Nixos: Remove the containers system module

2024-10-13 13:00:09 +02:00
parent 7fecb6fce3
commit df5ab8e0c6
8 changed files with 94 additions and 236 deletions
--- a/lib/1_deprecated/virtualisation.nix
+++ b/lib/1_deprecated/virtualisation.nix
@ -0,0 +1,58 @@
+{
+  inputs,
+  pkgs,
+  lib,
+  ...
+}: rec {
+  mkOciContainer = {
+    image,
+    autoStart ? false,
+    id-ports ? [],
+    ports ? [],
+    vols ? [],
+    env ? {},
+    opts ? [],
+    extraConfig ? {},
+    netns ? "",
+    netdns ? "",
+  }: let
+    expanded-id-ports = map (port: "${toString port}:${toString port}") id-ports;
+    additional-opts =
+      []
+      ++ (lib.optionals (netns != "") [
+        "--network=ns:/var/run/netns/${netns}"
+      ])
+      ++ (lib.optionals (netdns != "") [
+        "--dns=${netdns}"
+      ]);
+  in
+    extraConfig
+    // {
+      image = image;
+      autoStart = autoStart;
+      ports = ports ++ expanded-id-ports;
+      volumes = vols;
+      environment =
+        env
+        // {
+          PUID = "1000";
+          PGID = "1000";
+          TZ = "Europe/Berlin";
+        };
+      extraOptions = opts ++ additional-opts;
+    };
+
+  # Filter all system service attributes that the user units don't have and add some required attributes
+  # Example: podman-stablediffusion = mkOciUserService config.systemd.services.podman-stablediffusion;
+  # NOTE: This doesn't work, since the cidfile is located in /run, which is not writable for regular users...
+  mkOciUserService = attrs:
+    (lib.attrsets.filterAttrs (n: v:
+      !((n == "confinement")
+        || (n == "runner")
+        || (n == "environment")))
+    attrs)
+    // {
+      startLimitIntervalSec = 1;
+      startLimitBurst = 5;
+    };
+}