Rootless podman, finally

2023-04-26 11:31:00 -03:00 · 2023-04-26 11:31:00 -03:00 · 1dfbc1384f
commit 1dfbc1384f
parent 3b5889e181
4 changed files with 12 additions and 2 deletions
--- a/hosts/common/default.nix
+++ b/hosts/common/default.nix
@ -8,6 +8,7 @@
    ./networking.nix
    ./nix.nix
    ./packages.nix
+    ./security.nix
    ./services.nix
    ./users.nix
    ./virtualisation.nix
--- a/hosts/common/security.nix
+++ b/hosts/common/security.nix
@ -0,0 +1,5 @@
+{ inputs, config, pkgs, lib, ... }:
+
+{
+  security.unprivilegedUsernsClone = true; # Needed for rootless podman
+}
--- a/hosts/common/virtualisation.nix
+++ b/hosts/common/virtualisation.nix
@ -1,5 +1,9 @@
 { inputs, config, pkgs, lib, ... }:

 {
-  virtualisation.podman.enable = true;
+  virtualisation.podman = {
+    enable = true;
+    dockerCompat = true;
+    defaultNetwork.settings = { dns_enabled = true; };
+  };
 }
--- a/hosts/servers/alexandria/arr.nix
+++ b/hosts/servers/alexandria/arr.nix
@ -5,7 +5,7 @@
    bazarr = {
      enable = true;
      user = "user";
-      group = "hosted";
+      group = "user";
    };

    jackett.enable = true;