modules/podman: init

1 files changed, 43 insertions, 0 deletions

diff --git a/modules/workstation/podman/default.nix b/modules/workstation/podman/default.nix
new file mode 100644
index 000000000000..491c3786cfd0
--- /dev/null
+++ b/modules/workstation/podman/default.nix
@@ -0,0 +1,43 @@
+{ pkgs, ... }:
+
+{
+  environment.etc."containers/libpod.conf".text = ''
+    runtime_path = ["${pkgs.runc}/bin/runc"]
+    conmon_path = ["${pkgs.conmon}/bin/conmon"]
+  '';
+
+  environment.etc."containers/policy.json".text = builtins.toJSON {
+    # Not insecure when I'm manually pulling images on a workstation.
+    default = [ { type = "insecureAcceptAnything"; } ];
+  };
+
+  environment.etc."containers/registries.conf".text = ''
+    [registries.search]
+    registries = ['docker.io']
+  '';
+
+  environment.systemPackages = with pkgs;
+    let
+      podman-bin = writeShellScriptBin "podman" ''
+        HOME="$XDG_CONFIG_HOME/podman"
+        exec ${podman}/bin/podman "$@"
+      '';
+    in
+      [ podman-bin podman.man runc conmon slirp4netns ];
+
+  xdg.config.users.qyliss.paths."podman/.config/containers/libpod.conf" =
+    pkgs.writeText "libpod.conf" ''
+      runtime_path = ["${pkgs.runc}/bin/runc"]
+      conmon_path = ["${pkgs.conmon}/bin/conmon"]
+    '';
+
+  xdg.config.users.qyliss.paths."podman/.config/containers/storage.conf" =
+    pkgs.writeText "storage.conf" ''
+      [storage]
+      driver = "vfs"
+      runroot = "/tmp/1000"
+      graphroot = "/home/state/podman/containers/storage"
+    '';
+
+  home.qyliss.dirs."state/podman" = {};
+}