{ inputs, pkgs, system, ... }: { boot.kernel.sysctl = { "fs.inotify.max_user_watches" = 52428800; "fs.inotify.max_user_instances" = 4096; # Testing... "net.core.netdev_max_backlog" = 4000; "net.ipv4.tcp_max_syn_backlog" = 4096; }; # Allow Docker containers to access Tailscale network networking.firewall = { trustedInterfaces = [ "tailscale0" ]; allowedUDPPorts = [ 41641 ]; # Tailscale port }; virtualisation.docker = { enable = true; enableOnBoot = true; autoPrune.enable = true; autoPrune.dates = "weekly"; liveRestore = true; }; environment.systemPackages = with pkgs; [ docker-compose ctop ]; # Add the docker telegraf listener services.telegraf.extraConfig.inputs.docker = {}; users.users.telegraf.extraGroups = [ "docker" ]; }