# Started from https://nixos.wiki/wiki/Podman { config, pkgs, ... }: { # Additional configuration imports = [ # Docker containers ./containers/dm-companion.nix ./containers/freshrss.nix ./containers/gitea.nix ./containers/grafana.nix ./containers/jobhunt.nix ./containers/mariadb.nix ./containers/media-system.nix ./containers/nextcloud.nix ./containers/offen.nix ./containers/pocket-id.nix ./containers/prometheus.nix ./containers/public-homepage.nix ./containers/searxng.nix ./containers/shared-postgres.nix ./containers/synapse.nix ./containers/timetagger.nix ./containers/traefik.nix ./containers/users.nix # NixOS Containers ./static-site-hooks.nix ]; # Enable common container config files in /etc/containers virtualisation.containers.enable = true; virtualisation = { podman = { enable = true; # Create a `docker` alias for podman, to use it as a drop-in replacement dockerCompat = true; # Required for containers under podman-compose to be able to talk to each other. defaultNetwork.settings.dns_enabled = true; extraPackages = [ pkgs.zfs ]; }; }; # Useful other development tools environment.systemPackages = with pkgs; [ dive # look into docker image layers podman-tui # status of containers in the terminal docker-compose # start group of containers for dev #podman-compose # start group of containers for dev ]; virtualisation.oci-containers.backend = "podman"; virtualisation.oci-containers.containers = let inherit (import ./containers/lib.nix config) hostRuleHavenisms localHostRuleHavenisms havenisms ; in { homepage = { image = "ghcr.io/gethomepage/homepage:latest"; autoStart = true; extraOptions = [ "-l=traefik.enable=true" "-l=traefik.http.routers.homepage.rule=${localHostRuleHavenisms "start"}" "-l=traefik.http.services.homepage.loadbalancer.server.port=3000" ]; volumes = [ "/tank/config/homepage:/app/config" "/tank/secrets/deluge.pass:/app/config/secrets/deluge.pass" "/tank/secrets/jellyfin.key:/app/config/secrets/jellyfin.key" "/tank/secrets/radarr.key:/app/config/secrets/radarr.key" "/tank/secrets/sonarr.key:/app/config/secrets/sonarr.key" "/var/run/podman/podman.sock:/var/run/docker.sock:ro" ]; environment = { HOMEPAGE_FILE_JELLYFIN_KEY = "/app/config/secrets/jellyfin.key"; HOMEPAGE_FILE_RADARR_KEY = "/app/config/secrets/radarr.key"; HOMEPAGE_FILE_SONARR_KEY = "/app/config/secrets/sonarr.key"; HOMEPAGE_FILE_READARR_KEY = "/app/config/secrets/readarr.key"; HOMEPAGE_FILE_DELUGE_PASSWORD = "/app/config/secrets/deluge.pass"; }; }; scrutiny = { image = "ghcr.io/analogj/scrutiny:master-omnibus"; autoStart = true; extraOptions = [ "-l=traefik.enable=true" "-l=traefik.http.routers.scrutiny.rule=${localHostRuleHavenisms "scrutiny"}" "-l=traefik.http.services.scrutiny.loadbalancer.server.port=8080" "-l=homepage.group=Infra" "-l=homepage.name=Scrutiny" "-l=homepage.icon=scrutiny-light.png" "-l=homepage.href=https://scrutiny.${havenisms}" "-l=homepage.description=S.M.A.R.T. monitoring" "-l=homepage.widget.type=scrutiny" "-l=homepage.widget.url=http://scrutiny:8080" "--cap-add=SYS_RAWIO" "--device=/dev/sda:/dev/sda" "--device=/dev/sdb:/dev/sdb" "--device=/dev/sdc:/dev/sdc" "--device=/dev/sdd:/dev/sdd" ]; volumes = [ "/run/udev:/run/udev:ro" "/tank/config/scrutiny/config:/opt/scrutiny/config" "/tank/config/scrutiny/influxdb:/opt/scrutiny/influxdb" ]; }; valkey = { image = "docker.io/valkey/valkey:7-alpine"; autoStart = true; volumes = [ "/tank/config/valkey:/usr/local/etc/valkey" ]; }; }; }