video9

2024-09-23 14:30:14 +02:00
parent b2c3dba781
commit 78a720e1a3
14 changed files with 269 additions and 7 deletions
--- a/hosts/common/extraServices/extraServices/default.nix
+++ b/hosts/common/extraServices/extraServices/default.nix
@ -0,0 +1,5 @@
+{
+  imports = [
+    ./podman.nix
+  ];
+}
--- a/hosts/common/extraServices/extraServices/extraServices/extraServices/podman.nix
+++ b/hosts/common/extraServices/extraServices/extraServices/extraServices/podman.nix
@ -0,0 +1,32 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+with lib; let
+  cfg = config.extraServices.podman;
+in {
+  options.extraServices.podman.enable = mkEnableOption "enable podman";
+
+  config = mkIf cfg.enable {
+    virtualisation = {
+      podman = {
+        enable = true;
+        dockerCompat = true;
+        autoPrune = {
+          enable = true;
+          dates = "weekly";
+          flags = [
+            "--filter=until=24h"
+            "--filter=label!=important"
+          ];
+        };
+        defaultNetwork.settings.dns_enabled = true;
+      };
+    };
+    environment.systemPackages = with pkgs; [
+      podman-compose
+    ];
+  };
+}
--- a/hosts/common/extraServices/extraServices/extraServices/podman.nix
+++ b/hosts/common/extraServices/extraServices/extraServices/podman.nix
@ -0,0 +1,32 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+with lib; let
+  cfg = config.extraServices.podman;
+in {
+  options.extraServices.podman.enable = mkEnableOption "enable podman";
+
+  config = mkIf cfg.enable {
+    virtualisation = {
+      podman = {
+        enable = true;
+        dockerCompat = true;
+        autoPrune = {
+          enable = true;
+          dates = "weekly";
+          flags = [
+            "--filter=until=24h"
+            "--filter=label!=important"
+          ];
+        };
+        defaultNetwork.settings.dns_enabled = true;
+      };
+    };
+    environment.systemPackages = with pkgs; [
+      podman-compose
+    ];
+  };
+}
--- a/hosts/common/extraServices/extraServices/podman.nix
+++ b/hosts/common/extraServices/extraServices/podman.nix
@ -0,0 +1,32 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+with lib; let
+  cfg = config.extraServices.podman;
+in {
+  options.extraServices.podman.enable = mkEnableOption "enable podman";
+
+  config = mkIf cfg.enable {
+    virtualisation = {
+      podman = {
+        enable = true;
+        dockerCompat = true;
+        autoPrune = {
+          enable = true;
+          dates = "weekly";
+          flags = [
+            "--filter=until=24h"
+            "--filter=label!=important"
+          ];
+        };
+        defaultNetwork.settings.dns_enabled = true;
+      };
+    };
+    environment.systemPackages = with pkgs; [
+      podman-compose
+    ];
+  };
+}
--- a/hosts/m3-kratos/default.nix
+++ b/hosts/m3-kratos/default.nix
@ -36,6 +36,7 @@
  imports = [
    ../common
    ./configuration.nix
+    ./secrets.nix
    ./services
  ];

--- a/hosts/m3-kratos/secrets.nix
+++ b/hosts/m3-kratos/secrets.nix
@ -0,0 +1,13 @@
+{
+  age = {
+    secrets = {
+      secret1 = {
+        file = ../../secrets/secret1.age;
+      };
+      m3tam3re-secrets = {
+        file = ../../secrets/m3tam3re-secrets.age;
+        owner = "m3tam3re";
+      };
+    };
+  };
+}
--- a/hosts/m3-kratos/services/containers/default.nix
+++ b/hosts/m3-kratos/services/containers/default.nix
@ -1,5 +1,6 @@
 {
  imports = [
    ./echo.nix
+    ./nginx.nix
  ];
 }
--- a/hosts/m3-kratos/services/containers/nginx.nix
+++ b/hosts/m3-kratos/services/containers/nginx.nix
@ -0,0 +1,8 @@
+{config, ...}: {
+  virtualisation.oci-containers.containers."nginx" = {
+    image = "docker.io/nginx:alpine";
+    environmentFiles = [
+      config.age.secrets.secret1.path
+    ];
+  };
+}