docker_24: remove `LimitNOFILE=infinity` from `docker.service` unit

This makes systemd use its default, which is "1024:524288".
This is recommended by upstream now and part of the docker_25 release
candidates.

docker_20_10 will continue to use "1048576", which is also fine.
Patching docker_24 specifically, not our nixos/docker module, allows us
to keep docker_20_10's different LimitNOFILE value.

(cherry picked from commit d62c6deabdb91fa080bfbd97b5357be7b74de41e)

1 files changed, 11 insertions, 0 deletions

diff --git a/pkgs/applications/virtualization/docker/default.nix b/pkgs/applications/virtualization/docker/default.nix
index a8c7d77da670d..561066bfa12ab 100644
--- a/pkgs/applications/virtualization/docker/default.nix
+++ b/pkgs/applications/virtualization/docker/default.nix
@@ -106,6 +106,17 @@ rec {
           url = "https://github.com/moby/moby/pull/43136.patch";
           hash = "sha256-1WZfpVnnqFwLMYqaHLploOodls0gHF8OCp7MrM26iX8=";
         })
+      ] ++ lib.optionals (lib.versions.major version == "24") [
+        # docker_24 has LimitNOFILE set to "infinity", which causes a wide variety of issues in containers.
+        # Issues range from higher-than-usual ressource usage, to containers not starting at all.
+        # This patch (part of the release candidates for docker_25) simply removes this unit option
+        # making systemd use its default "1024:524288", which is sane. See commit message and/or the PR for
+        # more details: https://github.com/moby/moby/pull/45534
+        (fetchpatch {
+          name = "LimitNOFILE-systemd-default.patch";
+          url = "https://github.com/moby/moby/pull/45534/commits/c8930105bc9fc3c1a8a90886c23535cc6c41e130.patch";
+          hash = "sha256-nyGLxFrJaD0TrDqsAwOD6Iph0aHcFH9sABj1Fy74sec=";
+        })
       ];
 
       postPatch = ''