Podman: Difference between revisions

← Older edit Newer edit →

VisualWikitext

@@ Line 1: / Line 1: @@
-[https://podman.io/ Podman] can run rootless containers and be a drop-in replacement for [[Docker]].
+[https://podman.io/ Podman] can run rootless containers and be a drop-in replacement for [[Docker]]
 == Setup ==
-To enable Podman support, add following lines to your system configuration<syntaxhighlight lang="nix">
+{{File|3=virtualisation = {
-# Enable common container config files in /etc/containers
+  containers.enable = true;
-virtualisation.containers.enable = true;
-virtualisation = {
    podman = {
      enable = true;
-    # Create a `docker` alias for podman, to use it as a drop-in replacement
      dockerCompat = true;
-     # Required for containers under podman-compose to be able to talk to each other.
+     defaultNetwork.settings.dns_enabled = true; # Required for containers under podman-compose to be able to talk to each other.
-    defaultNetwork.settings.dns_enabled = true;
    };
 };
-users.users.myuser = {
+users.users.<USERNAME> = { # replace `<USERNAME>` with the actual username
-  isNormalUser = true;
+   extraGroups = [
-   extraGroups = [ "podman" ];
+    "podman"
-};
+  ];
-</syntaxhighlight>Replace <code>myuser</code> with your current user. A reboot or re-login might be required for the permissions to take effect after applying changes.
+}|name=/etc/nixos/configuration.nix|lang=nix}}
+A reboot or re-login might be required for the permissions to take effect after applying changes
 == Tips and tricks ==
@@ Line 25: / Line 22: @@
 === podman-compose ===
 <code>podman-compose</code> is a drop-in replacement for <code>docker-compose</code>
+See [https://docs.podman.io/en/stable/markdown/podman-compose.1.html the official documentation]
 === Using podman with ZFS ===
@@ Line 33: / Line 32: @@
 === Use Podman within nix-shell ===
-https://gist.github.com/adisbladis/187204cb772800489ee3dac4acdd9947
+From https://gist.github.com/adisbladis/187204cb772800489ee3dac4acdd9947 :<blockquote>{{File|3={ pkgs ? import <nixpkgs> {} }:
+let
+  # To use this shell.nix on NixOS your user needs to be configured as such:
+  # users.extraUsers.adisbladis = {
+  #   subUidRanges = [{ startUid = 100000; count = 65536; }];
+  #   subGidRanges = [{ startGid = 100000; count = 65536; }];
+  # };
+  # Provides a script that copies required files to ~/
+  podmanSetupScript = let
+    registriesConf = pkgs.writeText "registries.conf" ''
+      [registries.search]
+      registries = ['docker.io']
+      [registries.block]
+      registries = []
+    '';
+  in pkgs.writeScript "podman-setup" ''
+    #!${pkgs.runtimeShell}
+    # Dont overwrite customised configuration
+    if ! test -f ~/.config/containers/policy.json; then
+      install -Dm555 ${pkgs.skopeo.src}/default-policy.json ~/.config/containers/policy.json
+    fi
+    if ! test -f ~/.config/containers/registries.conf; then
+      install -Dm555 ${registriesConf} ~/.config/containers/registries.conf
+    fi
+  '';
+  # Provides a fake "docker" binary mapping to podman
+  dockerCompat = pkgs.runCommandNoCC "docker-podman-compat" {} ''
+    mkdir -p $out/bin
+    ln -s ${pkgs.podman}/bin/podman $out/bin/docker
+  '';
+in pkgs.mkShell {
+  buildInputs = [
+    dockerCompat
+    pkgs.podman  # Docker compat
+    pkgs.runc  # Container runtime
+    pkgs.conmon  # Container runtime monitor
+    pkgs.skopeo  # Interact with container registry
+    pkgs.slirp4netns  # User-mode networking for unprivileged namespaces
+    pkgs.fuse-overlayfs  # CoW for images, much faster than default vfs
+  ];
+  shellHook = ''
+    # Install required configuration
+    ${podmanSetupScript}
+  '';
-Note that rootless podman requires newuidmap (from shadow). If you're not on NixOS, this cannot be supplied by the Nix package 'shadow' since [https://nixos.org/manual/nix/unstable/expressions/derivations.html setuid/setgid programs are not currently supported by Nix].
+}|name=podman-shell.nix|lang=nix}}</blockquote>Note that rootless podman requires newuidmap (from shadow). If you're not on NixOS, this cannot be supplied by the Nix package 'shadow' since [https://nixos.org/manual/nix/unstable/expressions/derivations.html setuid/setgid programs are not currently supported by Nix].
 === Run Podman containers as systemd services ===
@@ Line 58: / Line 110: @@
 };
 </syntaxHighlight>
-<syntaxHighlight lang="sh">
+<syntaxhighlight lang="console">
 $ podman run --arch arm64 'docker.io/alpine:latest' arch
 aarch64
-</syntaxHighlight>
+</syntaxhighlight>
 === DevContainer ===
-To use DevContainer with Podman, it is possible that the process of creation of containers is stuck a `Please select an image URL`.
+Using Podman, it is possible that the process of creation of DevContainers' containers to become stuck at the "Please select an image URL" step.
-To avoid this issue, restrict the amount of registries in either `/etc/containers/registries.conf`:
+To avoid this issue, you might restrict its registries configuration.
-<syntaxHighlight lang="nix">
+You can do such using [[Home Manager]] manually:
-  environment.etc."containers/registries.conf".text = ''
-    [registries.search]
-    registries = ['docker.io']
-  '';
-</syntaxHighlight>
-or `~/.config/containers/registries` through Home Manager:
+{{File|3=# Global `/etc/containers/registries.conf`
+environment.etc."containers/registries.conf".text = ''
-<syntaxHighlight lang="nix">
+  [registries.search]
-  xdg.configFile."containers/registries.conf".text = ''
+  registries = ['docker.io']
-    [registries.search]
+'';
-    registries = ['docker.io']
-  '';
-</syntaxHighlight>
-<syntaxHighlight lang="nix">
-</syntaxHighlight>
+# User-scoped `~/.config/containers/registries`
+xdg.configFile."containers/registries.conf".text = ''
+  [registries.search]
+  registries = ['docker.io']
+'';|name=~/.config/home-manager/home.nix|lang=nix}}
 [[Category:Software]]
 [[Category:Server]]
 [[Category:Container]]