Podman: Difference between revisions
No edit summary |
mNo edit summary |
||
| Line 61: | Line 61: | ||
[[Category:Software]] | [[Category:Software]] | ||
[[Category: | [[Category:Server]] | ||
[[Category:Container]] | |||
Revision as of 21:05, 19 April 2024
Podman can run rootless containers and be a drop-in replacement for Docker.
Install and configure podman with NixOS service configuration
{ pkgs, ... }:
{
# Enable common container config files in /etc/containers
virtualisation.containers.enable = true;
virtualisation = {
podman = {
enable = true;
# Create a `docker` alias for podman, to use it as a drop-in replacement
dockerCompat = true;
# Required for containers under podman-compose to be able to talk to each other.
defaultNetwork.settings.dns_enabled = true;
};
};
# Useful other development tools
environment.systemPackages = with pkgs; [
dive # look into docker image layers
podman-tui # status of containers in the terminal
#docker-compose # start group of containers for dev
podman-compose # start group of containers for dev
];
}
podman-compose
podman-compose is a drop-in replacement for docker-compose
Using podman with ZFS
Rootless can't use ZFS directly but the overlay needs POSIX ACL enabled for the underlying ZFS filesystem, ie., acltype=posixacl
Best to mount a dataset under /var/lib/containers/storage with property acltype=posixacl.
Use Podman within nix-shell
https://gist.github.com/adisbladis/187204cb772800489ee3dac4acdd9947
Note that rootless podman requires newuidmap (from shadow). If you're not on NixOS, this cannot be supplied by the Nix package 'shadow' since setuid/setgid programs are not currently supported by Nix.
Run Podman containers as systemd services
{
virtualisation.oci-containers.backend = "podman";
virtualisation.oci-containers.containers = {
container-name = {
image = "container-image";
autoStart = true;
ports = [ "127.0.0.1:1234:1234" ];
};
};
}