public
/
nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #86249 from adisbladis/podman-wrapper 

podman: Wrap packages required to run containers
This commit is contained in:
adisbladis 2020-04-29 17:05:41 +02:00 committed by GitHub
parent c2c30d926c 78cba5ac1e
commit f0c83319a6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 72 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
nixos/modules/virtualisation/podman.nix
View File

@ -4,18 +4,20 @@ let
inherit (lib) mkOption types; inherit (lib) mkOption types;
podmanPackage = (pkgs.podman.override { inherit (cfg) extraPackages; });
# Provides a fake "docker" binary mapping to podman # Provides a fake "docker" binary mapping to podman
dockerCompat = pkgs.runCommandNoCC "${pkgs.podman.pname}-docker-compat-${pkgs.podman.version}" { dockerCompat = pkgs.runCommandNoCC "${podmanPackage.pname}-docker-compat-${podmanPackage.version}" {
outputs = [ "out" "bin" "man" ]; outputs = [ "out" "bin" "man" ];
inherit (pkgs.podman) meta; inherit (podmanPackage) meta;
} '' } ''
mkdir $out mkdir $out
mkdir -p $bin/bin mkdir -p $bin/bin
ln -s ${pkgs.podman.bin}/bin/podman $bin/bin/docker ln -s ${podmanPackage.bin}/bin/podman $bin/bin/docker
mkdir -p $man/share/man/man1 mkdir -p $man/share/man/man1
for f in ${pkgs.podman.man}/share/man/man1/*; do for f in ${podmanPackage.man}/share/man/man1/*; do
basename=$(basename $f | sed s/podman/docker/g) basename=$(basename $f | sed s/podman/docker/g)
ln -s $f $man/share/man/man1/$basename ln -s $f $man/share/man/man1/$basename
done done
@ -54,6 +56,19 @@ in
''; '';
}; };
extraPackages = mkOption {
type = with types; listOf package;
default = [ ];
example = lib.literalExample ''
[
pkgs.gvisor
]
'';
description = ''
Extra packages to be installed in the Podman wrapper.
'';
};
libpod = mkOption { libpod = mkOption {
default = {}; default = {};
description = "Libpod configuration"; description = "Libpod configuration";
@ -77,25 +92,15 @@ in
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
environment.systemPackages = [ environment.systemPackages = [ podmanPackage ]
pkgs.podman # Docker compat ++ lib.optional cfg.dockerCompat dockerCompat;
pkgs.runc # Default container runtime
pkgs.crun # Default container runtime (cgroups v2)
pkgs.conmon # Container runtime monitor
pkgs.slirp4netns # User-mode networking for unprivileged namespaces
pkgs.fuse-overlayfs # CoW for images, much faster than default vfs
pkgs.utillinux # nsenter
pkgs.iptables
]
++ lib.optional cfg.dockerCompat dockerCompat;
environment.etc."containers/libpod.conf".text = '' environment.etc."containers/libpod.conf".text = ''
cni_plugin_dir = ["${pkgs.cni-plugins}/bin/"] cni_plugin_dir = ["${pkgs.cni-plugins}/bin/"]
cni_config_dir = "/etc/cni/net.d/"
'' + cfg.libpod.extraConfig; '' + cfg.libpod.extraConfig;
environment.etc."cni/net.d/87-podman-bridge.conflist".source = copyFile "${pkgs.podman.src}/cni/87-podman-bridge.conflist"; environment.etc."cni/net.d/87-podman-bridge.conflist".source = copyFile "${pkgs.podman-unwrapped.src}/cni/87-podman-bridge.conflist";
# Enable common /etc/containers configuration # Enable common /etc/containers configuration
virtualisation.containers.enable = true; virtualisation.containers.enable = true;

48
pkgs/applications/virtualization/podman/wrapper.nix Normal file
View File

@ -0,0 +1,48 @@
{ podman-unwrapped
, runCommand
, makeWrapper
, lib
, extraPackages ? []
, podman # Docker compat
, runc # Default container runtime
, crun # Default container runtime (cgroups v2)
, conmon # Container runtime monitor
, slirp4netns # User-mode networking for unprivileged namespaces
, fuse-overlayfs # CoW for images, much faster than default vfs
, utillinux # nsenter
, cni-plugins
, iptables
}:
let
podman = podman-unwrapped;
binPath = lib.makeBinPath ([
runc
crun
conmon
slirp4netns
fuse-overlayfs
utillinux
iptables
] ++ extraPackages);
in runCommand podman.name {
inherit (podman) name pname version meta outputs;
nativeBuildInputs = [
makeWrapper
];
} ''
# Symlink everything but $bin from podman-unwrapped
${
lib.concatMapStringsSep "\n"
(o: "ln -s ${podman.${o}} ${placeholder o}")
(builtins.filter (o: o != "bin")
podman.outputs)}
mkdir -p $bin/bin
ln -s ${podman-unwrapped}/share $bin/share
makeWrapper ${podman-unwrapped}/bin/podman $bin/bin/podman \
--prefix PATH : ${binPath}
''

3
pkgs/top-level/all-packages.nix
View File

@ -5966,7 +5966,8 @@ in
podiff = callPackage ../tools/text/podiff { }; podiff = callPackage ../tools/text/podiff { };
podman = callPackage ../applications/virtualization/podman { }; podman = callPackage ../applications/virtualization/podman/wrapper.nix { };
podman-unwrapped = callPackage ../applications/virtualization/podman { };
podman-compose = python3Packages.callPackage ../applications/virtualization/podman-compose {}; podman-compose = python3Packages.callPackage ../applications/virtualization/podman-compose {};