diff --git a/nixos-test/podman-compose.nix b/nixos-test/podman-compose.nix index 38d01ab..6e5c170 100644 --- a/nixos-test/podman-compose.nix +++ b/nixos-test/podman-compose.nix @@ -1,5 +1,5 @@ # Auto-generated using compose2nix v0.3.2-pre. -{ pkgs, lib, ... }: +{ pkgs, lib, config, ... }: { # Runtime @@ -7,15 +7,15 @@ enable = true; autoPrune.enable = true; dockerCompat = true; - defaultNetwork.settings = { - # Required for container networking to be able to use names. - dns_enabled = true; - }; }; - # Enable container name DNS for non-default Podman networks. - # https://github.com/NixOS/nixpkgs/issues/226365 - networking.firewall.interfaces."podman+".allowedUDPPorts = [ 53 ]; + # Enable container name DNS for all Podman networks. + # See: https://github.com/NixOS/nixpkgs/issues/226365 + networking.firewall.interfaces = let + matchAll = if !config.networking.nftables.enable then "podman+" else "podman*"; + in { + "${matchAll}".allowedUDPPorts = [ 53 ]; + }; virtualisation.oci-containers.backend = "podman"; diff --git a/nixos-test/test.nix b/nixos-test/test.nix index ab1a10b..8f43c1c 100644 --- a/nixos-test/test.nix +++ b/nixos-test/test.nix @@ -77,6 +77,10 @@ in m.succeed(f"systemctl show -p Restart {runtime}-service-b.service | grep -E '=on-success$'") m.succeed(f"systemctl show -p Restart {runtime}-myproject-no-restart.service | grep -E '=no$'") + # Ensure we can reach a container in the same network. Regression test + # for DNS settings, especially for Podman. + m.succeed(f"{runtime} exec -it myproject-service-a wget http://no-restart") + # Stop the root unit. m.systemctl(f"stop {runtime}-compose-myproject-root.target") ''; diff --git a/templates/main.nix.tmpl b/templates/main.nix.tmpl index 0bc8ae6..46b1b41 100644 --- a/templates/main.nix.tmpl +++ b/templates/main.nix.tmpl @@ -1,6 +1,8 @@ {{- if .Version -}} # Auto-generated using compose2nix v{{.Version}}. -{ pkgs, lib, ... }: +{{end -}} +{{- if eq (.Runtime | printf "%s") "podman" -}} +{ pkgs, lib, config, ... }: {{- else -}} { pkgs, lib, ... }: {{- end}} @@ -13,17 +15,16 @@ autoPrune.enable = true; {{- if eq (.Runtime | printf "%s") "podman"}} dockerCompat = true; - defaultNetwork.settings = { - # Required for container networking to be able to use names. - dns_enabled = true; - }; {{- end}} }; {{- if eq (.Runtime | printf "%s") "podman"}} - # Enable container name DNS for non-default Podman networks. - # https://github.com/NixOS/nixpkgs/issues/226365 - networking.firewall.interfaces."podman+".allowedUDPPorts = [ 53 ]; + # Enable container name DNS for all Podman networks. + networking.firewall.interfaces = let + matchAll = if !config.networking.nftables.enable then "podman+" else "podman*"; + in { + "${matchAll}".allowedUDPPorts = [ 53 ]; + }; virtualisation.oci-containers.backend = "{{.Runtime}}"; {{- else}} diff --git a/testdata/TestAutoStart.podman.nix b/testdata/TestAutoStart.podman.nix index a4d15d3..1419e27 100644 --- a/testdata/TestAutoStart.podman.nix +++ b/testdata/TestAutoStart.podman.nix @@ -1,4 +1,4 @@ -{ pkgs, lib, ... }: +{ pkgs, lib, config, ... }: { # Runtime @@ -6,15 +6,14 @@ enable = true; autoPrune.enable = true; dockerCompat = true; - defaultNetwork.settings = { - # Required for container networking to be able to use names. - dns_enabled = true; - }; }; - # Enable container name DNS for non-default Podman networks. - # https://github.com/NixOS/nixpkgs/issues/226365 - networking.firewall.interfaces."podman+".allowedUDPPorts = [ 53 ]; + # Enable container name DNS for all Podman networks. + networking.firewall.interfaces = let + matchAll = if !config.networking.nftables.enable then "podman+" else "podman*"; + in { + "${matchAll}".allowedUDPPorts = [ 53 ]; + }; virtualisation.oci-containers.backend = "podman"; diff --git a/testdata/TestBasic.podman.nix b/testdata/TestBasic.podman.nix index e7d94f3..e0cdec8 100644 --- a/testdata/TestBasic.podman.nix +++ b/testdata/TestBasic.podman.nix @@ -1,4 +1,4 @@ -{ pkgs, lib, ... }: +{ pkgs, lib, config, ... }: { # Runtime @@ -6,15 +6,14 @@ enable = true; autoPrune.enable = true; dockerCompat = true; - defaultNetwork.settings = { - # Required for container networking to be able to use names. - dns_enabled = true; - }; }; - # Enable container name DNS for non-default Podman networks. - # https://github.com/NixOS/nixpkgs/issues/226365 - networking.firewall.interfaces."podman+".allowedUDPPorts = [ 53 ]; + # Enable container name DNS for all Podman networks. + networking.firewall.interfaces = let + matchAll = if !config.networking.nftables.enable then "podman+" else "podman*"; + in { + "${matchAll}".allowedUDPPorts = [ 53 ]; + }; virtualisation.oci-containers.backend = "podman"; diff --git a/testdata/TestBasicAutoFormat.podman.nix b/testdata/TestBasicAutoFormat.podman.nix index 28e1d56..32ef770 100644 --- a/testdata/TestBasicAutoFormat.podman.nix +++ b/testdata/TestBasicAutoFormat.podman.nix @@ -1,4 +1,9 @@ -{ pkgs, lib, ... }: +{ + pkgs, + lib, + config, + ... +}: { # Runtime @@ -6,15 +11,16 @@ enable = true; autoPrune.enable = true; dockerCompat = true; - defaultNetwork.settings = { - # Required for container networking to be able to use names. - dns_enabled = true; - }; }; - # Enable container name DNS for non-default Podman networks. - # https://github.com/NixOS/nixpkgs/issues/226365 - networking.firewall.interfaces."podman+".allowedUDPPorts = [ 53 ]; + # Enable container name DNS for all Podman networks. + networking.firewall.interfaces = + let + matchAll = if !config.networking.nftables.enable then "podman+" else "podman*"; + in + { + "${matchAll}".allowedUDPPorts = [ 53 ]; + }; virtualisation.oci-containers.backend = "podman"; diff --git a/testdata/TestBuildSpec.podman.nix b/testdata/TestBuildSpec.podman.nix index 2cc01ae..1d033be 100644 --- a/testdata/TestBuildSpec.podman.nix +++ b/testdata/TestBuildSpec.podman.nix @@ -1,4 +1,4 @@ -{ pkgs, lib, ... }: +{ pkgs, lib, config, ... }: { # Runtime @@ -6,15 +6,14 @@ enable = true; autoPrune.enable = true; dockerCompat = true; - defaultNetwork.settings = { - # Required for container networking to be able to use names. - dns_enabled = true; - }; }; - # Enable container name DNS for non-default Podman networks. - # https://github.com/NixOS/nixpkgs/issues/226365 - networking.firewall.interfaces."podman+".allowedUDPPorts = [ 53 ]; + # Enable container name DNS for all Podman networks. + networking.firewall.interfaces = let + matchAll = if !config.networking.nftables.enable then "podman+" else "podman*"; + in { + "${matchAll}".allowedUDPPorts = [ 53 ]; + }; virtualisation.oci-containers.backend = "podman"; diff --git a/testdata/TestBuildSpec_BuildEnabled.podman.nix b/testdata/TestBuildSpec_BuildEnabled.podman.nix index c85a970..596e279 100644 --- a/testdata/TestBuildSpec_BuildEnabled.podman.nix +++ b/testdata/TestBuildSpec_BuildEnabled.podman.nix @@ -1,4 +1,4 @@ -{ pkgs, lib, ... }: +{ pkgs, lib, config, ... }: { # Runtime @@ -6,15 +6,14 @@ enable = true; autoPrune.enable = true; dockerCompat = true; - defaultNetwork.settings = { - # Required for container networking to be able to use names. - dns_enabled = true; - }; }; - # Enable container name DNS for non-default Podman networks. - # https://github.com/NixOS/nixpkgs/issues/226365 - networking.firewall.interfaces."podman+".allowedUDPPorts = [ 53 ]; + # Enable container name DNS for all Podman networks. + networking.firewall.interfaces = let + matchAll = if !config.networking.nftables.enable then "podman+" else "podman*"; + in { + "${matchAll}".allowedUDPPorts = [ 53 ]; + }; virtualisation.oci-containers.backend = "podman"; diff --git a/testdata/TestCommandAndEntrypoint.podman.nix b/testdata/TestCommandAndEntrypoint.podman.nix index 5c3a7cd..f8bda00 100644 --- a/testdata/TestCommandAndEntrypoint.podman.nix +++ b/testdata/TestCommandAndEntrypoint.podman.nix @@ -1,4 +1,4 @@ -{ pkgs, lib, ... }: +{ pkgs, lib, config, ... }: { # Runtime @@ -6,15 +6,14 @@ enable = true; autoPrune.enable = true; dockerCompat = true; - defaultNetwork.settings = { - # Required for container networking to be able to use names. - dns_enabled = true; - }; }; - # Enable container name DNS for non-default Podman networks. - # https://github.com/NixOS/nixpkgs/issues/226365 - networking.firewall.interfaces."podman+".allowedUDPPorts = [ 53 ]; + # Enable container name DNS for all Podman networks. + networking.firewall.interfaces = let + matchAll = if !config.networking.nftables.enable then "podman+" else "podman*"; + in { + "${matchAll}".allowedUDPPorts = [ 53 ]; + }; virtualisation.oci-containers.backend = "podman"; diff --git a/testdata/TestComposeEnvFiles.podman.nix b/testdata/TestComposeEnvFiles.podman.nix index 437faad..88bab4f 100644 --- a/testdata/TestComposeEnvFiles.podman.nix +++ b/testdata/TestComposeEnvFiles.podman.nix @@ -1,4 +1,4 @@ -{ pkgs, lib, ... }: +{ pkgs, lib, config, ... }: { # Runtime @@ -6,15 +6,14 @@ enable = true; autoPrune.enable = true; dockerCompat = true; - defaultNetwork.settings = { - # Required for container networking to be able to use names. - dns_enabled = true; - }; }; - # Enable container name DNS for non-default Podman networks. - # https://github.com/NixOS/nixpkgs/issues/226365 - networking.firewall.interfaces."podman+".allowedUDPPorts = [ 53 ]; + # Enable container name DNS for all Podman networks. + networking.firewall.interfaces = let + matchAll = if !config.networking.nftables.enable then "podman+" else "podman*"; + in { + "${matchAll}".allowedUDPPorts = [ 53 ]; + }; virtualisation.oci-containers.backend = "podman"; diff --git a/testdata/TestDeployDevices.podman.nix b/testdata/TestDeployDevices.podman.nix index 0a8d5fd..5d2f00f 100644 --- a/testdata/TestDeployDevices.podman.nix +++ b/testdata/TestDeployDevices.podman.nix @@ -1,4 +1,4 @@ -{ pkgs, lib, ... }: +{ pkgs, lib, config, ... }: { # Runtime @@ -6,15 +6,14 @@ enable = true; autoPrune.enable = true; dockerCompat = true; - defaultNetwork.settings = { - # Required for container networking to be able to use names. - dns_enabled = true; - }; }; - # Enable container name DNS for non-default Podman networks. - # https://github.com/NixOS/nixpkgs/issues/226365 - networking.firewall.interfaces."podman+".allowedUDPPorts = [ 53 ]; + # Enable container name DNS for all Podman networks. + networking.firewall.interfaces = let + matchAll = if !config.networking.nftables.enable then "podman+" else "podman*"; + in { + "${matchAll}".allowedUDPPorts = [ 53 ]; + }; virtualisation.oci-containers.backend = "podman"; diff --git a/testdata/TestEmptyEnv.podman.nix b/testdata/TestEmptyEnv.podman.nix index a45705a..cdb1138 100644 --- a/testdata/TestEmptyEnv.podman.nix +++ b/testdata/TestEmptyEnv.podman.nix @@ -1,4 +1,4 @@ -{ pkgs, lib, ... }: +{ pkgs, lib, config, ... }: { # Runtime @@ -6,15 +6,14 @@ enable = true; autoPrune.enable = true; dockerCompat = true; - defaultNetwork.settings = { - # Required for container networking to be able to use names. - dns_enabled = true; - }; }; - # Enable container name DNS for non-default Podman networks. - # https://github.com/NixOS/nixpkgs/issues/226365 - networking.firewall.interfaces."podman+".allowedUDPPorts = [ 53 ]; + # Enable container name DNS for all Podman networks. + networking.firewall.interfaces = let + matchAll = if !config.networking.nftables.enable then "podman+" else "podman*"; + in { + "${matchAll}".allowedUDPPorts = [ 53 ]; + }; virtualisation.oci-containers.backend = "podman"; diff --git a/testdata/TestEnvFiles.podman.nix b/testdata/TestEnvFiles.podman.nix index 78fedf0..8321a2a 100644 --- a/testdata/TestEnvFiles.podman.nix +++ b/testdata/TestEnvFiles.podman.nix @@ -1,4 +1,4 @@ -{ pkgs, lib, ... }: +{ pkgs, lib, config, ... }: { # Runtime @@ -6,15 +6,14 @@ enable = true; autoPrune.enable = true; dockerCompat = true; - defaultNetwork.settings = { - # Required for container networking to be able to use names. - dns_enabled = true; - }; }; - # Enable container name DNS for non-default Podman networks. - # https://github.com/NixOS/nixpkgs/issues/226365 - networking.firewall.interfaces."podman+".allowedUDPPorts = [ 53 ]; + # Enable container name DNS for all Podman networks. + networking.firewall.interfaces = let + matchAll = if !config.networking.nftables.enable then "podman+" else "podman*"; + in { + "${matchAll}".allowedUDPPorts = [ 53 ]; + }; virtualisation.oci-containers.backend = "podman"; diff --git a/testdata/TestEnvFilesOnly.podman.nix b/testdata/TestEnvFilesOnly.podman.nix index 999d2e6..5bb3454 100644 --- a/testdata/TestEnvFilesOnly.podman.nix +++ b/testdata/TestEnvFilesOnly.podman.nix @@ -1,4 +1,4 @@ -{ pkgs, lib, ... }: +{ pkgs, lib, config, ... }: { # Runtime @@ -6,15 +6,14 @@ enable = true; autoPrune.enable = true; dockerCompat = true; - defaultNetwork.settings = { - # Required for container networking to be able to use names. - dns_enabled = true; - }; }; - # Enable container name DNS for non-default Podman networks. - # https://github.com/NixOS/nixpkgs/issues/226365 - networking.firewall.interfaces."podman+".allowedUDPPorts = [ 53 ]; + # Enable container name DNS for all Podman networks. + networking.firewall.interfaces = let + matchAll = if !config.networking.nftables.enable then "podman+" else "podman*"; + in { + "${matchAll}".allowedUDPPorts = [ 53 ]; + }; virtualisation.oci-containers.backend = "podman"; diff --git a/testdata/TestEscapeChars.podman.nix b/testdata/TestEscapeChars.podman.nix index 961c3ed..e84057f 100644 --- a/testdata/TestEscapeChars.podman.nix +++ b/testdata/TestEscapeChars.podman.nix @@ -1,4 +1,4 @@ -{ pkgs, lib, ... }: +{ pkgs, lib, config, ... }: { # Runtime @@ -6,15 +6,14 @@ enable = true; autoPrune.enable = true; dockerCompat = true; - defaultNetwork.settings = { - # Required for container networking to be able to use names. - dns_enabled = true; - }; }; - # Enable container name DNS for non-default Podman networks. - # https://github.com/NixOS/nixpkgs/issues/226365 - networking.firewall.interfaces."podman+".allowedUDPPorts = [ 53 ]; + # Enable container name DNS for all Podman networks. + networking.firewall.interfaces = let + matchAll = if !config.networking.nftables.enable then "podman+" else "podman*"; + in { + "${matchAll}".allowedUDPPorts = [ 53 ]; + }; virtualisation.oci-containers.backend = "podman"; diff --git a/testdata/TestExternalNetworksAndVolumes.podman.nix b/testdata/TestExternalNetworksAndVolumes.podman.nix index 5902d51..2a971b0 100644 --- a/testdata/TestExternalNetworksAndVolumes.podman.nix +++ b/testdata/TestExternalNetworksAndVolumes.podman.nix @@ -1,4 +1,4 @@ -{ pkgs, lib, ... }: +{ pkgs, lib, config, ... }: { # Runtime @@ -6,15 +6,14 @@ enable = true; autoPrune.enable = true; dockerCompat = true; - defaultNetwork.settings = { - # Required for container networking to be able to use names. - dns_enabled = true; - }; }; - # Enable container name DNS for non-default Podman networks. - # https://github.com/NixOS/nixpkgs/issues/226365 - networking.firewall.interfaces."podman+".allowedUDPPorts = [ 53 ]; + # Enable container name DNS for all Podman networks. + networking.firewall.interfaces = let + matchAll = if !config.networking.nftables.enable then "podman+" else "podman*"; + in { + "${matchAll}".allowedUDPPorts = [ 53 ]; + }; virtualisation.oci-containers.backend = "podman"; diff --git a/testdata/TestMacvlanSupport.podman.nix b/testdata/TestMacvlanSupport.podman.nix index 81ab69a..a42186a 100644 --- a/testdata/TestMacvlanSupport.podman.nix +++ b/testdata/TestMacvlanSupport.podman.nix @@ -1,4 +1,4 @@ -{ pkgs, lib, ... }: +{ pkgs, lib, config, ... }: { # Runtime @@ -6,15 +6,14 @@ enable = true; autoPrune.enable = true; dockerCompat = true; - defaultNetwork.settings = { - # Required for container networking to be able to use names. - dns_enabled = true; - }; }; - # Enable container name DNS for non-default Podman networks. - # https://github.com/NixOS/nixpkgs/issues/226365 - networking.firewall.interfaces."podman+".allowedUDPPorts = [ 53 ]; + # Enable container name DNS for all Podman networks. + networking.firewall.interfaces = let + matchAll = if !config.networking.nftables.enable then "podman+" else "podman*"; + in { + "${matchAll}".allowedUDPPorts = [ 53 ]; + }; virtualisation.oci-containers.backend = "podman"; diff --git a/testdata/TestMultipleNetworks.podman.nix b/testdata/TestMultipleNetworks.podman.nix index 0ed4654..6ab627a 100644 --- a/testdata/TestMultipleNetworks.podman.nix +++ b/testdata/TestMultipleNetworks.podman.nix @@ -1,4 +1,4 @@ -{ pkgs, lib, ... }: +{ pkgs, lib, config, ... }: { # Runtime @@ -6,15 +6,14 @@ enable = true; autoPrune.enable = true; dockerCompat = true; - defaultNetwork.settings = { - # Required for container networking to be able to use names. - dns_enabled = true; - }; }; - # Enable container name DNS for non-default Podman networks. - # https://github.com/NixOS/nixpkgs/issues/226365 - networking.firewall.interfaces."podman+".allowedUDPPorts = [ 53 ]; + # Enable container name DNS for all Podman networks. + networking.firewall.interfaces = let + matchAll = if !config.networking.nftables.enable then "podman+" else "podman*"; + in { + "${matchAll}".allowedUDPPorts = [ 53 ]; + }; virtualisation.oci-containers.backend = "podman"; diff --git a/testdata/TestNetworkAndVolumeNames.podman.nix b/testdata/TestNetworkAndVolumeNames.podman.nix index 94fe6ba..d6e20ac 100644 --- a/testdata/TestNetworkAndVolumeNames.podman.nix +++ b/testdata/TestNetworkAndVolumeNames.podman.nix @@ -1,4 +1,4 @@ -{ pkgs, lib, ... }: +{ pkgs, lib, config, ... }: { # Runtime @@ -6,15 +6,14 @@ enable = true; autoPrune.enable = true; dockerCompat = true; - defaultNetwork.settings = { - # Required for container networking to be able to use names. - dns_enabled = true; - }; }; - # Enable container name DNS for non-default Podman networks. - # https://github.com/NixOS/nixpkgs/issues/226365 - networking.firewall.interfaces."podman+".allowedUDPPorts = [ 53 ]; + # Enable container name DNS for all Podman networks. + networking.firewall.interfaces = let + matchAll = if !config.networking.nftables.enable then "podman+" else "podman*"; + in { + "${matchAll}".allowedUDPPorts = [ 53 ]; + }; virtualisation.oci-containers.backend = "podman"; diff --git a/testdata/TestNetworkSettings.podman.nix b/testdata/TestNetworkSettings.podman.nix index 3441378..e9356c4 100644 --- a/testdata/TestNetworkSettings.podman.nix +++ b/testdata/TestNetworkSettings.podman.nix @@ -1,4 +1,4 @@ -{ pkgs, lib, ... }: +{ pkgs, lib, config, ... }: { # Runtime @@ -6,15 +6,14 @@ enable = true; autoPrune.enable = true; dockerCompat = true; - defaultNetwork.settings = { - # Required for container networking to be able to use names. - dns_enabled = true; - }; }; - # Enable container name DNS for non-default Podman networks. - # https://github.com/NixOS/nixpkgs/issues/226365 - networking.firewall.interfaces."podman+".allowedUDPPorts = [ 53 ]; + # Enable container name DNS for all Podman networks. + networking.firewall.interfaces = let + matchAll = if !config.networking.nftables.enable then "podman+" else "podman*"; + in { + "${matchAll}".allowedUDPPorts = [ 53 ]; + }; virtualisation.oci-containers.backend = "podman"; diff --git a/testdata/TestNoCreateRootTarget.podman.nix b/testdata/TestNoCreateRootTarget.podman.nix index 4464114..7435a0e 100644 --- a/testdata/TestNoCreateRootTarget.podman.nix +++ b/testdata/TestNoCreateRootTarget.podman.nix @@ -1,4 +1,4 @@ -{ pkgs, lib, ... }: +{ pkgs, lib, config, ... }: { # Runtime @@ -6,15 +6,14 @@ enable = true; autoPrune.enable = true; dockerCompat = true; - defaultNetwork.settings = { - # Required for container networking to be able to use names. - dns_enabled = true; - }; }; - # Enable container name DNS for non-default Podman networks. - # https://github.com/NixOS/nixpkgs/issues/226365 - networking.firewall.interfaces."podman+".allowedUDPPorts = [ 53 ]; + # Enable container name DNS for all Podman networks. + networking.firewall.interfaces = let + matchAll = if !config.networking.nftables.enable then "podman+" else "podman*"; + in { + "${matchAll}".allowedUDPPorts = [ 53 ]; + }; virtualisation.oci-containers.backend = "podman"; diff --git a/testdata/TestNoRestart.podman.nix b/testdata/TestNoRestart.podman.nix index e5eaa43..8ac8347 100644 --- a/testdata/TestNoRestart.podman.nix +++ b/testdata/TestNoRestart.podman.nix @@ -1,4 +1,4 @@ -{ pkgs, lib, ... }: +{ pkgs, lib, config, ... }: { # Runtime @@ -6,15 +6,14 @@ enable = true; autoPrune.enable = true; dockerCompat = true; - defaultNetwork.settings = { - # Required for container networking to be able to use names. - dns_enabled = true; - }; }; - # Enable container name DNS for non-default Podman networks. - # https://github.com/NixOS/nixpkgs/issues/226365 - networking.firewall.interfaces."podman+".allowedUDPPorts = [ 53 ]; + # Enable container name DNS for all Podman networks. + networking.firewall.interfaces = let + matchAll = if !config.networking.nftables.enable then "podman+" else "podman*"; + in { + "${matchAll}".allowedUDPPorts = [ 53 ]; + }; virtualisation.oci-containers.backend = "podman"; diff --git a/testdata/TestNoWriteNixSetup.podman.nix b/testdata/TestNoWriteNixSetup.podman.nix index 2755758..0843835 100644 --- a/testdata/TestNoWriteNixSetup.podman.nix +++ b/testdata/TestNoWriteNixSetup.podman.nix @@ -1,4 +1,4 @@ -{ pkgs, lib, ... }: +{ pkgs, lib, config, ... }: { diff --git a/testdata/TestOverrideSystemdStopTimeout.podman.nix b/testdata/TestOverrideSystemdStopTimeout.podman.nix index 7d16ae1..21ec39e 100644 --- a/testdata/TestOverrideSystemdStopTimeout.podman.nix +++ b/testdata/TestOverrideSystemdStopTimeout.podman.nix @@ -1,4 +1,4 @@ -{ pkgs, lib, ... }: +{ pkgs, lib, config, ... }: { # Runtime @@ -6,15 +6,14 @@ enable = true; autoPrune.enable = true; dockerCompat = true; - defaultNetwork.settings = { - # Required for container networking to be able to use names. - dns_enabled = true; - }; }; - # Enable container name DNS for non-default Podman networks. - # https://github.com/NixOS/nixpkgs/issues/226365 - networking.firewall.interfaces."podman+".allowedUDPPorts = [ 53 ]; + # Enable container name DNS for all Podman networks. + networking.firewall.interfaces = let + matchAll = if !config.networking.nftables.enable then "podman+" else "podman*"; + in { + "${matchAll}".allowedUDPPorts = [ 53 ]; + }; virtualisation.oci-containers.backend = "podman"; diff --git a/testdata/TestProject.podman.nix b/testdata/TestProject.podman.nix index 77c9dc2..c033d85 100644 --- a/testdata/TestProject.podman.nix +++ b/testdata/TestProject.podman.nix @@ -1,4 +1,4 @@ -{ pkgs, lib, ... }: +{ pkgs, lib, config, ... }: { # Runtime @@ -6,15 +6,14 @@ enable = true; autoPrune.enable = true; dockerCompat = true; - defaultNetwork.settings = { - # Required for container networking to be able to use names. - dns_enabled = true; - }; }; - # Enable container name DNS for non-default Podman networks. - # https://github.com/NixOS/nixpkgs/issues/226365 - networking.firewall.interfaces."podman+".allowedUDPPorts = [ 53 ]; + # Enable container name DNS for all Podman networks. + networking.firewall.interfaces = let + matchAll = if !config.networking.nftables.enable then "podman+" else "podman*"; + in { + "${matchAll}".allowedUDPPorts = [ 53 ]; + }; virtualisation.oci-containers.backend = "podman"; diff --git a/testdata/TestRelativeServiceVolumes.podman.nix b/testdata/TestRelativeServiceVolumes.podman.nix index f6fdf99..ea1b48e 100644 --- a/testdata/TestRelativeServiceVolumes.podman.nix +++ b/testdata/TestRelativeServiceVolumes.podman.nix @@ -1,4 +1,4 @@ -{ pkgs, lib, ... }: +{ pkgs, lib, config, ... }: { # Runtime @@ -6,15 +6,14 @@ enable = true; autoPrune.enable = true; dockerCompat = true; - defaultNetwork.settings = { - # Required for container networking to be able to use names. - dns_enabled = true; - }; }; - # Enable container name DNS for non-default Podman networks. - # https://github.com/NixOS/nixpkgs/issues/226365 - networking.firewall.interfaces."podman+".allowedUDPPorts = [ 53 ]; + # Enable container name DNS for all Podman networks. + networking.firewall.interfaces = let + matchAll = if !config.networking.nftables.enable then "podman+" else "podman*"; + in { + "${matchAll}".allowedUDPPorts = [ 53 ]; + }; virtualisation.oci-containers.backend = "podman"; diff --git a/testdata/TestRelativeServiceVolumes_CurrentDirectory.podman.nix b/testdata/TestRelativeServiceVolumes_CurrentDirectory.podman.nix index 1522ae7..df31cd3 100644 --- a/testdata/TestRelativeServiceVolumes_CurrentDirectory.podman.nix +++ b/testdata/TestRelativeServiceVolumes_CurrentDirectory.podman.nix @@ -1,4 +1,4 @@ -{ pkgs, lib, ... }: +{ pkgs, lib, config, ... }: { # Runtime @@ -6,15 +6,14 @@ enable = true; autoPrune.enable = true; dockerCompat = true; - defaultNetwork.settings = { - # Required for container networking to be able to use names. - dns_enabled = true; - }; }; - # Enable container name DNS for non-default Podman networks. - # https://github.com/NixOS/nixpkgs/issues/226365 - networking.firewall.interfaces."podman+".allowedUDPPorts = [ 53 ]; + # Enable container name DNS for all Podman networks. + networking.firewall.interfaces = let + matchAll = if !config.networking.nftables.enable then "podman+" else "podman*"; + in { + "${matchAll}".allowedUDPPorts = [ 53 ]; + }; virtualisation.oci-containers.backend = "podman"; diff --git a/testdata/TestRemoveVolumes.podman.nix b/testdata/TestRemoveVolumes.podman.nix index 49f504f..8d73795 100644 --- a/testdata/TestRemoveVolumes.podman.nix +++ b/testdata/TestRemoveVolumes.podman.nix @@ -1,4 +1,4 @@ -{ pkgs, lib, ... }: +{ pkgs, lib, config, ... }: { # Runtime @@ -6,15 +6,14 @@ enable = true; autoPrune.enable = true; dockerCompat = true; - defaultNetwork.settings = { - # Required for container networking to be able to use names. - dns_enabled = true; - }; }; - # Enable container name DNS for non-default Podman networks. - # https://github.com/NixOS/nixpkgs/issues/226365 - networking.firewall.interfaces."podman+".allowedUDPPorts = [ 53 ]; + # Enable container name DNS for all Podman networks. + networking.firewall.interfaces = let + matchAll = if !config.networking.nftables.enable then "podman+" else "podman*"; + in { + "${matchAll}".allowedUDPPorts = [ 53 ]; + }; virtualisation.oci-containers.backend = "podman"; diff --git a/testdata/TestSystemdMount.podman.nix b/testdata/TestSystemdMount.podman.nix index f4055fc..eb9ff5a 100644 --- a/testdata/TestSystemdMount.podman.nix +++ b/testdata/TestSystemdMount.podman.nix @@ -1,4 +1,4 @@ -{ pkgs, lib, ... }: +{ pkgs, lib, config, ... }: { # Runtime @@ -6,15 +6,14 @@ enable = true; autoPrune.enable = true; dockerCompat = true; - defaultNetwork.settings = { - # Required for container networking to be able to use names. - dns_enabled = true; - }; }; - # Enable container name DNS for non-default Podman networks. - # https://github.com/NixOS/nixpkgs/issues/226365 - networking.firewall.interfaces."podman+".allowedUDPPorts = [ 53 ]; + # Enable container name DNS for all Podman networks. + networking.firewall.interfaces = let + matchAll = if !config.networking.nftables.enable then "podman+" else "podman*"; + in { + "${matchAll}".allowedUDPPorts = [ 53 ]; + }; virtualisation.oci-containers.backend = "podman"; diff --git a/testdata/TestUnusedResources.podman.nix b/testdata/TestUnusedResources.podman.nix index 052f53c..0fb1541 100644 --- a/testdata/TestUnusedResources.podman.nix +++ b/testdata/TestUnusedResources.podman.nix @@ -1,4 +1,4 @@ -{ pkgs, lib, ... }: +{ pkgs, lib, config, ... }: { # Runtime @@ -6,15 +6,14 @@ enable = true; autoPrune.enable = true; dockerCompat = true; - defaultNetwork.settings = { - # Required for container networking to be able to use names. - dns_enabled = true; - }; }; - # Enable container name DNS for non-default Podman networks. - # https://github.com/NixOS/nixpkgs/issues/226365 - networking.firewall.interfaces."podman+".allowedUDPPorts = [ 53 ]; + # Enable container name DNS for all Podman networks. + networking.firewall.interfaces = let + matchAll = if !config.networking.nftables.enable then "podman+" else "podman*"; + in { + "${matchAll}".allowedUDPPorts = [ 53 ]; + }; virtualisation.oci-containers.backend = "podman"; diff --git a/testdata/TestUpheldBy.podman.nix b/testdata/TestUpheldBy.podman.nix index d240c93..953839c 100644 --- a/testdata/TestUpheldBy.podman.nix +++ b/testdata/TestUpheldBy.podman.nix @@ -1,4 +1,4 @@ -{ pkgs, lib, ... }: +{ pkgs, lib, config, ... }: { # Runtime @@ -6,15 +6,14 @@ enable = true; autoPrune.enable = true; dockerCompat = true; - defaultNetwork.settings = { - # Required for container networking to be able to use names. - dns_enabled = true; - }; }; - # Enable container name DNS for non-default Podman networks. - # https://github.com/NixOS/nixpkgs/issues/226365 - networking.firewall.interfaces."podman+".allowedUDPPorts = [ 53 ]; + # Enable container name DNS for all Podman networks. + networking.firewall.interfaces = let + matchAll = if !config.networking.nftables.enable then "podman+" else "podman*"; + in { + "${matchAll}".allowedUDPPorts = [ 53 ]; + }; virtualisation.oci-containers.backend = "podman";