Docker: Difference between revisions

← Older edit

Docker (view source)

Revision as of 14:28, 18 June 2024

1,698 bytes added , 18 June

→‎Using Nix in containers: - NixOS in containers using Arion

VisualWikitext

Kiara

5

edits

@@ Line 1: / Line 1: @@
 [https://docker.com Docker] is a utility to pack, ship and run any application as a lightweight container.
+= Docker on NixOS =
 == Installation ==
@@ Line 16: / Line 18: @@
 users.users.<myuser>.extraGroups = [ "docker" ];
 </syntaxHighlight>
-{{Warning|Beware that the docker group membership is effectively [https://github.com/moby/moby/issues/9976 equivalent to being root]!}}
+If you prefer, you could achieve the same with this:
+<syntaxHighlight lang=nix>
+users.extraGroups.docker.members = [ "username-with-access-to-socket" ];
+</syntaxHighlight>
+If you're still unable to get access to the socket, you might have to re-login or reboot.
+{{Warning|Beware that the docker group membership is effectively [https://github.com/moby/moby/issues/9976 equivalent to being root]! <br> Consider using rootless mode below.}}
 Note: If you use the [[btrfs]] filesystem, you might need to set the storageDriver option:
 <syntaxHighlight lang=nix>
-virtualisation.docker.storageDriver = "btrfs"
+virtualisation.docker.storageDriver = "btrfs";
 </syntaxHighlight>
@@ Line 36: / Line 45: @@
 The <code>setSocketVariable</code> option sets the <code>DOCKER_HOST</code> variable to the rootless Docker instance for normal users by default.
+=== Changing Docker Daemon's Data Root ===
+By default, the Docker daemon will store images, containers, and build context on the root filesystem.
+If you want to change the location that Docker stores its data, you can configure a new <code>data-root</code> for the daemon by setting the <code>data-root</code> property of the [https://search.nixos.org/options?show=virtualisation.docker.daemon.settings&from=0&size=50&sort=alpha_asc&type=packages&query=virtualisation.docker <code>virtualisation.docker.daemon.settings</code>].
+<syntaxHighlight lang=nix>
+virtualisation.docker.daemon.settings = {
+  data-root = "/some-place/to-store-the-docker-data";
+};
+</syntaxHighlight>
+== Docker Containers as systemd Services ==
+To make sure some docker containers are running as systemd services, you can use 'oci-containers':
+<syntaxHighlight lang=nix>
+virtualisation.oci-containers = {
+  backend = "docker";
+  containers = {
+    foo = {
+      # ...
+    };
+  };
+};
+</syntaxHighlight>
+See https://mynixos.com/options/virtualisation.oci-containers.containers.%3Cname%3E for further options
+=  Creating images =
 == Building a docker image with nixpkgs ==
@@ Line 75: / Line 114: @@
 More examples can be found in the [https://github.com/NixOS/nixpkgs/blob/master/pkgs/build-support/docker/examples.nix nixpkgs] repo.
-Also check out the excellent article by [http://lethalman.blogspot.de/2016/04/cheap-docker-images-with-nix_15.html lethalman] about building minimal docker images with nix.
+Also check out the excellent article by [https://lucabrunox.github.io/2016/04/cheap-docker-images-with-nix_15.html lethalman] about building minimal docker images with nix.
 === Reproducible image dates ===
@@ Line 109: / Line 148: @@
 x00ks05cz89k3wc460i03iyyjr7wlr28krk7znavfy2qx5a0hfd
 </syntaxHighlight>
+=== Directly Using Nix in Image Layers ===
+Instead of copying Nix packages into Docker image layers, Docker can be configured to directly utilize the <code>nix-store</code> by integrating with [https://github.com/pdtpartners/nix-snapshotter nix-snapshotter].
+This will significantly reduce data duplication and the time it takes to pull images.
 == Docker Compose with Nix ==
@@ Line 131: / Line 176: @@
    backend = "docker";
    projects = {
-     "db" = settings.services."db".service = {
+     "db".settings.services."db".service = {
        image = "";
        restart = "unless-stopped";
@@ Line 140: / Line 185: @@
 </syntaxHighlight>
-== Using Nix in containers ==
+= Using Nix in containers =
 While [https://nixos.org/manual/nixpkgs/stable/#sec-pkgs-dockerTools dockerTools] allows to build lightweight containers, it requires <code>nix</code> to be installed on the host system. An alternative are docker images with nix preinstalled:
@@ Line 146: / Line 191: @@
 * [https://hub.docker.com/r/nixos/nix/tags nixos/nix] (official)
 * [https://hub.docker.com/r/nixpkgs/nix nixpkgs/nix] (built from https://github.com/nix-community/docker-nixpkgs)
+NixOS can be run in containers [https://docs.hercules-ci.com/arion/#_nixos_run_full_os using Arion].
-== See also ==
+= See also =
 [[Workgroup:Container]]
-As of 22.05 [https://search.nixos.org/options?query=virtualisation.docker.rootless rootless] docker is available. Alternatively you can use [https://nixos.wiki/wiki/Podman Podman].
+Alternatively you can use [[Podman | podman]].
 [[Category:Cookbook]]
-[[Category:NixOS]]
+[[Category:Software]]
-[[Category:nixpkgs]]
+[[Category:Server]]
-[[Category:incomplete]]
+[[Category:Container]]
-[[Category:Applications]]
-[[Category:Docker]]