Docker: Difference between revisions

(2 intermediate revisions by 2 users not shown)

Line 301:

allowedTCPPorts = [ 80 8000 53 5300 ];

allowedUDPPorts = [ 53 5300 ];

extraCommands = ''

iptables -A PREROUTING -t nat -i eth0 -p TCP --dport 80 -j REDIRECT --to-port 8000

iptables -A PREROUTING -t nat -i eth0 -p TCP --dport 53 -j REDIRECT --to-port 5300

iptables -A PREROUTING -t nat -i eth0 -p UDP --dport 53 -j REDIRECT --to-port 5300

'';

};

boot.kernel.sysctl = {

"net.ipv4.conf.eth0.forwarding" = 1; # enable port forwarding

};

~~networking = {~~

~~firewall.extraCommands = ''~~

~~iptables -A PREROUTING -t nat -i eth0 -p TCP --dport 80 -j REDIRECT --to-port 8000~~

~~iptables -A PREROUTING -t nat -i eth0 -p TCP --dport 53 -j REDIRECT --to-port 5300~~

~~iptables -A PREROUTING -t nat -i eth0 -p UDP --dport 53 -j REDIRECT --to-port 5300~~

~~'';~~

};</syntaxhighlight>Whilst the docker-compose.yaml might look like this:<syntaxhighlight lang="dockerfile">

services:

Line 389:

Line 386:

An alternative, if using [[flakes]], is to do <code>created = builtins.~~substring 0 8~~ self.~~lastModifiedDate~~</code>, which uses the commit date, and is therefore reproducible.

An alternative, if using [[flakes]], is to do <code>created = "@" + builtins.toString self.lastModified</code>, which uses the commit date, and is therefore reproducible.

</translate>

==== Calculating the sha256 for a pulled Docker image ====

</translate>

Line 724:

Line 722:

{{File|3={

virtualisation.docker.enable = true;

# virtualisation.docker.enable = true; # This option is deprecated, please set hardware.nvidia-container-toolkit.enable instead.

hardware.nvidia-container-toolkit.enable = true;

# Prevents: - Option enableNvidia on x86_64 requires 32-bit support libraries

# Regular Docker

virtualisation.docker.daemon.settings.features.cdi = true;

@@ Line 301: / Line 301: @@
    allowedTCPPorts = [ 80 8000 53 5300 ];
    allowedUDPPorts = [ 53 5300 ];
+  extraCommands = ''
+    iptables -A PREROUTING -t nat -i eth0 -p TCP --dport 80 -j REDIRECT --to-port 8000
+    iptables -A PREROUTING -t nat -i eth0 -p TCP --dport 53 -j REDIRECT --to-port 5300
+    iptables -A PREROUTING -t nat -i eth0 -p UDP --dport 53 -j REDIRECT --to-port 5300
+  '';
 };
 boot.kernel.sysctl = {
    "net.ipv4.conf.eth0.forwarding" = 1;    # enable port forwarding
-};
-networking = {
-  firewall.extraCommands = ''
-    iptables -A PREROUTING -t nat -i eth0 -p TCP --dport 80 -j REDIRECT --to-port 8000
-    iptables -A PREROUTING -t nat -i eth0 -p TCP --dport 53 -j REDIRECT --to-port 5300
-    iptables -A PREROUTING -t nat -i eth0 -p UDP --dport 53 -j REDIRECT --to-port 5300
-  '';
 };</syntaxhighlight>Whilst the docker-compose.yaml might look like this:<syntaxhighlight lang="dockerfile">
 services:
@@ Line 389: / Line 386: @@
 <translate>
 <!--T:48-->
-An alternative, if using [[flakes]], is to do <code>created = builtins.substring 0 8 self.lastModifiedDate</code>, which uses the commit date, and is therefore reproducible.
+An alternative, if using [[flakes]], is to do <code>created = "@" + builtins.toString self.lastModified</code>, which uses the commit date, and is therefore reproducible.
 </translate>
 <translate>
 ==== Calculating the sha256 for a pulled Docker image ==== <!--T:49-->
 </translate>
@@ Line 724: / Line 722: @@
 {{File|3={
-   virtualisation.docker.enable = true;
+   # virtualisation.docker.enable = true; # This option is deprecated, please set hardware.nvidia-container-toolkit.enable instead.
    hardware.nvidia-container-toolkit.enable = true;
+  # Prevents: - Option enableNvidia on x86_64 requires 32-bit support libraries
    # Regular Docker
    virtualisation.docker.daemon.settings.features.cdi = true;