I have NixOS 22.11 set up on a local workstation. I use extra-container, which can run declarative containers without system rebuilds.
Here is my config for hasura.nix. It sets of the postgresql service and Hasura as an oci-container (docker).
{ config, pkgs, ... }:
let
app = "hasura";
in
{
containers.hasura = {
config = {
services.postgresql = {
enable = true;
port = 5433;
package = pkgs.postgresql;
enableTCPIP = true;
authentication = pkgs.lib.mkOverride 10 ''
local all all trust
host all all 127.0.0.1/32 trust
host all all ::1/128 trust
'';
initialScript = pkgs.writeText "backend-initScript" ''
CREATE ROLE postgres WITH LOGIN PASSWORD 'password' CREATEDB;
CREATE DATABASE "dbname" WITH OWNER "postgres" ENCODING 'UTF8' TEMPLATE template0;
GRANT ALL PRIVILEGES ON DATABASE dbname TO postgres;
'';
};
virtualisation = {
docker.enable = true;
oci-containers.containers = {
# postgres = {
# autoStart = true;
# image = "postgres";
# # restart = "always";
# volumes = [
# "db_data:/var/lib/postgresql/data"
# ];
# };
hasura = {
autoStart = true;
image = "hasura/graphql-engine:latest";
environment = {
HASURA_GRAPHQL_DATABASE_URL = "postgres://postgress:password@127.0.0.1:5433/dbname";
HASURA_GRAPHQL_ENABLE_CONSOLE = "true";
};
ports = [
"8080:8080"
];
};
};
};
};
};
}
I run it with the command:
sudo extra-container create --start <<EOF
$(cat hasura.nix)
EOF
When i login into the container
sudo extra-container root-login hasura
The command:
systemctl status postgresql
showed that the native postgresql service started successfully
The command:
systemctl status docker
logs the error:
docker.service - Docker Application Container Engine Loaded: loaded (/etc/systemd/system/docker.service; enabled; vendor preset: enabled) Drop-In: /nix/store/blsd1fdr41vxc4570rzfib78ldpb8l0v-system-units/docker.service.d
└─overrides.conf Active: failed (Result: exit-code) since Wed 2023-03-08 00:15:11 CET; 9s ago TriggeredBy: × docker.socket Docs: https://docs.docker.com Process: 354 ExecStart=/nix/store/m66c6m0fxlsrhg3svi9sy1lxvildwf58-docker-20.10.17/bin/dockerd --config-file=/nix/store/9kvb9hikrpnkq88nijp4s6ms97hi6vpx-> Main PID: 354 (code=exited, status=1/FAILURE)
Mar 08 00:15:11 hasura systemd[1]: docker.service: Scheduled restart job, restart counter is at 3. Mar 08 00:15:11 hasura systemd[1]: Stopped Docker Application Container Engine. Mar 08 00:15:11 hasura systemd[1]: docker.service: Start request repeated too quickly. Mar 08 00:15:11 hasura systemd[1]: docker.service: Failed with result 'exit-code'.
I tried to change the virtualisation mode to podman.
virtualisation = {
# docker.enable = true;
podman = {
enable = true;
dockerCompat = true;
};
oci-containers.backend = "podman";
oci-containers.containers = {
hasura = {
autoStart = true;
image = "hasura/graphql-engine:latest";
environment = {
HASURA_GRAPHQL_DATABASE_URL = "postgres://postgres:password@127.0.0.1:5433/dbname";
HASURA_GRAPHQL_ENABLE_CONSOLE = "true";
};
ports = [
"8080:8080"
];
};
};
};
The command
systemctl status podman-hasura
logs the error:
podman-hasura.service Loaded: loaded (/etc/systemd/system/podman-hasura.service; enabled; vendor pres> Active: failed (Result: exit-code) since Wed 2023-03-08 00:35:51 CET; 1min 17s > Process: 637 ExecStartPre=/nix/store/hkyh5rj067rsgh1cnx1nnycsv6s7pk6r-unit-scrip> Process: 647 ExecStart=/nix/store/p2pwaa7scqiv352lnbyh6br12p8cphy0-unit-script-p> Process: 683 ExecStopPost=/nix/store/1iwwdwhvm689qsfj3map1gzx5hph7ywb-unit-scrip> Main PID: 647 (code=exited, status=126)
Mar 08 00:35:51 hasura systemd[1]: podman-hasura.service: Scheduled restart job, res> Mar 08 00:35:51 hasura systemd[1]: Stopped podman-hasura.service. Mar 08 00:35:51 hasura systemd[1]: podman-hasura.service: Start request repeated too> Mar 08 00:35:51 hasura systemd[1]: podman-hasura.service: Failed with result 'exit-c> Mar 08 00:35:51 hasura systemd[1]: Failed to start podman-hasura.service. lines 1-13/13 (END)
The command
journalctl -u podman-hasura
logs:
Mar 08 13:22:08 hasura systemd[1]: Starting podman-hasura.service...
Mar 08 13:22:08 hasura podman[193]: 2023-03-08 13:22:08.974337184 +0100 CET m=+0.842361173 system refresh
Mar 08 13:22:09 hasura systemd[1]: Started podman-hasura.service.
Mar 08 13:22:09 hasura podman-hasura-start[280]: Resolving "hasura/graphql-engine" using unqualified-search registries (/etc/containers/registries.conf)
Mar 08 13:22:09 hasura podman-hasura-start[280]: Trying to pull docker.io/hasura/graphql-engine:latest...
Mar 08 13:22:11 hasura podman-hasura-start[280]: Getting image source signatures
Mar 08 13:22:11 hasura podman-hasura-start[280]: Copying blob sha256:7608715873ec5c02d370e963aa9b19a149023ce218887221d93fe671b3abbf58
Mar 08 13:22:11 hasura podman-hasura-start[280]: Copying blob sha256:99b52f18fc1470484494d8343f0b7304ad5a2076def4d047733e8df09d177391
Mar 08 13:22:11 hasura podman-hasura-start[280]: Copying blob sha256:747f55337f880a27b204c974aed75efe5a3955615acc104068caee742015dfad
Mar 08 13:22:11 hasura podman-hasura-start[280]: Copying blob sha256:6435e97c6a55d3712cf718f2690895b57b56483945130bb75a019827d59eb78d
Mar 08 13:22:11 hasura podman-hasura-start[280]: Copying blob sha256:6e594de10781a6c3bbde9994cdacbdfaccc63b76afc775378c4c521893a3e2d5
Mar 08 13:22:11 hasura podman-hasura-start[280]: Copying blob sha256:4a0d8df7d2cabd10ce2e41fcc284de17c37238c5b1f86edabd596a027cfaa581
Mar 08 13:22:11 hasura podman-hasura-start[280]: Copying blob sha256:0c4c773484760971069e2de813dab13f2a09c745c1ef2436318906aeac406e7d
Mar 08 13:22:12 hasura podman-hasura-start[280]: Copying blob sha256:141b63796c223137e9ceed83507c78dd07c1e21b662c0dc45ef685345ad1e3ca
Mar 08 13:22:21 hasura podman-hasura-start[280]: Copying config sha256:c7e4959a8d1d0d105e07ef57bedc06dc061202942a3264e838188408b62dbee4
Mar 08 13:22:21 hasura podman-hasura-start[280]: Writing manifest to image destination
Mar 08 13:22:21 hasura podman-hasura-start[280]: Storing signatures
Mar 08 13:22:21 hasura podman-hasura-start[280]: Your kernel does not support pids limit capabilities or the cgroup is not mounted. PIDs limit discarded.
lines 1-18...skipping...
Mar 08 13:22:08 hasura systemd[1]: Starting podman-hasura.service...
Mar 08 13:22:08 hasura podman[193]: 2023-03-08 13:22:08.974337184 +0100 CET m=+0.842361173 system refresh
Mar 08 13:22:09 hasura systemd[1]: Started podman-hasura.service.
Mar 08 13:22:09 hasura podman-hasura-start[280]: Resolving "hasura/graphql-engine" using unqualified-search registries (/etc/containers/registries.conf)
Mar 08 13:22:09 hasura podman-hasura-start[280]: Trying to pull docker.io/hasura/graphql-engine:latest...
Mar 08 13:22:11 hasura podman-hasura-start[280]: Getting image source signatures
Mar 08 13:22:11 hasura podman-hasura-start[280]: Copying blob sha256:7608715873ec5c02d370e963aa9b19a149023ce218887221d93fe671b3abbf58
Mar 08 13:22:11 hasura podman-hasura-start[280]: Copying blob sha256:99b52f18fc1470484494d8343f0b7304ad5a2076def4d047733e8df09d177391
Mar 08 13:22:11 hasura podman-hasura-start[280]: Copying blob sha256:747f55337f880a27b204c974aed75efe5a3955615acc104068caee742015dfad
Mar 08 13:22:11 hasura podman-hasura-start[280]: Copying blob sha256:6435e97c6a55d3712cf718f2690895b57b56483945130bb75a019827d59eb78d
Mar 08 13:22:11 hasura podman-hasura-start[280]: Copying blob sha256:6e594de10781a6c3bbde9994cdacbdfaccc63b76afc775378c4c521893a3e2d5
Mar 08 13:22:11 hasura podman-hasura-start[280]: Copying blob sha256:4a0d8df7d2cabd10ce2e41fcc284de17c37238c5b1f86edabd596a027cfaa581
Mar 08 13:22:11 hasura podman-hasura-start[280]: Copying blob sha256:0c4c773484760971069e2de813dab13f2a09c745c1ef2436318906aeac406e7d
Mar 08 13:22:12 hasura podman-hasura-start[280]: Copying blob sha256:141b63796c223137e9ceed83507c78dd07c1e21b662c0dc45ef685345ad1e3ca
Mar 08 13:22:21 hasura podman-hasura-start[280]: Copying config sha256:c7e4959a8d1d0d105e07ef57bedc06dc061202942a3264e838188408b62dbee4
Mar 08 13:22:21 hasura podman-hasura-start[280]: Writing manifest to image destination
Mar 08 13:22:21 hasura podman-hasura-start[280]: Storing signatures
Mar 08 13:22:21 hasura podman-hasura-start[280]: Your kernel does not support pids limit capabilities or the cgroup is not mounted. PIDs limit discarded.
Mar 08 13:22:21 hasura podman[280]:
Mar 08 13:22:21 hasura podman[280]: 2023-03-08 13:22:21.951471627 +0100 CET m=+12.863705764 container create 4090752672f577708a9ba6def166c33877e71095b1ddc86813e015be278caf58 (im>
Mar 08 13:22:21 hasura podman[280]: 2023-03-08 13:22:09.129371697 +0100 CET m=+0.041605829 image pull hasura/graphql-engine:latest
Mar 08 13:22:22 hasura podman[280]: 2023-03-08 13:22:22.013865478 +0100 CET m=+12.926099609 container remove 4090752672f577708a9ba6def166c33877e71095b1ddc86813e015be278caf58 (im>
Mar 08 13:22:22 hasura podman-hasura-start[280]: Error: failed to set the loopback adapter up: operation not permitted
Mar 08 13:22:22 hasura systemd[1]: podman-hasura.service: Main process exited, code=exited, status=126/n/a
Mar 08 13:22:22 hasura systemd[1]: podman-hasura.service: Failed with result 'exit-code'.
Mar 08 13:22:22 hasura systemd[1]: podman-hasura.service: Scheduled restart job, restart counter is at 1.
Mar 08 13:22:22 hasura systemd[1]: Stopped podman-hasura.service.
Mar 08 13:22:22 hasura systemd[1]: Starting podman-hasura.service...
Mar 08 13:22:22 hasura systemd[1]: Started podman-hasura.service.
Mar 08 13:22:22 hasura podman-hasura-start[426]: Your kernel does not support pids limit capabilities or the cgroup is not mounted. PIDs limit discarded.
Mar 08 13:22:22 hasura podman[426]:
Mar 08 13:22:22 hasura podman[426]: 2023-03-08 13:22:22.656601574 +0100 CET m=+0.076134660 container create 691f40efe797c2b94fed98652c4a0a5c00f6a90ebe35d3744a3f57d3ea57e4dc (ima>
Mar 08 13:22:22 hasura podman[426]: 2023-03-08 13:22:22.708566909 +0100 CET m=+0.128099996 container remove 691f40efe797c2b94fed98652c4a0a5c00f6a90ebe35d3744a3f57d3ea57e4dc (ima>
Mar 08 13:22:22 hasura podman-hasura-start[426]: Error: failed to set the loopback adapter up: operation not permitted
Mar 08 13:22:22 hasura systemd[1]: podman-hasura.service: Main process exited, code=exited, status=126/n/a
Mar 08 13:22:22 hasura systemd[1]: podman-hasura.service: Failed with result 'exit-code'.
Mar 08 13:22:23 hasura systemd[1]: podman-hasura.service: Scheduled restart job, restart counter is at 2.
Mar 08 13:22:23 hasura systemd[1]: Stopped podman-hasura.service.
Mar 08 13:22:23 hasura systemd[1]: Starting podman-hasura.service...
Mar 08 13:22:23 hasura systemd[1]: Started podman-hasura.service.
Mar 08 13:22:23 hasura podman-hasura-start[482]: Your kernel does not support pids limit capabilities or the cgroup is not mounted. PIDs limit discarded.
Mar 08 13:22:23 hasura podman[482]:
Mar 08 13:22:23 hasura podman[482]: 2023-03-08 13:22:23.417280498 +0100 CET m=+0.082720730 container create 2a62e1e82bebb12789537c2beb52cd8bf5f3cb03841cde881468245cf5949897 (ima>
Mar 08 13:22:23 hasura podman[482]: 2023-03-08 13:22:23.362801125 +0100 CET m=+0.028241351 image pull hasura/graphql-engine:latest
Mar 08 13:22:23 hasura podman[482]: 2023-03-08 13:22:23.464525957 +0100 CET m=+0.129966187 container remove 2a62e1e82bebb12789537c2beb52cd8bf5f3cb03841cde881468245cf5949897 (ima>
Mar 08 13:22:23 hasura podman-hasura-start[482]: Error: failed to set the loopback adapter up: operation not permitted
Mar 08 13:22:23 hasura systemd[1]: podman-hasura.service: Main process exited, code=exited, status=126/n/a
Mar 08 13:22:23 hasura systemd[1]: podman-hasura.service: Failed with result 'exit-code'.
Mar 08 13:22:23 hasura systemd[1]: podman-hasura.service: Scheduled restart job, restart counter is at 3.
Mar 08 13:22:23 hasura systemd[1]: Stopped podman-hasura.service.
Mar 08 13:22:23 hasura systemd[1]: Starting podman-hasura.service...
Mar 08 13:22:24 hasura systemd[1]: Started podman-hasura.service.
Mar 08 13:22:24 hasura podman-hasura-start[538]: Your kernel does not support pids limit capabilities or the cgroup is not mounted. PIDs limit discarded.
Mar 08 13:22:24 hasura podman[538]:
Mar 08 13:22:24 hasura podman[538]: 2023-03-08 13:22:24.179815741 +0100 CET m=+0.088731970 container create ec7eee8eec9f8327da631b220f81ad4b273f8c03ed8123bfb5abd333e4625468 (ima>
Mar 08 13:22:24 hasura podman[538]: 2023-03-08 13:22:24.124300322 +0100 CET m=+0.033216559 image pull hasura/graphql-engine:latest
Mar 08 13:22:24 hasura podman[538]: 2023-03-08 13:22:24.310644903 +0100 CET m=+0.219561125 container remove ec7eee8eec9f8327da631b220f81ad4b273f8c03ed8123bfb5abd333e4625468 (ima>
Mar 08 13:22:24 hasura podman-hasura-start[538]: Error: failed to set the loopback adapter up: operation not permitted
Mar 08 13:22:24 hasura systemd[1]: podman-hasura.service: Main process exited, code=exited, status=126/n/a
Mar 08 13:22:24 hasura systemd[1]: podman-hasura.service: Failed with result 'exit-code'.
Mar 08 13:22:24 hasura systemd[1]: podman-hasura.service: Scheduled restart job, restart counter is at 4.
Mar 08 13:22:24 hasura systemd[1]: Stopped podman-hasura.service.
Mar 08 13:22:24 hasura systemd[1]: Starting podman-hasura.service...
Mar 08 13:22:24 hasura systemd[1]: Started podman-hasura.service.
Mar 08 13:22:24 hasura podman-hasura-start[595]: Your kernel does not support pids limit capabilities or the cgroup is not mounted. PIDs limit discarded.
Mar 08 13:22:24 hasura podman[595]:
Mar 08 13:22:24 hasura podman[595]: 2023-03-08 13:22:24.922071766 +0100 CET m=+0.080850099 container create 988e8f863828150337dbb2ec0eb36a79893af35d5a825424fa2b2dbbabe29193 (ima>
Mar 08 13:22:24 hasura podman[595]: 2023-03-08 13:22:24.873384205 +0100 CET m=+0.032162540 image pull hasura/graphql-engine:latest
Mar 08 13:22:24 hasura podman[595]: 2023-03-08 13:22:24.975337512 +0100 CET m=+0.134115836 container remove 988e8f863828150337dbb2ec0eb36a79893af35d5a825424fa2b2dbbabe29193 (ima>
Mar 08 13:22:24 hasura podman-hasura-start[595]: Error: failed to set the loopback adapter up: operation not permitted
Mar 08 13:22:24 hasura systemd[1]: podman-hasura.service: Main process exited, code=exited, status=126/n/a
Mar 08 13:22:25 hasura systemd[1]: podman-hasura.service: Failed with result 'exit-code'.
Mar 08 13:22:25 hasura systemd[1]: podman-hasura.service: Scheduled restart job, restart counter is at 5.
Mar 08 13:22:25 hasura systemd[1]: Stopped podman-hasura.service.
Mar 08 13:22:25 hasura systemd[1]: Starting podman-hasura.service...
Mar 08 13:22:25 hasura systemd[1]: Started podman-hasura.service.
Mar 08 13:22:25 hasura podman-hasura-start[650]: Your kernel does not support pids limit capabilities or the cgroup is not mounted. PIDs limit discarded.
Mar 08 13:22:25 hasura podman[650]:
Mar 08 13:22:25 hasura podman[650]: 2023-03-08 13:22:25.716497452 +0100 CET m=+0.086217175 container create 4bbe66682989e3f1bafc3bb87df90b8309e03a0ed68327bd80e2c5dfdcc1a72c (ima>
Mar 08 13:22:25 hasura podman[650]: 2023-03-08 13:22:25.670100691 +0100 CET m=+0.039820414 image pull hasura/graphql-engine:latest
Mar 08 13:22:26 hasura podman[650]: 2023-03-08 13:22:26.123131219 +0100 CET m=+0.492850941 container remove 4bbe66682989e3f1bafc3bb87df90b8309e03a0ed68327bd80e2c5dfdcc1a72c (ima>
Mar 08 13:22:26 hasura podman-hasura-start[650]: Error: failed to set the loopback adapter up: operation not permitted
Mar 08 13:22:26 hasura systemd[1]: podman-hasura.service: Main process exited, code=exited, status=126/n/a
Mar 08 13:22:26 hasura systemd[1]: podman-hasura.service: Failed with result 'exit-code'.
Mar 08 13:22:26 hasura systemd[1]: podman-hasura.service: Scheduled restart job, restart counter is at 6.
Mar 08 13:22:26 hasura systemd[1]: Stopped podman-hasura.service.
Mar 08 13:22:26 hasura systemd[1]: podman-hasura.service: Start request repeated too quickly.
Mar 08 13:22:26 hasura systemd[1]: podman-hasura.service: Failed with result 'exit-code'.
Mar 08 13:22:26 hasura systemd[1]: Failed to start podman-hasura.service.
When i remove the wrapper extra-container and move the config directly to my main configuration and rebuild the system with
sudo nixos-rebuild switch --flake .#desktop
i tried to run postgres container only but it failed.
podman-postgres.service
Loaded: loaded (/etc/systemd/system/podman-postgres.service; enabled; preset: enabled)
Active: failed (Result: exit-code) since Wed 2023-03-08 17:40:28 CET; 605ms ago
Duration: 76ms
Process: 3323975 ExecStartPre=/nix/store/ngrp9c03jma5dcdpx0hwplgivccyglhw-unit-script-podman-postgres-pre-start/bin/podman-postgres-pre-start (code=exited, status=0/SUCCESS)
Process: 3323987 ExecStart=/nix/store/p8h161jslcq8xpypjbxdvb3m89ql7c5w-unit-script-podman-postgres-start/bin/podman-postgres-start (code=exited, status=125)
Process: 3324023 ExecStopPost=/nix/store/adsw00cli3sicz17z7bvfm300wlaljf7-unit-script-podman-postgres-post-stop/bin/podman-postgres-post-stop (code=exited, status=0/SUCCESS)
Main PID: 3323987 (code=exited, status=125)
IP: 0B in, 0B out
CPU: 169ms
mar 08 17:40:28 nixos systemd[1]: podman-postgres.service: Scheduled restart job, restart counter is at 5.
mar 08 17:40:28 nixos systemd[1]: Stopped podman-postgres.service.
mar 08 17:40:28 nixos systemd[1]: podman-postgres.service: Start request repeated too quickly.
mar 08 17:40:28 nixos systemd[1]: podman-postgres.service: Failed with result 'exit-code'.
mar 08 17:40:28 nixos systemd[1]: Failed to start podman-postgres.service. /0,0s
However, when i use podman-run directly form terminal it is working.
podman run --name postgres -e POSTGRES_PASSWORD=password -d postgres:latest
podman run --name hasura -d -p 8080:8080 \
-e HASURA_GRAPHQL_DATABASE_URL=postgres://postgres:password@10.89.0.2:5432/postgres \
-e HASURA_GRAPHQL_ENABLE_CONSOLE=true \
hasura/graphql-engine:latest
What should i change in my declarative container config to fix the error and enable Hasura container?
I managed to get the working declarative setup for hasura without extra-container, so far. I created additional systemd service podman-create-pod with the option serviceConfig.Type = "oneshot"; which creates the common pod for both containers hasura & postgres
{ config, pkgs, user, ... }:
let
podman = pkgs.podman;
in
{
systemd.services.podman-create-pod = {
serviceConfig.Type = "oneshot";
wantedBy = [ "multi-user.target" ];
script = ''
${podman}/bin/podman pod exists hasura-pg || \
${podman}/bin/podman pod create -n hasura-pg -p '127.0.0.1:8080:8080'
'';
};
virtualisation = {
podman = {
enable = true;
# dockerCompat = true;
};
oci-containers = {
backend = "podman";
};
};
virtualisation.oci-containers.containers = {
pg2 = {
autoStart = true;
image = "postgres:latest";
# pod = "hasura-pod";
# dependsOn = [ "podman-create-pod-postgres" ];
environment = {
POSTGRES_PASSWORD = "password";
POSTGRES_USER = "postgres";
POSTGRES_DB = "postgres";
};
volumes = [ "postgresql:/var/lib/postgresql/data" ];
};
hasura = {
autoStart = true;
image = "hasura/graphql-engine:latest";
# pod = "hasura-pod";
dependsOn = [ "pg2" ];
ports = [ "8080:8080" ];
environment = {
HASURA_GRAPHQL_DATABASE_URL = "postgres://postgres:password@10.88.0.13:5432/postgres";
HASURA_GRAPHQL_ENABLE_CONSOLE = "true";
};
};
};
users.groups.docker.members = [ "${user}" ];
environment.systemPackages = with pkgs; [
docker-compose
docker-client
];
}
For the postgres address in hasura config i used the pg2 container ip obtained with:
sudo podman inspect -f '{{.NetworkSettings.IPAddress}}' pg2