{ config, lib, pkgs, ... }: { imports = [ ]; options.me = { docker.enable = lib.mkOption { type = lib.types.bool; default = false; example = true; description = "Whether we want to install docker."; }; }; config = lib.mkIf config.me.docker.enable ( lib.mkMerge [ { virtualisation.docker.enable = true; # Use docker activation virtualisation.docker.enableOnBoot = false; # Rootless docker breaks access to ssh for buildkit. # virtualisation.docker.rootless = { # enable = true; # setSocketVariable = true; # }; # Give docker access to ssh for fetching repos with buildkit. virtualisation.docker.extraPackages = [ pkgs.openssh ]; environment.systemPackages = with pkgs; [ docker-buildx ]; environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) { hideMounts = true; directories = [ { directory = "/var/lib/docker"; user = "root"; group = "root"; mode = "0740"; } ]; # users.talexander = { # directories = [ # { # directory = ".local/share/docker"; # user = "talexander"; # group = "talexander"; # mode = "0740"; # } # ]; # }; }; systemd.services.link-docker-creds = { # Contains credentials so it cannot be added to the nix store enable = true; description = "link-docker-creds"; wantedBy = [ "multi-user.target" ]; wants = [ "multi-user.target" ]; after = [ "multi-user.target" ]; # path = with pkgs; [ # zfs # ]; unitConfig.DefaultDependencies = "no"; serviceConfig = { Type = "oneshot"; RemainAfterExit = "yes"; }; script = '' if [ -e /persist/manual/docker/config.json ]; then install --directory --owner talexander --group talexander --mode 0700 /home/talexander/.docker ln -s /persist/manual/docker/config.json /home/talexander/.docker/config.json fi ''; preStop = '' rm -f /home/talexander/.docker/config.json ''; }; # Needed for non-rootless docker users.users.talexander.extraGroups = [ "docker" ]; } ] ); }