Difference between revisions of "Podman"
From NixOS Wiki
m |
Nrabulinski (talk | contribs) m (Removed a comment which depicted the same snipped that's already present) |
||
| (11 intermediate revisions by 11 users not shown) | |||
| Line 12: | Line 12: | ||
# Create a `docker` alias for podman, to use it as a drop-in replacement | # Create a `docker` alias for podman, to use it as a drop-in replacement | ||
dockerCompat = true; | dockerCompat = true; | ||
| + | |||
| + | # Required for containers under podman-compose to be able to talk to each other. | ||
| + | defaultNetwork.settings.dns_enabled = true; | ||
}; | }; | ||
}; | }; | ||
} | } | ||
</syntaxHighlight> | </syntaxHighlight> | ||
| + | |||
| + | === podman-compose === | ||
| + | <code>podman-compose</code> is a drop-in replacement for <code>docker-compose</code> | ||
=== Using podman with ZFS === | === Using podman with ZFS === | ||
| − | + | Rootless can't use ZFS directly but the overlay needs POSIX ACL enabled for the underlying ZFS filesystem, ie., <code>acltype=posixacl</code> | |
| − | < | ||
| − | |||
| − | </ | ||
| − | + | Best to mount a dataset under <code>/var/lib/containers/storage</code> with property <code>acltype=posixacl</code>. | |
== Use Podman within nix-shell == | == Use Podman within nix-shell == | ||
| Line 30: | Line 33: | ||
https://gist.github.com/adisbladis/187204cb772800489ee3dac4acdd9947 | https://gist.github.com/adisbladis/187204cb772800489ee3dac4acdd9947 | ||
| − | Note that rootless podman requires newuidmap (from shadow). If you're not on NixOS, this | + | Note that rootless podman requires newuidmap (from shadow). If you're not on NixOS, this cannot be supplied by the Nix package 'shadow' since [https://nixos.org/manual/nix/unstable/expressions/derivations.html setuid/setgid programs are not currently supported by Nix]. |
== Run Podman containers as systemd services == | == Run Podman containers as systemd services == | ||
| Line 46: | Line 49: | ||
} | } | ||
</syntaxHighlight> | </syntaxHighlight> | ||
| + | |||
| + | [[Category: Applications]] | ||
Latest revision as of 18:54, 2 November 2023
Podman can run rootless containers and be a drop-in replacement for Docker.
Contents
Install and configure podman with NixOS service configuration
{ pkgs, ... }:
{
virtualisation = {
podman = {
enable = true;
# Create a `docker` alias for podman, to use it as a drop-in replacement
dockerCompat = true;
# Required for containers under podman-compose to be able to talk to each other.
defaultNetwork.settings.dns_enabled = true;
};
};
}
podman-compose
podman-compose is a drop-in replacement for docker-compose
Using podman with ZFS
Rootless can't use ZFS directly but the overlay needs POSIX ACL enabled for the underlying ZFS filesystem, ie., acltype=posixacl
Best to mount a dataset under /var/lib/containers/storage with property acltype=posixacl.
Use Podman within nix-shell
https://gist.github.com/adisbladis/187204cb772800489ee3dac4acdd9947
Note that rootless podman requires newuidmap (from shadow). If you're not on NixOS, this cannot be supplied by the Nix package 'shadow' since setuid/setgid programs are not currently supported by Nix.
Run Podman containers as systemd services
{
virtualisation.oci-containers.backend = "podman";
virtualisation.oci-containers.containers = {
container-name = {
image = "container-image";
autoStart = true;
ports = [ "127.0.0.1:1234:1234" ];
};
};
}