docker.nix (1380B)
1 { config, lib, pkgs, ... }: 2 3 with lib; 4 let 5 cfg = config.profiles.docker; 6 in 7 { 8 options = { 9 profiles.docker = { 10 enable = mkEnableOption "Enable docker profile"; 11 package = mkOption { 12 default = pkgs.docker-edge; 13 description = "docker package to be used"; 14 type = types.package; 15 }; 16 runcPackage = mkOption { 17 default = pkgs.runc; 18 description = "runc package to be used"; 19 type = types.package; 20 }; 21 }; 22 }; 23 config = mkIf cfg.enable { 24 virtualisation = { 25 containerd = { 26 enable = true; 27 # autostart = false; 28 }; 29 # buildkitd = { 30 # enable = true; 31 # autostart = false; 32 # extraOptions = "--oci-worker=false --containerd-worker=true"; 33 # }; 34 docker = { 35 enable = true; 36 package = cfg.package; 37 liveRestore = false; 38 storageDriver = "overlay2"; 39 extraOptions = "--experimental --add-runtime docker-runc=${cfg.runcPackage}/bin/runc --default-runtime=docker-runc --containerd=/run/containerd/containerd.sock"; 40 }; 41 }; 42 environment.etc."docker/daemon.json".text = '' 43 {"features":{"buildkit": true}, "insecure-registries": ["172.30.0.0/16", "192.168.12.0/16", "massimo.home:5000", "r.svc.home:5000", "r.svc.home" ]} 44 ''; 45 networking.firewall.trustedInterfaces = [ "docker0" ]; 46 }; 47 }