daniel/dotfiles
1
0
Fork 0
Code Activity Actions

arion: Improvements to podman setup

Browse source
This commit is contained in:
Daniel Kempkens 2023-03-17 00:08:43 +01:00
parent 32ac241aca
commit b949f5e9c7
Signed by: daniel
SSH key fingerprint: SHA256:Ks/MyhQYcPRQiwMKLAKquWCdCPe3JXlb1WttgnAoSeM
1 changed files with 37 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

46
system/nixos/arion.nix
View file

@ -10,23 +10,51 @@
podman = { podman = {
enable = true; enable = true;
dockerSocket.enable = true;
defaultNetwork.settings.dns_enabled = true; defaultNetwork.settings.dns_enabled = true;
dockerSocket.enable = true;
dockerCompat = true;
autoPrune = {
enable = true;
dates = "weekly";
};
}; };
containers.containersConf.cniPlugins = with pkgs; [ # containers.containersConf.cniPlugins = with pkgs; [
cni-plugins # cni-plugins
dnsname-cni # dnsname-cni
]; # ];
oci-containers.backend = "podman"; oci-containers = {
backend = "podman";
containers.watchtower = {
image = "ghcr.io/containrrr/watchtower:latest";
environment = {
WATCHTOWER_POLL_INTERVAL = "21600";
WATCHTOWER_LABEL_ENABLE = "true";
WATCHTOWER_NOTIFICATIONS = "shoutrrr";
WATCHTOWER_NOTIFICATIONS_HOSTNAME = config.networking.hostName;
WATCHTOWER_NOTIFICATION_URL = secret.watchtower.ntfyUrl;
};
volumes = [
"/var/run/docker.sock:/var/run/docker.sock"
];
extraOptions = [
"--label=com.centurylinklabs.watchtower.enable=true"
];
};
};
arion = { arion = {
backend = "podman-socket"; backend = "podman-socket";
}; };
}; };
networking.firewall.interfaces."podman1".allowedUDPPorts = [ 53 ]; networking.firewall.interfaces."podman+" = {
networking.firewall.interfaces."podman2".allowedUDPPorts = [ 53 ]; allowedUDPPorts = [ 53 ];
networking.firewall.interfaces."podman3".allowedUDPPorts = [ 53 ]; allowedTCPPorts = [ 53 ];
};
} }