blob: fc361f3f0e5ace935c7a2ff795983247ed98a3a0 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
|
pkgs:
{ lib, name, config, ... }:
let
inherit (lib)
mkOption
;
inherit (lib.types)
bool enum int listOf nullOr package path str
;
default = d: t: mkOption { type = t; default = d; };
optional = t: mkOption { type = nullOr t; default = null; };
readonly = d: t: mkOption { type = nullOr t; default = d; readOnly = true; };
socket = "unix://${config.daemon.exec-root}/dockerd.sock";
in {
options = {
package = mkOption {
description = "Docker package";
default = pkgs.docker;
type = package;
};
docker-cli = mkOption {
description = "Convenient wrapper of docker command line uitlity for this Docker instance";
type = package;
readOnly = true;
default = pkgs.runCommand "docker-${name}" {} ''
mkdir -p $out/bin
mkdir -p $out/share/bash-completion/completions
cat << 'ETC' > "$out/share/bash-completion/completions/docker-${name}"
. ${config.package}/share/bash-completion/completions/docker
complete -r docker
complete -F _docker 'docker-${name}'
ETC
cat << 'BIN' > "$out/bin/docker-${name}"
exec ${config.package}/bin/docker --host '${socket}' "$@"
BIN
chmod +x "$out/bin/docker-${name}"
'';
};
daemon = {
debug = optional bool;
add-runtime = optional (listOf str);
allow-nondistributable-artifacts = optional (listOf str);
api-cors-header = optional str;
authorization-plugin = optional (listOf str);
bip = optional str;
bridge = optional str;
cgroup-parent = optional str;
containerd = optional str;
cpu-rt-period = optional int;
cpu-rt-runtime = optional int;
data-root = default "/docker/${name}" path;
default-gateway = optional str;
default-gateway-v6 = optional str;
default-runtime = optional str;
# TBD: default-ulimit = optional attributes
dns = optional (listOf str);
dns-opt = optional (listOf str);
dns-search = optional (listOf str);
exec-root = readonly "${config.daemon.data-root}/run" path;
experimental = optional bool;
fixed-cidr = optional str;
fixed-cidr-v6 = optional str;
group = default "docker-${name}" str;
hosts = readonly [socket] (listOf str);
icc = optional bool;
init = optional bool;
init-path = optional path;
insecure-registry = optional (listOf str);
ip = optional str;
ip-forward = optional bool;
ip-masq = optional bool;
iptables = optional bool;
ipv6 = optional bool;
live-restore = optional bool;
log-driver = readonly "journald" str;
log-level = optional (enum ["debug" "info" "warn" "error" "fatal"]);
max-concurrent-downloads = optional int;
max-concurrent-uploads = optional int;
metrics-addr = optional str;
mtu = optional int;
no-new-privileges = optional bool;
oom-score-adjust = optional int;
pidfile = readonly "${config.daemon.exec-root}/dockerd.pid" path;
raw-logs = optional bool;
registry-mirror = optional (listOf str);
seccomp-profile = optional path;
selinux-enabled = optional bool;
shutdown-timeout = optional int;
storage-driver = optional (enum ["aufs" "devicemapper" "btrfs" "zfs" "overlay" "overlay2"]);
storage-opt = optional (listOf str);
swarm-default-advertise-addr = optional str;
userland-proxy = optional bool;
userland-proxy-path = optional path;
userns-remap = optional str;
};
};
}
|
