From e1651cba2a1b9c4be7f25344963e645b459cda23 Mon Sep 17 00:00:00 2001
From: soraefir <soraefir+git@helcel>
Date: Fri, 8 May 2026 23:57:19 +0200
Subject: [PATCH] traefik docker

---
 modules/server/containers/defs/traefik.nix | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/modules/server/containers/defs/traefik.nix b/modules/server/containers/defs/traefik.nix
index e56fe61..970f555 100644
--- a/modules/server/containers/defs/traefik.nix
+++ b/modules/server/containers/defs/traefik.nix
@@ -28,6 +28,7 @@ in {
         "traefik.http.middlewares.authentik.forwardauth.trustForwardHeader" = "true";
         "traefik.http.middlewares.authentik.forwardauth.authResponseHeaders" = "X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid,X-authentik-jwt,X-authentik-meta-jwks,X-authentik-meta-outpost,X-authentik-meta-provider,X-authentik-meta-app,X-authentik-meta-version";
       };
+      extraOptions = [ "--user=:994" ]; #PODMAN GROUP FOR SOCKET ACCESS
       overrides = {
         cmd = [ 
           "--api"
@@ -54,8 +55,10 @@ in {
           "--entrypoints.web-secure.http.tls.domains[0].sans=${serverCfg.hostDomain}"
         ];
         ports = [ "443:443" "80:80" ];
-        volumes = [ 
-          "/var/run/docker.sock:/var/run/docker.sock:ro"
+      overrides = {
+        cmd = [ "worker" ];
+        volumes = [
+          "/var/run/podman/podman.sock:/var/run/docker.sock" #PODMAN GROUP FOR SOCKET ACCESS
           # "${serverCfg.configPath}/traefik/traefik.yaml:/etc/traefik/traefik.yaml"
           # "${serverCfg.configPath}/traefik/access.log:/etc/traefik/access.log"
           # "${serverCfg.configPath}/traefik/acme.json:/acme.json"