blob: 9e18557084f3fb21fb7cd256e8abfcb7da82784a (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
|
{ config, pkgs, fetchurl, lib, ... }:
let
dockerConfig = {
ipv6 = true;
fixed-cidr-v6 = "fd69:2074:9fcd:b0fd::/64";
features = {
buildkit = true;
};
};
in
{
virtualisation = {
docker = {
enable = true;
enableOnBoot = false;
liveRestore = false;
extraOptions = "--config-file=${pkgs.writeText "daemon.json" (builtins.toJSON dockerConfig)}";
autoPrune = {
enable = true;
dates = "Mon, 13:00";
};
};
};
networking.firewall.extraCommands = ''
iptables -A nixos-fw -p udp --source 172.17.0.0/24 -j nixos-fw-accept
iptables -A nixos-fw -p tcp --source 172.17.0.0/24 -j nixos-fw-accept
ip6tables -A nixos-fw -p tcp --source ${dockerConfig.fixed-cidr-v6} -j nixos-fw-accept
ip6tables -A nixos-fw -p udp --source ${dockerConfig.fixed-cidr-v6} -j nixos-fw-accept
'';
nix.gc.dates = "12:30";
system.autoUpgrade.dates = "13:05";
}
|