hw accell and device mapper container for dev/dri usage in swarm

configuration.nix

@@ -8,19 +8,25 @@
   imports =
     [ # Include the results of the hardware scan...
       ./hardware-configuration.nix
+      
       # ...and additional configurations...
       ./var_reg.nix 
       ./vars.nix
+
+      # System
       ./users.nix
       ./program-homemanager.nix
       ./ssh.nix
-      ./docker.nix
-      ./keepalived.nix
 
+      # Hardware
       ./nfs-mount.nix
+      ./hwaccel.nix
 
+      # Services
+      ./keepalived.nix
       ./wireguard.nix
-         
+      ./docker.nix
+      ./docker-device-mapper.nix         
     ];
 
   # Use the systemd-boot EFI boot loader and enable that sweet zfs stuff.

docker-device-mapper.nix

@@ -0,0 +1,32 @@
+{ config, pkgs, ... }:
+
+{
+  virtualisation.docker.enable = true;
+  virtualisation.oci-containers = {
+    # Specify Docker as the backend engine
+    backend = "docker";
+
+    # Define your containers
+    containers = {
+      device-manager = {
+        image = "ndouba/device-mapping-manager";
+
+        # Equivalent to --restart always
+        autoStart = true;
+
+        privileged = true;
+        volumes = [
+          "/sys:/host/sys"
+          "/var/run/docker.sock:/var/run/docker.sock"
+        ];
+
+        # Use extraOptions for flags not directly mapped to NixOS options
+        extraOptions = [
+          "--pid=host"      # --pid=host
+          "--cgroupns=host" # --cgroupns=host
+          "--userns=host"   # --userns=host
+        ];
+      };
+    };
+  };
+}

docker.nix

@@ -5,6 +5,9 @@
       enable = true;
       dates = "daily";
     };
+    daemon.settings = {
+      data-root = "/data/docker";
+    };
     liveRestore = false;
     package = pkgs.docker_27;
   };

hwaccel.nix

@@ -0,0 +1,27 @@
+{ pkgs, lib,config, ... }:
+{
+  # 1. enable vaapi on OS-level
+  nixpkgs.config.packageOverrides = pkgs: {
+    # Only set this if using intel-vaapi-driver
+    intel-vaapi-driver = pkgs.intel-vaapi-driver.override { enableHybridCodec = true; };
+  };
+  systemd.services.jellyfin.environment.LIBVA_DRIVER_NAME = "iHD"; # Or "i965" if using older driver
+  environment.sessionVariables = { LIBVA_DRIVER_NAME = "iHD"; };      # Same here
+  hardware.graphics = {
+    enable = true;
+    extraPackages = with pkgs; [
+      intel-media-driver        # For Broadwell (2014) or newer processors. LIBVA_DRIVER_NAME=iHD
+      # intel-vaapi-driver        # For older processors. LIBVA_DRIVER_NAME=i965
+      libva-vdpau-driver        # Previously vaapiVdpau
+      intel-compute-runtime     # OpenCL filter support (hardware tonemapping and subtitle burn-in
+      intel-gpu-tools           # Provides 'intel_gpu_top'
+      vpl-gpu-rt                # QSV on 11th gen or newer
+      # intel-media-sdk           # QSV up to 11th gen
+      intel-ocl                 # OpenCL support
+
+      # OpenCL support for intel CPUs before 12th gen
+      # see: https://github.com/NixOS/nixpkgs/issues/356535
+      # intel-compute-runtime-legacy1 
+    ];
+  };
+}

users.nix

@@ -12,7 +12,7 @@
   };
   users.users.${config.vars.username} = {
     isNormalUser = true;
-    extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
+    extraGroups = [ "wheel" "docker" ]; # Enable ‘sudo’ and allow 'Docker' for the user.
     openssh.authorizedKeys.keyFiles = [
       (builtins.toPath "/etc/nixos/ssh/auth_keys_${config.vars.username}")
     ];