Difference between revisions of "Podman"
From NixOS Wiki
m |
Malteneuss (talk | contribs) m (Add further useful tools) |
||
| (15 intermediate revisions by 15 users not shown) | |||
| Line 6: | Line 6: | ||
{ pkgs, ... }: | { pkgs, ... }: | ||
{ | { | ||
| + | # Enable common container config files in /etc/containers | ||
| + | virtualisation.containers.enable = true; | ||
virtualisation = { | virtualisation = { | ||
podman = { | podman = { | ||
| Line 12: | Line 14: | ||
# Create a `docker` alias for podman, to use it as a drop-in replacement | # Create a `docker` alias for podman, to use it as a drop-in replacement | ||
dockerCompat = true; | dockerCompat = true; | ||
| + | |||
| + | # Required for containers under podman-compose to be able to talk to each other. | ||
| + | defaultNetwork.settings.dns_enabled = true; | ||
}; | }; | ||
}; | }; | ||
| + | |||
| + | # Useful otherdevelopment tools | ||
| + | environment.systemPackages = with pkgs; [ | ||
| + | dive # look into docker image layers | ||
| + | podman-tui # status of containers in the terminal | ||
| + | docker-compose # start group of containers for dev | ||
| + | #podman-compose # start group of containers for dev | ||
| + | ]; | ||
} | } | ||
</syntaxHighlight> | </syntaxHighlight> | ||
| + | |||
| + | === podman-compose === | ||
| + | <code>podman-compose</code> is a drop-in replacement for <code>docker-compose</code> | ||
=== Using podman with ZFS === | === Using podman with ZFS === | ||
| − | + | Rootless can't use ZFS directly but the overlay needs POSIX ACL enabled for the underlying ZFS filesystem, ie., <code>acltype=posixacl</code> | |
| − | < | ||
| − | |||
| − | </ | ||
| − | + | Best to mount a dataset under <code>/var/lib/containers/storage</code> with property <code>acltype=posixacl</code>. | |
== Use Podman within nix-shell == | == Use Podman within nix-shell == | ||
| Line 30: | Line 43: | ||
https://gist.github.com/adisbladis/187204cb772800489ee3dac4acdd9947 | https://gist.github.com/adisbladis/187204cb772800489ee3dac4acdd9947 | ||
| − | Note that rootless podman requires newuidmap (from shadow). If you're not on NixOS, this | + | Note that rootless podman requires newuidmap (from shadow). If you're not on NixOS, this cannot be supplied by the Nix package 'shadow' since [https://nixos.org/manual/nix/unstable/expressions/derivations.html setuid/setgid programs are not currently supported by Nix]. |
== Run Podman containers as systemd services == | == Run Podman containers as systemd services == | ||
| Line 46: | Line 59: | ||
} | } | ||
</syntaxHighlight> | </syntaxHighlight> | ||
| + | |||
| + | [[Category: Applications]] | ||
Latest revision as of 06:49, 7 April 2024
Podman can run rootless containers and be a drop-in replacement for Docker.
Install and configure podman with NixOS service configuration
{ pkgs, ... }:
{
# Enable common container config files in /etc/containers
virtualisation.containers.enable = true;
virtualisation = {
podman = {
enable = true;
# Create a `docker` alias for podman, to use it as a drop-in replacement
dockerCompat = true;
# Required for containers under podman-compose to be able to talk to each other.
defaultNetwork.settings.dns_enabled = true;
};
};
# Useful otherdevelopment tools
environment.systemPackages = with pkgs; [
dive # look into docker image layers
podman-tui # status of containers in the terminal
docker-compose # start group of containers for dev
#podman-compose # start group of containers for dev
];
}
podman-compose
podman-compose is a drop-in replacement for docker-compose
Using podman with ZFS
Rootless can't use ZFS directly but the overlay needs POSIX ACL enabled for the underlying ZFS filesystem, ie., acltype=posixacl
Best to mount a dataset under /var/lib/containers/storage with property acltype=posixacl.
Use Podman within nix-shell
https://gist.github.com/adisbladis/187204cb772800489ee3dac4acdd9947
Note that rootless podman requires newuidmap (from shadow). If you're not on NixOS, this cannot be supplied by the Nix package 'shadow' since setuid/setgid programs are not currently supported by Nix.
Run Podman containers as systemd services
{
virtualisation.oci-containers.backend = "podman";
virtualisation.oci-containers.containers = {
container-name = {
image = "container-image";
autoStart = true;
ports = [ "127.0.0.1:1234:1234" ];
};
};
}