mirror of
https://github.com/oqyude/nixos.git
synced 2026-06-10 20:20:41 +03:00
132 lines
3.1 KiB
Nix
132 lines
3.1 KiB
Nix
{
|
|
config,
|
|
lib,
|
|
pkgs,
|
|
xlib,
|
|
...
|
|
}:
|
|
{
|
|
virtualisation = {
|
|
podman = {
|
|
enable = true;
|
|
autoPrune = {
|
|
enable = true;
|
|
flags = [ "--all" ];
|
|
};
|
|
dockerCompat = true;
|
|
};
|
|
oci-containers = {
|
|
backend = "podman";
|
|
containers."3xui_app" = {
|
|
image = "ghcr.io/mhsanaei/3x-ui:latest";
|
|
environment = {
|
|
"XRAY_VMESS_AEAD_FORCED" = "false";
|
|
"XUI_ENABLE_FAIL2BAN" = "true";
|
|
"TZ" = "Europe/Moscow";
|
|
};
|
|
volumes = [
|
|
"${xlib.dirs.services-mnt-folder}/containers/3x-ui/cert/:/root/cert:rw"
|
|
"${xlib.dirs.services-mnt-folder}/containers/3x-ui/db/:/etc/x-ui:rw"
|
|
];
|
|
log-driver = "journald";
|
|
extraOptions = [
|
|
"--network=host"
|
|
];
|
|
};
|
|
};
|
|
};
|
|
|
|
systemd = {
|
|
services = {
|
|
"podman-3xui_app" = {
|
|
serviceConfig = {
|
|
Restart = lib.mkOverride 90 "always";
|
|
};
|
|
partOf = [
|
|
"podman-compose-3x-ui-root.target"
|
|
];
|
|
wantedBy = [
|
|
"podman-compose-3x-ui-root.target"
|
|
];
|
|
};
|
|
# Update
|
|
"podman-update-3xui_app" = {
|
|
path = [
|
|
pkgs.podman
|
|
];
|
|
serviceConfig = {
|
|
Type = "oneshot";
|
|
TimeoutSec = 300;
|
|
};
|
|
script = ''
|
|
podman pull ghcr.io/mhsanaei/3x-ui:latest
|
|
systemctl restart podman-3xui_app.service
|
|
'';
|
|
};
|
|
# Builds
|
|
# "podman-build-3xui_app" = {
|
|
# path = [
|
|
# pkgs.podman
|
|
# pkgs.git
|
|
# ];
|
|
# serviceConfig = {
|
|
# Type = "oneshot";
|
|
# TimeoutSec = 300;
|
|
# };
|
|
# script = ''
|
|
# cd /mnt/containers/3x-ui
|
|
# podman build -t compose2nix/3xui_app -f ./Dockerfile .
|
|
# '';
|
|
# };
|
|
};
|
|
# Root service
|
|
# When started, this will automatically create all resources and start
|
|
# the containers. When stopped, this will teardown all resources.
|
|
targets."podman-compose-3x-ui-root" = {
|
|
unitConfig = {
|
|
Description = "Root target generated by compose2nix.";
|
|
};
|
|
wantedBy = [ "multi-user.target" ];
|
|
};
|
|
timers."podman-update-3xui_app" = {
|
|
wantedBy = [ "timers.target" ];
|
|
timerConfig = {
|
|
OnCalendar = "weekly";
|
|
Persistent = true;
|
|
};
|
|
};
|
|
# Folders
|
|
tmpfiles.rules = [
|
|
"d /mnt 0755 root root -"
|
|
"d /mnt/containers 0755 root root -"
|
|
"d /mnt/services/containers 0755 root root -"
|
|
"d /mnt/services/containers/3x-ui 0755 root root -"
|
|
"d /mnt/services/containers/3x-ui/cert 0755 root root -"
|
|
"d /mnt/services/containers/3x-ui/db 0755 root root -"
|
|
];
|
|
};
|
|
|
|
# Enable container name DNS for all Podman networks.
|
|
networking.firewall = {
|
|
allowedUDPPortRanges = [
|
|
{
|
|
from = 14380;
|
|
to = 15380;
|
|
}
|
|
];
|
|
allowedTCPPortRanges = [
|
|
{
|
|
from = 14380;
|
|
to = 15380;
|
|
}
|
|
];
|
|
interfaces =
|
|
let
|
|
matchAll = if !config.networking.nftables.enable then "podman+" else "podman*";
|
|
in
|
|
{
|
|
"${matchAll}".allowedUDPPorts = [ 53 ];
|
|
};
|
|
};
|
|
}
|