From 2297f6506db20b82498cc614859f35ae9f3f6000 Mon Sep 17 00:00:00 2001
From: Rouven Seifert <rouven@rfive.de>
Date: Thu, 11 Apr 2024 11:52:03 +0200
Subject: [PATCH] docker: enable rootless

---
 hosts/thinkpad/modules/virtualisation/default.nix | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/hosts/thinkpad/modules/virtualisation/default.nix b/hosts/thinkpad/modules/virtualisation/default.nix
index 39b4dce..d38155e 100644
--- a/hosts/thinkpad/modules/virtualisation/default.nix
+++ b/hosts/thinkpad/modules/virtualisation/default.nix
@@ -2,8 +2,13 @@
 {
   virtualisation = {
     docker = {
-      enable = true;
-      extraOptions = "--iptables=false";
+      rootless = {
+        enable = true;
+        setSocketVariable = true;
+        daemon.settings = {
+          iptables = false;
+        };
+      };
     };
     libvirtd = {
       enable = true;
@@ -18,7 +23,7 @@
     spiceUSBRedirection.enable = true;
   };
   # allow libvirts internal network stuff
-  networking.firewall.trustedInterfaces = [ "virbr0" "br0" "docker0" ];
+  networking.firewall.trustedInterfaces = [ "virbr0" ];
   programs.virt-manager.enable = true;
   environment.systemPackages = with pkgs; [
     virt-viewer