Podman support, without socket

[roberth]

EDIT:

Podman can already be used with docker-compose and/or arion by configuring the system to provide a docker socket. This is in fact the recommended method for supporting NixOS-based containers. See https://docs.hercules-ci.com/arion/#_nixos

---

Thanks @adisbladis for bringing this up! Our discussion has yielded the following plan:

Add podman as a dependency of arion, to be used as a fallback when the docker command is not available

Alternative: build-time option

Configure backend at build time to keep closure small. Not preferable because the size increase is only about 50% and we'd put quite a burden on the user, to select the right arion for their system, and it won't be compatible with the goal of specifying concrete deployment details via Nix options.

Alternative: don't wrap

Don't include docker-compose or podman-compose Not preferable because arion is tightly coupled with docker-compose's interface (it generates docker compose files). This way you'll automatically pin these dependencies when pinning arion and/or nixpkgs, which is good for practical reproducibility.

Future

Eventually this behavior will be part of an "auto" backend. The backend will be selectable explicitly via a Nix option.

[dzmitry-lahoda]

we were able to run containers in nix build via podman

[dzmitry-lahoda]

we failed to run image via docker because dockerd unix socket is not sandbox.

[dzmitry-lahoda]

so podman would allow to run arion in test in nix build.

[dzmitry-lahoda]

Docker needs sockets, while podman only cgroups (some supporter released is here https://discourse.nixos.org/t/nix-2-12-0-released/23780 ). I am not linux person, cgroups can isolated sockets too, so prefer not to have that.

[FedX-sudo]

I was messing around with Arion for declarative containers on NixOS via Podman. I have discovered Podman does in fact provide a socket (you may need dockerCompact enabled on NixOS or your distros equivalent) at /var/run/podman/podman.sock, but Docker expects the socket at /var/run/docker.sock. This can shockingly be fixed by running sudo ln /var/run/podman/podman.sock /var/run/docker.sock to symlink the Podman socket to the Docker socket and trick Arion into thinking Docker is running. Hope this helps!

[adisbladis]

I was messing around with Arion for declarative containers on NixOS via Podman. I have discovered Podman does in fact provide a socket (you may need dockerCompact enabled on NixOS or your distros equivalent) at /var/run/podman/podman.sock, but Docker expects the socket at /var/run/docker.sock. This can shockingly be fixed by running sudo ln /var/run/podman/podman.sock /var/run/docker.sock to symlink the Podman socket to the Docker socket and trick Arion into thinking Docker is running. Hope this helps!

This socket does not exist normally and requires you to set up a daemon. This is not the most common workflow with Podman. dockerCompat is used to make the docker command use podman instead and to make things like man docker use the Podman equivalent man pages.

Relying on the socket to exist is not a preferable option.