Olympus/system/virtualization/docker/default.nix

{ config, lib, pkgs, ... }: {

    options.sysconfig.docker = {
        enable = with lib; mkOption {
            type = with types; bool;
            default = false;
        };

        nvidia = with lib; mkOption {
            type = with types; bool;
            default = false;
        };
    };

    imports = let 
        dir = builtins.readDir ./.;
    in builtins.map (x: ./${x}) (builtins.filter 
        (file: (dir.${file} == "directory"))
        (builtins.attrNames dir)
    );

    config = lib.mkIf config.sysconfig.docker.enable {

        networking.nat.internalInterfaces = [ "docker0" "docker-main" ];

        virtualisation = {
            docker = {
                enable = true;
                storageDriver = "btrfs";
            };

            oci-containers = {
                backend = "docker";
            };
        };

        hardware.nvidia-container-toolkit.enable = config.sysconfig.docker.nvidia;

        systemd.services."docker-network-setup" = {
            path = [ pkgs.docker ];
            serviceConfig = {
                Type = "oneshot";
                RemainAfterExit = true;
                ExecStop = "docker network rm -f docker-main";
            };
            script = ''
                docker network inspect docker-main ||
                docker network create -d bridge docker-main \
                --attachable --subnet 192.168.101.0/24 --ip-range 192.168.101.0/24 \
                --gateway 192.168.101.1 \
                -o "com.docker.network.bridge.name"="docker-main" \
                -o "com.docker.network.bridge.trusted_host_interfaces"="wt0:ve-netbird:ve-traefik"
            '';
            wantedBy = [ "docker-net.target" ];
        };

        systemd.targets."docker-net" = {
            wantedBy = [ "multi-user.target" ];
        };
    };
}