feat: port Docker configuration to new modular structure

2025-04-28 15:31:05 +01:00 · 2025-04-28 15:31:05 +01:00 · db884c9e86
commit db884c9e86
parent cbd6725b2a
4 changed files with 76 additions and 0 deletions
--- a/hosts/architect/default.nix
+++ b/hosts/architect/default.nix
@ -103,6 +103,16 @@ in

  pepe = {
    core = {
+      docker = {
+        enable = true;
+        nvidia = true;
+        dataRoot = "/docker";
+        extraOptions = "--dns 127.0.0.1 --dns ${config.pepe.core.network.interfaces.lan.devices.architect.address}";
+        enableOnBoot = false;
+        iptables = false;
+        users = [ "giulio" ];
+      };
+      
      media = {
        enable = true;
        path = "/media";
--- a/hosts/architect/options.nix
+++ b/hosts/architect/options.nix
@ -17,4 +17,9 @@
      default = config.pepe.core.vhost.hosts;
    };
  };
+  
+  config.architect.networks.docker = {
+    interface = "docker0";
+    net = "172.17.0.0/16";
+  };
 }
--- a/modules/core/default.nix
+++ b/modules/core/default.nix
@ -6,5 +6,6 @@
    ./vhost.nix
    ./firewall.nix
    ./dns.nix
+    ./docker.nix
  ];
 }
--- a/modules/core/docker.nix
+++ b/modules/core/docker.nix
@ -0,0 +1,60 @@
+{ config, lib, pkgs, ... }:
+
+let
+  inherit (lib) mkIf;
+
+  cfg = config.pepe.core.docker;
+in
+{
+  options.pepe.core.docker = with lib; {
+    enable = mkEnableOption "Enable Docker";
+    nvidia = mkEnableOption "Enable NVIDIA Container Toolkit";
+    dataRoot = mkOption {
+      type = types.str;
+      default = "/var/lib/docker";
+      description = "Docker data root directory";
+    };
+    extraOptions = mkOption {
+      type = types.str;
+      default = "";
+      description = "Extra options for Docker daemon";
+    };
+    enableOnBoot = mkOption {
+      type = types.bool;
+      default = false;
+      description = "Start Docker on boot";
+    };
+    iptables = mkOption {
+      type = types.bool;
+      default = false;
+      description = "Whether Docker should manipulate iptables";
+    };
+    users = mkOption {
+      type = types.listOf types.str;
+      default = [];
+      description = "Users to add to the docker group";
+    };
+  };
+
+  config = mkIf cfg.enable {
+    hardware.nvidia-container-toolkit.enable = cfg.nvidia;
+    
+    virtualisation = {
+      oci-containers.backend = "docker";
+
+      docker = {
+        enable = true;
+        extraOptions = cfg.extraOptions;
+        enableOnBoot = cfg.enableOnBoot;
+        daemon.settings = {
+          iptables = cfg.iptables;
+          data-root = cfg.dataRoot;
+        };
+      };
+    };
+
+    users.users = lib.genAttrs cfg.users (user: {
+      extraGroups = [ "docker" ];
+    });
+  };
+}