machine_setup/nix/configuration/roles/docker/default.nix

{
  config,
  lib,
  pkgs,
  ...
}:

{
  imports = [ ];

  virtualisation.docker.enable = true;
  # Use docker activation
  virtualisation.docker.enableOnBoot = false;
  # Rootless docker breaks access to ssh for buildkit.
  # virtualisation.docker.rootless = {
  #   enable = true;
  #   setSocketVariable = true;
  # };
  # Give docker access to ssh for fetching repos with buildkit.
  virtualisation.docker.extraPackages = [ pkgs.openssh ];
  environment.systemPackages = with pkgs; [
    docker-buildx
  ];

  environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {
    hideMounts = true;
    directories = [
      {
        directory = "/var/lib/docker";
        user = "root";
        group = "root";
        mode = "0740";
      }
    ];
    # users.talexander = {
    #   directories = [
    #     {
    #       directory = ".local/share/docker";
    #       user = "talexander";
    #       group = "talexander";
    #       mode = "0740";
    #     }
    #   ];
    # };
  };

  # Needed for non-rootless docker
  users.users.talexander.extraGroups = [ "docker" ];
}
Add docker. 2025-01-01 14:10:08 -05:00			`{`
			`config,`
			`lib,`
			`pkgs,`
			`...`
			`}:`

			`{`
			`imports = [ ];`

			`virtualisation.docker.enable = true;`
Fix buildkit access to SSH agent. 2025-01-12 20:31:52 -05:00			`# Use docker activation`
			`virtualisation.docker.enableOnBoot = false;`
			`# Rootless docker breaks access to ssh for buildkit.`
			`# virtualisation.docker.rootless = {`
			`# enable = true;`
			`# setSocketVariable = true;`
			`# };`
			`# Give docker access to ssh for fetching repos with buildkit.`
			`virtualisation.docker.extraPackages = [ pkgs.openssh ];`
Add a script to test fetching PGP keys from a Web Key Directory (WKD). 2025-01-12 18:29:48 -05:00			`environment.systemPackages = with pkgs; [`
			`docker-buildx`
			`];`
Add docker. 2025-01-01 14:10:08 -05:00
			`environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {`
			`hideMounts = true;`
			`directories = [`
			`{`
			`directory = "/var/lib/docker";`
			`user = "root";`
			`group = "root";`
			`mode = "0740";`
			`}`
			`];`
Fix buildkit access to SSH agent. 2025-01-12 20:31:52 -05:00			`# users.talexander = {`
			`# directories = [`
			`# {`
			`# directory = ".local/share/docker";`
			`# user = "talexander";`
			`# group = "talexander";`
			`# mode = "0740";`
			`# }`
			`# ];`
			`# };`
Add docker. 2025-01-01 14:10:08 -05:00			`};`

Fix buildkit access to SSH agent. 2025-01-12 20:31:52 -05:00			`# Needed for non-rootless docker`
			`users.users.talexander.extraGroups = [ "docker" ];`
Add docker. 2025-01-01 14:10:08 -05:00			`}`