Skip to content

Commit d820aad

Browse files
Don't add the default user to docker group by default (#105)
* Don't add the default user to docker group by default Closes #101 * Make default depend on security.sudo.wheelNeedsPassword
1 parent afc01c0 commit d820aad

File tree

1 file changed

+11
-2
lines changed

1 file changed

+11
-2
lines changed

modules/docker-native.nix

Lines changed: 11 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,16 @@ with builtins; with lib; {
33

44
options.wsl.docker-native = with types; {
55
enable = mkEnableOption "Native Docker integration in NixOS.";
6+
7+
addToDockerGroup = mkOption {
8+
type = bool;
9+
default = config.security.sudo.wheelNeedsPassword;
10+
description = ''
11+
Wether to add the default user to the docker group.
12+
13+
This is not recommend to be enabled because it essentially permits unauthenticated root access.
14+
'';
15+
};
616
};
717

818
config =
@@ -23,9 +33,8 @@ with builtins; with lib; {
2333

2434
virtualisation.docker.enable = true;
2535

26-
users.groups.docker.members = [
36+
users.groups.docker.members = lib.mkIf cfg.addToDockerGroup [
2737
config.wsl.defaultUser
2838
];
2939
};
30-
3140
}

0 commit comments

Comments
 (0)