;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2018 Danny Milosavljevic <dannym@scratchpost.org>
+;;; Copyright © 2020 Jakub Kądziołka <kuba@kadziolka.net>
+;;; Copyright © 2020 Maxim Cournoyer <maxim.cournoyer@gmail.com>
+;;; Copyright © 2020 Efraim Flashner <efraim@flashner.co.il>
;;;
;;; This file is part of GNU Guix.
;;;
#:use-module (gnu services shepherd)
#:use-module (gnu system shadow)
#:use-module (gnu packages docker)
+ #:use-module (gnu packages linux) ;singularity
#:use-module (guix records)
#:use-module (guix gexp)
#:use-module (guix packages)
#:export (docker-configuration
- docker-service-type))
+ docker-service-type
+ singularity-service-type))
+
+;;; We're not using serialize-configuration, but we must define this because
+;;; the define-configuration macro validates it exists.
+(define (serialize-boolean field-name val)
+ "")
(define-configuration docker-configuration
(docker
(package docker)
"Docker daemon package.")
+ (docker-cli
+ (package docker-cli)
+ "Docker client package.")
(containerd
(package containerd)
- "containerd package."))
+ "containerd package.")
+ (proxy
+ (package docker-libnetwork-cmd-proxy)
+ "The proxy package to support inter-container and outside-container
+loop-back communications.")
+ (enable-proxy?
+ (boolean #t)
+ "Enable or disable the user-land proxy (enabled by default).")
+ (debug?
+ (boolean #f)
+ "Enable or disable debug output.")
+ (enable-iptables?
+ (boolean #t)
+ "Enable addition of iptables rules (enabled by default)."))
(define %docker-accounts
(list (user-group (name "docker") (system? #t))))
(mkdir-p #$state-dir))))
(define (containerd-shepherd-service config)
- (let* ((package (docker-configuration-containerd config)))
+ (let* ((package (docker-configuration-containerd config))
+ (debug? (docker-configuration-debug? config)))
(shepherd-service
(documentation "containerd daemon.")
(provision '(containerd))
(start #~(make-forkexec-constructor
- (list (string-append #$package "/bin/containerd"))
+ (list (string-append #$package "/bin/containerd")
+ #$@(if debug?
+ '("--log-level=debug")
+ '()))
#:log-file "/var/log/containerd.log"))
(stop #~(make-kill-destructor)))))
(define (docker-shepherd-service config)
- (let* ((docker (docker-configuration-docker config)))
+ (let* ((docker (docker-configuration-docker config))
+ (enable-proxy? (docker-configuration-enable-proxy? config))
+ (enable-iptables? (docker-configuration-enable-iptables? config))
+ (proxy (docker-configuration-proxy config))
+ (debug? (docker-configuration-debug? config)))
(shepherd-service
(documentation "Docker daemon.")
(provision '(dockerd))
(requirement '(containerd
+ dbus-system
+ elogind
file-system-/sys/fs/cgroup/blkio
file-system-/sys/fs/cgroup/cpu
file-system-/sys/fs/cgroup/cpuset
file-system-/sys/fs/cgroup/devices
file-system-/sys/fs/cgroup/memory
- ; TODO: file-system-/sys/fs/cgroup/pids
- ))
+ file-system-/sys/fs/cgroup/pids
+ networking
+ udev))
(start #~(make-forkexec-constructor
(list (string-append #$docker "/bin/dockerd")
- "-p" "/var/run/docker.pid")
+ "-p" "/var/run/docker.pid"
+ #$@(if debug?
+ '("--debug" "--log-level=debug")
+ '())
+ (if #$enable-proxy? "--userland-proxy" "")
+ "--userland-proxy-path" (string-append #$proxy
+ "/bin/proxy")
+ (if #$enable-iptables?
+ "--iptables"
+ "--iptables=false"))
#:pid-file "/var/run/docker.pid"
#:log-file "/var/log/docker.log"))
(stop #~(make-kill-destructor)))))
bundles in Docker containers.")
(extensions
(list
+ ;; Make sure the 'docker' command is available.
+ (service-extension profile-service-type
+ (compose list docker-configuration-docker-cli))
(service-extension activation-service-type
%docker-activation)
(service-extension shepherd-root-service-type
(service-extension account-service-type
(const %docker-accounts))))
(default-value (docker-configuration))))
+
+\f
+;;;
+;;; Singularity.
+;;;
+
+(define %singularity-activation
+ (with-imported-modules '((guix build utils))
+ #~(begin
+ (use-modules (guix build utils))
+
+ (define %mount-directory
+ "/var/singularity/mnt/")
+
+ ;; Create the directories that Singularity 2.6 expects to find. Make
+ ;; them #o755 like the 'install-data-hook' rule in 'Makefile.am' of
+ ;; Singularity 2.6.1.
+ (for-each (lambda (directory)
+ (let ((directory (string-append %mount-directory
+ directory)))
+ (mkdir-p directory)
+ (chmod directory #o755)))
+ '("container" "final" "overlay" "session"))
+ (chmod %mount-directory #o755))))
+
+(define (singularity-setuid-programs singularity)
+ "Return the setuid-root programs that SINGULARITY needs."
+ (define helpers
+ ;; The helpers, under a meaningful name.
+ (computed-file "singularity-setuid-helpers"
+ #~(begin
+ (mkdir #$output)
+ (for-each (lambda (program)
+ (symlink (string-append #$singularity
+ "/libexec/singularity"
+ "/bin/"
+ program "-suid")
+ (string-append #$output
+ "/singularity-"
+ program
+ "-helper")))
+ '("action" "mount" "start")))))
+
+ (list (file-append helpers "/singularity-action-helper")
+ (file-append helpers "/singularity-mount-helper")
+ (file-append helpers "/singularity-start-helper")))
+
+(define singularity-service-type
+ (service-type (name 'singularity)
+ (description
+ "Install the Singularity application bundle tool.")
+ (extensions
+ (list (service-extension setuid-program-service-type
+ singularity-setuid-programs)
+ (service-extension activation-service-type
+ (const %singularity-activation))))
+ (default-value singularity)))
HCoop / jackhill / guix / guix.git / blobdiff