From 46dbe52b16fad77aab0a4ce003e8df81a8f1aa32 Mon Sep 17 00:00:00 2001
From: Eli Ribble <eli@theribbles.org>
Date: Sat, 21 Sep 2024 10:39:58 -0700
Subject: [PATCH] Add podman-service unit

This enables the service for binding to podman over a socket which is in
turn used by Tealok for managing the services on the server.
---
 quinn/etc/nixos/configuration.nix | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/quinn/etc/nixos/configuration.nix b/quinn/etc/nixos/configuration.nix
index ea4618a..dc4a8a8 100644
--- a/quinn/etc/nixos/configuration.nix
+++ b/quinn/etc/nixos/configuration.nix
@@ -64,6 +64,7 @@
   # Enable touchpad support (enabled default in most desktopManager).
   # services.libinput.enable = true;
 
+  users.groups.podman-service = {};
   users.groups.scanner = {};
   users.groups.step = {};
 
@@ -77,6 +78,12 @@
   #     tree
   #   ];
    };
+  users.users.podman-service = {
+    group = "podman-service";
+    isNormalUser = false;
+    isSystemUser = true;
+    description = "User for podman daemon";
+  };
   users.users.scanner = {
     group = "scanner";
     isNormalUser = false;
@@ -312,6 +319,17 @@
   # Useful for debugging systemd networkd
   systemd.services.systemd-networkd.environment.SYSTEMD_LOG_LEVEL = "debug";
 
+  systemd.services.podman-api = {
+    enable = true;
+    wantedBy = [ "multi-user.target" ];
+    after = [ "network.target" ];
+    description = "Daemon for handling podman requests from Tealok";
+    serviceConfig = {
+      User = "root";
+      WorkingDirectory = "/tmp";
+      ExecStart = "${pkgs.podman}/bin/podman system service -t 0";
+    };
+  };
   systemd.services.scan-uploader = {
     enable = true;
     wantedBy = [ "multi-user.target" ];
@@ -331,6 +349,5 @@
   # Enable podman since we are on NixOS 21.05
   virtualisation.docker.enable = false;
   virtualisation.podman.enable = true;
-  virtualisation.podman.dockerSocket.enable = true;
 }