Is virtualisation.docker.enable possible for macOS?

[grossbart]

I found that NixOS has virtualisation.docker.enable = true to enable Docker, but that nix-darwin does not. I was thinking that this was maybe just not on the road map yet, but from what I found it seems not possible to run Docker on macOS purely from NixPkgs, i.e. everyone seems to be using the Docker app.

I was wondering whether there are technical or legal hurdles or whether it's “just” (I know 😅) that no one is maintaining this. I saw that nix-darwin has, for example, Postgres daemon support and that you maintain nix-docker, so I assume there must be a bigger issue?

[periklis]

The main issue for running docker from binaries in the nix store is their requirements. Although we have a usable docker client in nixpkgs for macOS, we miss a running backend for docker-machine that doesn't conflict with the purity requirements of the nix store. I have tried multiple approaches in the past and the state of the union is still wait and watch and use docker for mac with the nixpkgs docker client, e.g.:

• docker-machine-xhyve is already in the nixpkgs but should be marked broken afaik, because the latest release needs setuid rights for the binary, which is not allowed in the nix store. There is an unfinished PR to solve the issue: WIP: hyperkit go bindings. machine-drivers/docker-machine-driver-xhyve#189
• packaging virtualbox for macOS is PITA, because of their selfbaked build system, which in the first place seems to be an autoconf/automake flavor but it's not. I tried couple of times to patch it but gave up with the complexity and quirks.
• Packaging docker for mac is afaik not possible and docker tools for mac use virtualbox thus no luck.

[LnL7]

Firstly the docker daemon and containers only run on x86_64-linux so those need to run in a vm. This is what Docker.app does for you and something we could reproduce with linuxkit. However there's a bunch of extra functionality like exposing ports and sharing files that also work with Docker.app and would be much harder to reproduce.

[grossbart]

Thank you two for this thorough explanation, it is very useful to understand these constraints! This seems to be a difficult endeavor indeed … 😞

[LnL7]

I don't think running the daemon in a vm with linuxkit would be that hard to implement. I just don't know how much sense that makes given the limitations that would have compared to an official install.

[periklis]

if linuxkit ever made it to master, it would have been a good solution afaik.

[LnL7]

It is AFAIK.

[grossbart]

My use of Docker is kind of limited, I mostly want to use it for projects that don't run within a Nix shell anymore (due to oooold versions of some software), for everything else I just use a Nix shell. I was interested in installing Docker through NixPkgs so I could add it as a dependency to a project and everyone on the team would get the right version, but then I learned that it has to be a daemon, which brought me here 😄 So in the end it's more of a personal preference that I would like to not have to worry about bringing my OS into the right state to run a project, but of course, the official install works.

[periklis]

@LnL7 you are right linuxkit is in master, i meant linuxkit-builder, which still an open PR (NixOS/nixpkgs#29628), but still maintained under https://github.com/nix-community/linuxkit-nix

[DAddYE]

I know the thread is a bit old, but a workaround today is to use podman (already in nixpkgs):

alias podman=docker
❯ docker run --restart always --name nix-docker -d -p 3022:22 docker.io/lnl7/nix:ssh

Trying to pull docker.io/lnl7/nix:ssh...
Getting image source signatures
Copying blob sha256:398f4b72789e6bbe934fc75d116509794f48d5f8b3df06f429b019d0cd041922
Copying blob sha256:bfe2a025ce5fdcb5f5cbaea250cf8696c7939810567000c4ee772c66672dd50b
Copying blob sha256:12964c6fb99c600ecbd00d7ada1f4a883c519123e0f6933ef7be235ef0b33277
Copying blob sha256:af5d9b98f3c542ef8a9f75afd40c411435a0b1fba9fcc4e4631a6de1cc4a9e05
Copying blob sha256:a342dd51b8e391945e23a6816488ecd24d9599ef120d862516904a7c8573e6e4
Copying blob sha256:9881553d501042c5a38f80ee6703dbef5fb27061ba80a25e0e9ec1f1c4280bfc
Copying blob sha256:398f4b72789e6bbe934fc75d116509794f48d5f8b3df06f429b019d0cd041922
Copying blob sha256:9881553d501042c5a38f80ee6703dbef5fb27061ba80a25e0e9ec1f1c4280bfc
Copying blob sha256:12964c6fb99c600ecbd00d7ada1f4a883c519123e0f6933ef7be235ef0b33277
Copying blob sha256:a342dd51b8e391945e23a6816488ecd24d9599ef120d862516904a7c8573e6e4
Copying blob sha256:bfe2a025ce5fdcb5f5cbaea250cf8696c7939810567000c4ee772c66672dd50b
Copying blob sha256:0f15b4eb7d2e5ff712b07a0cfb36d10768ece7f2f02d17952e72b2a2c57ec148
Copying blob sha256:af5d9b98f3c542ef8a9f75afd40c411435a0b1fba9fcc4e4631a6de1cc4a9e05
Copying blob sha256:0f15b4eb7d2e5ff712b07a0cfb36d10768ece7f2f02d17952e72b2a2c57ec148
Copying config sha256:9da8d9c8a96ebc0545eaeff7d2b1aa9489d26244f44854b3006873fa4a75d34e
Writing manifest to image destination
Storing signatures
a3c9f89ca34fb991ba6bbc7f0dc5da454d0daaaf5810f0288961102371d1a3ec

daddye in gallente in ~ took 21s 
❯ docker --version                                                                  
podman version 3.3.1

[dhess]

I know the thread is a bit old, but a workaround today is to use podman (already in nixpkgs):

Cool, so you can just nix-env -i podman and that's all you need to run containers? No extra driver packages etc?

[ForsakenHarmony]

Seems it's a bit broken, the build assumes a homebrew environment and looks for gvproxy only in homebrew paths

But that should probably be in a new issue

Edit: #432

[alxthm]

Trying podman I had this issue:

$ nix shell nixpkgs#podman
$ podman machine init
Error: exec: "qemu-system-aarch64": executable file not found in $PATH

But in case it can help anyone, I found that colima (available in nixpkgs) does work as a replacement of Docker Desktop (for the VM and docker daemon), and makes it possible to use the docker CLI: NixOS/nixpkgs#47201 (comment)