1
0
Fork 0
dotfiles/system/nixos/container.nix

50 lines
1.1 KiB
Nix
Raw Normal View History

2024-07-04 00:42:58 +02:00
{ config, ... }:
2022-07-30 19:49:04 +02:00
{
2022-08-05 00:40:11 +02:00
virtualisation = {
2023-03-16 20:16:06 +01:00
docker.enable = false;
podman = {
2022-08-05 00:40:11 +02:00
enable = true;
2023-03-17 00:08:43 +01:00
2023-03-16 20:34:49 +01:00
defaultNetwork.settings.dns_enabled = true;
2023-03-17 00:08:43 +01:00
2023-03-24 20:16:19 +01:00
dockerSocket.enable = false;
dockerCompat = false;
2023-03-17 00:08:43 +01:00
autoPrune = {
enable = true;
dates = "weekly";
2023-12-11 10:29:38 +01:00
flags = [ "--all" "--filter=label!=io.kempkens.keepImage" ];
2023-03-17 00:08:43 +01:00
};
2022-08-05 00:40:11 +02:00
};
2023-03-17 00:08:43 +01:00
oci-containers = {
backend = "podman";
};
2022-07-30 20:27:33 +02:00
};
2023-03-16 21:06:46 +01:00
2023-03-17 00:08:43 +01:00
networking.firewall.interfaces."podman+" = {
allowedUDPPorts = [ 53 443 ];
allowedTCPPorts = [ 53 443 5432 ];
2023-03-17 00:08:43 +01:00
};
2023-05-21 17:07:55 +02:00
# It looks like there is no way to activate the "built-in" service and timer ...
systemd.services.podman-auto-update-custom = {
2023-06-01 21:13:01 +02:00
description = "Run podman auto-update daily";
2023-05-21 17:07:55 +02:00
wants = [ "network-online.target" ];
after = [ "network-online.target" ];
2023-06-01 21:13:01 +02:00
startAt = "daily";
2023-05-21 17:07:55 +02:00
serviceConfig =
let
podman = config.virtualisation.podman.package;
in
{
Type = "oneshot";
ExecStart = "${podman}/bin/podman auto-update";
2023-12-11 10:29:38 +01:00
ExecStartPost = "${podman}/bin/podman image prune -f --filter=label!=io.kempkens.keepImage";
2023-05-21 17:07:55 +02:00
};
};
2022-07-30 19:49:04 +02:00
}