Mirror/nix-git
Mirror/nix-git
1
0
Fork 0
mirror of https://codeberg.org/privacy1st/nix-git synced 2024-11-22 22:09:34 +01:00
Code Issues Packages Projects Releases Wiki Activity
452caf0f22
nix-git/modules/docker.nix

66 lines
2.1 KiB
Nix
Raw Blame History

{ config, pkgs, ... }:
{
# https://nixos.wiki/wiki/Docker#Installation
# TODO: rootless Docker. https://nixos.wiki/wiki/Docker#Rootless_docker
# TODO: run as systemd services. https://nixos.wiki/wiki/Docker#docker_containers_as_systemd_services
virtualisation = {
docker = {
enable = true;
# As we use btrfs, we enable the according storageDriver option.
storageDriver = "btrfs";
# Run `docker system prune -f` every week.
autoPrune.enable = true;
autoPrune.dates = "weekly";
# https://docs.docker.com/engine/reference/commandline/system_prune/#options
autoPrune.flags = [
"--all"
"--volumes"
# https://docs.docker.com/engine/reference/commandline/system_prune/#filter
# https://pkg.go.dev/maze.io/x/duration#ParseDuration
"--filter until=7d"
];
};
};
# Monitor unhealthy Docker containers.
systemd.timers."docker-health" = {
wantedBy = [ "timers.target" ];
partOf = [ "docker-health.service" ];
timerConfig = {
OnBootSec = "0m";
OnUnitInactiveSec = "3m";
AccuracySec = "15s";
RandomizedDelaySec = "15s";
};
};
systemd.services."docker-health" = {
serviceConfig = {
Type = "oneshot";
PrivateTmp = true;
# `docker` requires root access.
User = "root";
Nice = 19;
IOSchedulingClass = "idle";
};
path = with pkgs; [
docker
];
# If there are no unhealthy Docker containers, the output of `docker ps -f health=unhealthy` is just one line:
# CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
# We filter this line with `grep -v`.
# As a result, grep returns exit code 1 if there are no unhealthy containers (as not a single line is printed).
# Thus, we prefix the whole command with `!`.
# Lastly, we redirect stdout to stderr with `1>&2` so that unhealthy containers are written to stderr.
script = ''
set -eu -o pipefail
! sudo docker ps -f health=unhealthy | grep -v 'CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES' 1>&2
'';
};
}
Reference in New Issue View Git Blame Copy Permalink