Podman on guix (rootless-podman-service-type)

Guix
1

i found a couple tutorials for podman on guix from before rootless-podman-service-type existed

but how do we setup podman now that it does exist? ive tried finding documentation for rootless-podman-service-type but don’t think it has been created yet, do i just copy whats at the top of the issue thread?

if so, whats small-guix, and why’s (service iptables-service-type) needed?

EDIT: nevermind, i just found a manual page that wasnt coming up with search engine, ill try that out first!

2 Likes
2

This is really cool, I had not seen rootless-podman-service-type yet. Thanks for pointing it out!

1 Like
3

okay now i get error: subid-range: unbound variable so im trying to figure out that…

4

whats small-guix

small-guix is my personal channel, where I test implementations before sending them to Guix mainline

why’s (service iptables-service-type) needed?

An iptables basic config is required for podman to share ports , docker does this on its own under the hood. the rootless-podman-service-type just explicitates this dependency.

okay now i get error: subid-range: unbound variable so im trying to figure out that…

that is probably because you need to import (gnu system accounts) . this is stated in the subids-service-type documentation, but I forgot to add it also to the podman one. I’ll send a patch if I remember, otherwise feel free to do so yourself if you want

3 Likes
5

Nice to see you here @paul, thanks for putting this service together!

1 Like
6

Just in case anyone misses the link to the solution (I missed it), here it is:

Manual for rootless-podman-service-type: GNU Guix Reference Manual

Which provides this example:

(use-service-modules containers networking …)
(use-modules (gnu system accounts))  ;for 'subid-range'

(operating-system
  ;; …
  (users (cons (user-account
                (name "alice")
                (group "users")

                ;; Adding the account to the "cgroup" group
                ;; makes it possible to run podman commands.
                (supplementary-groups '("cgroup" "wheel"
                                        "audio" "video")))
               %base-user-accounts))
  (services
    (append (list (service iptables-service-type)
                  (service rootless-podman-service-type
                           (rootless-podman-configuration
                             (subgids
                               (list (subid-range (name "alice"))))
                             (subuids
                               (list (subid-range (name "alice")))))))
            %base-services)))