{ pkgs, lib, config, xlib, ... }: { # Runtime virtualisation.podman = { enable = true; autoPrune.enable = true; dockerCompat = true; dockerSocket.enable = true; defaultNetwork.settings.dns_enabled = true; }; # Enable container name DNS for all Podman networks. networking.firewall.interfaces = let matchAll = if !config.networking.nftables.enable then "podman+" else "podman*"; in { "${matchAll}".allowedUDPPorts = [ 53 ]; }; virtualisation.oci-containers.backend = "podman"; # Containers virtualisation.oci-containers.containers."openhands-app" = { image = "ghcr.io/openhands/openhands:latest"; environment = { "AGENT_SERVER_IMAGE_REPOSITORY" = "ghcr.io/openhands/agent-server"; "AGENT_SERVER_IMAGE_TAG" = "31536c8-python"; "WORKSPACE_MOUNT_PATH" = "${xlib.dirs.services-mnt-folder}/containers/openhands/workspace"; }; volumes = [ "${xlib.dirs.services-mnt-folder}/containers/openhands/userspace:/.openhands:rw" "${xlib.dirs.services-mnt-folder}/containers/openhands/workspace:/opt/workspace_base:rw" "/run/podman/podman.sock:/var/run/docker.sock:rw" ]; ports = [ "3000:3000/tcp" ]; log-driver = "journald"; extraOptions = [ # "--network=host" "--add-host=host.docker.internal:host-gateway" "--network-alias=openhands" "--network=openhands_default" ]; }; systemd.services."podman-openhands-app" = { serviceConfig = { Restart = lib.mkOverride 90 "no"; }; after = [ "podman-network-openhands_default.service" ]; requires = [ "podman-network-openhands_default.service" ]; partOf = [ "podman-compose-openhands-root.target" ]; wantedBy = [ "podman-compose-openhands-root.target" ]; }; # Networks systemd.services."podman-network-openhands_default" = { path = [ pkgs.podman ]; serviceConfig = { Type = "oneshot"; RemainAfterExit = true; ExecStop = "podman network rm -f openhands_default"; }; script = '' podman network inspect openhands_default || podman network create openhands_default ''; partOf = [ "podman-compose-openhands-root.target" ]; wantedBy = [ "podman-compose-openhands-root.target" ]; }; # Builds # systemd.services."podman-build-openhands-app" = { # enable = false; # path = [ # pkgs.podman # pkgs.git # ]; # serviceConfig = { # Type = "oneshot"; # TimeoutSec = 300; # }; # script = '' # cd ${xlib.dirs.services-mnt-folder}/containers/openhands/source # podman build -t openhands:latest -f ./containers/app/Dockerfile . # ''; # }; # Root service # When started, this will automatically create all resources and start # the containers. When stopped, this will teardown all resources. systemd.targets."podman-compose-openhands-root" = { unitConfig = { Description = "Root target generated by compose2nix."; }; wantedBy = [ "multi-user.target" ]; }; systemd.tmpfiles.rules = [ "d ${xlib.dirs.services-mnt-folder} 0755 root root -" "d ${xlib.dirs.services-mnt-folder}/containers 0755 root root -" "d ${xlib.dirs.services-mnt-folder}/containers/openhands 0755 root root -" "d ${xlib.dirs.services-mnt-folder}/containers/openhands/userspace 0755 root root -" "d ${xlib.dirs.services-mnt-folder}/containers/openhands/workspace 0755 root root -" ]; }