46 lines
856 B
Nix
46 lines
856 B
Nix
{
|
|
mylib,
|
|
config,
|
|
lib,
|
|
pkgs,
|
|
...
|
|
}: let
|
|
TEMPLATEVersion = "";
|
|
in {
|
|
# If we need to pass secrets to containers we can't use plain env variables.
|
|
sops.templates."TEMPLATE_secrets.env".content = ''
|
|
SECRET=${config.sops.placeholder.SECRET}
|
|
'';
|
|
|
|
virtualisation.oci-containers.containers = {
|
|
TEMPLATE = {
|
|
image = "TEMPLATE:${TEMPLATEVersion}";
|
|
autoStart = true;
|
|
|
|
login = mylib.containers.mkDockerLogin config;
|
|
|
|
dependsOn = [];
|
|
|
|
ports = [];
|
|
|
|
volumes = [];
|
|
|
|
environment = {
|
|
PUID = "1000";
|
|
PGID = "1000";
|
|
TZ = "Europe/Berlin";
|
|
};
|
|
|
|
environmentFiles = [
|
|
config.sops.templates."TEMPLATE_secrets.env".path
|
|
];
|
|
|
|
extraOptions = [
|
|
# "--privileged"
|
|
# "--device=nvidia.com/gpu=all"
|
|
"--net=behind-nginx"
|
|
];
|
|
};
|
|
};
|
|
}
|