{ pkgs , ... }: let cniConfigDir = let loopback = pkgs.writeText "00-loopback.conf" '' { "cniVersion": "0.3.0", "type": "loopback" } ''; podman-bridge = pkgs.writeText "87-podman-bridge.conflist" '' { "cniVersion": "0.3.0", "name": "podman", "plugins": [ { "type": "bridge", "bridge": "cni0", "isGateway": true, "ipMasq": true, "ipam": { "type": "host-local", "subnet": "10.88.0.0/16", "routes": [ { "dst": "0.0.0.0/0" } ] } }, { "type": "portmap", "capabilities": { "portMappings": true } } ] } ''; in pkgs.runCommand "cniConfig" {} '' set -x mkdir $out; ln -s ${loopback} $out/${loopback.name} ln -s ${podman-bridge} $out/${podman-bridge.name} ''; containersConf = pkgs.writeText "containers.conf" '' # containers.conf is the default configuration file for all tools using libpod to # manage containers [containers] # Maximum size of log files (in bytes) # -1 is unlimited log_size_max = -1 [engine] # Default transport method for pulling and pushing for images image_default_transport = "docker://" # Paths to search for the conmon container manager binary. If the paths are empty or no valid path was found, then the $PATH environment variable will be used as the fallback. conmon_path = [ "${pkgs.conmon}/bin/conmon" ] # --runtime ${pkgs.crun}/bin/crun \ runtime = "crun" # Environment variables to pass into conmon conmon_env_vars = [ ] # CGroup Manager - valid values are "systemd" and "cgroupfs" cgroup_manager = "systemd" # Whether to use chroot instead of pivot_root in the runtime no_pivot_root = false # Determines whether libpod will reserve ports on the host when they are # forwarded to containers. When enabled, when ports are forwarded to containers, # they are held open by conmon as long as the container is running, ensuring that # they cannot be reused by other programs on the host. However, this can cause # significant memory usage if a container has many ports forwarded to it. # Disabling this can save memory. enable_port_reservation = true [network] # Directory containing CNI plugin configuration files network_config_dir = "${cniConfigDir}" # Directories where the CNI plugin binaries may be located cni_plugin_dirs = [ "${pkgs.cni-plugins}/bin" ] # Default CNI network for libpod. # If multiple CNI network configs are present, libpod will use the network with # the name given here for containers unless explicitly overridden. # The default here is set to the name we set in the # 87-podman-bridge.conflist included in the repository. # Not setting this, or setting it to the empty string, will use normal CNI # precedence rules for selecting between multiple networks. default_network = "podman" ''; in { home.packages = with pkgs; [ podman ]; home.file.".config/containers/containers.conf".source = containersConf; home.file.".config/containers/registries.conf".text = '' [registries.search] registries = ['docker.io', 'quay.io', 'registry.fedoraproject.org'] [registries.insecure] registries = [] #blocked (docker only) [registries.block] registries = [] ''; home.file.".config/containers/storage.conf".text = '' [storage] driver = "btrfs" ''; home.file.".config/containers/policy.json".text = '' { "default": [ { "type": "insecureAcceptAnything" } ], "transports": { "docker-daemon": { "": [{"type":"insecureAcceptAnything"}] } } } ''; }