From 4e759a7211ba65c6ef0190a9515a359ad1c132ac Mon Sep 17 00:00:00 2001
From: surtur <wanderer@dotya.ml>
Date: Sun, 17 Dec 2023 00:25:08 +0100
Subject: [PATCH] nix(t14): enable docker with user namespacing

---
 nix/hosts/t14/configuration.nix | 33 +++++++++++++++++++++++++++++++++
 1 file changed, 33 insertions(+)

diff --git a/nix/hosts/t14/configuration.nix b/nix/hosts/t14/configuration.nix
index 41ee6b7..b5e70c1 100644
--- a/nix/hosts/t14/configuration.nix
+++ b/nix/hosts/t14/configuration.nix
@@ -380,6 +380,39 @@
     };
   };
 
+  virtualisation.libvirtd.enable = true;
+  virtualisation.docker.enable = true;
+  virtualisation.docker.daemon.settings = {userns-remap = "dockremap:dockremap";};
+  ## rootless.
+  #virtualisation.docker.rootless = {
+  #  enable = true;
+  #  setSocketVariable = true;
+  #};
+  virtualisation.docker.storageDriver = "zfs";
+  users.users.dockremap = {
+    isNormalUser = false;
+    isSystemUser = true;
+    createHome = false;
+    shell = pkgs.zsh;
+    extraGroups = [
+      "docker"
+    ];
+    subUidRanges = [
+      {
+        count = 65535;
+        startUid = 65536 * 30;
+      }
+    ];
+    subGidRanges = [
+      {
+        count = 65535;
+        startGid = 65536 * 30;
+      }
+    ];
+  };
+  users.users.dockremap.group = "dockremap";
+  users.groups.dockremap = {};
+
   hardware = {
     bluetooth = {
       enable = true;