policy.json in extra file, default to reject

2025-02-22 16:07:10 +01:00 · 2025-02-01 16:02:27 +01:00 · 2025-02-01 16:02:27 +01:00 · 87b5b7ab00
parent b143437c89
commit 87b5b7ab00
2 changed files with 17 additions and 16 deletions
--- a/home/vinzenz/.config/containers/policy.json
+++ b/home/vinzenz/.config/containers/policy.json
@ -0,0 +1,16 @@
+{
+    "default": [
+        {
+            "type": "reject"
+        }
+    ],
+    "transports": {
+        "docker-daemon": {
+            "": [
+                {
+                    "type": "insecureAcceptAnything"
+                }
+            ]
+        }
+    }
+}
--- a/home/vinzenz/default.nix
+++ b/home/vinzenz/default.nix
@ -48,22 +48,7 @@ inputs@{ pkgs, ... }:

    home.file."policy.json" = {
      target = ".config/containers/policy.json";
-      text = ''
-        {
-            "default": [
-                {
-                    "type": "insecureAcceptAnything"
-                }
-            ],
-            "transports":
-                {
-                    "docker-daemon":
-                        {
-                            "": [{"type":"insecureAcceptAnything"}]
-                        }
-                }
-        }
-      '';
+      text = builtins.readFile ./.config/containers/policy.json;
    };
  };
 }