Docker: Difference between revisions
→Using Nix in containers: - NixOS in containers using Arion
imported>Kadimisetty m (→Installation) |
(→Using Nix in containers: - NixOS in containers using Arion) |
||
(14 intermediate revisions by 11 users not shown) | |||
Line 1: | Line 1: | ||
[https://docker.com Docker] is a utility to pack, ship and run any application as a lightweight container. | [https://docker.com Docker] is a utility to pack, ship and run any application as a lightweight container. | ||
= Docker on NixOS = | |||
== Installation == | == Installation == | ||
Line 22: | Line 24: | ||
</syntaxHighlight> | </syntaxHighlight> | ||
If you're still unable to get access to the socket, you might have to re-login. | If you're still unable to get access to the socket, you might have to re-login or reboot. | ||
{{Warning|Beware that the docker group membership is effectively [https://github.com/moby/moby/issues/9976 equivalent to being root]!}} | {{Warning|Beware that the docker group membership is effectively [https://github.com/moby/moby/issues/9976 equivalent to being root]! <br> Consider using rootless mode below.}} | ||
Note: If you use the [[btrfs]] filesystem, you might need to set the storageDriver option: | Note: If you use the [[btrfs]] filesystem, you might need to set the storageDriver option: | ||
<syntaxHighlight lang=nix> | <syntaxHighlight lang=nix> | ||
virtualisation.docker.storageDriver = "btrfs" | virtualisation.docker.storageDriver = "btrfs"; | ||
</syntaxHighlight> | </syntaxHighlight> | ||
Line 43: | Line 45: | ||
The <code>setSocketVariable</code> option sets the <code>DOCKER_HOST</code> variable to the rootless Docker instance for normal users by default. | The <code>setSocketVariable</code> option sets the <code>DOCKER_HOST</code> variable to the rootless Docker instance for normal users by default. | ||
=== Changing Docker Daemon's Data Root === | |||
By default, the Docker daemon will store images, containers, and build context on the root filesystem. | |||
If you want to change the location that Docker stores its data, you can configure a new <code>data-root</code> for the daemon by setting the <code>data-root</code> property of the [https://search.nixos.org/options?show=virtualisation.docker.daemon.settings&from=0&size=50&sort=alpha_asc&type=packages&query=virtualisation.docker <code>virtualisation.docker.daemon.settings</code>]. | |||
<syntaxHighlight lang=nix> | |||
virtualisation.docker.daemon.settings = { | |||
data-root = "/some-place/to-store-the-docker-data"; | |||
}; | |||
</syntaxHighlight> | |||
== Docker Containers as systemd Services == | |||
To make sure some docker containers are running as systemd services, you can use 'oci-containers': | |||
<syntaxHighlight lang=nix> | |||
virtualisation.oci-containers = { | |||
backend = "docker"; | |||
containers = { | |||
foo = { | |||
# ... | |||
}; | |||
}; | |||
}; | |||
</syntaxHighlight> | |||
See https://mynixos.com/options/virtualisation.oci-containers.containers.%3Cname%3E for further options | |||
= Creating images = | |||
== Building a docker image with nixpkgs == | == Building a docker image with nixpkgs == | ||
Line 82: | Line 114: | ||
More examples can be found in the [https://github.com/NixOS/nixpkgs/blob/master/pkgs/build-support/docker/examples.nix nixpkgs] repo. | More examples can be found in the [https://github.com/NixOS/nixpkgs/blob/master/pkgs/build-support/docker/examples.nix nixpkgs] repo. | ||
Also check out the excellent article by [ | Also check out the excellent article by [https://lucabrunox.github.io/2016/04/cheap-docker-images-with-nix_15.html lethalman] about building minimal docker images with nix. | ||
=== Reproducible image dates === | === Reproducible image dates === | ||
Line 116: | Line 148: | ||
1x00ks05cz89k3wc460i03iyyjr7wlr28krk7znavfy2qx5a0hfd | 1x00ks05cz89k3wc460i03iyyjr7wlr28krk7znavfy2qx5a0hfd | ||
</syntaxHighlight> | </syntaxHighlight> | ||
=== Directly Using Nix in Image Layers === | |||
Instead of copying Nix packages into Docker image layers, Docker can be configured to directly utilize the <code>nix-store</code> by integrating with [https://github.com/pdtpartners/nix-snapshotter nix-snapshotter]. | |||
This will significantly reduce data duplication and the time it takes to pull images. | |||
== Docker Compose with Nix == | == Docker Compose with Nix == | ||
Line 138: | Line 176: | ||
backend = "docker"; | backend = "docker"; | ||
projects = { | projects = { | ||
"db" | "db".settings.services."db".service = { | ||
image = ""; | image = ""; | ||
restart = "unless-stopped"; | restart = "unless-stopped"; | ||
Line 147: | Line 185: | ||
</syntaxHighlight> | </syntaxHighlight> | ||
= Using Nix in containers = | |||
While [https://nixos.org/manual/nixpkgs/stable/#sec-pkgs-dockerTools dockerTools] allows to build lightweight containers, it requires <code>nix</code> to be installed on the host system. An alternative are docker images with nix preinstalled: | While [https://nixos.org/manual/nixpkgs/stable/#sec-pkgs-dockerTools dockerTools] allows to build lightweight containers, it requires <code>nix</code> to be installed on the host system. An alternative are docker images with nix preinstalled: | ||
Line 153: | Line 191: | ||
* [https://hub.docker.com/r/nixos/nix/tags nixos/nix] (official) | * [https://hub.docker.com/r/nixos/nix/tags nixos/nix] (official) | ||
* [https://hub.docker.com/r/nixpkgs/nix nixpkgs/nix] (built from https://github.com/nix-community/docker-nixpkgs) | * [https://hub.docker.com/r/nixpkgs/nix nixpkgs/nix] (built from https://github.com/nix-community/docker-nixpkgs) | ||
NixOS can be run in containers [https://docs.hercules-ci.com/arion/#_nixos_run_full_os using Arion]. | |||
= See also = | |||
[[Workgroup:Container]] | [[Workgroup:Container]] | ||
Alternatively you can use [[Podman | podman]]. | |||
[[Category:Cookbook]] | [[Category:Cookbook]] | ||
[[Category: | [[Category:Software]] | ||
[[Category: | [[Category:Server]] | ||
[[Category: | [[Category:Container]] | ||