139 lines
3.5 KiB
Nix
139 lines
3.5 KiB
Nix
{
|
|
config,
|
|
lib,
|
|
mylib,
|
|
...
|
|
}: let
|
|
inherit (config.modules) docker;
|
|
in {
|
|
options.modules.docker = import ./options.nix {inherit lib mylib;};
|
|
|
|
config = lib.mkIf docker.enable {
|
|
environment.variables = lib.mkMerge [
|
|
(lib.mkIf (!docker.podman) {
|
|
DOCKER_BUILDKIT = 1;
|
|
})
|
|
];
|
|
|
|
networking.firewall.trustedInterfaces = ["docker0" "podman0"];
|
|
|
|
virtualisation = {
|
|
docker = {
|
|
enable = !docker.podman;
|
|
autoPrune.enable = true;
|
|
|
|
rootless = {
|
|
enable = docker.docker.rootless;
|
|
setSocketVariable = true;
|
|
};
|
|
|
|
daemon.settings = {
|
|
# ipv6 = true;
|
|
# fixed-cidr-v6 = "2001::/80";
|
|
|
|
dns = [
|
|
"8.8.8.8"
|
|
# "2001:4860:4860::8888"
|
|
|
|
# "127.0.0.1"
|
|
# "192.168.86.25"
|
|
];
|
|
|
|
hosts = [
|
|
# Allow access to docker socket
|
|
"tcp://0.0.0.0:2375"
|
|
"unix:///var/run/docker.sock"
|
|
];
|
|
};
|
|
};
|
|
|
|
podman = {
|
|
enable = docker.podman;
|
|
autoPrune.enable = true;
|
|
dockerCompat = true;
|
|
dockerSocket.enable = true;
|
|
defaultNetwork.settings.dns_enabled = true;
|
|
|
|
# extraPackages = with pkgs; [];
|
|
};
|
|
|
|
oci-containers.backend =
|
|
if docker.podman
|
|
then "podman"
|
|
else "docker"; # "docker" or "podman"
|
|
libvirtd.enable = true;
|
|
};
|
|
|
|
systemd.services = let
|
|
cli =
|
|
if docker.podman
|
|
then "${config.virtualisation.podman.package}/bin/podman"
|
|
else "${config.virtualisation.docker.package}/bin/docker";
|
|
|
|
mkDockerNetwork = options:
|
|
builtins.concatStringsSep "\n" [
|
|
# Make sure to return true on fail to not crash
|
|
''
|
|
check=$(${cli} network inspect ${options.name} || true)
|
|
if [ -z "$check" ]; then
|
|
''
|
|
|
|
(builtins.concatStringsSep " " [
|
|
"${cli} network create"
|
|
|
|
# Disable masquerading
|
|
(lib.optionalString
|
|
options.disable_masquerade
|
|
''-o "com.docker.network.bridge.enable_ip_masquerade"="false"'')
|
|
|
|
# Enable ipv6
|
|
(lib.optionalString
|
|
options.ipv6.enable
|
|
"--ipv6")
|
|
(lib.optionalString
|
|
(!(builtins.isNull options.ipv6.gateway))
|
|
''--gateway="${options.ipv6.gateway}"'')
|
|
(lib.optionalString
|
|
(!(builtins.isNull options.ipv6.subnet))
|
|
''--subnet="${options.ipv6.subnet}"'')
|
|
|
|
"${options.name}"
|
|
])
|
|
|
|
''
|
|
else
|
|
echo "Network ${options.name} already exists!"
|
|
fi
|
|
''
|
|
];
|
|
|
|
mkPodmanNetwork = options:
|
|
builtins.concatStringsSep "\n" [
|
|
''
|
|
ehco "Can't create Podman networks (yet)!"
|
|
''
|
|
];
|
|
|
|
mkSystemdNetworkService = options: let
|
|
toolName =
|
|
if docker.podman
|
|
then "podman"
|
|
else "docker";
|
|
in {
|
|
"${toolName}-create-${options.name}-network" = {
|
|
description = "Creates the ${toolName} network \"${options.name}\"";
|
|
after = ["network.target"];
|
|
wantedBy = ["multi-user.target"];
|
|
|
|
serviceConfig.Type = "oneshot";
|
|
script =
|
|
if docker.podman
|
|
then (mkPodmanNetwork options)
|
|
else (mkDockerNetwork options);
|
|
};
|
|
};
|
|
in
|
|
lib.mkMerge (builtins.map mkSystemdNetworkService docker.networks);
|
|
};
|
|
}
|