nftable-migration
1{ pkgs, ... }:
2{
3 system.nixos.tags = [ "docker" ];
4 virtualisation = {
5 docker = {
6 enable = true;
7 liveRestore = false;
8 storageDriver = "overlay2";
9 daemon.settings = {
10 userland-proxy = true;
11 experimental = true;
12 bip = "172.26.0.1/16";
13 features = {
14 buildkit = true;
15 };
16 insecure-registries = [
17 "172.30.0.0/16"
18 "192.168.1.0/16"
19 "10.100.0.0/16"
20 "shikoku.home:5000"
21 "r.svc.home:5000"
22 "r.svc.home"
23 ];
24 # seccomp-profile = ./my-seccomp.json;
25 };
26 };
27 };
28 environment.systemPackages = with pkgs; [ docker-buildx ];
29 networking.firewall.trustedInterfaces = [ "docker0" ];
30 networking.firewall.checkReversePath = false;
31}