arion: Improvements to podman setup

2023-03-17 00:08:43 +01:00 · 2023-03-17 00:08:43 +01:00 · b949f5e9c7
commit b949f5e9c7
parent 32ac241aca
1 changed files with 37 additions and 9 deletions
--- a/system/nixos/arion.nix
+++ b/system/nixos/arion.nix
@ -10,23 +10,51 @@

    podman = {
      enable = true;
-      dockerSocket.enable = true;
+
      defaultNetwork.settings.dns_enabled = true;
+
+      dockerSocket.enable = true;
+      dockerCompat = true;
+
+      autoPrune = {
+        enable = true;
+        dates = "weekly";
+      };
    };

-    containers.containersConf.cniPlugins = with pkgs; [
-      cni-plugins
-      dnsname-cni
-    ];
+    # containers.containersConf.cniPlugins = with pkgs; [
+    #   cni-plugins
+    #   dnsname-cni
+    # ];

-    oci-containers.backend = "podman";
+    oci-containers = {
+      backend = "podman";
+
+      containers.watchtower = {
+        image = "ghcr.io/containrrr/watchtower:latest";
+        environment = {
+          WATCHTOWER_POLL_INTERVAL = "21600";
+          WATCHTOWER_LABEL_ENABLE = "true";
+          WATCHTOWER_NOTIFICATIONS = "shoutrrr";
+          WATCHTOWER_NOTIFICATIONS_HOSTNAME = config.networking.hostName;
+          WATCHTOWER_NOTIFICATION_URL = secret.watchtower.ntfyUrl;
+        };
+        volumes = [
+          "/var/run/docker.sock:/var/run/docker.sock"
+        ];
+        extraOptions = [
+          "--label=com.centurylinklabs.watchtower.enable=true"
+        ];
+      };
+    };

    arion = {
      backend = "podman-socket";
    };
  };

-  networking.firewall.interfaces."podman1".allowedUDPPorts = [ 53 ];
-  networking.firewall.interfaces."podman2".allowedUDPPorts = [ 53 ];
-  networking.firewall.interfaces."podman3".allowedUDPPorts = [ 53 ];
+  networking.firewall.interfaces."podman+" = {
+    allowedUDPPorts = [ 53 ];
+    allowedTCPPorts = [ 53 ];
+  };
 }