docker module: fix kernel module loading

The docker module used different code for socket-activated docker daemon than for the non-socket activated daemon.
In particular, if the socket-activated daemon is used, then modprobe wasn't set up to be usable and in PATH for
the docker daemon, which resulted in a failure to start the daemon with overlayfs as storageDriver if the
`overlay` kernel module wasn't already loaded. This commit fixes that bug (which only appears if socket
activation is used), and also reduces the duplication between code paths so that it's easier to keep
both in sync in future.

1 files changed, 16 insertions, 31 deletions

diff --git a/nixos/modules/virtualisation/docker.nix b/nixos/modules/virtualisation/docker.nix
index 718ca0851477..97b2927cf1bd 100644
--- a/nixos/modules/virtualisation/docker.nix
+++ b/nixos/modules/virtualisation/docker.nix
@@ -69,7 +69,8 @@ in
         description = ''
           The postStart phase of the systemd service. You may need to
           override this if you are passing in flags to docker which
-          don't cause the socket file to be created.
+          don't cause the socket file to be created. This option is ignored
+          if socket activation is used.
         '';
       };
 
@@ -81,22 +82,29 @@ in
   config = mkIf cfg.enable (mkMerge [
     { environment.systemPackages = [ pkgs.docker ];
       users.extraGroups.docker.gid = config.ids.gids.docker;
-    }
-    (mkIf cfg.socketActivation {
-
       systemd.services.docker = {
         description = "Docker Application Container Engine";
-        after = [ "network.target" "docker.socket" ];
-        requires = [ "docker.socket" ];
+        wantedBy = optional (!cfg.socketActivation) "multi-user.target";
+        after = [ "network.target" ] ++ (optional cfg.socketActivation "docker.socket") ;
+        requires = optional cfg.socketActivation "docker.socket";
         serviceConfig = {
-          ExecStart = "${pkgs.docker}/bin/docker daemon --host=fd:// --group=docker --storage-driver=${cfg.storageDriver} ${cfg.extraOptions}";
+          ExecStart = "${pkgs.docker}/bin/docker daemon --group=docker --storage-driver=${cfg.storageDriver} ${optionalString cfg.socketActivation "--host=fd://"} ${cfg.extraOptions}";
           #  I'm not sure if that limits aren't too high, but it's what
           #  goes in config bundled with docker itself
           LimitNOFILE = 1048576;
           LimitNPROC = 1048576;
         } // proxy_env;
-      };
 
+        path = [ pkgs.kmod ] ++ (optional (cfg.storageDriver == "zfs") pkgs.zfs);
+        environment.MODULE_DIR = "/run/current-system/kernel-modules/lib/modules";
+
+        postStart = if cfg.socketActivation then "" else cfg.postStart;
+
+        # Presumably some containers are running we don't want to interrupt
+        restartIfChanged = false;
+      };
+    }
+    (mkIf cfg.socketActivation {
       systemd.sockets.docker = {
         description = "Docker Socket for the API";
         wantedBy = [ "sockets.target" ];
@@ -108,29 +116,6 @@ in
         };
       };
     })
-    (mkIf (!cfg.socketActivation) {
-
-      systemd.services.docker = {
-        description = "Docker Application Container Engine";
-        wantedBy = [ "multi-user.target" ];
-        after = [ "network.target" ];
-        serviceConfig = {
-          ExecStart = "${pkgs.docker}/bin/docker daemon --group=docker --storage-driver=${cfg.storageDriver} ${cfg.extraOptions}";
-          #  I'm not sure if that limits aren't too high, but it's what
-          #  goes in config bundled with docker itself
-          LimitNOFILE = 1048576;
-          LimitNPROC = 1048576;
-        } // proxy_env;
-
-        path = [ pkgs.kmod ] ++ (optional (cfg.storageDriver == "zfs") pkgs.zfs);
-        environment.MODULE_DIR = "/run/current-system/kernel-modules/lib/modules";
-
-        postStart = cfg.postStart;
-
-        # Presumably some containers are running we don't want to interrupt
-        restartIfChanged = false;
-      };
-    })
   ]);
 
 }