home

My NixOS systems configurations.
Log | Files | Refs | LICENSE

commit 4a4de66c12dd3e60ef7915bcd833416e7a635dd8
parent 796eecb43ab49e3e4e66a459b9ef190b06c72877
Author: Vincent Demeester <vincent@sbr.pm>
Date:   Thu, 10 Mar 2022 09:35:19 +0100

systems: have a 'stable' modules system for morph

Signed-off-by: Vincent Demeester <vincent@sbr.pm>

Diffstat:
Mops/home/network.nix | 48++++++++++++++++++++++++------------------------
Msystems/hosts/k8sn1.nix | 2+-
Msystems/hosts/k8sn2.nix | 2+-
Msystems/hosts/k8sn3.nix | 2+-
Msystems/hosts/sakhalin.nix | 2+-
Msystems/hosts/wakasu.nix | 2+-
Asystems/modules/default.stable.nix | 12++++++++++++
Asystems/modules/profiles/default.stable.nix | 34++++++++++++++++++++++++++++++++++
Asystems/modules/profiles/docker.stable.nix | 67+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
9 files changed, 142 insertions(+), 29 deletions(-)

diff --git a/ops/home/network.nix b/ops/home/network.nix @@ -9,30 +9,30 @@ in description = "Home network"; }; - "k8sn1" = { config, pkgs, lib, ... }: { - deployment.targetUser = "root"; - deployment.targetHost = "${metadata.hosts.k8sn1.addrs.v4}"; - deployment.tags = [ "kubernetes" "master" ]; - deployment.healthChecks = { - cmd = [{ - cmd = [ "kubectl" "--kubeconfig=/etc/kubernetes/cluster-admin.kubeconfig" "version" ]; - description = "Validating that kubectl is available and a cluster is running"; - }]; - }; - imports = [ ../../systems/hosts/k8sn1.nix ]; - }; - "k8sn2" = { config, pkgs, lib, ... }: { - deployment.targetUser = "root"; - deployment.targetHost = "${metadata.hosts.k8sn2.addrs.v4}"; - deployment.tags = [ "kubernetes" "worker" ]; - imports = [ ../../systems/hosts/k8sn2.nix ]; - }; - "k8sn3" = { config, pkgs, lib, ... }: { - deployment.targetUser = "root"; - deployment.targetHost = "${metadata.hosts.k8sn3.addrs.v4}"; - deployment.tags = [ "kubernetes" "worker" ]; - imports = [ ../../systems/hosts/k8sn3.nix ]; - }; + # "k8sn1" = { config, pkgs, lib, ... }: { + # deployment.targetUser = "root"; + # deployment.targetHost = "${metadata.hosts.k8sn1.addrs.v4}"; + # deployment.tags = [ "kubernetes" "master" ]; + # deployment.healthChecks = { + # cmd = [{ + # cmd = [ "kubectl" "--kubeconfig=/etc/kubernetes/cluster-admin.kubeconfig" "version" ]; + # description = "Validating that kubectl is available and a cluster is running"; + # }]; + # }; + # imports = [ ../../systems/hosts/k8sn1.nix ]; + # }; + # "k8sn2" = { config, pkgs, lib, ... }: { + # deployment.targetUser = "root"; + # deployment.targetHost = "${metadata.hosts.k8sn2.addrs.v4}"; + # deployment.tags = [ "kubernetes" "worker" ]; + # imports = [ ../../systems/hosts/k8sn2.nix ]; + # }; + # "k8sn3" = { config, pkgs, lib, ... }: { + # deployment.targetUser = "root"; + # deployment.targetHost = "${metadata.hosts.k8sn3.addrs.v4}"; + # deployment.tags = [ "kubernetes" "worker" ]; + # imports = [ ../../systems/hosts/k8sn3.nix ]; + # }; "wakasu" = { config, pkgs, lib, ... }: { deployment.targetUser = "root"; deployment.targetHost = "wakasu.home"; diff --git a/systems/hosts/k8sn1.nix b/systems/hosts/k8sn1.nix @@ -12,7 +12,7 @@ in imports = [ <nixpkgs/nixos/modules/profiles/qemu-guest.nix> (import ../../nix).home-manager-stable - ../modules + ../modules/default.stable.nix # FIXME Need to refactor vincent user as.. it's adding way to much by default... # (import ../../../users).vincent (import ../../users).root diff --git a/systems/hosts/k8sn2.nix b/systems/hosts/k8sn2.nix @@ -12,7 +12,7 @@ in imports = [ <nixpkgs/nixos/modules/profiles/qemu-guest.nix> (import ../../nix).home-manager-stable - ../modules + ../modules/default.stable.nix # FIXME Need to refactor vincent user as.. it's adding way to much by default... # (import ../../../users).vincent (import ../../users).root diff --git a/systems/hosts/k8sn3.nix b/systems/hosts/k8sn3.nix @@ -12,7 +12,7 @@ in imports = [ <nixpkgs/nixos/modules/profiles/qemu-guest.nix> (import ../../nix).home-manager-stable - ../modules + ../modules/default.stable.nix # FIXME Need to refactor vincent user as.. it's adding way to much by default... # (import ../../../users).vincent (import ../../users).root diff --git a/systems/hosts/sakhalin.nix b/systems/hosts/sakhalin.nix @@ -16,7 +16,7 @@ in imports = [ ../hardware/gigabyte-brix.nix (import ../../nix).home-manager-stable - ../modules + ../modules/default.stable.nix (import ../../users).vincent (import ../../users).root ]; diff --git a/systems/hosts/wakasu.nix b/systems/hosts/wakasu.nix @@ -16,7 +16,7 @@ in imports = [ ../hardware/lenovo-p50.nix (import ../../nix).home-manager-stable - ../modules + ../modules/default.stable.nix (import ../../users).vincent (import ../../users).root ]; diff --git a/systems/modules/default.stable.nix b/systems/modules/default.stable.nix @@ -0,0 +1,12 @@ +{ + imports = [ + ./core + ./hardware + ./profiles/default.stable.nix + ./programs + ./services + ./virtualisation + "${(import ../../nix/sources.nix).sops-nix}/modules/sops" + ]; + sops.defaultSopsFile = ../../secrets/secrets.yaml; +} diff --git a/systems/modules/profiles/default.stable.nix b/systems/modules/profiles/default.stable.nix @@ -0,0 +1,34 @@ +{ + imports = [ + ./avahi.nix + ./base.nix + ./builder.nix + ./desktop.nix + ./dev.nix + ./dns.nix + ./docker.stable.nix + ./gaming.nix + ./git.nix + ./gnome.nix + ./home.nix + ./i18n.nix + ./i3.nix + ./ipfs.nix + ./kubernetes.nix + ./laptop.nix + ./mail.nix + ./nix-auto-update.nix + ./printing.nix + ./pulseaudio.nix + ./qemu.nix + ./redhat.nix + ./scanning.nix + ./ssh.nix + ./syncthing.nix + ./sway.nix + ./virtualization.nix + ./wireguard.server.nix + ./yubikey.nix + ./zsh.nix + ]; +} diff --git a/systems/modules/profiles/docker.stable.nix b/systems/modules/profiles/docker.stable.nix @@ -0,0 +1,67 @@ +{ config, lib, pkgs, ... }: + +with lib; +let + cfg = config.profiles.docker; +in +{ + options = { + profiles.docker = { + enable = mkEnableOption "Enable docker profile"; + package = mkOption { + default = pkgs.docker-edge; + description = "docker package to be used"; + type = types.package; + }; + runcPackage = mkOption { + default = pkgs.runc; + description = "runc package to be used"; + type = types.package; + }; + }; + }; + config = mkIf cfg.enable { + virtualisation = { + containerd = { + enable = true; + }; + buildkitd = { + enable = true; + settings = { + worker.oci = { + enabled = false; + }; + worker.containerd = { + enabled = true; + platforms = [ "linux/amd64" "linux/arm64" ]; + namespace = "buildkit"; + }; + registry = { + "r.svc.home:5000" = { + http = true; + insecure = true; + }; + "r.svc.home" = { + http = true; + insecure = true; + }; + }; + }; + }; + docker = { + enable = true; + package = cfg.package; + liveRestore = false; + storageDriver = "overlay2"; + extraOptions = "--experimental --add-runtime docker-runc=${cfg.runcPackage}/bin/runc --default-runtime=docker-runc --containerd=/run/containerd/containerd.sock"; + }; + }; + environment.etc."docker/daemon.json".text = '' + {"features":{"buildkit": true}, "insecure-registries": ["172.30.0.0/16", "192.168.12.0/16", "massimo.home:5000", "r.svc.home:5000", "r.svc.home" ]} + ''; + environment.systemPackages = with pkgs; [ + my.buildx + ]; + networking.firewall.trustedInterfaces = [ "docker0" ]; + }; +}