From 3ebbe5d7d4d20f64d4e18e93d261d821e3f67a02 Mon Sep 17 00:00:00 2001 From: Dominik Polakovics Date: Fri, 1 Dec 2023 10:56:35 +0100 Subject: [PATCH] change podman config --- hosts/fw.cloonar.com/configuration.nix | 1 + hosts/fw.cloonar.com/modules/drone/runner.nix | 8 ---- hosts/fw.cloonar.com/modules/drone/server.nix | 8 ---- hosts/fw.cloonar.com/modules/omada.nix | 15 ------ hosts/fw.cloonar.com/modules/podman.nix | 47 +++++++++++++++++++ 5 files changed, 48 insertions(+), 31 deletions(-) create mode 100644 hosts/fw.cloonar.com/modules/podman.nix diff --git a/hosts/fw.cloonar.com/configuration.nix b/hosts/fw.cloonar.com/configuration.nix index d1357ca..deeba8e 100644 --- a/hosts/fw.cloonar.com/configuration.nix +++ b/hosts/fw.cloonar.com/configuration.nix @@ -19,6 +19,7 @@ ./modules/avahi.nix ./modules/openconnect.nix ./modules/wireguard.nix + ./modules/podman.nix ./modules/omada.nix # git diff --git a/hosts/fw.cloonar.com/modules/drone/runner.nix b/hosts/fw.cloonar.com/modules/drone/runner.nix index 8211a36..d0d97d2 100644 --- a/hosts/fw.cloonar.com/modules/drone/runner.nix +++ b/hosts/fw.cloonar.com/modules/drone/runner.nix @@ -1,14 +1,6 @@ { config, pkgs, ... }: { - virtualisation = { - podman = { - enable = true; - dockerCompat = true; - defaultNetwork.settings.dns_enabled = true; - }; - }; - users.users.drone-runner = { isSystemUser = true; group = "drone-runner"; diff --git a/hosts/fw.cloonar.com/modules/drone/server.nix b/hosts/fw.cloonar.com/modules/drone/server.nix index 4982ce3..b5b4eaa 100644 --- a/hosts/fw.cloonar.com/modules/drone/server.nix +++ b/hosts/fw.cloonar.com/modules/drone/server.nix @@ -1,14 +1,6 @@ { config, pkgs, ... }: { - virtualisation = { - podman = { - enable = true; - dockerCompat = true; - defaultNetwork.settings.dns_enabled = true; - }; - }; - users.users.drone-server = { isSystemUser = true; group = "drone-server"; diff --git a/hosts/fw.cloonar.com/modules/omada.nix b/hosts/fw.cloonar.com/modules/omada.nix index cdd105f..4fd6173 100644 --- a/hosts/fw.cloonar.com/modules/omada.nix +++ b/hosts/fw.cloonar.com/modules/omada.nix @@ -1,5 +1,4 @@ { config, pkgs, ... }: - { users.users.omada = { isSystemUser = true; @@ -10,20 +9,6 @@ users.groups.omada = { }; users.groups.docker.members = [ "omada" ]; - virtualisation.podman.defaultNetwork.settings = { - cniVersion = "0.4.0"; - name = "newnet"; - plugins = [ - { - type = "macvlan"; - master = "server"; - pam = { - type = "dhcp"; - }; - } - ]; - }; - # TODO: check if we can run docker service as other user than root virtualisation = { oci-containers.containers = { diff --git a/hosts/fw.cloonar.com/modules/podman.nix b/hosts/fw.cloonar.com/modules/podman.nix new file mode 100644 index 0000000..6318973 --- /dev/null +++ b/hosts/fw.cloonar.com/modules/podman.nix @@ -0,0 +1,47 @@ +{ pkgs, ... }: { + virtualisation = { + podman = { + enable = true; + dockerCompat = true; + defaultNetwork.settings = { + cniVersion = "0.4.0"; + name = "newnet"; + plugins = [ + { + type = "macvlan"; + master = "server"; + pam = { + type = "dhcp"; + }; + } + ]; + }; + }; + }; + + + systemd.sockets."io.podman.dhcp" = { + description = "DHCP Client for CNI"; + socketConfig = { + ListenStreams = "%t/cni/dhcp.sock"; + SocketMode = 0600; + }; + wantedBy = "sockets.target"; + }; + + systemd.services."io.podman.dhcp" = { + description = "DHCP Client CNI Service"; + after = [ "io.podman.dhcp.socket" ]; + requires = [ "io.podman.dhcp.socket" ]; + wantedBy = [ "multi-user.target" ]; + also = "io.podman.dhcp.socket"; + path = [ pkgs.cni-plugins ]; + + serviceConfig = { + Type = "simple"; + ExecStart= "${pkgs.cni-plugins}/bin/dhcp daemon"; + TimeoutStopSec = 30; + KillMode = "process"; + }; + }; +}