diff --git a/machines/nunotaba/configuration.nix b/machines/nunotaba/configuration.nix
index e254bf1..b7d1b79 100644
--- a/machines/nunotaba/configuration.nix
+++ b/machines/nunotaba/configuration.nix
@@ -9,6 +9,7 @@
 
   sbruder = {
     cpu.intel.enable = true;
+    docker.enable = true;
     games.enable = true;
     gpu.intel.enable = true;
     gui.enable = true;
diff --git a/machines/sayuri/configuration.nix b/machines/sayuri/configuration.nix
index f876c01..707d18b 100644
--- a/machines/sayuri/configuration.nix
+++ b/machines/sayuri/configuration.nix
@@ -9,6 +9,7 @@
 
   sbruder = {
     cpu.intel.enable = true;
+    docker.enable = true;
     games.enable = true;
     gpu.amd.enable = true;
     gui.enable = true;
diff --git a/modules/docker.nix b/modules/docker.nix
index 04f141e..8f0eb38 100644
--- a/modules/docker.nix
+++ b/modules/docker.nix
@@ -1,36 +1,43 @@
-{ config, pkgs, ... }:
+{ config, lib, pkgs, ... }:
 
 {
-  environment.systemPackages = with pkgs; [
-    docker-compose
-    docker-credential-helpers
-    docker-ls
-  ];
+  # This uses a custom option (instead of `virtualisation.docker.enable`) since
+  # `virtualisation.oci-containers` conditionally sets
+  # `virtualisation.docker.enable` and therefore causes an infinite recursion.
+  options.sbruder.docker.enable = lib.mkEnableOption "docker with ipv6nat";
 
-  virtualisation = {
-    docker = {
-      enable = true;
-      logDriver = "journald";
-      extraOptions = builtins.concatStringsSep " " [
-        "--ipv6"
-        "--fixed-cidr-v6=fd00:d0ce:d0ce:d0ce::/64"
-      ];
+  config = lib.mkIf config.sbruder.docker.enable {
+    environment.systemPackages = with pkgs; [
+      docker-compose
+      docker-credential-helpers
+      docker-ls
+    ];
+
+    virtualisation = {
+      docker = {
+        enable = true;
+        logDriver = "journald";
+        extraOptions = builtins.concatStringsSep " " [
+          "--ipv6"
+          "--fixed-cidr-v6=fd00:d0ce:d0ce:d0ce::/64"
+        ];
+      };
+
+      oci-containers.containers.ipv6nat = {
+        image = "robbertkl/ipv6nat";
+        volumes = [
+          "/var/run/docker.sock:/var/run/docker.sock:ro"
+        ];
+        extraOptions = [
+          "--network=host"
+          "--cap-drop=ALL"
+          "--cap-add=NET_ADMIN"
+          "--cap-add=NET_RAW"
+          "--cap-add=SYS_MODULE"
+        ];
+      };
     };
 
-    oci-containers.containers.ipv6nat = {
-      image = "robbertkl/ipv6nat";
-      volumes = [
-        "/var/run/docker.sock:/var/run/docker.sock:ro"
-      ];
-      extraOptions = [
-        "--network=host"
-        "--cap-drop=ALL"
-        "--cap-add=NET_ADMIN"
-        "--cap-add=NET_RAW"
-        "--cap-add=SYS_MODULE"
-      ];
-    };
+    environment.etc."modules-load.d/ipv6nat.conf".text = "ip6_tables\n";
   };
-
-  environment.etc."modules-load.d/ipv6nat.conf".text = "ip6_tables\n";
 }