ookflix: segment modules

2024-12-04 13:19:54 +11:00 · 2024-12-04 13:19:54 +11:00 · bee284691a
commit bee284691a
parent 4edb21607c
21 changed files with 314 additions and 100 deletions
--- a/modules/nixos/server/services/ookflix/podman.nix
+++ b/modules/nixos/server/services/ookflix/podman.nix
@ -0,0 +1,35 @@
+{
+  lib,
+  config,
+  ...
+}: let
+  inherit (lib) mkIf;
+  inherit (config.ooknet.host) admin;
+  inherit (config.ooknet.server) ookflix;
+in {
+  config = mkIf ookflix.enable {
+    # add admin to podman group
+    users.groups.podman.members = [admin.name];
+    virtualisation = {
+      # explicitly set this even though its the default value
+      # this enables the module below
+      oci-containers.backend = "podman";
+      podman = {
+        # periodically prunes podman resources
+        # defaults to --all, weekly
+        autoPrune.enable = true;
+
+        # aliases docker command to podman
+        dockerCompat = true;
+
+        # makes the podman sockaet available in place of docker socket
+        dockerSocket.enable = true;
+        # settings for containers/networks/podman.json
+        defaultNetwork.settings = {
+          # allows udp port 53 on podmans network interface: podman+
+          dns_enabled = true;
+        };
+      };
+    };
+  };
+}