feat: use quadlet instead of oci on vps

2025-08-21 04:36:11 +03:00 · 2025-08-21 04:36:11 +03:00 · e26263fb2b
commit e26263fb2b
parent 3f7f608aba
3 changed files with 47 additions and 39 deletions
--- a/hosts/blueshift/services.nix
+++ b/hosts/blueshift/services.nix
@ -37,12 +37,12 @@ in
    let
      nginx = {
        sopsFile = secretsDir + /blueshift/nginx.yaml;
-        restartUnits = [ "podman-nginx.service" ];
+        restartUnits = [ "nginx.service" ];
      };
      marzban = {
        format = "dotenv";
        sopsFile = secretsDir + /blueshift/marzban.env;
-        restartUnits = [ "podman-marzban.service" ];
+        restartUnits = [ "marzban.service" ];
      };
    in
    {
@ -52,27 +52,31 @@ in
      inherit marzban;
    };
-  virtualisation.oci-containers.containers = {
+  virtualisation.quadlet.containers = {
    marzban = {
      autoStart = true;
-      # Tags: v0.8.4
+      containerConfig = {
-      image = "ghcr.io/gozargah/marzban@sha256:8e422c21997e5d2e3fa231eeff73c0a19193c20fc02fa4958e9368abb9623b8d";
+        # Tags: v0.8.4
-      environmentFiles = [ marzban-env ];
+        image = "ghcr.io/gozargah/marzban@sha256:8e422c21997e5d2e3fa231eeff73c0a19193c20fc02fa4958e9368abb9623b8d";
-      extraOptions = [ "--network=host" ];
+        environmentFiles = [ marzban-env ];
-      volumes = [
+        networks = [ "host" ];
-        "/srv/marzban:/var/lib/marzban"
+        volumes = [
-      ];
+          "/srv/marzban:/var/lib/marzban"
        ];
      };
    };
    nginx = {
      autoStart = true;
-      # Tags: mainline-alpine3.21, mainline-alpine, alpine3.21
+      containerConfig = {
-      image = "docker.io/nginx@sha256:e4efffc3236305ae53fb54e5cd76c9ccac0cebf7a23d436a8f91bce6402c2665";
+        # Tags: mainline-alpine3.21, mainline-alpine, alpine3.21
-      extraOptions = [ "--network=host" ];
+        image = "docker.io/nginx@sha256:e4efffc3236305ae53fb54e5cd76c9ccac0cebf7a23d436a8f91bce6402c2665";
-      volumes = [
+        networks = [ "host" ];
-        "${cert-key}:/etc/ssl/certs/cf-cert.key:ro"
+        volumes = [
-        "${cert-pem}:/etc/ssl/certs/cf-cert.pem:ro"
+          "${cert-key}:/etc/ssl/certs/cf-cert.key:ro"
-        "${nginx-conf}:/etc/nginx/nginx.conf:ro"
+          "${cert-pem}:/etc/ssl/certs/cf-cert.pem:ro"
-      ];
+          "${nginx-conf}:/etc/nginx/nginx.conf:ro"
        ];
      };
    };
  };
--- a/hosts/redshift/services.nix
+++ b/hosts/redshift/services.nix
@ -38,12 +38,12 @@ in
    let
      nginx = {
        sopsFile = secretsDir + /redshift/nginx.yaml;
-        restartUnits = [ "podman-nginx.service" ];
+        restartUnits = [ "nginx.service" ];
      };
      marzban = {
        format = "dotenv";
        sopsFile = secretsDir + /redshift/marzban.env;
-        restartUnits = [ "podman-marzban.service" ];
+        restartUnits = [ "marzban.service" ];
      };
    in
    {
@ -53,27 +53,31 @@ in
      inherit marzban;
    };
-  virtualisation.oci-containers.containers = {
+  virtualisation.quadlet.containers = {
    marzban = {
      autoStart = true;
-      # Tags: v0.8.4
+      containerConfig = {
-      image = "ghcr.io/gozargah/marzban@sha256:8e422c21997e5d2e3fa231eeff73c0a19193c20fc02fa4958e9368abb9623b8d";
+        # Tags: v0.8.4
-      environmentFiles = [ marzban-env ];
+        image = "ghcr.io/gozargah/marzban@sha256:8e422c21997e5d2e3fa231eeff73c0a19193c20fc02fa4958e9368abb9623b8d";
-      extraOptions = [ "--network=host" ];
+        environmentFiles = [ marzban-env ];
-      volumes = [
+        networks = [ "host" ];
-        "/srv/marzban:/var/lib/marzban"
+        volumes = [
-      ];
+          "/srv/marzban:/var/lib/marzban"
        ];
      };
    };
    nginx = {
      autoStart = true;
-      # Tags: mainline-alpine3.21, mainline-alpine, alpine3.21
+      containerConfig = {
-      image = "docker.io/nginx@sha256:e4efffc3236305ae53fb54e5cd76c9ccac0cebf7a23d436a8f91bce6402c2665";
+        # Tags: mainline-alpine3.21, mainline-alpine, alpine3.21
-      extraOptions = [ "--network=host" ];
+        image = "docker.io/nginx@sha256:e4efffc3236305ae53fb54e5cd76c9ccac0cebf7a23d436a8f91bce6402c2665";
-      volumes = [
+        networks = [ "host" ];
-        "${cert-key}:/etc/ssl/certs/cf-cert.key:ro"
+        volumes = [
-        "${cert-pem}:/etc/ssl/certs/cf-cert.pem:ro"
+          "${cert-key}:/etc/ssl/certs/cf-cert.key:ro"
-        "${nginx-conf}:/etc/nginx/nginx.conf:ro"
+          "${cert-pem}:/etc/ssl/certs/cf-cert.pem:ro"
-      ];
+          "${nginx-conf}:/etc/nginx/nginx.conf:ro"
        ];
      };
    };
  };
--- a/secrets/blueshift/nginx.yaml
+++ b/secrets/blueshift/nginx.yaml