docker: use upstream service file from package

This commit is contained in:
Jörg Thalheim 2016-12-24 01:44:10 +01:00
parent f4e58c2eb2
commit 585c642bf8
No known key found for this signature in database
GPG Key ID: CA4106B8D7CC79FA
1 changed files with 20 additions and 41 deletions

View File

@ -99,55 +99,34 @@ in
###### implementation
config = mkIf cfg.enable (mkMerge [
{ environment.systemPackages = [ pkgs.docker ];
config = mkIf cfg.enable (mkMerge [{
environment.systemPackages = [ pkgs.docker ];
users.extraGroups.docker.gid = config.ids.gids.docker;
# this unit follows the one provided by upstream see: https://github.com/docker/docker/blob/master/contrib/init/systemd/docker.service
# comments below reflect experience from upstream.
systemd.packages = [ pkgs.docker ];
systemd.services.docker = {
description = "Docker Application Container Engine";
wantedBy = optional cfg.enableOnBoot "multi-user.target";
after = [ "network.target" "docker.socket" ];
requires = ["docker.socket"];
serviceConfig = {
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
ExecStart = ''${pkgs.docker}/bin/dockerd \
--group=docker \
--host=fd:// \
--log-driver=${cfg.logDriver} \
${optionalString (cfg.storageDriver != null) "--storage-driver=${cfg.storageDriver}"} \
${optionalString cfg.liveRestore "--live-restore" } \
${cfg.extraOptions}
'';
Type="notify";
ExecReload="${pkgs.procps}/bin/kill -s HUP $MAINPID";
LimitNOFILE = 1048576;
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNPROC="infinity";
LimitCORE="infinity";
TasksMax="infinity";
TimeoutStartSec=0;
# set delegate yes so that systemd does not reset the cgroups of docker containers
Delegate="yes";
# kill only the docker process, not all processes in the cgroup
KillMode="process";
ExecStart = [
""
''
${pkgs.docker}/bin/dockerd \
--group=docker \
--host=fd:// \
--log-driver=${cfg.logDriver} \
${optionalString (cfg.storageDriver != null) "--storage-driver=${cfg.storageDriver}"} \
${optionalString cfg.liveRestore "--live-restore" } \
${cfg.extraOptions}
''];
ExecReload=[
""
"${pkgs.procps}/bin/kill -s HUP $MAINPID"
];
} // proxy_env;
path = [ pkgs.kmod ] ++ (optional (cfg.storageDriver == "zfs") pkgs.zfs);
};
systemd.sockets.docker = {
description = "Docker Socket for the API";
wantedBy = [ "sockets.target" ];
socketConfig = {
ListenStream = cfg.listenOptions;
SocketMode = "0660";
SocketUser = "root";
SocketGroup = "docker";
};
};
systemd.sockets.docker.socketConfig.ListenStream = cfg.listenOptions;
}
]);