Jump to content

Podman

From NixOS Wiki

Podman can run rootless containers and be a drop-in replacement for Docker.

Setup

To enable Podman support, add following lines to your system configuration

# Enable common container config files in /etc/containers
virtualisation.containers.enable = true;
virtualisation = {
  podman = {
    enable = true;
    # Create a `docker` alias for podman, to use it as a drop-in replacement
    dockerCompat = true;
    # Required for containers under podman-compose to be able to talk to each other.
    defaultNetwork.settings.dns_enabled = true;
  };
};

users.users.myuser = {
  isNormalUser = true;
  extraGroups = [ "podman" ];
};

Replace myuser with your current user. A reboot or re-login might be required for the permissions to take effect after applying changes.

Tips and tricks

podman-compose

podman-compose is a drop-in replacement for docker-compose

Using podman with ZFS

Rootless can't use ZFS directly but the overlay needs POSIX ACL enabled for the underlying ZFS filesystem, ie., acltype=posixacl

Best to mount a dataset under /var/lib/containers/storage with property acltype=posixacl.

Use Podman within nix-shell

https://gist.github.com/adisbladis/187204cb772800489ee3dac4acdd9947

Note that rootless podman requires newuidmap (from shadow). If you're not on NixOS, this cannot be supplied by the Nix package 'shadow' since setuid/setgid programs are not currently supported by Nix.

Run Podman containers as systemd services

{
  virtualisation.oci-containers.backend = "podman";
  virtualisation.oci-containers.containers = {
    container-name = {
      image = "container-image";
      autoStart = true;
      ports = [ "127.0.0.1:1234:1234" ];
    };
  };
}

Run cross-architecture containers with binfmt/qemu

boot.binfmt = {
  emulatedSystems = [ "aarch64-linux" ];
  preferStaticEmulators = true; # required to work with podman
};

$ podman run --arch arm64 'docker.io/alpine:latest' arch
aarch64

DevContainer

To use DevContainer with Podman, it is possible that the process of creation of containers is stuck a `Please select an image URL`.

To avoid this issue, restrict the amount of registries in either `/etc/containers/registries.conf`: 

  environment.etc."containers/registries.conf".text = ''
    [registries.search]
    registries = ['docker.io']
  '';

or `~/.config/containers/registries` through Home Manager: 

  xdg.configFile."containers/registries.conf".text = ''
    [registries.search]
    registries = ['docker.io']
  '';
Retrieved from "https://wiki.nixos.org/w/index.php?title=Podman&oldid=19978"