From 1c75a6962e5e48bef935e09128bef6daace2aab5 Mon Sep 17 00:00:00 2001
From: ahuston-0 <aliceghuston@gmail.com>
Date: Thu, 13 Jun 2024 23:09:48 -0400
Subject: [PATCH] create docker system user, refactor docker

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>
---
 systems/palatine-hill/configuration.nix |  3 +--
 systems/palatine-hill/docker.nix        | 11 +++++++++++
 2 files changed, 12 insertions(+), 2 deletions(-)
 create mode 100644 systems/palatine-hill/docker.nix

diff --git a/systems/palatine-hill/configuration.nix b/systems/palatine-hill/configuration.nix
index e9d9f15..425d2a1 100644
--- a/systems/palatine-hill/configuration.nix
+++ b/systems/palatine-hill/configuration.nix
@@ -6,6 +6,7 @@
 }:
 {
   imports = [
+    ./docker.nix
     ./hydra.nix
     ./networking.nix
     ./nextcloud.nix
@@ -47,8 +48,6 @@
     };
   };
 
-  virtualisation.docker.daemon.settings.data-root = "/var/lib/docker2";
-
   environment.systemPackages = with pkgs; [
     attic-client
     attic
diff --git a/systems/palatine-hill/docker.nix b/systems/palatine-hill/docker.nix
new file mode 100644
index 0000000..b91ed53
--- /dev/null
+++ b/systems/palatine-hill/docker.nix
@@ -0,0 +1,11 @@
+{ ... }:
+
+{
+  virtualisation.docker.daemon.settings.data-root = "/var/lib/docker2";
+
+  users.users.docker-service = {
+    isSystemUser = true;
+    extraGroups = [ "docker" ];
+    uid = 600;
+  };
+}