sub-uid/gid are only needed for podman; improve readability

2023-06-14 21:52:10 +02:00 · 2023-06-14 21:52:10 +02:00 · 89f85e9ff2
commit 89f85e9ff2
parent 75cf39ee58
2 changed files with 13 additions and 8 deletions
--- a/config/users.nix
+++ b/config/users.nix
@ -3,6 +3,8 @@
 with lib;

 let
+  withDocker = config.virtualisation.docker.enable;
+  withPodman = config.virtualisation.podman.enable;
  administrators = user: {
    name = user.name;
    value = let
@ -12,8 +14,8 @@ let
      isNormalUser = true;
      name = user.name;
      uid  = user.id;
-      subUidRanges = [{ startUid = 100000; count = 65536; }];
-      subGidRanges = [{ startGid = 100000; count = 65536; }];
+      subUidRanges = optional withPodman [{ startUid = 100000; count = 65536; }];
+      subGidRanges = optional withPodman [{ startGid = 100000; count = 65536; }];
      home = builtins.toPath "/home/${user.name}";
      createHome = true;
      description = "Administrative user ${user.name}.";
@ -21,8 +23,8 @@ let
      extraGroups = [ "audio" "wheel" "network" ]
        ++ (optionals cfg.xserver.enable ["input" "video"])
        ++ (optionals cfg.printing.enable [ "cups" "lp" ])
-        ++ (optional (config.virtualisation.docker.enable && !config.virtualisation.podman.enable) "docker")
-        ++ (optional config.virtualisation.podman.enable "podman");
+        ++ (optional (withDocker && !withPodman) "docker")
+        ++ (optional withPodman "podman");
      shell = "${pkgs.zsh}/bin/zsh";
      passwordFile = passPath;
      # TODO: Fix for sops
--- a/services/podman.nix
+++ b/services/podman.nix
@ -2,14 +2,17 @@

 with lib;

-mkIf (elem "podman" config.machine.services) {
+let
+  withDocker = (elem "docker" config.machine.services);
+in mkIf (elem "podman" config.machine.services) {
  virtualisation.podman = {
    enable = true;
-    dockerSocket.enable = (elem "docker" config.machine.services);
-    dockerCompat = (elem "docker" config.machine.services);
+    dockerSocket.enable = withDocker;
+    dockerCompat = withDocker;
    defaultNetwork = {
      settings.dns_enabled = true;
    };
  };
-  environment.systemPackages = with pkgs; [ podman-compose ];
+  environment.systemPackages = (with pkgs; [ podman-compose ]) ++
+                               (optional withDocker pkgs.docker-compose);
 }