diff options
Diffstat (limited to 'nixos/modules/virtualisation/podman/network-socket-ghostunnel.nix')
-rw-r--r-- | nixos/modules/virtualisation/podman/network-socket-ghostunnel.nix | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/nixos/modules/virtualisation/podman/network-socket-ghostunnel.nix b/nixos/modules/virtualisation/podman/network-socket-ghostunnel.nix new file mode 100644 index 0000000000000..a0e7e433164a4 --- /dev/null +++ b/nixos/modules/virtualisation/podman/network-socket-ghostunnel.nix @@ -0,0 +1,34 @@ +{ config, lib, pkg, ... }: +let + inherit (lib) + mkOption + types + ; + + cfg = config.virtualisation.podman.networkSocket; + +in +{ + options.virtualisation.podman.networkSocket = { + server = mkOption { + type = types.enum [ "ghostunnel" ]; + }; + }; + + config = lib.mkIf (cfg.enable && cfg.server == "ghostunnel") { + + services.ghostunnel = { + enable = true; + servers."podman-socket" = { + inherit (cfg.tls) cert key cacert; + listen = "${cfg.listenAddress}:${toString cfg.port}"; + target = "unix:/run/podman/podman.sock"; + allowAll = lib.mkDefault true; + }; + }; + systemd.services.ghostunnel-server-podman-socket.serviceConfig.SupplementaryGroups = ["podman"]; + + }; + + meta.maintainers = lib.teams.podman.members ++ [ lib.maintainers.roberth ]; +} |