nixos/docker: explicitly load kernel modules
This is analogous to #70447. With security.lockKernelModules=true, docker commands result in the following error without at least loading veth: $ docker run hello-world /nix/store/mr50kaan2vs4gc40ymwncb2vci25aq7z-docker-19.03.2/libexec/docker/docker: Error response from daemon: failed to create endpoint epic_kare on network bridge: failed to add the host (veth8b381f3) <=> sandbox (veth348e197) pair interfaces: operation not supported. ERRO[0003] error waiting for container: context canceled
This commit is contained in:
parent
87979bb0a3
commit
f12581a7a3
@ -149,6 +149,7 @@ in
|
||||
###### implementation
|
||||
|
||||
config = mkIf cfg.enable (mkMerge [{
|
||||
boot.kernelModules = [ "bridge" "veth" ];
|
||||
environment.systemPackages = [ cfg.package ]
|
||||
++ optional cfg.enableNvidia pkgs.nvidia-docker;
|
||||
users.groups.docker.gid = config.ids.gids.docker;
|
||||
|
Loading…
Reference in New Issue
Block a user