2014-07-27 23:00:59 +01:00
|
|
|
# Systemd services for docker.
|
|
|
|
|
|
|
|
{ config, lib, pkgs, ... }:
|
|
|
|
|
|
|
|
with lib;
|
|
|
|
|
|
|
|
let
|
|
|
|
|
|
|
|
cfg = config.virtualisation.docker;
|
2017-04-26 15:55:36 +01:00
|
|
|
proxy_env = config.networking.proxy.envVars;
|
2014-07-27 23:00:59 +01:00
|
|
|
|
|
|
|
in
|
|
|
|
|
|
|
|
{
|
|
|
|
###### interface
|
|
|
|
|
|
|
|
options.virtualisation.docker = {
|
|
|
|
enable =
|
|
|
|
mkOption {
|
|
|
|
type = types.bool;
|
|
|
|
default = false;
|
|
|
|
description =
|
|
|
|
''
|
|
|
|
This option enables docker, a daemon that manages
|
|
|
|
linux containers. Users in the "docker" group can interact with
|
|
|
|
the daemon (e.g. to start or stop containers) using the
|
|
|
|
<command>docker</command> command line tool.
|
|
|
|
'';
|
|
|
|
};
|
2016-12-20 22:24:17 +00:00
|
|
|
|
|
|
|
listenOptions =
|
|
|
|
mkOption {
|
|
|
|
type = types.listOf types.str;
|
2018-12-19 21:44:34 +00:00
|
|
|
default = ["/run/docker.sock"];
|
2016-12-20 22:24:17 +00:00
|
|
|
description =
|
|
|
|
''
|
|
|
|
A list of unix and tcp docker should listen to. The format follows
|
|
|
|
ListenStream as described in systemd.socket(5).
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
|
|
|
enableOnBoot =
|
2014-07-27 23:00:59 +01:00
|
|
|
mkOption {
|
|
|
|
type = types.bool;
|
2015-11-20 22:01:33 +00:00
|
|
|
default = true;
|
2014-07-27 23:00:59 +01:00
|
|
|
description =
|
|
|
|
''
|
2016-12-20 22:24:17 +00:00
|
|
|
When enabled dockerd is started on boot. This is required for
|
2019-05-22 16:40:01 +01:00
|
|
|
containers which are created with the
|
|
|
|
<literal>--restart=always</literal> flag to work. If this option is
|
2016-12-20 22:24:17 +00:00
|
|
|
disabled, docker might be started on demand by socket activation.
|
2014-07-27 23:00:59 +01:00
|
|
|
'';
|
|
|
|
};
|
2016-12-20 22:24:17 +00:00
|
|
|
|
2019-02-27 08:44:37 +00:00
|
|
|
enableNvidia =
|
|
|
|
mkOption {
|
|
|
|
type = types.bool;
|
|
|
|
default = false;
|
|
|
|
description = ''
|
|
|
|
Enable nvidia-docker wrapper, supporting NVIDIA GPUs inside docker containers.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2016-12-20 22:24:17 +00:00
|
|
|
liveRestore =
|
|
|
|
mkOption {
|
|
|
|
type = types.bool;
|
|
|
|
default = true;
|
|
|
|
description =
|
|
|
|
''
|
|
|
|
Allow dockerd to be restarted without affecting running container.
|
|
|
|
This option is incompatible with docker swarm.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2015-09-04 00:18:19 +01:00
|
|
|
storageDriver =
|
|
|
|
mkOption {
|
2016-09-10 11:55:46 +01:00
|
|
|
type = types.nullOr (types.enum ["aufs" "btrfs" "devicemapper" "overlay" "overlay2" "zfs"]);
|
|
|
|
default = null;
|
2015-09-04 00:18:19 +01:00
|
|
|
description =
|
|
|
|
''
|
2016-09-10 11:55:46 +01:00
|
|
|
This option determines which Docker storage driver to use. By default
|
|
|
|
it let's docker automatically choose preferred storage driver.
|
2015-09-04 00:18:19 +01:00
|
|
|
'';
|
|
|
|
};
|
2016-09-10 11:55:46 +01:00
|
|
|
|
|
|
|
logDriver =
|
|
|
|
mkOption {
|
|
|
|
type = types.enum ["none" "json-file" "syslog" "journald" "gelf" "fluentd" "awslogs" "splunk" "etwlogs" "gcplogs"];
|
|
|
|
default = "journald";
|
|
|
|
description =
|
|
|
|
''
|
|
|
|
This option determines which Docker log driver to use.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2014-07-27 23:00:59 +01:00
|
|
|
extraOptions =
|
|
|
|
mkOption {
|
2015-04-25 14:25:15 +01:00
|
|
|
type = types.separatedString " ";
|
2014-07-27 23:00:59 +01:00
|
|
|
default = "";
|
|
|
|
description =
|
|
|
|
''
|
|
|
|
The extra command-line options to pass to
|
|
|
|
<command>docker</command> daemon.
|
|
|
|
'';
|
|
|
|
};
|
2017-07-19 17:20:46 +01:00
|
|
|
|
|
|
|
autoPrune = {
|
|
|
|
enable = mkOption {
|
|
|
|
type = types.bool;
|
|
|
|
default = false;
|
|
|
|
description = ''
|
2017-07-21 15:53:50 +01:00
|
|
|
Whether to periodically prune Docker resources. If enabled, a
|
|
|
|
systemd timer will run <literal>docker system prune -f</literal>
|
|
|
|
as specified by the <literal>dates</literal> option.
|
2017-07-19 17:20:46 +01:00
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
|
|
|
flags = mkOption {
|
|
|
|
type = types.listOf types.str;
|
|
|
|
default = [];
|
|
|
|
example = [ "--all" ];
|
|
|
|
description = ''
|
|
|
|
Any additional flags passed to <command>docker system prune</command>.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
|
|
|
dates = mkOption {
|
|
|
|
default = "weekly";
|
|
|
|
type = types.str;
|
|
|
|
description = ''
|
|
|
|
Specification (in the format described by
|
|
|
|
<citerefentry><refentrytitle>systemd.time</refentrytitle>
|
|
|
|
<manvolnum>7</manvolnum></citerefentry>) of the time at
|
|
|
|
which the prune will occur.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
};
|
2017-09-05 00:02:05 +01:00
|
|
|
|
|
|
|
package = mkOption {
|
|
|
|
default = pkgs.docker;
|
|
|
|
type = types.package;
|
|
|
|
example = pkgs.docker-edge;
|
|
|
|
description = ''
|
|
|
|
Docker package to be used in the module.
|
|
|
|
'';
|
|
|
|
};
|
2014-07-27 23:00:59 +01:00
|
|
|
};
|
|
|
|
|
|
|
|
###### implementation
|
|
|
|
|
2016-12-24 00:44:10 +00:00
|
|
|
config = mkIf cfg.enable (mkMerge [{
|
2019-12-25 06:16:41 +00:00
|
|
|
boot.kernelModules = [ "bridge" "veth" ];
|
2021-05-07 20:46:21 +01:00
|
|
|
boot.kernel.sysctl = {
|
2021-05-13 11:26:45 +01:00
|
|
|
"net.ipv4.conf.all.forwarding" = mkOverride 98 true;
|
|
|
|
"net.ipv4.conf.default.forwarding" = mkOverride 98 true;
|
2021-05-07 20:46:21 +01:00
|
|
|
};
|
2019-02-27 08:44:37 +00:00
|
|
|
environment.systemPackages = [ cfg.package ]
|
|
|
|
++ optional cfg.enableNvidia pkgs.nvidia-docker;
|
2018-06-30 00:58:35 +01:00
|
|
|
users.groups.docker.gid = config.ids.gids.docker;
|
2017-09-05 00:02:05 +01:00
|
|
|
systemd.packages = [ cfg.package ];
|
2016-12-24 00:44:10 +00:00
|
|
|
|
2014-07-27 23:00:59 +01:00
|
|
|
systemd.services.docker = {
|
2016-12-20 22:24:17 +00:00
|
|
|
wantedBy = optional cfg.enableOnBoot "multi-user.target";
|
2021-03-25 20:44:59 +00:00
|
|
|
after = [ "network.target" "docker.socket" ];
|
2021-02-01 16:14:43 +00:00
|
|
|
requires = [ "docker.socket" ];
|
2017-04-26 15:55:36 +01:00
|
|
|
environment = proxy_env;
|
2014-07-27 23:00:59 +01:00
|
|
|
serviceConfig = {
|
2021-01-13 10:33:14 +00:00
|
|
|
Type = "notify";
|
2016-12-24 00:44:10 +00:00
|
|
|
ExecStart = [
|
|
|
|
""
|
|
|
|
''
|
2017-09-05 00:02:05 +01:00
|
|
|
${cfg.package}/bin/dockerd \
|
2016-12-24 00:44:10 +00:00
|
|
|
--group=docker \
|
2021-01-15 13:53:31 +00:00
|
|
|
--host=fd:// \
|
2016-12-24 00:44:10 +00:00
|
|
|
--log-driver=${cfg.logDriver} \
|
|
|
|
${optionalString (cfg.storageDriver != null) "--storage-driver=${cfg.storageDriver}"} \
|
|
|
|
${optionalString cfg.liveRestore "--live-restore" } \
|
2019-02-27 08:44:37 +00:00
|
|
|
${optionalString cfg.enableNvidia "--add-runtime nvidia=${pkgs.nvidia-docker}/bin/nvidia-container-runtime" } \
|
2016-12-24 00:44:10 +00:00
|
|
|
${cfg.extraOptions}
|
|
|
|
''];
|
|
|
|
ExecReload=[
|
|
|
|
""
|
|
|
|
"${pkgs.procps}/bin/kill -s HUP $MAINPID"
|
|
|
|
];
|
2017-04-26 15:55:36 +01:00
|
|
|
};
|
2014-07-27 23:00:59 +01:00
|
|
|
|
2019-02-27 08:44:37 +00:00
|
|
|
path = [ pkgs.kmod ] ++ optional (cfg.storageDriver == "zfs") pkgs.zfs
|
|
|
|
++ optional cfg.enableNvidia pkgs.nvidia-docker;
|
2015-12-24 11:07:45 +00:00
|
|
|
};
|
2017-03-27 14:11:44 +01:00
|
|
|
|
|
|
|
systemd.sockets.docker = {
|
|
|
|
description = "Docker Socket for the API";
|
|
|
|
wantedBy = [ "sockets.target" ];
|
|
|
|
socketConfig = {
|
|
|
|
ListenStream = cfg.listenOptions;
|
|
|
|
SocketMode = "0660";
|
|
|
|
SocketUser = "root";
|
|
|
|
SocketGroup = "docker";
|
|
|
|
};
|
|
|
|
};
|
2017-07-19 17:20:46 +01:00
|
|
|
|
|
|
|
systemd.services.docker-prune = {
|
|
|
|
description = "Prune docker resources";
|
|
|
|
|
|
|
|
restartIfChanged = false;
|
|
|
|
unitConfig.X-StopOnRemoval = false;
|
|
|
|
|
|
|
|
serviceConfig.Type = "oneshot";
|
|
|
|
|
|
|
|
script = ''
|
2017-09-05 00:02:05 +01:00
|
|
|
${cfg.package}/bin/docker system prune -f ${toString cfg.autoPrune.flags}
|
2017-07-19 17:20:46 +01:00
|
|
|
'';
|
|
|
|
|
|
|
|
startAt = optional cfg.autoPrune.enable cfg.autoPrune.dates;
|
|
|
|
};
|
2019-02-27 08:44:37 +00:00
|
|
|
|
|
|
|
assertions = [
|
|
|
|
{ assertion = cfg.enableNvidia -> config.hardware.opengl.driSupport32Bit or false;
|
|
|
|
message = "Option enableNvidia requires 32bit support libraries";
|
|
|
|
}];
|
2016-12-20 22:24:17 +00:00
|
|
|
}
|
2014-07-27 23:00:59 +01:00
|
|
|
]);
|
|
|
|
|
2017-01-01 08:01:03 +00:00
|
|
|
imports = [
|
2021-01-15 13:56:29 +00:00
|
|
|
(mkRemovedOptionModule ["virtualisation" "docker" "socketActivation"] "This option was removed and socket activation is now always active")
|
2017-01-01 08:01:03 +00:00
|
|
|
];
|
|
|
|
|
2014-07-27 23:00:59 +01:00
|
|
|
}
|