machine_setup/nix/configuration/roles/docker/default.nix

{
  config,
  lib,
  pkgs,
  ...
}:

{
  imports = [ ];

  virtualisation.docker.enable = true;
  virtualisation.docker.rootless = {
    enable = true;
    setSocketVariable = true;
  };

  environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {
    hideMounts = true;
    directories = [
      {
        directory = "/var/lib/docker";
        user = "root";
        group = "root";
        mode = "0740";
      }
    ];
    users.talexander = {
      directories = [
        {
          directory = ".local/share/docker";
          user = "talexander";
          group = "talexander";
          mode = "0740";
        }
      ];
    };
  };

}