From 70c2fb694a1fbe78631507a59b6a232aafa4a758 Mon Sep 17 00:00:00 2001
From: Tom Alexander <tom@fizz.buzz>
Date: Sun, 7 Sep 2025 22:38:13 -0400
Subject: [PATCH] Switch to podman.

---
 nix/configuration/configuration.nix        |  1 +
 nix/configuration/hosts/odo/default.nix    |  3 +-
 nix/configuration/hosts/quark/default.nix  |  3 +-
 nix/configuration/roles/docker/default.nix |  8 +++
 nix/configuration/roles/podman/default.nix | 80 ++++++++++++++++++++++
 5 files changed, 93 insertions(+), 2 deletions(-)
 create mode 100644 nix/configuration/roles/podman/default.nix

diff --git a/nix/configuration/configuration.nix b/nix/configuration/configuration.nix
index c0e8266..5873b6d 100644
--- a/nix/configuration/configuration.nix
+++ b/nix/configuration/configuration.nix
@@ -49,6 +49,7 @@
     ./roles/nvme
     ./roles/optimized_build
     ./roles/pcsx2
+    ./roles/podman
     ./roles/python
     ./roles/qemu
     ./roles/reset
diff --git a/nix/configuration/hosts/odo/default.nix b/nix/configuration/hosts/odo/default.nix
index f67256d..2beb781 100644
--- a/nix/configuration/hosts/odo/default.nix
+++ b/nix/configuration/hosts/odo/default.nix
@@ -67,7 +67,7 @@
   me.chromium.enable = true;
   me.d2.enable = true;
   me.direnv.enable = true;
-  me.docker.enable = true;
+  me.docker.enable = false;
   me.ecc.enable = false;
   me.emacs_flavor = "full";
   me.firefox.enable = true;
@@ -87,6 +87,7 @@
   me.media.enable = true;
   me.nix_index.enable = true;
   me.pcsx2.enable = true;
+  me.podman.enable = true;
   me.python.enable = true;
   me.qemu.enable = true;
   me.rpcs3.enable = true;
diff --git a/nix/configuration/hosts/quark/default.nix b/nix/configuration/hosts/quark/default.nix
index 663151e..5fa82d1 100644
--- a/nix/configuration/hosts/quark/default.nix
+++ b/nix/configuration/hosts/quark/default.nix
@@ -62,7 +62,7 @@
     me.chromium.enable = true;
     me.d2.enable = true;
     me.direnv.enable = true;
-    me.docker.enable = true;
+    me.docker.enable = false;
     me.ecc.enable = true;
     me.emacs_flavor = "full";
     me.firefox.enable = true;
@@ -83,6 +83,7 @@
     me.nix_index.enable = true;
     me.nix_worker.enable = true;
     me.pcsx2.enable = true;
+    me.podman.enable = true;
     me.python.enable = true;
     me.qemu.enable = true;
     me.rpcs3.enable = true;
diff --git a/nix/configuration/roles/docker/default.nix b/nix/configuration/roles/docker/default.nix
index 7eb287b..7d90a56 100644
--- a/nix/configuration/roles/docker/default.nix
+++ b/nix/configuration/roles/docker/default.nix
@@ -19,6 +19,14 @@
 
   config = lib.mkIf config.me.docker.enable (
     lib.mkMerge [
+      {
+        assertions = [
+          {
+            assertion = !config.me.podman.enable;
+            message = "docker conflicts with podman";
+          }
+        ];
+      }
       {
         virtualisation.docker.enable = true;
         # Use docker activation
diff --git a/nix/configuration/roles/podman/default.nix b/nix/configuration/roles/podman/default.nix
new file mode 100644
index 0000000..c4e9584
--- /dev/null
+++ b/nix/configuration/roles/podman/default.nix
@@ -0,0 +1,80 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+
+{
+  imports = [ ];
+
+  options.me = {
+    podman.enable = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+      example = true;
+      description = "Whether we want to install podman.";
+    };
+  };
+
+  config = lib.mkIf config.me.podman.enable (
+    lib.mkMerge [
+      {
+        assertions = [
+          {
+            assertion = !config.me.docker.enable;
+            message = "podman conflicts with docker";
+          }
+        ];
+      }
+      {
+        environment.systemPackages = with pkgs; [
+          dive
+          podman-tui
+          podman-compose
+        ];
+
+        # Write config files in /etc/containers
+        virtualisation.containers.enable = true;
+        # By default this includes "quay.io" which leads to prompting for which registry to download from.
+        virtualisation.containers.registries.search = [ "docker.io" ];
+        virtualisation = {
+          podman = {
+            enable = true;
+            # Install docker shim
+            dockerCompat = true;
+            # Support name resolution in podman-compose.
+            defaultNetwork.settings.dns_enabled = true;
+          };
+        };
+
+        environment.variables = {
+          # For compatibility with tools expecting a docker socket (like dive).
+          DOCKER_HOST = "unix://$XDG_RUNTIME_DIR/podman/podman.sock";
+        };
+
+        environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {
+          hideMounts = true;
+          directories = [
+            {
+              directory = "/var/lib/containers";
+              user = "root";
+              group = "root";
+              mode = "0755";
+            }
+          ];
+          users.talexander = {
+            directories = [
+              {
+                directory = ".local/share/containers";
+                user = "talexander";
+                group = "talexander";
+                mode = "0700";
+              }
+            ];
+          };
+        };
+      }
+    ]
+  );
+}