nixos-config/modules/docker/default.nix

80 lines
1.9 KiB
Nix
Raw Normal View History

{ lib
, pkgs
, config
, ...
2022-03-01 22:19:03 +01:00
}:
with lib; let
cfg = config.eboskma.podman;
podmanInterfaces = if config.networking.nftables.enable then "podman*" else "podman+";
in
{
options.eboskma.podman = {
enable = mkEnableOption "podman";
enableNvidia = mkEnableOption "podman NVidia support";
# enableTcpSocket = mkEnableOption "podman TCP socket";
};
2021-11-21 19:07:12 +01:00
config = mkIf cfg.enable {
2023-07-10 13:42:56 +02:00
environment.systemPackages = [ pkgs.podman-compose pkgs.netavark ];
2021-11-21 19:07:12 +01:00
2023-07-04 20:30:36 +02:00
virtualisation.podman = {
2021-11-21 19:07:12 +01:00
enable = true;
enableNvidia = cfg.enableNvidia;
2023-07-04 20:30:36 +02:00
dockerCompat = true;
2022-12-09 10:42:31 +01:00
autoPrune = {
enable = true;
2022-12-09 10:42:31 +01:00
dates = "weekly";
};
2023-07-04 20:30:36 +02:00
defaultNetwork.settings.dns_enable = true;
2022-10-25 09:40:08 +02:00
};
2022-12-09 10:42:31 +01:00
virtualisation.containers = {
registries = {
2023-07-04 20:30:36 +02:00
insecure = [ "containers.internal.horus.nu" ];
search = [
"docker.io"
"quay.io"
"containers.internal.horus.nu"
];
2022-05-26 11:32:30 +02:00
};
2023-07-10 13:42:56 +02:00
containersConf.settings = {
engine = {
helper_binaries_dir = [
"${pkgs.podman}/libexec/podman"
];
2023-07-10 13:42:56 +02:00
};
containers = {
log_driver = "k8s-file";
events_logger = "journald";
};
2023-07-10 13:42:56 +02:00
};
2021-11-21 19:07:12 +01:00
};
users.extraUsers.${config.eboskma.var.mainUser}.extraGroups = [ "podman" ];
2022-12-09 10:42:31 +01:00
2023-07-04 20:30:36 +02:00
# Make DNS work in containers
networking.firewall.interfaces.${podmanInterfaces} = {
2023-07-04 20:30:36 +02:00
allowedUDPPorts = [ 53 ];
allowedTCPPorts = [ 53 ];
};
2022-12-09 10:42:31 +01:00
# services.ghostunnel = mkIf cfg.enableTcpSocket {
# enable = true;
# servers."podman-socket" = {
# listen = "0.0.0.0:2376";
# target = "unix:/run/podman/podman.sock";
# allowAll = mkDefault true;
# extraArguments = ''
# --auto-acme-cert=mimir.internal.horus.nu
# --auto-acme-email=erwin@horus.nu
# --auto-acme-ca=https://mimir.internal.horus.nu
# '';
# };
# };
2021-11-21 19:07:12 +01:00
};
}