nix/nixos/hosts/osaka-linode-01/podman/derp.nix

78 lines
2.3 KiB
Nix
Raw Normal View History

2024-03-13 03:48:40 +01:00
# Auto-generated using compose2nix v0.1.7.
{ pkgs, lib, ... }: {
services.cron = {
enable = true;
systemCronJobs = [
''0 0 * * * root rsync -avr root@framework-server:/Storage/Data/Docker/sysctl.io/letsencrypt/ /Storage/Data/Docker/sysctl.io/letsencrypt/''
];
};
# Containers
virtualisation.oci-containers.containers."headscale-derp" = {
2024-03-15 06:17:11 +01:00
image = "docker.io/fredliang/derper";
2024-03-13 03:48:40 +01:00
environment = {
DERP_ADDR = ":1443";
DERP_CERT_DIR = "/app/certs";
DERP_CERT_MODE = "manual";
DERP_DOMAIN = "sysctl.io";
DERP_STUN = "true";
2024-03-15 12:53:48 +01:00
DERP_VERIFY_CLIENTS = "true";
2024-03-13 03:48:40 +01:00
};
volumes = [
"/Storage/Data/Docker/sysctl.io/letsencrypt/external/certificates/certs/*.sysctl.io.crt:/app/certs/sysctl.io.crt:ro"
"/Storage/Data/Docker/sysctl.io/letsencrypt/external/certificates/private/*.sysctl.io.key:/app/certs/sysctl.io.key:ro"
];
ports = [
"3478:3478/udp"
"1443:1443/tcp"
];
log-driver = "journald";
extraOptions = [
"--network-alias=headscale-derp"
"--network=headscale-default"
];
};
systemd.services."podman-headscale-derp" = {
serviceConfig = {
Restart = lib.mkOverride 500 "always";
};
after = [
"podman-network-headscale-default.service"
];
requires = [
"podman-network-headscale-default.service"
];
partOf = [
"podman-compose-headscale-root.target"
];
wantedBy = [
"podman-compose-headscale-root.target"
];
};
# Networks
systemd.services."podman-network-headscale-default" = {
path = [ pkgs.podman ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStop = "${pkgs.podman}/bin/podman network rm -f headscale-default";
};
script = ''
podman network inspect headscale-default || podman network create headscale-default --opt isolate=true
'';
partOf = [ "podman-compose-headscale-root.target" ];
wantedBy = [ "podman-compose-headscale-root.target" ];
};
# Root service
# When started, this will automatically create all resources and start
# the containers. When stopped, this will teardown all resources.
systemd.targets."podman-compose-headscale-root" = {
unitConfig = {
Description = "Root target generated by compose2nix.";
};
wantedBy = [ "multi-user.target" ];
};
}