mirror of
https://github.com/oqyude/nixos.git
synced 2026-06-10 20:20:41 +03:00
120 lines
2.6 KiB
Nix
120 lines
2.6 KiB
Nix
# Auto-generated using compose2nix v0.3.3-pre.
|
|
{
|
|
pkgs,
|
|
lib,
|
|
config,
|
|
...
|
|
}:
|
|
|
|
{
|
|
# Runtime
|
|
virtualisation.podman = {
|
|
enable = true;
|
|
autoPrune = {
|
|
enable = true;
|
|
flags = [ "--all" ];
|
|
};
|
|
dockerCompat = true;
|
|
};
|
|
|
|
# Enable container name DNS for all Podman networks.
|
|
networking.firewall.interfaces =
|
|
let
|
|
matchAll = if !config.networking.nftables.enable then "podman+" else "podman*";
|
|
in
|
|
{
|
|
"${matchAll}".allowedUDPPorts = [ 53 ];
|
|
};
|
|
|
|
networking.firewall = {
|
|
allowedUDPPortRanges = [
|
|
{
|
|
from = 14380;
|
|
to = 15380;
|
|
}
|
|
];
|
|
allowedTCPPortRanges = [
|
|
{
|
|
from = 14380;
|
|
to = 15380;
|
|
}
|
|
];
|
|
allowedTCPPorts = [
|
|
8443
|
|
9443
|
|
13380
|
|
];
|
|
allowedUDPPorts = [
|
|
8443
|
|
9443
|
|
13380
|
|
];
|
|
};
|
|
virtualisation.oci-containers.backend = "podman";
|
|
|
|
# Containers
|
|
virtualisation.oci-containers.containers."3xui_app" = {
|
|
image = "ghcr.io/mhsanaei/3x-ui:latest";
|
|
environment = {
|
|
"XRAY_VMESS_AEAD_FORCED" = "false";
|
|
"XUI_ENABLE_FAIL2BAN" = "true";
|
|
"TZ" = "Europe/Moscow";
|
|
};
|
|
volumes = [
|
|
"/mnt/services/containers/3x-ui/cert/:/root/cert:rw"
|
|
"/mnt/services/containers/3x-ui/db/:/etc/x-ui:rw"
|
|
];
|
|
log-driver = "journald";
|
|
extraOptions = [
|
|
"--network=host"
|
|
];
|
|
};
|
|
systemd.services."podman-3xui_app" = {
|
|
serviceConfig = {
|
|
Restart = lib.mkOverride 90 "always";
|
|
};
|
|
partOf = [
|
|
"podman-compose-3x-ui-root.target"
|
|
];
|
|
wantedBy = [
|
|
"podman-compose-3x-ui-root.target"
|
|
];
|
|
};
|
|
|
|
# Builds
|
|
# systemd.services."podman-build-3xui_app" = {
|
|
# path = [
|
|
# pkgs.podman
|
|
# pkgs.git
|
|
# ];
|
|
# serviceConfig = {
|
|
# Type = "oneshot";
|
|
# TimeoutSec = 300;
|
|
# };
|
|
# script = ''
|
|
# cd /mnt/containers/3x-ui
|
|
# podman build -t compose2nix/3xui_app -f ./Dockerfile .
|
|
# '';
|
|
# };
|
|
|
|
# Root service
|
|
# When started, this will automatically create all resources and start
|
|
# the containers. When stopped, this will teardown all resources.
|
|
systemd.targets."podman-compose-3x-ui-root" = {
|
|
unitConfig = {
|
|
Description = "Root target generated by compose2nix.";
|
|
};
|
|
wantedBy = [ "multi-user.target" ];
|
|
};
|
|
|
|
# Folders
|
|
systemd.tmpfiles.rules = [
|
|
"d /mnt 0755 root root -"
|
|
"d /mnt/containers 0755 root root -"
|
|
"d /mnt/services/containers 0755 root root -"
|
|
"d /mnt/services/containers/3x-ui 0755 root root -"
|
|
"d /mnt/services/containers/3x-ui/cert 0755 root root -"
|
|
"d /mnt/services/containers/3x-ui/db 0755 root root -"
|
|
];
|
|
}
|