add nvidia support to docker container

2025-01-23 21:20:44 +00:00 · 2025-01-23 21:20:44 +00:00 · ab4d9e6f81
parent 302ce2a84f
commit ab4d9e6f81
1 changed files with 42 additions and 0 deletions
--- a/hosts/common/optional/nixos-containers/docker.nix
+++ b/hosts/common/optional/nixos-containers/docker.nix
@ -3,6 +3,8 @@
  lib,
  inputs,
  configVars,
+  config,
+  outputs,
  ...
 }: let
  containerName = "docker";
@ -43,6 +45,14 @@ in {
    ];
    extraFlags = ["--private-users-ownership=chown"];
    allowedDevices = [
+      {
+        node = "/dev/nvidia0";
+        modifier = "rwm";
+      }
+      {
+        node = "/dev/nvidiactl";
+        modifier = "rwm";
+      }
      {
        node = "/dev/fuse";
        modifier = "rwm";
@ -79,6 +89,10 @@ in {
        hostPath = "${homeshareDataLocation}/photos";
        isReadOnly = false;
      };
+      "/run/opengl-driver/lib" = {
+        hostPath = "/run/opengl-driver/lib";
+        isReadOnly = false;
+      };
      "/dev/dri" = {
        hostPath = "/dev/dri";
        isReadOnly = false;
@ -105,6 +119,11 @@ in {
      secretsDirectory = builtins.toString inputs.nix-secrets;
      secretsFile = "${secretsDirectory}/secrets.yaml";
    in {
+
+      nixpkgs.overlays = [
+        outputs.overlays.unstable-packages
+      ];
+
      networking = {
        enableIPv6 = false;
        defaultGateway = "${gatewayIp}";
@ -122,6 +141,26 @@ in {
        useHostResolvConf = lib.mkForce false;
      };

+      hardware.graphics = {
+        enable = true;
+      };
+
+      nixpkgs.config.allowUnfreePredicate = pkg:
+        builtins.elem (lib.getName pkg) [
+          "nvidia-x11"
+          "nvidia-settings"
+          "nvidia-persistenced"
+        ];
+
+      services.xserver.videoDrivers = ["nvidia"];
+      hardware.nvidia = {
+        modesetting.enable = true;
+        powerManagement.enable = false;
+        open = false;
+        nvidiaSettings = false;
+        package = config.boot.kernelPackages.nvidiaPackages.stable;
+      };
+
      services.resolved.enable = true;

      sops = {
@ -149,10 +188,13 @@ in {
        pkgs.dive
        pkgs.podman-tui
        pkgs.podman-compose
+        pkgs.unstable.nvidia-container-toolkit
      ];

      virtualisation = {
+        containers.cdi.dynamic.nvidia.enable = true;
        podman = {
+          enableNvidia = true;
          enable = true;
          dockerSocket.enable = true;
          defaultNetwork.settings.dns_enabled = true;