colima: init #1275
colima: init #1275
Conversation
|
Just by pure coincidence I happen to really need Colima today to get docker running through nix-darwin on my new MacBook. So I just grabbed this module, added it to my config, and enabled it. Worked wonders! Super happy I spotted this PR! 😆 Since I'm an absolute noob I did have a tiny bit of trouble.. I expected it to be as simple as Here's my {
pkgs,
...
}: {
environment.systemPackages = with pkgs; [
docker
];
services.colima = {
enable = true;
createDockerSocket = true;
groupMembers = [
"my-username"
];
};
}All that to say that yes: I do want to use Colima for docker (by putting the socket in place). And yes: my user is explicitly allowed to access this socket. There's probably a really good reason for this! In the end this (presumably) all has to do with:
Still, I thought I'd share my experience as a novice user. I'd love to see this get merged. Happy hacking! 😎 |
bryanhonof
force-pushed
the
bryanhonof.add-service-colima
branch
from
eceee14 to
23ae8a6
Compare
Allows the user to enable the Colima container runtime for macOS. Normally
Colima is run inside the current user's their context, but I wanted to use
Colima closer to how Docker works on Linux. Where the Docker daemon on Linux is
run as the root user, and users have to either run the docker command with sudo,
or add themselves to the docker group. Effectively enabling multi-user
interaction on macOS.
Just enabling the following config doesn't do a whole lot, as the user would
have to log in as the colima user to interact with the colima VM.
services.colima.enable = true;
Instead, this module is meant to be used as follows, so that the user can use
Colima as a Docker Desktop for macOS alternative.
services.colima = {
enable = true;
enableDockerCompatability = true;
};
This will set up everything for the Docker CLI to work with the Colima VM under
the hood.
Co-authored-by: Sam <[email protected]>
Refs: https://github.com/abiosoft/colima
bryanhonof
force-pushed
the
bryanhonof.add-service-colima
branch
from
23ae8a6 to
ec825fd
Compare
|
@jessevdp thanks for the kind words.
I made it also include the Docker CLI when you enable the compatibility now. Adding the user, I believe, should still be a separate step/config. I could have it throw a warning, though, but that might pollute the output. |
|
Wrong button :) |
|
Actually, I think I just ran into an issue whilst trying to mount stuff with |
|
I have sucessfully run colima as a home-manager package so does not have to be root. However colima does try and add to the Docker container a mount to the Users home directory. So in this case creating a home directory for the colima user might be sufficient. |
|
@bestlem Yes, but I cannot mount let's say some else's home directory. Currently, the launchd colima daemon starts under the Running Colima with home manager probably mounts that second Note that I'm trying to use Colima to provide a similar workflow as installing docker on Linux has. I do want multiple user to be able to interact with the VM correctly. Yeah, I tried just mounting someone's home to test it out, this happens: |
|
Haha, |
|
Adding the |
|
I think I just ran into this bind-mount issue too! Keep in mind that I'm still using the setup duplicated from when this PR was initially openend.. I'm not sure much has changed in that regard. But... I tried to run a VSCode devcontainer setup that attempts to use a bind mount. The folder I mounted is empty inside the container, and when I attempt Any clue how to make this seamless? Can we configure that staff group membership from this module or is that a bad idea? |
|
Isn't staff a bad idea - as that is the group for actual users. Why does this have to be setup as a central user - colima works in home-manager that is as per the current user. |
|
I’m also curious about that! As somewhat of a noob I just accepted that part of this module as being “a best practice”. But I’m interested to learn why it would or wouldn’t be a good idea? I guess because this is a darwin module you’d want the service to be shared and usable by multiple users? |
|
@bryanhonof why did you choose |
| description = "The runtime to use with Colima."; | ||
| }; | ||
|
|
||
| architectue = mkOption { |
There was a problem hiding this comment.
| architectue = mkOption { | |
| architecture = mkOption { |
There was a problem hiding this comment.
And all other occurences of "architectue" -> "architecture"
| options.services.colima = { | ||
| enable = mkEnableOption "Colima, a macOS container runtime"; | ||
|
|
||
| enableDockerCompatability = mkOption { |
There was a problem hiding this comment.
| enableDockerCompatability = mkOption { | |
| enableDockerCompatibility = mkOption { |
There was a problem hiding this comment.
And of course all other occurences of "compatability" -> "compatibility"
Adds https://github.com/abiosoft/colima as a system service so that users on macOS can use
dockerand other container tools like they'd do on Linux.Creates a new user called
colimato host the service on, and optionally creates a socket under/var/run/docker.sockso that the Docker CLI can interact with it from any user who's in the_colimagroup. This is similar to how Docker works on Linux.This could be a gateway into implementing
virtualisation.docker.enablein nix-darwin.Refs: #1182