commit d804ecbd575fdd581155ac557d881fcc7afeca84
parent 54e422e646c4079fc1a1eac3947e7b6f1c5d6848
Author: Vincent Demeester <vincent@sbr.pm>
Date: Thu, 1 Oct 2020 17:04:07 +0200
systems: remove programs.podman…
… and use upstream virtualisation.podman and virtualisation.containers.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Diffstat:
3 files changed, 14 insertions(+), 105 deletions(-)
diff --git a/systems/modules/programs/default.nix b/systems/modules/programs/default.nix
@@ -1,6 +1,5 @@
{
imports = [
./crc.nix
- ./podman.nix
];
}
diff --git a/systems/modules/programs/podman.nix b/systems/modules/programs/podman.nix
@@ -1,101 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-let
- cfg = config.programs.podman;
-in
-{
- options = {
- programs.podman = {
- enable = mkEnableOption "Wether to configure podman";
- package = mkOption {
- default = pkgs.podman;
- description = "podman package to be used";
- type = types.package;
- };
- runcPackage = mkOption {
- default = pkgs.runc;
- description = "runc package to be used";
- type = types.package;
- };
- conmonPackage = mkOption {
- default = pkgs.conmon;
- description = "conmon package to be used";
- type = types.package;
- };
- cniPackage = mkOption {
- default = pkgs.cni;
- description = "cni package to be used";
- type = types.package;
- };
- cniPluginsPackage = mkOption {
- default = pkgs.cni-plugins;
- description = "cni-plugins package to be used";
- type = types.package;
- };
- };
- };
-
- config = mkIf cfg.enable {
-
- environment.etc."containers/libpod.conf".text = ''
- image_default_transport = "docker://"
- runtime_path = ["${cfg.runcPackage}/bin/runc"]
- conmon_path = ["${cfg.conmonPackage}/bin/conmon"]
- cni_plugin_dir = ["${cfg.cniPluginsPackage}/bin/"]
- cgroup_manager = "systemd"
- cni_config_dir = "/etc/cni/net.d/"
- cni_default_network = "podman"
- # pause
- pause_image = "k8s.gcr.io/pause:3.1"
- pause_command = "/pause"
- '';
-
- environment.etc."containers/registries.conf".text = ''
- [registries.search]
- registries = ['docker.io', 'registry.fedoraproject.org', 'quay.io', 'registry.access.redhat.com', 'registry.centos.org']
-
- [registries.insecure]
- registries = ['massimo.local:5000', '192.168.12.0/16']
- '';
-
- environment.etc."containers/policy.json".text = ''
- {
- "default": [
- { "type": "insecureAcceptAnything" }
- ]
- }
- '';
-
- environment.etc."cni/net.d/87-podman-bridge.conflist".text = ''
- {
- "cniVersion": "0.3.0",
- "name": "podman",
- "plugins": [
- {
- "type": "bridge",
- "bridge": "cni0",
- "isGateway": true,
- "ipMasq": true,
- "ipam": {
- "type": "host-local",
- "subnet": "10.88.0.0/16",
- "routes": [
- { "dst": "0.0.0.0/0" }
- ]
- }
- },
- {
- "type": "portmap",
- "capabilities": {
- "portMappings": true
- }
- }
- ]
- }
- '';
-
- environment.systemPackages = with pkgs; [ cfg.package cfg.conmonPackage cfg.runcPackage iptables ];
-
- };
-}
diff --git a/systems/wakasu.nix b/systems/wakasu.nix
@@ -72,9 +72,20 @@ in
tekton.enable = true;
yubikey.enable = true;
};
- programs = {
- podman.enable = true;
- crc.enable = true;
+ virtualisation.podman.enable = true;
+ virtualisation.containers = {
+ enable = true;
+ registries = {
+ search = [ "registry.fedoraproject.org" "registry.access.redhat.com" "registry.centos.org" "docker.io" "quay.io" ];
+ };
+ policy = {
+ default = [{ type = "insecureAcceptAnything"; }];
+ transports = {
+ docker-daemon = {
+ "" = [{ type = "insecureAcceptAnything"; }];
+ };
+ };
+ };
};
security = {
sudo.extraConfig = ''