From b2a9a3e9cbe3eadb613161d88bd407f797ce270e Mon Sep 17 00:00:00 2001 From: adisbladis Date: Tue, 28 Apr 2020 21:23:03 +0100 Subject: podman: Wrap packages required to run containers --- nixos/modules/virtualisation/podman.nix | 15 ++----- .../applications/virtualization/podman/wrapper.nix | 48 ++++++++++++++++++++++ pkgs/top-level/all-packages.nix | 3 +- 3 files changed, 53 insertions(+), 13 deletions(-) create mode 100644 pkgs/applications/virtualization/podman/wrapper.nix diff --git a/nixos/modules/virtualisation/podman.nix b/nixos/modules/virtualisation/podman.nix index 41d50dc73084c..57c9c07df45b4 100644 --- a/nixos/modules/virtualisation/podman.nix +++ b/nixos/modules/virtualisation/podman.nix @@ -77,17 +77,8 @@ in config = lib.mkIf cfg.enable { - environment.systemPackages = [ - pkgs.podman # Docker compat - pkgs.runc # Default container runtime - pkgs.crun # Default container runtime (cgroups v2) - pkgs.conmon # Container runtime monitor - pkgs.slirp4netns # User-mode networking for unprivileged namespaces - pkgs.fuse-overlayfs # CoW for images, much faster than default vfs - pkgs.utillinux # nsenter - pkgs.iptables - ] - ++ lib.optional cfg.dockerCompat dockerCompat; + environment.systemPackages = [ pkgs.podman ] + ++ lib.optional cfg.dockerCompat dockerCompat; environment.etc."containers/libpod.conf".text = '' cni_plugin_dir = ["${pkgs.cni-plugins}/bin/"] @@ -95,7 +86,7 @@ in '' + cfg.libpod.extraConfig; - environment.etc."cni/net.d/87-podman-bridge.conflist".source = copyFile "${pkgs.podman.src}/cni/87-podman-bridge.conflist"; + environment.etc."cni/net.d/87-podman-bridge.conflist".source = copyFile "${pkgs.podman-unwrapped.src}/cni/87-podman-bridge.conflist"; # Enable common /etc/containers configuration virtualisation.containers.enable = true; diff --git a/pkgs/applications/virtualization/podman/wrapper.nix b/pkgs/applications/virtualization/podman/wrapper.nix new file mode 100644 index 0000000000000..0b905c0c709e1 --- /dev/null +++ b/pkgs/applications/virtualization/podman/wrapper.nix @@ -0,0 +1,48 @@ +{ podman-unwrapped +, runCommand +, makeWrapper +, lib +, extraPackages ? [] +, podman # Docker compat +, runc # Default container runtime +, crun # Default container runtime (cgroups v2) +, conmon # Container runtime monitor +, slirp4netns # User-mode networking for unprivileged namespaces +, fuse-overlayfs # CoW for images, much faster than default vfs +, utillinux # nsenter +, cni-plugins +, iptables +}: + +let + podman = podman-unwrapped; + + binPath = lib.makeBinPath ([ + runc + crun + conmon + slirp4netns + fuse-overlayfs + utillinux + iptables + ] ++ extraPackages); + +in runCommand podman.name { + inherit (podman) name pname version meta outputs; + nativeBuildInputs = [ + makeWrapper + ]; + +} '' + # Symlink everything but $bin from podman-unwrapped + ${ + lib.concatMapStringsSep "\n" + (o: "ln -s ${podman.${o}} ${placeholder o}") + (builtins.filter (o: o != "bin") + podman.outputs)} + + mkdir -p $bin/bin + ln -s ${podman-unwrapped}/share $bin/share + makeWrapper ${podman-unwrapped}/bin/podman $bin/bin/podman \ + --prefix PATH : ${binPath} +'' diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index a4a88ffc1c2dd..51f1a6a1db666 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -5966,7 +5966,8 @@ in podiff = callPackage ../tools/text/podiff { }; - podman = callPackage ../applications/virtualization/podman { }; + podman = callPackage ../applications/virtualization/podman/wrapper.nix { }; + podman-unwrapped = callPackage ../applications/virtualization/podman { }; podman-compose = python3Packages.callPackage ../applications/virtualization/podman-compose {}; -- cgit 1.4.1