From NixOS Wiki
Jump to: navigation, search

Enabling the docker service

Inside your configuration.nix:

  virtualisation.docker.enable = true;

Adding users to the docker group will provide them access to the socket:

  users.users.<myuser>.extraGroups = [ "docker" ];

Building a docker image with nixpkgs

There is an entry for dockerTools in the nixpkgs manual for reference. In the nixpkgs repo some examples can be found.

Also check out the excellent article by lethalman about building minimal docker images with nix.

How to calculate the sha256 of a pulled image

The sha256 argument of the dockerTools.pullImage function is the checksum of the archive generated by Skopeo. Since the archive contains the name and the tag of the image, Skopeo arguments used to fetch the image have to be identical to those used by the dockerTools.pullImage function. For instance, the sha of the following image

  imageName = "lnl7/nix";
  finalImageTag = "2.0";
  imageDigest = "sha256:632268d5fd9ca87169c65353db99be8b4e2eb41833b626e09688f484222e860f";
  sha256 = "1x00ks05cz89k3wc460i03iyyjr7wlr28krk7znavfy2qx5a0hfd";

can be manually generated with the following shell commands

$ skopeo copy docker://lnl7/nix@sha256:632268d5fd9ca87169c65353db99be8b4e2eb41833b626e09688f484222e860f docker-archive:///tmp/image.tgz:lnl7/nix:2.0
$ nix-hash --base32 --flat --type sha256 /tmp/image.tgz 

Container images with nix

While dockerTools allows to build lightweight containers, it requires nix to be installed on the host system. An alternative are docker images with nix preinstalled, maintained by LnL7.

See also