eeva/home-manager
1
0
Fork 0
mirror of https://github.com/nix-community/home-manager synced 2024-11-27 05:29:46 +01:00
Code Issues Releases Wiki Activity
home-manager/modules/virtualisation/containers.nix

77 lines
1.9 KiB
Nix
Raw Normal View History

podman: add module This module is a continuation of #2630 by MaeIsBad. It also adds a module `virtualisation.oci-containers` that is equivalent to the one in NixOS. Basically it allows a simple toggle to activate oci-container services and commands. We also support Podman on mac. Note, Podman requires a VM on mac, which has to be started before any Podman commands can be executed. Users might sometimes require VMs that use different architectures than the default VM started by Podman. Thus, they get the option to define the VM(s) that will be initialized and started by podman. Since Podman has to start a machine, it's best to do it using launchd. The configuration of the machines requires a JSON, generated from an attrset in Home Manager, which is where Python script comes into play to take care of diff-ing the `podman machine list` to CRUD them. PR #4331 Co-authored-by: MaeIsBad <26093674+MaeIsBad@users.noreply.github.com>
2023-08-11 10:42:57 +02:00
{ config, lib, pkgs, ... }:
let
cfg = config.virtualisation.containers;
inherit (lib) mkOption types;
toml = pkgs.formats.toml { };
in {
meta.maintainers = [ lib.maintainers.michaelCTS ];
options.virtualisation.containers = {
enable = lib.mkEnableOption "the common containers configuration module";
ociSeccompBpfHook.enable = lib.mkEnableOption "the OCI seccomp BPF hook";
registries = {
search = mkOption {
type = types.listOf types.str;
default = [ "docker.io" "quay.io" ];
description = ''
List of repositories to search.
'';
};
insecure = mkOption {
type = types.listOf types.str;
default = [ ];
description = ''
List of insecure repositories.
'';
};
block = mkOption {
type = types.listOf types.str;
default = [ ];
description = ''
List of blocked repositories.
'';
};
};
policy = mkOption {
type = types.attrs;
default = { };
example = lib.literalExpression ''
{
default = [ { type = "insecureAcceptAnything"; } ];
transports = {
docker-daemon = {
"" = [ { type = "insecureAcceptAnything"; } ];
};
};
}
'';
description = ''
Signature verification policy file.
If this option is empty the default policy file from
`skopeo` will be used.
'';
};
};
config = lib.mkIf cfg.enable {
xdg.configFile."containers/registries.conf".source =
toml.generate "registries.conf" {
registries = lib.mapAttrs (n: v: { registries = v; }) cfg.registries;
};
xdg.configFile."containers/policy.json".source = if cfg.policy != { } then
pkgs.writeText "policy.json" (builtins.toJSON cfg.policy)
else
"${pkgs.skopeo.src}/default-policy.json";
};
}
Reference in a new issue Copy permalink