# SPDX-FileCopyrightText: 2020-2021 Simon Bruder <simon@sbruder.de>
#
# SPDX-License-Identifier: AGPL-3.0-or-later

{ config, lib, pkgs, ... }:

{
  # This uses a custom option (instead of `virtualisation.docker.enable`) since
  # `virtualisation.oci-containers` conditionally sets
  # `virtualisation.docker.enable` and therefore causes an infinite recursion.
  options.sbruder.docker.enable = lib.mkEnableOption "docker with ipv6nat";

  config = lib.mkIf config.sbruder.docker.enable {
    environment.systemPackages = with pkgs; [
      docker-compose
      docker-credential-helpers
      docker-ls
    ];

    virtualisation = {
      docker = {
        enable = true;
        logDriver = "journald";
        extraOptions = lib.concatStringsSep " " [
          "--ipv6"
          "--fixed-cidr-v6=fd00:d0ce:d0ce:d0ce::/64"
        ];
      };

      oci-containers.containers.ipv6nat = {
        image = "robbertkl/ipv6nat";
        volumes = [
          "/var/run/docker.sock:/var/run/docker.sock:ro"
        ];
        extraOptions = [
          "--network=host"
          "--cap-drop=ALL"
          "--cap-add=NET_ADMIN"
          "--cap-add=NET_RAW"
          "--cap-add=SYS_MODULE"
        ];
      };
    };

    environment.etc."modules-load.d/ipv6nat.conf".text = "ip6_tables\n";
  };
}