From NixOS Wiki
Revision as of 04:21, 9 February 2022 by RohanHart (talk | contribs)
Jump to: navigation, search

Podman can run rootless containers and be a drop-in replacement for Docker.

Install and configure podman with NixOS service configuration

{ pkgs, ... }:
  virtualisation = {
    podman = {
      enable = true;

      # Create a `docker` alias for podman, to use it as a drop-in replacement
      dockerCompat = true;

Using podman with ZFS

For root using ZFS, podman needs access to the ZFS tools.

virtualisation.podman.extraPackages = [ pkgs.zfs ];

Rootless can't use ZFS directly but the overlay needs POSIX ACL enabled for the underlying ZFS filesystem, ie., acltype=posixacl

Use Podman within nix-shell


Note that rootless podman requires newuidmap (from shadow). If you're not on NixOS, this can't not be supplied by the Nix package 'shadow' since setuid/setgid programs are not currently supported by Nix.

Run Podman containers as systemd services

  virtualisation.oci-containers.backend = "podman";
  virtualisation.oci-containers.containers = {
    container-name = {
      image = "container-image";
      autoStart = true;
      ports = [ "" ];