Commit 299d67aca8eb
Changed files (13)
machine
modules
machine/wakasu.nix
@@ -7,14 +7,14 @@
../profiles/laptop.nix
../profiles/ssh.nix
../profiles/dev.nix
- ../profiles/containerd.nix
- ../profiles/dockerization.nix
- ../profiles/virtualization.nix
../location/home.nix
../hardware/lenovo-p50.nix
];
profiles.laptop.enable = true;
+ profiles.docker.enable = true;
+ profiles.containerd.enable = true;
+ profiles.virtualization.enable = true;
security.pam.loginLimits = [
{ domain = "@audio"; item = "memlock"; type = "-"; value = "unlimited"; }
{ domain = "@audio"; item = "rtprio"; type = "-"; value = "99"; }
modules/profiles/buildkit.nix
@@ -0,0 +1,31 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+let
+ cfg = config.profiles.buildkit;
+in
+{
+ options = {
+ profiles.buildkit = {
+ enable = mkOption {
+ default = false;
+ description = "Enable buildkit profile";
+ type = types.bool;
+ };
+ };
+ };
+ config = mkIf cfg.enable {
+ profiles.containerd.enable = true;
+ environment.systemPackages = with pkgs; [
+ buildkit
+ ];
+ virtualisation = {
+ buildkitd= {
+ enable = true;
+ package = pkgs.buildkit;
+ packages = [ pkgs.runc-edge pkgs.git ];
+ extraOptions = "--oci-worker=false --containerd-worker=true";
+ };
+ };
+ };
+}
modules/profiles/containerd.nix
@@ -0,0 +1,33 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+let
+ cfg = config.profiles.containerd;
+in
+{
+ options = {
+ profiles.containerd = {
+ enable = mkOption {
+ default = false;
+ description = "Enable containerd profile";
+ type = types.bool;
+ };
+ };
+ };
+ config = mkIf cfg.enable {
+ environment.systemPackages = with pkgs; [
+ cni
+ cni-plugins
+ containerd-edge
+ runc-edge
+ stellar
+ ];
+ virtualisation = {
+ containerd = {
+ enable = true;
+ package = pkgs.containerd-edge;
+ packages = [ pkgs.runc-edge ];
+ };
+ };
+ };
+}
modules/profiles/docker.nix
@@ -0,0 +1,29 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+let
+ cfg = config.profiles.docker;
+in
+{
+ options = {
+ profiles.docker = {
+ enable = mkOption {
+ default = false;
+ description = "Enable docker profile";
+ type = types.bool;
+ };
+ };
+ };
+ config = mkIf cfg.enable {
+ virtualisation = {
+ docker = {
+ enable = true;
+ package = pkgs.docker-edge;
+ liveRestore = false;
+ storageDriver = "overlay2";
+ extraOptions = "--label=type=desktop --experimental --init --debug --add-runtime docker-runc=${pkgs.runc-edge}/bin/runc --default-runtime=docker-runc --containerd=/run/containerd/containerd.sock --insecure-registry 172.30.0.0/16";
+ };
+ };
+ networking.firewall.trustedInterfaces = [ "docker0" ];
+ };
+}
modules/profiles/users.nix
@@ -0,0 +1,68 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+let
+ cfg = config.profiles.users;
+in
+{
+ options = {
+ profiles.users = {
+ enable = mkOption {
+ default = true;
+ description = "Enable users profile";
+ type = types.bool;
+ };
+ user = mkOption {
+ default = "vincent";
+ description = "Username to use when creating user";
+ type = types.str;
+ };
+ # add more options (like openssh keys and config)
+ };
+ };
+ config = mkIf cfg.enable {
+ users = {
+ extraUsers = {
+ ${cfg.user} = {
+ isNormalUser = true;
+ uid = 1000;
+ createHome = true;
+ extraGroups = [ "wheel" "input" ] ++ optionals config.profiles.desktop.enable ["audio" "video" "scanner"]
+ ++ optionals config.profiles.docker.enable [ "docker" ]
+ ++ optionals config.profiles.buildkit.enable [ "buildkit" ]
+ ++ optionals config.profiles.virtualization.enable [ "libvirtd" "vboxusers" ];
+ shell = if config.programs.fish.enable then pkgs.fish else pkgs.bash;
+ initialPassword = "changeMe";
+ openssh.authorizedKeys.keys =
+ with import ../../assets/machines.nix; [ ssh.honshu.key ssh.kerkouane.key ssh.hokkaido.key ssh.california.key ssh.shikoku.key ssh.massimo.key ssh.carthage.key ssh.wakasu.key ssh.iphone.key ];
+ subUidRanges = [{ startUid = 100000; count = 65536; }];
+ subGidRanges = [{ startGid = 100000; count = 65536; }];
+ };
+ };
+ };
+ programs.ssh.extraConfig = with import ../../assets/machines.nix; ''
+ Host kerkouane kerkouane.sbr.pm
+ Hostname kerkouane.sbr.pm
+ Port ${toString ssh.kerkouane.port}
+ Host kerkouane.vpn ${wireguard.ips.kerkouane}
+ Hostname ${wireguard.ips.kerkouane}
+ Port ${toString ssh.kerkouane.port}
+ Host carthage carthage.sbr.pm
+ Hostname carthage.sbr.pm
+ Port ${toString ssh.carthage.port}
+ Host carthage.vpn ${wireguard.ips.carthage}
+ Hostname ${wireguard.ips.carthage}
+ Port ${toString ssh.carthage.port}
+ Host honshu.vpn ${wireguard.ips.honshu}
+ Hostname ${wireguard.ips.honshu}
+ Host shikoku.vpn ${wireguard.ips.shikoku}
+ Hostname ${wireguard.ips.shikoku}
+ Host hokkaido.vpn ${wireguard.ips.hokkaido}
+ Hostname ${wireguard.ips.hokkaido}
+ Host massimo.vpn ${wireguard.ips.massimo}
+ Hostname ${wireguard.ips.massimo}
+ Host wakasu.vpn ${wireguard.ips.wakasu}
+ Hostname ${wireguard.ips.wakasu}
+ '';
+ };
+}
modules/profiles/virtualization.nix
@@ -0,0 +1,26 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+let
+ cfg = config.profiles.virtualization;
+in
+{
+ options = {
+ profiles.virtualization = {
+ enable = mkOption {
+ default = false;
+ description = "Enable virtualization profile";
+ type = types.bool;
+ };
+ };
+ };
+ config = mkIf cfg.enable {
+ virtualisation.libvirtd = {
+ enable = true;
+ };
+ environment.systemPackages = with pkgs; [
+ qemu
+ vde2
+ ];
+ };
+}
modules/module-list.nix
@@ -2,12 +2,17 @@
{
imports = [
+ ./profiles/buildkit.nix
./profiles/fish.nix
+ ./profiles/containerd.nix
./profiles/desktop.nix
+ ./profiles/docker.nix
./profiles/i18n.nix
./profiles/nix-config.nix
./profiles/nix-auto-update.nix
./profiles/laptop.nix
+ ./profiles/users.nix
+ ./profiles/virtualization.nix
./programs/podman.nix
./services/syncthing.nix
./services/wireguard.client.nix
profiles/buildkitd.nix
@@ -1,16 +0,0 @@
-{ config, pkgs, ... }:
-
-{
- imports = [ ./containerd.nix ];
- environment.systemPackages = with pkgs; [
- buildkit
- ];
- virtualisation = {
- buildkitd= {
- enable = true;
- package = pkgs.buildkit;
- packages = [ pkgs.runc-edge pkgs.git ];
- extraOptions = "--oci-worker=false --containerd-worker=true";
- };
- };
-}
profiles/containerd.nix
@@ -1,18 +0,0 @@
-{ config, pkgs, ... }:
-
-{
- environment.systemPackages = with pkgs; [
- cni
- cni-plugins
- containerd-edge
- runc-edge
- stellar
- ];
- virtualisation = {
- containerd = {
- enable = true;
- package = pkgs.containerd-edge;
- packages = [ pkgs.runc-edge ];
- };
- };
-}
profiles/default.nix
@@ -2,7 +2,6 @@
{
imports = [
- ./users.nix
./overlays.nix
];
boot.loader.systemd-boot.enable = true;
profiles/dockerization.nix
@@ -1,15 +0,0 @@
-# Docker configuration
-{ config, pkgs, ...}:
-
-{
- virtualisation = {
- docker = {
- enable = true;
- package = pkgs.docker-edge;
- liveRestore = false;
- storageDriver = "overlay2";
- extraOptions = "--label=type=desktop --experimental --init --debug --add-runtime docker-runc=${pkgs.runc-edge}/bin/runc --default-runtime=docker-runc --containerd=/run/containerd/containerd.sock --insecure-registry 172.30.0.0/16";
- };
- };
- networking.firewall.trustedInterfaces = [ "docker0" ];
-}
profiles/users.nix
@@ -1,44 +0,0 @@
-{ config, pkgs, ... }:
-
-{
- users = {
- extraUsers = {
- vincent = {
- isNormalUser = true;
- uid = 1000;
- createHome = true;
- extraGroups = [ "networkmanager" "wheel" "docker" "buildkit" "vboxusers" "libvirtd" "input" "audio" "video" "scanner" ];
- shell = if config.programs.fish.enable then pkgs.fish else pkgs.bash;
- initialPassword = "changeMe";
- openssh.authorizedKeys.keys =
- with import ../assets/machines.nix; [ ssh.honshu.key ssh.kerkouane.key ssh.hokkaido.key ssh.california.key ssh.shikoku.key ssh.massimo.key ssh.carthage.key ssh.wakasu.key ssh.iphone.key ];
- subUidRanges = [{ startUid = 100000; count = 65536; }];
- subGidRanges = [{ startGid = 100000; count = 65536; }];
- };
- };
- };
- programs.ssh.extraConfig = with import ../assets/machines.nix; ''
-Host kerkouane kerkouane.sbr.pm
- Hostname kerkouane.sbr.pm
- Port ${toString ssh.kerkouane.port}
-Host kerkouane.vpn ${wireguard.ips.kerkouane}
- Hostname ${wireguard.ips.kerkouane}
- Port ${toString ssh.kerkouane.port}
-Host carthage carthage.sbr.pm
- Hostname carthage.sbr.pm
- Port ${toString ssh.carthage.port}
-Host carthage.vpn ${wireguard.ips.carthage}
- Hostname ${wireguard.ips.carthage}
- Port ${toString ssh.carthage.port}
-Host honshu.vpn ${wireguard.ips.honshu}
- Hostname ${wireguard.ips.honshu}
-Host shikoku.vpn ${wireguard.ips.shikoku}
- Hostname ${wireguard.ips.shikoku}
-Host hokkaido.vpn ${wireguard.ips.hokkaido}
- Hostname ${wireguard.ips.hokkaido}
-Host massimo.vpn ${wireguard.ips.massimo}
- Hostname ${wireguard.ips.massimo}
-Host wakasu.vpn ${wireguard.ips.wakasu}
-Hostname ${wireguard.ips.wakasu}
- '';
-}
profiles/virtualization.nix
@@ -1,12 +0,0 @@
-# Virtualization configuration
-{ config, pkgs, ... }:
-
-{
- virtualisation.libvirtd = {
- enable = true;
- };
- environment.systemPackages = with pkgs; [
- qemu
- vde2
- ];
-}