derped/nixos
1
0
Fork 0
Code Releases Activity

sub-uid/gid are only needed for podman; improve readability

Browse source
This commit is contained in:
Kevin Baensch 2023-06-14 21:52:10 +02:00
parent 75cf39ee58
commit 89f85e9ff2
Signed by: derped
GPG key ID: C0F1D326C7626543
2 changed files with 13 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
config/users.nix
View file

@ -3,6 +3,8 @@
with lib; with lib;
let let
withDocker = config.virtualisation.docker.enable;
withPodman = config.virtualisation.podman.enable;
administrators = user: { administrators = user: {
name = user.name; name = user.name;
value = let value = let
@ -12,8 +14,8 @@ let
isNormalUser = true; isNormalUser = true;
name = user.name; name = user.name;
uid = user.id; uid = user.id;
subUidRanges = [{ startUid = 100000; count = 65536; }]; subUidRanges = optional withPodman [{ startUid = 100000; count = 65536; }];
subGidRanges = [{ startGid = 100000; count = 65536; }]; subGidRanges = optional withPodman [{ startGid = 100000; count = 65536; }];
home = builtins.toPath "/home/${user.name}"; home = builtins.toPath "/home/${user.name}";
createHome = true; createHome = true;
description = "Administrative user ${user.name}."; description = "Administrative user ${user.name}.";
@ -21,8 +23,8 @@ let
extraGroups = [ "audio" "wheel" "network" ] extraGroups = [ "audio" "wheel" "network" ]
++ (optionals cfg.xserver.enable ["input" "video"]) ++ (optionals cfg.xserver.enable ["input" "video"])
++ (optionals cfg.printing.enable [ "cups" "lp" ]) ++ (optionals cfg.printing.enable [ "cups" "lp" ])
++ (optional (config.virtualisation.docker.enable && !config.virtualisation.podman.enable) "docker") ++ (optional (withDocker && !withPodman) "docker")
++ (optional config.virtualisation.podman.enable "podman"); ++ (optional withPodman "podman");
shell = "${pkgs.zsh}/bin/zsh"; shell = "${pkgs.zsh}/bin/zsh";
passwordFile = passPath; passwordFile = passPath;
# TODO: Fix for sops # TODO: Fix for sops

11
services/podman.nix
View file

@ -2,14 +2,17 @@
with lib; with lib;
mkIf (elem "podman" config.machine.services) { let
withDocker = (elem "docker" config.machine.services);
in mkIf (elem "podman" config.machine.services) {
virtualisation.podman = { virtualisation.podman = {
enable = true; enable = true;
dockerSocket.enable = (elem "docker" config.machine.services); dockerSocket.enable = withDocker;
dockerCompat = (elem "docker" config.machine.services); dockerCompat = withDocker;
defaultNetwork = { defaultNetwork = {
settings.dns_enabled = true; settings.dns_enabled = true;
}; };
}; };
environment.systemPackages = with pkgs; [ podman-compose ]; environment.systemPackages = (with pkgs; [ podman-compose ]) ++
(optional withDocker pkgs.docker-compose);
} }