felschr/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: map oci-containers to specific users

Browse source
This commit is contained in:
Felix Schröter 2023-09-29 22:59:07 +02:00
parent 9aa9ef973f
commit 8dfe9d217b
Signed by: felschr
GPG key ID: 671E39E6744C807D
3 changed files with 61 additions and 7 deletions

19
services/collabora-office.nix
View file

@ -1,6 +1,9 @@
_:
{ config, ... }:
{
let
inherit (config.users.users.collabora-office) uid;
inherit (config.users.groups.collabora-office) gid;
in {
virtualisation.oci-containers.containers.collabora-office = {
image = "docker.io/collabora/code";
ports = [ "9980:9980" ];
@ -15,6 +18,10 @@ _:
extra_params = "--o:ssl.enable=false --o:ssl.termination=true";
};
extraOptions = [
"--uidmap=0:65534:1"
"--gidmap=0:65534:1"
"--uidmap=100:${toString uid}:1"
"--gidmap=101:${toString gid}:1"
"--network=host"
"--cap-add=MKNOD"
"--label=io.containers.autoupdate=registry"
@ -32,4 +39,12 @@ _:
'';
};
};
users.users.collabora-office = {
isSystemUser = true;
group = "collabora-office";
uid = 982;
};
users.groups.collabora-office = { gid = 982; };
}