{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
docker.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install docker.";
};
};
config = lib.mkIf config.me.docker.enable (
lib.mkMerge [
{
virtualisation.docker.enable = true;
# Use docker activation
virtualisation.docker.enableOnBoot = false;
# Rootless docker breaks access to ssh for buildkit.
# virtualisation.docker.rootless = {
# enable = true;
# setSocketVariable = true;
# };
# Give docker access to ssh for fetching repos with buildkit.
virtualisation.docker.extraPackages = [ pkgs.openssh ];
environment.systemPackages = with pkgs; [
docker-buildx
];
environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
directories = [
{
directory = "/var/lib/docker";
user = "root";
group = "root";
mode = "0740";
}
];
# users.talexander = {
# directories = [
# {
# directory = ".local/share/docker";
# user = "talexander";
# group = "talexander";
# mode = "0740";
# }
# ];
# };
};
systemd.services.link-docker-creds = {
# Contains credentials so it cannot be added to the nix store
enable = true;
description = "link-docker-creds";
wantedBy = [ "multi-user.target" ];
wants = [ "multi-user.target" ];
after = [ "multi-user.target" ];
# path = with pkgs; [
# zfs
# ];
unitConfig.DefaultDependencies = "no";
serviceConfig = {
Type = "oneshot";
RemainAfterExit = "yes";
};
script = ''
if [ -e /persist/manual/docker/config.json ]; then
install --directory --owner talexander --group talexander --mode 0700 /home/talexander/.docker
ln -s /persist/manual/docker/config.json /home/talexander/.docker/config.json
fi
'';
preStop = ''
rm -f /home/talexander/.docker/config.json
'';
};
# Needed for non-rootless docker
users.users.talexander.extraGroups = [ "docker" ];
}
]
);
}