yanlin/nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Separate podman and traefik

Browse source
This commit is contained in:
Yan Lin 2025-09-07 01:59:45 +02:00
parent 261fea477e
commit 673bdeb83b
3 changed files with 159 additions and 43 deletions
Download patch file Download diff file Expand all files Collapse all files

46
hosts/nixos/hs/system.nix
View file

@ -4,6 +4,8 @@
./disk-config.nix
home-manager.nixosModules.home-manager
../../../modules/tailscale.nix
../../../modules/podman.nix
../../../modules/traefik.nix
];
# GRUB bootloader with ZFS support
@ -63,8 +65,7 @@
hostName = "hs";
hostId = "8425e349"; # Required for ZFS, good practice for any system
networkmanager.enable = true;
firewall.enable = false;
# firewall.allowedTCPPorts = [ 22 ]; # SSH
firewall = { enable = false; };
};
# Set your time zone
@ -154,46 +155,6 @@
};
};
# Container virtualization with Podman
virtualisation = {
podman = {
enable = true;
# Create a `docker` alias for podman, to use it as a drop-in replacement
dockerCompat = true;
# Required for containers under podman-compose to be able to talk to each other
defaultNetwork.settings.dns_enabled = true;
# Create macvlan network for Home Assistant
extraPackages = [ pkgs.netavark pkgs.aardvark-dns ];
};
# Enable OCI container support
oci-containers = {
backend = "podman";
containers.homeassistant = {
image = "ghcr.io/home-assistant/home-assistant:stable";
volumes = [
"/home/yanlin/deploy/data/home/config:/config"
"/etc/localtime:/etc/localtime:ro"
"/run/dbus:/run/dbus:ro"
];
environment = {
TZ = "Europe/Copenhagen";
};
extraOptions = [
"--privileged" # Required for USB device access
"--network=host" # Use host networking
"--device=/dev/ttyUSB0:/dev/ttyUSB0" # Sky Connect Zigbee dongle
"--device=/dev/dri:/dev/dri" # Hardware acceleration
];
autoStart = true;
};
};
};
# SnapRAID configuration for parity protection
services.snapraid = {
enable = true;
@ -241,7 +202,6 @@
];
};
# Enable smartd for disk health monitoring
services.smartd = {
enable = true;