abiosoft · abiosoft · Feb 16, 2022 · Feb 9, 2022 · Feb 9, 2022 · Feb 9, 2022
diff --git a/INSTALL.md b/INSTALL.md
@@ -18,9 +18,9 @@ brew install --HEAD colima
 
 Stable version
 
-```
+```
 sudo port install colima
-```
+```
 
 ## Nix
 
@@ -42,7 +42,7 @@ Binaries are available with every release on the [releases page](https://github.
 
 ```sh
 # download binary
-curl -LO https://github.com/abiosoft/colima/releases/download/v0.3.2/colima-$(uname)-$(uname -m)
+curl -LO https://github.com/abiosoft/colima/releases/download/v0.3.3/colima-$(uname)-$(uname -m)
 
 # install in $PATH
 install colima-$(uname)-$(uname -m) /usr/local/bin/colima # or sudo install if /usr/local/bin requires root.

diff --git a/README.md b/README.md
@@ -130,12 +130,23 @@ To provide container runtimes on macOS with minimal setup.
 
 ## What is with the name?
 
-Colima means Containers in Lima.
+Colima means Containers in [Lima](https://github.com/lima-vm/lima).
 
 Since Lima is aka Linux on Mac. By transitivity, Colima can also mean Containers on Linux on Mac.
 
 ## FAQ
 
+<details>
+<summary>How does Colima compare to Lima?</summary>
+<p>
+
+Colima is basically a higher level usage of Lima and utilises Lima to provide Docker, Containerd and/or Kubernetes.
+
+If you want more control over the underlying VM, you can either use Lima directly or override Colima's VM settings with [Lima overrides](https://github.com/lima-vm/lima/blob/873a39c6652fe5fcb07ee08418f39ccaeeea6979/pkg/limayaml/default.yaml#L271).
+
+</p>
+</details>
+
 <details>
 <summary>Can it run alongside Docker for Mac?</summary>
 <p>
@@ -195,7 +206,7 @@ Feedbacks would be appreciated.
 
 ## Help Wanted
 
-- ~~Homebrew formula~~
+- Documentation
 - Testing on M1 Macs
 
 ## Sponsoring the Project

diff --git a/cmd/start.go b/cmd/start.go
@@ -26,7 +26,8 @@ The --runtime, --disk and --arch flags are only used on initial start and ignore
 		"  colima start --with-kubernetes\n" +
 		"  colima start --runtime containerd --with-kubernetes\n" +
 		"  colima start --cpu 4 --memory 8 --disk 100\n" +
-		"  colima start --arch aarch64",
+		"  colima start --arch aarch64\n" +
+		"  colima start --dns 1.1.1.1 --dns 8.8.8.8",
 	RunE: func(cmd *cobra.Command, args []string) error {
 		return newApp().Start(startCmdArgs.Config)
 	},
@@ -73,6 +74,9 @@ The --runtime, --disk and --arch flags are only used on initial start and ignore
 		if !cmd.Flag("ssh-agent").Changed {
 			startCmdArgs.VM.ForwardAgent = current.VM.ForwardAgent
 		}
+		if !cmd.Flag("dns").Changed {
+			startCmdArgs.VM.DNS = current.VM.DNS
+		}
 
 		log.Println("using", current.Runtime, "runtime")
 
@@ -140,9 +144,5 @@ func init() {
 	startCmd.Flags().StringToStringVarP(&startCmdArgs.VM.Env, "env", "e", nil, "environment variables for the VM")
 	_ = startCmd.Flags().MarkHidden("env")
 
-	// dns application is not as straightforward in alpine
-	// coupled with the fact that Lima now supports DNS propagation from the host
-	// this is no longer priority
 	startCmd.Flags().IPSliceVarP(&startCmdArgs.VM.DNS, "dns", "n", nil, "DNS servers for the VM")
-	_ = startCmd.Flags().MarkHidden("dns")
 }
diff --git a/environment/vm/lima/certs.go b/environment/vm/lima/certs.go
@@ -0,0 +1,44 @@
+package lima
+
+import (
+	"fmt"
+	"path/filepath"
+
+	"github.com/abiosoft/colima/config"
+	"github.com/abiosoft/colima/util"
+)
+
+func (l limaVM) copyCerts() error {
+	log := l.Logger()
+	err := func() error {
+		dockerCertsDirHost := filepath.Join(util.HomeDir(), ".docker", "certs.d")
+		dockerCertsDirGuest := "/etc/docker/certs.d"
+		if _, err := l.host.Stat(dockerCertsDirHost); err != nil {
+			// no certs found
+			return nil
+		}
+
+		// we are utilising the host cache path as it is the only guaranteed mounted path.
+
+		// copy to cache dir
+		dockerCertsCacheDir := filepath.Join(config.CacheDir(), "docker-certs")
+		if err := l.host.RunQuiet("mkdir", "-p", dockerCertsCacheDir); err != nil {
+			return err
+		}
+		if err := l.host.RunQuiet("cp", "-R", dockerCertsDirHost+"/.", dockerCertsCacheDir); err != nil {
+			return err
+		}
+
+		// copy from cache to vm
+		if err := l.RunQuiet("sudo", "mkdir", "-p", dockerCertsDirGuest); err != nil {
+			return err
+		}
+		return l.RunQuiet("sudo", "cp", "-R", dockerCertsCacheDir+"/.", dockerCertsDirGuest)
+	}()
+
+	// not a fatal error, a warning suffices.
+	if err != nil {
+		log.Warnln(fmt.Errorf("cannot copy registry certs to vm: %w", err))
+	}
+	return nil
+}
diff --git a/environment/vm/lima/lima.go b/environment/vm/lima/lima.go
@@ -115,6 +115,9 @@ func (l *limaVM) Start(conf config.Config) error {
 		return os.Remove(configFile)
 	})
 
+	// registry certs
+	a.Add(l.copyCerts)
+
 	l.applyDNS(a, conf)
 
 	// adding it to command chain to execute only after successful startup.
@@ -150,35 +153,58 @@ func (l limaVM) resume(conf config.Config) error {
 		return l.host.Run(limactl, "start", config.Profile().ID)
 	})
 
+	// registry certs
+	a.Add(l.copyCerts)
+
 	l.applyDNS(a, conf)
 
 	return a.Exec()
 }
 
 func (l limaVM) applyDNS(a *cli.ActiveCommandChain, conf config.Config) {
-	// manually set the domain using systemd-resolve.
+	// manually set the DNS by modifying the resolve file.
 	//
 	// Lima's DNS settings is fixed at VM create and cannot be changed afterwards.
 	// this is a better approach as it only applies on VM startup and gets reset at shutdown.
-	// this is specific to ubuntu, may be different for other distros.
-
-	if len(conf.VM.DNS) == 0 {
-		return
-	}
-
-	a.Stage("applying DNS config")
+	// this is specific to Alpine , may be different for other distros.
+	log := l.Logger()
+	dnsFile := "/etc/resolv.conf"
+	dnsFileBak := dnsFile + ".lima"
 
-	// apply settings
 	a.Add(func() error {
-		args := []string{"sudo", "systemd-resolve", "--interface", "eth0"}
-		for _, ip := range conf.VM.DNS {
-			args = append(args, "--set-dns", ip.String())
+		// backup the original dns file (if not previously done)
+		if l.RunQuiet("stat", dnsFileBak) != nil {
+			err := l.RunQuiet("sudo", "cp", dnsFile, dnsFileBak)
+			if err != nil {
+				// custom DNS config failure should not prevent the VM from starting
+				// as the default config will be used.
+				// Rather, warn and terminate setting the DNS config.
+				log.Warnln(fmt.Errorf("error backing up default DNS config: %w", err))
+				return nil
+			}
 		}
-		return l.Run(args...)
+		return nil
 	})
-	// restart service, should not be needed but to ascertain
+
 	a.Add(func() error {
-		return l.Run("sudo", "systemctl", "restart", "systemd-resolved")
+		// empty the file
+		if err := l.RunQuiet("sudo", "rm", "-f", dnsFile); err != nil {
+			return fmt.Errorf("error initiating DNS config: %w", err)
+		}
+
+		for _, dns := range conf.VM.DNS {
+			line := fmt.Sprintf(`echo nameserver %s >> %s`, dns.String(), dnsFile)
+			if err := l.RunQuiet("sudo", "sh", "-c", line); err != nil {
+				return fmt.Errorf("error applying DNS config: %w", err)
+			}
+		}
+
+		if len(conf.VM.DNS) > 0 {
+			return nil
+		}
+
+		// use the default Lima dns if no dns is set
+		return l.RunQuiet("sudo", "sh", "-c", fmt.Sprintf("cat %s >> %s", dnsFileBak, dnsFile))
 	})
 }
 

diff --git a/environment/vm/lima/yaml.go b/environment/vm/lima/yaml.go
@@ -17,8 +17,8 @@ func newConf(conf config.Config) (l Config, err error) {
 	l.Arch = environment.Arch(conf.VM.Arch).Value()
 
 	l.Images = append(l.Images,
-		File{Arch: environment.AARCH64, Location: "https://github.com/abiosoft/alpine-lima/releases/download/colima-v0.3.2/alpine-lima-clm-3.14.3-aarch64.iso", Digest: "sha512:1f93efbfb3093203446f605647438d04d239d3ee591c06b85e79f067180eff5d6b24b9133d147731a0a68d6d3b8d233eed844c99453e2f697e8df70f5b9cb1eb"},
-		File{Arch: environment.X8664, Location: "https://github.com/abiosoft/alpine-lima/releases/download/colima-v0.3.2/alpine-lima-clm-3.14.3-x86_64.iso", Digest: "sha512:875482176ff2f43bf9472f84137d8b9a56d692ae19243436079c7f2f78cb6b13576601eef9102aaea796629215fc60308e69b590c81fe4139e9e84f1ec4a57f5"},
+		File{Arch: environment.AARCH64, Location: "https://github.com/abiosoft/alpine-lima/releases/download/colima-v0.3.3-1/alpine-lima-clm-3.14.3-aarch64.iso", Digest: "sha512:07d5b98f93c48e103cc0a3610a99980c17a5c8ca3ea81ca66ee53de2a182d41568e6701c146728270ecf2b8a944abc34f25ebb0edcea3378f2c17c75a287f85c"},
+		File{Arch: environment.X8664, Location: "https://github.com/abiosoft/alpine-lima/releases/download/colima-v0.3.3-1/alpine-lima-clm-3.14.3-x86_64.iso", Digest: "sha512:1bcdf1fec1f7de5938a1dd6effad9546d20ff6caf6eefc8224a66af74891f0337f6f1e9bb8c2b3231e1364be004c3b25457cbc427968e27750d60662093538aa"},
 	)
 
 	l.CPUs = conf.VM.CPU
@@ -30,7 +30,9 @@ func newConf(conf config.Config) (l Config, err error) {
 	l.Firmware.LegacyBIOS = false
 
 	l.DNS = conf.VM.DNS
-	l.UseHostResolver = len(l.DNS) == 0 // use host resolver when no DNS is set
+	// always use host resolver to generate Lima's default resolv.conf file
+	// colima will override this in VM when custom DNS is set
+	l.HostResolver.Enabled = true
 
 	l.Env = map[string]string{}
 	for k, v := range conf.VM.Env {
@@ -98,19 +100,19 @@ func newConf(conf config.Config) (l Config, err error) {
 
 // Config is lima config. Code copied from lima and modified.
 type Config struct {
-	Arch            environment.Arch  `yaml:"arch,omitempty"`
-	Images          []File            `yaml:"images"`
-	CPUs            int               `yaml:"cpus,omitempty"`
-	Memory          string            `yaml:"memory,omitempty"`
-	Disk            string            `yaml:"disk,omitempty"`
-	Mounts          []Mount           `yaml:"mounts,omitempty"`
-	SSH             SSH               `yaml:"ssh,omitempty"`
-	Containerd      Containerd        `yaml:"containerd"`
-	Env             map[string]string `yaml:"env,omitempty"`
-	DNS             []net.IP          `yaml:"-"` // will be handled manually by colima
-	Firmware        Firmware          `yaml:"firmware"`
-	UseHostResolver bool              `yaml:"useHostResolver"`
-	PortForwards    []PortForward     `yaml:"portForwards,omitempty"`
+	Arch         environment.Arch  `yaml:"arch,omitempty"`
+	Images       []File            `yaml:"images"`
+	CPUs         int               `yaml:"cpus,omitempty"`
+	Memory       string            `yaml:"memory,omitempty"`
+	Disk         string            `yaml:"disk,omitempty"`
+	Mounts       []Mount           `yaml:"mounts,omitempty"`
+	SSH          SSH               `yaml:"ssh,omitempty"`
+	Containerd   Containerd        `yaml:"containerd"`
+	Env          map[string]string `yaml:"env,omitempty"`
+	DNS          []net.IP          `yaml:"-"` // will be handled manually by colima
+	Firmware     Firmware          `yaml:"firmware"`
+	HostResolver HostResolver      `yaml:"hostResolver"`
+	PortForwards []PortForward     `yaml:"portForwards,omitempty"`
 }
 
 type File struct {
@@ -161,6 +163,12 @@ type PortForward struct {
 	Proto          Proto  `yaml:"proto,omitempty" json:"proto,omitempty"`
 	Ignore         bool   `yaml:"ignore,omitempty" json:"ignore,omitempty"`
 }
+
+type HostResolver struct {
+	Enabled bool `yaml:"enabled" json:"enabled"`
+	IPv6    bool `yaml:"ipv6,omitempty" json:"ipv6,omitempty"`
+}
+
 type volumeMount string
 
 func (v volumeMount) Writable() bool {