Add podman-service unit

This enables the service for binding to podman over a socket which is in
turn used by Tealok for managing the services on the server.

quinn/etc/nixos/configuration.nix

@@ -64,6 +64,7 @@
   # Enable touchpad support (enabled default in most desktopManager).
   # services.libinput.enable = true;
 
+  users.groups.podman-service = {};
   users.groups.scanner = {};
   users.groups.step = {};
 
@@ -77,6 +78,12 @@
   #     tree
   #   ];
    };
+  users.users.podman-service = {
+    group = "podman-service";
+    isNormalUser = false;
+    isSystemUser = true;
+    description = "User for podman daemon";
+  };
   users.users.scanner = {
     group = "scanner";
     isNormalUser = false;
@@ -312,6 +319,17 @@
   # Useful for debugging systemd networkd
   systemd.services.systemd-networkd.environment.SYSTEMD_LOG_LEVEL = "debug";
 
+  systemd.services.podman-api = {
+    enable = true;
+    wantedBy = [ "multi-user.target" ];
+    after = [ "network.target" ];
+    description = "Daemon for handling podman requests from Tealok";
+    serviceConfig = {
+      User = "root";
+      WorkingDirectory = "/tmp";
+      ExecStart = "${pkgs.podman}/bin/podman system service -t 0";
+    };
+  };
   systemd.services.scan-uploader = {
     enable = true;
     wantedBy = [ "multi-user.target" ];
@@ -331,6 +349,5 @@
   # Enable podman since we are on NixOS 21.05
   virtualisation.docker.enable = false;
   virtualisation.podman.enable = true;
-  virtualisation.podman.dockerSocket.enable = true;
 }