···
<command>docker</command> command line tool.
34
+
type = types.listOf types.str;
35
+
default = ["/var/run/docker.sock"];
38
+
A list of unix and tcp docker should listen to. The format follows
39
+
ListenStream as described in systemd.socket(5).
49
+
When enabled dockerd is started on boot. This is required for
50
+
container, which are created with the
51
+
<literal>--restart=always</literal> flag, to work. If this option is
52
+
disabled, docker might be started on demand by socket activation.
37
-
This option enables docker with socket activation. I.e. docker will
38
-
start when first called by client.
62
+
Allow dockerd to be restarted without affecting running container.
63
+
This option is incompatible with docker swarm.
type = types.nullOr (types.enum ["aufs" "btrfs" "devicemapper" "overlay" "overlay2" "zfs"]);
···
<command>docker</command> daemon.
77
-
while ! [ -e /var/run/docker.sock ]; do
82
-
The postStart phase of the systemd service. You may need to
83
-
override this if you are passing in flags to docker which
84
-
don't cause the socket file to be created. This option is ignored
85
-
if socket activation is used.
···
config = mkIf cfg.enable (mkMerge [
{ environment.systemPackages = [ pkgs.docker ];
users.extraGroups.docker.gid = config.ids.gids.docker;
105
+
# this unit follows the one provided by upstream see: https://github.com/docker/docker/blob/master/contrib/init/systemd/docker.service
106
+
# comments below reflect experience from upstream.
systemd.services.docker = {
description = "Docker Application Container Engine";
99
-
wantedBy = optional (!cfg.socketActivation) "multi-user.target";
100
-
after = [ "network.target" ] ++ (optional cfg.socketActivation "docker.socket") ;
101
-
requires = optional cfg.socketActivation "docker.socket";
109
+
wantedBy = optional cfg.enableOnBoot "multi-user.target";
110
+
after = [ "network.target" "docker.socket" ];
111
+
requires = ["docker.socket"];
113
+
# the default is not to use systemd for cgroups because the delegate issues still
114
+
# exists and systemd currently does not support the cgroup feature set required
115
+
# for containers run by docker
ExecStart = ''${pkgs.docker}/bin/dockerd \
104
-
--group=docker --log-driver=${cfg.logDriver} \
119
+
--log-driver=${cfg.logDriver} \
${optionalString (cfg.storageDriver != null) "--storage-driver=${cfg.storageDriver}"} \
106
-
${optionalString cfg.socketActivation "--host=fd://"} \
121
+
${optionalString cfg.liveRestore "--live-restore" } \
109
-
# I'm not sure if that limits aren't too high, but it's what
110
-
# goes in config bundled with docker itself
125
+
ExecReload="${pkgs.procps}/bin/kill -s HUP $MAINPID";
112
-
LimitNPROC = 1048576;
127
+
# Having non-zero Limit*s causes performance problems due to accounting overhead
128
+
# in the kernel. We recommend using cgroups to do container-local accounting.
129
+
LimitNPROC="infinity";
130
+
LimitCORE="infinity";
131
+
TasksMax="infinity";
133
+
# set delegate yes so that systemd does not reset the cgroups of docker containers
135
+
# kill only the docker process, not all processes in the cgroup
136
+
KillMode="process";
path = [ pkgs.kmod ] ++ (optional (cfg.storageDriver == "zfs") pkgs.zfs);
117
-
postStart = if cfg.socketActivation then "" else cfg.postStart;
119
-
# Presumably some containers are running we don't want to interrupt
120
-
restartIfChanged = false;
123
-
(mkIf cfg.socketActivation {
systemd.sockets.docker = {
description = "Docker Socket for the API";
wantedBy = [ "sockets.target" ];
128
-
ListenStream = "/var/run/docker.sock";
145
+
ListenStream = cfg.listenOptions;
pyrox.dev