89 lines
2.6 KiB
Nix
89 lines
2.6 KiB
Nix
|
# Auto-generated using compose2nix v0.1.7.
|
||
|
{ pkgs, lib, ... }: {
|
||
|
services.cron = {
|
||
|
enable = true;
|
||
|
systemCronJobs = [
|
||
|
''0 0 * * * root rsync -avr root@framework-server:/Storage/Data/Docker/sysctl.io/letsencrypt/ /Storage/Data/Docker/sysctl.io/letsencrypt/''
|
||
|
];
|
||
|
};
|
||
|
|
||
|
# Runtime
|
||
|
virtualisation.podman = {
|
||
|
enable = true;
|
||
|
autoPrune.enable = true;
|
||
|
dockerCompat = true;
|
||
|
defaultNetwork.settings = {
|
||
|
# Required for container networking to be able to use names.
|
||
|
dns_enabled = true;
|
||
|
};
|
||
|
};
|
||
|
virtualisation.oci-containers.backend = "podman";
|
||
|
|
||
|
# Containers
|
||
|
virtualisation.oci-containers.containers."headscale-derp" = {
|
||
|
image = "fredliang/derper";
|
||
|
environment = {
|
||
|
DERP_ADDR = ":1443";
|
||
|
DERP_CERT_DIR = "/app/certs";
|
||
|
DERP_CERT_MODE = "manual";
|
||
|
DERP_DOMAIN = "sysctl.io";
|
||
|
DERP_STUN = "true";
|
||
|
};
|
||
|
volumes = [
|
||
|
"/Storage/Data/Docker/sysctl.io/letsencrypt/external/certificates/certs/*.sysctl.io.crt:/app/certs/sysctl.io.crt:ro"
|
||
|
"/Storage/Data/Docker/sysctl.io/letsencrypt/external/certificates/private/*.sysctl.io.key:/app/certs/sysctl.io.key:ro"
|
||
|
];
|
||
|
ports = [
|
||
|
"3478:3478/udp"
|
||
|
"1443:1443/tcp"
|
||
|
];
|
||
|
log-driver = "journald";
|
||
|
extraOptions = [
|
||
|
"--network-alias=headscale-derp"
|
||
|
"--network=headscale-default"
|
||
|
];
|
||
|
};
|
||
|
systemd.services."podman-headscale-derp" = {
|
||
|
serviceConfig = {
|
||
|
Restart = lib.mkOverride 500 "always";
|
||
|
};
|
||
|
after = [
|
||
|
"podman-network-headscale-default.service"
|
||
|
];
|
||
|
requires = [
|
||
|
"podman-network-headscale-default.service"
|
||
|
];
|
||
|
partOf = [
|
||
|
"podman-compose-headscale-root.target"
|
||
|
];
|
||
|
wantedBy = [
|
||
|
"podman-compose-headscale-root.target"
|
||
|
];
|
||
|
};
|
||
|
|
||
|
# Networks
|
||
|
systemd.services."podman-network-headscale-default" = {
|
||
|
path = [ pkgs.podman ];
|
||
|
serviceConfig = {
|
||
|
Type = "oneshot";
|
||
|
RemainAfterExit = true;
|
||
|
ExecStop = "${pkgs.podman}/bin/podman network rm -f headscale-default";
|
||
|
};
|
||
|
script = ''
|
||
|
podman network inspect headscale-default || podman network create headscale-default --opt isolate=true
|
||
|
'';
|
||
|
partOf = [ "podman-compose-headscale-root.target" ];
|
||
|
wantedBy = [ "podman-compose-headscale-root.target" ];
|
||
|
};
|
||
|
|
||
|
# Root service
|
||
|
# When started, this will automatically create all resources and start
|
||
|
# the containers. When stopped, this will teardown all resources.
|
||
|
systemd.targets."podman-compose-headscale-root" = {
|
||
|
unitConfig = {
|
||
|
Description = "Root target generated by compose2nix.";
|
||
|
};
|
||
|
wantedBy = [ "multi-user.target" ];
|
||
|
};
|
||
|
}
|