diff --git a/machines/mayushii/configuration.nix b/machines/mayushii/configuration.nix index c7e1273..a846ebf 100644 --- a/machines/mayushii/configuration.nix +++ b/machines/mayushii/configuration.nix @@ -19,6 +19,7 @@ gui.enable = true; media-proxy.enable = true; mullvad.enable = true; + podman.enable = true; restic.system = { enable = true; qos = true; diff --git a/modules/default.nix b/modules/default.nix index 3ffe4bf..b6ee512 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -33,7 +33,6 @@ ./ausweisapp.nix ./authoritative-dns.nix ./cups.nix - ./docker.nix ./fancontrol.nix ./flatpak.nix ./fonts.nix @@ -55,6 +54,7 @@ ./nix.nix ./office.nix ./pipewire.nix + ./podman.nix ./prometheus/node_exporter.nix ./pubkeys.nix ./qbittorrent diff --git a/modules/docker.nix b/modules/docker.nix deleted file mode 100644 index 179428b..0000000 --- a/modules/docker.nix +++ /dev/null @@ -1,47 +0,0 @@ -# SPDX-FileCopyrightText: 2020-2021 Simon Bruder -# -# SPDX-License-Identifier: AGPL-3.0-or-later - -{ config, lib, pkgs, ... }: - -{ - # This uses a custom option (instead of `virtualisation.docker.enable`) since - # `virtualisation.oci-containers` conditionally sets - # `virtualisation.docker.enable` and therefore causes an infinite recursion. - options.sbruder.docker.enable = lib.mkEnableOption "docker with ipv6nat"; - - config = lib.mkIf config.sbruder.docker.enable { - environment.systemPackages = with pkgs; [ - docker-compose - docker-credential-helpers - docker-ls - ]; - - virtualisation = { - docker = { - enable = true; - logDriver = "journald"; - extraOptions = lib.concatStringsSep " " [ - "--ipv6" - "--fixed-cidr-v6=fd00:d0ce:d0ce:d0ce::/64" - ]; - }; - - oci-containers.containers.ipv6nat = { - image = "robbertkl/ipv6nat"; - volumes = [ - "/var/run/docker.sock:/var/run/docker.sock:ro" - ]; - extraOptions = [ - "--network=host" - "--cap-drop=ALL" - "--cap-add=NET_ADMIN" - "--cap-add=NET_RAW" - "--cap-add=SYS_MODULE" - ]; - }; - }; - - environment.etc."modules-load.d/ipv6nat.conf".text = "ip6_tables\n"; - }; -} diff --git a/modules/podman.nix b/modules/podman.nix new file mode 100644 index 0000000..70b2e9c --- /dev/null +++ b/modules/podman.nix @@ -0,0 +1,29 @@ +# SPDX-FileCopyrightText: 2020-2024 Simon Bruder +# +# SPDX-License-Identifier: AGPL-3.0-or-later + +{ config, lib, pkgs, ... }: + +{ + options.sbruder.podman.enable = lib.mkEnableOption "podman"; + + config = lib.mkIf config.sbruder.podman.enable { + boot.enableContainers = false; # FIXME: this only needs to be set for some stateVersions + + environment.systemPackages = with pkgs; [ + buildah + podman-compose + skopeo + ]; + + virtualisation = { + podman = { + enable = true; + dockerSocket.enable = true; + defaultNetwork.settings = { + ipv6_enabled = true; + }; + }; + }; + }; +} diff --git a/modules/restic/system.nix b/modules/restic/system.nix index 6acf82d..d69cc3c 100644 --- a/modules/restic/system.nix +++ b/modules/restic/system.nix @@ -1,4 +1,4 @@ -# SPDX-FileCopyrightText: 2020-2023 Simon Bruder +# SPDX-FileCopyrightText: 2020-2024 Simon Bruder # # SPDX-License-Identifier: AGPL-3.0-or-later @@ -28,6 +28,8 @@ let "/home/*/mounts" # Docker (state should be kept somewhere else) + "/home/*/.local/share/containers" # podman + "/var/lib/containers/" "/var/lib/docker/" # Static configuration (generated from this repository)