diff --git a/hosts/common/optional/nixos-containers/docker.nix b/hosts/common/optional/nixos-containers/docker.nix index a8ba7a0..b9df440 100644 --- a/hosts/common/optional/nixos-containers/docker.nix +++ b/hosts/common/optional/nixos-containers/docker.nix @@ -3,6 +3,8 @@ lib, inputs, configVars, + config, + outputs, ... }: let containerName = "docker"; @@ -43,6 +45,14 @@ in { ]; extraFlags = ["--private-users-ownership=chown"]; allowedDevices = [ + { + node = "/dev/nvidia0"; + modifier = "rwm"; + } + { + node = "/dev/nvidiactl"; + modifier = "rwm"; + } { node = "/dev/fuse"; modifier = "rwm"; @@ -79,6 +89,10 @@ in { hostPath = "${homeshareDataLocation}/photos"; isReadOnly = false; }; + "/run/opengl-driver/lib" = { + hostPath = "/run/opengl-driver/lib"; + isReadOnly = false; + }; "/dev/dri" = { hostPath = "/dev/dri"; isReadOnly = false; @@ -105,6 +119,11 @@ in { secretsDirectory = builtins.toString inputs.nix-secrets; secretsFile = "${secretsDirectory}/secrets.yaml"; in { + + nixpkgs.overlays = [ + outputs.overlays.unstable-packages + ]; + networking = { enableIPv6 = false; defaultGateway = "${gatewayIp}"; @@ -122,6 +141,26 @@ in { useHostResolvConf = lib.mkForce false; }; + hardware.graphics = { + enable = true; + }; + + nixpkgs.config.allowUnfreePredicate = pkg: + builtins.elem (lib.getName pkg) [ + "nvidia-x11" + "nvidia-settings" + "nvidia-persistenced" + ]; + + services.xserver.videoDrivers = ["nvidia"]; + hardware.nvidia = { + modesetting.enable = true; + powerManagement.enable = false; + open = false; + nvidiaSettings = false; + package = config.boot.kernelPackages.nvidiaPackages.stable; + }; + services.resolved.enable = true; sops = { @@ -149,10 +188,13 @@ in { pkgs.dive pkgs.podman-tui pkgs.podman-compose + pkgs.unstable.nvidia-container-toolkit ]; virtualisation = { + containers.cdi.dynamic.nvidia.enable = true; podman = { + enableNvidia = true; enable = true; dockerSocket.enable = true; defaultNetwork.settings.dns_enabled = true;