Jump to content
Main menu
Main menu
move to sidebar
hide
Navigation
Home
Ecosystem
Overview
NixOS
Package Manager
Nix Language
Nixpkgs
Hydra
Applications
Topics
Software
Hardware
Desktop
Server
Community
Learn NixOS
Overview
Guides
Tutorials
References
Cookbooks
Wiki
Contribute
Manual of Style
Recent changes
Random page
NixOS Wiki
Search
Search
English
Appearance
Create account
Log in
Personal tools
Create account
Log in
Export translations
Translate
English
Language statistics
Message group statistics
Export
Tools
Tools
move to sidebar
hide
Actions
Language statistics
Message group statistics
Export
General
Special pages
Printable version
Appearance
move to sidebar
hide
Settings
Group
Accelerated Video Playback
Appimage
Applications
Category:Community
Category:Desktop environment
Category:Hardware
Category:Server
Category:Software
Creating a NixOS live CD
Disko
Doas
Docker
FAQ
Firefox
Flakes
Hardware/System76/galp5
Honk
Hugo
Hydra
Install NixOS on Amazon EC2
Kitty
Konqueror
MediaWiki:Sidebar
Mihomo
Neovim
Nitrokey
Nix (language)
Nix (package manager)
Nix ecosystem
NixOS
NixOS as a desktop
NixOS Installation Guide
NixOS on ARM
NixOS on ARM/UEFI
NixOS Wiki
NixOS Wiki/documentation topics
NixOS Wiki/get in touch
NixOS Wiki/getting started
NixOS Wiki/setting up
NixOS Wiki/special pages
NixOS Wiki/welcome
NixOS Wiki:News
Nixpkgs
Packaging/Icons
Plymouth
Secure Boot
Smartmontools
Starship
Steam
Sudo
Systemd/Hardening
Systemd/logind
Systemd/timers
Systemd/User Services
Terms and Definitions in Nix Project
Vim
VR
Language
aa - Qafár af
aae - Arbërisht
ab - аԥсшәа
abs - bahasa ambon
ace - Acèh
acf - Kwéyòl Sent Lisi
acm - عراقي
ady - адыгабзэ
ady-cyrl - адыгабзэ
aeb - تونسي / Tûnsî
aeb-arab - تونسي
aeb-latn - Tûnsî
af - Afrikaans
aln - Gegë
alt - алтай тил
am - አማርኛ
ami - Pangcah
an - aragonés
ang - Ænglisc
ann - Obolo
anp - अंगिका
apc - شامي
ar - العربية
arc - ܐܪܡܝܐ
arn - mapudungun
arq - جازايرية
ary - الدارجة
arz - مصرى
as - অসমীয়া
ase - American sign language
ast - asturianu
atj - Atikamekw
av - авар
avk - Kotava
awa - अवधी
ay - Aymar aru
az - azərbaycanca
azb - تۆرکجه
ba - башҡортса
ban - Basa Bali
ban-bali - ᬩᬲᬩᬮᬶ
bar - Boarisch
bbc - Batak Toba
bbc-latn - Batak Toba
bcc - جهلسری بلوچی
bci - wawle
bcl - Bikol Central
bdr - Bajau Sama
be - беларуская
be-tarask - беларуская (тарашкевіца)
bew - Betawi
bg - български
bgc - हरियाणवी
bgn - روچ کپتین بلوچی
bh - भोजपुरी
bho - भोजपुरी
bi - Bislama
bjn - Banjar
blk - ပအိုဝ်ႏဘာႏသာႏ
bm - bamanankan
bn - বাংলা
bo - བོད་ཡིག
bpy - বিষ্ণুপ্রিয়া মণিপুরী
bqi - بختیاری
br - brezhoneg
brh - Bráhuí
bs - bosanski
btm - Batak Mandailing
bto - Iriga Bicolano
bug - Basa Ugi
bxr - буряад
ca - català
cbk-zam - Chavacano de Zamboanga
ccp - 𑄌𑄋𑄴𑄟𑄳𑄦
cdo - 閩東語 / Mìng-dĕ̤ng-ngṳ̄
ce - нохчийн
ceb - Cebuano
ch - Chamoru
chn - chinuk wawa
cho - Chahta anumpa
chr - ᏣᎳᎩ
chy - Tsetsêhestâhese
ckb - کوردی
co - corsu
cps - Capiceño
cpx - 莆仙語 / Pó-sing-gṳ̂
cpx-hans - 莆仙语(简体)
cpx-hant - 莆仙語(繁體)
cpx-latn - Pó-sing-gṳ̂ (Báⁿ-uā-ci̍)
cr - Nēhiyawēwin / ᓀᐦᐃᔭᐍᐏᐣ
crh - qırımtatarca
crh-cyrl - къырымтатарджа (Кирилл)
crh-latn - qırımtatarca (Latin)
crh-ro - tatarşa
cs - čeština
csb - kaszëbsczi
cu - словѣньскъ / ⰔⰎⰑⰂⰡⰐⰠⰔⰍⰟ
cv - чӑвашла
cy - Cymraeg
da - dansk
dag - dagbanli
de - Deutsch
de-at - Österreichisches Deutsch
de-ch - Schweizer Hochdeutsch
de-formal - Deutsch (Sie-Form)
dga - Dagaare
din - Thuɔŋjäŋ
diq - Zazaki
dsb - dolnoserbski
dtp - Kadazandusun
dty - डोटेली
dua - Duálá
dv - ދިވެހިބަސް
dz - ཇོང་ཁ
ee - eʋegbe
efi - Efịk
egl - Emiliàn
el - Ελληνικά
eml - emiliàn e rumagnòl
en - English
en-ca - Canadian English
en-gb - British English
eo - Esperanto
es - español
es-419 - español de América Latina
es-formal - español (formal)
et - eesti
eu - euskara
ext - estremeñu
fa - فارسی
fat - mfantse
ff - Fulfulde
fi - suomi
fit - meänkieli
fj - Na Vosa Vakaviti
fo - føroyskt
fon - fɔ̀ngbè
fr - français
frc - français cadien
frp - arpetan
frr - Nordfriisk
fur - furlan
fy - Frysk
ga - Gaeilge
gaa - Ga
gag - Gagauz
gan - 贛語
gan-hans - 赣语(简体)
gan-hant - 贛語(繁體)
gcf - kréyòl Gwadloup
gcr - kriyòl gwiyannen
gd - Gàidhlig
gl - galego
gld - на̄ни
glk - گیلکی
gn - Avañe'ẽ
gom - गोंयची कोंकणी / Gõychi Konknni
gom-deva - गोंयची कोंकणी
gom-latn - Gõychi Konknni
gor - Bahasa Hulontalo
got - 𐌲𐌿𐍄𐌹𐍃𐌺
gpe - Ghanaian Pidgin
grc - Ἀρχαία ἑλληνικὴ
gsw - Alemannisch
gu - ગુજરાતી
guc - wayuunaiki
gur - farefare
guw - gungbe
gv - Gaelg
ha - Hausa
hak - 客家語 / Hak-kâ-ngî
hak-hans - 客家语(简体)
hak-hant - 客家語(繁體)
hak-latn - Hak-kâ-ngî (Pha̍k-fa-sṳ)
haw - Hawaiʻi
he - עברית
hi - हिन्दी
hif - Fiji Hindi
hif-latn - Fiji Hindi
hil - Ilonggo
hno - ہندکو
ho - Hiri Motu
hr - hrvatski
hrx - Hunsrik
hsb - hornjoserbsce
hsn - 湘語
ht - Kreyòl ayisyen
hu - magyar
hu-formal - magyar (formal)
hy - հայերեն
hyw - Արեւմտահայերէն
hz - Otsiherero
ia - interlingua
iba - Jaku Iban
ibb - ibibio
id - Bahasa Indonesia
ie - Interlingue
ig - Igbo
igl - Igala
ii - ꆇꉙ
ik - Iñupiatun
ike-cans - ᐃᓄᒃᑎᑐᑦ
ike-latn - inuktitut
ilo - Ilokano
inh - гӀалгӀай
io - Ido
is - íslenska
isv-cyrl - меджусловјанскы
isv-latn - medžuslovjansky
it - italiano
iu - ᐃᓄᒃᑎᑐᑦ / inuktitut
ja - 日本語
jam - Patois
jbo - la .lojban.
jut - jysk
jv - Jawa
ka - ქართული
kaa - Qaraqalpaqsha
kab - Taqbaylit
kai - Karai-karai
kbd - адыгэбзэ
kbd-cyrl - адыгэбзэ
kbp - Kabɩyɛ
kcg - Tyap
kea - kabuverdianu
kg - Kongo
kge - Kumoring
khw - کھوار
ki - Gĩkũyũ
kiu - Kırmancki
kj - Kwanyama
kjh - хакас
kjp - ဖၠုံလိက်
kk - қазақша
kk-arab - قازاقشا (تٴوتە)
kk-cn - قازاقشا (جۇنگو)
kk-cyrl - қазақша (кирил)
kk-kz - қазақша (Қазақстан)
kk-latn - qazaqşa (latın)
kk-tr - qazaqşa (Türkïya)
kl - kalaallisut
km - ភាសាខ្មែរ
kn - ಕನ್ನಡ
knc - Yerwa Kanuri
ko - 한국어
ko-kp - 조선말
koi - перем коми
kr - kanuri
krc - къарачай-малкъар
kri - Krio
krj - Kinaray-a
krl - karjal
ks - कॉशुर / کٲشُر
ks-arab - کٲشُر
ks-deva - कॉशुर
ksh - Ripoarisch
ksw - စှီၤ
ku - kurdî
ku-arab - کوردی (عەرەبی)
ku-latn - kurdî (latînî)
kum - къумукъ
kus - Kʋsaal
kv - коми
kw - kernowek
ky - кыргызча
la - Latina
lad - Ladino
lb - Lëtzebuergesch
lbe - лакку
lez - лезги
lfn - Lingua Franca Nova
lg - Luganda
li - Limburgs
lij - Ligure
liv - Līvõ kēļ
lki - لەکی
lld - Ladin
lmo - lombard
ln - lingála
lo - ລາວ
loz - Silozi
lrc - لۊری شومالی
lt - lietuvių
ltg - latgaļu
lua - ciluba
lus - Mizo ţawng
luz - لئری دوٙمینی
lv - latviešu
lzh - 文言
lzz - Lazuri
mad - Madhurâ
mag - मगही
mai - मैथिली
map-bms - Basa Banyumasan
mdf - мокшень
mg - Malagasy
mh - Ebon
mhr - олык марий
mi - Māori
min - Minangkabau
mk - македонски
ml - മലയാളം
mn - монгол
mnc - manju gisun
mnc-latn - manju gisun
mnc-mong - ᠮᠠᠨᠵᡠ ᡤᡳᠰᡠᠨ
mni - ꯃꯤꯇꯩ ꯂꯣꯟ
mnw - ဘာသာမန်
mo - молдовеняскэ
mos - moore
mr - मराठी
mrh - Mara
mrj - кырык мары
ms - Bahasa Melayu
ms-arab - بهاس ملايو
mt - Malti
mui - Baso Palembang
mus - Mvskoke
mwl - Mirandés
my - မြန်မာဘာသာ
myv - эрзянь
mzn - مازِرونی
na - Dorerin Naoero
nah - Nāhuatl
nan - 閩南語 / Bân-lâm-gú
nan-hant - 閩南語(傳統漢字)
nan-latn-pehoeji - Bân-lâm-gú (Pe̍h-ōe-jī)
nan-latn-tailo - Bân-lâm-gú (Tâi-lô)
nap - Napulitano
nb - norsk bokmål
nds - Plattdüütsch
nds-nl - Nedersaksies
ne - नेपाली
new - नेपाल भाषा
ng - Oshiwambo
nia - Li Niha
nit - కొలామి
niu - Niuē
nl - Nederlands
nl-informal - Nederlands (informeel)
nmz - nawdm
nn - norsk nynorsk
no - norsk
nod - ᨣᩤᩴᨾᩮᩬᩥᨦ
nog - ногайша
nov - Novial
nqo - ߒߞߏ
nr - isiNdebele seSewula
nrm - Nouormand
nso - Sesotho sa Leboa
nup - Nupe
nv - Diné bizaad
ny - Chi-Chewa
nyn - runyankore
nyo - Orunyoro
nys - Nyunga
oc - occitan
ojb - Ojibwemowin
olo - livvinkarjala
om - Oromoo
or - ଓଡ଼ିଆ
os - ирон
pa - ਪੰਜਾਬੀ
pag - Pangasinan
pam - Kapampangan
pap - Papiamentu
pcd - Picard
pcm - Naijá
pdc - Deitsch
pdt - Plautdietsch
pfl - Pälzisch
pi - पालि
pih - Norfuk / Pitkern
pl - polski
pms - Piemontèis
pnb - پنجابی
pnt - Ποντιακά
prg - prūsiskan
ps - پښتو
pt - português
pt-br - português do Brasil
pwn - pinayuanan
qu - Runa Simi
qug - Runa shimi
rgn - Rumagnôl
rif - Tarifit
rki - ရခိုင်
rm - rumantsch
rmc - romaňi čhib
rmy - romani čhib
rn - ikirundi
ro - română
roa-tara - tarandíne
rsk - руски
ru - русский
rue - русиньскый
rup - armãneashti
ruq - Vlăheşte
ruq-cyrl - Влахесте
ruq-latn - Vlăheşte
rut - мыхаӀбишды
rw - Ikinyarwanda
ryu - うちなーぐち
sa - संस्कृतम्
sah - саха тыла
sat - ᱥᱟᱱᱛᱟᱲᱤ
sc - sardu
scn - sicilianu
sco - Scots
sd - سنڌي
sdc - Sassaresu
sdh - کوردی خوارگ
se - davvisámegiella
se-fi - davvisámegiella (Suoma bealde)
se-no - davvisámegiella (Norgga bealde)
se-se - davvisámegiella (Ruoŧa bealde)
sei - Cmique Itom
ses - Koyraboro Senni
sg - Sängö
sgs - žemaitėška
sh - srpskohrvatski / српскохрватски
sh-cyrl - српскохрватски (ћирилица)
sh-latn - srpskohrvatski (latinica)
shi - Taclḥit
shi-latn - Taclḥit
shi-tfng - ⵜⴰⵛⵍⵃⵉⵜ
shn - ၽႃႇသႃႇတႆး
shy - tacawit
shy-latn - tacawit
si - සිංහල
simple - Simple English
sjd - кӣллт са̄мь кӣлл
sje - bidumsámegiella
sk - slovenčina
skr - سرائیکی
skr-arab - سرائیکی
sl - slovenščina
sli - Schläsch
sm - Gagana Samoa
sma - åarjelsaemien
smn - anarâškielâ
sms - nuõrttsääʹmǩiõll
sn - chiShona
so - Soomaaliga
sq - shqip
sr - српски / srpski
sr-ec - српски (ћирилица)
sr-el - srpski (latinica)
srn - Sranantongo
sro - sardu campidanesu
ss - SiSwati
st - Sesotho
stq - Seeltersk
sty - себертатар
su - Sunda
sv - svenska
sw - Kiswahili
syl - ꠍꠤꠟꠐꠤ
szl - ślůnski
szy - Sakizaya
ta - தமிழ்
tay - Tayal
tcy - ತುಳು
tdd - ᥖᥭᥰ ᥖᥬᥲ ᥑᥨᥒᥰ
te - తెలుగు
tet - tetun
tg - тоҷикӣ
tg-cyrl - тоҷикӣ
tg-latn - tojikī
th - ไทย
ti - ትግርኛ
tig - ትግሬ
tk - Türkmençe
tl - Tagalog
tly - tolışi
tly-cyrl - толыши
tn - Setswana
to - lea faka-Tonga
tok - toki pona
tpi - Tok Pisin
tr - Türkçe
tru - Ṫuroyo
trv - Seediq
ts - Xitsonga
tt - татарча / tatarça
tt-cyrl - татарча
tt-latn - tatarça
ttj - Orutooro
tum - chiTumbuka
tw - Twi
ty - reo tahiti
tyv - тыва дыл
tzm - ⵜⴰⵎⴰⵣⵉⵖⵜ
udm - удмурт
ug - ئۇيغۇرچە / Uyghurche
ug-arab - ئۇيغۇرچە
ug-latn - Uyghurche
uk - українська
ur - اردو
uz - oʻzbekcha / ўзбекча
uz-cyrl - ўзбекча
uz-latn - oʻzbekcha
ve - Tshivenda
vec - vèneto
vep - vepsän kel’
vi - Tiếng Việt
vls - West-Vlams
vmf - Mainfränkisch
vmw - emakhuwa
vo - Volapük
vot - Vaďďa
vro - võro
wa - walon
wal - wolaytta
war - Winaray
wls - Fakaʻuvea
wo - Wolof
wuu - 吴语
wuu-hans - 吴语(简体)
wuu-hant - 吳語(正體)
xal - хальмг
xh - isiXhosa
xmf - მარგალური
xsy - saisiyat
yi - ייִדיש
yo - Yorùbá
yrl - Nhẽẽgatú
yue - 粵語
yue-hans - 粵语(简体)
yue-hant - 粵語(繁體)
za - Vahcuengh
zea - Zeêuws
zgh - ⵜⴰⵎⴰⵣⵉⵖⵜ ⵜⴰⵏⴰⵡⴰⵢⵜ
zgh-latn - tamaziɣt tanawayt
zh - 中文
zh-cn - 中文(中国大陆)
zh-hans - 中文(简体)
zh-hant - 中文(繁體)
zh-hk - 中文(香港)
zh-mo - 中文(澳門)
zh-my - 中文(马来西亚)
zh-sg - 中文(新加坡)
zh-tw - 中文(臺灣)
zu - isiZulu
Format
Export for off-line translation
Export in native format
Export in CSV format
Fetch
<languages/> <div lang="en" dir="ltr" class="mw-content-ltr"> [https://www.docker.com/ Docker] is a platform for building, packaging, and distributing applications inside containers. Containers bundle an application's code, configurations, and dependencies into a single object that runs consistently across different computing environments. Docker works well with NixOS through the virtualization module.<ref>https://www.docker.com/resources/what-container/</ref> </div> <div lang="en" dir="ltr" class="mw-content-ltr"> == Installation == </div> <div lang="en" dir="ltr" class="mw-content-ltr"> ==== Shell ==== </div> <div lang="en" dir="ltr" class="mw-content-ltr"> To temporarily use Docker in a shell environment, you can run: </div> <syntaxhighlight lang="bash"> nix-shell -p docker </syntaxhighlight> <div lang="en" dir="ltr" class="mw-content-ltr"> This will provide a shell with Docker CLI available, but note that the Docker daemon will not be running. For full functionality, you'll need a system-level installation. </div> <div lang="en" dir="ltr" class="mw-content-ltr"> ==== System setup ==== </div> <div lang="en" dir="ltr" class="mw-content-ltr"> To install Docker on NixOS, add the virtualization.docker module to your system configuration at <code>/etc/nixos/configuration.nix</code>:<ref>https://nixos.org/manual/nixos/stable/options#opt-virtualisation.docker.enable</ref> </div> <syntaxhighlight lang="nix"> # In /etc/nixos/configuration.nix virtualisation.docker = { enable = true; }; # Optional: Add your user to the "docker" group to run docker without sudo users.users.<username>.extraGroups = [ "docker" ]; </syntaxhighlight> {{Security Warning|Beware that the docker group membership is effectively [https://github.com/moby/moby/issues/9976 equivalent to being root]! <br> Consider using [[#Rootless Docker|rootless mode]].}} {{evaluate}} <div lang="en" dir="ltr" class="mw-content-ltr"> For a comprehensive list of configuration options, refer to the {{nixos:option|virtualisation.docker}} module options. </div> <div lang="en" dir="ltr" class="mw-content-ltr"> == Configuration == </div> <div lang="en" dir="ltr" class="mw-content-ltr"> ==== Basic ==== </div> <div lang="en" dir="ltr" class="mw-content-ltr"> The basic Docker configuration on NixOS includes several options you can set in your <code>configuration.nix</code> file: </div> <syntaxhighlight lang="nix"> virtualisation.docker = { enable = true; # Set up resource limits daemon.settings = { experimental = true; default-address-pools = [ { base = "172.30.0.0/16"; size = 24; } ]; }; }; </syntaxhighlight> <div lang="en" dir="ltr" class="mw-content-ltr"> ==== Advanced ==== </div> <div lang="en" dir="ltr" class="mw-content-ltr"> For more advanced configuration, you can customize Docker daemon options and networking: </div> <syntaxhighlight lang="nix"> virtualisation.docker = { enable = true; # Customize Docker daemon settings using the daemon.settings option daemon.settings = { dns = [ "1.1.1.1" "8.8.8.8" ]; log-driver = "journald"; registry-mirrors = [ "https://mirror.gcr.io" ]; storage-driver = "overlay2"; }; # Use the rootless mode - run Docker daemon as non-root user rootless = { enable = true; setSocketVariable = true; }; }; </syntaxhighlight> <div lang="en" dir="ltr" class="mw-content-ltr"> == Docker Compose == </div> <div lang="en" dir="ltr" class="mw-content-ltr"> Currently, there are two options to use Docker Compose with NixOS: Arion or Compose2Nix. </div> <div lang="en" dir="ltr" class="mw-content-ltr"> With Arion, you can specify most Docker Compose options in Nix Syntax, and Arion will generate a <code>docker-compose.yml</code> file internally. The result is a systemd service that starts and stops the container. </div> <div lang="en" dir="ltr" class="mw-content-ltr"> Compose2Nix, generates all necessary configs directly from the <code>docker-compose.yml</code>, which is easier when using an already existing Docker Compose project. The result is similar to that from Arion: a systemd service is created that handles starting and stopping the container. </div> <div lang="en" dir="ltr" class="mw-content-ltr"> === Arion === </div> <div lang="en" dir="ltr" class="mw-content-ltr"> [https://docs.hercules-ci.com/arion/ Arion] is created for running Nix-based projects in Docker Compose. It uses the NixOS module system for configuration, it can bypass <code>docker build</code> and lets you use dockerTools or use the store directly in the containers. The images/containers can be typical dockerTools style images or full NixOS configs. </div> <div lang="en" dir="ltr" class="mw-content-ltr"> To use Arion, you first need to add its module to your NixOS configuration: </div> <syntaxhighlight lang="nix"> modules = [ arion.nixosModules.arion ]; </syntaxhighlight> <div lang="en" dir="ltr" class="mw-content-ltr"> After that, you can access its options under </div> <syntaxhighlight lang="nix"> virtualisation.arion = {} </syntaxhighlight> <div lang="en" dir="ltr" class="mw-content-ltr"> A config for a simple container could look like this: </div> <syntaxhighlight lang="nix"> virtualisation.arion = { backend = "docker"; projects = { "db".settings.services."db".service = { image = ""; restart = "unless-stopped"; environment = { POSTGRESS_PASSWORD = "password"; }; }; }; }; </syntaxhighlight> <div lang="en" dir="ltr" class="mw-content-ltr"> === Compose2Nix === </div> <div lang="en" dir="ltr" class="mw-content-ltr"> With [https://github.com/aksiksi/compose2nix compose2nix] you can generate [https://search.nixos.org/options?query=virtualisation.oci-containers oci-containers] config from a <code>docker-compose.yaml</code>. </div> <div lang="en" dir="ltr" class="mw-content-ltr"> ==== Install ==== </div> <div lang="en" dir="ltr" class="mw-content-ltr"> To use <code>compose2nix</code> with <code>nix-shell</code> you can use </div> <syntaxhighlight lang="bash"> nix shell github:aksiksi/compose2nix compose2nix -h </syntaxhighlight> <div lang="en" dir="ltr" class="mw-content-ltr"> To install <code>compose2nix</code> to NixOS, add the repo to your flake inputs </div> <syntaxhighlight lang="nix"> compose2nix = { url = "github:aksiksi/compose2nix"; inputs.nixpkgs.follows = "nixpkgs"; }; </syntaxhighlight> <div lang="en" dir="ltr" class="mw-content-ltr"> and add the package to your configuration </div> <syntaxhighlight lang="nix"> environment.systemPackages = [ inputs.compose2nix.packages.x86_64-linux.default ]; </syntaxhighlight> <div lang="en" dir="ltr" class="mw-content-ltr"> ==== Usage ==== </div> <div lang="en" dir="ltr" class="mw-content-ltr"> After you have installed <code>compose2nix</code>, you can run <code>compose2nix</code> in the directory with your <code>docker-compose.yml</code>, which will output a <code>docker-compose.nix</code>. </div> <div lang="en" dir="ltr" class="mw-content-ltr"> Alternatively, you can specify the input and output files with the following flags </div> <syntaxhighlight lang="bash"> compose2nix -inputs input.yml -output output.nix -runtime docker </syntaxhighlight> <div lang="en" dir="ltr" class="mw-content-ltr"> The <code>-runtime</code> flag specifies the runtime. Here, we select <code>docker</code>. Options are <code>podman</code> and <code>docker</code>. The default is <code>podman</code> </div> <div lang="en" dir="ltr" class="mw-content-ltr"> == Tips and tricks == </div> <div lang="en" dir="ltr" class="mw-content-ltr"> === Docker on btrfs === </div> <div lang="en" dir="ltr" class="mw-content-ltr"> If you use the [[btrfs]] file system, you might need to set the {{nixos:option|virtualisation.docker.storageDriver|storageDriver}} option: </div> <syntaxhighlight lang="nix"> virtualisation.docker.storageDriver = "btrfs"; </syntaxhighlight> <div lang="en" dir="ltr" class="mw-content-ltr"> === Rootless Docker === </div> <div lang="en" dir="ltr" class="mw-content-ltr"> Rootless Docker lets you run the Docker daemon as a non-root user for improved security. Set the <code>rootless</code> option [[#Advanced|as shown above]]. The <code>setSocketVariable</code> option adds the <code>DOCKER_HOST</code> variable pointing to your rootless Docker instance. </div> <div lang="en" dir="ltr" class="mw-content-ltr"> After enabling rootless mode, Docker can be started with: </div> <syntaxhighlight lang="bash"> $ systemctl --user enable --now docker </syntaxhighlight> <div lang="en" dir="ltr" class="mw-content-ltr"> This creates the 'docker.service' file which is required to start Docker. Note that the service will not start at boot by this command. You will have to set it up in your NixOS configuration. Now the following command will work: </div> <syntaxhighlight lang="bash"> $ systemctl --user start docker </syntaxhighlight> <div lang="en" dir="ltr" class="mw-content-ltr"> Check its status with: </div> <syntaxhighlight lang="bash"> $ systemctl --user status docker </syntaxhighlight> <div lang="en" dir="ltr" class="mw-content-ltr"> === Creating images with Nix === </div> <div lang="en" dir="ltr" class="mw-content-ltr"> ==== Building a docker image with nixpkgs ==== </div> <div lang="en" dir="ltr" class="mw-content-ltr"> There is an entry for [https://nixos.org/nixpkgs/manual/#sec-pkgs-dockerTools dockerTools] in the Nixpkgs manual for reference. In the linked page, they give the following example config: </div> <syntaxhighlight lang="nix"> buildImage { name = "redis"; tag = "latest"; fromImage = someBaseImage; fromImageName = null; fromImageTag = "latest"; copyToRoot = pkgs.buildEnv { name = "image-root"; paths = [ pkgs.redis ]; pathsToLink = [ "/bin" ]; }; runAsRoot = '' #!${pkgs.runtimeShell} mkdir -p /data ''; config = { Cmd = [ "/bin/redis-server" ]; WorkingDir = "/data"; Volumes = { "/data" = { }; }; }; diskSize = 1024; buildVMMemorySize = 512; } </syntaxhighlight> <div lang="en" dir="ltr" class="mw-content-ltr"> More examples can be found in the [https://github.com/NixOS/nixpkgs/blob/master/pkgs/build-support/docker/examples.nix nixpkgs] repo. </div> <div lang="en" dir="ltr" class="mw-content-ltr"> Also check out the excellent article by [https://lucabrunox.github.io/2016/04/cheap-docker-images-with-nix_15.html lethalman] about building minimal docker images with nix. </div> <div lang="en" dir="ltr" class="mw-content-ltr"> ==== Reproducible image dates ==== </div> <div lang="en" dir="ltr" class="mw-content-ltr"> The manual advises against using <code>created = "now"</code>, as that prevents images from being reproducible. </div> <div lang="en" dir="ltr" class="mw-content-ltr"> An alternative, if using [[flakes]], is to do <code>created = builtins.substring 0 8 self.lastModifiedDate</code>, which uses the commit date, and is therefore reproducible. </div> <div lang="en" dir="ltr" class="mw-content-ltr"> ==== Calculating the sha256 for a pulled Docker image ==== </div> <div lang="en" dir="ltr" class="mw-content-ltr"> The <code>sha256</code> argument of the <code>dockerTools.pullImage</code> function is the checksum of the archive generated by Skopeo. Since the archive contains the name and the tag of the image, Skopeo arguments used to fetch the image have to be identical to those used by the <code>dockerTools.pullImage</code> function. </div> <div lang="en" dir="ltr" class="mw-content-ltr"> For instance, the SHA of the following image </div> <syntaxhighlight lang="nix"> pkgs.dockerTools.pullImage{ imageName = "lnl7/nix"; finalImageTag = "2.0"; imageDigest = "sha256:632268d5fd9ca87169c65353db99be8b4e2eb41833b626e09688f484222e860f"; sha256 = "1x00ks05cz89k3wc460i03iyyjr7wlr28krk7znavfy2qx5a0hfd"; }; </syntaxhighlight> <div lang="en" dir="ltr" class="mw-content-ltr"> can be manually generated with the following shell commands </div> <syntaxhighlight lang="bash"> skopeo copy docker://lnl7/nix@sha256:632268d5fd9ca87169c65353db99be8b4e2eb41833b626e09688f484222e860f docker-archive:///tmp/image.tgz:lnl7/nix:2.0 </syntaxhighlight> <syntaxhighlight lang="bash"> nix-hash --base32 --flat --type sha256 /tmp/image.tgz </syntaxhighlight> <syntaxhighlight lang="shell"> 1x00ks05cz89k3wc460i03iyyjr7wlr28krk7znavfy2qx5a0hfd </syntaxhighlight> <div lang="en" dir="ltr" class="mw-content-ltr"> ==== Directly Using Nix in Image Layers ==== </div> <div lang="en" dir="ltr" class="mw-content-ltr"> Instead of copying Nix packages into Docker image layers, Docker can be configured to directly utilize the <code>nix-store</code> by integrating with [https://github.com/pdtpartners/nix-snapshotter nix-snapshotter]. </div> <div lang="en" dir="ltr" class="mw-content-ltr"> This will significantly reduce data duplication and the time it takes to pull images. </div> <div lang="en" dir="ltr" class="mw-content-ltr"> === Using Podman as an alternative === </div> <div lang="en" dir="ltr" class="mw-content-ltr"> Podman is a daemonless container engine that can run Docker containers without elevated privileges. It can be used as a drop-in replacement for Docker in many cases: </div> <syntaxhighlight lang="nix"> # Enable Podman in configuration.nix virtualisation.podman = { enable = true; # Create the default bridge network for podman defaultNetwork.settings.dns_enabled = true; }; # Optionally, create a Docker compatibility alias programs.zsh.shellAliases = { docker = "podman"; }; </syntaxhighlight> <div lang="en" dir="ltr" class="mw-content-ltr"> === Changing Docker Daemon's Data Root === </div> <div lang="en" dir="ltr" class="mw-content-ltr"> By default, the Docker daemon stores images, containers, and build context on the root file system. To use a different storage location, specify a new <code>data-root</code> in your configuration: </div> <syntaxhighlight lang="nix"> virtualisation.docker.daemon.settings = { data-root = "/some-place/to-store-the-docker-data"; }; </syntaxhighlight> <div lang="en" dir="ltr" class="mw-content-ltr"> === Docker Containers as systemd Services === </div> <div lang="en" dir="ltr" class="mw-content-ltr"> You can run Docker containers as systemd services using the <code>oci-containers</code> module: </div> <syntaxhighlight lang="nix"> virtualisation.oci-containers = { # backend defaults to "podman" backend = "docker"; containers = { foo = { # ... }; }; }; </syntaxhighlight> <div lang="en" dir="ltr" class="mw-content-ltr"> A more advanced example: </div> <syntaxhighlight lang="nix"> { config, pkgs, ... }: { config.virtualisation.oci-containers.containers = { hackagecompare = { image = "chrissound/hackagecomparestats-webserver:latest"; ports = ["127.0.0.1:3010:3010"]; volumes = [ "/root/hackagecompare/packageStatistics.json:/root/hackagecompare/packageStatistics.json" ]; cmd = [ "--base-url" "\"/hackagecompare\"" ]; }; }; } </syntaxhighlight> <div lang="en" dir="ltr" class="mw-content-ltr"> See [https://search.nixos.org/options?from=0&size=50&sort=alpha_asc&query=virtualisation.oci-containers oci-containers] for further options. </div> <div lang="en" dir="ltr" class="mw-content-ltr"> ==== Usage ==== </div> <div lang="en" dir="ltr" class="mw-content-ltr"> Unless otherwise specified, NixOS uses Podman to run OCI containers. Note that these are '''user-specific''', so running commands with or without sudo can change your output. </div> <div lang="en" dir="ltr" class="mw-content-ltr"> List containers </div> <syntaxhighlight lang="console"> # podman ps </syntaxhighlight> <div lang="en" dir="ltr" class="mw-content-ltr"> Update image </div> <syntaxhighlight lang="console"> # podman restart hackagecompare </syntaxhighlight> <div lang="en" dir="ltr" class="mw-content-ltr"> List images </div> <syntaxhighlight lang="console"> # podman ls </syntaxhighlight> <div lang="en" dir="ltr" class="mw-content-ltr"> Remove container </div> <syntaxhighlight lang="console"> # podman rm hackagecompare </syntaxhighlight> <div lang="en" dir="ltr" class="mw-content-ltr"> Remove image </div> <syntaxhighlight lang="console"> # podman rmi c0d9a5f58afe </syntaxhighlight> <div lang="en" dir="ltr" class="mw-content-ltr"> Update image </div> <syntaxhighlight lang="console"> # podman pull chrissound/hackagecomparestats-webserver:latest </syntaxhighlight> <div lang="en" dir="ltr" class="mw-content-ltr"> Run interactive shell in running container </div> <syntaxhighlight lang="console"> # podman exec -ti $ContainerId /bin/sh </syntaxhighlight> <div lang="en" dir="ltr" class="mw-content-ltr"> ===== Exposing ports from the host ===== </div> <div lang="en" dir="ltr" class="mw-content-ltr"> If you have a service running on the host that you want to connect to from the container, you could try connecting to the hostname <code>host.containers.internal</code> (or <code>host.docker.internal</code> for podman), but this might require additional networking setup </div> <div lang="en" dir="ltr" class="mw-content-ltr"> ===== Exposing sockets from the host ===== </div> <div lang="en" dir="ltr" class="mw-content-ltr"> If you have a service running on the host that exposes a socket, such as mariadb, you can also expose that socket to the container instead. You'll want to expose the folder the socket is in as a volume - so: </div> <syntaxhighlight lang="bash"> volumes = [ "/var/run/mysqld:/mysqld" ]; </syntaxhighlight> <div lang="en" dir="ltr" class="mw-content-ltr"> to provide access to <code>/var/run/mysqld/mysqld.sock</code> </div> <div lang="en" dir="ltr" class="mw-content-ltr"> === Running the docker daemon from nix-the-package-manager - not NixOS === </div> <div lang="en" dir="ltr" class="mw-content-ltr"> This is not supported. You're better off installing the docker daemon [https://docs.docker.com/engine/install/ "the normal non-nix way"]. </div> <div lang="en" dir="ltr" class="mw-content-ltr"> See the discourse discussion: [https://discourse.nixos.org/t/how-to-run-docker-daemon-from-nix-not-nixos/43413 How to run docker daemon from nix (not NixOS)] for more. </div> <div lang="en" dir="ltr" class="mw-content-ltr"> == Troubleshooting == </div> <div lang="en" dir="ltr" class="mw-content-ltr"> === Common issues === </div> <div lang="en" dir="ltr" class="mw-content-ltr"> ==== Cannot connect to the Docker daemon ==== </div> <div lang="en" dir="ltr" class="mw-content-ltr"> If you encounter errors connecting to the Docker daemon, check that: </div> <div lang="en" dir="ltr" class="mw-content-ltr"> - The Docker service is running: `systemctl status docker` </div> <div lang="en" dir="ltr" class="mw-content-ltr"> - Your user is in the docker group: `groups | grep docker` </div> <div lang="en" dir="ltr" class="mw-content-ltr"> - You've logged out and back in after adding your user to the docker group </div> <div lang="en" dir="ltr" class="mw-content-ltr"> ==== Storage space issues ==== </div> <div lang="en" dir="ltr" class="mw-content-ltr"> When Docker uses too much disk space: </div> <syntaxhighlight lang="bash"> # Remove unused containers, networks, images, and volumes docker system prune -a --volumes # Configure Docker daemon to automatically prune in configuration.nix virtualisation.docker.daemon.settings = { pruning = { enabled = true; interval = "24h"; }; }; </syntaxhighlight> <div lang="en" dir="ltr" class="mw-content-ltr"> ==== Network conflicts ==== </div> <div lang="en" dir="ltr" class="mw-content-ltr"> Docker's default subnet (`172.17.0.0/16`) might conflict with your existing network. Configure a different subnet in your `configuration.nix`: </div> <syntaxhighlight lang="nix"> virtualisation.docker.daemon.settings = { default-address-pools = [ { base = "192.168.0.0/16"; size = 24; } ]; }; </syntaxhighlight> <div lang="en" dir="ltr" class="mw-content-ltr"> === Cannot connect to public Wi-Fi, when using Docker === </div> <div lang="en" dir="ltr" class="mw-content-ltr"> When connecting to a public Wi-Fi, where the login page's IP-Address is within the Docker network range, accessing the Internet might not be possible. This has been reported when trying to connect to the WIFIonICE of the Deutsche Bahn (DB). They use the <code>172.18.x.x</code> address range. </div> <div lang="en" dir="ltr" class="mw-content-ltr"> This can be resolved by changing the default address pool that Docker uses. </div> <syntaxhighlight lang="nix"> virtualisation.docker = { enable = true; daemon.settings = { "default-address-pools" = [ { "base" = "172.27.0.0/16"; "size" = 24; } ]; }; }; </syntaxhighlight> <div lang="en" dir="ltr" class="mw-content-ltr"> Restarting the container or Docker might be required. </div> <div lang="en" dir="ltr" class="mw-content-ltr"> == References == </div> <references/> [[Category:Applications]] [[Category:Virtualization]] [[Category:Cookbook]] [[Category:Software]] [[Category:Server]] [[Category:Container]]
