From e9e3eea3d0ff628a889525b9beed1eeca736baea Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?m=C3=BCde?= <git@darkest.space>
Date: Sun, 22 Feb 2026 14:34:19 +0100
Subject: [PATCH] move podman policy to home manager config, add arch btw

---
 .../muede/.config/containers/policy.json      | 23 -------------------
 homeConfigurations/muede/default.nix          |  5 +---
 homeConfigurations/muede/podman.nix           | 18 +++++++++++++++
 3 files changed, 19 insertions(+), 27 deletions(-)
 delete mode 100644 homeConfigurations/muede/.config/containers/policy.json
 create mode 100644 homeConfigurations/muede/podman.nix

diff --git a/homeConfigurations/muede/.config/containers/policy.json b/homeConfigurations/muede/.config/containers/policy.json
deleted file mode 100644
index 245b3df..0000000
--- a/homeConfigurations/muede/.config/containers/policy.json
+++ /dev/null
@@ -1,23 +0,0 @@
-{
-  "default": [
-    {
-      "type": "reject"
-    }
-  ],
-  "transports": {
-    "docker-daemon": {
-      "": [
-        {
-          "type": "insecureAcceptAnything"
-        }
-      ]
-    },
-    "docker": {
-      "docker.io/library/debian": [
-        {
-          "type": "insecureAcceptAnything"
-        }
-      ]
-    }
-  }
-}
diff --git a/homeConfigurations/muede/default.nix b/homeConfigurations/muede/default.nix
index 7b4b688..4b5e1ec 100644
--- a/homeConfigurations/muede/default.nix
+++ b/homeConfigurations/muede/default.nix
@@ -9,6 +9,7 @@
     ./git.nix
     ./gnome.nix
     ./niri.nix
+    ./podman.nix
     ./ssh.nix
     ./starship.nix
     ./swaylock.nix
@@ -83,10 +84,6 @@
     ];
 
     home.file = {
-      "policy.json" = {
-        target = ".config/containers/policy.json";
-        text = builtins.readFile ./.config/containers/policy.json;
-      };
       "idea.properties".text = "idea.filewatcher.executable.path = ${pkgs.fsnotifier}/bin/fsnotifier";
     };
 
diff --git a/homeConfigurations/muede/podman.nix b/homeConfigurations/muede/podman.nix
new file mode 100644
index 0000000..ea5b090
--- /dev/null
+++ b/homeConfigurations/muede/podman.nix
@@ -0,0 +1,18 @@
+{
+  services.podman = {
+    settings = {
+      policy = {
+        default = [ { type = "reject"; } ];
+        transports = {
+          docker-daemon = {
+            "" = [ { type = "insecureAcceptAnything"; } ];
+          };
+          docker = {
+            "docker.io/library/debian" = [ { type = "insecureAcceptAnything"; } ];
+            "docker.io/library/rust" = [ { type = "insecureAcceptAnything"; } ];
+          };
+        };
+      };
+    };
+  };
+}