Podman: Difference between revisions
imported>Nrabulinski m Removed a comment which depicted the same snipped that's already present |
Malteneuss (talk | contribs) m Align with old Wiki |
||
Line 3: | Line 3: | ||
== Install and configure podman with NixOS service configuration == | == Install and configure podman with NixOS service configuration == | ||
< | <syntaxhighlight lang="nix"> | ||
{ pkgs, ... }: | { pkgs, ... }: | ||
{ | { | ||
# Enable common container config files in /etc/containers | |||
virtualisation.containers.enable = true; | |||
virtualisation = { | virtualisation = { | ||
podman = { | podman = { | ||
Line 17: | Line 19: | ||
}; | }; | ||
}; | }; | ||
# Useful other development tools | |||
environment.systemPackages = with pkgs; [ | |||
dive # look into docker image layers | |||
podman-tui # status of containers in the terminal | |||
#docker-compose # start group of containers for dev | |||
podman-compose # start group of containers for dev | |||
]; | |||
} | } | ||
</ | </syntaxhighlight> | ||
=== podman-compose === | === podman-compose === |
Revision as of 13:40, 7 April 2024
Podman can run rootless containers and be a drop-in replacement for Docker.
Install and configure podman with NixOS service configuration
{ pkgs, ... }:
{
# Enable common container config files in /etc/containers
virtualisation.containers.enable = true;
virtualisation = {
podman = {
enable = true;
# Create a `docker` alias for podman, to use it as a drop-in replacement
dockerCompat = true;
# Required for containers under podman-compose to be able to talk to each other.
defaultNetwork.settings.dns_enabled = true;
};
};
# Useful other development tools
environment.systemPackages = with pkgs; [
dive # look into docker image layers
podman-tui # status of containers in the terminal
#docker-compose # start group of containers for dev
podman-compose # start group of containers for dev
];
}
podman-compose
podman-compose
is a drop-in replacement for docker-compose
Using podman with ZFS
Rootless can't use ZFS directly but the overlay needs POSIX ACL enabled for the underlying ZFS filesystem, ie., acltype=posixacl
Best to mount a dataset under /var/lib/containers/storage
with property acltype=posixacl
.
Use Podman within nix-shell
https://gist.github.com/adisbladis/187204cb772800489ee3dac4acdd9947
Note that rootless podman requires newuidmap (from shadow). If you're not on NixOS, this cannot be supplied by the Nix package 'shadow' since setuid/setgid programs are not currently supported by Nix.
Run Podman containers as systemd services
{
virtualisation.oci-containers.backend = "podman";
virtualisation.oci-containers.containers = {
container-name = {
image = "container-image";
autoStart = true;
ports = [ "127.0.0.1:1234:1234" ];
};
};
}