Can't permanently add a new user to the docker group

mastarija · June 1, 2025, 7:19pm

I’m having trouble with adding my user to the docker group. I have the docker enabled like this:

{
  ...
  virtualisation.docker.enable = true;
  ...
  environment.systemPackages = with pkgs; [ ... docker docker-compose ... ];
}

And my users defined like this. I’ve even explicitly created the group and added the user to it:

{
  users.mutableUsers = false;

  users.groups.docker.members = [ "mastarija" ];

  users.users.root =
  {
    uid = 0;
    group = "root";
    createHome = true;
    hashedPassword = "...";
  };

  users.users.mastarija =
  {
    uid = 1000;
    group = "users";
    createHome = true;
    extraGroups = [ "wheel" "audio" "video" "docker" ];
    hashedPassword = "...";
    isNormalUser = true;
  };
}

I’ve tried switching to mutableUsers = true, and adding the user to the group with:

> usermod -aG docker mastarija

But it doesn’t persist after a reboot.

TLATER · June 2, 2025, 9:55am

Is the order of your generations wonky and you keep booting into an old one or such?

mastarija · June 2, 2025, 11:40am

No. I’ve checked that. Now I’ve garbage collected the whole system for a good measure and I have only one derivation available.

I’m not sure about the exact semantics of mutableUsers = false. When I’ve built my system, it was with mutableUsers = false, so maybe it won’t update the users because of that?

NobbZ · June 2, 2025, 12:09pm

Adding extraGroups should work the same, whether you use mutable users or not.

Either way it should make group membership available after booting into a generation with the group settings active.

Any changes done imperatively should be removed both ways once activation is ran the next time.

mastarija · June 3, 2025, 7:58am

Well, for some reason it’s not working for me. I’ve even tried allowing wheel users to not be required to use password e.g.:

  security.sudo.wheelNeedsPassword = false;

But that doesn’t work either…

Ok. Guys. I’ve just realized I’m an idiot. I have a duplicate users.nix file in my repo from an older version of my setup which I’ve kept for reference and forgot about. And using the fuzzy finder I’d open that file without realizing it’s not the currently used one.

My bad -.-