Unverified Commit cd673422 authored by Sandro Jäckel's avatar Sandro Jäckel Committed by GitHub
Browse files

nixos/docker: keep live-restore disabled by default (#348983)

parents a4e9a2f8 a96e4d9b

nixos/doc/manual/release-notes/rl-2411.section.md

+2 −0
Original line number Diff line number Diff line
@@ -727,6 +727,8 @@ 


- `lib.misc.mapAttrsFlatten` is now formally deprecated and will be removed in future releases; use the identical [`lib.attrsets.mapAttrsToList`](https://nixos.org/manual/nixpkgs/unstable#function-library-lib.attrsets.mapAttrsToList) instead.



- `virtualisation.docker.liveRestore` has been renamed to `virtualisation.docker.daemon.settings."live-restore"` and turned off by default for state versions of at least 24.11.



- Tailscale's `authKeyFile` can now have its corresponding parameters set through `config.services.tailscale.authKeyParameters`, allowing for non-ephemeral unsupervised deployment and more.

  See [Registering new nodes using OAuth credentials](https://tailscale.com/kb/1215/oauth-clients#registering-new-nodes-using-oauth-credentials) for the supported options.

nixos/modules/virtualisation/docker.nix

+22 −17
Original line number Diff line number Diff line
@@ -52,10 +52,26 @@ in 


    daemon.settings =

      mkOption {

        type = settingsFormat.type;

        type = types.submodule {

          freeformType = settingsFormat.type;

          options = {

            live-restore = mkOption {

              type = types.bool;

              # Prior to NixOS 24.11, this was set to true by default, while upstream defaulted to false.

              # Keep the option unset to follow upstream defaults

              default = versionOlder config.system.stateVersion "24.11";

              defaultText = literalExpression "lib.versionOlder config.system.stateVersion \"24.11\"";

              description = ''

                Allow dockerd to be restarted without affecting running container.

                This option is incompatible with docker swarm.

              '';

            };

          };

        };

        default = { };

        example = {

          ipv6 = true;

          "live-restore" = true;

          "fixed-cidr-v6" = "fd00::/80";

        };

        description = ''
@@ -75,16 +91,6 @@ in 
        '';

      };



    liveRestore =

      mkOption {

        type = types.bool;

        default = true;

        description = ''

            Allow dockerd to be restarted without affecting running container.

            This option is incompatible with docker swarm.

          '';

      };



    storageDriver =

      mkOption {

        type = types.nullOr (types.enum ["aufs" "btrfs" "devicemapper" "overlay" "overlay2" "zfs"]);
@@ -167,6 +173,11 @@ in 
    };

  };



  imports = [

    (mkRemovedOptionModule ["virtualisation" "docker" "socketActivation"] "This option was removed and socket activation is now always active")

    (mkAliasOptionModule ["virtualisation" "docker" "liveRestore"] ["virtualisation" "docker" "daemon" "settings" "live-restore"])

  ];



  ###### implementation



  config = mkIf cfg.enable (mkMerge [{
@@ -253,7 +264,6 @@ in 
        hosts = [ "fd://" ];

        log-driver = mkDefault cfg.logDriver;

        storage-driver = mkIf (cfg.storageDriver != null) (mkDefault cfg.storageDriver);

        live-restore = mkDefault cfg.liveRestore;

        runtimes = mkIf cfg.enableNvidia {

          nvidia = {

            # Use the legacy nvidia-container-runtime wrapper to allow
@@ -266,9 +276,4 @@ in 
      };

    }

  ]);



  imports = [

    (mkRemovedOptionModule ["virtualisation" "docker" "socketActivation"] "This option was removed and socket activation is now always active")

  ];



}