docker: make it actually podman

This commit is contained in:
Erwin Boskma 2023-07-04 20:30:36 +02:00
parent b041bae420
commit 9fb87ca6f9
Signed by: erwin
SSH key fingerprint: SHA256:9LmFDe1C6jSrEyqxxvX8NtJBmcbB105XoqyUZF092bg
3 changed files with 20 additions and 36 deletions

View file

@ -11,7 +11,7 @@
enable = true; enable = true;
server = true; server = true;
}; };
# docker.enable = true; docker.enable = true;
# drone.enable = true; # drone.enable = true;
nix-common = { nix-common = {
enable = true; enable = true;

View file

@ -14,33 +14,35 @@ in
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
environment.systemPackages = with pkgs; [ docker-compose ]; # environment.systemPackages = with pkgs; [ docker-compose ];
environment.systemPackages = [ pkgs.podman-compose ];
virtualisation.docker = { virtualisation.podman = {
enable = true; enable = true;
enableNvidia = cfg.enableNvidia; enableNvidia = cfg.enableNvidia;
dockerCompat = true;
autoPrune = { autoPrune = {
enable = true; enable = true;
dates = "weekly"; dates = "weekly";
}; };
daemon.settings = { # daemon.settings = {
insecure-registries = config.virtualisation.containers.registries.insecure; # insecure-registries = config.virtualisation.containers.registries.insecure;
features = { # features = {
buildkit = true; # buildkit = true;
}; # };
}; # };
defaultNetwork.settings.dns_enable = true;
}; };
virtualisation.containers = { virtualisation.containers = {
registries = { registries = {
insecure = [ "docker02.bedum.horus.nu:5000" "yocto-build-server.bedum.horus.nu:5000" "containers.internal.horus.nu" ]; insecure = [ "containers.internal.horus.nu" ];
search = [ search = [
"docker.io" "docker.io"
"quay.io" "quay.io"
"docker02.bedum.horus.nu:5000"
"yocto-build-server.bedum.horus.nu:5000"
"containers.internal.horus.nu" "containers.internal.horus.nu"
]; ];
}; };
@ -48,6 +50,12 @@ in
users.extraUsers.${config.eboskma.var.mainUser}.extraGroups = [ "docker" "podman" ]; users.extraUsers.${config.eboskma.var.mainUser}.extraGroups = [ "docker" "podman" ];
# Make DNS work in containers
networking.firewall.interfaces."podman+" = {
allowedUDPPorts = [ 53 ];
allowedTCPPorts = [ 53 ];
};
# services.ghostunnel = mkIf cfg.enableTcpSocket { # services.ghostunnel = mkIf cfg.enableTcpSocket {
# enable = true; # enable = true;
# servers."podman-socket" = { # servers."podman-socket" = {

View file

@ -33,29 +33,5 @@ in
environment.systemPackages = [ pkgs.woodpecker-cli ]; environment.systemPackages = [ pkgs.woodpecker-cli ];
# virtualisation.docker = {
# enable = true;
# autoPrune = {
# enable = true;
# };
# };
virtualisation.podman = {
enable = true;
dockerCompat = true;
autoPrune = {
enable = true;
};
defaultNetwork.settings.dns_enable = true;
};
networking.firewall = {
allowedTCPPorts = [ 8100 ];
interfaces."podman+" = {
allowedUDPPorts = [ 53 ];
allowedTCPPorts = [ 53 ];
};
};
}; };
} }