diff --git a/modules/docker/default.nix b/modules/docker/default.nix index 539a113..c481b2e 100644 --- a/modules/docker/default.nix +++ b/modules/docker/default.nix @@ -16,22 +16,16 @@ in config = mkIf cfg.enable { environment.systemPackages = with pkgs; [ docker-compose ]; - virtualisation.podman = { + virtualisation.docker = { enable = true; enableNvidia = cfg.enableNvidia; - networkSocket = mkIf cfg.enableTcpSocket { + + autoPrune = { enable = true; - openFirewall = true; + dates = "weekly"; }; - dockerSocket.enable = true; - dockerCompat = true; - defaultNetwork.dnsname.enable = true; }; - # virtualisation.docker = { - # autoPrune = { - # enable = true; - # dates = "weekly"; - # }; + virtualisation.containers = { registries = { insecure = [ "docker02.bedum.horus.nu:5000" "yocto-build-server.bedum.horus.nu:5000" "containers.internal.horus.nu" ]; @@ -45,8 +39,20 @@ in }; }; - # virtualisation.oci-containers.backend = "podman"; - users.extraUsers.${config.eboskma.var.mainUser}.extraGroups = [ "docker" "podman" ]; + + # services.ghostunnel = mkIf cfg.enableTcpSocket { + # enable = true; + # servers."podman-socket" = { + # listen = "0.0.0.0:2376"; + # target = "unix:/run/podman/podman.sock"; + # allowAll = mkDefault true; + # extraArguments = '' + # --auto-acme-cert=mimir.internal.horus.nu + # --auto-acme-email=erwin@horus.nu + # --auto-acme-ca=https://mimir.internal.horus.nu + # ''; + # }; + # }; }; }