no more rootless docker

2024-11-17 20:52:28 +00:00
parent 7286b5d291
commit 44f1b67d11
2 changed files with 23 additions and 9 deletions
--- a/configuration.nix
+++ b/configuration.nix
@@ -1,6 +1,8 @@
 { pkgs, lib, modulesPath, ... }:
 let
  stateVersion = "24.05";
  userName = "myuser";
  repoPath = "/srv/nix-docker";
  unstable = import <nixos-unstable> {};
 in
 {
@@ -9,7 +11,11 @@ in
    (modulesPath + "/virtualisation/proxmox-lxc.nix")
    (import "${builtins.fetchTarball https://github.com/nix-community/home-manager/archive/release-24.05.tar.gz}/nixos")
    (fetchTarball "https://github.com/nix-community/nixos-vscode-server/tarball/master")
-    ./users.nix
+    (import ./users.nix {
      inherit stateVersion;
      inherit userName;
      inherit repoPath;
    })
    # ./mounts.nix
  ];
@@ -33,10 +39,10 @@ in
  virtualisation.docker = {
    enable = true;
    # https://docs.docker.com/engine/security/rootless/
-    rootless = {
+    # rootless = {
-      enable = true;
+    #   enable = true;
-      setSocketVariable = true;
+    #   setSocketVariable = true;
-    };
+    # };
  };
  services.vscode-server.enable = true;
--- a/users.nix
+++ b/users.nix
@@ -1,13 +1,21 @@
-{ ... }:
+{ stateVersion, userName, repoPath, ... }:
 {
-  users.users.myuser = {
+  users.users.${userName} = {
    isNormalUser = true;
    extraGroups = [
      "wheel"   # needed for sudo without password
-      # "docker"  # needed for docker without sudo
+      "docker"  # needed for docker without sudo
    ];
    openssh.authorizedKeys.keyFiles = [
      "/root/.ssh/authorized_keys" # should already have your public SSH key inside
    ];
  };
-}
+
  home-manager = {
    useGlobalPkgs = true;
    users.${userName} = {
      home.stateVersion = stateVersion;
      imports = [ (import ./git.nix { inherit repoPath; }) ];
    };
  };
 }