Do not install docker on neelix.

nix/configuration/hosts/neelix/default.nix

@@ -26,6 +26,6 @@
   me.bluetooth.enable = true;
   me.emacs_flavor = "plainmacs";
   me.graphical = true;
-  me.graphicsCardType = "intel";
+  me.graphics_card_type = "intel";
   me.kodi.enable = true;
 }

nix/configuration/hosts/odo/default.nix

@@ -34,8 +34,9 @@
   me.ares.enable = true;
   me.chromecast.enable = true;
   me.chromium.enable = true;
+  me.docker.enable = true;
   me.emacs_flavor = "full";
   me.graphical = true;
-  me.graphicsCardType = "amd";
+  me.graphics_card_type = "amd";
   me.sway.enable = true;
 }

nix/configuration/roles/docker/default.nix

@@ -8,42 +8,57 @@
 {
   imports = [ ];
 
-  virtualisation.docker.enable = true;
+  options.me = {
-  # Use docker activation
+    docker.enable = lib.mkOption {
-  virtualisation.docker.enableOnBoot = false;
+      type = lib.types.bool;
-  # Rootless docker breaks access to ssh for buildkit.
+      default = false;
-  # virtualisation.docker.rootless = {
+      example = true;
-  #   enable = true;
+      description = "Whether we want to install docker.";
-  #   setSocketVariable = true;
+    };
-  # };
-  # Give docker access to ssh for fetching repos with buildkit.
-  virtualisation.docker.extraPackages = [ pkgs.openssh ];
-  environment.systemPackages = with pkgs; [
-    docker-buildx
-  ];
-
-  environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {
-    hideMounts = true;
-    directories = [
-      {
-        directory = "/var/lib/docker";
-        user = "root";
-        group = "root";
-        mode = "0740";
-      }
-    ];
-    # users.talexander = {
-    #   directories = [
-    #     {
-    #       directory = ".local/share/docker";
-    #       user = "talexander";
-    #       group = "talexander";
-    #       mode = "0740";
-    #     }
-    #   ];
-    # };
   };
 
-  # Needed for non-rootless docker
+  config = lib.mkIf config.me.docker.enable (
-  users.users.talexander.extraGroups = [ "docker" ];
+    lib.mkMerge [
+      {
+        virtualisation.docker.enable = true;
+        # Use docker activation
+        virtualisation.docker.enableOnBoot = false;
+        # Rootless docker breaks access to ssh for buildkit.
+        # virtualisation.docker.rootless = {
+        #   enable = true;
+        #   setSocketVariable = true;
+        # };
+        # Give docker access to ssh for fetching repos with buildkit.
+        virtualisation.docker.extraPackages = [ pkgs.openssh ];
+        environment.systemPackages = with pkgs; [
+          docker-buildx
+        ];
+
+        environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {
+          hideMounts = true;
+          directories = [
+            {
+              directory = "/var/lib/docker";
+              user = "root";
+              group = "root";
+              mode = "0740";
+            }
+          ];
+          # users.talexander = {
+          #   directories = [
+          #     {
+          #       directory = ".local/share/docker";
+          #       user = "talexander";
+          #       group = "talexander";
+          #       mode = "0740";
+          #     }
+          #   ];
+          # };
+        };
+
+        # Needed for non-rootless docker
+        users.users.talexander.extraGroups = [ "docker" ];
+      }
+    ]
+  );
 }

nix/configuration/roles/global_options/default.nix

@@ -12,7 +12,7 @@
 
   };
 
-  # options.me.graphicsCardType = lib.mkOption {
+  # options.me.graphics_card_type = lib.mkOption {
   #   type = lib.types.nullOr (
   #     lib.types.enum [
   #       "amd"

nix/configuration/roles/graphics/default.nix

@@ -8,7 +8,7 @@
 {
   imports = [ ];
 
-  options.me.graphicsCardType = lib.mkOption {
+  options.me.graphics_card_type = lib.mkOption {
     type = lib.types.nullOr (
       lib.types.enum [
         "amd"

nix/configuration/roles/media/default.nix

@@ -45,7 +45,7 @@ in
           imv
         ];
       })
-      (lib.mkIf (config.me.graphicsCardType == "amd" || config.me.graphicsCardType == "intel") {
+      (lib.mkIf (config.me.graphics_card_type == "amd" || config.me.graphics_card_type == "intel") {
         environment.systemPackages = with pkgs; [
           cast_file_vaapi
         ];