commit 3d53f6be644082829fd6b1cdddf1d473061f53e5
parent fe2496894b3f6e7ffbfd25f867e3788aeaaabd50
Author: Vincent Demeester <vincent@sbr.pm>
Date: Fri, 15 Oct 2021 15:56:54 +0200
systems/wakasu: clean-up wakasu configuration
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Diffstat:
1 file changed, 2 insertions(+), 68 deletions(-)
diff --git a/systems/hosts/wakasu.nix b/systems/hosts/wakasu.nix
@@ -31,20 +31,6 @@ in
};
};
- /*
- Keep this for naruhodo.
- boot.initrd.luks.devices = {
- root = {
- device = "/dev/disk/by-uuid/49167ed2-8411-4fa3-94cf-2f3cce05c940";
- preLVM = true;
- allowDiscards = true;
- keyFile = "/dev/disk/by-id/usb-_USB_DISK_2.0_070D375D84327E87-0:0";
- keyFileOffset = 30992883712;
- keyFileSize = 4096;
- fallbackToPassword = true;
- };
- };
- */
boot.binfmt.registrations = {
s390x-linux = {
# interpreter = getEmulator "s390x-linux";
@@ -90,44 +76,13 @@ in
docker.enable = true;
avahi.enable = true;
syncthing.enable = true;
- ssh = { enable = true; forwardX11 = true; };
+ ssh = { enable = true; };
virtualization = { enable = true; nested = true; listenTCP = true; };
- #kubernetes.enable = true;
- #openshift.enable = true;
- #tekton.enable = false;
- yubikey.enable = true;
- };
- virtualisation.podman.enable = true;
- virtualisation.containers = {
- enable = true;
- registries = {
- search = [ "registry.fedoraproject.org" "registry.access.redhat.com" "registry.centos.org" "docker.io" "quay.io" ];
- };
- policy = {
- default = [{ type = "insecureAcceptAnything"; }];
- transports = {
- docker-daemon = {
- "" = [{ type = "insecureAcceptAnything"; }];
- };
- };
- };
};
security = {
- sudo.extraConfig = ''
- %users ALL = (root) NOPASSWD: /home/vincent/.nix-profile/bin/kubernix
- '';
pam.u2f.enable = true;
};
services = {
- xserver = {
- enable = true;
- displayManager.xpra = {
- enable = true;
- bindTcp = "0.0.0.0:10000";
- pulseaudio = true;
- extraOptions = [ "--video-scaling=0" "--min-quality=85" "--desktop-scaling=off" ];
- };
- };
netdata.enable = true;
logind.extraConfig = ''
HandleLidSwitch=ignore
@@ -169,8 +124,7 @@ in
}
];
};
- #syncthing.guiAddress = "${wireguard.ips.wakasu}:8384";
- syncthing.guiAddress = "0.0.0.0:8384";
+ syncthing.guiAddress = "${ip}:8384";
smartd = {
enable = true;
devices = [{ device = "/dev/nvme0n1"; }];
@@ -183,24 +137,4 @@ in
endpointPublicKey = endpointPublicKey;
};
};
- systemd.services.buildkitd.wantedBy = lib.mkForce [ ];
- systemd.services.containerd.wantedBy = lib.mkForce [ ];
- systemd.services.docker.wantedBy = lib.mkForce [ ];
- systemd.services.docker.requires = [ "containerd.socket" ];
- /*
- virtualisation.containers = {
- enable = true;
- registries = {
- search = [ "registry.fedoraproject.org" "registry.access.redhat.com" "registry.centos.org" "docker.io" "quay.io" ];
- };
- policy = {
- default = [{ type = "insecureAcceptAnything"; }];
- transports = {
- docker-daemon = {
- "" = [{ type = "insecureAcceptAnything"; }];
- };
- };
- };
- };
- */
}