blob: 9e64fcb4807c37a62ea0792a7011fb2282f640fc (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
|
{ config, pkgs, ... }:
{
environment.etc."containers/libpod.conf".text = ''
runtime_path = ["${pkgs.runc}/bin/runc"]
conmon_path = ["${pkgs.conmon}/bin/conmon"]
'';
environment.etc."containers/policy.json".text = builtins.toJSON {
# Not insecure when I'm manually pulling images on a workstation.
default = [ { type = "insecureAcceptAnything"; } ];
};
environment.etc."containers/registries.conf".text = ''
[registries.search]
registries = ['docker.io']
'';
environment.systemPackages = with pkgs;
let
podman-bin = writeShellScriptBin "podman" ''
HOME="$XDG_CONFIG_HOME/podman"
exec ${podman}/bin/podman "$@"
'';
in
[ podman-bin podman.man runc conmon slirp4netns ];
users.users.qyliss.xdg.config.paths."podman/.config/containers/libpod.conf" =
pkgs.writeText "libpod.conf" ''
runtime_path = ["${pkgs.runc}/bin/runc"]
conmon_path = ["${pkgs.conmon}/bin/conmon"]
'';
users.users.qyliss.xdg.config.paths."podman/.config/containers/storage.conf" =
pkgs.writeText "storage.conf" ''
[storage]
driver = "zfs"
runroot = "/tmp/1000"
graphroot = "/home/state/podman/containers/storage"
'';
systemd.tmpfiles.rules = [
"d ${config.users.users.qyliss.home}/state/containers 0700 qyliss qyliss"
"d ${config.users.users.qyliss.home}/state/podman 0700 qyliss qyliss"
];
}
|