{
  config,
  lib,
  pkgs,
  ...
}:

{
  imports = [ ];

  virtualisation.docker.enable = true;
  # Use docker activation
  virtualisation.docker.enableOnBoot = false;
  # Rootless docker breaks access to ssh for buildkit.
  # virtualisation.docker.rootless = {
  #   enable = true;
  #   setSocketVariable = true;
  # };
  # Give docker access to ssh for fetching repos with buildkit.
  virtualisation.docker.extraPackages = [ pkgs.openssh ];
  environment.systemPackages = with pkgs; [
    docker-buildx
  ];

  environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {
    hideMounts = true;
    directories = [
      {
        directory = "/var/lib/docker";
        user = "root";
        group = "root";
        mode = "0740";
      }
    ];
    # users.talexander = {
    #   directories = [
    #     {
    #       directory = ".local/share/docker";
    #       user = "talexander";
    #       group = "talexander";
    #       mode = "0740";
    #     }
    #   ];
    # };
  };

  # Needed for non-rootless docker
  users.users.talexander.extraGroups = [ "docker" ];
}