mirror of
https://github.com/oqyude/nixos.git
synced 2026-06-10 20:20:41 +03:00
99 lines
2.1 KiB
Nix
99 lines
2.1 KiB
Nix
# Auto-generated using compose2nix v0.3.3-pre.
|
|
{
|
|
pkgs,
|
|
lib,
|
|
config,
|
|
...
|
|
}:
|
|
|
|
{
|
|
# Runtime
|
|
virtualisation.podman = {
|
|
enable = true;
|
|
autoPrune = {
|
|
enable = true;
|
|
flags = [ "--all" ];
|
|
};
|
|
dockerCompat = true;
|
|
};
|
|
|
|
# Enable container name DNS for all Podman networks.
|
|
networking.firewall.interfaces =
|
|
let
|
|
matchAll = if !config.networking.nftables.enable then "podman+" else "podman*";
|
|
in
|
|
{
|
|
"${matchAll}".allowedUDPPorts = [ 53 ];
|
|
};
|
|
|
|
networking.firewall = {
|
|
allowedUDPPortRanges = [
|
|
{
|
|
from = 14380;
|
|
to = 15380;
|
|
}
|
|
];
|
|
allowedTCPPortRanges = [
|
|
{
|
|
from = 14380;
|
|
to = 15380;
|
|
}
|
|
];
|
|
};
|
|
virtualisation.oci-containers.backend = "podman";
|
|
|
|
# Containers
|
|
virtualisation.oci-containers.containers."3xui_app" = {
|
|
image = "ghcr.io/mhsanaei/3x-ui:latest";
|
|
environment = {
|
|
"XRAY_VMESS_AEAD_FORCED" = "false";
|
|
"XUI_ENABLE_FAIL2BAN" = "true";
|
|
};
|
|
volumes = [
|
|
"/mnt/containers/3x-ui/cert/:/root/cert:rw"
|
|
"/mnt/containers/3x-ui/db/:/etc/x-ui:rw"
|
|
];
|
|
log-driver = "journald";
|
|
extraOptions = [
|
|
"--network=host"
|
|
];
|
|
};
|
|
systemd.services."podman-3xui_app" = {
|
|
serviceConfig = {
|
|
Restart = lib.mkOverride 90 "always";
|
|
};
|
|
partOf = [
|
|
"podman-compose-3x-ui-root.target"
|
|
];
|
|
wantedBy = [
|
|
"podman-compose-3x-ui-root.target"
|
|
];
|
|
};
|
|
|
|
# Builds
|
|
systemd.services."podman-build-3xui_app" = {
|
|
path = [
|
|
pkgs.podman
|
|
pkgs.git
|
|
];
|
|
serviceConfig = {
|
|
Type = "oneshot";
|
|
TimeoutSec = 300;
|
|
};
|
|
script = ''
|
|
cd /mnt/containers/3x-ui
|
|
podman build -t compose2nix/3xui_app -f ./Dockerfile .
|
|
'';
|
|
};
|
|
|
|
# Root service
|
|
# When started, this will automatically create all resources and start
|
|
# the containers. When stopped, this will teardown all resources.
|
|
systemd.targets."podman-compose-3x-ui-root" = {
|
|
unitConfig = {
|
|
Description = "Root target generated by compose2nix.";
|
|
};
|
|
wantedBy = [ "multi-user.target" ];
|
|
};
|
|
}
|