Podman: Difference between revisions

← Older edit

Retrieved from "https://wiki.nixos.org/wiki/Podman"

@@ Line 1: / Line 1: @@
-Podman can run rootless containers and be a drop-in replacement for Docker.
+[https://podman.io/ Podman] can run rootless containers and be a drop-in replacement for [[Docker]].
-== Install and configure podman with NixOS service configuration ==
+== Setup ==
+To enable Podman support, add following lines to your system configuration<syntaxhighlight lang="nix">
+# Enable common container config files in /etc/containers
+virtualisation.containers.enable = true;
+virtualisation = {
+  podman = {
+    enable = true;
+    # Create a `docker` alias for podman, to use it as a drop-in replacement
+    dockerCompat = true;
+    # Required for containers under podman-compose to be able to talk to each other.
+    defaultNetwork.settings.dns_enabled = true;
+  };
+};
-<syntaxHighlight lang="nix">
+users.users.myuser = {
-{ pkgs, ... }:
+   isNormalUser = true;
-{
+  extraGroups = [ "podman" ];
-   virtualisation = {
+};
-    podman = {
+</syntaxhighlight>Replace <code>myuser</code> with your current user. A reboot or re-login might be required for the permissions to take effect after applying changes.
-      enable = true;
-      # Create a `docker` alias for podman, to use it as a drop-in replacement
+== Tips and tricks ==
-      dockerCompat = true;
-      # Required for containers under podman-compose to be able to talk to each other.
-      defaultNetwork.settings.dns_enabled = true;
-    };
-  };
-}
-</syntaxHighlight>
 === podman-compose ===
@@ Line 25: / Line 28: @@
 === Using podman with ZFS ===
-Rootless can't use ZFS directly but the overlay needs POSIX ACL enabled for the underlying ZFS filesystem, ie., <code>acltype=posixacl</code>
+Rootless can't use [[ZFS]] directly but the overlay needs POSIX ACL enabled for the underlying ZFS filesystem, ie., <code>acltype=posixacl</code>
 Best to mount a dataset under <code>/var/lib/containers/storage</code> with property <code>acltype=posixacl</code>.
-== Use Podman within nix-shell ==
+=== Use Podman within nix-shell ===
 https://gist.github.com/adisbladis/187204cb772800489ee3dac4acdd9947
 Note that rootless podman requires newuidmap (from shadow). If you're not on NixOS, this cannot be supplied by the Nix package 'shadow' since [https://nixos.org/manual/nix/unstable/expressions/derivations.html setuid/setgid programs are not currently supported by Nix].
-== Run Podman containers as systemd services ==
+=== Run Podman containers as systemd services ===
 <syntaxHighlight lang="nix">
 {
@@ Line 50: / Line 51: @@
 </syntaxHighlight>
-[[Category: Applications]]
+=== Run cross-architecture containers with binfmt/qemu ===
+<syntaxHighlight lang="nix">
+boot.binfmt = {
+  emulatedSystems = [ "aarch64-linux" ];
+  preferStaticEmulators = true; # required to work with podman
+};
+</syntaxHighlight>
+<syntaxHighlight lang="sh">
+$ podman run --arch arm64 'docker.io/alpine:latest' arch
+aarch64
+</syntaxHighlight>
+=== DevContainer ===
+To use DevContainer with Podman, it is possible that the process of creation of containers is stuck a `Please select an image URL`.
+To avoid this issue, restrict the amount of registries in either `/etc/containers/registries.conf`:
+<syntaxHighlight lang="nix">
+  environment.etc."containers/registries.conf".text = ''
+    [registries.search]
+    registries = ['docker.io']
+  '';
+</syntaxHighlight>
+or `~/.config/containers/registries` through Home Manager:
+<syntaxHighlight lang="nix">
+  xdg.configFile."containers/registries.conf".text = ''
+    [registries.search]
+    registries = ['docker.io']
+  '';
+</syntaxHighlight>
+<syntaxHighlight lang="nix">
+</syntaxHighlight>
+[[Category:Software]]
+[[Category:Server]]
+[[Category:Container]]