I have no idea how I would go about using NixOS tests

clone nixpkgs repo && cd there
then
nix-build nixos/tests/nginx.nix (or nix-build nixos/tests/docker.nix)

That's it.

See also https://www.freedesktop.org/software/systemd/man/systemd.service.html#Type=

It is unset currently for declarative docker containers, which means it has type simple. It also seems like you want behavior of type oneshot.

You may set it with:

systemd.services.docker-mycontainer.serviceConfig.Type = "oneshot";

Also, you may use preStop option (https://nixos.org/nixos/options.html#systemd.services.%3Cname%3E.prestop) instead of ExecStop, which already is bash script.

nix-build nixos/tests/nginx.nix (or nix-build nixos/tests/docker.nix)

That's exactly what I was looking for, thank you! I'm still learning how to properly interface with the Nix language, so basic things like these are still not obvious to me.

It is unset currently for declarative docker containers, which means it has type simple. It also seems like you want behavior of type oneshot.

The oneshot type is not is not what I'm looking for (I may have used the wrong terminology in my issue). I do want the service to stop when the main process exits, I just want the service to stop successfully if the main process succeeded and currently it doesn't.

You may set it with:

systemd.services.docker-mycontainer.serviceConfig.Type = "oneshot";

*mkForce and you'd also have to mkForce serviceConfig.Restart because oneshot doesn't work with Restart=always iirc.

You could to it that way but having to fiddle with systemd services to get your docker containers to behave the way you want is a bit unclean IMO and actually not at all obvious to someone who doesn't know how docker-containers are implemented in NixOS.
They'd also have to know about mkForce and that it's the solution to Nix complaining about unique values being declared in multiple places (which I didn't back then).

Also, you may use preStop option (https://nixos.org/nixos/options.html#systemd.services.%3Cname%3E.prestop) instead of ExecStop, which already is bash script.

That sounds cleaner, I'll take a look. Thanks!

Also, you may use preStop option (https://nixos.org/nixos/options.html#systemd.services.%3Cname%3E.prestop) instead of ExecStop, which already is bash script.

That sounds cleaner, I'll take a look. Thanks!

I tried it out and it does indeed look a bit cleaner but I have a few issues with it:

• It's not that much cleaner
• It's not immediately obvious that it fills out the ExecStop field anymore, you have to know or look up what the option does
• It now has to be written outside the serviceConfig which rips it out of the context of the other Exec* options and makes it even less clear
• It puts a script in the form of a nix store path as an argument to ExecStop= in the unit file which adds a layer of abstraction for users looking at docker-containers' services through systemctl

okay, this sounds reasonable.

What about removing ExecStop entirely? Looking at https://docs.docker.com/engine/reference/commandline/stop/:

The main process inside the container will receive SIGTERM, and after a grace period, SIGKILL.

But this is almost systemd behavior when no ExecStop present (https://www.freedesktop.org/software/systemd/man/systemd.service.html):

Since no ExecStop= was specified, systemd will send SIGTERM to all processes started from this service, and after a timeout also SIGKILL.

The last bit (kill only main process instead of all subprocesses) can be achieved with KillMode=mixed (https://www.freedesktop.org/software/systemd/man/systemd.kill.html#KillMode=)

Yeah, I also thought about that and assumed they were added for good reason.
The docker rm commands also seem kind of redundant because it uses docker run --rm.

I the author didn't include a comment on these parameters in their commit message or PR unfortunately but they do mention that reload isn't implemented because docker containers might not respond well to some kill signals (https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/docker-containers.nix#L192), so maybe docker stop is a safer way of stopping them?

@benley

The docker rm commands also seem kind of redundant because it uses docker run --rm.

+1, agree

they do mention that reload isn't implemented because docker containers might not respond

we can try =)

I didn't know about $SERVICE_RESULT; this looks like a good thing.

If I recall correctly, the redundant docker rm is there to account for unusual situations like what happens if the system crashes hard while a container is running: when it boots up again, the old container still exists (I think) but is stopped, so docker run can't create another one with the same name.

That makes sense, thanks a lot!

Maybe we should investigate that in a separate PR/Issue though, this one works for now.