dump

nixos/hosts/sandbox/host.nix

@@ -1,10 +1,15 @@
-{ config, pkgs, modulesPath, lib, ... }:
-
 {
+  config,
+  pkgs,
+  modulesPath,
+  lib,
+  ...
+}: {
   imports = [
     ../../templates/base.nix
     ./networking.nix
     ./storage.nix
     ./sandbox.nix
+    ./warpgate.nix
   ];
 }

nixos/hosts/sandbox/storage.nix

@@ -1,11 +1,11 @@
 {
-  boot.supportedFilesystems = [ "nfs" ];
+  boot.supportedFilesystems = ["nfs"];
 
   services.rpcbind.enable = true;
 
-  fileSystems."/mnt/nas" = {
-    device = "192.168.1.226:/volume1/docker";
-    fsType = "nfs";
-    options = [ "noatime" "vers=4" "rsize=8192" "wsize=8192" ];
-  };
+  # fileSystems."/mnt/nas" = {
+  #   device = "192.168.1.226:/volume1/docker";
+  #   fsType = "nfs";
+  #   options = [ "noatime" "vers=4" "rsize=8192" "wsize=8192" ];
+  # };
 }

nixos/hosts/sandbox/warpgate.nix

@@ -0,0 +1,35 @@
+{
+  virtualisation = {
+    containers.enable = true;
+    oci-containers.backend = "podman";
+
+    podman = {
+      enable = true;
+
+      # Create a `docker` alias for podman, to use it as a drop-in replacement
+      dockerCompat = true;
+
+      # Required for containers under podman-compose to be able to talk to each other.
+      defaultNetwork.settings.dns_enabled = true;
+    };
+  };
+  virtualisation.oci-containers.containers = {
+    warpgate = {
+      image = "ghcr.io/warp-tech/warpgate";
+      ports = [
+        "2222:2222"
+        "8888:8888"
+      ];
+      volumes = [
+        "/srv/warpgate/data:/data"
+      ];
+    };
+  };
+
+  systemd.tmpfiles.rules = [
+    "d /srv/warpgate 0755 root root -"
+    "d /srv/warpgate/data 0755 root root -"
+  ];
+
+  networking.firewall.allowedTCPPorts = [8888];
+}