Commit be9a183822dc

Vincent Demeester <vincent@sbr.pm>
2018-10-16 18:09:52
Package podman and add a module for it : programs.podman
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
main
1 parent f487e1f
Changed files (8)
machine
shikoku.nix
modules
programs
podman.nix
module-list.nix
overlays
sbr.overlay.nix
pkgs
conmon
default.nix
podman
default.nix
default.nix
profiles
default.nix
machine/shikoku.nix
@@ -38,7 +38,12 @@
   hardware.bluetooth.enable = true;
   networking.firewall.allowedTCPPorts = [ 7946 9000 ];
 
-  services.wireguard = with import ../assets/machines.nix; {
+  # Move elsewhere
+  programs.podman = {
+    enable = true;
+  };
+
+   services.wireguard = with import ../assets/machines.nix; {
     enable = true;
     ips = [ "${wireguard.ips.shikoku}/24" ];
     endpoint = wg.endpointIP;
modules/programs/podman.nix
@@ -0,0 +1,86 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+
+  cfg = config.programs.podman;
+
+in
+
+{
+  options = {
+    programs.podman = {
+      enable = mkOption {
+        default = false;
+        description = ''
+          Whether to configure podman
+        '';
+        type = types.bool;
+      };
+    };
+  };
+
+  config = mkIf cfg.enable {
+
+    environment.etc."containers/libpod.conf".text = ''
+      image_default_transport = "docker://"
+      runtime_path = ["${pkgs.runc}/bin/runc"]
+      conmon_path = ["${pkgs.conmon}/bin/conmon"]
+      cni_plugin_dir = ["${pkgs.cni-plugins}/bin/"]
+      cgroup_manager = "systemd"
+      cni_config_dir = "/etc/cni/net.d/"
+      cni_default_network = "podman"
+      # pause
+      pause_image = "k8s.gcr.io/pause:3.1"
+      pause_command = "/pause"
+    '';
+
+    environment.etc."containers/registries.conf".text = ''
+      [registries.search]
+      registries = ['docker.io', 'registry.fedoraproject.org', 'quay.io', 'registry.access.redhat.com', 'registry.centos.org']
+
+      [registries.insecure]
+      registries = []
+    '';
+
+    environment.etc."containers/policy.json".text = ''
+    {
+      "default": [
+        { "type": "insecureAcceptAnything" }
+      ]
+    }
+    '';
+
+    environment.etc."cni/net.d/87-podman-bridge.conflist".text = ''
+{
+    "cniVersion": "0.3.0",
+    "name": "podman",
+    "plugins": [
+      {
+        "type": "bridge",
+        "bridge": "cni0",
+        "isGateway": true,
+        "ipMasq": true,
+        "ipam": {
+            "type": "host-local",
+            "subnet": "10.88.0.0/16",
+            "routes": [
+                { "dst": "0.0.0.0/0" }
+            ]
+        }
+      },
+      {
+        "type": "portmap",
+        "capabilities": {
+          "portMappings": true
+        }
+      }
+    ]
+}
+    '';
+
+    environment.systemPackages = [ pkgs.podman pkgs.conmon pkgs.runc ];
+
+  };
+}
modules/module-list.nix
@@ -0,0 +1,7 @@
+{ pkgs, lib, ... }:
+
+{
+  imports = [
+    ./programs/podman.nix
+  ];
+}
overlays/sbr.overlay.nix
@@ -23,4 +23,10 @@ self: super: {
   stellar = import ../pkgs/stellar {
     inherit (self) stdenv lib fetchFromGitHub removeReferencesTo go;
   };
+  podman = import ../pkgs/podman {
+    inherit (self) stdenv lib fetchFromGitHub removeReferencesTo pkgconfig makeWrapper go libtool gpgme lvm2 btrfs-progs libseccomp gcc;
+  };
+  conmon = import ../pkgs/conmon {
+    inherit (self) stdenv lib fetchFromGitHub makeWrapper pkgconfig libtool gcc glib;
+  };
 }
pkgs/conmon/default.nix
@@ -0,0 +1,23 @@
+{ stdenv, lib, fetchFromGitHub, makeWrapper, pkgconfig, libtool, gcc, glib }:
+
+stdenv.mkDerivation rec {
+  name = "conmon-${version}";
+  version = "unstable-2018-10-03";
+  rev = "605136242787b6c7e1c7c8233b74a14c9097e510";
+
+  src = fetchFromGitHub {
+    owner = "containers";
+    repo = "conmon";
+    sha256 = "1ks9m4hsv0iflcj62szy6s8ifzvdns0hmhx2cz9mhfa9a7796311";
+    inherit rev;
+  };
+
+  nativeBuildInputs = [ pkgconfig ];
+  buildInputs = [
+    makeWrapper libtool gcc glib
+  ];
+
+  installPhase = ''
+    install -D -m 755 bin/conmon $out/bin/conmon
+  '';
+}
pkgs/podman/default.nix
@@ -0,0 +1,46 @@
+{ stdenv, lib, fetchFromGitHub, makeWrapper, removeReferencesTo, pkgconfig
+, go, libtool, gpgme, lvm2
+, btrfs-progs, libseccomp, gcc
+}:
+
+stdenv.mkDerivation rec {
+  name = "podman-${version}";
+  version = "0.10.1";
+  src = fetchFromGitHub {
+    owner = "containers";
+    repo = "libpod";
+    rev = "v${version}";
+    sha256 = "0156aqdza7kqd4i42n81dcpv03yll92151ggsziklslz8brwc7yk";
+  };
+    # Optimizations break compilation of libseccomp c bindings
+    hardeningDisable = [ "fortify" ];
+
+    nativeBuildInputs = [ pkgconfig ];
+    buildInputs = [
+      makeWrapper removeReferencesTo go libtool
+      btrfs-progs libseccomp gcc gpgme lvm2
+      ];
+
+    dontStrip = true;
+
+    buildPhase = ''
+    patchShebangs .
+    mkdir -p .gopath/src/github.com/containers
+    ln -sf $PWD .gopath/src/github.com/containers/libpod
+    ln -sf $PWD/vendor/github.com/varlink .gopath/src/github.com/varlink
+    export GOPATH="$PWD/.gopath:$GOPATH"
+    make binaries
+    '';
+
+    installPhase = ''
+    install -Dm755 bin/podman $out/bin/podman
+    '';
+
+    outputs = ["out"];
+
+    preFixup = ''
+      find $out -type f -exec remove-references-to -t ${go} -t ${stdenv.cc.cc} '{}' +
+      find $out -type f -exec remove-references-to -t ${stdenv.glibc.dev} '{}' +
+    '';
+
+}
pkgs/default.nix
@@ -28,4 +28,11 @@ rec {
   stellar = import ./stellar {
     inherit (pkgs) stdenv lib fetchFromGitHub removeReferencesTo go;
   };
+  # to upstream
+  podman = import ./podman {
+    inherit (pkgs) stdenv lib fetchFromGitHub removeReferencesTo pkgconfig makeWrapper go libtool gpgme lvm2 btrfs-progs libseccomp gcc;
+  };
+  conmon = import ./conmon {
+    inherit (pkgs) stdenv lib fetchFromGitHub makeWrapper pkgconfig libtool gcc glib;
+  };
 }
profiles/default.nix
@@ -4,6 +4,7 @@
   imports = [
     ./users.nix
     ./overlays.nix
+    ../modules/module-list.nix
   ];
   boot.loader.systemd-boot.enable = true;
   environment = {