Write a tutorial

[ixmatus]

No description provided.

[paulyoung]

Are there any other resources than the following? I've read the README and produced a fetchdocker derivation but now I'm a bit lost.

• http://ixmatus.net/articles/docker-without-docker.html
• http://ixmatus.net/articles/hocker-nixos-docker.html

[paulyoung]

I've also looked at NixOS/nixpkgs#32248 but still missing something fundamental I think.

[ixmatus]

@paulyoung what are you lost on?

Also, if you're on a newer version of Nix, there was a lot of work done to upgrade the stock dockerTools to support V2 registries: https://nixos.org/nixpkgs/manual/#ssec-pkgs-dockerTools-fetchFromRegistry. Though, I don't know if that works with credential protected private registeries (hocker will, however).

[paulyoung]

I'm trying to depend on something that invokes docker run --rm ... and figured the first step was to fetch the image using hocker/fetchdocker.

I've done the equivalent of hocker-manifest library/debian jessie | docker2nix library/debian jessie > container.nix from the README and not sure where to go from there.

[ixmatus]

Ah okay. Next you need to load it into a running docker daemon instance by:

$(nix-build --no-out-link container.nix)/compositeImage.sh | docker load

[ixmatus]

We do that as part of the preStart script of a systemd unit responsible for "running" a container, e.g.

preStart = '' ${importedContainerDerivation}/compositeImage.sh | ${docker}/bin/docker load '';
script = ''${docker}/bin/docker run ${importedContainerDerivation}.name ...''

(very roughly)

[paulyoung]

Very helpful. Thanks.

[ixmatus]

Note, to avoid running docker load everytime (because docker load isn't very smart) we also check if the image already exists ala

if [[ "$(${docker}/bin/docker images -q ${importedContainerDerivation.image} 2>/dev/null)" == "" ]]; then
# docker load
fi

[ixmatus]

@paulyoung no problem!

[paulyoung]

For posterity, I'm now running into this and gather that there's a virtualisation.docker.enable = true; config setting for NixOS, but I'm on macOS.

Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?

[ixmatus]

@paulyoung correct. You need to download the official Docker app for MacOS which includes tooling to run the docker daemon in a VM (but it makes it transparent to the docker client utility).

[paulyoung]

Success :) Thanks Parnell!

[ixmatus]

@paulyoung no problem!

[paulyoung]

I don't mean to hijack this thread but figured it might help someone else if all of this was in the same place.

Apparently there is a Nix sandbox restriction that prevents access to the docker daemon, resulting in Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?

Is there a recommended way to address this?

[paulyoung]

Investigating extra-sandbox-paths.

[paulyoung]

This has also been suggested: https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/docker-preloader.nix

[paulyoung]

Specifically pkgs.vmTools.runInLinuxVM