From b9d077f5d8a8870304cd78f3e10c311c3564cdd3 Mon Sep 17 00:00:00 2001
From: sommerfeld <sommerfeld@sommerfeld.dev>
Date: Fri, 5 Jun 2026 11:05:57 +0100
Subject: feat(nix): unify rootless podman across host and VM
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Move the podman stack (podman, crun, conmon, netavark, aardvark-dns,
slirp4netns, passt, podman-compose, podman-docker) from a vm-only block
into common.nix so the Arch host and the Ubuntu remote-dev VM run the
same nix-pinned versions. This drops podman-compose + podman-docker
from pacman as well — they were the only podman-stack pieces still
sourced from there on the host.

Relocate registries.conf + policy.json into the chezmoi tree at
dot_config/containers/ so both flavors share them; vm.nix now picks
them up via the existing link helper. storage.conf stays inline in
vm.nix because the VM needs the overlay driver while the Arch host
uses the btrfs driver (root fs is btrfs there).
---
 dot_config/containers/policy.json | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)
 create mode 100644 dot_config/containers/policy.json

(limited to 'dot_config/containers/policy.json')

diff --git a/dot_config/containers/policy.json b/dot_config/containers/policy.json
new file mode 100644
index 0000000..d8c638a
--- /dev/null
+++ b/dot_config/containers/policy.json
@@ -0,0 +1,16 @@
+{
+  "default": [
+    {
+      "type": "insecureAcceptAnything"
+    }
+  ],
+  "transports": {
+    "docker-daemon": {
+      "": [
+        {
+          "type": "insecureAcceptAnything"
+        }
+      ]
+    }
+  }
+}
-- 
cgit v1.3.1