wanderer/infra
1
0
Fork 0
Code Issues 1 Pull Requests Releases Activity

nix(t14): enable docker with user namespacing

Browse Source
This commit is contained in:
surtur 2023-12-17 00:25:08 +01:00
parent 8c27375415
commit 4e759a7211
Signed by: wanderer
SSH Key Fingerprint: SHA256:MdCZyJ2sHLltrLBp0xQO0O1qTW9BT/xl5nXkDvhlMCI
1 changed files with 33 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
nix/hosts/t14/configuration.nix
View File

@ -380,6 +380,39 @@
}; };
}; };
virtualisation.libvirtd.enable = true;
virtualisation.docker.enable = true;
virtualisation.docker.daemon.settings = {userns-remap = "dockremap:dockremap";};
## rootless.
#virtualisation.docker.rootless = {
# enable = true;
# setSocketVariable = true;
#};
virtualisation.docker.storageDriver = "zfs";
users.users.dockremap = {
isNormalUser = false;
isSystemUser = true;
createHome = false;
shell = pkgs.zsh;
extraGroups = [
"docker"
];
subUidRanges = [
{
count = 65535;
startUid = 65536 * 30;
}
];
subGidRanges = [
{
count = 65535;
startGid = 65536 * 30;
}
];
};
users.users.dockremap.group = "dockremap";
users.groups.dockremap = {};
hardware = { hardware = {
bluetooth = { bluetooth = {
enable = true; enable = true;