nixpkgs/nixos/modules/virtualisation/docker.nix

# Systemd services for docker.

{ config, lib, pkgs, ... }:

with lib;

let

  cfg = config.virtualisation.docker;
  pro = config.networking.proxy.default;
  proxy_env = optionalAttrs (pro != null) { Environment = "\"http_proxy=${pro}\""; };

in

{
  ###### interface

  options.virtualisation.docker = {
    enable =
      mkOption {
        type = types.bool;
        default = false;
        description =
          ''
            This option enables docker, a daemon that manages
            linux containers. Users in the "docker" group can interact with
            the daemon (e.g. to start or stop containers) using the
            <command>docker</command> command line tool.
          '';
      };
    socketActivation =
      mkOption {
        type = types.bool;
        default = false;
        description =
          ''
            This option enables docker with socket activation. I.e. docker will
            start when first called by client.

            Note: This is false by default because systemd lower than 214 that
            nixos uses so far, doesn't support SocketGroup option, so socket
            created by docker has root group now. This will likely be changed
            in future.  So set this option explicitly to false if you wish.
          '';
      };
    storageDriver =
      mkOption {
        type = types.enum ["aufs" "btrfs" "devicemapper" "overlay" "zfs"];
        description =
          ''
            This option determines which Docker storage driver to use.
            It is required but lacks a default value as its most
            suitable value will depend the filesystems available on the
            host.
          '';
      };
    extraOptions =
      mkOption {
        type = types.separatedString " ";
        default = "";
        description =
          ''
            The extra command-line options to pass to
            <command>docker</command> daemon.
          '';
      };

    postStart =
      mkOption {
        type = types.string;
        default = ''
          while ! [ -e /var/run/docker.sock ]; do
            sleep 0.1
          done
        '';
        description = ''
          The postStart phase of the systemd service. You may need to
          override this if you are passing in flags to docker which
          don't cause the socket file to be created.
        '';
      };


  };

  ###### implementation

  config = mkIf cfg.enable (mkMerge [
    { environment.systemPackages = [ pkgs.docker ];
      users.extraGroups.docker.gid = config.ids.gids.docker;
    }
    (mkIf cfg.socketActivation {

      systemd.services.docker = {
        description = "Docker Application Container Engine";
        after = [ "network.target" "docker.socket" ];
        requires = [ "docker.socket" ];
        serviceConfig = {
          ExecStart = "${pkgs.docker}/bin/docker daemon --host=fd:// --group=docker --storage-driver=${cfg.storageDriver} ${cfg.extraOptions}";
          #  I'm not sure if that limits aren't too high, but it's what
          #  goes in config bundled with docker itself
          LimitNOFILE = 1048576;
          LimitNPROC = 1048576;
        } // proxy_env;
      };

      systemd.sockets.docker = {
        description = "Docker Socket for the API";
        wantedBy = [ "sockets.target" ];
        socketConfig = {
          ListenStream = "/var/run/docker.sock";
          SocketMode = "0660";
          SocketUser = "root";
          SocketGroup = "docker";
        };
      };
    })
    (mkIf (!cfg.socketActivation) {

      systemd.services.docker = {
        description = "Docker Application Container Engine";
        wantedBy = [ "multi-user.target" ];
        after = [ "network.target" ];
        serviceConfig = {
          ExecStart = "${pkgs.docker}/bin/docker daemon --group=docker --storage-driver=${cfg.storageDriver} ${cfg.extraOptions}";
          #  I'm not sure if that limits aren't too high, but it's what
          #  goes in config bundled with docker itself
          LimitNOFILE = 1048576;
          LimitNPROC = 1048576;
        } // proxy_env;

        path = [ pkgs.kmod ];
        environment.MODULE_DIR = "/run/current-system/kernel-modules/lib/modules";

        postStart = cfg.postStart;

        # Presumably some containers are running we don't want to interrupt
        restartIfChanged = false;
      };
    })
  ]);

}
Upgrade docker to 1.1.2 and add docker module This version of module has disabled socketActivation, because until nixos upgrade systemd to at least 214, systemd does not support SocketGroup. So socket is created with "root" group when socketActivation enabled. Should be fixed as soon as systemd upgraded. Includes changes from #3015 and supersedes #3028 2014-07-28 01:00:59 +03:00			`# Systemd services for docker.`

			`{ config, lib, pkgs, ... }:`

			`with lib;`

			`let`

			`cfg = config.virtualisation.docker;`
nixos/docker: fix module, add simple test 2014-12-01 17:20:18 +01:00			`pro = config.networking.proxy.default;`
			`proxy_env = optionalAttrs (pro != null) { Environment = "\"http_proxy=${pro}\""; };`
Upgrade docker to 1.1.2 and add docker module This version of module has disabled socketActivation, because until nixos upgrade systemd to at least 214, systemd does not support SocketGroup. So socket is created with "root" group when socketActivation enabled. Should be fixed as soon as systemd upgraded. Includes changes from #3015 and supersedes #3028 2014-07-28 01:00:59 +03:00
			`in`

			`{`
			`###### interface`

			`options.virtualisation.docker = {`
			`enable =`
			`mkOption {`
			`type = types.bool;`
			`default = false;`
			`description =`
			`''`
			`This option enables docker, a daemon that manages`
			`linux containers. Users in the "docker" group can interact with`
			`the daemon (e.g. to start or stop containers) using the`
			`<command>docker</command> command line tool.`
			`'';`
			`};`
			`socketActivation =`
			`mkOption {`
			`type = types.bool;`
			`default = false;`
			`description =`
			`''`
			`This option enables docker with socket activation. I.e. docker will`
			`start when first called by client.`

			`Note: This is false by default because systemd lower than 214 that`
			`nixos uses so far, doesn't support SocketGroup option, so socket`
			`created by docker has root group now. This will likely be changed`
			`in future. So set this option explicitly to false if you wish.`
			`'';`
			`};`
docker: Minor improvements, fix failing test - Replace usage of deprecated CLI flag `--daemon` - Introduce `storageDriver` option for module - Fix failing test by using `overlay` storage driver 2015-09-04 00:18:19 +01:00			`storageDriver =`
			`mkOption {`
			`type = types.enum ["aufs" "btrfs" "devicemapper" "overlay" "zfs"];`
			`description =`
			`''`
			`This option determines which Docker storage driver to use.`
			`It is required but lacks a default value as its most`
			`suitable value will depend the filesystems available on the`
			`host.`
			`'';`
			`};`
Upgrade docker to 1.1.2 and add docker module This version of module has disabled socketActivation, because until nixos upgrade systemd to at least 214, systemd does not support SocketGroup. So socket is created with "root" group when socketActivation enabled. Should be fixed as soon as systemd upgraded. Includes changes from #3015 and supersedes #3028 2014-07-28 01:00:59 +03:00			`extraOptions =`
			`mkOption {`
nixos/docker: set extraOptions to separatedString type This change is needed if you want to pass extraOptions to docker in multiple nixos modules. 2015-04-25 15:25:15 +02:00			`type = types.separatedString " ";`
Upgrade docker to 1.1.2 and add docker module This version of module has disabled socketActivation, because until nixos upgrade systemd to at least 214, systemd does not support SocketGroup. So socket is created with "root" group when socketActivation enabled. Should be fixed as soon as systemd upgraded. Includes changes from #3015 and supersedes #3028 2014-07-28 01:00:59 +03:00			`default = "";`
			`description =`
			`''`
			`The extra command-line options to pass to`
			`<command>docker</command> daemon.`
			`'';`
			`};`

docker: allow the user to override postStart My use-case: passing -H SOM.EIP.ADD.RES:PORT doesn't result in a .sock file so the service would never go up. 2015-07-20 14:28:49 +01:00			`postStart =`
			`mkOption {`
			`type = types.string;`
			`default = ''`
			`while ! [ -e /var/run/docker.sock ]; do`
			`sleep 0.1`
			`done`
			`'';`
			`description = ''`
			`The postStart phase of the systemd service. You may need to`
			`override this if you are passing in flags to docker which`
			`don't cause the socket file to be created.`
			`'';`
			`};`

Upgrade docker to 1.1.2 and add docker module This version of module has disabled socketActivation, because until nixos upgrade systemd to at least 214, systemd does not support SocketGroup. So socket is created with "root" group when socketActivation enabled. Should be fixed as soon as systemd upgraded. Includes changes from #3015 and supersedes #3028 2014-07-28 01:00:59 +03:00
			`};`

			`###### implementation`

			`config = mkIf cfg.enable (mkMerge [`
			`{ environment.systemPackages = [ pkgs.docker ];`
nixos: docker, create docker group 2014-09-03 21:22:20 +02:00			`users.extraGroups.docker.gid = config.ids.gids.docker;`
Upgrade docker to 1.1.2 and add docker module This version of module has disabled socketActivation, because until nixos upgrade systemd to at least 214, systemd does not support SocketGroup. So socket is created with "root" group when socketActivation enabled. Should be fixed as soon as systemd upgraded. Includes changes from #3015 and supersedes #3028 2014-07-28 01:00:59 +03:00			`}`
			`(mkIf cfg.socketActivation {`

			`systemd.services.docker = {`
			`description = "Docker Application Container Engine";`
			`after = [ "network.target" "docker.socket" ];`
			`requires = [ "docker.socket" ];`
			`serviceConfig = {`
docker: Minor improvements, fix failing test - Replace usage of deprecated CLI flag `--daemon` - Introduce `storageDriver` option for module - Fix failing test by using `overlay` storage driver 2015-09-04 00:18:19 +01:00			`ExecStart = "${pkgs.docker}/bin/docker daemon --host=fd:// --group=docker --storage-driver=${cfg.storageDriver} ${cfg.extraOptions}";`
Upgrade docker to 1.1.2 and add docker module This version of module has disabled socketActivation, because until nixos upgrade systemd to at least 214, systemd does not support SocketGroup. So socket is created with "root" group when socketActivation enabled. Should be fixed as soon as systemd upgraded. Includes changes from #3015 and supersedes #3028 2014-07-28 01:00:59 +03:00			`# I'm not sure if that limits aren't too high, but it's what`
			`# goes in config bundled with docker itself`
			`LimitNOFILE = 1048576;`
			`LimitNPROC = 1048576;`
docker: propagate nix.proxy into daemon environment 2014-11-07 13:46:36 +02:00			`} // proxy_env;`
Upgrade docker to 1.1.2 and add docker module This version of module has disabled socketActivation, because until nixos upgrade systemd to at least 214, systemd does not support SocketGroup. So socket is created with "root" group when socketActivation enabled. Should be fixed as soon as systemd upgraded. Includes changes from #3015 and supersedes #3028 2014-07-28 01:00:59 +03:00			`};`

			`systemd.sockets.docker = {`
			`description = "Docker Socket for the API";`
			`wantedBy = [ "sockets.target" ];`
			`socketConfig = {`
			`ListenStream = "/var/run/docker.sock";`
			`SocketMode = "0660";`
			`SocketUser = "root";`
			`SocketGroup = "docker";`
			`};`
			`};`
			`})`
			`(mkIf (!cfg.socketActivation) {`

			`systemd.services.docker = {`
			`description = "Docker Application Container Engine";`
			`wantedBy = [ "multi-user.target" ];`
			`after = [ "network.target" ];`
			`serviceConfig = {`
docker: Minor improvements, fix failing test - Replace usage of deprecated CLI flag `--daemon` - Introduce `storageDriver` option for module - Fix failing test by using `overlay` storage driver 2015-09-04 00:18:19 +01:00			`ExecStart = "${pkgs.docker}/bin/docker daemon --group=docker --storage-driver=${cfg.storageDriver} ${cfg.extraOptions}";`
Upgrade docker to 1.1.2 and add docker module This version of module has disabled socketActivation, because until nixos upgrade systemd to at least 214, systemd does not support SocketGroup. So socket is created with "root" group when socketActivation enabled. Should be fixed as soon as systemd upgraded. Includes changes from #3015 and supersedes #3028 2014-07-28 01:00:59 +03:00			`# I'm not sure if that limits aren't too high, but it's what`
			`# goes in config bundled with docker itself`
			`LimitNOFILE = 1048576;`
			`LimitNPROC = 1048576;`
docker: propagate nix.proxy into daemon environment 2014-11-07 13:46:36 +02:00			`} // proxy_env;`
Upgrade docker to 1.1.2 and add docker module This version of module has disabled socketActivation, because until nixos upgrade systemd to at least 214, systemd does not support SocketGroup. So socket is created with "root" group when socketActivation enabled. Should be fixed as soon as systemd upgraded. Includes changes from #3015 and supersedes #3028 2014-07-28 01:00:59 +03:00
nixos docker: fix service and test 2015-07-05 13:57:10 +02:00			`path = [ pkgs.kmod ];`
			`environment.MODULE_DIR = "/run/current-system/kernel-modules/lib/modules";`

docker: allow the user to override postStart My use-case: passing -H SOM.EIP.ADD.RES:PORT doesn't result in a .sock file so the service would never go up. 2015-07-20 14:28:49 +01:00			`postStart = cfg.postStart;`
nixos: add kubernetes module 2014-11-23 01:27:04 +01:00
Upgrade docker to 1.1.2 and add docker module This version of module has disabled socketActivation, because until nixos upgrade systemd to at least 214, systemd does not support SocketGroup. So socket is created with "root" group when socketActivation enabled. Should be fixed as soon as systemd upgraded. Includes changes from #3015 and supersedes #3028 2014-07-28 01:00:59 +03:00			`# Presumably some containers are running we don't want to interrupt`
			`restartIfChanged = false;`
			`};`
			`})`
			`]);`

			`}`