From 7eed4b9d030d553534270b87eb1a84c8b359510f Mon Sep 17 00:00:00 2001
From: workflow <4farlion@gmail.com>
Date: Wed, 17 Jul 2024 15:17:08 +0100
Subject: [PATCH] feat(docker): switch to rootfull

---
 flake.lock                |  2 +-
 system/virtualisation.nix | 13 ++++++-------
 2 files changed, 7 insertions(+), 8 deletions(-)

diff --git a/flake.lock b/flake.lock
index 435b451..33b5df7 100644
--- a/flake.lock
+++ b/flake.lock
@@ -171,7 +171,7 @@
     },
     "secrets": {
       "locked": {
-        "lastModified": 1721081722,
+        "lastModified": 1721081734,
         "narHash": "sha256-U/MFUwEA/VYxh3bkRf5W6mnMJJHJ2mSepbU13J1XM4k=",
         "path": "/home/farlion/code/nixos-secrets",
         "type": "path"
diff --git a/system/virtualisation.nix b/system/virtualisation.nix
index ec9f175..965fabd 100644
--- a/system/virtualisation.nix
+++ b/system/virtualisation.nix
@@ -1,15 +1,14 @@
-{pkgs, ...}: {
-  virtualisation.docker.rootless = {
+{...}: {
+  virtualisation.docker = {
     enable = true;
-    setSocketVariable = true;
   };
 
   # https://rootlesscontaine.rs/getting-started/common/cgroup2/#enabling-cpu-cpuset-and-io-delegation
   # For minikube
   # Writes to /etc/systemd/system/user@.service.d/overrides.conf
-  systemd.services."user@".serviceConfig = {
-    Delegate = "cpu cpuset io memory pids";
-  };
+  # systemd.services."user@".serviceConfig = {
+  #   Delegate = "cpu cpuset io memory pids";
+  # };
 
   virtualisation.libvirtd.enable = true;
 
@@ -17,5 +16,5 @@
     enable = true;
   };
 
-  users.users.farlion.extraGroups = ["libvirtd" "kvm"];
+  users.users.farlion.extraGroups = ["libvirtd" "kvm" "docker"];
 }