moved from podman to docker
This commit is contained in:
parent
29f748adfd
commit
544ea1236d
|
@ -3,6 +3,7 @@
|
||||||
imports = [
|
imports = [
|
||||||
./programs.nix
|
./programs.nix
|
||||||
./hyprland.nix
|
./hyprland.nix
|
||||||
|
./docker.nix
|
||||||
./podman.nix
|
./podman.nix
|
||||||
];
|
];
|
||||||
options.profile = {
|
options.profile = {
|
||||||
|
@ -49,7 +50,6 @@
|
||||||
android.enable = lib.mkEnableOption "android";
|
android.enable = lib.mkEnableOption "android";
|
||||||
avahi.enable = lib.mkEnableOption "avahi";
|
avahi.enable = lib.mkEnableOption "avahi";
|
||||||
bluetooth.enable = lib.mkEnableOption "bluetooth";
|
bluetooth.enable = lib.mkEnableOption "bluetooth";
|
||||||
docker.enable = lib.mkEnableOption "docker";
|
|
||||||
flatpak.enable = lib.mkEnableOption "flatpak";
|
flatpak.enable = lib.mkEnableOption "flatpak";
|
||||||
gnome.enable = lib.mkEnableOption "gnome";
|
gnome.enable = lib.mkEnableOption "gnome";
|
||||||
kde.enable = lib.mkEnableOption "kde";
|
kde.enable = lib.mkEnableOption "kde";
|
||||||
|
|
10
options/docker.nix
Normal file
10
options/docker.nix
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
{ lib, ... }:
|
||||||
|
{
|
||||||
|
options.profile.docker = {
|
||||||
|
enable = lib.mkEnableOption "docker";
|
||||||
|
caddy.enable = lib.mkOption {
|
||||||
|
type = lib.types.bool;
|
||||||
|
default = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -18,12 +18,16 @@
|
||||||
security.sudo.wheelNeedsPassword = false;
|
security.sudo.wheelNeedsPassword = false;
|
||||||
|
|
||||||
podman = {
|
podman = {
|
||||||
enable = true;
|
enable = false;
|
||||||
};
|
};
|
||||||
openssh.enable = true;
|
openssh.enable = true;
|
||||||
go.enable = true;
|
go.enable = true;
|
||||||
networking.firewall.enable = true;
|
networking.firewall.enable = true;
|
||||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||||
cockpit.enable = true;
|
cockpit.enable = false;
|
||||||
|
docker = {
|
||||||
|
enable = true;
|
||||||
|
caddy.enable = true;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -7,7 +7,7 @@ spotify:
|
||||||
password: ENC[AES256_GCM,data:Yf2NCLuXVd28kPCHLLc=,iv:Ip4tAMOW5h8TPKavB7pTMt/ojtCq1wxw3Syhey4dGQI=,tag:b2FGiXAo66S6goiH43NQBA==,type:str]
|
password: ENC[AES256_GCM,data:Yf2NCLuXVd28kPCHLLc=,iv:Ip4tAMOW5h8TPKavB7pTMt/ojtCq1wxw3Syhey4dGQI=,tag:b2FGiXAo66S6goiH43NQBA==,type:str]
|
||||||
copilot: ENC[AES256_GCM,data:wxevVVvWYQv5iGH5I4BldwBJWMwL2BYH2b5GbemzbZRhTzNkgvNovQ2fE9gWqBginQwW5TSLgIHJnAqCYEokS26jOHXI7c1r2C1CKEp44AIwD2wb61KACH4nFCa71Blx/w==,iv:QvcwaasP8sVz8qdRWdt3aAMXV+E9eMotc74ARsSRLbw=,tag:OiktpnOw2UovNod3W41zZQ==,type:str]
|
copilot: ENC[AES256_GCM,data:wxevVVvWYQv5iGH5I4BldwBJWMwL2BYH2b5GbemzbZRhTzNkgvNovQ2fE9gWqBginQwW5TSLgIHJnAqCYEokS26jOHXI7c1r2C1CKEp44AIwD2wb61KACH4nFCa71Blx/w==,iv:QvcwaasP8sVz8qdRWdt3aAMXV+E9eMotc74ARsSRLbw=,tag:OiktpnOw2UovNod3W41zZQ==,type:str]
|
||||||
docker:
|
docker:
|
||||||
config: ENC[AES256_GCM,data:zVV89tPNeaJUHHGVZjFtfps1KRiVa6/+FEpmaHTp5oy9KcNG/AOO75bypW2jzoRjaCigFzPElzSYZidD7Nt1x6XSzAT+y/YrDRosWUBqadnm/5U4DAP3HfLT9AuTzBCd/qNN3GZvdzXO+SLWpZszcL99V1JUOYLgU4fnQ7bS59ilMqKco0YJsohPcDZHyOIQiKRaPP8HmsxjBtlMzjWnqho4JUMQRT/2jO6wQiJ2dwD+5WR3EFWXcmGAhmhTISHjoMWUnK0iyYe0miVMVAKDgFEN4LKYaQMDFjU=,iv:hsQB+woy8NZYxFI5ZVtWyV9eJQVyNbNfLDS8Jho1tmk=,tag:MeWjOkLOUuMWBWE+2QfJCw==,type:str]
|
config: ENC[AES256_GCM,data:H/m7lUf5UQY61QhKV9zOBnsHhrzwowj7sJ8iTwejNdUlL/JFOTCymsPA0ND4GBGAlInMMSsfBf3HYTSlTx9izjM203Hh09kjFkUxgvrJPFwATsBswQz09GBE5Rk7qxcEIKlhsEMP8I0lwJRNzqpfw/i+dLYzDiboYnNxZ9wbRKEc7pOxbboDAJkwNLyIsQP+JbVXOYw1cyieXhP4VB0h95qukP+5RWA+0REPeUVYObDI1ZWm7rU0KjwYM0E1ZlwC7Tnu1N5A5UC5zkSCv4U21lkTLYVaesgYqp3qg50SEM2cQFygfFzZ1j7H0kKKKzO4d9d0MtLYLAfcq2v/cWUuB7dQPjcbhpBD5jnF03twLAH0ynMpvzinncCG00YTqrNWUJqsPwn7/enKmIsl55zPd0fc,iv:pJzMZrq+V7yPR+czDTTZspUTcajELPRHZevB5a7CtOo=,tag:jtSJZQ3lsuBUtFDGHuWibQ==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
|
@ -23,8 +23,8 @@ sops:
|
||||||
UFFON2V5UWp1UUpETzZNSnVJdk5GcWsKupkOEN8OI/EOeu4Kkjo/SNhxMw2pa/gs
|
UFFON2V5UWp1UUpETzZNSnVJdk5GcWsKupkOEN8OI/EOeu4Kkjo/SNhxMw2pa/gs
|
||||||
DzlsQRvytwCvAtr7zqHJvS6oeWlyjbirAHlpSzNS4QcqtbtK3mHC/Q==
|
DzlsQRvytwCvAtr7zqHJvS6oeWlyjbirAHlpSzNS4QcqtbtK3mHC/Q==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-06-12T12:14:30Z"
|
lastmodified: "2024-06-12T16:32:51Z"
|
||||||
mac: ENC[AES256_GCM,data:eqs0sX5bmfWCW7b3qxRpEV+4DdED1j6Pw6w5tK1Acti2SKaG5EyIN2FH+w6BxrKMkjbhU4/YFFSolztt9BWHQzaxe77oMH24fbb/ki6JAv58Pq8T2uZF0t7WOV+NZWJcLCCku4Vq3ar1bIQ/skJolRCZCHvvojY8Viy+L44j7no=,iv:QpmN2jAK9jlIovDDhT/N8BQlxmRsNV10z8BRDTng0sg=,tag:t6+G6a2Aw5Oz8XhXc+ajsQ==,type:str]
|
mac: ENC[AES256_GCM,data:dHh4kDSHDQAKLgGaW2TjBH09pEdpPSnNLvFb/EqfHWhUuXqjniFGOsR/KkhoYP2aVfQXBoRUyDvC0cspD6//wSqZuWNAwfVhP20XUQ6fNRaV/3RIU4Btp641Mg+wE3RkwANspkF9o5CD0wicDxNoirf60qPTWnD9ABmBPvd6bdI=,iv:nTg9WWP4WnnCmvMb91h8RH4ZS1Jh9xRmawF5k+IzEbw=,tag:B0uncQm5J9T2Q/ZwVrbjug==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.8.1
|
version: 3.8.1
|
||||||
|
|
|
@ -4,7 +4,8 @@
|
||||||
profile-path
|
profile-path
|
||||||
hardware-configuration
|
hardware-configuration
|
||||||
./modules
|
./modules
|
||||||
./podman
|
# ./podman
|
||||||
|
./docker
|
||||||
./programs.nix
|
./programs.nix
|
||||||
./user.nix
|
./user.nix
|
||||||
./keyboard.nix
|
./keyboard.nix
|
||||||
|
|
40
system/docker/caddy.nix
Normal file
40
system/docker/caddy.nix
Normal file
|
@ -0,0 +1,40 @@
|
||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
let
|
||||||
|
user = config.profile.user;
|
||||||
|
docker = config.profile.docker;
|
||||||
|
cache = "/home/${user.name}/.cache/docker/caddy";
|
||||||
|
image = "lucaslorentz/caddy-docker-proxy:ci-alpine";
|
||||||
|
in
|
||||||
|
{
|
||||||
|
config = lib.mkIf (docker.enable && docker.caddy.enable) {
|
||||||
|
system.activationScripts.docker-caddy = ''
|
||||||
|
mkdir -p ${cache}
|
||||||
|
chown -R ${config.profile.user.name} ${cache}
|
||||||
|
'';
|
||||||
|
systemd.services.create-caddy-network = with config.virtualisation.oci-containers; {
|
||||||
|
serviceConfig = {
|
||||||
|
Type = "oneshot";
|
||||||
|
# ExecStop = "${pkgs.docker}/bin/docker network rm -f caddy";
|
||||||
|
};
|
||||||
|
wantedBy = [ "${backend}-caddy.service" ];
|
||||||
|
script = ''${pkgs.docker}/bin/docker network inspect caddy || ${pkgs.docker}/bin/docker network create caddy'';
|
||||||
|
};
|
||||||
|
virtualisation.oci-containers.containers = {
|
||||||
|
caddy = {
|
||||||
|
inherit image;
|
||||||
|
environment = {
|
||||||
|
TZ = "Asia/Jakarta";
|
||||||
|
};
|
||||||
|
ports = [ "80:80" "443:443" ];
|
||||||
|
autoStart = true;
|
||||||
|
volumes = [
|
||||||
|
"/var/run/docker.sock:/var/run/docker.sock:z"
|
||||||
|
"${cache}:/data"
|
||||||
|
];
|
||||||
|
extraOptions = [
|
||||||
|
"--network=caddy"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -5,5 +5,11 @@ in
|
||||||
{
|
{
|
||||||
config = lib.mkIf cfg.enable {
|
config = lib.mkIf cfg.enable {
|
||||||
virtualisation.docker.enable = true;
|
virtualisation.docker.enable = true;
|
||||||
|
virtualisation.docker.autoPrune.enable = true;
|
||||||
|
virtualisation.oci-containers.backend = "docker";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
imports = [
|
||||||
|
./caddy.nix
|
||||||
|
];
|
||||||
}
|
}
|
|
@ -8,7 +8,6 @@
|
||||||
./boot_loader.nix
|
./boot_loader.nix
|
||||||
./brightnessctl.nix
|
./brightnessctl.nix
|
||||||
./cockpit.nix
|
./cockpit.nix
|
||||||
./docker.nix
|
|
||||||
./flatpak.nix
|
./flatpak.nix
|
||||||
./font.nix
|
./font.nix
|
||||||
./gnome.nix
|
./gnome.nix
|
||||||
|
|
Loading…
Reference in a new issue