From 2b68a96422575b14e54c9a7e3d0033f6231a6b4d Mon Sep 17 00:00:00 2001
From: Alexey Abramov <levenson@mmer.org>
Date: Sun, 16 Aug 2020 10:09:07 +0200
Subject: services: docker: Add 'enable-iptables?' argument.

* gnu/services/docker.scm (docker-configuration): Define the argument.
* gnu/services/docker.scm (docker-shepherd-service): Use it.
* doc/guix.texi (Docker Service): Document it.

Signed-off-by: Mathieu Othacehe <othacehe@gnu.org>
---
 doc/guix.texi           |  3 +++
 gnu/services/docker.scm | 11 +++++++++--
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/doc/guix.texi b/doc/guix.texi
index 587c004bee..e0c138533f 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -27660,6 +27660,9 @@ Enable or disable the use of the Docker user-land networking proxy.
 @item @code{debug?} (default @code{#f})
 Enable or disable debug output.
 
+@item @code{enable-iptables?} (default @code{#t})
+Enable or disable the addition of iptables rules.
+
 @end table
 @end deftp
 
diff --git a/gnu/services/docker.scm b/gnu/services/docker.scm
index 937dff7bdb..380a942ed2 100644
--- a/gnu/services/docker.scm
+++ b/gnu/services/docker.scm
@@ -56,7 +56,10 @@ (define-configuration docker-configuration
    "Enable or disable the user-land proxy (enabled by default).")
   (debug?
    (boolean #f)
-   "Enable or disable debug output."))
+   "Enable or disable debug output.")
+  (enable-iptables?
+   (boolean #t)
+   "Enable addition of iptables rules (enabled by default)."))
 
 (define %docker-accounts
   (list (user-group (name "docker") (system? #t))))
@@ -91,6 +94,7 @@ (define (containerd-shepherd-service config)
 (define (docker-shepherd-service config)
   (let* ((docker (docker-configuration-docker config))
          (enable-proxy? (docker-configuration-enable-proxy? config))
+         (enable-iptables? (docker-configuration-enable-iptables? config))
          (proxy (docker-configuration-proxy config))
          (debug? (docker-configuration-debug? config)))
     (shepherd-service
@@ -115,7 +119,10 @@ (define (docker-shepherd-service config)
                                   '())
                            (if #$enable-proxy? "--userland-proxy" "")
                            "--userland-proxy-path" (string-append #$proxy
-                                                                  "/bin/proxy"))
+                                                                  "/bin/proxy")
+                           (if #$enable-iptables?
+                               "--iptables"
+                               "--iptables=false"))
                      #:pid-file "/var/run/docker.pid"
                      #:log-file "/var/log/docker.log"))
            (stop #~(make-kill-destructor)))))
-- 
cgit v1.2.3