From 77a65d189a85c18420d74bad3bc7d1598e2cb331 Mon Sep 17 00:00:00 2001
From: Sefa Eyeoglu <contact@scrumplex.net>
Date: Wed, 16 Oct 2024 10:50:05 +0200
Subject: [PATCH] nixos/docker: keep live-restore disabled by default

See https://docs.docker.com/engine/daemon/live-restore/
See https://discourse.nixos.org/t/docker-hanging-on-reboot/18270/5
Closes https://github.com/NixOS/nixpkgs/issues/182916

Signed-off-by: Sefa Eyeoglu <contact@scrumplex.net>
---
 nixos/doc/manual/release-notes/rl-2411.section.md | 2 ++
 nixos/modules/virtualisation/docker.nix           | 6 +++++-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/nixos/doc/manual/release-notes/rl-2411.section.md b/nixos/doc/manual/release-notes/rl-2411.section.md
index 0d1d4059fa88..f71db4fb3df6 100644
--- a/nixos/doc/manual/release-notes/rl-2411.section.md
+++ b/nixos/doc/manual/release-notes/rl-2411.section.md
@@ -629,6 +629,8 @@
 
 - `lib.misc.mapAttrsFlatten` is now formally deprecated and will be removed in future releases; use the identical [`lib.attrsets.mapAttrsToList`](https://nixos.org/manual/nixpkgs/unstable#function-library-lib.attrsets.mapAttrsToList) instead.
 
+- `virtualisation.docker.liveRestore` has been renamed to `virtualisation.docker.daemon.settings."live-restore"` and turned off by default for state versions of at least 24.11.
+
 - Tailscale's `authKeyFile` can now have its corresponding parameters set through `config.services.tailscale.authKeyParameters`, allowing for non-ephemeral unsupervised deployment and more.
   See [Registering new nodes using OAuth credentials](https://tailscale.com/kb/1215/oauth-clients#registering-new-nodes-using-oauth-credentials) for the supported options.
 
diff --git a/nixos/modules/virtualisation/docker.nix b/nixos/modules/virtualisation/docker.nix
index ed228f76988d..758860279be1 100644
--- a/nixos/modules/virtualisation/docker.nix
+++ b/nixos/modules/virtualisation/docker.nix
@@ -57,7 +57,10 @@ in
           options = {
             live-restore = mkOption {
               type = types.bool;
-              default = true;
+              # Prior to NixOS 24.11, this was set to true by default, while upstream defaulted to false.
+              # Keep the option unset to follow upstream defaults
+              default = versionOlder config.system.stateVersion "24.11";
+              defaultText = literalExpression "versionOlder config.system.stateVersion \"24.11\"";
               description = ''
                 Allow dockerd to be restarted without affecting running container.
                 This option is incompatible with docker swarm.
@@ -68,6 +71,7 @@ in
         default = { };
         example = {
           ipv6 = true;
+          "live-restore" = true;
           "fixed-cidr-v6" = "fd00::/80";
         };
         description = ''