nixos-config/modules/docker/default.nix

{ lib
, pkgs
, config
, ...
}:
with lib; let
  cfg = config.eboskma.docker;
in
{
  options.eboskma.docker = {
    enable = mkEnableOption "docker";
    enableNvidia = mkEnableOption "docker NVidia support";
    # enableTcpSocket = mkEnableOption "docker TCP socket";
  };

  config = mkIf cfg.enable {
    # environment.systemPackages = with pkgs; [ docker-compose ];
    environment.systemPackages = [ pkgs.podman-compose pkgs.netavark ];

    virtualisation.podman = {
      enable = true;
      enableNvidia = cfg.enableNvidia;
      dockerCompat = true;

      autoPrune = {
        enable = true;
        dates = "weekly";
      };

      # daemon.settings = {
      #   insecure-registries = config.virtualisation.containers.registries.insecure;
      #   features = {
      #     buildkit = true;
      #   };
      # };
      defaultNetwork.settings.dns_enable = true;

    };

    virtualisation.containers = {
      registries = {
        insecure = [ "containers.internal.horus.nu" ];
        search = [
          "docker.io"
          "quay.io"
          "containers.internal.horus.nu"
        ];
      };
      containersConf.settings = {
        engine = {
          helper_binaries_dir = [ "${pkgs.netavark}/bin" ];
        };
      };
    };

    users.extraUsers.${config.eboskma.var.mainUser}.extraGroups = [ "docker" "podman" ];

    # Make DNS work in containers
    networking.firewall.interfaces."podman+" = {
      allowedUDPPorts = [ 53 ];
      allowedTCPPorts = [ 53 ];
    };

    # services.ghostunnel = mkIf cfg.enableTcpSocket {
    #   enable = true;
    #   servers."podman-socket" = {
    #     listen = "0.0.0.0:2376";
    #     target = "unix:/run/podman/podman.sock";
    #     allowAll = mkDefault true;
    #     extraArguments = ''
    #       --auto-acme-cert=mimir.internal.horus.nu
    #       --auto-acme-email=erwin@horus.nu
    #       --auto-acme-ca=https://mimir.internal.horus.nu
    #     '';
    #   };
    # };
  };
}
Gitea fixes, formatting with nixpkgs-fmt 2022-04-27 00:21:19 +02:00			`{ lib`
			`, pkgs`
			`, config`
			`, ...`
Formatting with alejandra 2022-03-01 22:19:03 +01:00			`}:`
			`with lib; let`
			`cfg = config.eboskma.docker;`
Gitea fixes, formatting with nixpkgs-fmt 2022-04-27 00:21:19 +02:00			`in`
			`{`
Enable podman NVidia support and TCP socket 2022-12-06 13:43:00 +01:00			`options.eboskma.docker = {`
Enable BuildKit by default in docker 2023-03-10 12:57:46 +01:00			`enable = mkEnableOption "docker";`
			`enableNvidia = mkEnableOption "docker NVidia support";`
			`# enableTcpSocket = mkEnableOption "docker TCP socket";`
Enable podman NVidia support and TCP socket 2022-12-06 13:43:00 +01:00			`};`
Refining 2021-11-21 19:07:12 +01:00
			`config = mkIf cfg.enable {`
docker: make it actually podman 2023-07-04 20:30:36 +02:00			`# environment.systemPackages = with pkgs; [ docker-compose ];`
podman: Add netavark 2023-07-10 13:42:56 +02:00			`environment.systemPackages = [ pkgs.podman-compose pkgs.netavark ];`
Refining 2021-11-21 19:07:12 +01:00
docker: make it actually podman 2023-07-04 20:30:36 +02:00			`virtualisation.podman = {`
Refining 2021-11-21 19:07:12 +01:00			`enable = true;`
Enable podman NVidia support and TCP socket 2022-12-06 13:43:00 +01:00			`enableNvidia = cfg.enableNvidia;`
docker: make it actually podman 2023-07-04 20:30:36 +02:00			`dockerCompat = true;`
Add nvidia support to docker module 2022-12-09 10:42:31 +01:00
			`autoPrune = {`
Enable podman NVidia support and TCP socket 2022-12-06 13:43:00 +01:00			`enable = true;`
Add nvidia support to docker module 2022-12-09 10:42:31 +01:00			`dates = "weekly";`
Enable podman NVidia support and TCP socket 2022-12-06 13:43:00 +01:00			`};`
Fix NVidia stuff, add insecure registries to docker 2022-12-22 11:35:17 +01:00
docker: make it actually podman 2023-07-04 20:30:36 +02:00			`# daemon.settings = {`
			`# insecure-registries = config.virtualisation.containers.registries.insecure;`
			`# features = {`
			`# buildkit = true;`
			`# };`
			`# };`
			`defaultNetwork.settings.dns_enable = true;`

Update flake.lock 2022-10-25 09:40:08 +02:00			`};`
Add nvidia support to docker module 2022-12-09 10:42:31 +01:00
Make insecure registries work for podman 2022-11-11 20:40:08 +01:00			`virtualisation.containers = {`
			`registries = {`
docker: make it actually podman 2023-07-04 20:30:36 +02:00			`insecure = [ "containers.internal.horus.nu" ];`
Make insecure registries work for podman 2022-11-11 20:40:08 +01:00			`search = [`
			`"docker.io"`
			`"quay.io"`
			`"containers.internal.horus.nu"`
			`];`
Add Horus docker registries 2022-05-26 11:32:30 +02:00			`};`
podman: Add netavark 2023-07-10 13:42:56 +02:00			`containersConf.settings = {`
			`engine = {`
			`helper_binaries_dir = [ "${pkgs.netavark}/bin" ];`
			`};`
			`};`
Refining 2021-11-21 19:07:12 +01:00			`};`

Update flake.lock 2022-10-25 09:40:08 +02:00			`users.extraUsers.${config.eboskma.var.mainUser}.extraGroups = [ "docker" "podman" ];`
Add nvidia support to docker module 2022-12-09 10:42:31 +01:00
docker: make it actually podman 2023-07-04 20:30:36 +02:00			`# Make DNS work in containers`
			`networking.firewall.interfaces."podman+" = {`
			`allowedUDPPorts = [ 53 ];`
			`allowedTCPPorts = [ 53 ];`
			`};`

Add nvidia support to docker module 2022-12-09 10:42:31 +01:00			`# services.ghostunnel = mkIf cfg.enableTcpSocket {`
			`# enable = true;`
			`# servers."podman-socket" = {`
			`# listen = "0.0.0.0:2376";`
			`# target = "unix:/run/podman/podman.sock";`
			`# allowAll = mkDefault true;`
			`# extraArguments = ''`
			`# --auto-acme-cert=mimir.internal.horus.nu`
			`# --auto-acme-email=erwin@horus.nu`
			`# --auto-acme-ca=https://mimir.internal.horus.nu`
			`# '';`
			`# };`
			`# };`
Refining 2021-11-21 19:07:12 +01:00			`};`
			`}`