fred/nixos
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

update nix config

Browse source
This commit is contained in:
fred 2025-08-12 11:53:58 -07:00
parent f610209aff
commit 07b7f0cc1f
34 changed files with 388 additions and 240 deletions
Download patch file Download diff file Expand all files Collapse all files

31
modules/dev/docker.nix
View file

@ -1,5 +1,19 @@
{ config, pkgs, ... }: {
{ config, pkgs, lib, ... }: {
options = {
rootless_docker = lib.mkOption {
type = lib.types.bool;
description = "rootless docker";
default = true;
};
privileged_ports = lib.mkOption {
type = lib.types.bool;
description = "rootless docker allowed privileged ports";
default = false;
};
};
config = {
home-manager.users.${config.user} = { pkgs, ... }: {
@ -8,14 +22,25 @@
ctop
];
};
users.extraUsers.${config.user}.extraGroups = [ "docker" ];
virtualisation.docker = {
enable = true;
rootless = {
#enable = false;
rootless = lib.mkIf config.rootless_docker {
enable = true;
setSocketVariable = true;
};
};
# https://im.salty.fish/index.php/archives/nixos-docker-rootless-privileged-ports.html
security.wrappers = lib.mkIf config.privileged_ports {
docker-rootlesskit = {
owner = "root";
group = "root";
capabilities = "cap_net_bind_service+ep";
source = "${pkgs.rootlesskit}/bin/rootlesskit";
};
};
};
}