49 lines
875 B
Nix
49 lines
875 B
Nix
{
|
|
pkgs,
|
|
lib,
|
|
config,
|
|
...
|
|
}:
|
|
|
|
with lib;
|
|
|
|
let
|
|
cfg = config.modules.podman;
|
|
in
|
|
{
|
|
options.modules.podman = {
|
|
enable = mkOption {
|
|
default = false;
|
|
example = true;
|
|
description = mdDoc "Enable podman on this host";
|
|
};
|
|
};
|
|
|
|
config = mkIf cfg.enable {
|
|
virtualisation = {
|
|
podman = {
|
|
enable = true;
|
|
defaultNetwork.settings.dns_enabled = true;
|
|
autoPrune = {
|
|
enable = true;
|
|
dates = "weekly";
|
|
flags = [ "--all" ];
|
|
};
|
|
extraPackages = [ pkgs.zfs ];
|
|
};
|
|
|
|
containers.storage.settings.storage = {
|
|
driver = "zfs";
|
|
graphroot = "/var/lib/containers/storage";
|
|
runroot = "/run/containers/storage";
|
|
};
|
|
|
|
};
|
|
|
|
networking.firewall.interfaces."podman+" = {
|
|
allowedUDPPorts = [ 53 ];
|
|
allowedTCPPorts = [ 53 ];
|
|
};
|
|
};
|
|
}
|