movefasta/nixpkgs
1
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-06-12 04:35:41 +03:00
Code Issues Projects Releases Packages Wiki Activity

treewide: Format all Nix files

Browse source 
Format all Nix files using the officially approved formatter,
making the CI check introduced in the previous commit succeed:

  nix-build ci -A fmt.check

This is the next step of the of the [implementation](https://github.com/NixOS/nixfmt/issues/153)
of the accepted [RFC 166](https://github.com/NixOS/rfcs/pull/166).

This commit will lead to merge conflicts for a number of PRs,
up to an estimated ~1100 (~33%) among the PRs with activity in the past 2
months, but that should be lower than what it would be without the previous
[partial treewide format](https://github.com/NixOS/nixpkgs/pull/322537).

Merge conflicts caused by this commit can now automatically be resolved while rebasing using the
[auto-rebase script](8616af08d9/maintainers/scripts/auto-rebase).

If you run into any problems regarding any of this, please reach out to the
[formatting team](https://nixos.org/community/teams/formatting/) by
pinging @NixOS/nix-formatting.
This commit is contained in:
Silvan Mosberger 2025-04-01 20:10:43 +02:00
parent 2140bf39e4
commit 374e6bcc40
1523 changed files with 986047 additions and 513621 deletions
Download patch file Download diff file Expand all files Collapse all files

302
nixos/modules/virtualisation/docker.nix
View file

@ -1,6 +1,12 @@
# Systemd services for docker.
{ config, lib, utils, pkgs, ... }:
{
config,
lib,
utils,
pkgs,
...
}:
with lib;
@ -8,7 +14,7 @@ let
cfg = config.virtualisation.docker;
proxy_env = config.networking.proxy.envVars;
settingsFormat = pkgs.formats.json {};
settingsFormat = pkgs.formats.json { };
daemonSettingsFile = settingsFormat.generate "daemon.json" cfg.daemon.settings;
in
@ -16,119 +22,132 @@ in
###### interface
options.virtualisation.docker = {
enable =
mkOption {
type = types.bool;
default = false;
description = ''
This option enables docker, a daemon that manages
linux containers. Users in the "docker" group can interact with
the daemon (e.g. to start or stop containers) using the
{command}`docker` command line tool.
'';
};
enable = mkOption {
type = types.bool;
default = false;
description = ''
This option enables docker, a daemon that manages
linux containers. Users in the "docker" group can interact with
the daemon (e.g. to start or stop containers) using the
{command}`docker` command line tool.
'';
};
listenOptions =
mkOption {
type = types.listOf types.str;
default = ["/run/docker.sock"];
description = ''
A list of unix and tcp docker should listen to. The format follows
ListenStream as described in {manpage}`systemd.socket(5)`.
'';
};
listenOptions = mkOption {
type = types.listOf types.str;
default = [ "/run/docker.sock" ];
description = ''
A list of unix and tcp docker should listen to. The format follows
ListenStream as described in {manpage}`systemd.socket(5)`.
'';
};
enableOnBoot =
mkOption {
type = types.bool;
default = true;
description = ''
When enabled dockerd is started on boot. This is required for
containers which are created with the
`--restart=always` flag to work. If this option is
disabled, docker might be started on demand by socket activation.
'';
};
enableOnBoot = mkOption {
type = types.bool;
default = true;
description = ''
When enabled dockerd is started on boot. This is required for
containers which are created with the
`--restart=always` flag to work. If this option is
disabled, docker might be started on demand by socket activation.
'';
};
daemon.settings =
mkOption {
type = types.submodule {
freeformType = settingsFormat.type;
options = {
live-restore = mkOption {
type = types.bool;
# Prior to NixOS 24.11, this was set to true by default, while upstream defaulted to false.
# Keep the option unset to follow upstream defaults
default = versionOlder config.system.stateVersion "24.11";
defaultText = literalExpression "lib.versionOlder config.system.stateVersion \"24.11\"";
description = ''
Allow dockerd to be restarted without affecting running container.
This option is incompatible with docker swarm.
'';
};
daemon.settings = mkOption {
type = types.submodule {
freeformType = settingsFormat.type;
options = {
live-restore = mkOption {
type = types.bool;
# Prior to NixOS 24.11, this was set to true by default, while upstream defaulted to false.
# Keep the option unset to follow upstream defaults
default = versionOlder config.system.stateVersion "24.11";
defaultText = literalExpression "lib.versionOlder config.system.stateVersion \"24.11\"";
description = ''
Allow dockerd to be restarted without affecting running container.
This option is incompatible with docker swarm.
'';
};
};
default = { };
example = {
ipv6 = true;
"live-restore" = true;
"fixed-cidr-v6" = "fd00::/80";
};
description = ''
Configuration for docker daemon. The attributes are serialized to JSON used as daemon.conf.
See https://docs.docker.com/engine/reference/commandline/dockerd/#daemon-configuration-file
'';
};
enableNvidia =
mkOption {
type = types.bool;
default = false;
description = ''
**Deprecated**, please use hardware.nvidia-container-toolkit.enable instead.
Enable nvidia-docker wrapper, supporting NVIDIA GPUs inside docker containers.
'';
default = { };
example = {
ipv6 = true;
"live-restore" = true;
"fixed-cidr-v6" = "fd00::/80";
};
description = ''
Configuration for docker daemon. The attributes are serialized to JSON used as daemon.conf.
See https://docs.docker.com/engine/reference/commandline/dockerd/#daemon-configuration-file
'';
};
storageDriver =
mkOption {
type = types.nullOr (types.enum ["aufs" "btrfs" "devicemapper" "overlay" "overlay2" "zfs"]);
default = null;
description = ''
This option determines which Docker
[storage driver](https://docs.docker.com/storage/storagedriver/select-storage-driver/)
to use.
By default it lets docker automatically choose the preferred storage
driver.
However, it is recommended to specify a storage driver explicitly, as
docker's default varies over versions.
enableNvidia = mkOption {
type = types.bool;
default = false;
description = ''
**Deprecated**, please use hardware.nvidia-container-toolkit.enable instead.
::: {.warning}
Changing the storage driver will cause any existing containers
and images to become inaccessible.
:::
'';
};
Enable nvidia-docker wrapper, supporting NVIDIA GPUs inside docker containers.
'';
};
logDriver =
mkOption {
type = types.enum ["none" "json-file" "syslog" "journald" "gelf" "fluentd" "awslogs" "splunk" "etwlogs" "gcplogs" "local"];
default = "journald";
description = ''
This option determines which Docker log driver to use.
'';
};
storageDriver = mkOption {
type = types.nullOr (
types.enum [
"aufs"
"btrfs"
"devicemapper"
"overlay"
"overlay2"
"zfs"
]
);
default = null;
description = ''
This option determines which Docker
[storage driver](https://docs.docker.com/storage/storagedriver/select-storage-driver/)
to use.
By default it lets docker automatically choose the preferred storage
driver.
However, it is recommended to specify a storage driver explicitly, as
docker's default varies over versions.
extraOptions =
mkOption {
type = types.separatedString " ";
default = "";
description = ''
The extra command-line options to pass to
{command}`docker` daemon.
'';
};
::: {.warning}
Changing the storage driver will cause any existing containers
and images to become inaccessible.
:::
'';
};
logDriver = mkOption {
type = types.enum [
"none"
"json-file"
"syslog"
"journald"
"gelf"
"fluentd"
"awslogs"
"splunk"
"etwlogs"
"gcplogs"
"local"
];
default = "journald";
description = ''
This option determines which Docker log driver to use.
'';
};
extraOptions = mkOption {
type = types.separatedString " ";
default = "";
description = ''
The extra command-line options to pass to
{command}`docker` daemon.
'';
};
autoPrune = {
enable = mkOption {
@ -143,7 +162,7 @@ in
flags = mkOption {
type = types.listOf types.str;
default = [];
default = [ ];
example = [ "--all" ];
description = ''
Any additional flags passed to {command}`docker system prune`.
@ -202,20 +221,32 @@ in
};
imports = [
(mkRemovedOptionModule ["virtualisation" "docker" "socketActivation"] "This option was removed and socket activation is now always active")
(mkAliasOptionModule ["virtualisation" "docker" "liveRestore"] ["virtualisation" "docker" "daemon" "settings" "live-restore"])
(mkRemovedOptionModule [
"virtualisation"
"docker"
"socketActivation"
] "This option was removed and socket activation is now always active")
(mkAliasOptionModule
[ "virtualisation" "docker" "liveRestore" ]
[ "virtualisation" "docker" "daemon" "settings" "live-restore" ]
)
];
###### implementation
config = mkIf cfg.enable (mkMerge [{
boot.kernelModules = [ "bridge" "veth" "br_netfilter" "xt_nat" ];
config = mkIf cfg.enable (mkMerge [
{
boot.kernelModules = [
"bridge"
"veth"
"br_netfilter"
"xt_nat"
];
boot.kernel.sysctl = {
"net.ipv4.conf.all.forwarding" = mkOverride 98 true;
"net.ipv4.conf.default.forwarding" = mkOverride 98 true;
};
environment.systemPackages = [ cfg.package ]
++ optional cfg.enableNvidia pkgs.nvidia-docker;
environment.systemPackages = [ cfg.package ] ++ optional cfg.enableNvidia pkgs.nvidia-docker;
users.groups.docker.gid = config.ids.gids.docker;
systemd.packages = [ cfg.package ];
@ -223,15 +254,20 @@ in
# (https://docs.docker.com/engine/release-notes/25.0/#new). Encourage
# moving to CDI as opposed to having deprecated runtime
# wrappers.
warnings = lib.optionals (cfg.enableNvidia && (lib.strings.versionAtLeast cfg.package.version "25")) [
''
You have set virtualisation.docker.enableNvidia. This option is deprecated, please set hardware.nvidia-container-toolkit.enable instead.
''
];
warnings =
lib.optionals (cfg.enableNvidia && (lib.strings.versionAtLeast cfg.package.version "25"))
[
''
You have set virtualisation.docker.enableNvidia. This option is deprecated, please set hardware.nvidia-container-toolkit.enable instead.
''
];
systemd.services.docker = {
wantedBy = optional cfg.enableOnBoot "multi-user.target";
after = [ "network.target" "docker.socket" ];
after = [
"network.target"
"docker.socket"
];
requires = [ "docker.socket" ];
environment = proxy_env;
serviceConfig = {
@ -242,14 +278,17 @@ in
${cfg.package}/bin/dockerd \
--config-file=${daemonSettingsFile} \
${cfg.extraOptions}
''];
ExecReload=[
''
];
ExecReload = [
""
"${pkgs.procps}/bin/kill -s HUP $MAINPID"
];
};
path = [ pkgs.kmod ] ++ optional (cfg.storageDriver == "zfs") pkgs.zfs
path =
[ pkgs.kmod ]
++ optional (cfg.storageDriver == "zfs") pkgs.zfs
++ optional cfg.enableNvidia pkgs.nvidia-docker
++ cfg.extraPackages;
};
@ -273,12 +312,15 @@ in
serviceConfig = {
Type = "oneshot";
ExecStart = utils.escapeSystemdExecArgs ([
(lib.getExe cfg.package)
"system"
"prune"
"-f"
] ++ cfg.autoPrune.flags);
ExecStart = utils.escapeSystemdExecArgs (
[
(lib.getExe cfg.package)
"system"
"prune"
"-f"
]
++ cfg.autoPrune.flags
);
};
startAt = optional cfg.autoPrune.enable cfg.autoPrune.dates;
@ -294,9 +336,13 @@ in
};
assertions = [
{ assertion = cfg.enableNvidia && pkgs.stdenv.hostPlatform.isx86_64 -> config.hardware.graphics.enable32Bit or false;
{
assertion =
cfg.enableNvidia && pkgs.stdenv.hostPlatform.isx86_64
-> config.hardware.graphics.enable32Bit or false;
message = "Option enableNvidia on x86_64 requires 32-bit support libraries";
}];
}
];
virtualisation.docker.daemon.settings = {
group = "docker";