modules.services.podman: init, replace docker

devices/pc/default.nix

@@ -97,7 +97,7 @@ inputs:
           };
         };
         ollama = {};
-        docker = {};
+        podman = {};
         ananicy = {};
         keyd = {};
         searx = {};

devices/srv3/README.md

@@ -43,7 +43,7 @@
   若此定价对您来说仍然难以接受，可以联系我，打五折或者免费。
 * 此价格 2025 年 9 月 17 日前有效。之后大概率也不会调整，但保留调整的权利。
 * 预计收入无法覆盖成本。如果某个月的收入高于成本，承诺会将多出的部分捐出去。
-* 非 kvm 虚拟机的服务（例如，只跑一个 docker 容器，只跑某一个服务）定价私聊，大致上是上方价格再加上我的工作成本（事少的免费，事多的就要实收了）。
+* 非 kvm 虚拟机的服务（例如，只跑一个 podman 容器，只跑某一个服务）定价私聊，大致上是上方价格再加上我的工作成本（事少的免费，事多的就要实收了）。
 * 配置随时可以调整。所以按照自己这个月够用的来就行，不需要为未来留余量。但每次调整都需要重启虚拟机。
 * 母鸡价格 40 美元每月，配置在下方列出。
   * 机房: LAX3 （IP：srv3.chn.moe）

devices/srv3/default.nix

@@ -101,7 +101,7 @@ inputs:
         grafana = {};
         fail2ban = {};
         xray.server = {};
-        docker = {};
+        podman = {};
         peertube = {};
         nginx.applications.webdav.instances."webdav.chn.moe" = {};
         open-webui.ollamaHost = "192.168.83.3";

modules/services/docker.nix

@@ -1,31 +1,21 @@
 inputs:
 {
-  options.nixos.services.docker = let inherit (inputs.lib) mkOption types; in mkOption
+  options.nixos.services.podman = let inherit (inputs.lib) mkOption types; in mkOption
     { type = types.nullOr (types.submodule {}); default = null; };
-  config = let inherit (inputs.config.nixos.services) docker; in inputs.lib.mkIf (docker != null)
+  config = let inherit (inputs.config.nixos.services) podman; in inputs.lib.mkIf (podman != null)
   {
-    virtualisation.docker =
+    virtualisation =
     {
-      enable = true;
-      # prevent create btrfs subvol
-      storageDriver = "overlay2";
-      daemon.settings.dns = [ "1.1.1.1" ];
-      rootless =
+      containers.enable = true;
+      podman =
       {
         enable = true;
-        setSocketVariable = true;
-        daemon.settings =
-        {
-          features.buildkit = true;
-          # dns 127.0.0.1 make docker not work
-          dns = [ "1.1.1.1" ];
-          # prevent create btrfs subvol
-          storage-driver = "overlay2";
-          live-restore = true;
-        };
+        # Create a `docker` alias for podman, to use it as a drop-in replacement
+        dockerCompat = true;
+        # Required for containers under podman-compose to be able to talk to each other.
+        defaultNetwork.settings.dns_enabled = true;
       };
     };
     hardware.nvidia-container-toolkit.enable = inputs.lib.mkIf (inputs.config.nixos.system.nixpkgs.cuda != null) true;
-    networking.firewall.trustedInterfaces = [ "docker0" ];
   };
 }

modules/services/huginn.nix

@@ -51,7 +51,7 @@ inputs:
           https.${huginn.hostname}.location."/".proxy = { upstream = "http://127.0.0.1:3000"; websocket = true; };
         };
         mariadb.instances.huginn = {};
-        docker = {};
+        podman = {};
       };
     };
   };

modules/services/xray.nix

@@ -18,11 +18,7 @@ inputs:
         };
         dnsmasq =
         {
-          extraInterfaces = mkOption
-          {
-            type = types.listOf types.nonEmptyStr;
-            default = inputs.lib.optional (inputs.config.nixos.services.docker != null) "docker0";
-          };
+          extraInterfaces = mkOption { type = types.listOf types.nonEmptyStr; default = []; };
           hosts = mkOption { type = types.attrsOf types.nonEmptyStr; default = {}; };
         };
         v2ray-forwarder.noproxyUsers = mkOption { type = types.listOf types.nonEmptyStr; default = [ "gb" "xll" ]; };

modules/system/default.nix

@@ -29,7 +29,6 @@ inputs:
         # ANDROID_HOME = "${XDG_DATA_HOME}/android";
         HISTFILE= "${XDG_STATE_HOME}/bash/history";
         CUDA_CACHE_PATH = "${XDG_CACHE_HOME}/nv";
-        DOCKER_CONFIG = "${XDG_CONFIG_HOME}/docker";
         GNUPGHOME = "${XDG_DATA_HOME}/gnupg";
         GTK2_RC_FILES = "${XDG_CONFIG_HOME}/gtk-2.0/gtkrc";
         XCOMPOSECACHE = "${XDG_CACHE_HOME}/X11/xcompose";