Podman DNS match pattern for nftables

nixos-test/docker-compose.nix

@@ -1,5 +1,5 @@
 # Auto-generated using compose2nix v0.3.2-pre.
-{ pkgs, lib, ... }:
+{ pkgs, lib, config, ... }:
 
 {
   # Runtime

nixos-test/podman-compose.nix

@@ -1,5 +1,5 @@
 # Auto-generated using compose2nix v0.3.2-pre.
-{ pkgs, lib, ... }:
+{ pkgs, lib, config, ... }:
 
 {
   # Runtime
@@ -13,9 +13,13 @@
     };
   };
 
-  # Enable container name DNS for non-default Podman networks.
-  # https://github.com/NixOS/nixpkgs/issues/226365
-  networking.firewall.interfaces."podman+".allowedUDPPorts = [ 53 ];
+  # Enable container name DNS for all Podman networks.
+  # See: https://github.com/NixOS/nixpkgs/issues/226365
+  networking.firewall.interfaces = let
+    matchAll = if !config.networking.nftables.enable then "podman+" else "podman*";
+  in {
+    "${matchAll}".allowedUDPPorts = [ 53 ];
+  };
 
   virtualisation.oci-containers.backend = "podman";
 

templates/main.nix.tmpl

@@ -1,8 +1,8 @@
 {{- if .Version -}}
 # Auto-generated using compose2nix v{{.Version}}.
-{ pkgs, lib, ... }:
+{ pkgs, lib, config, ... }:
 {{- else -}}
-{ pkgs, lib, ... }:
+{ pkgs, lib, config, ... }:
 {{- end}}
 
 {
@@ -13,17 +13,17 @@
     autoPrune.enable = true;
     {{- if eq (.Runtime | printf "%s") "podman"}}
     dockerCompat = true;
-    defaultNetwork.settings = {
-      # Required for container networking to be able to use names.
-      dns_enabled = true;
-    };
     {{- end}}
   };
   {{- if eq (.Runtime | printf "%s") "podman"}}
 
-  # Enable container name DNS for non-default Podman networks.
-  # https://github.com/NixOS/nixpkgs/issues/226365
-  networking.firewall.interfaces."podman+".allowedUDPPorts = [ 53 ];
+  # Enable container name DNS for all Podman networks.
+  # See: https://github.com/NixOS/nixpkgs/issues/226365
+  networking.firewall.interfaces = let
+    matchAll = if !config.networking.nftables.enable then "podman+" else "podman*";
+  in {
+    "${matchAll}".allowedUDPPorts = [ 53 ];
+  };
 
   virtualisation.oci-containers.backend = "{{.Runtime}}";
   {{- else}}

testdata/TestAutoStart.docker.nix

@@ -1,4 +1,4 @@
-{ pkgs, lib, ... }:
+{ pkgs, lib, config, ... }:
 
 {
   # Runtime

testdata/TestAutoStart.podman.nix

@@ -1,20 +1,20 @@
-{ pkgs, lib, ... }:
+{ pkgs, lib, config, ... }:
 
 {
   # Runtime
   virtualisation.podman = {
     enable = true;
     autoPrune.enable = true;
     dockerCompat = true;
-    defaultNetwork.settings = {
-      # Required for container networking to be able to use names.
-      dns_enabled = true;
-    };
   };
 
-  # Enable container name DNS for non-default Podman networks.
-  # https://github.com/NixOS/nixpkgs/issues/226365
-  networking.firewall.interfaces."podman+".allowedUDPPorts = [ 53 ];
+  # Enable container name DNS for all Podman networks.
+  # See: https://github.com/NixOS/nixpkgs/issues/226365
+  networking.firewall.interfaces = let
+    matchAll = if !config.networking.nftables.enable then "podman+" else "podman*";
+  in {
+    "${matchAll}".allowedUDPPorts = [ 53 ];
+  };
 
   virtualisation.oci-containers.backend = "podman";
 

testdata/TestBasic.docker.nix

@@ -1,4 +1,4 @@
-{ pkgs, lib, ... }:
+{ pkgs, lib, config, ... }:
 
 {
   # Runtime

testdata/TestBasic.podman.nix

@@ -1,20 +1,20 @@
-{ pkgs, lib, ... }:
+{ pkgs, lib, config, ... }:
 
 {
   # Runtime
   virtualisation.podman = {
     enable = true;
     autoPrune.enable = true;
     dockerCompat = true;
-    defaultNetwork.settings = {
-      # Required for container networking to be able to use names.
-      dns_enabled = true;
-    };
   };
 
-  # Enable container name DNS for non-default Podman networks.
-  # https://github.com/NixOS/nixpkgs/issues/226365
-  networking.firewall.interfaces."podman+".allowedUDPPorts = [ 53 ];
+  # Enable container name DNS for all Podman networks.
+  # See: https://github.com/NixOS/nixpkgs/issues/226365
+  networking.firewall.interfaces = let
+    matchAll = if !config.networking.nftables.enable then "podman+" else "podman*";
+  in {
+    "${matchAll}".allowedUDPPorts = [ 53 ];
+  };
 
   virtualisation.oci-containers.backend = "podman";
 

testdata/TestBasicAutoFormat.docker.nix

@@ -1,4 +1,9 @@
-{ pkgs, lib, ... }:
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}:
 
 {
   # Runtime

testdata/TestBasicAutoFormat.podman.nix

@@ -1,20 +1,27 @@
-{ pkgs, lib, ... }:
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}:
 
 {
   # Runtime
   virtualisation.podman = {
     enable = true;
     autoPrune.enable = true;
     dockerCompat = true;
-    defaultNetwork.settings = {
-      # Required for container networking to be able to use names.
-      dns_enabled = true;
-    };
   };
 
-  # Enable container name DNS for non-default Podman networks.
-  # https://github.com/NixOS/nixpkgs/issues/226365
-  networking.firewall.interfaces."podman+".allowedUDPPorts = [ 53 ];
+  # Enable container name DNS for all Podman networks.
+  # See: https://github.com/NixOS/nixpkgs/issues/226365
+  networking.firewall.interfaces =
+    let
+      matchAll = if !config.networking.nftables.enable then "podman+" else "podman*";
+    in
+    {
+      "${matchAll}".allowedUDPPorts = [ 53 ];
+    };
 
   virtualisation.oci-containers.backend = "podman";
 

testdata/TestBuildSpec.docker.nix

@@ -1,4 +1,4 @@
-{ pkgs, lib, ... }:
+{ pkgs, lib, config, ... }:
 
 {
   # Runtime

testdata/TestBuildSpec.podman.nix

@@ -1,20 +1,20 @@
-{ pkgs, lib, ... }:
+{ pkgs, lib, config, ... }:
 
 {
   # Runtime
   virtualisation.podman = {
     enable = true;
     autoPrune.enable = true;
     dockerCompat = true;
-    defaultNetwork.settings = {
-      # Required for container networking to be able to use names.
-      dns_enabled = true;
-    };
   };
 
-  # Enable container name DNS for non-default Podman networks.
-  # https://github.com/NixOS/nixpkgs/issues/226365
-  networking.firewall.interfaces."podman+".allowedUDPPorts = [ 53 ];
+  # Enable container name DNS for all Podman networks.
+  # See: https://github.com/NixOS/nixpkgs/issues/226365
+  networking.firewall.interfaces = let
+    matchAll = if !config.networking.nftables.enable then "podman+" else "podman*";
+  in {
+    "${matchAll}".allowedUDPPorts = [ 53 ];
+  };
 
   virtualisation.oci-containers.backend = "podman";
 

testdata/TestBuildSpec_BuildEnabled.docker.nix

@@ -1,4 +1,4 @@
-{ pkgs, lib, ... }:
+{ pkgs, lib, config, ... }:
 
 {
   # Runtime

testdata/TestBuildSpec_BuildEnabled.podman.nix

@@ -1,20 +1,20 @@
-{ pkgs, lib, ... }:
+{ pkgs, lib, config, ... }:
 
 {
   # Runtime
   virtualisation.podman = {
     enable = true;
     autoPrune.enable = true;
     dockerCompat = true;
-    defaultNetwork.settings = {
-      # Required for container networking to be able to use names.
-      dns_enabled = true;
-    };
   };
 
-  # Enable container name DNS for non-default Podman networks.
-  # https://github.com/NixOS/nixpkgs/issues/226365
-  networking.firewall.interfaces."podman+".allowedUDPPorts = [ 53 ];
+  # Enable container name DNS for all Podman networks.
+  # See: https://github.com/NixOS/nixpkgs/issues/226365
+  networking.firewall.interfaces = let
+    matchAll = if !config.networking.nftables.enable then "podman+" else "podman*";
+  in {
+    "${matchAll}".allowedUDPPorts = [ 53 ];
+  };
 
   virtualisation.oci-containers.backend = "podman";
 

testdata/TestCommandAndEntrypoint.docker.nix

@@ -1,4 +1,4 @@
-{ pkgs, lib, ... }:
+{ pkgs, lib, config, ... }:
 
 {
   # Runtime

testdata/TestCommandAndEntrypoint.podman.nix

@@ -1,20 +1,20 @@
-{ pkgs, lib, ... }:
+{ pkgs, lib, config, ... }:
 
 {
   # Runtime
   virtualisation.podman = {
     enable = true;
     autoPrune.enable = true;
     dockerCompat = true;
-    defaultNetwork.settings = {
-      # Required for container networking to be able to use names.
-      dns_enabled = true;
-    };
   };
 
-  # Enable container name DNS for non-default Podman networks.
-  # https://github.com/NixOS/nixpkgs/issues/226365
-  networking.firewall.interfaces."podman+".allowedUDPPorts = [ 53 ];
+  # Enable container name DNS for all Podman networks.
+  # See: https://github.com/NixOS/nixpkgs/issues/226365
+  networking.firewall.interfaces = let
+    matchAll = if !config.networking.nftables.enable then "podman+" else "podman*";
+  in {
+    "${matchAll}".allowedUDPPorts = [ 53 ];
+  };
 
   virtualisation.oci-containers.backend = "podman";
 

testdata/TestComposeEnvFiles.docker.nix

@@ -1,4 +1,4 @@
-{ pkgs, lib, ... }:
+{ pkgs, lib, config, ... }:
 
 {
   # Runtime

testdata/TestComposeEnvFiles.podman.nix

@@ -1,20 +1,20 @@
-{ pkgs, lib, ... }:
+{ pkgs, lib, config, ... }:
 
 {
   # Runtime
   virtualisation.podman = {
     enable = true;
     autoPrune.enable = true;
     dockerCompat = true;
-    defaultNetwork.settings = {
-      # Required for container networking to be able to use names.
-      dns_enabled = true;
-    };
   };
 
-  # Enable container name DNS for non-default Podman networks.
-  # https://github.com/NixOS/nixpkgs/issues/226365
-  networking.firewall.interfaces."podman+".allowedUDPPorts = [ 53 ];
+  # Enable container name DNS for all Podman networks.
+  # See: https://github.com/NixOS/nixpkgs/issues/226365
+  networking.firewall.interfaces = let
+    matchAll = if !config.networking.nftables.enable then "podman+" else "podman*";
+  in {
+    "${matchAll}".allowedUDPPorts = [ 53 ];
+  };
 
   virtualisation.oci-containers.backend = "podman";
 

testdata/TestDeployDevices.docker.nix

@@ -1,4 +1,4 @@
-{ pkgs, lib, ... }:
+{ pkgs, lib, config, ... }:
 
 {
   # Runtime

testdata/TestDeployDevices.podman.nix

@@ -1,20 +1,20 @@
-{ pkgs, lib, ... }:
+{ pkgs, lib, config, ... }:
 
 {
   # Runtime
   virtualisation.podman = {
     enable = true;
     autoPrune.enable = true;
     dockerCompat = true;
-    defaultNetwork.settings = {
-      # Required for container networking to be able to use names.
-      dns_enabled = true;
-    };
   };
 
-  # Enable container name DNS for non-default Podman networks.
-  # https://github.com/NixOS/nixpkgs/issues/226365
-  networking.firewall.interfaces."podman+".allowedUDPPorts = [ 53 ];
+  # Enable container name DNS for all Podman networks.
+  # See: https://github.com/NixOS/nixpkgs/issues/226365
+  networking.firewall.interfaces = let
+    matchAll = if !config.networking.nftables.enable then "podman+" else "podman*";
+  in {
+    "${matchAll}".allowedUDPPorts = [ 53 ];
+  };
 
   virtualisation.oci-containers.backend = "podman";
 

testdata/TestEmptyEnv.docker.nix

@@ -1,4 +1,4 @@
-{ pkgs, lib, ... }:
+{ pkgs, lib, config, ... }:
 
 {
   # Runtime

testdata/TestEmptyEnv.podman.nix

@@ -1,20 +1,20 @@
-{ pkgs, lib, ... }:
+{ pkgs, lib, config, ... }:
 
 {
   # Runtime
   virtualisation.podman = {
     enable = true;
     autoPrune.enable = true;
     dockerCompat = true;
-    defaultNetwork.settings = {
-      # Required for container networking to be able to use names.
-      dns_enabled = true;
-    };
   };
 
-  # Enable container name DNS for non-default Podman networks.
-  # https://github.com/NixOS/nixpkgs/issues/226365
-  networking.firewall.interfaces."podman+".allowedUDPPorts = [ 53 ];
+  # Enable container name DNS for all Podman networks.
+  # See: https://github.com/NixOS/nixpkgs/issues/226365
+  networking.firewall.interfaces = let
+    matchAll = if !config.networking.nftables.enable then "podman+" else "podman*";
+  in {
+    "${matchAll}".allowedUDPPorts = [ 53 ];
+  };
 
   virtualisation.oci-containers.backend = "podman";
 

testdata/TestEnvFiles.docker.nix

@@ -1,4 +1,4 @@
-{ pkgs, lib, ... }:
+{ pkgs, lib, config, ... }:
 
 {
   # Runtime