Podman: Difference between revisions
Add a few links |
Cleanup |
||
| Line 1: | Line 1: | ||
Podman can run rootless containers and be a drop-in replacement for [[Docker]]. | Podman can run rootless containers and be a drop-in replacement for [[Docker]]. | ||
== | == Setup == | ||
To enable Podman support, add following lines to your system configuration<syntaxhighlight lang="nix"> | |||
<syntaxhighlight lang="nix"> | # Enable common container config files in /etc/containers | ||
virtualisation.containers.enable = true; | |||
virtualisation = { | |||
podman = { | |||
enable = true; | |||
# Create a `docker` alias for podman, to use it as a drop-in replacement | |||
dockerCompat = true; | |||
# Required for containers under podman-compose to be able to talk to each other. | |||
defaultNetwork.settings.dns_enabled = true; | |||
}; | }; | ||
}; | |||
</syntaxhighlight> | </syntaxhighlight> | ||
== Tips and tricks == | |||
=== podman-compose === | === podman-compose === | ||
| Line 39: | Line 28: | ||
Best to mount a dataset under <code>/var/lib/containers/storage</code> with property <code>acltype=posixacl</code>. | Best to mount a dataset under <code>/var/lib/containers/storage</code> with property <code>acltype=posixacl</code>. | ||
== Use Podman within nix-shell == | === Use Podman within nix-shell === | ||
https://gist.github.com/adisbladis/187204cb772800489ee3dac4acdd9947 | https://gist.github.com/adisbladis/187204cb772800489ee3dac4acdd9947 | ||
Note that rootless podman requires newuidmap (from shadow). If you're not on NixOS, this cannot be supplied by the Nix package 'shadow' since [https://nixos.org/manual/nix/unstable/expressions/derivations.html setuid/setgid programs are not currently supported by Nix]. | Note that rootless podman requires newuidmap (from shadow). If you're not on NixOS, this cannot be supplied by the Nix package 'shadow' since [https://nixos.org/manual/nix/unstable/expressions/derivations.html setuid/setgid programs are not currently supported by Nix]. | ||
== Run Podman containers as systemd services == | === Run Podman containers as systemd services === | ||
<syntaxHighlight lang="nix"> | <syntaxHighlight lang="nix"> | ||
{ | { | ||
Revision as of 07:43, 17 September 2024
Podman can run rootless containers and be a drop-in replacement for Docker.
Setup
To enable Podman support, add following lines to your system configuration
# Enable common container config files in /etc/containers
virtualisation.containers.enable = true;
virtualisation = {
podman = {
enable = true;
# Create a `docker` alias for podman, to use it as a drop-in replacement
dockerCompat = true;
# Required for containers under podman-compose to be able to talk to each other.
defaultNetwork.settings.dns_enabled = true;
};
};
Tips and tricks
podman-compose
podman-compose is a drop-in replacement for docker-compose
Using podman with ZFS
Rootless can't use ZFS directly but the overlay needs POSIX ACL enabled for the underlying ZFS filesystem, ie., acltype=posixacl
Best to mount a dataset under /var/lib/containers/storage with property acltype=posixacl.
Use Podman within nix-shell
https://gist.github.com/adisbladis/187204cb772800489ee3dac4acdd9947
Note that rootless podman requires newuidmap (from shadow). If you're not on NixOS, this cannot be supplied by the Nix package 'shadow' since setuid/setgid programs are not currently supported by Nix.
Run Podman containers as systemd services
{
virtualisation.oci-containers.backend = "podman";
virtualisation.oci-containers.containers = {
container-name = {
image = "container-image";
autoStart = true;
ports = [ "127.0.0.1:1234:1234" ];
};
};
}