Docker: Difference between revisions
→Exposing sockets from the host: note exposing the socket folder may break |
m Modify the flake reproducible image dates section to use a snippet which doesn't exclude the the time of the commit. The original snippet intentionally cut the time so the `date` command would accept the input of `self.lastModifiedDate`. By using `self.lastModified` (seconds since epoch of commit) and prepending "@", the date command can interpret the full datetime and embed it into the resulting image. |
||
| (4 intermediate revisions by 3 users not shown) | |||
| Line 294: | Line 294: | ||
=== Using Privileged Ports for Rootless Docker === | === Using Privileged Ports for Rootless Docker === | ||
Rootless containers are not able to ports from 0 to 1023 as such port can only be used by privileged users. This problem can be solved by using port forwarding. | Rootless containers are not able to bind ports from 0 to 1023 as such port can only be used by privileged users. This problem can be solved by using port forwarding. | ||
Assume you'd like a rootless container to make use of ports 53 (DNS; TPC and UDP) and 80 (web; TCP). We may force the container to use port 8000 while the firewall is instructed for forward traffic from port 80 to 8000. Same logic applies for port 53. Refer to the following example:<syntaxhighlight lang="nixos"># Firewall | Assume you'd like a rootless container to make use of ports 53 (DNS; TPC and UDP) and 80 (web; TCP). We may force the container to use port 8000 while the firewall is instructed for forward traffic from port 80 to 8000. Same logic applies for port 53. Refer to the following example:<syntaxhighlight lang="nixos"># Firewall | ||
| Line 389: | Line 389: | ||
<translate> | <translate> | ||
<!--T:48--> | <!--T:48--> | ||
An alternative, if using [[flakes]], is to do <code>created = builtins. | An alternative, if using [[flakes]], is to do <code>created = "@" + builtins.toString self.lastModified</code>, which uses the commit date, and is therefore reproducible. | ||
</translate> | </translate> | ||
<translate> | <translate> | ||
==== Calculating the sha256 for a pulled Docker image ==== <!--T:49--> | ==== Calculating the sha256 for a pulled Docker image ==== <!--T:49--> | ||
</translate> | </translate> | ||
| Line 719: | Line 720: | ||
Restarting the container or Docker might be required. | Restarting the container or Docker might be required. | ||
</translate> | </translate> | ||
=== NVIDIA Docker Containers === | |||
If attempting to pass your nvidia gpu through to docker container(s), you will need to install <code>nvidia-container-toolkit</code> and enable cdi. | |||
{{File|3={ | |||
virtualisation.docker.enable = true; | |||
hardware.nvidia-container-toolkit.enable = true; | |||
# Regular Docker | |||
virtualisation.docker.daemon.settings.features.cdi = true; | |||
# If using Rootless Docker | |||
# virtualisation.docker.rootless.daemon.settings.features.cdi = true; | |||
}|name=configuration.nix|lang=nix}} | |||
You may also need to adjust your docker compose file to use cdi instead of the nvidia driver. | |||
{{File|3=services: | |||
ollama: | |||
image: ollama/ollama | |||
volumes: | |||
- ollama:/root/.ollama | |||
ports: | |||
- 11434:11434 | |||
deploy: | |||
resources: | |||
reservations: | |||
devices: | |||
# Go from this: | |||
# - driver: nvidia | |||
# count: all | |||
# capabilities: [gpu] | |||
# To this: | |||
- driver: cdi | |||
capabilities: [gpu] | |||
device_ids: | |||
- nvidia.com/gpu=all | |||
volumes: | |||
ollama: {}|name=compose.yml|lang=yaml}} | |||
<translate> | <translate> | ||
| Line 726: | Line 765: | ||
<references/> | <references/> | ||
== See also == | |||
*[https://nixcademy.com/posts/auto-update-containers/ Run and Auto-Update Docker Containers on NixOS, Nixcademy] | |||
[[Category:Applications]] | [[Category:Applications]] | ||