diff options
| author | adisbladis <adisbladis@gmail.com> | 2020-04-29 17:05:41 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-04-29 17:05:41 +0200 |
| commit | f0c83319a6db4a4d936a50687090d173f3230495 (patch) | |
| tree | f1562a278c1045c0c45534dfb1c46db805daa650 | |
| parent | c2c30d926c39cd82b88a3e0c68bc980cd374c72c (diff) | |
| parent | 78cba5ac1e0883f939766523927205f7a722fa5c (diff) | |
| download | nixpkgs-f0c83319a6db4a4d936a50687090d173f3230495.tar nixpkgs-f0c83319a6db4a4d936a50687090d173f3230495.tar.gz nixpkgs-f0c83319a6db4a4d936a50687090d173f3230495.tar.bz2 nixpkgs-f0c83319a6db4a4d936a50687090d173f3230495.tar.lz nixpkgs-f0c83319a6db4a4d936a50687090d173f3230495.tar.xz nixpkgs-f0c83319a6db4a4d936a50687090d173f3230495.tar.zst nixpkgs-f0c83319a6db4a4d936a50687090d173f3230495.zip | |
Merge pull request #86249 from adisbladis/podman-wrapper
podman: Wrap packages required to run containers
| -rw-r--r-- | nixos/modules/virtualisation/podman.nix | 39 | ||||
| -rw-r--r-- | pkgs/applications/virtualization/podman/wrapper.nix | 48 | ||||
| -rw-r--r-- | pkgs/top-level/all-packages.nix | 3 |
3 files changed, 72 insertions, 18 deletions
diff --git a/nixos/modules/virtualisation/podman.nix b/nixos/modules/virtualisation/podman.nix index 41d50dc7308..815d0778ae7 100644 --- a/nixos/modules/virtualisation/podman.nix +++ b/nixos/modules/virtualisation/podman.nix @@ -4,18 +4,20 @@ let inherit (lib) mkOption types; + podmanPackage = (pkgs.podman.override { inherit (cfg) extraPackages; }); + # Provides a fake "docker" binary mapping to podman - dockerCompat = pkgs.runCommandNoCC "${pkgs.podman.pname}-docker-compat-${pkgs.podman.version}" { + dockerCompat = pkgs.runCommandNoCC "${podmanPackage.pname}-docker-compat-${podmanPackage.version}" { outputs = [ "out" "bin" "man" ]; - inherit (pkgs.podman) meta; + inherit (podmanPackage) meta; } '' mkdir $out mkdir -p $bin/bin - ln -s ${pkgs.podman.bin}/bin/podman $bin/bin/docker + ln -s ${podmanPackage.bin}/bin/podman $bin/bin/docker mkdir -p $man/share/man/man1 - for f in ${pkgs.podman.man}/share/man/man1/*; do + for f in ${podmanPackage.man}/share/man/man1/*; do basename=$(basename $f | sed s/podman/docker/g) ln -s $f $man/share/man/man1/$basename done @@ -54,6 +56,19 @@ in ''; }; + extraPackages = mkOption { + type = with types; listOf package; + default = [ ]; + example = lib.literalExample '' + [ + pkgs.gvisor + ] + ''; + description = '' + Extra packages to be installed in the Podman wrapper. + ''; + }; + libpod = mkOption { default = {}; description = "Libpod configuration"; @@ -77,25 +92,15 @@ in config = lib.mkIf cfg.enable { - environment.systemPackages = [ - pkgs.podman # Docker compat - pkgs.runc # Default container runtime - pkgs.crun # Default container runtime (cgroups v2) - pkgs.conmon # Container runtime monitor - pkgs.slirp4netns # User-mode networking for unprivileged namespaces - pkgs.fuse-overlayfs # CoW for images, much faster than default vfs - pkgs.utillinux # nsenter - pkgs.iptables - ] - ++ lib.optional cfg.dockerCompat dockerCompat; + environment.systemPackages = [ podmanPackage ] + ++ lib.optional cfg.dockerCompat dockerCompat; environment.etc."containers/libpod.conf".text = '' cni_plugin_dir = ["${pkgs.cni-plugins}/bin/"] - cni_config_dir = "/etc/cni/net.d/" '' + cfg.libpod.extraConfig; - environment.etc."cni/net.d/87-podman-bridge.conflist".source = copyFile "${pkgs.podman.src}/cni/87-podman-bridge.conflist"; + environment.etc."cni/net.d/87-podman-bridge.conflist".source = copyFile "${pkgs.podman-unwrapped.src}/cni/87-podman-bridge.conflist"; # Enable common /etc/containers configuration virtualisation.containers.enable = true; diff --git a/pkgs/applications/virtualization/podman/wrapper.nix b/pkgs/applications/virtualization/podman/wrapper.nix new file mode 100644 index 00000000000..0b905c0c709 --- /dev/null +++ b/pkgs/applications/virtualization/podman/wrapper.nix @@ -0,0 +1,48 @@ +{ podman-unwrapped +, runCommand +, makeWrapper +, lib +, extraPackages ? [] +, podman # Docker compat +, runc # Default container runtime +, crun # Default container runtime (cgroups v2) +, conmon # Container runtime monitor +, slirp4netns # User-mode networking for unprivileged namespaces +, fuse-overlayfs # CoW for images, much faster than default vfs +, utillinux # nsenter +, cni-plugins +, iptables +}: + +let + podman = podman-unwrapped; + + binPath = lib.makeBinPath ([ + runc + crun + conmon + slirp4netns + fuse-overlayfs + utillinux + iptables + ] ++ extraPackages); + +in runCommand podman.name { + inherit (podman) name pname version meta outputs; + nativeBuildInputs = [ + makeWrapper + ]; + +} '' + # Symlink everything but $bin from podman-unwrapped + ${ + lib.concatMapStringsSep "\n" + (o: "ln -s ${podman.${o}} ${placeholder o}") + (builtins.filter (o: o != "bin") + podman.outputs)} + + mkdir -p $bin/bin + ln -s ${podman-unwrapped}/share $bin/share + makeWrapper ${podman-unwrapped}/bin/podman $bin/bin/podman \ + --prefix PATH : ${binPath} +'' diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index a4a88ffc1c2..51f1a6a1db6 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -5966,7 +5966,8 @@ in podiff = callPackage ../tools/text/podiff { }; - podman = callPackage ../applications/virtualization/podman { }; + podman = callPackage ../applications/virtualization/podman/wrapper.nix { }; + podman-unwrapped = callPackage ../applications/virtualization/podman { }; podman-compose = python3Packages.callPackage ../applications/virtualization/podman-compose {}; |