nftable-migration
1{
2 pkgs,
3 ...
4}:
5{
6 networking.firewall.checkReversePath = false;
7 virtualisation.podman = {
8 enable = true;
9 extraPackages = with pkgs; [
10 podman-bootc
11 virtiofsd
12 ];
13 };
14 environment.systemPackages = with pkgs; [
15 podman-bootc
16 bootc
17 ];
18 virtualisation.containers = {
19 enable = true;
20 registries = {
21 search = [
22 "registry.fedoraproject.org"
23 "registry.access.redhat.com"
24 "registry.centos.org"
25 "docker.io"
26 "quay.io"
27 ];
28 };
29 policy = {
30 default = [ { type = "insecureAcceptAnything"; } ];
31 transports = {
32 docker-daemon = {
33 "" = [ { type = "insecureAcceptAnything"; } ];
34 };
35 };
36 };
37 containersConf.settings = {
38 network = {
39 default_subnet_pools = [
40 # See https://github.com/kubernetes-sigs/kind/issues/2872 for this
41 {
42 "base" = "11.0.0.0/24";
43 "size" = 24;
44 }
45 {
46 "base" = "192.168.129.0/24";
47 "size" = 24;
48 }
49 {
50 "base" = "192.168.130.0/24";
51 "size" = 24;
52 }
53 {
54 "base" = "192.168.131.0/24";
55 "size" = 24;
56 }
57 {
58 "base" = "192.168.132.0/24";
59 "size" = 24;
60 }
61 ];
62 };
63 };
64 };
65}