diff options
Diffstat (limited to 'nixos/modules/virtualisation/podman.nix')
| -rw-r--r-- | nixos/modules/virtualisation/podman.nix | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/nixos/modules/virtualisation/podman.nix b/nixos/modules/virtualisation/podman.nix index d6421d488b8..e879b5ad8f9 100644 --- a/nixos/modules/virtualisation/podman.nix +++ b/nixos/modules/virtualisation/podman.nix @@ -111,8 +111,19 @@ in }; systemd.sockets.podman.wantedBy = [ "sockets.target" ]; - - systemd.tmpfiles.packages = [ cfg.package ]; + systemd.sockets.podman.socketConfig.SocketGroup = "podman"; + + systemd.tmpfiles.packages = [ + # The /run/podman rule interferes with our podman group, so we remove + # it and let the systemd socket logic take care of it. + (pkgs.runCommand "podman-tmpfiles-nixos" { package = cfg.package; } '' + mkdir -p $out/lib/tmpfiles.d/ + grep -v 'D! /run/podman 0700 root root' \ + <$package/lib/tmpfiles.d/podman.conf \ + >$out/lib/tmpfiles.d/podman.conf + '') ]; + + users.groups.podman = {}; assertions = [ { |