move vnc-desktop from arion to oci-containers with --pids-limit=-1
docker-compose→podman-socket ignores containers.conf pids_limit and always creates the container with PidsLimit=2048, which KDE Plasma exhausts causing QThread creation failures and kcrash. Switching to virtualisation.oci-containers uses podman run directly so --pids-limit=-1 (unlimited) is respected. cgroup pids.max now shows "max" instead of 2048. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
parent
c51352e6fe
commit
9a6bbc8015
1 changed files with 14 additions and 5 deletions
|
|
@ -106,7 +106,6 @@ in {
|
|||
backend = "podman-socket";
|
||||
projects.forgejo.settings = import ./arion/arion-compose.nix;
|
||||
projects.riverside.settings = import ./arion-riverside/arion-compose.nix;
|
||||
projects.vnc-desktop.settings = import ./arion-vnc/arion-compose.nix;
|
||||
};
|
||||
|
||||
# The arion NixOS module sets backend = "podman-socket" but doesn't inject
|
||||
|
|
@ -114,16 +113,14 @@ in {
|
|||
# (no daemon). Point it at the podman-compatible socket instead.
|
||||
systemd.services.arion-forgejo.environment.DOCKER_HOST = "unix:///run/podman/podman.sock";
|
||||
systemd.services.arion-riverside.environment.DOCKER_HOST = "unix:///run/podman/podman.sock";
|
||||
systemd.services.arion-vnc-desktop.environment.DOCKER_HOST = "unix:///run/podman/podman.sock";
|
||||
systemd.services.arion-vnc-desktop.serviceConfig.TasksMax = "infinity";
|
||||
|
||||
# Build the VNC desktop image locally from the Dockerfile — no registry push/pull needed.
|
||||
# Nix copies the build context into the store; the hash changes when Dockerfile or
|
||||
# start.sh change, triggering a rebuild on the next nixos-rebuild switch.
|
||||
systemd.services.build-vnc-image = {
|
||||
description = "Build VNC desktop container image from Dockerfile";
|
||||
wantedBy = [ "arion-vnc-desktop.service" ];
|
||||
before = [ "arion-vnc-desktop.service" ];
|
||||
wantedBy = [ "podman-vnc-desktop.service" ];
|
||||
before = [ "podman-vnc-desktop.service" ];
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
RemainAfterExit = true;
|
||||
|
|
@ -229,6 +226,18 @@ in {
|
|||
# ports = ["8081:80"];
|
||||
# };
|
||||
|
||||
"vnc-desktop" = {
|
||||
autoStart = true;
|
||||
image = "forge.quinefoundation.com/ironmagma/vnc-desktop:latest";
|
||||
environmentFiles = [ config.age.secrets.vnc-password.path ];
|
||||
volumes = [ "/root/.ssh:/root/host-ssh:ro" ];
|
||||
ports = [ "127.0.0.1:6080:6080" ];
|
||||
extraOptions = [
|
||||
"--add-host=hetzner-host:host-gateway"
|
||||
"--pids-limit=-1"
|
||||
];
|
||||
};
|
||||
|
||||
"navidrome" = {
|
||||
autoStart = true;
|
||||
environment = {
|
||||
|
|
|
|||
Loading…
Reference in a new issue