50 lines
1.3 KiB
Nix
50 lines
1.3 KiB
Nix
{
|
|
pkgs,
|
|
lib,
|
|
...
|
|
}: {
|
|
systemd.user.services = let
|
|
startup = pkgs.writeScript "dockerd-rootless" ''
|
|
#!/bin/sh
|
|
exec ${pkgs.rootlesskit}/bin/rootlesskit \
|
|
--net=slirp4netns --mtu=65520 \
|
|
--slirp4netns-sandbox=auto \
|
|
--slirp4netns-seccomp=auto \
|
|
--disable-host-loopback --port-driver=builtin \
|
|
--copy-up=/etc --copy-up=/run \
|
|
--propagation=rslave \
|
|
${pkgs.docker}/bin/dockerd
|
|
'';
|
|
in {
|
|
docker = {
|
|
Unit = {
|
|
Description = "Docker Application Container Engine (Rootless)";
|
|
Documentation = ["https://docs.docker.com/go/rootless/"];
|
|
};
|
|
|
|
Service = {
|
|
ExecStart = "${startup}";
|
|
Environment = ["PATH=${lib.makeBinPath (with pkgs; [fuse-overlayfs rootlesskit slirp4netns docker docker-compose])}:/usr/bin"];
|
|
ExecReload = "/bin/kill -s HUP $MAINPID";
|
|
TimeoutSec = "0";
|
|
RestartSec = "2";
|
|
Restart = "always";
|
|
StartLimitBurst = "3";
|
|
StartLimitInterval = "60s";
|
|
LimitNOFILE = "infinity";
|
|
LimitNPROC = "infinity";
|
|
LimitCORE = "infinity";
|
|
TasksMax = "infinity";
|
|
Delegate = "yes";
|
|
Type = "notify";
|
|
NotifyAccess = "all";
|
|
KillMode = "mixed";
|
|
};
|
|
|
|
Install = {
|
|
WantedBy = ["default.target"];
|
|
};
|
|
};
|
|
};
|
|
}
|