Skip to content

Instantly share code, notes, and snippets.

@tilpner

tilpner/podman.nix Secret

Created February 10, 2019 12:19
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save tilpner/9e0159f759a633f24e888d4aca5fdb1b to your computer and use it in GitHub Desktop.
Save tilpner/9e0159f759a633f24e888d4aca5fdb1b to your computer and use it in GitHub Desktop.
Download ZIP
Raw
podman.nix
{ pkgs, ... }: {
users.primary = {
packages = with pkgs; [
podman
slirp4netns
(runCommand "docker" {} ''
mkdir -p $out/bin
ln -s ${podman}/bin/podman $out/bin/docker
'')
];
# TODO: This is going to fail miserably on multiple users
subUidRanges = [
{ startUid = 100000; count = 65536; }
];
subGidRanges = [
{ startGid = 100000; count = 65536; }
];
files.".config/containers/libpod.conf".text = ''
runtime_path=["${pkgs.runc}/bin/runc"]
conmon_path=["${pkgs.conmon}/bin/conmon"]
cni_config_dir="${pkgs.podman.out}/etc/cni/net.d"
'';
# TODO: generalise over multiple users
files.".config/containers/storage.conf".text = ''
[storage]
driver = "overlay"
runroot = "/run/user/1000"
graphroot = "/home/tilpner/.local/share/containers/storage"
[storage.options]
mount_program = "${pkgs.fuse-overlayfs}/bin/fuse-overlayfs"
'';
/*
files.".config/containers/storage.conf".text = ''
[storage]
driver = "vfs"
runroot = "/run/user/1000"
graphroot = "/home/tilpner/.local/share/containers/storage"
[storage.options]
mount_program = ""
'';
*/
};
environment.etc = {
"containers/registries.conf".text = ''
[registries.search]
registries=["docker.io"]
'';
"containers/policy.json".text = builtins.toJSON {
default = [
# oh no
{ type = "insecureAcceptAnything"; }
];
};
};
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment