baduhai/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

move podmand security options to podman aspect

Browse source
This commit is contained in:
William 2026-02-07 09:33:55 -03:00
parent d83172f487
commit c6fbd21009
2 changed files with 23 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

9
aspects/common/security.nix
View file

@ -1,14 +1,13 @@
{ ... }: { ... }:
{ {
flake.modules.nixos.common-security = { ... }: { flake.modules.nixos.common-security =
security = { { ... }:
unprivilegedUsernsClone = true; # Needed for rootless podman {
sudo = { security.sudo = {
wheelNeedsPassword = false; wheelNeedsPassword = false;
extraConfig = '' extraConfig = ''
Defaults lecture = never Defaults lecture = never
''; '';
}; };
}; };
};
} }

11
aspects/podman.nix
View file

@ -1,12 +1,21 @@
{ ... }: { ... }:
{ {
flake.modules.nixos.podman = { config, lib, pkgs, ... }: { flake.modules.nixos.podman =
{
config,
lib,
pkgs,
...
}:
{
virtualisation.podman = { virtualisation.podman = {
enable = true; enable = true;
autoPrune.enable = true; autoPrune.enable = true;
extraPackages = [ pkgs.podman-compose ]; extraPackages = [ pkgs.podman-compose ];
}; };
security.unprivilegedUsernsClone = true; # Needed for rootless podman
systemd = { systemd = {
services.podman-auto-update.enable = true; services.podman-auto-update.enable = true;
timers.podman-auto-update.enable = true; timers.podman-auto-update.enable = true;