Move podman to module

hosts/library/default.nix

@@ -21,10 +21,6 @@ with lib.my;
       allowedTCPPorts = [
         22  # SSH
       ];
-      interfaces."podman+" = {
-        allowedUDPPorts = [ 53 ];
-        allowedTCPPorts = [ 53 ];
-      };
     };
     networkmanager.enable = true;
   };
@@ -153,6 +149,7 @@ with lib.my;
   services.jellyfin.enable = true;
 
   modules = {
+    podman.enable = true;
     security = {
       gpg.enable = true;
     };

modules/default.nix

@@ -1,6 +1,7 @@
 {
   imports = [
     ./options.nix
+    ./podman.nix
     ./desktop/gnome.nix
     ./desktop/hyprland.nix
     ./desktop/kde.nix

modules/podman.nix

@@ -0,0 +1,45 @@
+{ pkgs, lib, config, ... }:
+
+with lib;
+
+let
+  cfg = config.modules.podman;
+in {
+  options.modules.podman = {
+    enable = mkOption {
+      default = false;
+      example = true;
+      description = mdDoc "Enable podman on this host";
+    };
+  };
+
+  config = mkIf cfg.enable {
+    virtualisation = {
+      docker.enable = false;
+
+      podman = {
+        enable = true;
+        defaultNetwork.settings.dns_enabled = true;
+        autoPrune = {
+          enable = true;
+          dates = "weekly";
+          flags = [ "--all" ];
+        };
+        extraPackages = [ pkgs.zfs ];
+      };
+
+      containers.storage.settings.storage = {
+        driver = "zfs";
+        graphroot = "/var/lib/containers/storage";
+        runroot = "/run/containers/storage";
+      };
+
+      oci-containers.backend = "podman";
+    };
+
+    networking.firewall.interfaces."podman+" = {
+      allowedUDPPorts = [ 53 ];
+      allowedTCPPorts = [ 53 ];
+    };
+  };
+}