Commit d804ecbd575f

Vincent Demeester <vincent@sbr.pm>
2020-10-01 17:04:07
systems: remove programs.podman…
… and use upstream virtualisation.podman and virtualisation.containers. Signed-off-by: Vincent Demeester <vincent@sbr.pm>
main
1 parent 54e422e
Changed files (3)
systems
modules
programs
default.nix
podman.nix
wakasu.nix
systems/modules/programs/default.nix
@@ -1,6 +1,5 @@
 {
   imports = [
     ./crc.nix
-    ./podman.nix
   ];
 }
systems/modules/programs/podman.nix
@@ -1,101 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-let
-  cfg = config.programs.podman;
-in
-{
-  options = {
-    programs.podman = {
-      enable = mkEnableOption "Wether to configure podman";
-      package = mkOption {
-        default = pkgs.podman;
-        description = "podman package to be used";
-        type = types.package;
-      };
-      runcPackage = mkOption {
-        default = pkgs.runc;
-        description = "runc package to be used";
-        type = types.package;
-      };
-      conmonPackage = mkOption {
-        default = pkgs.conmon;
-        description = "conmon package to be used";
-        type = types.package;
-      };
-      cniPackage = mkOption {
-        default = pkgs.cni;
-        description = "cni package to be used";
-        type = types.package;
-      };
-      cniPluginsPackage = mkOption {
-        default = pkgs.cni-plugins;
-        description = "cni-plugins package to be used";
-        type = types.package;
-      };
-    };
-  };
-
-  config = mkIf cfg.enable {
-
-    environment.etc."containers/libpod.conf".text = ''
-      image_default_transport = "docker://"
-      runtime_path = ["${cfg.runcPackage}/bin/runc"]
-      conmon_path = ["${cfg.conmonPackage}/bin/conmon"]
-      cni_plugin_dir = ["${cfg.cniPluginsPackage}/bin/"]
-      cgroup_manager = "systemd"
-      cni_config_dir = "/etc/cni/net.d/"
-      cni_default_network = "podman"
-      # pause
-      pause_image = "k8s.gcr.io/pause:3.1"
-      pause_command = "/pause"
-    '';
-
-    environment.etc."containers/registries.conf".text = ''
-      [registries.search]
-      registries = ['docker.io', 'registry.fedoraproject.org', 'quay.io', 'registry.access.redhat.com', 'registry.centos.org']
-
-      [registries.insecure]
-      registries = ['massimo.local:5000', '192.168.12.0/16']
-    '';
-
-    environment.etc."containers/policy.json".text = ''
-      {
-        "default": [
-          { "type": "insecureAcceptAnything" }
-        ]
-      }
-    '';
-
-    environment.etc."cni/net.d/87-podman-bridge.conflist".text = ''
-      {
-          "cniVersion": "0.3.0",
-          "name": "podman",
-          "plugins": [
-            {
-              "type": "bridge",
-              "bridge": "cni0",
-              "isGateway": true,
-              "ipMasq": true,
-              "ipam": {
-                  "type": "host-local",
-                  "subnet": "10.88.0.0/16",
-                  "routes": [
-                      { "dst": "0.0.0.0/0" }
-                  ]
-              }
-            },
-            {
-              "type": "portmap",
-              "capabilities": {
-                "portMappings": true
-              }
-            }
-          ]
-      }
-    '';
-
-    environment.systemPackages = with pkgs; [ cfg.package cfg.conmonPackage cfg.runcPackage iptables ];
-
-  };
-}
systems/wakasu.nix
@@ -72,9 +72,20 @@ in
     tekton.enable = true;
     yubikey.enable = true;
   };
-  programs = {
-    podman.enable = true;
-    crc.enable = true;
+  virtualisation.podman.enable = true;
+  virtualisation.containers = {
+    enable = true;
+    registries = {
+      search = [ "registry.fedoraproject.org" "registry.access.redhat.com" "registry.centos.org" "docker.io" "quay.io" ];
+    };
+    policy = {
+      default = [{ type = "insecureAcceptAnything"; }];
+      transports = {
+        docker-daemon = {
+          "" = [{ type = "insecureAcceptAnything"; }];
+        };
+      };
+    };
   };
   security = {
     sudo.extraConfig = ''