Commit 99d3979c0da4
Changed files (14)
systems
users
vincent
systems/modules/profiles/docker.nix
@@ -1,77 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-let
- cfg = config.profiles.docker;
-in
-{
- options = {
- profiles.docker = {
- enable = mkEnableOption "Enable docker profile";
- package = mkOption {
- default = pkgs.docker;
- description = "docker package to be used";
- type = types.package;
- };
- runcPackage = mkOption {
- default = pkgs.runc;
- description = "runc package to be used";
- type = types.package;
- };
- };
- };
- config = mkIf cfg.enable {
- virtualisation = {
- containerd = {
- enable = true;
- };
- buildkitd = {
- enable = true;
- settings = {
- worker.oci = {
- enabled = false;
- };
- worker.containerd = {
- enabled = true;
- platforms = [ "linux/amd64" "linux/arm64" ];
- namespace = "buildkit";
- };
- registry = {
- "r.svc.home:5000" = {
- http = true;
- insecure = true;
- };
- "r.svc.home" = {
- http = true;
- insecure = true;
- };
- };
- };
- };
- docker = {
- enable = true;
- package = cfg.package;
- liveRestore = false;
- storageDriver = "overlay2";
- daemon.settings = {
- experimental = true;
- bip = "172.26.0.1/16";
- runtimes = {
- "docker-runc" = {
- path = "${cfg.runcPackage}/bin/runc";
- };
- };
- default-runtime = "docker-runc";
- containerd = "/run/containerd/containerd.sock";
- features = { buildkit = true; };
- insecure-registries = [ "172.30.0.0/16" "192.168.12.0/16" "shikoku.home:5000" "r.svc.home:5000" "r.svc.home" ];
- seccomp-profile = ./docker/my-seccomp.json;
- };
- };
- };
- environment.systemPackages = with pkgs; [
- docker-buildx
- ];
- networking.firewall.trustedInterfaces = [ "docker0" ];
- };
-}
systems/modules/profiles/gaming.nix
@@ -1,26 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-let
- cfg = config.profiles.gaming;
-in
-{
- options = {
- profiles.gaming = {
- enable = mkEnableOption "Enable gaming profile";
- };
- };
- config = mkIf cfg.enable {
- hardware = {
- opengl = {
- driSupport32Bit = true;
- };
- };
- services.udev.extraRules = ''
- # Steam controller
- SUBSYSTEM=="usb", ATTRS{idVendor}=="28de", MODE="0666"
- KERNEL=="uinput", MODE="0660", GROUP="users", OPTIONS+="static_node=uinput"
- '';
- environment.systemPackages = with pkgs; [ steam ];
- };
-}
systems/modules/profiles/i18n.nix
@@ -1,24 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-let
- cfg = config.profiles.i18n;
-in
-{
- options = {
- profiles.i18n = {
- enable = mkOption {
- default = true;
- description = "Enable i18n profile";
- type = types.bool;
- };
- };
- };
- config = mkIf cfg.enable {
- console.keyMap = "fr-bepo";
- console.font = "Lat2-Terminus16";
- i18n = {
- defaultLocale = "en_US.UTF-8";
- };
- };
-}
systems/modules/profiles/ipfs.nix
@@ -1,39 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-let
- cfg = config.profiles.ipfs;
-in
-{
- options = {
- profiles.ipfs = {
- enable = mkEnableOption "Enable ipfs profile";
- autoMount = mkOption {
- default = true;
- description = "Automount /ipfs and /ipns";
- type = types.bool;
- };
- localDiscovery = mkOption {
- default = true;
- description = "Enable local discovery, switch profile to server if disable";
- type = types.bool;
- };
- extraConfig = mkOption {
- default = {
- Datastore.StorageMax = "40GB";
- };
- description = "Extra ipfs daemon configuration";
- type = types.attrs;
- };
- };
- };
- config = mkIf cfg.enable {
- services.ipfs = {
- enable = true;
- enableGC = true;
- localDiscovery = cfg.localDiscovery;
- autoMount = cfg.autoMount;
- extraConfig = cfg.extraConfig;
- };
- };
-}
systems/modules/profiles/kubernetes.nix
@@ -1,60 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-let
- inherit (lib) mkEnableOption mkOption mkIf mkDefault mkOverride types optionals;
- cfg = config.profiles.kubernetes;
-in
-{
- options.profiles.kubernetes = {
- master = {
- enable = mkEnableOption "Make this node a master node";
- ip = mkOption {
- description = "master node address";
- type = types.str;
- };
- hostname = mkOption {
- default = "api.kube";
- description = "master node hostname";
- type = types.str;
- };
- port = mkOption {
- default = 6443;
- description = "port the apiserver will expose";
- type = types.int;
- };
- };
- };
- config = mkIf cfg.enable {
- networking = {
- firewall.allowedTCPPorts = [ 80 443 6443 ];
- extraHosts = "${cfg.master.ip} ${cfg.master.hostname}";
- };
-
- boot.kernelModules = [ "ceph" ];
-
- # packages for administration tasks
- environment.systemPackages = with pkgs; [
- kubectl
- kubernetes
- ];
-
- services.kubernetes = {
- roles = [ "node" ] ++ optionals cfg.master.enable [ "master" ];
- masterAddress = cfg.master.hostname;
- apiserverAddress = "https://${cfg.master.hostname}:${toString cfg.master.port}";
- kubeconfig.server = "https://${cfg.master.hostname}:${toString cfg.master.port}";
- easyCerts = true;
- apiserver = mkIf cfg.master.enable {
- securePort = cfg.master.port;
- advertiseAddress = cfg.master.ip;
- };
- # TODO: Remove this when switching to 21.11
- controllerManager.extraOpts = "--horizontal-pod-autoscaler-use-rest-clients=false";
- # use coredns
- addons.dns.enable = true;
-
- # needed if you use swap
- kubelet.extraOpts = "--fail-swap-on=false --root-dir=/var/lib/kubelet";
- };
- };
-}
systems/modules/profiles/laptop.nix
@@ -1,18 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-let
- cfg = config.profiles.laptop;
-in
-{
- options = {
- profiles.laptop = {
- enable = mkEnableOption "Enable laptop profile";
- };
- };
- config = mkIf cfg.enable {
- warnings = [ "The option 'profiles.laptop' is deprecated, use 'modules.hardware.laptop' instead" ];
- # Use modules.hardware.enable instead
- modules.hardware.laptop.enable = true;
- };
-}
systems/modules/profiles/mail.nix
@@ -1,23 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-let
- cfg = config.profiles.mail;
-in
-{
- options = {
- profiles.mail = {
- enable = mkOption {
- default = true;
- description = "Enable mail profile";
- type = types.bool;
- };
- };
- };
- config = mkIf (cfg.enable) {
- sops.secrets.msmtprc = {
- path = "/etc/msmtprc";
- };
- environment.systemPackages = with pkgs; [ msmtp ];
- };
-}
systems/modules/profiles/nix-auto-update.nix
@@ -1,79 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-let
- cfg = config.profiles.nix-auto-update;
-in
-{
- options = {
- profiles.nix-auto-update = {
- enable = mkOption {
- default = false;
- description = "Enable nix-auto-update profile";
- type = types.bool;
- };
- autoUpgrade = mkOption {
- default = true;
- description = "Automatically try to upgrade the system";
- type = types.bool;
- };
- dates = mkOption {
- default = "weekly";
- description = "Specification (in the format described by systemd.time(7)) of the time at which the auto-update will run. ";
- type = types.str;
- };
- version = mkOption {
- default = "20.03";
- description = "System version (NixOS)";
- type = types.str;
- };
- };
- };
- config = mkIf cfg.enable (mkMerge [
- {
- system = {
- stateVersion = cfg.version;
- };
- }
- (
- mkIf cfg.autoUpgrade {
- systemd.services.nixos-update = {
- description = "NixOS Upgrade";
- unitConfig.X-StopOnRemoval = false;
- restartIfChanged = false;
- serviceConfig.Type = "oneshot";
- environment = config.nix.envVars
- // {
- inherit (config.environment.sessionVariables) NIX_PATH;
- HOME = "/root";
- };
- script = ''
- export PATH=/run/current-system/sw/bin
- cd /etc/nixos/
- make switch
- '';
- startAt = cfg.dates;
- onFailure = [ "status-email-root@%n.service" ];
- };
- systemd.services.etc-nixos-git-update = {
- description = "Update NixOS source git repository";
- unitConfig.X-StopOnRemoval = false;
- restartIfChanged = false;
- serviceConfig.Type = "oneshot";
- serviceConfig.User = "vincent";
- environment = config.nix.envVars
- // {
- inherit (config.environment.sessionVariables) NIX_PATH;
- };
- script = ''
- export PATH=/run/current-system/sw/bin
- cd /etc/nixos/
- git pull --rebase --autostash --recurse-submodules
- '';
- startAt = "daily";
- onFailure = [ "status-email-root@%n.service" ];
- };
- }
- )
- ]);
-}
systems/modules/profiles/printing.nix
@@ -1,21 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-let
- cfg = config.profiles.printing;
-in
-{
- options = {
- profiles.printing = {
- enable = mkEnableOption "Enable printing profile";
- };
- };
- config = mkIf cfg.enable {
- services = {
- printing = {
- enable = true;
- drivers = [ pkgs.gutenprint ];
- };
- };
- };
-}
systems/modules/profiles/qemu.nix
@@ -1,50 +0,0 @@
-{ config, pkgs, lib, ... }:
-
-with lib;
-let
- cfg = config.profiles.qemu-user;
- arm = {
- interpreter = "${pkgs.qemu-user-arm}/bin/qemu-arm";
- magicOrExtension = ''\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x28\x00'';
- mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\x00\xff\xfe\xff\xff\xff'';
- };
- aarch64 = {
- interpreter = "${pkgs.qemu-user-arm64}/bin/qemu-aarch64";
- magicOrExtension = ''\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xb7\x00'';
- mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\x00\xff\xfe\xff\xff\xff'';
- };
- riscv64 = {
- interpreter = "${pkgs.qemu-riscv64}/bin/qemu-riscv64";
- magicOrExtension = ''\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xf3\x00'';
- mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\x00\xff\xfe\xff\xff\xff'';
- };
-in
-{
- options = {
- profiles.qemu-user = {
- arm = mkEnableOption "enable 32bit arm emulation";
- aarch64 = mkEnableOption "enable 64bit arm emulation";
- riscv64 = mkEnableOption "enable 64bit riscv emulation";
- };
- nix.supportedPlatforms = mkOption {
- type = types.listOf types.str;
- description = "extra platforms that nix will run binaries for";
- default = [ ];
- };
- };
- config = mkIf (cfg.arm || cfg.aarch64) {
- nixpkgs = {
- overlays = [ (import ../../../overlays/qemu/default.nix) ];
- };
- boot.binfmt.registrations =
- optionalAttrs cfg.arm { inherit arm; }
- // optionalAttrs cfg.aarch64 { inherit aarch64; }
- // optionalAttrs cfg.riscv64 { inherit riscv64; };
- nix.supportedPlatforms = (optionals cfg.arm [ "armv6l-linux" "armv7l-linux" ])
- ++ (optional cfg.aarch64 "aarch64-linux");
- nix.extraOptions = ''
- extra-platforms = ${toString config.nix.supportedPlatforms} i686-linux
- '';
- nix.sandboxPaths = [ "/run/binfmt" ] ++ (optional cfg.arm "${pkgs.qemu-user-arm}") ++ (optional cfg.aarch64 "${pkgs.qemu-user-arm64}");
- };
-}
systems/modules/profiles/scanning.nix
@@ -1,24 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-let
- cfg = config.profiles.scanning;
-in
-{
- options = {
- profiles.scanning = {
- enable = mkEnableOption "Enable scanning profile";
- };
- };
- config = mkIf cfg.enable {
- environment.systemPackages = with pkgs; [
- sane-frontends
- sane-backends
- simple-scan
- ];
- hardware.sane = {
- enable = true;
- extraConfig = { "pixma" = "bjnp://192.168.1.16"; };
- };
- };
-}
systems/modules/profiles/zsh.nix
@@ -1,22 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-let
- cfg = config.profiles.zsh;
-in
-{
- options = {
- profiles.zsh = {
- enable = mkOption {
- default = true;
- description = "Enable zsh profile";
- type = types.bool;
- };
- };
- };
- config = mkIf cfg.enable {
- programs.zsh = {
- enable = true;
- };
- };
-}
users/vincent/default.nix
@@ -24,7 +24,7 @@ in
extraGroups = [ "wheel" "input" ]
++ optionals config.networking.networkmanager.enable [ "networkmanager" ]
++ optionals config.modules.desktop.enable [ "audio" "video" ]
- ++ optionals config.profiles.scanning.enable [ "lp" "scanner" ]
+ # ++ optionals config.profiles.scanning.enable [ "lp" "scanner" ]
++ optionals config.networking.networkmanager.enable [ "networkmanager" ]
++ optionals config.virtualisation.docker.enable [ "docker" ]
++ optionals config.virtualisation.buildkitd.enable [ "buildkit" ]
@@ -99,11 +99,11 @@ in
];
}
]
- ++ optionals config.profiles.docker.enable [
- {
- home.packages = with pkgs; [ docker docker-compose dive ];
- }
- ]
+ # ++ optionals config.virtualisation.docker.enable [
+ # {
+ # home.packages = with pkgs; [ docker docker-compose dive ];
+ # }
+ # ]
#++ optionals config.profiles.redhat.enable [{
# home.file.".local/share/applications/redhat-vpn.desktop".source = ./redhat/redhat-vpn.desktop;
# home.packages = with pkgs; [ gnome3.zenity oathToolkit ];
flake.nix
@@ -61,19 +61,9 @@
./systems/modules/profiles/base.nix
./systems/modules/profiles/builder.nix
./systems/modules/profiles/dns.nix
- ./systems/modules/profiles/docker.nix
./systems/modules/profiles/home.nix
- ./systems/modules/profiles/i18n.nix
- ./systems/modules/profiles/ipfs.nix
- ./systems/modules/profiles/kubernetes.nix
- ./systems/modules/profiles/laptop.nix
- ./systems/modules/profiles/mail.nix
- ./systems/modules/profiles/printing.nix
- ./systems/modules/profiles/qemu.nix
./systems/modules/profiles/redhat.nix
- ./systems/modules/profiles/scanning.nix
./systems/modules/profiles/wireguard.server.nix
- ./systems/modules/profiles/zsh.nix
inputs.sops-nix.nixosModules.sops
# inputs.envfs.nixosModules.envfs
{