wip podman on h001

2025-04-29 17:15:19 -05:00 · 2025-04-29 17:15:19 -05:00 · b0ca7ab8d7
commit b0ca7ab8d7
parent d5ce9cd3eb
6 changed files with 186 additions and 42 deletions
--- a/common/programs/default.nix
+++ b/common/programs/default.nix
@ -1,4 +1,8 @@
-{ ... }:
+{ config, lib, ... }:
+let
+  ccfg = import ../config.nix;
+  cfg = config.${ccfg.custom_config_key}.programs;
+in
 {
  imports = [
    ./qFlipper.nix
@ -7,6 +11,31 @@
    ./tailnet.nix
    ./ssh.nix
    ./docker.nix
+    ./podman.nix
    ./incus.nix
  ];
+  config = {
+    assertions = [
+      (
+        let
+          enabledVirtualizers = lib.filter (x: x.enabled) [
+            {
+              name = "docker";
+              enabled = cfg.docker.enable;
+            }
+            {
+              name = "podman";
+              enabled = cfg.podman.enable;
+            }
+          ];
+        in
+        {
+          assertion = lib.length enabledVirtualizers <= 1;
+          message =
+            "Only one virtualizer can be enabled at a time. Enabled: "
+            + lib.concatStringsSep ", " (map (x: x.name) enabledVirtualizers);
+        }
+      )
+    ];
+  };
 }
--- a/common/programs/podman.nix
+++ b/common/programs/podman.nix
@ -0,0 +1,32 @@
+{
+  config,
+  lib,
+  ...
+}:
+let
+  ccfg = import ../config.nix;
+  cfg_path = [
+    ccfg.custom_config_key
+    "programs"
+    "podman"
+  ];
+  cfg = lib.attrsets.getAttrFromPath cfg_path config;
+  users_cfg = config.${ccfg.custom_config_key}.users;
+in
+{
+  options =
+    { }
+    // lib.attrsets.setAttrByPath cfg_path {
+      enable = lib.mkEnableOption "podman";
+    };
+
+  config = lib.mkIf cfg.enable {
+    virtualisation.podman = {
+      enable = true;
+      dockerSocket.enable = true;
+      autoPrune.enable = true;
+    };
+    # TODO add admins?
+    users.extraGroups.podman.members = lib.mkIf (users_cfg.primary != null) [ users_cfg.primary ];
+  };
+}