nix(t14): enable docker with user namespacing

2023-12-17 00:25:08 +01:00 · 2023-12-17 00:25:08 +01:00 · 4e759a7211
commit 4e759a7211
parent 8c27375415
1 changed files with 33 additions and 0 deletions
--- a/nix/hosts/t14/configuration.nix
+++ b/nix/hosts/t14/configuration.nix
@ -380,6 +380,39 @@
    };
  };

+  virtualisation.libvirtd.enable = true;
+  virtualisation.docker.enable = true;
+  virtualisation.docker.daemon.settings = {userns-remap = "dockremap:dockremap";};
+  ## rootless.
+  #virtualisation.docker.rootless = {
+  #  enable = true;
+  #  setSocketVariable = true;
+  #};
+  virtualisation.docker.storageDriver = "zfs";
+  users.users.dockremap = {
+    isNormalUser = false;
+    isSystemUser = true;
+    createHome = false;
+    shell = pkgs.zsh;
+    extraGroups = [
+      "docker"
+    ];
+    subUidRanges = [
+      {
+        count = 65535;
+        startUid = 65536 * 30;
+      }
+    ];
+    subGidRanges = [
+      {
+        count = 65535;
+        startGid = 65536 * 30;
+      }
+    ];
+  };
+  users.users.dockremap.group = "dockremap";
+  users.groups.dockremap = {};
+
  hardware = {
    bluetooth = {
      enable = true;