2025-10-31 18:14:27 +00:00
|
|
|
{
|
|
|
|
|
"name": "bootc-devenv-debian",
|
|
|
|
|
// TODO override this back to prod image
|
|
|
|
|
"image": "ghcr.io/bootc-dev/devenv-debian",
|
|
|
|
|
"customizations": {
|
|
|
|
|
"vscode": {
|
|
|
|
|
// Abitrary, but most of our code is in one of these two
|
|
|
|
|
"extensions": [
|
|
|
|
|
"rust-lang.rust-analyzer",
|
|
|
|
|
"golang.Go"
|
|
|
|
|
]
|
|
|
|
|
}
|
|
|
|
|
},
|
|
|
|
|
"features": {},
|
|
|
|
|
"runArgs": [
|
2026-01-28 21:59:06 +00:00
|
|
|
// Minimal security options for nested podman (avoids --privileged):
|
|
|
|
|
// - label=disable: Required for mounting /proc in nested user namespace
|
|
|
|
|
// - unmask=/proc/*: Allows access to /proc paths needed for nested containers
|
|
|
|
|
"--security-opt", "label=disable",
|
|
|
|
|
"--security-opt", "unmask=/proc/*",
|
|
|
|
|
// Device access for nested containers and VMs
|
|
|
|
|
"--device", "/dev/net/tun",
|
|
|
|
|
"--device", "/dev/kvm"
|
2025-10-31 18:14:27 +00:00
|
|
|
],
|
|
|
|
|
"postCreateCommand": {
|
|
|
|
|
// Our init script
|
|
|
|
|
"devenv-init": "sudo /usr/local/bin/devenv-init.sh"
|
|
|
|
|
},
|
|
|
|
|
"remoteEnv": {
|
|
|
|
|
"PATH": "${containerEnv:PATH}:/usr/local/cargo/bin"
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
