dp/nixcfg
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Activity

Somehow get docker working on deck

Browse Source
This commit is contained in:
Daniel Patterson
2023-07-05 01:07:56 +01:00
parent a9cae0f3ea
commit 9dfac1e83f
4 changed files with 63 additions and 77 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
users/configs/system/nb/default.nix
View File

@@ -1,6 +1,4 @@
{pkgs, ...}: {pkgs, ...}: {
{
home.packages = with pkgs; [ home.packages = with pkgs; [
ack ack
bat bat

14
users/deck/default.nix
View File

@@ -8,28 +8,39 @@
}: let }: let
packages = with pkgs; [ packages = with pkgs; [
age age
curl
direnv direnv
docker
elixir elixir
elixir_ls elixir_ls
entr entr
erlang erlang
fd
feh feh
fzf
gcc
go go
gopls gopls
htop
jq
minisign minisign
(nerdfonts.override {fonts = ["Iosevka"];}) (nerdfonts.override {fonts = ["Iosevka"];})
nnn
nodejs nodejs
oh-my-zsh oh-my-zsh
ripgrep
rust-analyzer rust-analyzer
unzip unzip
wget
zip zip
zsh
]; ];
defaultUser = "deck"; defaultUser = "deck";
in { in {
imports = [ imports = [
../configs/system ../configs/system
./podman.nix ./docker.nix
]; ];
fonts.fontconfig.enable = true; fonts.fontconfig.enable = true;
@@ -39,6 +50,7 @@ in {
homeDirectory = "/home/${defaultUser}"; homeDirectory = "/home/${defaultUser}";
sessionPath = [ sessionPath = [
"$HOME/go/bin" "$HOME/go/bin"
"$HOME/bin"
]; ];
file = { file = {

49
users/deck/docker.nix Normal file
View File

@@ -0,0 +1,49 @@
{
pkgs,
lib,
...
}: {
systemd.user.services = let
startup = pkgs.writeScript "dockerd-rootless" ''
#!/bin/sh
exec ${pkgs.rootlesskit}/bin/rootlesskit \
--net=slirp4netns --mtu=65520 \
--slirp4netns-sandbox=auto \
--slirp4netns-seccomp=auto \
--disable-host-loopback --port-driver=builtin \
--copy-up=/etc --copy-up=/run \
--propagation=rslave \
${pkgs.docker}/bin/dockerd
'';
in {
docker = {
Unit = {
Description = "Docker Application Container Engine (Rootless)";
Documentation = ["https://docs.docker.com/go/rootless/"];
};
Service = {
ExecStart = "${startup}";
Environment = ["PATH=${lib.makeBinPath (with pkgs; [fuse-overlayfs rootlesskit slirp4netns docker docker-compose])}:/usr/bin"];
ExecReload = "/bin/kill -s HUP $MAINPID";
TimeoutSec = "0";
RestartSec = "2";
Restart = "always";
StartLimitBurst = "3";
StartLimitInterval = "60s";
LimitNOFILE = "infinity";
LimitNPROC = "infinity";
LimitCORE = "infinity";
TasksMax = "infinity";
Delegate = "yes";
Type = "notify";
NotifyAccess = "all";
KillMode = "mixed";
};
Install = {
WantedBy = ["default.target"];
};
};
};
}

73
users/deck/podman.nix
View File

@@ -1,73 +0,0 @@
{pkgs, config, ...}: let
PODMAN_VERSION = "4.5.1";
podman-static = pkgs.stdenv.mkDerivation {
name = "podman-static";
src = pkgs.fetchzip {
url = "https://github.com/mgoltzsche/podman-static/releases/download/v${PODMAN_VERSION}/podman-linux-amd64.tar.gz";
hash = "sha256-66eReaToPuusoQI+Ooh+3bKQi39dA46etwX9REwApRc=";
};
runtimeDependencies = with pkgs; [
conmon
crun
slirp4netns
fuse-overlayfs
];
installPhase = ''
mkdir -p $out
cp -r usr/local/bin $out
cp -r usr/local/lib $out
cp -r etc $out
rm $out/etc/containers/containers.conf
substituteInPlace $out/etc/containers/storage.conf \
--replace "/var" "${config.home.homeDirectory}/.local/share"
sed -i "s|mount_program =.*|mount_program = \"${pkgs.fuse-overlayfs}/bin/fuse-overlayfs\"|g" \
"$out/etc/containers/storage.conf"
'';
};
dest_path = ".local/podman";
configuration = ''
# See https://github.com/containers/common/blob/master/pkg/config/containers.conf
[engine]
infra_image="k8s.gcr.io/pause:3.8"
# can be croupfs, systemd
cgroup_manager = "systemd"
# can be file, journald
events_logger="file"
exit_command_delay = 10
# can be runc, crun
runtime = "crun"
stop_timeout = 5
conmon_path = [ "${pkgs.conmon}/bin/conmon" ]
helper_binaries_dir = [ "${podman-static}/lib/podman" ]
static_dir = "${config.home.homeDirectory}/.local/share/containers/storage/libpod"
volume_path = "${config.home.homeDirectory}/local/share/containers/storage/volumes"
[engine.runtimes]
crun = [ "${pkgs.crun}/bin/crun" ]
[network]
cni_plugin_dirs = [ "${podman-static}/lib/cni" ]
'';
conf_path = ".config/containers";
in
{
home.packages = [
podman-static
pkgs.podman-compose
];
home.file = {
"${conf_path}" = {
source = "${podman-static}/etc/containers";
recursive = true;
};
"${conf_path}/containers.conf".text = configuration;
};
}