From 1332534734cf1a6ee31a647219ab65e95f910ae4 Mon Sep 17 00:00:00 2001 From: Julian Stiller Date: Fri, 7 Feb 2025 13:28:35 +0100 Subject: [PATCH] Container: add containers/policy.json --- flake.nix | 35 +++++++++++++++++++++++++++++++---- 1 file changed, 31 insertions(+), 4 deletions(-) diff --git a/flake.nix b/flake.nix index 5d0ffba..33d4139 100644 --- a/flake.nix +++ b/flake.nix @@ -60,7 +60,29 @@ with pkgs; (imagePackages pkgs) ++ [ - (pkgs.writeTextFile { + + (writeTextFile { + name = "containerPolicy"; + destination = "/etc/containers/policy.json"; + text = '' + { + "default": [ + { + "type": "insecureAcceptAnything" + } + ], + "transports": + { + "docker-daemon": + { + "": [{"type":"insecureAcceptAnything"}] + } + } + } + ''; + }) + + (writeTextFile { name = "passwd"; destination = "/etc/passwd"; text = builtins.concatStringsSep "\n" [ @@ -100,7 +122,8 @@ "nobody:x:65534:65534:Unprivileged account (don't use!):/var/empty:/run/current-system/sw/bin/nologin" ]; }) - (pkgs.writeTextFile { + + (writeTextFile { name = "group"; destination = "/etc/group"; text = builtins.concatStringsSep "\n" [ @@ -127,7 +150,8 @@ "nogroup:x:65534:" ]; }) - (pkgs.writeTextFile { + + (writeTextFile { name = "nsswitch.conf"; destination = "/etc/nsswitch.conf"; text = builtins.concatStringsSep "\n" [ @@ -142,7 +166,8 @@ "rpc: files" ]; }) - (pkgs.writeTextFile { + + (writeTextFile { name = "nix.conf"; destination = "/etc/nix/nix.conf"; text = builtins.concatStringsSep "\n" [ @@ -153,6 +178,7 @@ ]; }) ]; + extraCommands = builtins.concatStringsSep "\n" [ # /usr/bin/env "mkdir usr" @@ -162,6 +188,7 @@ # root needs a home "mkdir -vp root" ]; + config = { Cmd = [ "/bin/bash" ]; Env = [