From 9fb87ca6f94c332893844fae9174ffc7750812fa Mon Sep 17 00:00:00 2001
From: Erwin Boskma <erwin@datarift.nl>
Date: Tue, 4 Jul 2023 20:30:36 +0200
Subject: [PATCH] docker: make it actually podman

---
 machines/drone/configuration.nix |  2 +-
 modules/docker/default.nix       | 30 +++++++++++++++++++-----------
 modules/woodpecker/default.nix   | 24 ------------------------
 3 files changed, 20 insertions(+), 36 deletions(-)

diff --git a/machines/drone/configuration.nix b/machines/drone/configuration.nix
index 944acdb..76187d1 100644
--- a/machines/drone/configuration.nix
+++ b/machines/drone/configuration.nix
@@ -11,7 +11,7 @@
       enable = true;
       server = true;
     };
-    # docker.enable = true;
+    docker.enable = true;
     # drone.enable = true;
     nix-common = {
       enable = true;
diff --git a/modules/docker/default.nix b/modules/docker/default.nix
index 645b8fa..b0a2c67 100644
--- a/modules/docker/default.nix
+++ b/modules/docker/default.nix
@@ -14,33 +14,35 @@ in
   };
 
   config = mkIf cfg.enable {
-    environment.systemPackages = with pkgs; [ docker-compose ];
+    # environment.systemPackages = with pkgs; [ docker-compose ];
+    environment.systemPackages = [ pkgs.podman-compose ];
 
-    virtualisation.docker = {
+    virtualisation.podman = {
       enable = true;
       enableNvidia = cfg.enableNvidia;
+      dockerCompat = true;
 
       autoPrune = {
         enable = true;
         dates = "weekly";
       };
 
-      daemon.settings = {
-        insecure-registries = config.virtualisation.containers.registries.insecure;
-        features = {
-          buildkit = true;
-        };
-      };
+      # daemon.settings = {
+      #   insecure-registries = config.virtualisation.containers.registries.insecure;
+      #   features = {
+      #     buildkit = true;
+      #   };
+      # };
+      defaultNetwork.settings.dns_enable = true;
+
     };
 
     virtualisation.containers = {
       registries = {
-        insecure = [ "docker02.bedum.horus.nu:5000" "yocto-build-server.bedum.horus.nu:5000" "containers.internal.horus.nu" ];
+        insecure = [ "containers.internal.horus.nu" ];
         search = [
           "docker.io"
           "quay.io"
-          "docker02.bedum.horus.nu:5000"
-          "yocto-build-server.bedum.horus.nu:5000"
           "containers.internal.horus.nu"
         ];
       };
@@ -48,6 +50,12 @@ in
 
     users.extraUsers.${config.eboskma.var.mainUser}.extraGroups = [ "docker" "podman" ];
 
+    # Make DNS work in containers
+    networking.firewall.interfaces."podman+" = {
+      allowedUDPPorts = [ 53 ];
+      allowedTCPPorts = [ 53 ];
+    };
+
     # services.ghostunnel = mkIf cfg.enableTcpSocket {
     #   enable = true;
     #   servers."podman-socket" = {
diff --git a/modules/woodpecker/default.nix b/modules/woodpecker/default.nix
index 87d317e..b9bb241 100644
--- a/modules/woodpecker/default.nix
+++ b/modules/woodpecker/default.nix
@@ -33,29 +33,5 @@ in
 
     environment.systemPackages = [ pkgs.woodpecker-cli ];
 
-    # virtualisation.docker = {
-    #   enable = true;
-    #   autoPrune = {
-    #     enable = true;
-    #   };
-    # };
-
-    virtualisation.podman = {
-      enable = true;
-      dockerCompat = true;
-      autoPrune = {
-        enable = true;
-      };
-      defaultNetwork.settings.dns_enable = true;
-    };
-
-    networking.firewall = {
-      allowedTCPPorts = [ 8100 ];
-
-      interfaces."podman+" = {
-        allowedUDPPorts = [ 53 ];
-        allowedTCPPorts = [ 53 ];
-      };
-    };
   };
 }