Add Colima and Docker

5 files changed, 190 insertions, 0 deletions

diff --git a/default.nix b/default.nix
new file mode 100644
index 0000000..05360b5
--- /dev/null
+++ b/default.nix
@@ -0,0 +1,8 @@
+{ ... }: {
+  imports = [
+    ./programs/colima.nix
+    ./programs/docker.nix
+
+    ./services/colima.nix
+  ];
+}
diff --git a/flake.nix b/flake.nix
new file mode 100644
index 0000000..5629491
--- /dev/null
+++ b/flake.nix
@@ -0,0 +1,6 @@
+{
+  description = "Custom, mostly ad hoc, sometimes experimental home-manager modules";
+  outputs = { self }: {
+    default = import ./default.nix;
+  };
+}
diff --git a/programs/colima.nix b/programs/colima.nix
new file mode 100644
index 0000000..44c86f9
--- /dev/null
+++ b/programs/colima.nix
@@ -0,0 +1,53 @@
+{ config, lib, pkgs, ... }:
+
+let
+  cfg = config.programs.colima;
+  yamlFormat = pkgs.formats.yaml { };
+  settingsType = lib.types.submodule {
+    freeformType = yamlFormat.type;
+  };
+in
+{
+  options.programs.colima = {
+    enable = lib.mkEnableOption "Container runtimes on macOS";
+
+    package = lib.mkOption {
+      type = lib.types.package;
+      default = pkgs.colima;
+      defaultText = lib.literalExpression "pkgs.colima";
+      description = "Package providing {command}`colima`.";
+    };
+
+    settings = lib.mkOption {
+      type = settingsType;
+      default = { };
+      description =
+        "Configuration written to {file}`$XDG_CONFIG_HOME/.colima/default/colima.yaml`.";
+      example = lib.literalExpression ''
+        {
+          cpu = 2;
+          disk = 60;
+          memory = 2;
+        };
+      '';
+    };
+  };
+
+  config =
+    let
+      colimaConfig = pkgs.writeTextFile {
+        name = "colima.yaml";
+        text = (lib.generators.toYAML { } cfg.settings);
+      };
+    in
+    lib.mkIf cfg.enable {
+      home.packages = [ cfg.package ];
+
+      # because Colima writes to this file on startup
+      home.activation.colimaConfig = lib.hm.dag.entryAfter [ "writeBoundary" ] ''
+        mkdir -p ~/.colima/default
+        cp -f "${colimaConfig}" ~/.colima/default/colima.yaml
+        chmod 644 ~/.colima/default/colima.yaml
+      '';
+    };
+}
diff --git a/programs/docker.nix b/programs/docker.nix
new file mode 100644
index 0000000..62bdc77
--- /dev/null
+++ b/programs/docker.nix
@@ -0,0 +1,77 @@
+{ config, lib, pkgs, ... }:
+
+let
+  cfg = config.programs.docker;
+  jsonFormat = pkgs.formats.json { };
+  settingsType = lib.types.submodule {
+    freeformType = jsonFormat.type;
+  };
+in
+{
+  options.programs.docker = {
+    enable = lib.mkEnableOption "Container runtime client";
+
+    package = lib.mkOption {
+      type = lib.types.package;
+      default = pkgs.docker-client;
+      defaultText = lib.literalExpression "pkgs.docker-client";
+      description = "Package providing {command}`docker`.";
+    };
+
+    settings = lib.mkOption {
+      type = settingsType;
+      default = { };
+      description = ''
+        This is written to {file}`$XDG_CONFIG_HOME/.docker/config.json`.
+
+        For security reasons, never store cleartext passwords here. Instead use
+        `credHelpersWrap` option to retrieve credentials from your favorite
+        password manager at runtime.
+      '';
+      example = lib.literalExpression ''
+        {
+          currentContext = "colima";
+        };
+      '';
+    };
+
+    # why not use the pass credstore directly? you do you, I don't want docker
+    # messing with my bigbrain password-store layout
+    credHelpersWrap = lib.mkOption {
+      type = lib.types.attrsOf lib.types.str;
+      default = { };
+      description = ''
+        A mapping of registry URLs to commands to use as credential helpers.
+      '';
+      example = lib.literalExpression ''
+        { "docker.io": "$${pkgs.pass}/bin/pass show docker.io"; };
+      '';
+    };
+  };
+
+  config =
+    let
+      genWrapperId = name: builtins.hashString "sha1" name;
+      genWrapperName = name:
+        "docker-credential-" + (genWrapperId name);
+
+      wrappers = lib.mapAttrsToList
+        (registry: wrapper:
+          pkgs.writeShellScriptBin (genWrapperName registry) wrapper
+        )
+        cfg.credHelpersWrap;
+
+      finalSettings = lib.recursiveUpdate cfg.settings {
+        credHelpers = lib.mapAttrs
+          (registry: _: genWrapperId registry)
+          cfg.credHelpersWrap;
+      };
+
+    in
+    lib.mkIf cfg.enable
+      {
+        home.packages = [ cfg.package ] ++ wrappers;
+        home.file.".docker/config.json".source =
+          jsonFormat.generate "config.json" finalSettings;
+      };
+}
diff --git a/services/colima.nix b/services/colima.nix
new file mode 100644
index 0000000..c3f1f82
--- /dev/null
+++ b/services/colima.nix
@@ -0,0 +1,46 @@
+{ config, lib, pkgs, ... }:
+
+let
+  cfg = config.services.colima;
+in
+{
+  options = {
+    services.colima = {
+      enable = lib.mkEnableOption "Autostart Colima";
+
+      package = lib.mkOption {
+        type = lib.types.package;
+        default = pkgs.colima;
+        defaultText = lib.literalExpression "pkgs.colima";
+        description = "Package providing {command}`colima`.";
+      };
+
+      extraOptions = lib.mkOption {
+        type = lib.types.listOf lib.types.str;
+        default = [ ];
+        example = [ "--cpu 1" ];
+        description = ''
+          Extra command-line arguments to pass to {command}`colima start`.
+        '';
+      };
+    };
+  };
+
+  config = lib.mkMerge [
+    (lib.mkIf cfg.enable {
+      home.packages = [ cfg.package ];
+
+      launchd.agents.colima = {
+        enable = true;
+        config = {
+          EnvironmentVariables = {
+            PATH = "${pkgs.docker-client}/bin:/usr/local/bin:/usr/bin:/usr/sbin:/bin";
+          };
+          ProgramArguments = [ "${cfg.package}/bin/colima" "start" "-f" ] ++ cfg.extraOptions;
+          KeepAlive = true;
+          RunAtLoad = true;
+        };
+      };
+    })
+  ];
+}