From 9dfac1e83f00684e02a8d8fa37a98afdec184db7 Mon Sep 17 00:00:00 2001 From: Daniel Patterson Date: Wed, 5 Jul 2023 01:07:56 +0100 Subject: [PATCH] Somehow get docker working on deck --- users/configs/system/nb/default.nix | 4 +- users/deck/default.nix | 14 +++++- users/deck/docker.nix | 49 +++++++++++++++++++ users/deck/podman.nix | 73 ----------------------------- 4 files changed, 63 insertions(+), 77 deletions(-) create mode 100644 users/deck/docker.nix delete mode 100644 users/deck/podman.nix diff --git a/users/configs/system/nb/default.nix b/users/configs/system/nb/default.nix index c704338..c5befdf 100644 --- a/users/configs/system/nb/default.nix +++ b/users/configs/system/nb/default.nix @@ -1,6 +1,4 @@ -{pkgs, ...}: - -{ +{pkgs, ...}: { home.packages = with pkgs; [ ack bat diff --git a/users/deck/default.nix b/users/deck/default.nix index 6f9fea1..3e33c08 100644 --- a/users/deck/default.nix +++ b/users/deck/default.nix @@ -8,28 +8,39 @@ }: let packages = with pkgs; [ age + curl direnv + docker elixir elixir_ls entr erlang + fd feh + fzf + gcc go gopls + htop + jq minisign (nerdfonts.override {fonts = ["Iosevka"];}) + nnn nodejs oh-my-zsh + ripgrep rust-analyzer unzip + wget zip + zsh ]; defaultUser = "deck"; in { imports = [ ../configs/system - ./podman.nix + ./docker.nix ]; fonts.fontconfig.enable = true; @@ -39,6 +50,7 @@ in { homeDirectory = "/home/${defaultUser}"; sessionPath = [ "$HOME/go/bin" + "$HOME/bin" ]; file = { diff --git a/users/deck/docker.nix b/users/deck/docker.nix new file mode 100644 index 0000000..0cf0007 --- /dev/null +++ b/users/deck/docker.nix @@ -0,0 +1,49 @@ +{ + pkgs, + lib, + ... +}: { + systemd.user.services = let + startup = pkgs.writeScript "dockerd-rootless" '' + #!/bin/sh + exec ${pkgs.rootlesskit}/bin/rootlesskit \ + --net=slirp4netns --mtu=65520 \ + --slirp4netns-sandbox=auto \ + --slirp4netns-seccomp=auto \ + --disable-host-loopback --port-driver=builtin \ + --copy-up=/etc --copy-up=/run \ + --propagation=rslave \ + ${pkgs.docker}/bin/dockerd + ''; + in { + docker = { + Unit = { + Description = "Docker Application Container Engine (Rootless)"; + Documentation = ["https://docs.docker.com/go/rootless/"]; + }; + + Service = { + ExecStart = "${startup}"; + Environment = ["PATH=${lib.makeBinPath (with pkgs; [fuse-overlayfs rootlesskit slirp4netns docker docker-compose])}:/usr/bin"]; + ExecReload = "/bin/kill -s HUP $MAINPID"; + TimeoutSec = "0"; + RestartSec = "2"; + Restart = "always"; + StartLimitBurst = "3"; + StartLimitInterval = "60s"; + LimitNOFILE = "infinity"; + LimitNPROC = "infinity"; + LimitCORE = "infinity"; + TasksMax = "infinity"; + Delegate = "yes"; + Type = "notify"; + NotifyAccess = "all"; + KillMode = "mixed"; + }; + + Install = { + WantedBy = ["default.target"]; + }; + }; + }; +} diff --git a/users/deck/podman.nix b/users/deck/podman.nix deleted file mode 100644 index 0fe8a23..0000000 --- a/users/deck/podman.nix +++ /dev/null @@ -1,73 +0,0 @@ -{pkgs, config, ...}: let - PODMAN_VERSION = "4.5.1"; - podman-static = pkgs.stdenv.mkDerivation { - name = "podman-static"; - src = pkgs.fetchzip { - url = "https://github.com/mgoltzsche/podman-static/releases/download/v${PODMAN_VERSION}/podman-linux-amd64.tar.gz"; - hash = "sha256-66eReaToPuusoQI+Ooh+3bKQi39dA46etwX9REwApRc="; - }; - - runtimeDependencies = with pkgs; [ - conmon - crun - slirp4netns - fuse-overlayfs - ]; - - installPhase = '' - mkdir -p $out - cp -r usr/local/bin $out - cp -r usr/local/lib $out - cp -r etc $out - rm $out/etc/containers/containers.conf - - substituteInPlace $out/etc/containers/storage.conf \ - --replace "/var" "${config.home.homeDirectory}/.local/share" - - sed -i "s|mount_program =.*|mount_program = \"${pkgs.fuse-overlayfs}/bin/fuse-overlayfs\"|g" \ - "$out/etc/containers/storage.conf" - ''; - - }; - - dest_path = ".local/podman"; - - configuration = '' - # See https://github.com/containers/common/blob/master/pkg/config/containers.conf - [engine] - infra_image="k8s.gcr.io/pause:3.8" - # can be croupfs, systemd - cgroup_manager = "systemd" - # can be file, journald - events_logger="file" - exit_command_delay = 10 - # can be runc, crun - runtime = "crun" - stop_timeout = 5 - conmon_path = [ "${pkgs.conmon}/bin/conmon" ] - helper_binaries_dir = [ "${podman-static}/lib/podman" ] - static_dir = "${config.home.homeDirectory}/.local/share/containers/storage/libpod" - volume_path = "${config.home.homeDirectory}/local/share/containers/storage/volumes" - [engine.runtimes] - crun = [ "${pkgs.crun}/bin/crun" ] - [network] - cni_plugin_dirs = [ "${podman-static}/lib/cni" ] - ''; - - conf_path = ".config/containers"; - -in -{ - home.packages = [ - podman-static - pkgs.podman-compose - ]; - - home.file = { - "${conf_path}" = { - source = "${podman-static}/etc/containers"; - recursive = true; - }; - "${conf_path}/containers.conf".text = configuration; - }; -}