docker: make it actually podman
This commit is contained in:
parent
b041bae420
commit
9fb87ca6f9
SSH key fingerprint:
SHA256:9LmFDe1C6jSrEyqxxvX8NtJBmcbB105XoqyUZF092bg
3 changed files with 20 additions and 36 deletions
|
|
@ -11,7 +11,7 @@
|
||||||
enable = true;
|
enable = true;
|
||||||
server = true;
|
server = true;
|
||||||
};
|
};
|
||||||
# docker.enable = true;
|
docker.enable = true;
|
||||||
# drone.enable = true;
|
# drone.enable = true;
|
||||||
nix-common = {
|
nix-common = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
|
||||||
|
|
@ -14,33 +14,35 @@ in
|
||||||
};
|
};
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
environment.systemPackages = with pkgs; [ docker-compose ];
|
# environment.systemPackages = with pkgs; [ docker-compose ];
|
||||||
|
environment.systemPackages = [ pkgs.podman-compose ];
|
||||||
|
|
||||||
virtualisation.docker = {
|
virtualisation.podman = {
|
||||||
enable = true;
|
enable = true;
|
||||||
enableNvidia = cfg.enableNvidia;
|
enableNvidia = cfg.enableNvidia;
|
||||||
|
dockerCompat = true;
|
||||||
|
|
||||||
autoPrune = {
|
autoPrune = {
|
||||||
enable = true;
|
enable = true;
|
||||||
dates = "weekly";
|
dates = "weekly";
|
||||||
};
|
};
|
||||||
|
|
||||||
daemon.settings = {
|
# daemon.settings = {
|
||||||
insecure-registries = config.virtualisation.containers.registries.insecure;
|
# insecure-registries = config.virtualisation.containers.registries.insecure;
|
||||||
features = {
|
# features = {
|
||||||
buildkit = true;
|
# buildkit = true;
|
||||||
};
|
# };
|
||||||
};
|
# };
|
||||||
|
defaultNetwork.settings.dns_enable = true;
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
virtualisation.containers = {
|
virtualisation.containers = {
|
||||||
registries = {
|
registries = {
|
||||||
insecure = [ "docker02.bedum.horus.nu:5000" "yocto-build-server.bedum.horus.nu:5000" "containers.internal.horus.nu" ];
|
insecure = [ "containers.internal.horus.nu" ];
|
||||||
search = [
|
search = [
|
||||||
"docker.io"
|
"docker.io"
|
||||||
"quay.io"
|
"quay.io"
|
||||||
"docker02.bedum.horus.nu:5000"
|
|
||||||
"yocto-build-server.bedum.horus.nu:5000"
|
|
||||||
"containers.internal.horus.nu"
|
"containers.internal.horus.nu"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
@ -48,6 +50,12 @@ in
|
||||||
|
|
||||||
users.extraUsers.${config.eboskma.var.mainUser}.extraGroups = [ "docker" "podman" ];
|
users.extraUsers.${config.eboskma.var.mainUser}.extraGroups = [ "docker" "podman" ];
|
||||||
|
|
||||||
|
# Make DNS work in containers
|
||||||
|
networking.firewall.interfaces."podman+" = {
|
||||||
|
allowedUDPPorts = [ 53 ];
|
||||||
|
allowedTCPPorts = [ 53 ];
|
||||||
|
};
|
||||||
|
|
||||||
# services.ghostunnel = mkIf cfg.enableTcpSocket {
|
# services.ghostunnel = mkIf cfg.enableTcpSocket {
|
||||||
# enable = true;
|
# enable = true;
|
||||||
# servers."podman-socket" = {
|
# servers."podman-socket" = {
|
||||||
|
|
|
||||||
|
|
@ -33,29 +33,5 @@ in
|
||||||
|
|
||||||
environment.systemPackages = [ pkgs.woodpecker-cli ];
|
environment.systemPackages = [ pkgs.woodpecker-cli ];
|
||||||
|
|
||||||
# virtualisation.docker = {
|
|
||||||
# enable = true;
|
|
||||||
# autoPrune = {
|
|
||||||
# enable = true;
|
|
||||||
# };
|
|
||||||
# };
|
|
||||||
|
|
||||||
virtualisation.podman = {
|
|
||||||
enable = true;
|
|
||||||
dockerCompat = true;
|
|
||||||
autoPrune = {
|
|
||||||
enable = true;
|
|
||||||
};
|
|
||||||
defaultNetwork.settings.dns_enable = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
networking.firewall = {
|
|
||||||
allowedTCPPorts = [ 8100 ];
|
|
||||||
|
|
||||||
interfaces."podman+" = {
|
|
||||||
allowedUDPPorts = [ 53 ];
|
|
||||||
allowedTCPPorts = [ 53 ];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue