{ lib, config, pkgs, ... }: { config.virtualisation.docker = { enable = true; # enableNvidia = true; enableOnBoot = true; storageDriver = if config.fileSystems."/".fsType == "btrfs" then "btrfs" else null; rootless.enable = true; rootless.setSocketVariable = true; daemon.settings = { default-address-pools = [ {base = "10.64.0.0/10"; size = 24;} ]; bip = "10.127.0.1/16"; }; }; config.users.users.indocker = { isSystemUser = true; hashedPassword = "!"; uid = 900; group = "indocker"; }; config.users.groups.indocker = { gid = 900; }; config.environment.systemPackages = with pkgs; [ docker-compose ]; # Docker enables firewall anyway, let's enable the firewall for it if it's disabled # TODO: Apply only when config.networking.firewall is false config.networking.firewall = { enable = lib.mkOverride 90 true; allowedTCPPorts = lib.mkOverride 90 []; allowedUDPPorts = lib.mkOverride 90 []; allowedTCPPortRanges = lib.mkOverride 90 [{ from = 0; to = 65535;}]; allowedUDPPortRanges = lib.mkOverride 90 [{ from = 0; to = 65535;}]; }; }