Podman Container to Container Networking

cristian · February 23, 2021, 3:56pm

Hey, pretty new to NixOS. Been using it for about 2 weeks on my NUC, deploying to it via NixOps on my Mac using a local build machine in Docker.

I am porting over all of my services that I ran on Ubuntu via docker-compose to Nix and decided to switch to Podman during this transition. Everything is working great thus far, but I am running in to a small hurdle when configuring multiple services that need to talk to each other.

In docker-compose, this is easy because compose will map all the containers and make them accessible by DNS such as http://influxdb:8086. My solution in Podman is to create a Pod and put all of my related containers in that Pod so that they can communicate using http://localhost:8086.

Additionally, I can map ports to the entire Pod to make the service accessible outside Podman. This works and is great, but I have not found a declarative way to create this Pod using the Nix config.

Has anyone had any luck achieving this?

influxdb.nix

{
  autoStart = true;
  image = "influxdb:1.8.4";

  environment = {
    "INFLUXDB_REPORTING_DISABLED" = "true";
    "INFLUXDB_DATA_QUERY_LOG_ENABLED" = "true";
  };

  extraOptions = [ "--pod=elk" ];

  volumes = [
    "influxdb:/var/lib/influxdb"
  ];
}

grafana.nix

{
  autoStart = true;
  image = "grafana/grafana:7.4.1";

  dependsOn = [ "influxdb" ];

  extraOptions = [ "--pod=elk" ];

  volumes = [ "grafana:/var/lib/grafana" ];
}

configuration.nix

  virtualisation = {
    oci-containers = {
      backend = "podman";

      containers = {
        grafana = import ./containers/grafana.nix;
        influxdb = import ./containers/influxdb.nix;
      };
    };
  };

paperdigits · February 25, 2021, 4:03am

You should be able to do this with a systemd one-shot service:

  systemd.services.podman-create-pod-test-pod = {
    serviceConfig.Type = "oneshot";
    wantedBy = [ "youOtherContainer.service" ];
    script = ''
      podman pod exists test-pod || podman pod create --name test-pod
    '';
  };

cristian · February 25, 2021, 7:14pm

Thank you, this worked perfectly.

For those who stumble upon this in the future, I had to make a slight modification and include the pkgs.podman in my script like so:

  systemd.services.create-elk-pod = with config.virtualisation.oci-containers; {
    serviceConfig.Type = "oneshot";
    wantedBy = [ "${backend}-influxdb.service" ];
    script = ''
      ${pkgs.podman}/bin/podman pod exists elk || \
        ${pkgs.podman}/bin/podman pod create -n elk -p '127.0.0.1:8040:3000'
    '';
  };