From 1b755432ccd4017d0fd5c33d59eadf2275705f83 Mon Sep 17 00:00:00 2001
From: Daniel Flanagan <daniel@lyte.dev>
Date: Wed, 24 Jul 2024 13:05:09 -0500
Subject: [PATCH] Socks

---
 modules/nixos/default.nix |  2 ++
 nixos/beefcake.nix        | 13 +++++++++++++
 2 files changed, 15 insertions(+)

diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix
index 7282955..f3e703e 100644
--- a/modules/nixos/default.nix
+++ b/modules/nixos/default.nix
@@ -618,7 +618,9 @@
       podman = {
         enable = true;
         dockerCompat = true;
+        dockerSocket.enable = true;
         defaultNetwork.settings.dns_enabled = true;
+        # networkSocket.enable = true;
       };
 
       oci-containers = {
diff --git a/nixos/beefcake.nix b/nixos/beefcake.nix
index 1f45169..a1d9cad 100644
--- a/nixos/beefcake.nix
+++ b/nixos/beefcake.nix
@@ -751,6 +751,11 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
           enable = true;
           name = "beefcake";
           url = "https://git.lyte.dev";
+          settings = {
+            container = {
+              network = "podman";
+            };
+          };
           labels = [
             # type ":host" does not depend on docker/podman/lxc
             "podman"
@@ -1007,6 +1012,14 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
   # should I be using btrfs subvolumes? can I capture file ownership, perimssions, and ACLs?
 
   virtualisation.oci-containers.backend = "podman";
+  virtualisation.podman = {
+    # autoPrune.enable = true;
+    defaultNetwork.settings = {
+      # this lets any podman container access host services
+      # primarily did this so runner actions running podman containers can hit git.lyte.dev
+      driver = "host";
+    };
+  };
   environment.systemPackages = with pkgs; [
     linuxquota
     htop