podman: add darwin support with machine management

- restructure module from `podman-linux` to platform-agnostic `podman`
- move linux-specific implementation to `modules/services/podman/linux/`
- add darwin module with declarative machine management
- implement launchd-based watchdog for auto-starting machines
- maintains backward compatibility with existing linux functionality

Author: delafthi

modules/services/podman/darwin.nix

@@ -0,0 +1,229 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+let
+  inherit (lib)
+    attrNames
+    concatStringsSep
+    filterAttrs
+    mapAttrs'
+    mkIf
+    mkOption
+    nameValuePair
+    optionalString
+    types
+    ;
+
+  cfg = config.services.podman;
+
+  machineDefinitionType = types.submodule {
+    options = {
+      cpus = mkOption {
+        type = types.ints.positive;
+        default = 4;
+        example = 2;
+        description = "Number of CPUs to allocate to the machine.";
+      };
+
+      memory = mkOption {
+        type = types.ints.positive;
+        default = 2048;
+        example = 8192;
+        description = "Memory in MB to allocate to the machine.";
+      };
+
+      diskSize = mkOption {
+        type = types.ints.positive;
+        default = 100;
+        example = 200;
+        description = "Disk size in GB for the machine.";
+      };
+
+      rootful = mkOption {
+        type = types.bool;
+        default = false;
+        description = ''
+          Whether to run the machine in rootful mode.
+          Rootful mode runs containers as root inside the VM.
+        '';
+      };
+
+      autoStart = mkOption {
+        type = types.bool;
+        default = true;
+        description = "Whether to automatically start this machine on login.";
+      };
+
+      watchdogInterval = mkOption {
+        type = types.ints.positive;
+        default = 30;
+        example = 60;
+        description = "Interval in seconds to check if the machine is running.";
+      };
+    };
+  };
+
+  mkWatchdogScript =
+    name: machine:
+    pkgs.writeShellScript "podman-machine-watchdog-${name}" ''
+      set -euo pipefail
+
+      MACHINE_NAME="${name}"
+      INTERVAL=${toString machine.watchdogInterval}
+      PODMAN="${lib.getExe cfg.package}"
+
+      log() {
+        echo "[$(date '+%Y-%m-%d %H:%M:%S')] $*" >&2
+      }
+
+      check_and_start() {
+        local state
+        state=$($PODMAN machine inspect "$MACHINE_NAME" --format '{{.State}}' 2>/dev/null || echo "unknown")
+
+        case "$state" in
+          running)
+            return 0
+            ;;
+          stopped|unknown)
+            log "Machine '$MACHINE_NAME' is starting..."
+            if $PODMAN machine start "$MACHINE_NAME" 2>&1 | while IFS= read -r line; do log "$line"; done; then
+              log "Machine '$MACHINE_NAME' started successfully"
+              return 0
+            else
+              log "Failed to start machine '$MACHINE_NAME'"
+              return 1
+            fi
+            ;;
+          *)
+            log "Machine '$MACHINE_NAME' is $state"
+            return 1
+            ;;
+        esac
+      }
+
+      log "Starting watchdog for machine '$MACHINE_NAME' (check interval: ''${INTERVAL}s)"
+
+      while true; do
+        check_and_start || true
+        sleep "$INTERVAL"
+      done
+    '';
+in
+{
+  options.services.podman.darwin = {
+    useDefaultMachine = mkOption {
+      type = types.bool;
+      default = true;
+      description = ''
+        Whether to create and use the default podman machine.
+
+        The default machine will be named `podman-machine-default` and configured with:
+        - 4 CPUs
+        - 2048 MB RAM
+        - 100 GB disk
+        - Rootless mode
+        - Auto-start enabled
+      '';
+    };
+
+    machines = mkOption {
+      type = types.attrsOf machineDefinitionType;
+      default = { };
+      description = "Declarative podman machine configurations.";
+      example = lib.literalExpression ''
+        {
+          "dev-machine" = {
+            cpus = 4;
+            memory = 8192;
+            diskSize = 100;
+            rootful = false;
+            autoStart = true;
+            watchdogInterval = 30;
+          };
+          "testing" = {
+            cpus = 2;
+            memory = 4096;
+            diskSize = 50;
+            rootful = false;
+            autoStart = false;
+          };
+        }
+      '';
+    };
+  };
+
+  config =
+    let
+      podmanCmd = lib.getExe cfg.package;
+      allMachines =
+        cfg.darwin.machines
+        // (
+          if cfg.darwin.useDefaultMachine then
+            {
+              "podman-machine-default" = {
+                cpus = 4;
+                memory = 2048;
+                diskSize = 100;
+                rootful = false;
+                autoStart = true;
+                watchdogInterval = 30;
+              };
+            }
+          else
+            { }
+        );
+      autoStartMachines = filterAttrs (_name: machine: machine.autoStart) allMachines;
+    in
+    mkIf (cfg.enable && pkgs.stdenv.isDarwin) {
+
+      home.activation.podmanMachines =
+        let
+          mkMachineInitScript = name: machine: ''
+            if ! ${podmanCmd} machine list --format '{{.Name}}' 2>/dev/null | sed 's/\*$//' | grep -q '^${name}$'; then
+              echo "Creating podman machine: ${name}"
+              ${podmanCmd} machine init ${name} \
+                --cpus ${toString machine.cpus} \
+                --memory ${toString machine.memory} \
+                --disk-size ${toString machine.diskSize} \
+                ${optionalString machine.rootful "--rootful"}
+            fi
+          '';
+
+        in
+        lib.hm.dag.entryAfter [ "writeBoundary" ] ''
+          PATH="${cfg.package}/bin:$PATH"
+
+          ${concatStringsSep "\n" (lib.mapAttrsToList mkMachineInitScript allMachines)}
+
+          MANAGED_MACHINES="${concatStringsSep " " (attrNames allMachines)}"
+          EXISTING_MACHINES=$(${podmanCmd} machine list --format '{{.Name}}' 2>/dev/null | sed 's/\*$//' || echo "")
+
+          for machine in $EXISTING_MACHINES; do
+            if [[ ! " $MANAGED_MACHINES " =~ " $machine " ]]; then
+              echo "Removing unmanaged podman machine: $machine"
+              ${podmanCmd} machine stop "$machine" 2>/dev/null || true
+              ${podmanCmd} machine rm -f "$machine"
+            fi
+          done
+        '';
+
+      launchd.agents = mapAttrs' (
+        name: machine:
+        nameValuePair "podman-machine-${name}" {
+          enable = true;
+          config = {
+            ProgramArguments = [ "${mkWatchdogScript name machine}" ];
+            KeepAlive = {
+              Crashed = true;
+              SuccessfulExit = false;
+            };
+            ProcessType = "Background";
+            RunAtLoad = true;
+          };
+        }
+      ) autoStartMachines;
+    };
+}

modules/services/podman-linux/default.nix renamed to modules/services/podman/default.nix

@@ -12,21 +12,19 @@ in
   meta.maintainers = [
     lib.hm.maintainers.bamhm182
     lib.maintainers.n-hass
+    lib.maintainers.delafthi
   ];
 
   imports = [
-    ./builds.nix
-    ./containers.nix
-    ./images.nix
-    ./install-quadlet.nix
-    ./networks.nix
-    ./services.nix
-    ./volumes.nix
+    ./linux/default.nix
+    ./darwin.nix
   ];
 
   options.services.podman = {
     enable = lib.mkEnableOption "Podman, a daemonless container engine";
 
+    package = lib.mkPackageOption pkgs "podman" { };
+
     settings = {
       containers = lib.mkOption {
         type = toml.type;
@@ -94,28 +92,6 @@ in
   };
 
   config = lib.mkIf cfg.enable {
-    assertions = [ (lib.hm.assertions.assertPlatform "podman" pkgs lib.platforms.linux) ];
-
     home.packages = [ cfg.package ];
-
-    services.podman.settings.storage = {
-      storage.driver = lib.mkDefault "overlay";
-    };
-
-    xdg.configFile = {
-      "containers/policy.json".source =
-        if cfg.settings.policy != { } then
-          pkgs.writeText "policy.json" (builtins.toJSON cfg.settings.policy)
-        else
-          "${pkgs.skopeo.policy}/default-policy.json";
-      "containers/registries.conf".source = toml.generate "registries.conf" {
-        registries = lib.mapAttrs (n: v: { registries = v; }) cfg.settings.registries;
-      };
-      "containers/storage.conf".source = toml.generate "storage.conf" cfg.settings.storage;
-      "containers/containers.conf".source = toml.generate "containers.conf" cfg.settings.containers;
-      "containers/mounts.conf" = lib.mkIf (cfg.settings.mounts != [ ]) {
-        text = builtins.concatStringsSep "\n" cfg.settings.mounts;
-      };
-    };
   };
 }

modules/services/podman-linux/activation.nix renamed to modules/services/podman/linux/activation.nix

@@ -182,7 +182,7 @@ in
     let
       buildQuadlets = lib.mapAttrsToList toQuadletInternal cfg.builds;
     in
-    lib.mkIf cfg.enable {
+    lib.mkIf (cfg.enable && pkgs.stdenv.isLinux) {
       services.podman.internal.quadletDefinitions = buildQuadlets;
       assertions = lib.flatten (map (build: build.assertions) buildQuadlets);
 

modules/services/podman-linux/builds.nix renamed to modules/services/podman/linux/builds.nix

@@ -401,7 +401,7 @@ in
     let
       containerQuadlets = lib.mapAttrsToList toQuadletInternal cfg.containers;
     in
-    lib.mkIf cfg.enable {
+    lib.mkIf (cfg.enable && pkgs.stdenv.isLinux) {
       services.podman.internal.quadletDefinitions = containerQuadlets;
       assertions = lib.flatten (map (container: container.assertions) containerQuadlets);
 

modules/services/podman-linux/containers.nix renamed to modules/services/podman/linux/containers.nix

@@ -0,0 +1,46 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+let
+  cfg = config.services.podman;
+  toml = pkgs.formats.toml { };
+in
+{
+  imports = [
+    ./options.nix
+    ./builds.nix
+    ./containers.nix
+    ./images.nix
+    ./install-quadlet.nix
+    ./networks.nix
+    ./services.nix
+    ./volumes.nix
+  ];
+
+  config = lib.mkIf (cfg.enable && pkgs.stdenv.isLinux) {
+    home.packages = [ cfg.package ];
+
+    services.podman.settings.storage = {
+      storage.driver = lib.mkDefault "overlay";
+    };
+
+    xdg.configFile = {
+      "containers/policy.json".source =
+        if cfg.settings.policy != { } then
+          pkgs.writeText "policy.json" (builtins.toJSON cfg.settings.policy)
+        else
+          "${pkgs.skopeo.policy}/default-policy.json";
+      "containers/registries.conf".source = toml.generate "registries.conf" {
+        registries = lib.mapAttrs (n: v: { registries = v; }) cfg.settings.registries;
+      };
+      "containers/storage.conf".source = toml.generate "storage.conf" cfg.settings.storage;
+      "containers/containers.conf".source = toml.generate "containers.conf" cfg.settings.containers;
+      "containers/mounts.conf" = lib.mkIf (cfg.settings.mounts != [ ]) {
+        text = builtins.concatStringsSep "\n" cfg.settings.mounts;
+      };
+    };
+  };
+}

modules/services/podman/linux/default.nix

@@ -165,7 +165,7 @@ in
     let
       imageQuadlets = lib.mapAttrsToList toQuadletInternal cfg.images;
     in
-    lib.mkIf cfg.enable {
+    lib.mkIf (cfg.enable && pkgs.stdenv.isLinux) {
       services.podman.internal.quadletDefinitions = imageQuadlets;
       assertions = lib.flatten (map (image: image.assertions) imageQuadlets);
     };

modules/services/podman-linux/images.nix renamed to modules/services/podman/linux/images.nix

@@ -99,7 +99,7 @@ in
 {
   imports = [ ./options.nix ];
 
-  config = lib.mkIf cfg.enable {
+  config = lib.mkIf (cfg.enable && pkgs.stdenv.isLinux) {
     home.file = generateSystemdFileLinks allUnitFiles;
 
     # if the length of builtQuadlets is 0, then we don't need register the activation script

modules/services/podman-linux/install-quadlet.nix renamed to modules/services/podman/linux/install-quadlet.nix

@@ -180,7 +180,7 @@ in
     let
       networkQuadlets = lib.mapAttrsToList toQuadletInternal cfg.networks;
     in
-    lib.mkIf cfg.enable {
+    lib.mkIf (cfg.enable && pkgs.stdenv.isLinux) {
       services.podman.internal.quadletDefinitions = networkQuadlets;
       assertions = lib.flatten (map (network: network.assertions) networkQuadlets);
 

modules/services/podman-linux/networks.nix renamed to modules/services/podman/linux/networks.nix

@@ -56,8 +56,6 @@ in
       };
     };
 
-    package = lib.mkPackageOption pkgs "podman" { };
-
     enableTypeChecks = lib.mkEnableOption "type checks for podman quadlets";
   };
 }