From f843b7924f86941f3a651f07889953840ae9f756 Mon Sep 17 00:00:00 2001
From: Tom Alexander <tom@fizz.buzz>
Date: Wed, 1 Jan 2025 14:10:08 -0500
Subject: [PATCH] Add docker.

---
 nix/configuration/configuration.nix        |  1 +
 nix/configuration/roles/docker/default.nix | 39 ++++++++++++++++++++++
 2 files changed, 40 insertions(+)
 create mode 100644 nix/configuration/roles/docker/default.nix

diff --git a/nix/configuration/configuration.nix b/nix/configuration/configuration.nix
index 6f24b71..427f239 100644
--- a/nix/configuration/configuration.nix
+++ b/nix/configuration/configuration.nix
@@ -39,6 +39,7 @@
     ./roles/bsnes
     ./roles/ssh
     ./roles/python
+    ./roles/docker
   ];
 
   nix.settings.experimental-features = [
diff --git a/nix/configuration/roles/docker/default.nix b/nix/configuration/roles/docker/default.nix
new file mode 100644
index 0000000..f53af03
--- /dev/null
+++ b/nix/configuration/roles/docker/default.nix
@@ -0,0 +1,39 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+
+{
+  imports = [ ];
+
+  virtualisation.docker.enable = true;
+  virtualisation.docker.rootless = {
+    enable = true;
+    setSocketVariable = true;
+  };
+
+  environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {
+    hideMounts = true;
+    directories = [
+      {
+        directory = "/var/lib/docker";
+        user = "root";
+        group = "root";
+        mode = "0740";
+      }
+    ];
+    users.talexander = {
+      directories = [
+        {
+          directory = ".local/share/docker";
+          user = "talexander";
+          group = "talexander";
+          mode = "0740";
+        }
+      ];
+    };
+  };
+
+}