From 5ba17c8ccffd411d40f9ecdc382bda425d761442 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Felix=20Schr=C3=B6ter?= <dev@felschr.com>
Date: Mon, 18 Sep 2023 23:39:37 +0200
Subject: [PATCH] fix(virtualisation): add & extend sub{u,g}id ranges

---
 flake.nix                     |  2 ++
 lib/createUser.nix            | 12 +++++++++++-
 virtualisation/containers.nix | 23 +++++++++++++++++++++++
 3 files changed, 36 insertions(+), 1 deletion(-)

diff --git a/flake.nix b/flake.nix
index 3413236..47d9a7b 100644
--- a/flake.nix
+++ b/flake.nix
@@ -145,6 +145,7 @@ rec {
                 user.extraGroups = [ "wheel" "audio" "disk" "media" ];
                 modules = [ homeManagerModules.git ];
                 config = ./home/felschr.nix;
+                usesContainers = true;
               })
               ({ pkgs, ... }: {
                 environment.systemPackages =
@@ -168,6 +169,7 @@ rec {
                 user.extraGroups = [ "wheel" "audio" "disk" ];
                 modules = [ homeManagerModules.git ];
                 config = ./home/felschr-work.nix;
+                usesContainers = true;
               })
             ];
             specialArgs = { inherit inputs nixConfig; };
diff --git a/lib/createUser.nix b/lib/createUser.nix
index dfecec0..73f18e4 100644
--- a/lib/createUser.nix
+++ b/lib/createUser.nix
@@ -1,5 +1,5 @@
 name:
-{ user ? { }, hm ? { }, modules ? [ ], config, ... }:
+{ user ? { }, hm ? { }, modules ? [ ], config, usesContainers ? false, ... }:
 
 { pkgs, lib, home-manager, ... }: {
   imports = [ home-manager.nixosModules.home-manager ];
@@ -7,6 +7,16 @@ name:
   users.users."${name}" = {
     isNormalUser = true;
     shell = pkgs.zsh;
+
+    # increase sub{u,g}id range for container user namespaces
+    subUidRanges = lib.optionals usesContainers [{
+      startUid = 100000;
+      count = 60000000;
+    }];
+    subGidRanges = lib.optionals usesContainers [{
+      startGid = 100000;
+      count = 60000000;
+    }];
   } // user;
 
   home-manager = {
diff --git a/virtualisation/containers.nix b/virtualisation/containers.nix
index e9e54b1..5c236ca 100644
--- a/virtualisation/containers.nix
+++ b/virtualisation/containers.nix
@@ -7,4 +7,27 @@ _:
     # Create unique User Namespace for the container
     containers.userns = "auto";
   };
+  virtualisation.containers.storage.settings = {
+    # defaults
+    storage = {
+      driver = "overlay";
+      graphroot = "/var/lib/containers/storage";
+      runroot = "/run/containers/storage";
+    };
+
+    # SUB_UID_MAX: https://man7.org/linux/man-pages/man5/login.defs.5.html
+    storage.options.auto-userns-max-size = 600100000;
+  };
+
+  # Increase sub{u,g}id range
+  users.users."root" = {
+    subUidRanges = [{
+      startUid = 60100000;
+      count = 60000000;
+    }];
+    subGidRanges = [{
+      startGid = 60100000;
+      count = 60000000;
+    }];
+  };
 }