home-manager/modules/services/podman-linux/networks.nix
Nicholas Hassan 1743615b61
podman: add module
Adds a new Podman module for creating user containers and networks as
systemd services. These are installed to the user's
`$XDG_CONFIG/systemd/user` directory.
2024-11-01 20:45:06 +01:00

168 lines
4.7 KiB
Nix

{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.podman;
podman-lib = import ./podman-lib.nix { inherit lib config; };
awaitPodmanUnshare = pkgs.writeShellScript "await-podman-unshare" ''
until ${cfg.package}/bin/podman unshare ${pkgs.coreutils}/bin/true; do
sleep 1;
done
'';
createQuadletSource = name: networkDef:
let
cfg = (podman-lib.deepMerge {
Install = {
WantedBy = (if networkDef.autoStart then [
"default.target"
"multi-user.target"
] else
[ ]);
};
Network = {
Driver = networkDef.driver;
Gateway = networkDef.gateway;
Internal = networkDef.internal;
NetworkName = name;
Label = networkDef.labels // { "nix.home-manager.managed" = true; };
PodmanArgs = networkDef.extraPodmanArgs;
Subnet = networkDef.subnet;
};
Service = {
Environment = {
PATH = (builtins.concatStringsSep ":" [
"${podman-lib.newuidmapPaths}"
"${makeBinPath [ pkgs.su pkgs.coreutils ]}"
]);
};
ExecStartPre = [ "${awaitPodmanUnshare}" ];
TimeoutStartSec = 15;
RemainAfterExit = "yes";
};
Unit = {
After = [ "network.target" ];
Description = (if (builtins.isString networkDef.description) then
networkDef.description
else
"Service for network ${name}");
};
} networkDef.extraConfig);
in ''
# Automatically generated by home-manager for podman network configuration
# DO NOT EDIT THIS FILE DIRECTLY
#
# ${name}.network
${podman-lib.toQuadletIni cfg}
'';
toQuadletInternal = name: networkDef: {
assertions = podman-lib.buildConfigAsserts name networkDef.extraConfig;
serviceName =
"podman-${name}"; # quadlet service name: 'podman-<name>-network.service'
source = podman-lib.removeBlankLines (createQuadletSource name networkDef);
resourceType = "network";
};
in let
networkDefinitionType = types.submodule {
options = {
autoStart = mkOption {
type = types.bool;
default = true;
description = ''
Whether to start the network on boot (requires user lingering).
'';
};
description = mkOption {
type = with types; nullOr str;
default = null;
example = "My Network";
description = "The description of the network.";
};
driver = mkOption {
type = with types; nullOr str;
default = null;
example = "bridge";
description = "The network driver to use.";
};
extraConfig = mkOption {
type = podman-lib.extraConfigType;
default = { };
example = literalExpression ''
{
Network = {
ContainerConfModule = "/etc/nvd.conf";
};
Service = {
TimeoutStartSec = 30;
};
}
'';
description = "INI sections and values to populate the Network Quadlet";
};
extraPodmanArgs = mkOption {
type = with types; listOf str;
default = [ ];
example = [ "--dns=192.168.55.1" "--ipam-driver" ];
description = ''
Extra arguments to pass to the podman network create command.
'';
};
gateway = mkOption {
type = with types; nullOr str;
default = null;
example = "192.168.20.1";
description = "The gateway IP to use for the network.";
};
internal = mkOption {
type = with types; nullOr bool;
default = null;
description = "Whether the network should be internal";
};
labels = mkOption {
type = with types; attrsOf str;
default = { };
example = {
app = "myapp";
some-label = "somelabel";
};
description = "The labels to apply to the network.";
};
subnet = mkOption {
type = with types; nullOr str;
default = null;
example = "192.168.20.0/24";
description = "The subnet to use for the network.";
};
};
};
in {
options.services.podman.networks = mkOption {
type = types.attrsOf networkDefinitionType;
default = { };
description = "Defines Podman network quadlet configurations.";
};
config = let networkQuadlets = mapAttrsToList toQuadletInternal cfg.networks;
in mkIf cfg.enable {
services.podman.internal.quadletDefinitions = networkQuadlets;
assertions = flatten (map (network: network.assertions) networkQuadlets);
home.file."${config.xdg.configHome}/podman/networks.manifest".text =
podman-lib.generateManifestText networkQuadlets;
};
}