From db884c9e8643ea671755cb472c1bc8dcb7b3175a Mon Sep 17 00:00:00 2001
From: "Giulio De Pasquale (aider)" <git@depasquale.giugl.io>
Date: Mon, 28 Apr 2025 15:31:05 +0100
Subject: [PATCH] feat: port Docker configuration to new modular structure

---
 hosts/architect/default.nix | 10 +++++++
 hosts/architect/options.nix |  5 ++++
 modules/core/default.nix    |  1 +
 modules/core/docker.nix     | 60 +++++++++++++++++++++++++++++++++++++
 4 files changed, 76 insertions(+)
 create mode 100644 modules/core/docker.nix

diff --git a/hosts/architect/default.nix b/hosts/architect/default.nix
index b3f41da..b9089cb 100644
--- a/hosts/architect/default.nix
+++ b/hosts/architect/default.nix
@@ -103,6 +103,16 @@ in
 
   pepe = {
     core = {
+      docker = {
+        enable = true;
+        nvidia = true;
+        dataRoot = "/docker";
+        extraOptions = "--dns 127.0.0.1 --dns ${config.pepe.core.network.interfaces.lan.devices.architect.address}";
+        enableOnBoot = false;
+        iptables = false;
+        users = [ "giulio" ];
+      };
+      
       media = {
         enable = true;
         path = "/media";
diff --git a/hosts/architect/options.nix b/hosts/architect/options.nix
index ac7f21a..175eb35 100644
--- a/hosts/architect/options.nix
+++ b/hosts/architect/options.nix
@@ -17,4 +17,9 @@
       default = config.pepe.core.vhost.hosts;
     };
   };
+  
+  config.architect.networks.docker = {
+    interface = "docker0";
+    net = "172.17.0.0/16";
+  };
 }
diff --git a/modules/core/default.nix b/modules/core/default.nix
index e3f6434..a3789ef 100644
--- a/modules/core/default.nix
+++ b/modules/core/default.nix
@@ -6,5 +6,6 @@
     ./vhost.nix
     ./firewall.nix
     ./dns.nix
+    ./docker.nix
   ];
 }
diff --git a/modules/core/docker.nix b/modules/core/docker.nix
new file mode 100644
index 0000000..6ae6be9
--- /dev/null
+++ b/modules/core/docker.nix
@@ -0,0 +1,60 @@
+{ config, lib, pkgs, ... }:
+
+let
+  inherit (lib) mkIf;
+
+  cfg = config.pepe.core.docker;
+in
+{
+  options.pepe.core.docker = with lib; {
+    enable = mkEnableOption "Enable Docker";
+    nvidia = mkEnableOption "Enable NVIDIA Container Toolkit";
+    dataRoot = mkOption {
+      type = types.str;
+      default = "/var/lib/docker";
+      description = "Docker data root directory";
+    };
+    extraOptions = mkOption {
+      type = types.str;
+      default = "";
+      description = "Extra options for Docker daemon";
+    };
+    enableOnBoot = mkOption {
+      type = types.bool;
+      default = false;
+      description = "Start Docker on boot";
+    };
+    iptables = mkOption {
+      type = types.bool;
+      default = false;
+      description = "Whether Docker should manipulate iptables";
+    };
+    users = mkOption {
+      type = types.listOf types.str;
+      default = [];
+      description = "Users to add to the docker group";
+    };
+  };
+
+  config = mkIf cfg.enable {
+    hardware.nvidia-container-toolkit.enable = cfg.nvidia;
+    
+    virtualisation = {
+      oci-containers.backend = "docker";
+
+      docker = {
+        enable = true;
+        extraOptions = cfg.extraOptions;
+        enableOnBoot = cfg.enableOnBoot;
+        daemon.settings = {
+          iptables = cfg.iptables;
+          data-root = cfg.dataRoot;
+        };
+      };
+    };
+
+    users.users = lib.genAttrs cfg.users (user: {
+      extraGroups = [ "docker" ];
+    });
+  };
+}