Simon Bruder
f945341668
This applies the REUSE specification to the repository, so the licensing information can be tracked for every file individually.
48 lines
1.3 KiB
Nix
48 lines
1.3 KiB
Nix
# SPDX-FileCopyrightText: 2020-2021 Simon Bruder <simon@sbruder.de>
|
|
#
|
|
# SPDX-License-Identifier: AGPL-3.0-or-later
|
|
|
|
{ config, lib, pkgs, ... }:
|
|
|
|
{
|
|
# This uses a custom option (instead of `virtualisation.docker.enable`) since
|
|
# `virtualisation.oci-containers` conditionally sets
|
|
# `virtualisation.docker.enable` and therefore causes an infinite recursion.
|
|
options.sbruder.docker.enable = lib.mkEnableOption "docker with ipv6nat";
|
|
|
|
config = lib.mkIf config.sbruder.docker.enable {
|
|
environment.systemPackages = with pkgs; [
|
|
docker-compose
|
|
docker-credential-helpers
|
|
docker-ls
|
|
];
|
|
|
|
virtualisation = {
|
|
docker = {
|
|
enable = true;
|
|
logDriver = "journald";
|
|
extraOptions = lib.concatStringsSep " " [
|
|
"--ipv6"
|
|
"--fixed-cidr-v6=fd00:d0ce:d0ce:d0ce::/64"
|
|
];
|
|
};
|
|
|
|
oci-containers.containers.ipv6nat = {
|
|
image = "robbertkl/ipv6nat";
|
|
volumes = [
|
|
"/var/run/docker.sock:/var/run/docker.sock:ro"
|
|
];
|
|
extraOptions = [
|
|
"--network=host"
|
|
"--cap-drop=ALL"
|
|
"--cap-add=NET_ADMIN"
|
|
"--cap-add=NET_RAW"
|
|
"--cap-add=SYS_MODULE"
|
|
];
|
|
};
|
|
};
|
|
|
|
environment.etc."modules-load.d/ipv6nat.conf".text = "ip6_tables\n";
|
|
};
|
|
}
|