New server docker

2026-05-04 23:04:48 +02:00
parent 1566aca2b8
commit 662424f1d1
10 changed files with 45 additions and 21 deletions
--- a/modules/nixos/system/hw/virt/default.nix
+++ b/modules/nixos/system/hw/virt/default.nix
@@ -11,9 +11,10 @@
        dockerSocket.enable = true;
        dockerCompat = true;
        defaultNetwork.settings = {
-          dnsname.enable = true;
-          internal = true;
-          name = "internal";
+          #dnsname.enable = true;
+          dns_enabled = true;
+          #internal = true;
+          #name = "internal";
        };
      };
    };
--- a/modules/server/arion/default.nix
+++ b/modules/server/arion/default.nix
@@ -1,13 +0,0 @@
-{ config, pkgs, lib, ... }:{
-  config = lib.mkIf (config.syscfg.server.arion) {
-    environment.systemPackages = with pkgs; [ arion ];
-    virtualisation.arion = {
-      backend = "podman-socket";
-      projects = {
-        cloud.settings = import ../docker/cloud.nix { inherit config pkgs lib; };
-        authentik.settings =
-          import ../docker/authentik.nix { inherit config pkgs lib; };
-      };
-    };
-  };
-}
--- a/modules/server/containers/default.nix
+++ b/modules/server/containers/default.nix
@@ -0,0 +1,27 @@
+{ config, pkgs, lib, ... }:
+let
+  # enabledContainers = lib.filterAttrs (name: cfg: cfg.enable) config.syscfg.server.containers;
+  # containerImports = {
+  #   cloud = import ./defs/cloud.nix;
+  #   authentik = import ./defs/authentik.nix;
+  # };
+  containerDir = ./defs;
+  allFiles = builtins.readDir containerDir;
+  enabledNames = lib.filterAttrs (name: cfg: cfg.enable) config.syscfg.server.containers;
+  activeContainers = lib.mapAttrs (name: cfg: 
+    let 
+      fileName = "${name}.nix";
+    in
+    if builtins.hasAttr fileName allFiles 
+    then import (containerDir + "/${fileName}")
+    else throw "Container config for '${name}' enabled, but ${containerDir}/${fileName} does not exist!"
+  ) enabledNames;
+in
+{
+  config = lib.mkIf ( enabledNames != {} ) {
+    virtualisation.oci-containers = {
+      backend = "podman";
+      containers = activeContainers;
+    };
+  };
+}
--- a/modules/server/containers/defs/authentik.nix
+++ b/modules/server/containers/defs/authentik.nix
--- a/modules/server/containers/defs/cloud.nix
+++ b/modules/server/containers/defs/cloud.nix
--- a/modules/server/containers/defs/sample.nix
+++ b/modules/server/containers/defs/sample.nix
--- a/modules/server/containers/defs/traefik.nix
+++ b/modules/server/containers/defs/traefik.nix
--- a/modules/server/default.nix
+++ b/modules/server/default.nix
@@ -1,3 +1,3 @@
 { config, pkgs, lib, ... }:{
-  imports = [ ./sops ./nftables ./openssh ./arion ];
+  imports = [ ./sops ./nftables ./openssh ./containers ];
 }
--- a/modules/shared/syscfg/default.nix
+++ b/modules/shared/syscfg/default.nix
@@ -102,9 +102,15 @@ let
      type = types.str;
      default = "/media/data";
    };
-    arion = mkOption {
-      type = types.bool;
-      default = false;
+    containers  = lib.mkOption {
+      type = lib.types.attrsOf (lib.types.submodule {
+        options = {
+          enable = {type = types.bool;default = false;};
+          port = lib.mkOption { type = lib.types.port; };
+          special_param = lib.mkOption { type = lib.types.str; default = ""; };
+        };
+      });
+      default = {};
    };
    sops = mkOption {
      type = types.bool;
--- a/systems/sandbox/cfg.nix
+++ b/systems/sandbox/cfg.nix
@@ -29,7 +29,10 @@

      dbHost = "localhost";
      
-      arion = true;
+      containers = {
+        cloud.enable = true;
+        authentik.enable = true;
+      };
    };
  };
 }