Podman: Difference between revisions

From NixOS Wiki
imported>Das-g
remove (presumably unintended) double negation (keep single negation instead)
imported>Aidalgol
m Add notes about getting podman-compose DNS working
Line 12: Line 12:
       # Create a `docker` alias for podman, to use it as a drop-in replacement
       # Create a `docker` alias for podman, to use it as a drop-in replacement
       dockerCompat = true;
       dockerCompat = true;
      # Required for containers under podman-compose to be able to talk to each other.
      defaultNetwork.dnsname.enable = true;
     };
     };
   };
   };
}
}
</syntaxHighlight>
</syntaxHighlight>
=== podman-compose ===
<code>podman-compose</code> is a drop-in replacement for <code>docker-compose</code>


=== Using podman with ZFS ===
=== Using podman with ZFS ===

Revision as of 22:18, 4 October 2022

Podman can run rootless containers and be a drop-in replacement for Docker.

Install and configure podman with NixOS service configuration

{ pkgs, ... }:
{
  virtualisation = {
    podman = {
      enable = true;

      # Create a `docker` alias for podman, to use it as a drop-in replacement
      dockerCompat = true;

      # Required for containers under podman-compose to be able to talk to each other.
      defaultNetwork.dnsname.enable = true;
    };
  };
}

podman-compose

podman-compose is a drop-in replacement for docker-compose

Using podman with ZFS

For root using ZFS, podman needs access to the ZFS tools.

virtualisation.podman.extraPackages = [ pkgs.zfs ];

Rootless can't use ZFS directly but the overlay needs POSIX ACL enabled for the underlying ZFS filesystem, ie., acltype=posixacl

Use Podman within nix-shell

https://gist.github.com/adisbladis/187204cb772800489ee3dac4acdd9947

Note that rootless podman requires newuidmap (from shadow). If you're not on NixOS, this cannot be supplied by the Nix package 'shadow' since setuid/setgid programs are not currently supported by Nix.

Run Podman containers as systemd services

{
  virtualisation.oci-containers.backend = "podman";
  virtualisation.oci-containers.containers = {
    container-name = {
      image = "container-image";
      autoStart = true;
      ports = [ "127.0.0.1:1234:1234" ];
    };
  };
}