nixos/podman: Create docker socket symlink via socket unit (#305803)

This ensures that both "sockets" are available after sockets.target.
See https://github.com/hercules-ci/arion/issues/238

1 files changed, 5 insertions, 5 deletions

diff --git a/nixos/modules/virtualisation/podman/default.nix b/nixos/modules/virtualisation/podman/default.nix
index 4b1b67ac9444..deb0b4d2c5bd 100644
--- a/nixos/modules/virtualisation/podman/default.nix
+++ b/nixos/modules/virtualisation/podman/default.nix
@@ -219,6 +219,11 @@ in
       systemd.services.podman.environment = config.networking.proxy.envVars;
       systemd.sockets.podman.wantedBy = [ "sockets.target" ];
       systemd.sockets.podman.socketConfig.SocketGroup = "podman";
+      # Podman does not support multiple sockets, as of podman 5.0.2, so we use
+      # a symlink. Unfortunately this does not let us use an alternate group,
+      # such as `docker`.
+      systemd.sockets.podman.socketConfig.Symlinks =
+        lib.mkIf cfg.dockerSocket.enable [ "/run/docker.sock" ];
 
       systemd.user.services.podman.environment = config.networking.proxy.envVars;
       systemd.user.sockets.podman.wantedBy = [ "sockets.target" ];
@@ -239,11 +244,6 @@ in
         '')
       ];
 
-      systemd.tmpfiles.rules =
-        lib.optionals cfg.dockerSocket.enable [
-          "L! /run/docker.sock - - - - /run/podman/podman.sock"
-        ];
-
       users.groups.podman = { };
 
       assertions = [