2023-09-18 19:33:14 +02:00
|
|
|
_:
|
|
|
|
|
|
|
|
|
|
{
|
|
|
|
|
# Enable /etc/containers configuration (used by podman, cri-o, etc.)
|
|
|
|
|
virtualisation.containers.enable = true;
|
|
|
|
|
virtualisation.containers.containersConf.settings = {
|
|
|
|
|
# Create unique User Namespace for the container
|
|
|
|
|
containers.userns = "auto";
|
|
|
|
|
};
|
2023-09-18 23:39:37 +02:00
|
|
|
virtualisation.containers.storage.settings = {
|
|
|
|
|
# defaults
|
|
|
|
|
storage = {
|
|
|
|
|
driver = "overlay";
|
|
|
|
|
graphroot = "/var/lib/containers/storage";
|
|
|
|
|
runroot = "/run/containers/storage";
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
# SUB_UID_MAX: https://man7.org/linux/man-pages/man5/login.defs.5.html
|
|
|
|
|
storage.options.auto-userns-max-size = 600100000;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
# Increase sub{u,g}id range
|
2023-09-30 02:37:35 +02:00
|
|
|
users.users."containers" = {
|
|
|
|
|
isSystemUser = true;
|
|
|
|
|
group = "containers";
|
2023-09-18 23:39:37 +02:00
|
|
|
subUidRanges = [{
|
|
|
|
|
startUid = 60100000;
|
|
|
|
|
count = 60000000;
|
|
|
|
|
}];
|
|
|
|
|
subGidRanges = [{
|
|
|
|
|
startGid = 60100000;
|
|
|
|
|
count = 60000000;
|
|
|
|
|
}];
|
|
|
|
|
};
|
2023-09-30 02:37:35 +02:00
|
|
|
|
|
|
|
|
users.groups.containers = { };
|
2023-09-18 19:33:14 +02:00
|
|
|
}
|
