From 2d26d6ebd86427d3dff4d1d8104135cd5c8183d9 Mon Sep 17 00:00:00 2001 From: Hektor Misplon Date: Fri, 28 Nov 2025 20:57:04 +0100 Subject: [PATCH] don't use rootless docker on 'andromache', but keep it as an option --- hosts/andromache/default.nix | 1 + modules/docker.nix | 45 ++++++++++++++++++++++++++++++++---- 2 files changed, 41 insertions(+), 5 deletions(-) diff --git a/hosts/andromache/default.nix b/hosts/andromache/default.nix index ab5cd86..f2fc158 100644 --- a/hosts/andromache/default.nix +++ b/hosts/andromache/default.nix @@ -41,6 +41,7 @@ in ]; secrets.username = username; + docker.user = username; disko.devices = { disk.data = { diff --git a/modules/docker.nix b/modules/docker.nix index 5f688d8..dfb6c59 100644 --- a/modules/docker.nix +++ b/modules/docker.nix @@ -1,9 +1,44 @@ +{ config, lib, ... }: + +let + cfg = config.docker; +in { - virtualisation.docker = { - enable = false; - rootless = { - enable = true; - setSocketVariable = true; + options.docker = { + rootless = lib.mkOption { + type = lib.types.bool; + default = false; + }; + user = lib.mkOption { + type = lib.types.nullOr lib.types.str; + default = null; }; }; + config = lib.mkMerge [ + { + warnings = lib.flatten [ + (lib.optional ( + cfg.rootless && cfg.user != null + ) "'virtualisation.docker.user' is ignored when rootless mode is enabled") + (lib.optional ( + !cfg.rootless && cfg.user == null + ) "'virtualisation.docker.user' is not set (no user is added to the docker group)") + ]; + } + (lib.mkIf cfg.rootless { + virtualisation.docker = { + enable = false; + rootless = { + enable = true; + setSocketVariable = true; + }; + }; + }) + (lib.mkIf (!cfg.rootless && cfg.user != null) { + virtualisation.docker = { + enable = true; + }; + users.users.${cfg.user}.extraGroups = [ "docker" ]; + }) + ]; }