pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / modules / virtualisation / podman / network-socket-ghostunnel.nix
at 23.11-pre 812 B view raw
1{ config, lib, pkg, ... }: 2let 3 inherit (lib) 4 mkOption 5 types 6 ; 7 8 cfg = config.virtualisation.podman.networkSocket; 9 10in 11{ 12 options.virtualisation.podman.networkSocket = { 13 server = mkOption { 14 type = types.enum [ "ghostunnel" ]; 15 }; 16 }; 17 18 config = lib.mkIf (cfg.enable && cfg.server == "ghostunnel") { 19 20 services.ghostunnel = { 21 enable = true; 22 servers."podman-socket" = { 23 inherit (cfg.tls) cert key cacert; 24 listen = "${cfg.listenAddress}:${toString cfg.port}"; 25 target = "unix:/run/podman/podman.sock"; 26 allowAll = lib.mkDefault true; 27 }; 28 }; 29 systemd.services.ghostunnel-server-podman-socket.serviceConfig.SupplementaryGroups = [ "podman" ]; 30 31 }; 32 33 meta.maintainers = lib.teams.podman.members ++ [ lib.maintainers.roberth ]; 34}