christoph/flake-nixinator
1
Fork 0
Code Activity

Modules/Docker: Add networks option

Browse Source
This commit is contained in:
Christoph Urlacher
2025-07-10 00:40:13 +02:00
parent bcbcec1e21
commit f0a18f452d
2 changed files with 115 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

71
system/modules/docker/default.nix
View File

@ -15,6 +15,8 @@ in {
})
];
networking.firewall.trustedInterfaces = ["docker0" "podman0"];
virtualisation = {
docker = {
enable = !docker.podman;
@ -61,5 +63,74 @@ in {
else "docker"; # "docker" or "podman"
libvirtd.enable = true;
};
systemd.services = let
cli =
if docker.podman
then "${config.virtualisation.podman.package}/bin/podman"
else "${config.virtualisation.docker.package}/bin/docker";
mkDockerNetwork = name: options:
builtins.concatStringsSep "\n" [
# Make sure to return true on fail to not crash
''
check=$(${cli} network inspect ${name} || true)
if [ -z "$check" ]; then
''
(builtins.concatStringsSep " " [
"${cli} network create"
# Disable masquerading
(lib.mkIf
options.disable_masquerade
''-o "com.docker.network.bridge.enable_ip_masquerade"="false"'')
# Enable ipv6
(lib.mkIf
options.ipv6.enable
"--ipv6")
(lib.mkIf
(builtins.hasAttr "gateway" options.ipv6)
''--gateway="${options.ipv6.gateway}"'')
(lib.mkIf
(builtins.hasAttrs "subnet" options.ipv6)
''--subnet="${options.ipv6.subnet}"'')
"${name}"
])
''
else
echo "${name} already exists!"
fi
''
];
mkPodmanNetwork = name: options:
builtins.concatStringsSep "\n" [
''
ehco "Can't create Podman networks (yet)!"
''
];
mkSystemdNetworkService = name: options: let
toolName =
if docker.podman
then "Podman"
else "Docker";
in {
description = "Creates the ${toolName} network \"${name}\"";
after = ["network.target"];
wantedBy = ["multi-user.target"];
serviceConfig.Type = "oneshot";
script =
if docker.podman
then (mkPodmanNetwork name options)
else (mkDockerNetwork name options);
};
in
lib.mkMerge (builtins.mapAttrs mkSystemdNetworkService docker.networks);
};
}