move vnc-desktop from arion to oci-containers with --pids-limit=-1
docker-compose→podman-socket ignores containers.conf pids_limit and always creates the container with PidsLimit=2048, which KDE Plasma exhausts causing QThread creation failures and kcrash. Switching to virtualisation.oci-containers uses podman run directly so --pids-limit=-1 (unlimited) is respected. cgroup pids.max now shows "max" instead of 2048. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
parent
c51352e6fe
commit
9a6bbc8015
1 changed files with 14 additions and 5 deletions
|
|
@ -106,7 +106,6 @@ in {
|
||||||
backend = "podman-socket";
|
backend = "podman-socket";
|
||||||
projects.forgejo.settings = import ./arion/arion-compose.nix;
|
projects.forgejo.settings = import ./arion/arion-compose.nix;
|
||||||
projects.riverside.settings = import ./arion-riverside/arion-compose.nix;
|
projects.riverside.settings = import ./arion-riverside/arion-compose.nix;
|
||||||
projects.vnc-desktop.settings = import ./arion-vnc/arion-compose.nix;
|
|
||||||
};
|
};
|
||||||
|
|
||||||
# The arion NixOS module sets backend = "podman-socket" but doesn't inject
|
# The arion NixOS module sets backend = "podman-socket" but doesn't inject
|
||||||
|
|
@ -114,16 +113,14 @@ in {
|
||||||
# (no daemon). Point it at the podman-compatible socket instead.
|
# (no daemon). Point it at the podman-compatible socket instead.
|
||||||
systemd.services.arion-forgejo.environment.DOCKER_HOST = "unix:///run/podman/podman.sock";
|
systemd.services.arion-forgejo.environment.DOCKER_HOST = "unix:///run/podman/podman.sock";
|
||||||
systemd.services.arion-riverside.environment.DOCKER_HOST = "unix:///run/podman/podman.sock";
|
systemd.services.arion-riverside.environment.DOCKER_HOST = "unix:///run/podman/podman.sock";
|
||||||
systemd.services.arion-vnc-desktop.environment.DOCKER_HOST = "unix:///run/podman/podman.sock";
|
|
||||||
systemd.services.arion-vnc-desktop.serviceConfig.TasksMax = "infinity";
|
|
||||||
|
|
||||||
# Build the VNC desktop image locally from the Dockerfile — no registry push/pull needed.
|
# Build the VNC desktop image locally from the Dockerfile — no registry push/pull needed.
|
||||||
# Nix copies the build context into the store; the hash changes when Dockerfile or
|
# Nix copies the build context into the store; the hash changes when Dockerfile or
|
||||||
# start.sh change, triggering a rebuild on the next nixos-rebuild switch.
|
# start.sh change, triggering a rebuild on the next nixos-rebuild switch.
|
||||||
systemd.services.build-vnc-image = {
|
systemd.services.build-vnc-image = {
|
||||||
description = "Build VNC desktop container image from Dockerfile";
|
description = "Build VNC desktop container image from Dockerfile";
|
||||||
wantedBy = [ "arion-vnc-desktop.service" ];
|
wantedBy = [ "podman-vnc-desktop.service" ];
|
||||||
before = [ "arion-vnc-desktop.service" ];
|
before = [ "podman-vnc-desktop.service" ];
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
Type = "oneshot";
|
Type = "oneshot";
|
||||||
RemainAfterExit = true;
|
RemainAfterExit = true;
|
||||||
|
|
@ -229,6 +226,18 @@ in {
|
||||||
# ports = ["8081:80"];
|
# ports = ["8081:80"];
|
||||||
# };
|
# };
|
||||||
|
|
||||||
|
"vnc-desktop" = {
|
||||||
|
autoStart = true;
|
||||||
|
image = "forge.quinefoundation.com/ironmagma/vnc-desktop:latest";
|
||||||
|
environmentFiles = [ config.age.secrets.vnc-password.path ];
|
||||||
|
volumes = [ "/root/.ssh:/root/host-ssh:ro" ];
|
||||||
|
ports = [ "127.0.0.1:6080:6080" ];
|
||||||
|
extraOptions = [
|
||||||
|
"--add-host=hetzner-host:host-gateway"
|
||||||
|
"--pids-limit=-1"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
"navidrome" = {
|
"navidrome" = {
|
||||||
autoStart = true;
|
autoStart = true;
|
||||||
environment = {
|
environment = {
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue