diff options
author | emilylange <git@emilylange.de> | 2024-01-17 18:08:00 +0100 |
---|---|---|
committer | github-actions[bot] <github-actions[bot]@users.noreply.github.com> | 2024-01-31 17:18:37 +0000 |
commit | bb3cf136c0b079f449f3a1e1a49742a4bfe7b471 (patch) | |
tree | 07c7b3bd092d7d3e19fa080e1ca695d634feb482 | |
parent | 53fbe41cf76b6a685004194e38e889bc8857e8c2 (diff) |
docker_24: remove `LimitNOFILE=infinity` from `docker.service` unit
This makes systemd use its default, which is "1024:524288". This is recommended by upstream now and part of the docker_25 release candidates. docker_20_10 will continue to use "1048576", which is also fine. Patching docker_24 specifically, not our nixos/docker module, allows us to keep docker_20_10's different LimitNOFILE value. (cherry picked from commit d62c6deabdb91fa080bfbd97b5357be7b74de41e)
-rw-r--r-- | pkgs/applications/virtualization/docker/default.nix | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/pkgs/applications/virtualization/docker/default.nix b/pkgs/applications/virtualization/docker/default.nix index a8c7d77da670d..561066bfa12ab 100644 --- a/pkgs/applications/virtualization/docker/default.nix +++ b/pkgs/applications/virtualization/docker/default.nix @@ -106,6 +106,17 @@ rec { url = "https://github.com/moby/moby/pull/43136.patch"; hash = "sha256-1WZfpVnnqFwLMYqaHLploOodls0gHF8OCp7MrM26iX8="; }) + ] ++ lib.optionals (lib.versions.major version == "24") [ + # docker_24 has LimitNOFILE set to "infinity", which causes a wide variety of issues in containers. + # Issues range from higher-than-usual ressource usage, to containers not starting at all. + # This patch (part of the release candidates for docker_25) simply removes this unit option + # making systemd use its default "1024:524288", which is sane. See commit message and/or the PR for + # more details: https://github.com/moby/moby/pull/45534 + (fetchpatch { + name = "LimitNOFILE-systemd-default.patch"; + url = "https://github.com/moby/moby/pull/45534/commits/c8930105bc9fc3c1a8a90886c23535cc6c41e130.patch"; + hash = "sha256-nyGLxFrJaD0TrDqsAwOD6Iph0aHcFH9sABj1Fy74sec="; + }) ]; postPatch = '' |