New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
nixos/docker: re-add network.target #117618
Conversation
Currently if docker starts concurrently with firewall.service/systemd-networkd it breaks both due to iptables/netlink logs.
@@ -157,6 +157,7 @@ in | |||
|
|||
systemd.services.docker = { | |||
wantedBy = optional cfg.enableOnBoot "multi-user.target"; | |||
after = [ "network.target" "docker.socket" ]; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
docker-ce unit:
[Unit] Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target firewalld.service containerd.service
Wants=network-online.target
Requires=docker.socket containerd.service
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We don't have firewalld. We do have containerd.service but I currently fail to see how docker is relating to containerd. We built docker with its own containerd.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would only switch from network.target
to network-online.target
if we have very good reason to. Right now I would say it is enough to have a working firewall and systemd / scripted networking not interfering with dockers network setup.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Docker is the glue to get the containers in containerd running.
I just posted the file for comparison.
Currently if docker starts concurrently with
firewall.service/systemd-networkd it breaks both due to iptables/netlink
logs.
Motivation for this change
Things done
sandbox
innix.conf
on non-NixOS linux)nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
./result/bin/
)nix path-info -S
before and after)