From 89f85e9ff26f5b375094f5f43542d79b9df465b8 Mon Sep 17 00:00:00 2001 From: derped Date: Wed, 14 Jun 2023 21:52:10 +0200 Subject: [PATCH] sub-uid/gid are only needed for podman; improve readability --- config/users.nix | 10 ++++++---- services/podman.nix | 11 +++++++---- 2 files changed, 13 insertions(+), 8 deletions(-) diff --git a/config/users.nix b/config/users.nix index 10e6676..0182f2b 100644 --- a/config/users.nix +++ b/config/users.nix @@ -3,6 +3,8 @@ with lib; let + withDocker = config.virtualisation.docker.enable; + withPodman = config.virtualisation.podman.enable; administrators = user: { name = user.name; value = let @@ -12,8 +14,8 @@ let isNormalUser = true; name = user.name; uid = user.id; - subUidRanges = [{ startUid = 100000; count = 65536; }]; - subGidRanges = [{ startGid = 100000; count = 65536; }]; + subUidRanges = optional withPodman [{ startUid = 100000; count = 65536; }]; + subGidRanges = optional withPodman [{ startGid = 100000; count = 65536; }]; home = builtins.toPath "/home/${user.name}"; createHome = true; description = "Administrative user ${user.name}."; @@ -21,8 +23,8 @@ let extraGroups = [ "audio" "wheel" "network" ] ++ (optionals cfg.xserver.enable ["input" "video"]) ++ (optionals cfg.printing.enable [ "cups" "lp" ]) - ++ (optional (config.virtualisation.docker.enable && !config.virtualisation.podman.enable) "docker") - ++ (optional config.virtualisation.podman.enable "podman"); + ++ (optional (withDocker && !withPodman) "docker") + ++ (optional withPodman "podman"); shell = "${pkgs.zsh}/bin/zsh"; passwordFile = passPath; # TODO: Fix for sops diff --git a/services/podman.nix b/services/podman.nix index f1e9d3e..5685fd3 100644 --- a/services/podman.nix +++ b/services/podman.nix @@ -2,14 +2,17 @@ with lib; -mkIf (elem "podman" config.machine.services) { +let + withDocker = (elem "docker" config.machine.services); +in mkIf (elem "podman" config.machine.services) { virtualisation.podman = { enable = true; - dockerSocket.enable = (elem "docker" config.machine.services); - dockerCompat = (elem "docker" config.machine.services); + dockerSocket.enable = withDocker; + dockerCompat = withDocker; defaultNetwork = { settings.dns_enabled = true; }; }; - environment.systemPackages = with pkgs; [ podman-compose ]; + environment.systemPackages = (with pkgs; [ podman-compose ]) ++ + (optional withDocker pkgs.docker-compose); }