From fb8b0a38433c8e83a53c1dc0a739c5a7ad64e2fc Mon Sep 17 00:00:00 2001 From: Robert Hensing Date: Tue, 25 May 2021 10:22:29 +0200 Subject: [PATCH] nixos/podman: Change podman socket to new podman group --- nixos/modules/virtualisation/podman.nix | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/nixos/modules/virtualisation/podman.nix b/nixos/modules/virtualisation/podman.nix index d6421d488b8b..e879b5ad8f9f 100644 --- a/nixos/modules/virtualisation/podman.nix +++ b/nixos/modules/virtualisation/podman.nix @@ -111,8 +111,19 @@ in }; systemd.sockets.podman.wantedBy = [ "sockets.target" ]; + systemd.sockets.podman.socketConfig.SocketGroup = "podman"; - systemd.tmpfiles.packages = [ cfg.package ]; + systemd.tmpfiles.packages = [ + # The /run/podman rule interferes with our podman group, so we remove + # it and let the systemd socket logic take care of it. + (pkgs.runCommand "podman-tmpfiles-nixos" { package = cfg.package; } '' + mkdir -p $out/lib/tmpfiles.d/ + grep -v 'D! /run/podman 0700 root root' \ + <$package/lib/tmpfiles.d/podman.conf \ + >$out/lib/tmpfiles.d/podman.conf + '') ]; + + users.groups.podman = {}; assertions = [ {