···
1
+
{ config, lib, pkg, ... }:
8
+
cfg = config.virtualisation.podman.networkSocket;
12
+
options.virtualisation.podman.networkSocket = {
17
+
Make the Podman and Docker compatibility API available over the network
18
+
with TLS client certificate authentication.
20
+
This allows Docker clients to connect with the equivalents of the Docker
21
+
CLI <code>-H</code> and <code>--tls*</code> family of options.
23
+
For certificate setup, see https://docs.docker.com/engine/security/protect-access/
25
+
This option is independent of <xref linkend="opt-virtualisation.podman.dockerSocket.enable"/>.
30
+
type = types.enum [];
32
+
Choice of TLS proxy server.
34
+
example = "ghostunnel";
37
+
openFirewall = mkOption {
41
+
Whether to open the port in the firewall.
45
+
tls.cacert = mkOption {
48
+
Path to CA certificate to use for client authentication.
52
+
tls.cert = mkOption {
55
+
Path to certificate describing the server.
59
+
tls.key = mkOption {
62
+
Path to the private key corresponding to the server certificate.
64
+
Use a string for this setting. Otherwise it will be copied to the Nix
65
+
store first, where it is readable by any system process.
73
+
TCP port number for receiving TLS connections.
76
+
listenAddress = mkOption {
78
+
default = "0.0.0.0";
80
+
Interface address for receiving TLS connections.
86
+
networking.firewall.allowedTCPPorts =
87
+
lib.optional (cfg.enable && cfg.openFirewall) cfg.port;
90
+
meta.maintainers = lib.teams.podman.members ++ [ lib.maintainers.roberth ];
pyrox.dev