68 lines
1.7 KiB
Nix
68 lines
1.7 KiB
Nix
# Docker (System Module)
|
|
#
|
|
# Provides:
|
|
# - Docker runtime and CLI
|
|
# - Docker Compose
|
|
# - User access via `docker` group
|
|
# - Optional rootless mode and cgroup v2 support
|
|
#
|
|
# Options:
|
|
# - enable → Enable Docker system module
|
|
# - username → User to add to the docker group
|
|
# - enableOnBoot → Start Docker service on boot (default: true)
|
|
# - rootless → Enable Docker rootless mode (disabled by default)
|
|
#
|
|
# Notes:
|
|
# - Rootless mode is disabled by default
|
|
# - Uses cgroup v2 for better resource management on modern kernels
|
|
{
|
|
config,
|
|
lib,
|
|
pkgs,
|
|
...
|
|
}: let
|
|
cfg = config.nyx-module.system.docker;
|
|
in {
|
|
options.nyx-module.system.docker = {
|
|
enable = lib.mkEnableOption "Enable Docker (system module)";
|
|
|
|
username = lib.mkOption {
|
|
type = lib.types.str;
|
|
example = "alice";
|
|
description = "User to add to the docker group.";
|
|
};
|
|
|
|
enableOnBoot = lib.mkOption {
|
|
type = lib.types.bool;
|
|
default = true;
|
|
description = "Whether to enable Docker service on boot.";
|
|
};
|
|
|
|
rootless = lib.mkEnableOption "Enable rootless Docker mode";
|
|
};
|
|
|
|
config = lib.mkIf cfg.enable {
|
|
virtualisation.docker = {
|
|
enable = true;
|
|
enableOnBoot = cfg.enableOnBoot;
|
|
rootless.enable = cfg.rootless;
|
|
};
|
|
|
|
users.users.${cfg.username}.extraGroups = ["docker"];
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
docker
|
|
docker-compose
|
|
];
|
|
|
|
# Optional: Docker cgroup v2 (usually enabled by default in modern NixOS)
|
|
boot.kernelParams = ["cgroup_enable=memory" "cgroup_memory=1"];
|
|
|
|
assertions = [
|
|
{
|
|
assertion = cfg.username != "";
|
|
message = "nyx-module.system.docker.username must be set to a valid user.";
|
|
}
|
|
];
|
|
};
|
|
}
|