This commit is contained in:
Bad 2023-01-14 20:36:28 +01:00
parent c13fe4b6df
commit ab3a9b739e
6 changed files with 53 additions and 97 deletions

View file

@ -7,11 +7,11 @@
]
},
"locked": {
"lastModified": 1665870395,
"narHash": "sha256-Tsbqb27LDNxOoPLh0gw2hIb6L/6Ow/6lIBvqcHzEKBI=",
"lastModified": 1673301561,
"narHash": "sha256-gRUWHbBAtMuPDJQXotoI8u6+3DGBIUZHkyQWpIv7WpM=",
"owner": "ryantm",
"repo": "agenix",
"rev": "a630400067c6d03c9b3e0455347dc8559db14288",
"rev": "42d371d861a227149dc9a7e03350c9ab8b8ddd68",
"type": "github"
},
"original": {
@ -42,11 +42,11 @@
]
},
"locked": {
"lastModified": 1672753581,
"narHash": "sha256-EIi2tqHoje5cE9WqH23ZghW28NOOWSUM7tcxKE1U9KI=",
"lastModified": 1673295039,
"narHash": "sha256-AsdYgE8/GPwcelGgrntlijMg4t3hLFJFCRF3tL5WVjA=",
"owner": "LnL7",
"repo": "nix-darwin",
"rev": "3db1d870b04b13411f56ab1a50cd32b001f56433",
"rev": "87b9d090ad39b25b2400029c64825fc2a8868943",
"type": "github"
},
"original": {
@ -168,11 +168,11 @@
"rust-analyzer-src": "rust-analyzer-src"
},
"locked": {
"lastModified": 1672899733,
"narHash": "sha256-98v9wy+npi5NYHdb3wVh2fIelacCZJXrENET1YUSF+k=",
"lastModified": 1673591020,
"narHash": "sha256-9tHlrBdm/6NqgENQ0Uupn3rJP8q0yeGtvSrVkpb17Gk=",
"owner": "nix-community",
"repo": "fenix",
"rev": "8febc16949eacf0b66a2378fcddd574630a458b2",
"rev": "3966a723f5a710b70aaafa29eb277db0389183db",
"type": "github"
},
"original": {
@ -216,11 +216,11 @@
"flake-compat_3": {
"flake": false,
"locked": {
"lastModified": 1650374568,
"narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=",
"lastModified": 1668681692,
"narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "b4a34015c698c7793d592d66adbab377907a2be8",
"rev": "009399224d5e398d03b22badca40a37ac85412a1",
"type": "github"
},
"original": {
@ -364,11 +364,11 @@
]
},
"locked": {
"lastModified": 1672780900,
"narHash": "sha256-DxuSn6BdkZapIbg76xzYx1KhVPEZeBexMkt1q/sMVPA=",
"lastModified": 1673343300,
"narHash": "sha256-5Xdj6kpXYMie0MlnGwqK5FaMdsedxvyuakWtyKB3zaQ=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "54245e1820caabd8a0b53ce4d47e4d0fefe04cd4",
"rev": "176e455371a8371586e8a3ff0d56ee9f3ca2324e",
"type": "github"
},
"original": {
@ -411,11 +411,11 @@
},
"latest_2": {
"locked": {
"lastModified": 1672941755,
"narHash": "sha256-lX6zS72w76EkBMPBcSIRQJWznQZuizy2c55/iyg88UU=",
"lastModified": 1673629240,
"narHash": "sha256-RiqQpSFl1w1yuVPdNp9aRxqOzidZ4Usuy+p0tbUhLb8=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "d374964cb3d575ced4222b912ca9d03bd45d7e3d",
"rev": "9b896acabe4332fee1939c33a310e17ee62e81bb",
"type": "github"
},
"original": {
@ -451,11 +451,11 @@
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1661367362,
"narHash": "sha256-Qc8MXcV+YCPREu8kk6oggk23ZBKLqeQRAIsLbHEviPE=",
"lastModified": 1672992692,
"narHash": "sha256-/eLQLSNIa22ARTZbk+x8i0iE8khe1eiHWkuxgTVXZ7g=",
"owner": "guibou",
"repo": "nixGL",
"rev": "7165ffbccbd2cf4379b6cd6d2edd1620a427e5ae",
"rev": "643e730efb981ffaf8478f441ec9b9aeea1c89f5",
"type": "github"
},
"original": {
@ -466,11 +466,11 @@
},
"nixos": {
"locked": {
"lastModified": 1672791794,
"narHash": "sha256-mqGPpGmwap0Wfsf3o2b6qHJW1w2kk/I6cGCGIU+3t6o=",
"lastModified": 1673450908,
"narHash": "sha256-b8em+kwrNtnB7gR8SyVf6WuTyQ+6tHS6dzt9D9wgKF0=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "9813adc7f7c0edd738c6bdd8431439688bb0cb3d",
"rev": "6c8644fc37b6e141cbfa6c7dc8d98846c4ff0c2e",
"type": "github"
},
"original": {
@ -482,11 +482,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1672644464,
"narHash": "sha256-RYlvRMcQNT7FDoDkViijQBHg9g+blsB+U6AvL/gAsPI=",
"lastModified": 1673440569,
"narHash": "sha256-FQ5o0yI+MH9MgfseeGDsVIIpIqv3BCgq+0NzncuZ9Zo=",
"owner": "nixos",
"repo": "nixos-hardware",
"rev": "ca29e25c39b8e117d4d76a81f1e229824a9b3a26",
"rev": "88016c96c3c338aa801695cdd9f186820bcfe4d6",
"type": "github"
},
"original": {
@ -497,11 +497,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1672617983,
"narHash": "sha256-68WDiCBs631mbDDk4UAKdGURKcsfW6hjb7wgudTAe5o=",
"lastModified": 1673450908,
"narHash": "sha256-b8em+kwrNtnB7gR8SyVf6WuTyQ+6tHS6dzt9D9wgKF0=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "0fc9fca9c8d43edd79d33fea0dd8409d7c4580f4",
"rev": "6c8644fc37b6e141cbfa6c7dc8d98846c4ff0c2e",
"type": "github"
},
"original": {
@ -537,11 +537,11 @@
]
},
"locked": {
"lastModified": 1667620329,
"narHash": "sha256-v1Zk7rtEbAGpevBGPZvZBKpwbmw4I+uVwxvd+pBlp3o=",
"lastModified": 1672979485,
"narHash": "sha256-LrY0K1yya3nvRlGDc98wm68ozVj7E6a1EXXEr7eHp8E=",
"owner": "berberman",
"repo": "nvfetcher",
"rev": "294826951113dcd3aa9abbcacfb1aa5b95a19116",
"rev": "0a9ac5fd07b52467d81163b1f8c94c12e5c9aff9",
"type": "github"
},
"original": {
@ -635,11 +635,11 @@
"rust-analyzer-src": {
"flake": false,
"locked": {
"lastModified": 1672857514,
"narHash": "sha256-zbsLi/SdbSYC0ewLpvGY8cSgn1Ty/Tfb6ParyZmhSdY=",
"lastModified": 1673537112,
"narHash": "sha256-x7kPou0eKN33wYCam3QBQOwSuQFBinsc7UD+R/qPE0g=",
"owner": "rust-lang",
"repo": "rust-analyzer",
"rev": "80cabf726068187d8686b5ccf37aac484da84904",
"rev": "fb39efe26cfbc81e5ed5e6518262fcc2d44229c2",
"type": "github"
},
"original": {
@ -651,16 +651,16 @@
},
"stable": {
"locked": {
"lastModified": 1672580127,
"narHash": "sha256-3lW3xZslREhJogoOkjeZtlBtvFMyxHku7I/9IVehhT8=",
"lastModified": 1673612960,
"narHash": "sha256-DWR7hrbecJKmUJCswk9MXZta710mq+3jZwTvHU/UfyY=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "0874168639713f547c05947c76124f78441ea46c",
"rev": "e285dd0ca97c264003867c7329f0d1f4f028739c",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-22.05",
"ref": "nixos-22.11",
"repo": "nixpkgs",
"type": "github"
}

View file

@ -4,7 +4,7 @@
nixConfig.extra-experimental-features = "nix-command flakes";
inputs =
{
stable.url = "github:nixos/nixpkgs/nixos-22.05";
stable.url = "github:nixos/nixpkgs/nixos-22.11";
nixos.url = "github:nixos/nixpkgs/nixos-unstable";
latest.url = "github:nixos/nixpkgs/master";

View file

@ -2,7 +2,6 @@
imports = [
./podman.nix
./containers.nix
./podman-dnsname.nix
./docker-compat.nix
];
}

View file

@ -1,36 +0,0 @@
{ config, lib, pkgs, ... }:
let
inherit (lib)
mkOption
mkIf
types
;
cfg = config.services.podman;
in
{
options = {
services.podman = {
defaultNetwork.dnsname.enable = mkOption {
type = types.bool;
default = false;
description = ''
Enable DNS resolution in the default podman network.
'';
};
};
};
config = {
virtualisation.containers.containersConf.cniPlugins = mkIf cfg.defaultNetwork.dnsname.enable [ pkgs.dnsname-cni ];
services.podman.defaultNetwork.extraPlugins =
lib.optional cfg.defaultNetwork.dnsname.enable {
type = "dnsname";
domainName = "dns.podman";
capabilities.aliases = true;
};
};
}

View file

@ -7,25 +7,9 @@ let
inherit (lib) mkOption types;
podmanPackage = (pkgs.podman.override { inherit (cfg) extraPackages; });
net-conflist = pkgs.runCommand "87-podman-bridge.conflist"
{
nativeBuildInputs = [ pkgs.jq ];
extraPlugins = builtins.toJSON cfg.defaultNetwork.extraPlugins;
jqScript = ''
. + { "plugins": (.plugins + $extraPlugins) }
'';
} ''
jq <${cfg.package}/etc/cni/net.d/87-podman-bridge.conflist \
--argjson extraPlugins "$extraPlugins" \
"$jqScript" \
>$out
'';
in
{
imports = [
./podman-dnsname.nix
#./podman-network-socket.nix
(lib.mkRenamedOptionModule [ "virtualisation" "podman" "libpod" ] [ "virtualisation" "containers" "containersConf" ])
];
@ -91,11 +75,21 @@ in
config = lib.mkIf cfg.enable
{
home.packages = [ cfg.package ];
xdg.configFile."cni/net.d/87-podman-bridge.conflist".source = net-conflist;
xdg.configFile."containers/networks/podman.json".source = json.generate "podman.json" ({
dns_enabled = false;
driver = "bridge";
id = "0000000000000000000000000000000000000000000000000000000000000000";
internal = false;
ipam_options = { driver = "host-local"; };
ipv6_enabled = false;
name = "podman";
network_interface = "podman0";
subnets = [{ gateway = "10.88.0.1"; subnet = "10.88.0.0/16"; }];
});
virtualisation.containers = {
enable = true; # Enable common /etc/containers configuration
containersConf.settings = lib.optionalAttrs cfg.enableNvidia {
network.network_backend = "netavark";
engine = {
conmon_env_vars = [ "PATH=${lib.makeBinPath [ pkgs.nvidia-podman ]}" ];
runtimes.nvidia = [ "${pkgs.nvidia-podman}/bin/nvidia-container-runtime" ];

View file

@ -1,7 +1,6 @@
{ pkgs, ... }:
{
services.podman.enable = true;
services.podman.defaultNetwork.dnsname.enable = true;
services.podman.dockerCompat = {
dockerSocket.enable = true;
dockerCompose.enable = true;