[go: up one dir, main page]

Skip to content

podenv/podenv

Repository files navigation

podenv: a container wrapper

Hackage Apache-2.0 license

Note that this is a work in progress, please get in touch if you are interested.

Podenv provides a declarative interface to manage containerized applications. Using rootless containers, podenv let you run applications seamlessly.

Overview and scope

The goal of podenv is to implement a modern application launcher:

Podenv differs from toolbx or flatpak:

  • Isolation by default: network or home directory access need to be explicitely enabled.
  • Unopinionated runtime: applications are provided by distro packages or Containerfile.
  • High level command line interface.

Features

Capabilities

Share resources with simple toggles:

  • --wayland graphical display.
  • --pipewire access audio and video streams.
  • --dbus share the dbus session.
  • See the full list in this configuration schema: Capabilities.Type

Mount directories with smart volumes:

  • --volume ~ share the home directory.
  • --volume web:~ use a volume named web for the container home.
  • --hostfile ./document.pdf share a single file.

Container Runtimes

Podenv works with multiple container runtimes:

  • Podman for image and Containerfile.
  • Bubblewrap for local rootfs and Nix Flakes.

The runtime integration is decoupled from the application description so that more options can be added in the future.

Namespace

Applications can share resources using the --namespace NAME option. For example, a browser application can be attached to the network of a VPN application. Checkout the Configure a VPN howto.

Configuration

Applications are user-defined with functionnal and re-usable expressions:

Firefox with a fedora container

(env:PODENV).Application::{
, name = "firefox"
, description = Some "Mozilla Firefox"
, runtime = (env:PODENV).Hub.fedora.useGraphic [ "firefox" ]
, command = [ "firefox", "--no-remote" ]
, capabilities = (env:PODENV).Capabilities::{ wayland = True, network = True }
}

The fedora useGraphic function defines a custom Containerfile:

\(pkgs : List Text) ->
(env:PODENV).ContainerBuild::{
, containerfile =
    ''
    FROM fedora:latest
    RUN dnf install -y mesa-dri-drivers pipewire-libs
    RUN dnf update -y
    RUN dnf install -y ${concatSep " " pkgs}
    ''
, image_home = Some "/home/fedora"
, image_update = Some "dnf update -y"
}

The graphic packages layer is shared by the other apps.

Nix Flakes

Podenv support the Nix installables syntax:

(env:PODENV).Application::{
, name = "polyglot"
, description = Some "Tool to count lines of source code."
, runtime = (env:PODENV).Hub.nix.useInstallables [ "github:podenv/polyglot.nix" ]
, capabilities = (env:PODENV).Capabilities::{ cwd = True }
}

Hub

By default, podenv uses the hub collection. Run podenv --list to see the available applications.

Usage

Podenv provides a simple command line: podenv [--caps] application-name [args]. Checkout the tutorials for examples.

Documentation

Podenv documentation is organized into the following four sections:

Tutorials

These guides help you get your hands dirty with working examples:

Howtos

These cookbooks teach you how to solve specific tasks:

Discussions

These posts explain the context and motivation behind this tool:

References

These comprehensive resources cover details that other texts will gloss over: