-
-
Notifications
You must be signed in to change notification settings - Fork 1.9k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
This module is a continuation of #2630 by MaeIsBad. It also adds a module `virtualisation.oci-containers` that is equivalent to the one in NixOS. Basically it allows a simple toggle to activate oci-container services and commands. We also support Podman on mac. Note, Podman requires a VM on mac, which has to be started before any Podman commands can be executed. Users might sometimes require VMs that use different architectures than the default VM started by Podman. Thus, they get the option to define the VM(s) that will be initialized and started by podman. Since Podman has to start a machine, it's best to do it using launchd. The configuration of the machines requires a JSON, generated from an attrset in Home Manager, which is where Python script comes into play to take care of diff-ing the `podman machine list` to CRUD them. PR #4331 Co-authored-by: MaeIsBad <26093674+MaeIsBad@users.noreply.github.com>
- Loading branch information
Showing
11 changed files
with
521 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,76 @@ | ||
| { config, lib, pkgs, ... }: | ||
|
|
||
| let | ||
| cfg = config.virtualisation.containers; | ||
|
|
||
| inherit (lib) mkOption types; | ||
|
|
||
| toml = pkgs.formats.toml { }; | ||
| in { | ||
| meta.maintainers = [ lib.maintainers.michaelCTS ]; | ||
|
|
||
| options.virtualisation.containers = { | ||
| enable = lib.mkEnableOption "the common containers configuration module"; | ||
|
|
||
| ociSeccompBpfHook.enable = lib.mkEnableOption "the OCI seccomp BPF hook"; | ||
|
|
||
| registries = { | ||
| search = mkOption { | ||
| type = types.listOf types.str; | ||
| default = [ "docker.io" "quay.io" ]; | ||
| description = '' | ||
| List of repositories to search. | ||
| ''; | ||
| }; | ||
|
|
||
| insecure = mkOption { | ||
| type = types.listOf types.str; | ||
| default = [ ]; | ||
| description = '' | ||
| List of insecure repositories. | ||
| ''; | ||
| }; | ||
|
|
||
| block = mkOption { | ||
| type = types.listOf types.str; | ||
| default = [ ]; | ||
| description = '' | ||
| List of blocked repositories. | ||
| ''; | ||
| }; | ||
| }; | ||
|
|
||
| policy = mkOption { | ||
| type = types.attrs; | ||
| default = { }; | ||
| example = lib.literalExpression '' | ||
| { | ||
| default = [ { type = "insecureAcceptAnything"; } ]; | ||
| transports = { | ||
| docker-daemon = { | ||
| "" = [ { type = "insecureAcceptAnything"; } ]; | ||
| }; | ||
| }; | ||
| } | ||
| ''; | ||
| description = '' | ||
| Signature verification policy file. | ||
| If this option is empty the default policy file from | ||
| `skopeo` will be used. | ||
| ''; | ||
| }; | ||
| }; | ||
|
|
||
| config = lib.mkIf cfg.enable { | ||
| xdg.configFile."containers/registries.conf".source = | ||
| toml.generate "registries.conf" { | ||
| registries = lib.mapAttrs (n: v: { registries = v; }) cfg.registries; | ||
| }; | ||
|
|
||
| xdg.configFile."containers/policy.json".source = if cfg.policy != { } then | ||
| pkgs.writeText "policy.json" (builtins.toJSON cfg.policy) | ||
| else | ||
| "${pkgs.skopeo.src}/default-policy.json"; | ||
| }; | ||
|
|
||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,28 @@ | ||
| # Equivalent of | ||
| # https://github.com/NixOS/nixpkgs/blob/nixos-unstable/nixos/modules/virtualisation/oci-containers.nix | ||
| { config, lib, pkgs, ... }: | ||
|
|
||
| let | ||
| cfg = config.virtualisation.oci-containers; | ||
|
|
||
| inherit (lib) mkDefault mkIf mkMerge mkOption types; | ||
|
|
||
| defaultBackend = "podman"; | ||
| in { | ||
| meta.maintainers = [ pkgs.lib.maintainers.michaelCTS ]; | ||
|
|
||
| options.virtualisation.oci-containers = { | ||
| enable = lib.mkEnableOption | ||
| "a convenience option to enable containers in platform-agnostic manner"; | ||
|
|
||
| backend = mkOption { | ||
| type = types.enum [ "podman" ]; | ||
| default = defaultBackend; | ||
| description = "Which service to use as a backend for containers."; | ||
| }; | ||
| }; | ||
|
|
||
| config = mkIf (cfg.enable && cfg.backend == "podman") { | ||
| virtualisation.podman.enable = true; | ||
| }; | ||
| } |
Oops, something went wrong.