mirror of
https://github.com/nix-community/home-manager
synced 2025-01-01 06:39:48 +01:00
64 lines
1.7 KiB
Nix
64 lines
1.7 KiB
Nix
|
{ ... }:
|
||
|
|
||
|
{
|
||
|
services.podman = {
|
||
|
enable = true;
|
||
|
settings = {
|
||
|
containers = {
|
||
|
network = {
|
||
|
default_subnet = "172.16.10.0/24";
|
||
|
default_subnet_pools = [
|
||
|
{
|
||
|
base = "172.16.11.0/24";
|
||
|
size = 24;
|
||
|
}
|
||
|
{
|
||
|
base = "172.16.12.0/24";
|
||
|
size = 24;
|
||
|
}
|
||
|
];
|
||
|
};
|
||
|
};
|
||
|
storage = {
|
||
|
storage = {
|
||
|
runroot = "$HOME/.containers/runroot";
|
||
|
graphroot = "$HOME/.containers/graphroot";
|
||
|
};
|
||
|
};
|
||
|
registries = {
|
||
|
block = [ "ghcr.io" "gallery.ecr.aws" ];
|
||
|
insecure = [ "quay.io" ];
|
||
|
search = [ "docker.io" ];
|
||
|
};
|
||
|
policy = { default = [{ type = "insecureAcceptAnything"; }]; };
|
||
|
};
|
||
|
};
|
||
|
|
||
|
nmt.script = ''
|
||
|
configPath=home-files/.config/containers
|
||
|
containersFile=$configPath/containers.conf
|
||
|
policyFile=$configPath/policy.json
|
||
|
registriesFile=$configPath/registries.conf
|
||
|
storageFile=$configPath/storage.conf
|
||
|
|
||
|
assertFileExists $containersFile
|
||
|
assertFileExists $policyFile
|
||
|
assertFileExists $registriesFile
|
||
|
assertFileExists $storageFile
|
||
|
|
||
|
containersFile=$(normalizeStorePaths $containersFile)
|
||
|
policyFile=$(normalizeStorePaths $policyFile)
|
||
|
registriesFile=$(normalizeStorePaths $registriesFile)
|
||
|
storageFile=$(normalizeStorePaths $storageFile)
|
||
|
|
||
|
assertFileContent $containersFile ${
|
||
|
./configuration-containers-expected.conf
|
||
|
}
|
||
|
assertFileContent $policyFile ${./configuration-policy-expected.json}
|
||
|
assertFileContent $registriesFile ${
|
||
|
./configuration-registries-expected.conf
|
||
|
}
|
||
|
assertFileContent $storageFile ${./configuration-storage-expected.conf}
|
||
|
'';
|
||
|
}
|