Podman: Difference between revisions
imported>Mausch Clarify setuid situation |
imported>Chuangzhu Add instructions for using `virtualisation.oci-containers` |
||
| Line 23: | Line 23: | ||
Note that rootless podman requires newuidmap which can't come from the shadow Nix package on non-NixOS since [https://nixos.org/manual/nix/unstable/expressions/derivations.html setuid/setgid programs are not currently supported by Nix]. | Note that rootless podman requires newuidmap which can't come from the shadow Nix package on non-NixOS since [https://nixos.org/manual/nix/unstable/expressions/derivations.html setuid/setgid programs are not currently supported by Nix]. | ||
== Run Podman containers as systemd services == | |||
<syntaxHighlight lang="nix"> | |||
{ | |||
virtualisation.oci-containers.backend = "podman"; | |||
virtualisation.oci-containers.containers = { | |||
container-name = { | |||
image = "container-image"; | |||
autoStart = true; | |||
ports = [ "127.0.0.1:1234:1234" ]; | |||
}; | |||
}; | |||
} | |||
</syntaxHighlight> | |||
Revision as of 13:40, 10 October 2021
Podman can run rootless containers and be a drop-in replacement for Docker.
Install and configure podman with NixOS service configuration
{ pkgs, ... }:
{
virtualisation = {
podman = {
enable = true;
# Create a `docker` alias for podman, to use it as a drop-in replacement
dockerCompat = true;
};
};
}
Use Podman within nix-shell
https://gist.github.com/adisbladis/187204cb772800489ee3dac4acdd9947
Note that rootless podman requires newuidmap which can't come from the shadow Nix package on non-NixOS since setuid/setgid programs are not currently supported by Nix.
Run Podman containers as systemd services
{
virtualisation.oci-containers.backend = "podman";
virtualisation.oci-containers.containers = {
container-name = {
image = "container-image";
autoStart = true;
ports = [ "127.0.0.1:1234:1234" ];
};
};
}