diff options
Diffstat (limited to 'nixos/modules/virtualisation/podman-network-socket-ghostunnel.nix')
| -rw-r--r-- | nixos/modules/virtualisation/podman-network-socket-ghostunnel.nix | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/nixos/modules/virtualisation/podman-network-socket-ghostunnel.nix b/nixos/modules/virtualisation/podman-network-socket-ghostunnel.nix new file mode 100644 index 000000000000..1f1ada7f0891 --- /dev/null +++ b/nixos/modules/virtualisation/podman-network-socket-ghostunnel.nix @@ -0,0 +1,34 @@ +{ config, lib, pkg, ... }: +let + inherit (lib) + mkOption + types + ; + + cfg = config.virtualisation.podman.networkSocket; + +in +{ + options.virtualisation.podman.networkSocket = { + server = mkOption { + type = types.enum [ "ghostunnel" ]; + }; + }; + + config = { + + services.ghostunnel = lib.mkIf (cfg.enable && cfg.server == "ghostunnel") { + enable = true; + servers."podman-socket" = { + inherit (cfg.tls) cert key cacert; + listen = "${cfg.listenAddress}:${toString cfg.port}"; + target = "unix:/run/podman/podman.sock"; + allowAll = lib.mkDefault true; + }; + }; + systemd.services.ghostunnel-server-podman-socket.serviceConfig.SupplementaryGroups = ["podman"]; + + }; + + meta.maintainers = lib.teams.podman.members ++ [ lib.maintainers.roberth ]; +} |