From d91e17815500b06d935294e7c3672ae4a3bf3510 Mon Sep 17 00:00:00 2001
From: Christoph Urlacher <christoph.urlacher@protonmail.com>
Date: Wed, 9 Jul 2025 00:06:22 +0200
Subject: [PATCH] Modules: Add docker/podman module

---
 system/modules/default.nix        |  1 +
 system/modules/docker/default.nix | 57 +++++++++++++++++++++++++++++++
 system/modules/docker/options.nix | 10 ++++++
 3 files changed, 68 insertions(+)
 create mode 100644 system/modules/docker/default.nix
 create mode 100644 system/modules/docker/options.nix

diff --git a/system/modules/default.nix b/system/modules/default.nix
index 68305cf1..45c26ddc 100644
--- a/system/modules/default.nix
+++ b/system/modules/default.nix
@@ -2,6 +2,7 @@
   imports = [
     ./bootloader
     ./desktopportal
+    ./docker
     ./fonts
     ./mime
     ./polkit
diff --git a/system/modules/docker/default.nix b/system/modules/docker/default.nix
new file mode 100644
index 00000000..1e86bea7
--- /dev/null
+++ b/system/modules/docker/default.nix
@@ -0,0 +1,57 @@
+{
+  config,
+  lib,
+  mylib,
+  ...
+}: let
+  inherit (config.modules) docker;
+in {
+  options.modules.docker = import ./options.nix {inherit lib mylib;};
+
+  config = lib.mkIf docker.enable {
+    virtualisation = {
+      docker = {
+        enable = !docker.podman;
+        autoPrune.enable = true;
+        enableNvidia = true;
+
+        rootless = {
+          enable = docker.docker.rootless;
+          setSocketVariable = true;
+        };
+
+        daemon.settings = {
+          # ipv6 = true;
+          # fixed-cidr-v6 = "2001::/80";
+
+          dns = [
+            "8.8.8.8"
+            # "2001:4860:4860::8888"
+
+            # "127.0.0.1"
+            # "192.168.86.25"
+          ];
+
+          hosts = [
+            # Allow access to docker socket
+            "tcp://0.0.0.0:2375"
+            "unix:///var/run/docker.sock"
+          ];
+        };
+      };
+
+      podman = {
+        enable = docker.podman;
+        autoPrune.enable = true;
+        dockerCompat = true;
+        dockerSocket.enable = true;
+        defaultNetwork.settings.dns_enabled = true;
+
+        # extraPackages = with pkgs; [];
+      };
+
+      oci-containers.backend = "podman"; # "docker" or "podman"
+      libvirtd.enable = true;
+    };
+  };
+}
diff --git a/system/modules/docker/options.nix b/system/modules/docker/options.nix
new file mode 100644
index 00000000..8a2fad09
--- /dev/null
+++ b/system/modules/docker/options.nix
@@ -0,0 +1,10 @@
+{
+  lib,
+  mylib,
+  ...
+}: {
+  enable = lib.mkEnableOption "Enable light virtualization using containers";
+
+  podman = lib.mkEnableOption "Use podman instead of docker";
+  docker.rootless = lib.mkEnableOption "Use rootless docker (no effect if podman is used)";
+}