From 768d9b4989fd242a420e8d4a3634985adbd429c7 Mon Sep 17 00:00:00 2001
From: JuliusFreudenberger <julius+git@jfreudenberger.de>
Date: Fri, 15 May 2026 10:47:38 +0200
Subject: [PATCH] Add hawser module

---
 modules/hawser.nix | 48 ++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 48 insertions(+)
 create mode 100644 modules/hawser.nix

diff --git a/modules/hawser.nix b/modules/hawser.nix
new file mode 100644
index 0000000..5d48686
--- /dev/null
+++ b/modules/hawser.nix
@@ -0,0 +1,48 @@
+{
+  config,
+  lib,
+  ...
+}:
+let
+  cfg = config.services.hawser;
+in {
+  options.services.hawser = {
+    enable = lib.mkEnableOption "hawser, the agent for Dockhand";
+    agentName = lib.mkOption {
+      description = "Name of the hawser agent";
+      default = config.networking.hostName;
+      type = lib.types.str;
+    };
+    dockhandServerUrl = lib.mkOption {
+      description = "Websocket endpoint the hawser agent can use to connect to dockhand.";
+      example = "wss://your-dockhand.example.com/api/hawser/connect";
+      type = lib.types.str;
+    };
+    tokenSecretFile = lib.mkOption {
+      description = "Agenix secret containing the token as environment variable TOKEN";
+      type = lib.types.anything;
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    virtualisation.oci-containers.containers = {
+      hawser = {
+        image = "ghcr.io/finsys/hawser:0.2.42";
+        volumes = [
+          "/var/run/docker.sock:/var/run/docker.sock"
+        ];
+        environment = {
+          STACKS_DIR = "/opt/hawser-stacks";
+          DOCKHAND_SERVER_URL = cfg.dockhandServerUrl;
+          AGENT_NAME = cfg.agentName;
+        };
+        environmentFiles = [
+          cfg.tokenSecretFile.path
+        ];
+        extraOptions = [
+          ''--mount=type=volume,source=hawser-data,target=/opt/hawser-stacks,volume-driver=local''
+        ];
+      };
+    };
+  };
+}