feat(servers): setup docker-compose backend with arion

devices/servivi/default.nix

@@ -6,6 +6,7 @@
     ../../modules/sshd.nix
     ../../modules/tailscale.nix
 
+    ./modules/arion
     ./modules/binary-cache.nix
     ./modules/borgbackup.nix
     ./modules/minecraft.nix

devices/servivi/modules/arion/default.nix

@@ -0,0 +1,54 @@
+{
+  arion,
+  config,
+  lib,
+  ...
+}:
+with lib;
+with builtins; let
+  user = config.vars.user;
+in {
+  imports = [arion.nixosModules.arion];
+
+  users.extraUsers.${user}.extraGroups = ["podman"];
+  home-manager.users.${user}.programs.bash.shellAliases = {
+    podman = "sudo podman ";
+  };
+
+  virtualisation = {
+    podman = {
+      enable = true;
+      dockerSocket.enable = true;
+      defaultNetwork.settings.dns_enabled = true;
+    };
+
+    arion = {
+      backend = "podman-socket";
+
+      projects = let
+        composeFiles =
+          filter (n: hasSuffix "compose.nix" (toString n))
+          (filesystem.listFilesRecursive ./.);
+
+        projects = listToAttrs (map (p: {
+            name = elemAt (match ".*\/(.*)\/compose\.nix" (toString p)) 0;
+            value = import p;
+          })
+          composeFiles);
+      in
+        mapAttrs (n: v: {
+          # https://docs.hercules-ci.com/arion/options
+          settings = {
+            enableDefaultNetwork = v.enableDefaultNetwork or true;
+            networks = optionalAttrs (hasAttr "networks" v) v.networks;
+
+            services = mapAttrs (n': v': {
+              image = optionalAttrs (hasAttr "customImage" v') v'.customImage;
+              service = filterAttrs (n: v: n != "customImage") v';
+            }) v.services;
+          };
+        })
+        projects;
+    };
+  };
+}