feat: add support for quadlet-based containers

wi2trier · Jan 7, 2025 · cfa940f · cfa940f
1 parent 18e206c
commit cfa940f
Show file tree

Hide file tree

Showing 4 changed files with 129 additions and 74 deletions.
diff --git a/docs/setup.md b/docs/setup.md
@@ -6,7 +6,7 @@
   - [Nix](#nix)
   - [CUDA](#cuda)
   - [Verify Installation](#verify-installation)
-  - [Create Containers User](#create-containers-user)
+  - [Create Quadlet User](#create-quadlet-user)
 - [Uninstall](#uninstall)
 
 ## Updates
@@ -88,25 +88,21 @@ The new Apptainer runtime using `nvidia-container-cli` currently does not work:
 CUDA_VISIBLE_DEVICES=0 apptainer --debug run --nvccli docker://ubuntu nvidia-smi
 ```
 
-### Create Containers User
+### Create Quadlet User
 
-To create a user for running containers, run the following:
+To create a user for running quadlet containers, run the following:
 
 ```shell
-sudo useradd --system --home-dir /var/empty --shell /sbin/nologin --comment "Containers User" containers
-```
-
-To allow the user to run containers in a user namespace, run the following:
-
-```shell
-echo "containers:2147483647:2147483648" | sudo tee -a /etc/subuid
-echo "containers:2147483647:2147483648" | sudo tee -a /etc/subgid
+sudo useradd --system --create-home --shell /sbin/nologin --uid 990 --comment "Quadlet User" quadlet
+sudo loginctl enable-linger quadlet
+echo "quadlet:100000000:65536" | sudo tee -a /etc/subuid
+echo "quadlet:100000000:65536" | sudo tee -a /etc/subgid
 ```
 
 In case you want to remove the user, run the following:
 
 ```shell
-sudo userdel --remove containers
+sudo userdel --remove quadlet
 ```
 
 ## Uninstall

diff --git a/modules/oci.nix b/modules/oci.nix
diff --git a/modules/quadlet.nix b/modules/quadlet.nix
@@ -0,0 +1,69 @@
+{ lib, ... }:
+let
+  mkDefaults = name: {
+    Container = {
+      Name = name;
+      Pull = "newer";
+      AutoUpdate = "registry";
+    };
+    Unit = {
+      Description = "Podman container ${name}";
+    };
+    Service = {
+      Restart = "always";
+      Environment = "PATH=/usr/bin";
+      TimeoutStartSec = 900;
+    };
+    Install = {
+      WantedBy = "system-manager.target";
+    };
+  };
+
+  mkContainer =
+    name: mkConfig:
+    lib.mkMerge [
+      (mkConfig name)
+      (mkDefaults name)
+    ];
+in
+{
+  systemd.tmpfiles.settings.quadlet =
+    lib.genAttrs
+      [
+        "/var/lib/ollama-quadlet"
+        "/var/lib/open-webui-quadlet"
+      ]
+      (name: {
+        d.mode = "0755";
+      });
+  virtualisation.quadlet = {
+    enable = true;
+    containers = lib.mapAttrs mkContainer {
+      ollama = name: {
+        Container = {
+          Image = "docker.io/ollama/ollama:latest";
+          Volume = [
+            "/var/lib/ollama-quadlet:/root/.ollama:U"
+          ];
+          AddDevice = [
+            "nvidia.com/gpu=all"
+          ];
+        };
+      };
+      open-webui = name: {
+        Container = {
+          Image = "ghcr.io/open-webui/open-webui:latest";
+          PublishPort = [
+            "3000:8080"
+          ];
+          Volume = [
+            "/var/lib/open-webui-quadlet:/app/backend/data:U"
+          ];
+          AddHost = [
+            "host.docker.internal:host-gateway"
+          ];
+        };
+      };
+    };
+  };
+}
diff --git a/options/quadlet.nix b/options/quadlet.nix
@@ -0,0 +1,52 @@
+{
+  inputs,
+  lib,
+  config,
+  pkgs,
+  ...
+}:
+let
+  cfg = config.virtualisation.quadlet;
+
+  inherit (lib) mkOption types;
+  inherit (systemdUtils.unitOptions) unitOption;
+
+  nixosUtils = import "${inputs.nixpkgs}/nixos/lib/utils.nix" { inherit lib config pkgs; };
+  systemdUtils = nixosUtils.systemdUtils;
+  unitOptions = types.attrsOf unitOption;
+
+  unitConfigToText =
+    unitConfig:
+    lib.concatStringsSep "\n\n" (
+      lib.mapAttrsToList (name: value: ''
+        [${name}]
+        ${systemdUtils.lib.attrsToSection value}
+      '') unitConfig
+    );
+in
+{
+  options = {
+    virtualisation.quadlet = {
+      enable = lib.mkEnableOption "quadlet";
+      containers = mkOption {
+        type = types.attrsOf unitOptions;
+        default = { };
+      };
+    };
+  };
+  config = lib.mkIf cfg.enable {
+    environment.etc =
+      {
+        "systemd/user-generators/podman-user-generator" = {
+          source = "${pkgs.podman}/lib/systemd/user-generators/podman-user-generator";
+        };
+      }
+      // lib.mapAttrs' (name: value: {
+        name = "containers/systemd/users/990/${name}.container";
+        value = {
+          text = unitConfigToText value;
+          mode = "0600";
+        };
+      }) cfg.containers;
+  };
+}