Docker: Difference between revisions
→Using Nix in containers: - NixOS in containers using Arion
imported>Raboof (→docker containers as systemd services: fix syntax, link to further docs) |
(→Using Nix in containers: - NixOS in containers using Arion) |
||
(11 intermediate revisions by 10 users not shown) | |||
Line 24: | Line 24: | ||
</syntaxHighlight> | </syntaxHighlight> | ||
If you're still unable to get access to the socket, you might have to re-login. | If you're still unable to get access to the socket, you might have to re-login or reboot. | ||
{{Warning|Beware that the docker group membership is effectively [https://github.com/moby/moby/issues/9976 equivalent to being root]!}} | {{Warning|Beware that the docker group membership is effectively [https://github.com/moby/moby/issues/9976 equivalent to being root]! <br> Consider using rootless mode below.}} | ||
Note: If you use the [[btrfs]] filesystem, you might need to set the storageDriver option: | Note: If you use the [[btrfs]] filesystem, you might need to set the storageDriver option: | ||
<syntaxHighlight lang=nix> | <syntaxHighlight lang=nix> | ||
virtualisation.docker.storageDriver = "btrfs" | virtualisation.docker.storageDriver = "btrfs"; | ||
</syntaxHighlight> | </syntaxHighlight> | ||
Line 46: | Line 46: | ||
The <code>setSocketVariable</code> option sets the <code>DOCKER_HOST</code> variable to the rootless Docker instance for normal users by default. | The <code>setSocketVariable</code> option sets the <code>DOCKER_HOST</code> variable to the rootless Docker instance for normal users by default. | ||
== docker | === Changing Docker Daemon's Data Root === | ||
By default, the Docker daemon will store images, containers, and build context on the root filesystem. | |||
If you want to change the location that Docker stores its data, you can configure a new <code>data-root</code> for the daemon by setting the <code>data-root</code> property of the [https://search.nixos.org/options?show=virtualisation.docker.daemon.settings&from=0&size=50&sort=alpha_asc&type=packages&query=virtualisation.docker <code>virtualisation.docker.daemon.settings</code>]. | |||
<syntaxHighlight lang=nix> | |||
virtualisation.docker.daemon.settings = { | |||
data-root = "/some-place/to-store-the-docker-data"; | |||
}; | |||
</syntaxHighlight> | |||
== Docker Containers as systemd Services == | |||
To make sure some docker containers are running as systemd services, you can use 'oci-containers': | To make sure some docker containers are running as systemd services, you can use 'oci-containers': | ||
<syntaxHighlight lang=nix> | <syntaxHighlight lang=nix> | ||
virtualisation.oci-containers | virtualisation.oci-containers = { | ||
backend = "docker"; | |||
containers = { | |||
foo = { | |||
# ... | # ... | ||
}; | |||
}; | |||
}; | }; | ||
</syntaxHighlight> | </syntaxHighlight> | ||
Line 100: | Line 114: | ||
More examples can be found in the [https://github.com/NixOS/nixpkgs/blob/master/pkgs/build-support/docker/examples.nix nixpkgs] repo. | More examples can be found in the [https://github.com/NixOS/nixpkgs/blob/master/pkgs/build-support/docker/examples.nix nixpkgs] repo. | ||
Also check out the excellent article by [ | Also check out the excellent article by [https://lucabrunox.github.io/2016/04/cheap-docker-images-with-nix_15.html lethalman] about building minimal docker images with nix. | ||
=== Reproducible image dates === | === Reproducible image dates === | ||
Line 134: | Line 148: | ||
1x00ks05cz89k3wc460i03iyyjr7wlr28krk7znavfy2qx5a0hfd | 1x00ks05cz89k3wc460i03iyyjr7wlr28krk7znavfy2qx5a0hfd | ||
</syntaxHighlight> | </syntaxHighlight> | ||
=== Directly Using Nix in Image Layers === | |||
Instead of copying Nix packages into Docker image layers, Docker can be configured to directly utilize the <code>nix-store</code> by integrating with [https://github.com/pdtpartners/nix-snapshotter nix-snapshotter]. | |||
This will significantly reduce data duplication and the time it takes to pull images. | |||
== Docker Compose with Nix == | == Docker Compose with Nix == | ||
Line 156: | Line 176: | ||
backend = "docker"; | backend = "docker"; | ||
projects = { | projects = { | ||
"db" | "db".settings.services."db".service = { | ||
image = ""; | image = ""; | ||
restart = "unless-stopped"; | restart = "unless-stopped"; | ||
Line 171: | Line 191: | ||
* [https://hub.docker.com/r/nixos/nix/tags nixos/nix] (official) | * [https://hub.docker.com/r/nixos/nix/tags nixos/nix] (official) | ||
* [https://hub.docker.com/r/nixpkgs/nix nixpkgs/nix] (built from https://github.com/nix-community/docker-nixpkgs) | * [https://hub.docker.com/r/nixpkgs/nix nixpkgs/nix] (built from https://github.com/nix-community/docker-nixpkgs) | ||
NixOS can be run in containers [https://docs.hercules-ci.com/arion/#_nixos_run_full_os using Arion]. | |||
= See also = | = See also = | ||
Line 176: | Line 197: | ||
[[Workgroup:Container]] | [[Workgroup:Container]] | ||
Alternatively you can use [ | Alternatively you can use [[Podman | podman]]. | ||
[[Category:Cookbook]] | [[Category:Cookbook]] | ||
[[Category: | [[Category:Software]] | ||
[[Category: | [[Category:Server]] | ||
[[Category: | [[Category:Container]] | ||