simon/nixos-config
simon/nixos-config
1
1
Fork 0
Code Issues 8 Pull requests Actions Projects Activity

Make docker optional

Browse source
This commit is contained in:
Simon Bruder 2021-01-17 19:32:01 +01:00
parent a68b429a58
commit 21a8f5a358
Signed by: simon
GPG key ID: 8D3C82F9F309F8EC
3 changed files with 38 additions and 29 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
machines/nunotaba/configuration.nix
View file

@ -9,6 +9,7 @@
sbruder = { sbruder = {
cpu.intel.enable = true; cpu.intel.enable = true;
docker.enable = true;
games.enable = true; games.enable = true;
gpu.intel.enable = true; gpu.intel.enable = true;
gui.enable = true; gui.enable = true;

1
machines/sayuri/configuration.nix
View file

@ -9,6 +9,7 @@
sbruder = { sbruder = {
cpu.intel.enable = true; cpu.intel.enable = true;
docker.enable = true;
games.enable = true; games.enable = true;
gpu.amd.enable = true; gpu.amd.enable = true;
gui.enable = true; gui.enable = true;

65
modules/docker.nix
View file

@ -1,36 +1,43 @@
{ config, pkgs, ... }: { config, lib, pkgs, ... }:
{ {
environment.systemPackages = with pkgs; [ # This uses a custom option (instead of `virtualisation.docker.enable`) since
docker-compose # `virtualisation.oci-containers` conditionally sets
docker-credential-helpers # `virtualisation.docker.enable` and therefore causes an infinite recursion.
docker-ls options.sbruder.docker.enable = lib.mkEnableOption "docker with ipv6nat";
];
virtualisation = { config = lib.mkIf config.sbruder.docker.enable {
docker = { environment.systemPackages = with pkgs; [
enable = true; docker-compose
logDriver = "journald"; docker-credential-helpers
extraOptions = builtins.concatStringsSep " " [ docker-ls
"--ipv6" ];
"--fixed-cidr-v6=fd00:d0ce:d0ce:d0ce::/64"
]; virtualisation = {
docker = {
enable = true;
logDriver = "journald";
extraOptions = builtins.concatStringsSep " " [
"--ipv6"
"--fixed-cidr-v6=fd00:d0ce:d0ce:d0ce::/64"
];
};
oci-containers.containers.ipv6nat = {
image = "robbertkl/ipv6nat";
volumes = [
"/var/run/docker.sock:/var/run/docker.sock:ro"
];
extraOptions = [
"--network=host"
"--cap-drop=ALL"
"--cap-add=NET_ADMIN"
"--cap-add=NET_RAW"
"--cap-add=SYS_MODULE"
];
};
}; };
oci-containers.containers.ipv6nat = { environment.etc."modules-load.d/ipv6nat.conf".text = "ip6_tables\n";
image = "robbertkl/ipv6nat";
volumes = [
"/var/run/docker.sock:/var/run/docker.sock:ro"
];
extraOptions = [
"--network=host"
"--cap-drop=ALL"
"--cap-add=NET_ADMIN"
"--cap-add=NET_RAW"
"--cap-add=SYS_MODULE"
];
};
}; };
environment.etc."modules-load.d/ipv6nat.conf".text = "ip6_tables\n";
} }