don't use rootless docker on 'andromache', but keep it as an option

2025-11-28 20:57:04 +01:00
parent e0a1ec77ed
commit 2d26d6ebd8
2 changed files with 41 additions and 5 deletions
--- a/modules/docker.nix
+++ b/modules/docker.nix
@@ -1,9 +1,44 @@
+{ config, lib, ... }:
+
+let
+  cfg = config.docker;
+in
 {
-  virtualisation.docker = {
-    enable = false;
-    rootless = {
-      enable = true;
-      setSocketVariable = true;
+  options.docker = {
+    rootless = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+    };
+    user = lib.mkOption {
+      type = lib.types.nullOr lib.types.str;
+      default = null;
    };
  };
+  config = lib.mkMerge [
+    {
+      warnings = lib.flatten [
+        (lib.optional (
+          cfg.rootless && cfg.user != null
+        ) "'virtualisation.docker.user' is ignored when rootless mode is enabled")
+        (lib.optional (
+          !cfg.rootless && cfg.user == null
+        ) "'virtualisation.docker.user' is not set (no user is added to the docker group)")
+      ];
+    }
+    (lib.mkIf cfg.rootless {
+      virtualisation.docker = {
+        enable = false;
+        rootless = {
+          enable = true;
+          setSocketVariable = true;
+        };
+      };
+    })
+    (lib.mkIf (!cfg.rootless && cfg.user != null) {
+      virtualisation.docker = {
+        enable = true;
+      };
+      users.users.${cfg.user}.extraGroups = [ "docker" ];
+    })
+  ];
 }