commit 4a4de66c12dd3e60ef7915bcd833416e7a635dd8
parent 796eecb43ab49e3e4e66a459b9ef190b06c72877
Author: Vincent Demeester <vincent@sbr.pm>
Date: Thu, 10 Mar 2022 09:35:19 +0100
systems: have a 'stable' modules system for morph
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Diffstat:
9 files changed, 142 insertions(+), 29 deletions(-)
diff --git a/ops/home/network.nix b/ops/home/network.nix
@@ -9,30 +9,30 @@ in
description = "Home network";
};
- "k8sn1" = { config, pkgs, lib, ... }: {
- deployment.targetUser = "root";
- deployment.targetHost = "${metadata.hosts.k8sn1.addrs.v4}";
- deployment.tags = [ "kubernetes" "master" ];
- deployment.healthChecks = {
- cmd = [{
- cmd = [ "kubectl" "--kubeconfig=/etc/kubernetes/cluster-admin.kubeconfig" "version" ];
- description = "Validating that kubectl is available and a cluster is running";
- }];
- };
- imports = [ ../../systems/hosts/k8sn1.nix ];
- };
- "k8sn2" = { config, pkgs, lib, ... }: {
- deployment.targetUser = "root";
- deployment.targetHost = "${metadata.hosts.k8sn2.addrs.v4}";
- deployment.tags = [ "kubernetes" "worker" ];
- imports = [ ../../systems/hosts/k8sn2.nix ];
- };
- "k8sn3" = { config, pkgs, lib, ... }: {
- deployment.targetUser = "root";
- deployment.targetHost = "${metadata.hosts.k8sn3.addrs.v4}";
- deployment.tags = [ "kubernetes" "worker" ];
- imports = [ ../../systems/hosts/k8sn3.nix ];
- };
+ # "k8sn1" = { config, pkgs, lib, ... }: {
+ # deployment.targetUser = "root";
+ # deployment.targetHost = "${metadata.hosts.k8sn1.addrs.v4}";
+ # deployment.tags = [ "kubernetes" "master" ];
+ # deployment.healthChecks = {
+ # cmd = [{
+ # cmd = [ "kubectl" "--kubeconfig=/etc/kubernetes/cluster-admin.kubeconfig" "version" ];
+ # description = "Validating that kubectl is available and a cluster is running";
+ # }];
+ # };
+ # imports = [ ../../systems/hosts/k8sn1.nix ];
+ # };
+ # "k8sn2" = { config, pkgs, lib, ... }: {
+ # deployment.targetUser = "root";
+ # deployment.targetHost = "${metadata.hosts.k8sn2.addrs.v4}";
+ # deployment.tags = [ "kubernetes" "worker" ];
+ # imports = [ ../../systems/hosts/k8sn2.nix ];
+ # };
+ # "k8sn3" = { config, pkgs, lib, ... }: {
+ # deployment.targetUser = "root";
+ # deployment.targetHost = "${metadata.hosts.k8sn3.addrs.v4}";
+ # deployment.tags = [ "kubernetes" "worker" ];
+ # imports = [ ../../systems/hosts/k8sn3.nix ];
+ # };
"wakasu" = { config, pkgs, lib, ... }: {
deployment.targetUser = "root";
deployment.targetHost = "wakasu.home";
diff --git a/systems/hosts/k8sn1.nix b/systems/hosts/k8sn1.nix
@@ -12,7 +12,7 @@ in
imports = [
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
(import ../../nix).home-manager-stable
- ../modules
+ ../modules/default.stable.nix
# FIXME Need to refactor vincent user as.. it's adding way to much by default...
# (import ../../../users).vincent
(import ../../users).root
diff --git a/systems/hosts/k8sn2.nix b/systems/hosts/k8sn2.nix
@@ -12,7 +12,7 @@ in
imports = [
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
(import ../../nix).home-manager-stable
- ../modules
+ ../modules/default.stable.nix
# FIXME Need to refactor vincent user as.. it's adding way to much by default...
# (import ../../../users).vincent
(import ../../users).root
diff --git a/systems/hosts/k8sn3.nix b/systems/hosts/k8sn3.nix
@@ -12,7 +12,7 @@ in
imports = [
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
(import ../../nix).home-manager-stable
- ../modules
+ ../modules/default.stable.nix
# FIXME Need to refactor vincent user as.. it's adding way to much by default...
# (import ../../../users).vincent
(import ../../users).root
diff --git a/systems/hosts/sakhalin.nix b/systems/hosts/sakhalin.nix
@@ -16,7 +16,7 @@ in
imports = [
../hardware/gigabyte-brix.nix
(import ../../nix).home-manager-stable
- ../modules
+ ../modules/default.stable.nix
(import ../../users).vincent
(import ../../users).root
];
diff --git a/systems/hosts/wakasu.nix b/systems/hosts/wakasu.nix
@@ -16,7 +16,7 @@ in
imports = [
../hardware/lenovo-p50.nix
(import ../../nix).home-manager-stable
- ../modules
+ ../modules/default.stable.nix
(import ../../users).vincent
(import ../../users).root
];
diff --git a/systems/modules/default.stable.nix b/systems/modules/default.stable.nix
@@ -0,0 +1,12 @@
+{
+ imports = [
+ ./core
+ ./hardware
+ ./profiles/default.stable.nix
+ ./programs
+ ./services
+ ./virtualisation
+ "${(import ../../nix/sources.nix).sops-nix}/modules/sops"
+ ];
+ sops.defaultSopsFile = ../../secrets/secrets.yaml;
+}
diff --git a/systems/modules/profiles/default.stable.nix b/systems/modules/profiles/default.stable.nix
@@ -0,0 +1,34 @@
+{
+ imports = [
+ ./avahi.nix
+ ./base.nix
+ ./builder.nix
+ ./desktop.nix
+ ./dev.nix
+ ./dns.nix
+ ./docker.stable.nix
+ ./gaming.nix
+ ./git.nix
+ ./gnome.nix
+ ./home.nix
+ ./i18n.nix
+ ./i3.nix
+ ./ipfs.nix
+ ./kubernetes.nix
+ ./laptop.nix
+ ./mail.nix
+ ./nix-auto-update.nix
+ ./printing.nix
+ ./pulseaudio.nix
+ ./qemu.nix
+ ./redhat.nix
+ ./scanning.nix
+ ./ssh.nix
+ ./syncthing.nix
+ ./sway.nix
+ ./virtualization.nix
+ ./wireguard.server.nix
+ ./yubikey.nix
+ ./zsh.nix
+ ];
+}
diff --git a/systems/modules/profiles/docker.stable.nix b/systems/modules/profiles/docker.stable.nix
@@ -0,0 +1,67 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+let
+ cfg = config.profiles.docker;
+in
+{
+ options = {
+ profiles.docker = {
+ enable = mkEnableOption "Enable docker profile";
+ package = mkOption {
+ default = pkgs.docker-edge;
+ description = "docker package to be used";
+ type = types.package;
+ };
+ runcPackage = mkOption {
+ default = pkgs.runc;
+ description = "runc package to be used";
+ type = types.package;
+ };
+ };
+ };
+ config = mkIf cfg.enable {
+ virtualisation = {
+ containerd = {
+ enable = true;
+ };
+ buildkitd = {
+ enable = true;
+ settings = {
+ worker.oci = {
+ enabled = false;
+ };
+ worker.containerd = {
+ enabled = true;
+ platforms = [ "linux/amd64" "linux/arm64" ];
+ namespace = "buildkit";
+ };
+ registry = {
+ "r.svc.home:5000" = {
+ http = true;
+ insecure = true;
+ };
+ "r.svc.home" = {
+ http = true;
+ insecure = true;
+ };
+ };
+ };
+ };
+ docker = {
+ enable = true;
+ package = cfg.package;
+ liveRestore = false;
+ storageDriver = "overlay2";
+ extraOptions = "--experimental --add-runtime docker-runc=${cfg.runcPackage}/bin/runc --default-runtime=docker-runc --containerd=/run/containerd/containerd.sock";
+ };
+ };
+ environment.etc."docker/daemon.json".text = ''
+ {"features":{"buildkit": true}, "insecure-registries": ["172.30.0.0/16", "192.168.12.0/16", "massimo.home:5000", "r.svc.home:5000", "r.svc.home" ]}
+ '';
+ environment.systemPackages = with pkgs; [
+ my.buildx
+ ];
+ networking.firewall.trustedInterfaces = [ "docker0" ];
+ };
+}