DoridianThanks to a forum post on the NixOS forums here https://discourse.nixos.org/t/unifi-os-server-on-nixos/76039
I have come up with a modified version of the UniFi OS Server setup that runs as a normal podman container:
- rootless if desired
- without privileged or any non-default capability/privilege flags
Stage 1: https://git.foxden.network/FoxDen/core/src/branch/main/nix/packages/unifi-os-server-image/package.nix
A package that rips the image out of the official binary:
Stage 2: https://git.foxden.network/FoxDen/core/src/branch/main/nix/modules/nixos/services/unifi-os-server.nix
Creates the actual OCI container (the "oci" field in my custom handler maps 1:1 to virtualization.oci-containers.[things], the "systemd" field maps 1:1 to the systemd podman-[things] service config for those curious)
UniFi OS Server on nixos
I was playing around with unifi nixos module and then I got the message that the unifi-controller software will not be updated anymore and only the new unifi os server / uosserver will be supported. Since i found the blog post Running UniFi OS Server in Docker | UniHosted , i knew that it was basically a podman oci image. Conclusion, here is a for me working nixos-module: module.nix: { config, lib, pkgs, ... }: let inherit (lib) mkEnableOption mkIf mkOption types...