nix-devcontainer icon indicating copy to clipboard operation
nix-devcontainer copied to clipboard
verified publisher icon xtruder

Mention caveat of `network_mode=host` when running docker-in-docker

Open waynevanson opened this issue 2 years ago • 1 comments

I have a rust project using this attached configuration.

Setting network_mode=host was the only way I could download crates for compilation. If it is in the users cache it will use that.

Should we mention something like this in the docs?

docker-compose.yaml 
version: "3"

services:
  development:
    build:
      dockerfile: ./Dockerfile
      args:
        USER_UID: ${USER_UID:-1000}
        USER_GID: ${USER_GID:-1000}
    environment:
      DOCKER_HOST: tcp://localhost:2375
      PRELOAD_EXTENSIONS: "arrterian.nix-env-selector"
    volumes:
      - ..:/workspace:cached
      - nix:/nix
    security_opt:
      - label:disable
    network_mode: host

  docker:
    image: docker:dind-rootless
    environment:
      DOCKER_TLS_CERTDIR: ""
      DOCKER_DRIVER: overlay2
    privileged: true
    volumes:
      - ..:/workspace:cached
      - nix:/nix
      - docker:/var/lib/docker
    security_opt:
      - label:disable
    network_mode: host

volumes:
  nix:
  docker:
shell.nix 
with builtins;
let
  rust_overlay = import (fetchTarball "https://github.com/oxalica/rust-overlay/archive/master.tar.gz");

  # Pinning nixpkgs
  # https://github.com/waynevanson/nixpkgs/commits/d66b5294264c19e7ba7f9097356f69c32cbcb24a
  # which contains the following PR's
  # - aws-lambda-cli>=1.7 - cargo-lambda support            - https://github.com/NixOS/nixpkgs/pull/224039
  # - cargo-lambda        - upgrade required (forgot why)   - https://github.com/NixOS/nixpkgs/pull/224814
  pinned_pkgs = import (fetchTarball "https://github.com/waynevanson/nixpkgs/tarball/d66b5294264c19e7ba7f9097356f69c32cbcb24a");

  pkgs = pinned_pkgs {
    overlays = [ rust_overlay ];
  };

  # use toolchain from workspace.
  rust_toolchains = pkgs.rust-bin.fromRustupToolchainFile ./rust-toolchain.toml;

in
with pkgs;
mkShell
{
  nativeBuildInputs = [
    # nix
    nixpkgs-fmt
    rnix-lsp
    docker-client
    gnumake

    # rust
    rust_toolchains

    cargo-cross
    cargo-lambda
    cargo-make
    cargo-xbuild

    cargo-tarpaulin
    kcov


    # rust-dependencies
    pkg-config
    openssl

    #   
    aws-sam-cli
    rustup

    # js
    yarn
  ];
}

waynevanson avatar Apr 10 '23 01:04 waynevanson

Did you try just fully removing the network_mode and using the default network? It seems to work for me.

LorenzBischof avatar May 26 '25 10:05 LorenzBischof