2023-12-12 00:48:10 +01:00
|
|
|
{ lib, config, pkgs, ... }:
|
|
|
|
|
|
|
|
|
|
{
|
|
|
|
|
config.virtualisation.docker = {
|
|
|
|
|
enable = true;
|
|
|
|
|
enableOnBoot = true;
|
|
|
|
|
storageDriver = if config.fileSystems."/".fsType == "btrfs" then "btrfs" else null;
|
|
|
|
|
rootless.enable = true;
|
|
|
|
|
rootless.setSocketVariable = true;
|
|
|
|
|
daemon.settings = {
|
|
|
|
|
default-address-pools = [
|
|
|
|
|
{base = "10.64.0.0/10"; size = 24;}
|
|
|
|
|
];
|
|
|
|
|
bip = "10.127.0.1/16";
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
config.users.users.indocker = {
|
|
|
|
|
isSystemUser = true;
|
|
|
|
|
hashedPassword = "!";
|
|
|
|
|
uid = 900;
|
|
|
|
|
group = "indocker";
|
|
|
|
|
};
|
|
|
|
|
config.users.groups.indocker = {
|
|
|
|
|
gid = 900;
|
|
|
|
|
};
|
|
|
|
|
config.environment.systemPackages = with pkgs; [
|
|
|
|
|
docker-compose
|
|
|
|
|
];
|
2024-01-30 04:35:45 +01:00
|
|
|
|
|
|
|
|
# Docker enables firewall anyway, let's enable the firewall for it if it's disabled
|
|
|
|
|
# TODO: Apply only when config.networking.firewall is false
|
|
|
|
|
config.networking.firewall = {
|
|
|
|
|
enable = lib.mkOverride 90 true;
|
|
|
|
|
allowedTCPPorts = lib.mkOverride 90 [];
|
|
|
|
|
allowedUDPPorts = lib.mkOverride 90 [];
|
|
|
|
|
allowedTCPPortRanges = lib.mkOverride 90 [{ from = 0; to = 65535;}];
|
|
|
|
|
allowedUDPPortRanges = lib.mkOverride 90 [{ from = 0; to = 65535;}];
|
|
|
|
|
};
|
2023-12-12 00:48:10 +01:00
|
|
|
}
|
