Add podman rootless from here https://github.com/jyukopla/nix-podman

2024-02-06 14:58:48 +01:00 · 2024-02-06 14:58:48 +01:00 · a834f67cca
parent 860849935a
commit a834f67cca
2 changed files with 70 additions and 14 deletions
--- a/podman/LICENSE
+++ b/podman/LICENSE
@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2023 jyukopla
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
--- a/podman/flake.nix
+++ b/podman/flake.nix
@ -1,23 +1,58 @@
 {
-  description = "A Nix-flake-based PHP development environment";
+  description = "Rootless Podman";

-  inputs.nixpkgs.url = "https://flakehub.com/f/NixOS/nixpkgs/0.1.*.tar.gz";
+  inputs = {
+    flake-utils.url = "github:numtide/flake-utils";
+    nixpkgs.url = "github:NixOS/nixpkgs/release-22.11";
+  };

  outputs = {
    self,
    nixpkgs,
-  }: let
-    supportedSystems = ["x86_64-linux" "aarch64-linux" "x86_64-darwin" "aarch64-darwin"];
-    forEachSupportedSystem = f:
-      nixpkgs.lib.genAttrs supportedSystems (system:
-        f {
-          pkgs = import nixpkgs {inherit system;};
-        });
+    flake-utils,
+    ...
+  }:
+    flake-utils.lib.eachDefaultSystem (system: let
+      pkgs = nixpkgs.legacyPackages.${system};
    in {
-    devShells = forEachSupportedSystem ({pkgs}: {
-      default = pkgs.mkShell {
-        packages = with pkgs; [podman podman-compose];
+      # echo "username:100000:65536">>/etc/subuid
+      # echo "username:100000:65536">>/etc/subgid
+
+      devShells.default = pkgs.mkShell {
+        buildInputs = [
+          pkgs.podman # CLI
+          pkgs.runc # Container runtime
+          pkgs.conmon # Container runtime monitor
+          pkgs.skopeo # Interact with container registry
+          pkgs.slirp4netns # User-mode networking
+        ];
+        shellHook = let
+          podmanSetupScript = let
+            policyConf = pkgs.writeText "policy.conf" ''
+              {"default":[{"type":"insecureAcceptAnything"}],"transports":{"docker-daemon":{"":[{"type":"insecureAcceptAnything"}]}}}
+            '';
+            registriesConf = pkgs.writeText "registries.conf" ''
+              [registries]
+              [registries.block]
+              registries = []
+              [registries.insecure]
+              registries = []
+              [registries.search]
+              registries = ["docker.io", "quay.io"]
+            '';
+          in
+            pkgs.writeScript "podman-setup" ''
+              #!${pkgs.runtimeShell}
+              if ! test -f ~/.config/containers/policy.json; then
+                install -Dm555 ${policyConf} ~/.config/containers/policy.json
+              fi
+              if ! test -f ~/.config/containers/registries.conf; then
+                install -Dm555 ${registriesConf} ~/.config/containers/registries.conf
+              fi
+            '';
+        in ''
+          ${podmanSetupScript}
+        '';
      };
    });
-  };
 }