podman: Wrap packages required to run containers

2020-04-28 21:23:03 +01:00 · 2020-04-28 21:23:03 +01:00 · b2a9a3e9cb
commit b2a9a3e9cb
parent cffb1cbcb2
3 changed files with 53 additions and 13 deletions
--- a/nixos/modules/virtualisation/podman.nix
+++ b/nixos/modules/virtualisation/podman.nix
@ -77,17 +77,8 @@ in

  config = lib.mkIf cfg.enable {

-    environment.systemPackages = [
-      pkgs.podman # Docker compat
-      pkgs.runc # Default container runtime
-      pkgs.crun # Default container runtime (cgroups v2)
-      pkgs.conmon # Container runtime monitor
-      pkgs.slirp4netns # User-mode networking for unprivileged namespaces
-      pkgs.fuse-overlayfs # CoW for images, much faster than default vfs
-      pkgs.utillinux # nsenter
-      pkgs.iptables
-    ]
-    ++ lib.optional cfg.dockerCompat dockerCompat;
+    environment.systemPackages = [ pkgs.podman ]
+      ++ lib.optional cfg.dockerCompat dockerCompat;

    environment.etc."containers/libpod.conf".text = ''
      cni_plugin_dir = ["${pkgs.cni-plugins}/bin/"]
@ -95,7 +86,7 @@ in

    '' + cfg.libpod.extraConfig;

-    environment.etc."cni/net.d/87-podman-bridge.conflist".source = copyFile "${pkgs.podman.src}/cni/87-podman-bridge.conflist";
+    environment.etc."cni/net.d/87-podman-bridge.conflist".source = copyFile "${pkgs.podman-unwrapped.src}/cni/87-podman-bridge.conflist";

    # Enable common /etc/containers configuration
    virtualisation.containers.enable = true;
--- a/pkgs/applications/virtualization/podman/wrapper.nix
+++ b/pkgs/applications/virtualization/podman/wrapper.nix
@ -0,0 +1,48 @@
+{ podman-unwrapped
+, runCommand
+, makeWrapper
+, lib
+, extraPackages ? []
+, podman # Docker compat
+, runc # Default container runtime
+, crun # Default container runtime (cgroups v2)
+, conmon # Container runtime monitor
+, slirp4netns # User-mode networking for unprivileged namespaces
+, fuse-overlayfs # CoW for images, much faster than default vfs
+, utillinux # nsenter
+, cni-plugins
+, iptables
+}:
+
+let
+  podman = podman-unwrapped;
+
+  binPath = lib.makeBinPath ([
+    runc
+    crun
+    conmon
+    slirp4netns
+    fuse-overlayfs
+    utillinux
+    iptables
+  ] ++ extraPackages);
+
+in runCommand podman.name {
+  inherit (podman) name pname version meta outputs;
+  nativeBuildInputs = [
+    makeWrapper
+  ];
+
+} ''
+  # Symlink everything but $bin from podman-unwrapped
+  ${
+    lib.concatMapStringsSep "\n"
+    (o: "ln -s ${podman.${o}} ${placeholder o}")
+    (builtins.filter (o: o != "bin")
+    podman.outputs)}
+
+  mkdir -p $bin/bin
+  ln -s ${podman-unwrapped}/share $bin/share
+  makeWrapper ${podman-unwrapped}/bin/podman $bin/bin/podman \
+    --prefix PATH : ${binPath}
+''
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@ -5966,7 +5966,8 @@ in

  podiff = callPackage ../tools/text/podiff { };

-  podman = callPackage ../applications/virtualization/podman { };
+  podman = callPackage ../applications/virtualization/podman/wrapper.nix { };
+  podman-unwrapped = callPackage ../applications/virtualization/podman { };

  podman-compose = python3Packages.callPackage ../applications/virtualization/podman-compose {};