add security context for privileged ports idk

2025-03-21 12:43:35 -05:00 · 2025-03-21 12:43:35 -05:00 · b0efda8b01
commit b0efda8b01
parent c40724190e
1 changed files with 13 additions and 2 deletions
--- a/hosts/commonWSL-configuration.nix
+++ b/hosts/commonWSL-configuration.nix
@ -101,9 +101,20 @@ in

  time.timeZone = "America/Chicago";

-  virtualisation.docker.rootless = pkgs.lib.mkIf withDocker {
+  virtualisation.docker = pkgs.lib.mkIf withDocker {
+    enable = true;
+    rootless = {
      enable = true;
      setSocketVariable = true;
    };
+  };
+  security.wrappers = pkgs.lib.mkIf withDocker {
+    docker-rootlesskit = {
+      owner = "root";
+      group = "root";
+      capabilities = "cap_net_bind_service+ep";
+      source = "${pkgs.rootlesskit}/bin/rootlesskit";
+    };
+  };

 }