move podman policy to home manager config, add arch btw

2026-02-22 14:34:19 +01:00 · 2026-02-22 14:34:19 +01:00 · e9e3eea3d0
commit e9e3eea3d0
parent 866b518111
3 changed files with 19 additions and 27 deletions
--- a/homeConfigurations/muede/.config/containers/policy.json
+++ b/homeConfigurations/muede/.config/containers/policy.json
@ -1,23 +0,0 @@
-{
-  "default": [
-    {
-      "type": "reject"
-    }
-  ],
-  "transports": {
-    "docker-daemon": {
-      "": [
-        {
-          "type": "insecureAcceptAnything"
-        }
-      ]
-    },
-    "docker": {
-      "docker.io/library/debian": [
-        {
-          "type": "insecureAcceptAnything"
-        }
-      ]
-    }
-  }
-}
--- a/homeConfigurations/muede/default.nix
+++ b/homeConfigurations/muede/default.nix
@ -9,6 +9,7 @@
    ./git.nix
    ./gnome.nix
    ./niri.nix
+    ./podman.nix
    ./ssh.nix
    ./starship.nix
    ./swaylock.nix
@ -83,10 +84,6 @@
    ];

    home.file = {
-      "policy.json" = {
-        target = ".config/containers/policy.json";
-        text = builtins.readFile ./.config/containers/policy.json;
-      };
      "idea.properties".text = "idea.filewatcher.executable.path = ${pkgs.fsnotifier}/bin/fsnotifier";
    };

--- a/homeConfigurations/muede/podman.nix
+++ b/homeConfigurations/muede/podman.nix
@ -0,0 +1,18 @@
+{
+  services.podman = {
+    settings = {
+      policy = {
+        default = [ { type = "reject"; } ];
+        transports = {
+          docker-daemon = {
+            "" = [ { type = "insecureAcceptAnything"; } ];
+          };
+          docker = {
+            "docker.io/library/debian" = [ { type = "insecureAcceptAnything"; } ];
+            "docker.io/library/rust" = [ { type = "insecureAcceptAnything"; } ];
+          };
+        };
+      };
+    };
+  };
+}