Podman containers DNS

ptman · March 29, 2023, 11:08am

I can’t seem to reach other containers by hostname, only by (varying) IP address. NixOS 22.11.

firecat53 · March 29, 2023, 1:10pm

Try assigning containers to a pod.

ptman · March 29, 2023, 1:23pm

Excellent suggestion thank you. I’ve just tried using it like a replacement for docker via virtualisation.oci-containers.containers.

How would one assign a pod via that?

nifoc · March 29, 2023, 2:53pm

Did you set virtualisation.podman.defaultNetwork.dnsname.enable and adjust your firewall accordingly?

I added the following rules (might not be what you want exactly):

  networking.firewall.interfaces."podman+" = {
    allowedUDPPorts = [ 53 ];
    allowedTCPPorts = [ 53 ];
  };

firecat53 · March 29, 2023, 3:41pm

Example setup for nextcloud/redis/mariadb: (assigning a pod falls under extraOptions)

  systemd.services.pod-cloud = {
    description = "Start podman 'nextcloud' pod";
    wants = [ "network-online.target" ];
    after = [ "network-online.target" ];
    requiredBy = [ "podman-mariadb.service" "podman-nextcloud.service" "podman-redis.service" ];
    unitConfig = {
      RequiresMountsFor = "/run/containers";
    };
    serviceConfig = {
      Type = "oneshot";
      ExecStart = "-${pkgs.podman}/bin/podman pod create cloud";
    };
    path = [ pkgs.zfs pkgs.podman ];
  };
  virtualisation.podman = {
    enable = true;
    extraPackages = [ pkgs.zfs ];
  };
  virtualisation.containers.storage.settings = {
    storage = {
      driver = "zfs";
      graphroot = "/var/lib/containers/storage";
      runroot = "/run/containers/storage";
    };
  };
    nextcloud = {
      image = "nextcloud:local";
      autoStart = true;
      user = "1000:100";
      dependsOn = [ "mariadb" "redis" ];
      environment = {
        MYSQL_HOST = "127.0.0.1";
        REDIS_HOST = "127.0.0.1";
        TRUSTED_PROXIES = "10.88.0.1/24";
        NEXTCLOUD_TRUSTED_DOMAINS = "my.domain";
        MAIL_DOMAIN = "my.domain";
        OVERWRITEHOST = "my.domain";
        OVERWRITEPROTOCOL = "https";
        OVERWRITECLIURL = "my.domain";
        PHP_MEMORY_LIMIT = "2G";
        PHP_UPLOAD_LIMIT = "2G";
      };
      extraOptions = [
        "--device=/dev/dri"
        "--init=true"
        "--pod=cloud"
        "--label=traefik.enable=true"
        "--label=traefik.http.routers.nextcloud.rule=Host(`my.domain`)"
        "--label=traefik.http.routers.nextcloud.entrypoints=websecure"
        "--label=traefik.http.routers.nextcloud.tls.certResolver=le"
        "--label=traefik.http.routers.nextcloud.middlewares=headers,nextcloud-redirectregex@file"
        "--label=traefik.http.services.nextcloud.loadbalancer.server.port=80"
        "--sysctl=net.ipv4.ip_unprivileged_port_start=80"
      ];
      volumes = [ "nextcloud_config:/var/www/html" "/mnt/media:/data" ];
    };
    redis = {
      image = "docker.io/library/redis:latest";
      autoStart = true;
      user = "1000:100";
      cmd = [ "redis-server" "--save" "59" "1" "--loglevel" "warning" ];
      extraOptions = [ "--pod=cloud" ];
      volumes = [ "redis_data:/data" ];
    };
    mariadb = {
      image = "docker.io/library/mariadb:latest";
      autoStart = true;
      user = "mysql:mysql";
      cmd = [ "--transaction-isolation=READ-COMMITTED" "--log-bin=msqyld-bin" "--binlog-format=ROW" ];
      extraOptions = [ "--pod=cloud" ];
      volumes = [ "mariadb_data:/var/lib/mysql" ];
      environment = {
        MYSQL_DATABASE = "nextcloud";
        MYSQL_USER = "nextcloud";
        MYSQL_PASSWORD = "password";
        MYSQL_ROOT_PASSWORD = "rootpassword";
      };
    };
  };