NeoTheFox · January 10, 2025 12:12
diff --git a/ztnet-podman.nix b/ztnet-podman.nix
 { pkgs, lib, ... }:

 {
  # Runtime
  virtualisation.podman = {
    enable = true;
    autoPrune.enable = true;
    dockerCompat = true;
    defaultNetwork.settings = {
      # Required for container networking to be able to use names.
      dns_enabled = true;
    };
  };

  # Enable container name DNS for non-default Podman networks.
  # https://github.com/NixOS/nixpkgs/issues/226365
  networking.firewall.interfaces."podman+".allowedUDPPorts = [ 53 ];

  virtualisation.oci-containers.backend = "podman";

  # This depends on ZeroTier one
  services.zerotierone.enable = true;

  # Containers
  virtualisation.oci-containers.containers."ztnet" = {
    image = "sinamics/ztnet:latest";
    environment = {
      "NEXTAUTH_SECRET" = "supersecretsecret";
      "NEXTAUTH_URL" = "https://your.host.name:3000"; # Proxied via nginx
      "NEXTAUTH_URL_INTERNAL" = "http://127.0.0.2:3000";
      "POSTGRES_DB" = "ztnet";
      "POSTGRES_HOST" = "localhost";
      "POSTGRES_PASSWORD" = "ztnet-pw";
      "POSTGRES_PORT" = "5432";
      "POSTGRES_USER" = "ztnet";
    };
    volumes = [
      "/var/lib/zerotier-one:/var/lib/zerotier-one:rw"
    ];
    ports = [
      "3000:3000/tcp"
    ];
    log-driver = "journald";
    extraOptions = [
      "--network=host"
    ];
  };
  systemd.services."podman-ztnet" = {
    serviceConfig = {
      Restart = lib.mkOverride 90 "always";
    };
    requires = [
      "postgresql.service"
      "zerotierone.service"
    ];
    after = [
      "postgresql.service"
      "zerotierone.service"
    ];
    partOf = [
      "podman-compose-ztnet-root.target"
    ];
    wantedBy = [
      "podman-compose-ztnet-root.target"
    ];
  };

  # Host postgres
  services.postgresql = {
    enable = true;
    enableTCPIP = true;
    ensureDatabases = [ "ztnet" ];
    ensureUsers = [
      {
        name = "ztnet";
        ensureDBOwnership = true;
      }
    ];
  };

  # Root service
  # When started, this will automatically create all resources and start
  # the containers. When stopped, this will teardown all resources.
  systemd.targets."podman-compose-ztnet-root" = {
    unitConfig = {
      Description = "Root target generated by compose2nix.";
    };
    wantedBy = [ "multi-user.target" ];
  };
 }
	{ pkgs, lib, ... }:

	{
	# Runtime
	virtualisation.podman = {
	enable = true;
	autoPrune.enable = true;
	dockerCompat = true;
	defaultNetwork.settings = {
	# Required for container networking to be able to use names.
	dns_enabled = true;
	};
	};

	# Enable container name DNS for non-default Podman networks.
	# https://github.com/NixOS/nixpkgs/issues/226365
	networking.firewall.interfaces."podman+".allowedUDPPorts = [ 53 ];

	virtualisation.oci-containers.backend = "podman";

	# This depends on ZeroTier one
	services.zerotierone.enable = true;

	# Containers
	virtualisation.oci-containers.containers."ztnet" = {
	image = "sinamics/ztnet:latest";
	environment = {
	"NEXTAUTH_SECRET" = "supersecretsecret";
	"NEXTAUTH_URL" = "https://your.host.name:3000"; # Proxied via nginx
	"NEXTAUTH_URL_INTERNAL" = "http://127.0.0.2:3000";
	"POSTGRES_DB" = "ztnet";
	"POSTGRES_HOST" = "localhost";
	"POSTGRES_PASSWORD" = "ztnet-pw";
	"POSTGRES_PORT" = "5432";
	"POSTGRES_USER" = "ztnet";
	};
	volumes = [
	"/var/lib/zerotier-one:/var/lib/zerotier-one:rw"
	];
	ports = [
	"3000:3000/tcp"
	];
	log-driver = "journald";
	extraOptions = [
	"--network=host"
	];
	};
	systemd.services."podman-ztnet" = {
	serviceConfig = {
	Restart = lib.mkOverride 90 "always";
	};
	requires = [
	"postgresql.service"
	"zerotierone.service"
	];
	after = [
	"postgresql.service"
	"zerotierone.service"
	];
	partOf = [
	"podman-compose-ztnet-root.target"
	];
	wantedBy = [
	"podman-compose-ztnet-root.target"
	];
	};

	# Host postgres
	services.postgresql = {
	enable = true;
	enableTCPIP = true;
	ensureDatabases = [ "ztnet" ];
	ensureUsers = [
	{
	name = "ztnet";
	ensureDBOwnership = true;
	}
	];
	};

	# Root service
	# When started, this will automatically create all resources and start
	# the containers. When stopped, this will teardown all resources.
	systemd.targets."podman-compose-ztnet-root" = {
	unitConfig = {
	Description = "Root target generated by compose2nix.";
	};
	wantedBy = [ "multi-user.target" ];
	};
	}