From 585c642bf8adf495d66e1f4ea6d96bc767730347 Mon Sep 17 00:00:00 2001
From: Jörg Thalheim <joerg@higgsboson.tk>
Date: Sat, 24 Dec 2016 01:44:10 +0100
Subject: docker: use upstream service file from package

---
 nixos/modules/virtualisation/docker.nix | 61 +++++++++++----------------------
 1 file changed, 20 insertions(+), 41 deletions(-)

(limited to 'nixos/modules/virtualisation')

diff --git a/nixos/modules/virtualisation/docker.nix b/nixos/modules/virtualisation/docker.nix
index 8902799936cb..92249573a4b7 100644
--- a/nixos/modules/virtualisation/docker.nix
+++ b/nixos/modules/virtualisation/docker.nix
@@ -99,55 +99,34 @@ in
 
   ###### implementation
 
-  config = mkIf cfg.enable (mkMerge [
-    { environment.systemPackages = [ pkgs.docker ];
+  config = mkIf cfg.enable (mkMerge [{
+      environment.systemPackages = [ pkgs.docker ];
       users.extraGroups.docker.gid = config.ids.gids.docker;
-      # this unit follows the one provided by upstream see: https://github.com/docker/docker/blob/master/contrib/init/systemd/docker.service
-      # comments below reflect experience from upstream.
+      systemd.packages = [ pkgs.docker ];
+
       systemd.services.docker = {
-        description = "Docker Application Container Engine";
         wantedBy = optional cfg.enableOnBoot "multi-user.target";
-        after = [ "network.target" "docker.socket" ];
-        requires = ["docker.socket"];
         serviceConfig = {
-          # the default is not to use systemd for cgroups because the delegate issues still
-          # exists and systemd currently does not support the cgroup feature set required
-          # for containers run by docker
-          ExecStart = ''${pkgs.docker}/bin/dockerd \
-            --group=docker \
-            --host=fd:// \
-            --log-driver=${cfg.logDriver} \
-            ${optionalString (cfg.storageDriver != null) "--storage-driver=${cfg.storageDriver}"} \
-            ${optionalString cfg.liveRestore "--live-restore" } \
-            ${cfg.extraOptions}
-          '';
-          Type="notify";
-          ExecReload="${pkgs.procps}/bin/kill -s HUP $MAINPID";
-          LimitNOFILE = 1048576;
-          # Having non-zero Limit*s causes performance problems due to accounting overhead
-          # in the kernel. We recommend using cgroups to do container-local accounting.
-          LimitNPROC="infinity";
-          LimitCORE="infinity";
-          TasksMax="infinity";
-          TimeoutStartSec=0;
-          # set delegate yes so that systemd does not reset the cgroups of docker containers
-          Delegate="yes";
-          # kill only the docker process, not all processes in the cgroup
-          KillMode="process";
+          ExecStart = [
+            ""
+            ''
+              ${pkgs.docker}/bin/dockerd \
+                --group=docker \
+                --host=fd:// \
+                --log-driver=${cfg.logDriver} \
+                ${optionalString (cfg.storageDriver != null) "--storage-driver=${cfg.storageDriver}"} \
+                ${optionalString cfg.liveRestore "--live-restore" } \
+                ${cfg.extraOptions}
+            ''];
+          ExecReload=[
+            ""
+            "${pkgs.procps}/bin/kill -s HUP $MAINPID"
+          ];
         } // proxy_env;
 
         path = [ pkgs.kmod ] ++ (optional (cfg.storageDriver == "zfs") pkgs.zfs);
       };
-      systemd.sockets.docker = {
-        description = "Docker Socket for the API";
-        wantedBy = [ "sockets.target" ];
-        socketConfig = {
-          ListenStream = cfg.listenOptions;
-          SocketMode = "0660";
-          SocketUser = "root";
-          SocketGroup = "docker";
-        };
-      };
+      systemd.sockets.docker.socketConfig.ListenStream = cfg.listenOptions;
     }
   ]);
 
-- 
cgit 1.4.1