From 4019e6d132aff6b87a8bae6216d5a32e8475a1ca Mon Sep 17 00:00:00 2001
From: Tom Alexander <tom@fizz.buzz>
Date: Sun, 12 Jan 2025 20:31:52 -0500
Subject: [PATCH] Fix buildkit access to SSH agent.

---
 nix/configuration/roles/docker/default.nix | 35 +++++++++++++---------
 1 file changed, 21 insertions(+), 14 deletions(-)

diff --git a/nix/configuration/roles/docker/default.nix b/nix/configuration/roles/docker/default.nix
index 7210c31..12ed2c5 100644
--- a/nix/configuration/roles/docker/default.nix
+++ b/nix/configuration/roles/docker/default.nix
@@ -9,10 +9,15 @@
   imports = [ ];
 
   virtualisation.docker.enable = true;
-  virtualisation.docker.rootless = {
-    enable = true;
-    setSocketVariable = true;
-  };
+  # Use docker activation
+  virtualisation.docker.enableOnBoot = false;
+  # Rootless docker breaks access to ssh for buildkit.
+  # virtualisation.docker.rootless = {
+  #   enable = true;
+  #   setSocketVariable = true;
+  # };
+  # Give docker access to ssh for fetching repos with buildkit.
+  virtualisation.docker.extraPackages = [ pkgs.openssh ];
   environment.systemPackages = with pkgs; [
     docker-buildx
   ];
@@ -27,16 +32,18 @@
         mode = "0740";
       }
     ];
-    users.talexander = {
-      directories = [
-        {
-          directory = ".local/share/docker";
-          user = "talexander";
-          group = "talexander";
-          mode = "0740";
-        }
-      ];
-    };
+    # users.talexander = {
+    #   directories = [
+    #     {
+    #       directory = ".local/share/docker";
+    #       user = "talexander";
+    #       group = "talexander";
+    #       mode = "0740";
+    #     }
+    #   ];
+    # };
   };
 
+  # Needed for non-rootless docker
+  users.users.talexander.extraGroups = [ "docker" ];
 }