From a834f67ccac3b2b7be572c62dbf0e8e8ba0eea1c Mon Sep 17 00:00:00 2001 From: Lillian-Violet Date: Tue, 6 Feb 2024 14:58:48 +0100 Subject: [PATCH] Add podman rootless from here https://github.com/jyukopla/nix-podman --- podman/LICENSE | 21 ++++++++++++++++ podman/flake.nix | 63 +++++++++++++++++++++++++++++++++++++----------- 2 files changed, 70 insertions(+), 14 deletions(-) create mode 100644 podman/LICENSE diff --git a/podman/LICENSE b/podman/LICENSE new file mode 100644 index 0000000..fa823c1 --- /dev/null +++ b/podman/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2023 jyukopla + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/podman/flake.nix b/podman/flake.nix index 908626f..7097ddf 100644 --- a/podman/flake.nix +++ b/podman/flake.nix @@ -1,23 +1,58 @@ { - description = "A Nix-flake-based PHP development environment"; + description = "Rootless Podman"; - inputs.nixpkgs.url = "https://flakehub.com/f/NixOS/nixpkgs/0.1.*.tar.gz"; + inputs = { + flake-utils.url = "github:numtide/flake-utils"; + nixpkgs.url = "github:NixOS/nixpkgs/release-22.11"; + }; outputs = { self, nixpkgs, - }: let - supportedSystems = ["x86_64-linux" "aarch64-linux" "x86_64-darwin" "aarch64-darwin"]; - forEachSupportedSystem = f: - nixpkgs.lib.genAttrs supportedSystems (system: - f { - pkgs = import nixpkgs {inherit system;}; - }); - in { - devShells = forEachSupportedSystem ({pkgs}: { - default = pkgs.mkShell { - packages = with pkgs; [podman podman-compose]; + flake-utils, + ... + }: + flake-utils.lib.eachDefaultSystem (system: let + pkgs = nixpkgs.legacyPackages.${system}; + in { + # echo "username:100000:65536">>/etc/subuid + # echo "username:100000:65536">>/etc/subgid + + devShells.default = pkgs.mkShell { + buildInputs = [ + pkgs.podman # CLI + pkgs.runc # Container runtime + pkgs.conmon # Container runtime monitor + pkgs.skopeo # Interact with container registry + pkgs.slirp4netns # User-mode networking + ]; + shellHook = let + podmanSetupScript = let + policyConf = pkgs.writeText "policy.conf" '' + {"default":[{"type":"insecureAcceptAnything"}],"transports":{"docker-daemon":{"":[{"type":"insecureAcceptAnything"}]}}} + ''; + registriesConf = pkgs.writeText "registries.conf" '' + [registries] + [registries.block] + registries = [] + [registries.insecure] + registries = [] + [registries.search] + registries = ["docker.io", "quay.io"] + ''; + in + pkgs.writeScript "podman-setup" '' + #!${pkgs.runtimeShell} + if ! test -f ~/.config/containers/policy.json; then + install -Dm555 ${policyConf} ~/.config/containers/policy.json + fi + if ! test -f ~/.config/containers/registries.conf; then + install -Dm555 ${registriesConf} ~/.config/containers/registries.conf + fi + ''; + in '' + ${podmanSetupScript} + ''; }; }); - }; }