Podman: Difference between revisions

Line 1:

Podman can run rootless containers and be a drop-in replacement for [[Docker]].

== ~~Install and configure podman with NixOS service configuration~~ ==

== Setup ==

To enable Podman support, add following lines to your system configuration<syntaxhighlight lang="nix">

# Enable common container config files in /etc/containers

~~{ pkgs, ... }:~~

virtualisation.containers.enable = true;

{

virtualisation = {

# Enable common container config files in /etc/containers

podman = {

virtualisation.containers.enable = true;

enable = true;

virtualisation = {

# Create a `docker` alias for podman, to use it as a drop-in replacement

podman = {

dockerCompat = true;

enable = true;

# Required for containers under podman-compose to be able to talk to each other.

defaultNetwork.settings.dns_enabled = true;

# Create a `docker` alias for podman, to use it as a drop-in replacement

dockerCompat = true;

# Required for containers under podman-compose to be able to talk to each other.

defaultNetwork.settings.dns_enabled = true;

};

~~# Useful other development tools~~

~~environment.systemPackages = with pkgs; [~~

~~dive # look into docker image layers~~

~~podman-tui # status of containers in the terminal~~

~~#docker-compose # start group of containers for dev~~

~~podman-compose # start group of containers for dev~~

];

}

</syntaxhighlight>

== Tips and tricks ==

=== podman-compose ===

Line 39:

Line 28:

Best to mount a dataset under <code>/var/lib/containers/storage</code> with property <code>acltype=posixacl</code>.

== Use Podman within nix-shell ==

=== Use Podman within nix-shell ===

https://gist.github.com/adisbladis/187204cb772800489ee3dac4acdd9947

Note that rootless podman requires newuidmap (from shadow). If you're not on NixOS, this cannot be supplied by the Nix package 'shadow' since [https://nixos.org/manual/nix/unstable/expressions/derivations.html setuid/setgid programs are not currently supported by Nix].

== Run Podman containers as systemd services ==

=== Run Podman containers as systemd services ===

{

@@ Line 1: / Line 1: @@
 Podman can run rootless containers and be a drop-in replacement for [[Docker]].
-== Install and configure podman with NixOS service configuration ==
+== Setup ==
+To enable Podman support, add following lines to your system configuration<syntaxhighlight lang="nix">
-<syntaxhighlight lang="nix">
+# Enable common container config files in /etc/containers
-{ pkgs, ... }:
+virtualisation.containers.enable = true;
-{
+virtualisation = {
-  # Enable common container config files in /etc/containers
+  podman = {
-  virtualisation.containers.enable = true;
+    enable = true;
-  virtualisation = {
+    # Create a `docker` alias for podman, to use it as a drop-in replacement
-    podman = {
+    dockerCompat = true;
-      enable = true;
+    # Required for containers under podman-compose to be able to talk to each other.
+    defaultNetwork.settings.dns_enabled = true;
-      # Create a `docker` alias for podman, to use it as a drop-in replacement
-      dockerCompat = true;
-      # Required for containers under podman-compose to be able to talk to each other.
-      defaultNetwork.settings.dns_enabled = true;
-    };
    };
+};
-  # Useful other development tools
-  environment.systemPackages = with pkgs; [
-    dive            # look into docker image layers
-    podman-tui      # status of containers in the terminal
-    #docker-compose # start group of containers for dev
-    podman-compose  # start group of containers for dev
-  ];
-}
 </syntaxhighlight>
+== Tips and tricks ==
 === podman-compose ===
@@ Line 39: / Line 28: @@
 Best to mount a dataset under <code>/var/lib/containers/storage</code> with property <code>acltype=posixacl</code>.
-== Use Podman within nix-shell ==
+=== Use Podman within nix-shell ===
 https://gist.github.com/adisbladis/187204cb772800489ee3dac4acdd9947
 Note that rootless podman requires newuidmap (from shadow). If you're not on NixOS, this cannot be supplied by the Nix package 'shadow' since [https://nixos.org/manual/nix/unstable/expressions/derivations.html setuid/setgid programs are not currently supported by Nix].
-== Run Podman containers as systemd services ==
+=== Run Podman containers as systemd services ===
 <syntaxHighlight lang="nix">
 {