treewide: restructure modules

make every module contain config attribute and if module doesn't use module arguments, don't make it a function
2025-04-07 12:54:34 +02:00 · 2025-04-07 12:54:34 +02:00 · 27b241adff
commit 27b241adff
parent 4dab0aff15
10 changed files with 490 additions and 477 deletions
--- a/nix-os/docker.nix
+++ b/nix-os/docker.nix
@ -1,39 +1,41 @@
 { lib, config, pkgs, ... }:

 {
-  config.virtualisation.docker = {
-    enable = true;
-    enableOnBoot = true;
-    storageDriver = if config.fileSystems."/".fsType == "btrfs" then "btrfs" else null;
-    rootless.enable = true;
-    rootless.setSocketVariable = true;
-    daemon.settings = {
-      default-address-pools = [
-        {base = "10.64.0.0/10"; size = 24;}
-      ];
-      bip = "10.127.0.1/16";
+  config = {
+    virtualisation.docker = {
+      enable = true;
+      enableOnBoot = true;
+      storageDriver = if config.fileSystems."/".fsType == "btrfs" then "btrfs" else null;
+      rootless.enable = true;
+      rootless.setSocketVariable = true;
+      daemon.settings = {
+        default-address-pools = [
+          {base = "10.64.0.0/10"; size = 24;}
+        ];
+        bip = "10.127.0.1/16";
+      };
+    };
+    users.users.indocker = {
+      isSystemUser = true;
+      hashedPassword = "!";
+      uid = 900;
+      group = "indocker";
+    };
+    users.groups.indocker = {
+      gid = 900;
+    };
+    environment.systemPackages = with pkgs; [
+      docker-compose
+    ];
+
+    # Docker enables firewall anyway, let's enable the firewall for it if it's disabled
+    # TODO: Apply only when config.networking.firewall is false
+    networking.firewall = {
+      enable = lib.mkOverride 90 true;
+      allowedTCPPorts = lib.mkOverride 90 [];
+      allowedUDPPorts = lib.mkOverride 90 [];
+      allowedTCPPortRanges = lib.mkOverride 90 [{ from = 0; to = 65535;}];
+      allowedUDPPortRanges = lib.mkOverride 90 [{ from = 0; to = 65535;}];
    };
  };
-  config.users.users.indocker = {
-    isSystemUser = true;
-    hashedPassword = "!";
-    uid = 900;
-    group = "indocker";
-  };
-  config.users.groups.indocker = {
-    gid = 900;
-  };
-  config.environment.systemPackages = with pkgs; [
-    docker-compose
-  ];
-
-  # Docker enables firewall anyway, let's enable the firewall for it if it's disabled
-  # TODO: Apply only when config.networking.firewall is false
-  config.networking.firewall = {
-    enable = lib.mkOverride 90 true;
-    allowedTCPPorts = lib.mkOverride 90 [];
-    allowedUDPPorts = lib.mkOverride 90 [];
-    allowedTCPPortRanges = lib.mkOverride 90 [{ from = 0; to = 65535;}];
-    allowedUDPPortRanges = lib.mkOverride 90 [{ from = 0; to = 65535;}];
-  };
 }