1{ pkgs, ... }:
 2{
 3  system.nixos.tags = [ "docker" ];
 4  virtualisation = {
 5    docker = {
 6      enable = true;
 7      liveRestore = false;
 8      storageDriver = "overlay2";
 9      daemon.settings = {
10        userland-proxy = true;
11        experimental = true;
12        bip = "172.26.0.1/16";
13        metrics-addr = "0.0.0.0:9323";
14        features = {
15          buildkit = true;
16        };
17        insecure-registries = [
18          "172.30.0.0/16"
19          "192.168.1.0/16"
20          "10.100.0.0/16"
21          "shikoku.home:5000"
22          "r.svc.home:5000"
23          "r.svc.home"
24        ];
25        # seccomp-profile = ./my-seccomp.json;
26      };
27    };
28  };
29  environment.systemPackages = with pkgs; [ docker-buildx ];
30  networking.firewall.trustedInterfaces = [ "docker0" ];
31  networking.firewall.checkReversePath = false;
32  networking.firewall.allowedTCPPorts = [ 9323 ]; # Docker Prometheus metrics
33}