home

Unnamed repository; edit this file 'description' to name the repository.
Log | Files | Refs | README | LICENSE

commit 8035f22061f9e9a962de573f79b65107aac36feb
parent 5b00437c986ebd0e4e751596d504c27ade694c46
Author: Vincent Demeester <vincent@sbr.pm>
Date:   Fri,  7 May 2021 13:58:08 +0200

flake: add a fake okinawa to try version check

Signed-off-by: Vincent Demeester <vincent@sbr.pm>

Diffstat:
Asystems/hosts/okinawa.flake.nix | 53+++++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 53 insertions(+), 0 deletions(-)

diff --git a/systems/hosts/okinawa.flake.nix b/systems/hosts/okinawa.flake.nix @@ -0,0 +1,53 @@ +{ pkgs, lib, ... }: + +with lib; +let + secretPath = ../../secrets/machines.nix; + secretCondition = (builtins.pathExists secretPath); + + ip = strings.optionalString secretCondition (import secretPath).wireguard.ips."${hostname}"; + ips = lists.optionals secretCondition ([ "${ip}/24" ]); + endpointIP = strings.optionalString secretCondition (import secretPath).wg.endpointIP; + endpointPort = if secretCondition then (import secretPath).wg.listenPort else 0; + endpointPublicKey = strings.optionalString secretCondition (import secretPath).wireguard.kerkouane.publicKey; +in +{ + modules = { + editors = { + default = "vim"; + vim.enable = true; + }; + shell = { + direnv.enable = true; + git.enable = true; + gnupg.enable = true; + tmux.enable = true; + zsh.enable = true; + }; + virtualisation = { + libvirt.enable = true; + libvirt.nested = true; + }; + }; + profiles = { + home.enable = true; + }; + + environment.systemPackages = with pkgs; [ tektoncd-cli nyxt ]; + + virtualisation.podman.enable = true; + virtualisation.containers = { + enable = true; + registries = { + search = [ "registry.fedoraproject.org" "registry.access.redhat.com" "registry.centos.org" "docker.io" "quay.io" ]; + }; + policy = { + default = [{ type = "insecureAcceptAnything"; }]; + transports = { + docker-daemon = { + "" = [{ type = "insecureAcceptAnything"; }]; + }; + }; + }; + }; +}