80 lines
2 KiB
Nix
80 lines
2 KiB
Nix
{ lib
|
|
, pkgs
|
|
, config
|
|
, ...
|
|
}:
|
|
with lib; let
|
|
cfg = config.eboskma.docker;
|
|
in
|
|
{
|
|
options.eboskma.docker = {
|
|
enable = mkEnableOption "docker";
|
|
enableNvidia = mkEnableOption "docker NVidia support";
|
|
# enableTcpSocket = mkEnableOption "docker TCP socket";
|
|
};
|
|
|
|
config = mkIf cfg.enable {
|
|
# environment.systemPackages = with pkgs; [ docker-compose ];
|
|
environment.systemPackages = [ pkgs.podman-compose pkgs.netavark ];
|
|
|
|
virtualisation.podman = {
|
|
enable = true;
|
|
enableNvidia = cfg.enableNvidia;
|
|
dockerCompat = true;
|
|
|
|
autoPrune = {
|
|
enable = true;
|
|
dates = "weekly";
|
|
};
|
|
|
|
# daemon.settings = {
|
|
# insecure-registries = config.virtualisation.containers.registries.insecure;
|
|
# features = {
|
|
# buildkit = true;
|
|
# };
|
|
# };
|
|
defaultNetwork.settings.dns_enable = true;
|
|
|
|
};
|
|
|
|
virtualisation.containers = {
|
|
registries = {
|
|
insecure = [ "containers.internal.horus.nu" ];
|
|
search = [
|
|
"docker.io"
|
|
"quay.io"
|
|
"containers.internal.horus.nu"
|
|
];
|
|
};
|
|
containersConf.settings = {
|
|
engine = {
|
|
helper_binaries_dir = [
|
|
"${pkgs.podman}/libexec/podman"
|
|
];
|
|
};
|
|
};
|
|
};
|
|
|
|
users.extraUsers.${config.eboskma.var.mainUser}.extraGroups = [ "docker" "podman" ];
|
|
|
|
# Make DNS work in containers
|
|
networking.firewall.interfaces."podman+" = {
|
|
allowedUDPPorts = [ 53 ];
|
|
allowedTCPPorts = [ 53 ];
|
|
};
|
|
|
|
# services.ghostunnel = mkIf cfg.enableTcpSocket {
|
|
# enable = true;
|
|
# servers."podman-socket" = {
|
|
# listen = "0.0.0.0:2376";
|
|
# target = "unix:/run/podman/podman.sock";
|
|
# allowAll = mkDefault true;
|
|
# extraArguments = ''
|
|
# --auto-acme-cert=mimir.internal.horus.nu
|
|
# --auto-acme-email=erwin@horus.nu
|
|
# --auto-acme-ca=https://mimir.internal.horus.nu
|
|
# '';
|
|
# };
|
|
# };
|
|
};
|
|
}
|