12:14:30Z"
+    lastmodified: "2024-06-12T16:32:51Z"
-    mac: ENC[AES256_GCM,data:eqs0sX5bmfWCW7b3qxRpEV+4DdED1j6Pw6w5tK1Acti2SKaG5EyIN2FH+w6BxrKMkjbhU4/YFFSolztt9BWHQzaxe77oMH24fbb/ki6JAv58Pq8T2uZF0t7WOV+NZWJcLCCku4Vq3ar1bIQ/skJolRCZCHvvojY8Viy+L44j7no=,iv:QpmN2jAK9jlIovDDhT/N8BQlxmRsNV10z8BRDTng0sg=,tag:t6+G6a2Aw5Oz8XhXc+ajsQ==,type:str]
+    mac: ENC[AES256_GCM,data:dHh4kDSHDQAKLgGaW2TjBH09pEdpPSnNLvFb/EqfHWhUuXqjniFGOsR/KkhoYP2aVfQXBoRUyDvC0cspD6//wSqZuWNAwfVhP20XUQ6fNRaV/3RIU4Btp641Mg+wE3RkwANspkF9o5CD0wicDxNoirf60qPTWnD9ABmBPvd6bdI=,iv:nTg9WWP4WnnCmvMb91h8RH4ZS1Jh9xRmawF5k+IzEbw=,tag:B0uncQm5J9T2Q/ZwVrbjug==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.8.1
--- a/system/default.nix
+++ b/system/default.nix
@ -4,7 +4,8 @@
    profile-path
    hardware-configuration
    ./modules
-    ./podman
+    # ./podman
    ./docker
    ./programs.nix
    ./user.nix
    ./keyboard.nix
--- a/system/docker/caddy.nix
+++ b/system/docker/caddy.nix
@ -0,0 +1,40 @@
 { config, lib, pkgs, ... }:
 let
  user = config.profile.user;
  docker = config.profile.docker;
  cache = "/home/${user.name}/.cache/docker/caddy";
  image = "lucaslorentz/caddy-docker-proxy:ci-alpine";
 in
 {
  config = lib.mkIf (docker.enable && docker.caddy.enable) {
    system.activationScripts.docker-caddy = ''
      mkdir -p ${cache}
      chown -R ${config.profile.user.name} ${cache}
    '';
    systemd.services.create-caddy-network = with config.virtualisation.oci-containers; {
      serviceConfig = {
        Type = "oneshot";
        # ExecStop = "${pkgs.docker}/bin/docker network rm -f caddy";
      };
      wantedBy = [ "${backend}-caddy.service" ];
      script = ''${pkgs.docker}/bin/docker network inspect caddy || ${pkgs.docker}/bin/docker network create caddy'';
    };
    virtualisation.oci-containers.containers = {
      caddy = {
        inherit image;
        environment = {
          TZ = "Asia/Jakarta";
        };
        ports = [ "80:80" "443:443" ];
        autoStart = true;
        volumes = [
          "/var/run/docker.sock:/var/run/docker.sock:z"
          "${cache}:/data"
        ];
        extraOptions = [
          "--network=caddy"
        ];
      };
    };
  };
 }
--- a/system/docker/default.nix
+++ b/system/docker/default.nix
@ -5,5 +5,11 @@ in
 {
  config = lib.mkIf cfg.enable {
    virtualisation.docker.enable = true;
    virtualisation.docker.autoPrune.enable = true;
    virtualisation.oci-containers.backend = "docker";
  };
  imports = [
    ./caddy.nix
  ];
 }
--- a/system/modules/default.nix
+++ b/system/modules/default.nix
@ -8,7 +8,6 @@
    ./boot_loader.nix
    ./brightnessctl.nix
    ./cockpit.nix
    ./docker.nix
    ./flatpak.nix
    ./font.nix
    ./gnome.nix