100 lines
2.4 KiB
Nix
100 lines
2.4 KiB
Nix
# Module: services/docker
|
|
# Enables the Docker daemon plus some extra config steps
|
|
#
|
|
# Note that this module interacts with the traefik module, in that if traefik
|
|
# is enabled, it will add the traefik user to the docker group and enable the
|
|
# docker provider so that it can access containers through the docker socket
|
|
{
|
|
config,
|
|
lib,
|
|
pkgs,
|
|
pkgsUnstable,
|
|
inputs,
|
|
...
|
|
}:
|
|
|
|
with lib;
|
|
|
|
let
|
|
cfg = config.docker;
|
|
refreshInterval = "5s";
|
|
dockerSocketPath = "/run/docker.sock";
|
|
dockerSocket = "unix://${dockerSocketPath}";
|
|
dexPrometheusPort = 9081;
|
|
in
|
|
{
|
|
options.docker = {
|
|
enable = mkEnableOption "Enables docker service";
|
|
};
|
|
|
|
config = mkIf cfg.enable {
|
|
environment.systemPackages = with pkgsUnstable; [
|
|
docker
|
|
docker-compose
|
|
];
|
|
|
|
virtualisation.docker = {
|
|
enable = true;
|
|
enableOnBoot = true;
|
|
storageDriver = "overlay2";
|
|
autoPrune = {
|
|
enable = true;
|
|
persistent = true;
|
|
};
|
|
};
|
|
|
|
environment.etc."alloy/docker.alloy".text = ''
|
|
discovery.docker "docker_containers" {
|
|
host = "${dockerSocket}"
|
|
refresh_interval = "${refreshInterval}"
|
|
}
|
|
|
|
discovery.relabel "docker_relabel" {
|
|
targets = []
|
|
|
|
rule {
|
|
source_labels = ["__meta_docker_container_name"]
|
|
regex = "/(.*)"
|
|
target_label = "container"
|
|
}
|
|
|
|
rule {
|
|
source_labels = ["__meta_docker_container_log_stream"]
|
|
target_label = "logstream"
|
|
}
|
|
|
|
rule {
|
|
source_labels = ["__meta_docker_container_label_logging_jobname"]
|
|
target_label = "job"
|
|
}
|
|
}
|
|
|
|
loki.source.docker "docker_logs" {
|
|
host = "${dockerSocket}"
|
|
targets = discovery.docker.docker_containers.targets
|
|
forward_to = [loki.write.default.receiver]
|
|
relabel_rules = discovery.relabel.docker_relabel.rules
|
|
refresh_interval = "${refreshInterval}"
|
|
}
|
|
'';
|
|
|
|
environment.etc."alloy/docker-dex.alloy".text = ''
|
|
prometheus.scrape "dex_scrape" {
|
|
targets = [
|
|
{
|
|
"__address__" = "127.0.0.1:${toString dexPrometheusPort}",
|
|
},
|
|
]
|
|
|
|
forward_to = [prometheus.remote_write.default.receiver]
|
|
job_name = "dex"
|
|
}
|
|
|
|
'';
|
|
|
|
systemd.services.alloy.serviceConfig.SupplementaryGroups = [ "docker" ];
|
|
|
|
users.users.etorres.extraGroups = [ "docker" ];
|
|
};
|
|
}
|