Wroclaw
27b241adff
make every module contain config attribute and if module doesn't use module arguments, don't make it a function
41 lines
1.2 KiB
Nix
41 lines
1.2 KiB
Nix
{ lib, config, pkgs, ... }:
|
|
|
|
{
|
|
config = {
|
|
virtualisation.docker = {
|
|
enable = true;
|
|
enableOnBoot = true;
|
|
storageDriver = if config.fileSystems."/".fsType == "btrfs" then "btrfs" else null;
|
|
rootless.enable = true;
|
|
rootless.setSocketVariable = true;
|
|
daemon.settings = {
|
|
default-address-pools = [
|
|
{base = "10.64.0.0/10"; size = 24;}
|
|
];
|
|
bip = "10.127.0.1/16";
|
|
};
|
|
};
|
|
users.users.indocker = {
|
|
isSystemUser = true;
|
|
hashedPassword = "!";
|
|
uid = 900;
|
|
group = "indocker";
|
|
};
|
|
users.groups.indocker = {
|
|
gid = 900;
|
|
};
|
|
environment.systemPackages = with pkgs; [
|
|
docker-compose
|
|
];
|
|
|
|
# Docker enables firewall anyway, let's enable the firewall for it if it's disabled
|
|
# TODO: Apply only when config.networking.firewall is false
|
|
networking.firewall = {
|
|
enable = lib.mkOverride 90 true;
|
|
allowedTCPPorts = lib.mkOverride 90 [];
|
|
allowedUDPPorts = lib.mkOverride 90 [];
|
|
allowedTCPPortRanges = lib.mkOverride 90 [{ from = 0; to = 65535;}];
|
|
allowedUDPPortRanges = lib.mkOverride 90 [{ from = 0; to = 65535;}];
|
|
};
|
|
};
|
|
}
|