nixos-config/system/containers.nix

{ pkgs, lib, ... }:
{
  services.flatpak.enable = true;

  virtualisation.docker = {
    enable = true;
    autoPrune = {
      enable = true;
      dates = "monthly";
      flags = [
        "--all"
        "--volumes"
      ];
    };
    daemon.settings = {
      # needed by bitbucket runner ???
      log-driver = "json-file";
      log-opts = {
        max-size = "10m";
        max-file = "3";
      };
    };
  };

  networking.firewall.extraCommands = lib.getExe pkgs._docker-block-external-connections;

  programs.extra-container.enable = true;

  programs.firejail.enable = true;
}
docker: block external connections 2025-01-10 11:06:58 -03:00			`{ pkgs, lib, ... }:`
treewide: format using nixfmt-rfc-style 2024-05-30 16:54:58 -03:00			`{`
configuration: extract nixos config into more files 2024-05-27 12:29:42 -03:00			`services.flatpak.enable = true;`
docker: format config 2024-06-11 09:30:29 -03:00
			`virtualisation.docker = {`
			`enable = true;`
			`autoPrune = {`
			`enable = true;`
			`dates = "monthly";`
			`flags = [`
			`"--all"`
			`"--volumes"`
			`];`
			`};`
docker: fix logging for bitbucket runner 2024-10-25 16:33:21 -03:00			`daemon.settings = {`
			`# needed by bitbucket runner ???`
			`log-driver = "json-file";`
			`log-opts = {`
			`max-size = "10m";`
			`max-file = "3";`
			`};`
			`};`
docker: format config 2024-06-11 09:30:29 -03:00			`};`
configuration: extract nixos config into more files 2024-05-27 12:29:42 -03:00
docker: block external connections 2025-01-10 11:06:58 -03:00			`networking.firewall.extraCommands = lib.getExe pkgs._docker-block-external-connections;`

configuration: extract nixos config into more files 2024-05-27 12:29:42 -03:00			`programs.extra-container.enable = true;`

			`programs.firejail.enable = true;`
			`}`