From ecaeaf61e9785ef2cb664f0f26598bfe0ede27f6 Mon Sep 17 00:00:00 2001 From: Joscha Loos Date: Mon, 10 Oct 2022 23:43:30 +0200 Subject: [PATCH 1/4] feat: add support for docker-rootless --- nixos-module.nix | 24 +++++++++++++++++++----- 1 file changed, 19 insertions(+), 5 deletions(-) diff --git a/nixos-module.nix b/nixos-module.nix index 375994a..ba0abce 100644 --- a/nixos-module.nix +++ b/nixos-module.nix @@ -27,8 +27,8 @@ let }; _systemd = mkOption { internal = true; }; }; - config = { - _systemd.services."arion-${name}" = { + config = + let config = { wantedBy = [ "multi-user.target" ]; after = [ "sockets.target" ]; @@ -37,12 +37,17 @@ let cfg.docker.client.package ]; environment.ARION_PREBUILT = config.settings.out.dockerComposeYaml; + # environment.DOCKER_HOST = "unix://$XDG_RUNTIME_DIR/docker.sock"; script = '' echo 1>&2 "docker compose file: $ARION_PREBUILT" arion --prebuilt-file "$ARION_PREBUILT" up ''; }; - }; + in + if cfg.backend == "docker-rootless" then + { _systemd.user.services."arion-${name}" = config; } + else + { _systemd.services."arion-${name}" = config; }; }; arionSettingsType = name: @@ -57,14 +62,14 @@ in options = { virtualisation.arion = { backend = mkOption { - type = types.enum [ "podman-socket" "docker" ]; + type = types.enum [ "podman-socket" "docker" "docker-rootless" ]; description = '' Which container implementation to use. ''; }; package = mkOption { type = types.package; - + default = (import ./. { inherit pkgs; }).arion; description = '' Arion package to use. This will provide arion @@ -105,6 +110,15 @@ in virtualisation.docker.enable = true; virtualisation.arion.docker.client.package = pkgs.docker; }) + (mkIf (cfg.backend == "docker-rootless") { + virtualisation = { + docker.rootless = { + enable = true; + setSocketVariable = true; + }; + }; + virtualisation.arion.docker.client.package = pkgs.docker; + }) ] ); } From 40b41d3b7b950e3a05c0059bf0fd3a37b4ed1c7b Mon Sep 17 00:00:00 2001 From: Joscha Loos Date: Mon, 10 Oct 2022 23:56:32 +0200 Subject: [PATCH 2/4] feat: add support for docker-rootless --- nixos-module.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/nixos-module.nix b/nixos-module.nix index ba0abce..688a540 100644 --- a/nixos-module.nix +++ b/nixos-module.nix @@ -28,7 +28,7 @@ let _systemd = mkOption { internal = true; }; }; config = - let config = { + let service = { wantedBy = [ "multi-user.target" ]; after = [ "sockets.target" ]; @@ -37,7 +37,7 @@ let cfg.docker.client.package ]; environment.ARION_PREBUILT = config.settings.out.dockerComposeYaml; - # environment.DOCKER_HOST = "unix://$XDG_RUNTIME_DIR/docker.sock"; + environment.DOCKER_HOST = mkIf (cfg.backend == "docker-rootless") "unix:///run/user/1000/docker.sock"; script = '' echo 1>&2 "docker compose file: $ARION_PREBUILT" arion --prebuilt-file "$ARION_PREBUILT" up @@ -45,9 +45,9 @@ let }; in if cfg.backend == "docker-rootless" then - { _systemd.user.services."arion-${name}" = config; } + { _systemd.user.services."arion-${name}" = service; } else - { _systemd.services."arion-${name}" = config; }; + { _systemd.services."arion-${name}" = service; }; }; arionSettingsType = name: From 3131319c812aff5a861b33706bfb20ac8d6da061 Mon Sep 17 00:00:00 2001 From: jooooscha <57965027+jooooscha@users.noreply.github.com> Date: Tue, 11 Oct 2022 16:50:55 +0200 Subject: [PATCH 3/4] Update nixos-module.nix Co-authored-by: Robert Hensing --- nixos-module.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos-module.nix b/nixos-module.nix index 688a540..8a46b32 100644 --- a/nixos-module.nix +++ b/nixos-module.nix @@ -62,7 +62,7 @@ in options = { virtualisation.arion = { backend = mkOption { - type = types.enum [ "podman-socket" "docker" "docker-rootless" ]; + type = types.enum [ "podman-socket" "docker" ]; description = '' Which container implementation to use. ''; From 46dbaee06745ff44326e5ab0b7a71f8c13f7a17d Mon Sep 17 00:00:00 2001 From: Joscha Loos Date: Tue, 11 Oct 2022 23:22:17 +0200 Subject: [PATCH 4/4] feat: add support for docker-rootless --- nixos-module.nix | 47 ++++++++++++++++++++++++----------------------- 1 file changed, 24 insertions(+), 23 deletions(-) diff --git a/nixos-module.nix b/nixos-module.nix index 8a46b32..4c539e2 100644 --- a/nixos-module.nix +++ b/nixos-module.nix @@ -1,9 +1,11 @@ { config, lib, pkgs, ... }: let inherit (lib) + any attrValues mkIf mkOption + mkEnableOption mkMerge types ; @@ -25,26 +27,31 @@ let type = arionSettingsType name; visible = "shallow"; }; + rootless = mkEnableOption "Run this project in rootless mode"; _systemd = mkOption { internal = true; }; }; config = - let service = { - wantedBy = [ "multi-user.target" ]; - after = [ "sockets.target" ]; + let + + service = { + wantedBy = [ "multi-user.target" ]; + after = [ "sockets.target" ]; + + path = [ + cfg.package + cfg.docker.client.package + ]; + environment.ARION_PREBUILT = config.settings.out.dockerComposeYaml; + environment.DOCKER_HOST = mkIf config.rootless "unix:///run/user/1000/docker.sock"; # TODO: Do not hardcode path + script = '' + echo 1>&2 "docker compose file: $ARION_PREBUILT" + arion --prebuilt-file "$ARION_PREBUILT" up + ''; + }; - path = [ - cfg.package - cfg.docker.client.package - ]; - environment.ARION_PREBUILT = config.settings.out.dockerComposeYaml; - environment.DOCKER_HOST = mkIf (cfg.backend == "docker-rootless") "unix:///run/user/1000/docker.sock"; - script = '' - echo 1>&2 "docker compose file: $ARION_PREBUILT" - arion --prebuilt-file "$ARION_PREBUILT" up - ''; - }; in - if cfg.backend == "docker-rootless" then + if false then + # if false then { _systemd.user.services."arion-${name}" = service; } else { _systemd.services."arion-${name}" = service; }; @@ -110,14 +117,8 @@ in virtualisation.docker.enable = true; virtualisation.arion.docker.client.package = pkgs.docker; }) - (mkIf (cfg.backend == "docker-rootless") { - virtualisation = { - docker.rootless = { - enable = true; - setSocketVariable = true; - }; - }; - virtualisation.arion.docker.client.package = pkgs.docker; + (mkIf (any (project: project.rootless) (attrValues cfg.projects)) { + virtualisation.docker.rootless.enable = true; }) ] );