summaryrefslogtreecommitdiff
path: root/gnu/services/docker.scm
Commit message (Collapse)AuthorAgeFilesLines
* privilege: Add file-like->setuid-program helper.Tobias Geerinckx-Rice2024-09-081-2/+1
| | | | | | | | | | | * gnu/system/privilege.scm (file-like->setuid-program): New public procedure. * gnu/system/setuid.scm: Re-export it for compatibility. (file-like->setuid-program): Remove this old version. * gnu/services/docker.scm (singularity-setuid-programs): Use it (again). * gnu/services/desktop.scm (enlightenment-privileged-programs): Likewise. Change-Id: I8e41144438677a15cdadb3063651dbc780715497
* services: singularity: Migrate to (gnu system privilege).Tobias Geerinckx-Rice2024-09-011-7/+8
| | | | | | | | * gnu/services/docker.scm (singularity-setuid-programs): Rename from this… (singularity-privileged-programs): …to this. Use <privileged-program>. (singularity-service-type): Extend the PRIVILEGED-PROGRAM-SERVICE-TYPE. Change-Id: I4d90f9a6d4759a24a818baab49b61be67c419bad
* services: containerd: Provision separately from docker service.Oleg Pykhalov2024-08-041-21/+47
| | | | | | | | | | | | | | | | | containerd can operate independently without relying on Docker for its configuration. * gnu/services/docker.scm (docker-configuration): Deprecate containerd field. (containerd-configuration, containerd-service-type): New variables. (docker-shepherd-service): Use containerd-configuration. Delete duplicated variable binding. Allow to configure environment variables. (docker-service-type): Delete extension with containerd-service-type. * gnu/tests/docker.scm (%docker-os, %oci-os): Add containerd service. (run-docker-test, run-docker-system-test, run-oci-container-test): Run containerd service. * doc/guix.texi (Miscellaneous Services): Document containerd-service-type. Change-Id: Ife0924e50a3e0aa2302d6592dae51ed894600004
* services: oci-container: Allow setting Shepherd actions in ↵Giacomo Leidi via Guix-patches via2024-07-051-9/+29
| | | | | | | | | | | | | | oci-container-configuration. * gnu/services/docker.scm (oci-container-configuration) [shepherd-actions]: New field. (sanitize-shepherd-actions): sanitize it. (oci-container-shepherd-service): use it. * doc/guix.texi: Document it. Change-Id: I0ca9826542be7cb8ca280a07a9bff1a262c2a8a7 Signed-off-by: Zheng Junjie <zhengjunjie@iscas.ac.cn>
* services: oci-container: Allow setting Shepherd respawn? in ↵Giacomo Leidi via Guix-patches via2024-07-051-1/+8
| | | | | | | | | | | | | oci-container-configuration. * gnu/services/docker.scm (oci-container-configuration) [respawn?]: New field. (oci-container-shepherd-service): use it. * doc/guix.texi: Document it. Change-Id: I0d6367607fd0fd41f90a54b33d80bf4d4f43dd8b Signed-off-by: Zheng Junjie <zhengjunjie@iscas.ac.cn>
* services: oci-container: Allow setting Shepherd auto-start? in ↵Giacomo Leidi via Guix-patches via2024-07-051-0/+8
| | | | | | | | | | | | | oci-container-configuration. * gnu/services/docker.scm (oci-container-configuration) [auto-start?]: New field. (oci-container-shepherd-service): use it. * doc/guix.texi: Document it. Change-Id: Id093d93effbbec3e1be757f8be83cf5f62eaeda7 Signed-off-by: Zheng Junjie <zhengjunjie@iscas.ac.cn>
* services: oci-container: Allow setting Shepherd log-file in ↵Giacomo Leidi via Guix-patches via2024-07-051-0/+10
| | | | | | | | | | | | oci-container-configuration. * gnu/services/docker.scm (oci-container-configuration) [log-file]: New field. (oci-container-shepherd-service): use it. * doc/guix.texi: Document it. Change-Id: Icad29ac6342b6f5bafc0d9be13a93cee99674185
* services: oci-container: Fix provided image is string.Zheng Junjie2024-06-061-12/+13
| | | | | | | gnu/services/docker.scm (oci-container-shepherd-service): When image is oci-image, call %oci-image-loader. Change-Id: I26105e82643affe9e7037975e42ec9690089545b
* gnu: docker: Allow passing tarballs for images in oci-container-configuration.Giacomo Leidi2024-05-251-25/+219
| | | | | | | | | | | | | | | | | This commit allows for loading an OCI image tarball before running an OCI backed Shepherd service. It does so by adding a one shot Shepherd service to the dependencies of the OCI backed service that at boot runs docker load on the tarball. * gnu/services/docker.scm (oci-image): New record; (lower-oci-image): new variable, lower it; (string-or-oci-image?): sanitize it; (oci-container-configuration)[image]: allow also for oci-image records; (oci-container-shepherd-service): use it; (%oci-image-loader): new variable. Change-Id: Ie504f479ea0d47f74b0ec5df9085673ffd3f639d Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* gnu: docker: Allow setting Shepherd dependencies in oci-container-configuration.Giacomo Leidi2024-05-251-1/+9
| | | | | | | | | | | * gnu/services/docker.scm (oci-container-configuration) [requirement]: New field; (list-of-symbols): sanitize it; (oci-container-shepherd-service): use it. * doc/guix.texi: Document it. Change-Id: Ic0ba336a2257d6ef7c658cfc6cd630116661f581 Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* gnu: docker: Allow setting host environment variables in ↵Giacomo Leidi2024-05-251-2/+29
| | | | | | | | | | | | | oci-container-configuration. * gnu/services/docker.scm (oci-container-configuration) [host-environment]: New field; (oci-sanitize-host-environment): sanitize it; (oci-container-shepherd-service): use it. * doc/guix.texi: Document it. Change-Id: I4d54d37736cf09f042a71cb0b6e673abc0948d9c Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* gnu: docker: Provide escape hatch in oci-container-configuration.Giacomo Leidi2024-05-251-9/+37
| | | | | | | | | | | | | | * gnu/services/docker.scm (exports): Add missing procedures; (oci-container-service-type)[description]: Docker and OCI images should mean the same thing; (oci-container-configuration): clarify field types; [extra-arguments]: new field; (oci-sanitize-extra-arguments): sanitize it; (oci-container-shepherd-service): use it. * doc/guix.texi: Document it. Change-Id: I64e9d82c8ae538d59d1c482f23070a880156ddf7 Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* services: docker: Add config-file option.Connor Clark2024-01-031-1/+11
| | | | | | | | * gnu/services/docker.scm (docker-configuration)[config-file] Add file-like field. * doc/guix.texi (Docker Service): Add information about config-file. Signed-off-by: Mathieu Othacehe <othacehe@gnu.org>
* services: Fix oci-container-service-type container user.Giacomo Leidi2023-12-101-1/+1
| | | | | | | | | | | | | | | | | The oci-container-configuration supports two user fields: one is the user, from the host system, under whose authority the OCI-backed Shepherd service is run; the other is an optional user/UID that can be passed to the docker run invokation to override the user defined in the OCI image. The user from the host system is incorrectly passed to docker run command, this patches reverts the incorrect behavior and passes the correct container-user field value. * gnu/services/docker.scm (oci-container-configuration): Fix the user passed to the docker run invokation. Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* services: Add oci-container-service-type.Giacomo Leidi2023-11-231-1/+259
| | | | | | | | | | * gnu/services/docker.scm (oci-container-configuration): New variable; (oci-container-shepherd-service): new variable; (oci-container-service-type): new variable. * doc/guix.texi (Miscellaneous Services): Document it. Signed-off-by: Ludovic Courtès <ludo@gnu.org> Change-Id: I17cede1975051a9fdd0e0a13b2191d8055266f80
* file-systems: Use cgroups v2.Sam Lockart2023-08-081-6/+1
| | | | | | | | | | | | | | | | | | | cgroup v2 is the next generation of the control groups API. This patch replaces the cgroup v1 file systems with the unified cgroup v2 file system. cgroup v2 allows for things like containerd/podman to run rootless containers and opens guix system up to running things like Kubernetes. Thanks to Hilton Chain <hako@ultrarare.space> for suggesting the Docker service change. * gnu/system/file-systems.scm (%control-groups): Change to a single "cgroup2" mount point. * gnu/services/docker.scm (docker-shepherd-service): Trim 'requirement' field accordingly. Co-authored-by: Ludovic Courtès <ludo@gnu.org>
* services: docker: Fix race condition.Oleg Pykhalov2022-07-131-1/+4
| | | | | | | | | | | | | Fixes <https://issues.guix.gnu.org/38432>. * gnu/packages/patches/containerd-create-pid-file.patch: New file. * gnu/local.mk (dist_patch_DATA): Add this. * gnu/packages/docker.scm (containerd)[source]: Add this patch. * gnu/services/docker.scm (containerd-shepherd-service): Add #:pid-file and #:pid-file-timeout. * gnu/services/docker.scm (docker-shepherd-service): Add --containerd flag. Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
* services: Accept <inferior-package>s in lieu of <package>s.Tobias Geerinckx-Rice2021-11-301-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | * gnu/services/authentication.scm (fprintd-configuration) (nslcd-configuration): Substitute file-like objects for package ones. * gnu/services/cgit.scm (cgit-configuration, opaque-cgit-configuration): Likewise. * gnu/services/cups.scm (package-list?, cups-configuration): Likewise. * gnu/services/dns.scm (verify-knot-configuration) (ddclient-configuration): Likewise. * gnu/services/docker.scm (docker-configuration): Likewise. * gnu/services/file-sharing.scm (transmission-daemon-configuration): Likewise. * gnu/services/getmail.scm (getmail-configuration): Likewise. * gnu/services/mail.scm (dovecot-configuration) (opaque-dovecot-configuration): Likewise. * gnu/services/messaging.scm (prosody-configuration) (opaque-prosody-configuration): Likewise. * gnu/services/monitoring.scm (zabbix-server-configuration) (zabbix-agent-configuration): Likewise. * gnu/services/networking.scm (opendht-configuration): Likewise. * gnu/services/pm.scm (tlp-configuration): Likewise. * gnu/services/telephony.scm (jami-configuration): Likewise. * gnu/services/virtualization.scm (libvirt-configuration) (qemu-guest-agent-configuration): Likewise. * gnu/services/vpn.scm (openvpn-client-configuration): Likewise.
* services: docker: Add 'environment-variables' configuration field.Alexey Abramov2021-11-171-0/+6
| | | | | | | | | * gnu/services/docker.scm (docker-configuration): Add the field (docker-shepherd-service): Pass the list of defined variables to make-forkexec-constructor. * doc/guix.texi (Miscellaneous Services): Update doc. Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* services: Migrate to <setuid-program>.Brice Waegeneire2021-07-291-3/+6
| | | | | | | | | | | | | | | * gnu/services/dbus.scm (dbus-setuid-programs, polkit-setuid-programs): Return setuid-programs. * gnu/services/desktop.scm (enlightenment-setuid-programs): Return setuid-programs. (%desktop-services)[mount-setuid-helpers]: Use setuid-programs. * gnu/services/docker.scm (singularity-setuid-programs): Return setuid-programs. * gnu/services/xorg.scm(screen-locker-setuid-programs): Return setuid-programs. * gnu/system.scm (%setuid-programs): Return setuid-programs. * doc/guix.texi (Setuid Programs, operating-system Reference): Replace 'list of G-expressions' with 'list of <setuid-program>'.
* services: docker: Disable configuration serialization.Maxim Cournoyer2021-05-081-7/+3
| | | | | * gnu/services/docker.scm (serialize-boolean): Delete procedure. (docker-configuration) <no-serialization>: New syntactic keyword.
* services: docker: Fix missing containerd-shim binary.Oleg Pykhalov2020-10-171-1/+5
| | | | | | | | | This commit fixes error 'time="2020-10-16T…" level=error msg="Handler for POST /v1.40/containers/…/start returned error: failed to start shim: exec: \"containerd-shim\": executable file not found in $PATH: unknown"'. * gnu/services/docker.scm (containerd-shepherd-service): Add "containerd-shim" to PATH.
* services: docker: Fix configuration.Oleg Pykhalov2020-09-231-5/+5
| | | | | | | This is a follow-up to e04b90607ac903359c90c9bad1b67fb7ce2f0eb6. * gnu/services/docker.scm (docker-shepherd-service): Fix "enable-proxy?" configuration.
* services: Docker: Fix typo in configuration.Efraim Flashner2020-09-211-5/+5
| | | | | | | This is a follow-up to f0a09310e6ff2ed63770cb585c551ba94ce4a9d0. * gnu/services/docker.scm (docker-shepherd-service): Properly reference variables in service definition.
* services: docker: Fix enable-proxy? option.Jesse Dowell2020-09-211-3/+6
| | | | | | | | | | | The userland proxy option does not properly disable the userland proxy when set to false. Docker defaults to enabling the userland proxy if the option is unset on the command line. * gnu/services/docker.scm (docker-shepherd-service): Properly handle the 'enable-proxy?' option. Signed-off-by: Efraim Flashner <efraim@flashner.co.il>
* services: docker: Fix service definition.Oleg Pykhalov2020-09-151-1/+4
| | | | | | | | | This commit follows a404716d411cf7cd49ff02e3100f0bbf6622d6d5. * gnu/services/docker.scm (docker-configuration)[docker-cli]: New record field. (docker-service-type): Use this. * doc/guix.texi (Miscellaneous Services)[Docker Service]: Document this.
* services: docker: Fix service definition.Efraim Flashner2020-09-141-1/+1
| | | | | | | This is a follow-up to 8422a67dc16af4dd5eb82180463aa7a0b362d5b9. * gnu/services/docker.scm (docker-service-type): Use a composed list for packages in profile-service-type.
* services: docker: Make docker command available.Efraim Flashner2020-09-141-0/+4
| | | | | * gnu/services/docker.scm (docker-service-type): Extend the profile-service-type and add the docker-cli package.
* services: docker: Add 'enable-iptables?' argument.Alexey Abramov2020-08-161-2/+9
| | | | | | | | * gnu/services/docker.scm (docker-configuration): Define the argument. * gnu/services/docker.scm (docker-shepherd-service): Use it. * doc/guix.texi (Docker Service): Document it. Signed-off-by: Mathieu Othacehe <othacehe@gnu.org>
* gnu: services: docker: Add a debug? parameter.Maxim Cournoyer2020-06-031-4/+16
| | | | | | | | | * gnu/services/docker.scm (docker-configuration): Add a debug? field. (containerd-shepherd-service): Pass the "--log-level=debug" argument when DEBUG? is true. (docker-shepherd-service): Pass the "--debug" and "--log-level=debug" arguments when DEBUG? is true. * doc/guix.texi (Miscellaneous Services): Update doc.
* file-systems: mount the PID cgroup filesystem.Jakub Kądziołka2020-04-271-1/+2
| | | | | | | * gnu/system/file-systems.scm (%control-groups): Add "pids". * gnu/services/docker.scm (docker-shepherd-service): Resolve a TODO. This has allowed me to make a specific configuration of nsjail work.
* services: Add Singularity.Ludovic Courtès2019-06-071-1/+60
| | | | | | | | | | | | * gnu/packages/linux.scm (singularity)[source](snippet): Change file name of setuid helpers in libexec/cli/*.exec. [arguments]: Remove "--disable-suid". * gnu/services/docker.scm (%singularity-activation): New variable. (singularity-setuid-programs): New procedure. (singularity-service-type): New variable. * gnu/tests/singularity.scm: New file. * gnu/local.mk (GNU_SYSTEM_MODULES): Add it. * doc/guix.texi (Miscellaneous Services): Document it.
* services: docker: Add new fields to support proxy.Maxim Cournoyer2019-05-051-3/+20
| | | | | | | | | | The Docker proxy enables inter-container and outside-to-container loopback, and is required by the Docker registry server. * gnu/services/docker.scm (docker-configuration)[proxy, enable-proxy?]: Add fields. (docker-shepherd-service): Use them. (serialize-boolean): New function.
* services: docker: Make shepherd service also require "dbus-system",Danny Milosavljevic2019-02-111-1/+4
| | | | | | | | | "elogind" and "udev". Fixes <https://bugs.gnu.org/34333>. * gnu/services/docker.scm (docker-shepherd-service): Require "dbus-system", "elogind" and "udev".
* services: docker: Make shepherd service require "networking".Danny Milosavljevic2019-02-111-1/+1
| | | | | | Fixes <https://bugs.gnu.org/34333>. * gnu/services/docker.scm (docker-shepherd-service): Require "networking".
* services: docker: Update comment.Danny Milosavljevic2019-01-111-1/+0
| | | | * gnu/services/docker.scm (docker-shepherd-service): Update comment.
* services: docker: Use more minimal service requrements.Danny Milosavljevic2019-01-101-1/+8
| | | | | | | * gnu/services/docker.scm (docker-service-type)[requirement]: Add file-system-/sys/fs/cgroup/blkio, file-system-/sys/fs/cgroup/cpu, file-system-/sys/fs/cgroup/cpuset, file-system-/sys/fs/cgroup/devices, file-system-/sys/fs/cgroup/memory. Remove elogind.
* services: docker: Clarify service-extension shepherd-root-service-type.Danny Milosavljevic2019-01-101-3/+3
| | | | | * gnu/services/docker.scm (docker-service-type)[extensions]: Clarify service-extension shepherd-root-service-type.
* services: docker: Depend on elogind.Danny Milosavljevic2019-01-101-1/+2
| | | | * gnu/services/docker.scm (docker-shepherd-service)[requirement]: Add elogind.
* services: docker: Specify log file for containerd.Danny Milosavljevic2019-01-101-1/+2
| | | | | * gnu/services/docker.scm (containerd-shepherd-service): Specify log file for containerd.
* services: Add docker.Danny Milosavljevic2019-01-101-0/+94
* gnu/services/docker.scm: New file. * gnu/local.mk (GNU_SYSTEM_MODULES): Add it. * doc/guix.texi (Miscellaneous Services): Document the service.