yellow: Install Podman

Podman will provide the container runtime for Home Assistant et al. Some additional kernel features are required to run containers.
2023-03-26 12:10:58 -05:00 · 2023-03-26 12:10:58 -05:00 · 5328e5482b
parent 8d3c39373f
commit 5328e5482b
5 changed files with 40 additions and 0 deletions
--- a/yellow/install.packages
+++ b/yellow/install.packages
@ -0,0 +1 @@
+app-containers/podman
--- a/yellow/linux.config
+++ b/yellow/linux.config
@ -54,3 +54,8 @@ CONFIG_SECURITY_NETWORK=y
 CONFIG_SECURITY_SELINUX=y
 CONFIG_DEFAULT_SECURITY_SELINUX=y
 # DEFAULT_SECURITY_DAC is not set
+
+CONFIG_POSIX_MQUEUE=y
+CONFIG_MEMCG=y
+CONFIG_CGROUP_PIDS=y
+CONFIG_BLK_CGROUP=y
--- a/yellow/overlay/etc/containers/policy.json
+++ b/yellow/overlay/etc/containers/policy.json
@ -0,0 +1,32 @@
+{
+    "default": [
+        {
+            "type": "insecureAcceptAnything"
+        }
+    ],
+    "transports": {
+        "docker": {
+	    "registry.access.redhat.com": [
+		{
+		    "type": "signedBy",
+		    "keyType": "GPGKeys",
+		    "keyPath": "/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release"
+		}
+	    ],
+	    "registry.redhat.io": [
+		{
+		    "type": "signedBy",
+		    "keyType": "GPGKeys",
+		    "keyPath": "/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release"
+		}
+	    ]
+	},
+        "docker-daemon": {
+	    "": [
+		{
+		    "type": "insecureAcceptAnything"
+		}
+	    ]
+	}
+    }
+}
--- a/yellow/overlay/etc/containers/registries.conf
+++ b/yellow/overlay/etc/containers/registries.conf
@ -0,0 +1 @@
+unqualified-search-registries = ['docker.io', 'quay.io', 'registry.fedoraproject.org']
--- a/yellow/portage/target/etc/portage/package.use/iptables
+++ b/yellow/portage/target/etc/portage/package.use/iptables
@ -0,0 +1 @@
+net-firewall/iptables conntrack nftables
				`@ -0,0 +1 @@`
				`unqualified-search-registries = ['docker.io', 'quay.io', 'registry.fedoraproject.org']`