pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / modules / virtualisation / podman / network-socket-ghostunnel.nix
at master 820 B view raw
1{ 2 config, 3 lib, 4 pkg, 5 ... 6}: 7let 8 inherit (lib) 9 mkOption 10 types 11 ; 12 13 cfg = config.virtualisation.podman.networkSocket; 14 15in 16{ 17 options.virtualisation.podman.networkSocket = { 18 server = mkOption { 19 type = types.enum [ "ghostunnel" ]; 20 }; 21 }; 22 23 config = lib.mkIf (cfg.enable && cfg.server == "ghostunnel") { 24 25 services.ghostunnel = { 26 enable = true; 27 servers."podman-socket" = { 28 inherit (cfg.tls) cert key cacert; 29 listen = "${cfg.listenAddress}:${toString cfg.port}"; 30 target = "unix:/run/podman/podman.sock"; 31 allowAll = lib.mkDefault true; 32 }; 33 }; 34 systemd.services.ghostunnel-server-podman-socket.serviceConfig.SupplementaryGroups = [ "podman" ]; 35 36 }; 37 38 meta.maintainers = lib.teams.podman.members ++ [ lib.maintainers.roberth ]; 39}