From 0a45d838fff36afda575375a75b9a3e114295676 Mon Sep 17 00:00:00 2001 From: gwg313 Date: Wed, 24 Apr 2024 23:44:30 -0400 Subject: [PATCH] stuff --- common/networking/default.nix | 9 ++ common/networking/zerotier.nix | 25 +++-- common/nixos/packages.nix | 1 + common/virtualization/default.nix | 13 +++ common/virtualization/kubernetes.nix | 29 +++--- common/virtualization/libvirt.nix | 14 ++- common/virtualization/podman.nix | 53 ++++++---- flake.lock | 144 ++++++++++++++++++++++++++- flake.nix | 4 + hosts/candlekeep/configuration.nix | 6 +- 10 files changed, 246 insertions(+), 52 deletions(-) create mode 100644 common/networking/default.nix create mode 100644 common/virtualization/default.nix diff --git a/common/networking/default.nix b/common/networking/default.nix new file mode 100644 index 0000000..0398525 --- /dev/null +++ b/common/networking/default.nix @@ -0,0 +1,9 @@ +{ + config, + lib, + ... +}: { + imports = [./zerotier.nix]; + + zerotier.enable = lib.mkDefault true; +} diff --git a/common/networking/zerotier.nix b/common/networking/zerotier.nix index 137cf4f..31c7ed8 100644 --- a/common/networking/zerotier.nix +++ b/common/networking/zerotier.nix @@ -6,16 +6,21 @@ outputs, ... }: { - services.zerotierone = { - joinNetworks = [ - "ebe7fbd445359e9d" - ]; - enable = true; + options = { + zerotier.enable = lib.mkEnableOption "Enables zerotier and joins my network"; }; + config = lib.mkIf config.zerotier.enable { + services.zerotierone = { + joinNetworks = [ + "ebe7fbd445359e9d" + ]; + enable = true; + }; - networking.extraHosts = '' - 192.168.194.241 nothing.zt - 192.168.191.213 candlekeep.zt - 192.168.191.168 grymforge.zt - ''; + networking.extraHosts = '' + 192.168.194.241 nothing.zt + 192.168.191.213 candlekeep.zt + 192.168.191.168 grymforge.zt + ''; + }; } diff --git a/common/nixos/packages.nix b/common/nixos/packages.nix index 0997eba..bcbad7e 100644 --- a/common/nixos/packages.nix +++ b/common/nixos/packages.nix @@ -27,6 +27,7 @@ nh nix-output-monitor nvd + inputs.superfile.packages.${system}.default ]; environment.sessionVariables = { FLAKE = "/home/${user}/repos/nixos-config"; diff --git a/common/virtualization/default.nix b/common/virtualization/default.nix new file mode 100644 index 0000000..0795823 --- /dev/null +++ b/common/virtualization/default.nix @@ -0,0 +1,13 @@ +{ + config, + pkgs, + user, + lib, + ... +}: { + imports = [./libvirt.nix ./podman.nix ./kubernetes.nix]; + + libvirt.enable = lib.mkDefault true; + podman.enable = lib.mkDefault true; + kubernetes.enable = lib.mkDefault true; +} diff --git a/common/virtualization/kubernetes.nix b/common/virtualization/kubernetes.nix index f736142..549e921 100644 --- a/common/virtualization/kubernetes.nix +++ b/common/virtualization/kubernetes.nix @@ -1,18 +1,23 @@ { config, pkgs, - user, + lib, ... }: { - environment.systemPackages = with pkgs; [ - argocd # Declarative, GitOps continuous delivery tool for Kubernetes. - k3d # Lightweight utility to run Kubernetes clusters using Docker. - k9s # Kubernetes CLI to visually navigate and manage resources in clusters. - kind # Kubernetes IN Docker: Tool for running local Kubernetes clusters using Docker container nodes. - kubectl # Kubernetes command-line tool for interacting with clusters. - kubectx # Switch between Kubernetes contexts and namespaces with ease. - kubernetes-helm # Package manager for Kubernetes applications, simplifying deployment and management. - minikube # Local Kubernetes cluster for easy testing and development. - stern # Multi-container log tailing and streaming for Kubernetes. - ]; + options = { + kubernetes.enable = lib.mkEnableOption "Enables Kubernetes and tooling"; + }; + config = lib.mkIf config.kubernetes.enable { + environment.systemPackages = with pkgs; [ + argocd # Declarative, GitOps continuous delivery tool for Kubernetes. + k3d # Lightweight utility to run Kubernetes clusters using Docker. + k9s # Kubernetes CLI to visually navigate and manage resources in clusters. + kind # Kubernetes IN Docker: Tool for running local Kubernetes clusters using Docker container nodes. + kubectl # Kubernetes command-line tool for interacting with clusters. + kubectx # Switch between Kubernetes contexts and namespaces with ease. + kubernetes-helm # Package manager for Kubernetes applications, simplifying deployment and management. + minikube # Local Kubernetes cluster for easy testing and development. + stern # Multi-container log tailing and streaming for Kubernetes. + ]; + }; } diff --git a/common/virtualization/libvirt.nix b/common/virtualization/libvirt.nix index 9ba50aa..f889035 100644 --- a/common/virtualization/libvirt.nix +++ b/common/virtualization/libvirt.nix @@ -2,10 +2,16 @@ config, pkgs, user, + lib, ... }: { - boot.kernelModules = ["kvm-amd"]; - environment.systemPackages = with pkgs; [virt-manager]; - virtualisation.libvirtd.enable = true; - users.extraGroups.libvirtd.members = ["${user}"]; + options = { + libvirt.enable = lib.mkEnableOption "Enables Libvirt"; + }; + config = lib.mkIf config.libvirt.enable { + boot.kernelModules = ["kvm-amd"]; + environment.systemPackages = with pkgs; [virt-manager]; + virtualisation.libvirtd.enable = true; + users.extraGroups.libvirtd.members = ["${user}"]; + }; } diff --git a/common/virtualization/podman.nix b/common/virtualization/podman.nix index fbf99ac..a09f7f3 100644 --- a/common/virtualization/podman.nix +++ b/common/virtualization/podman.nix @@ -1,24 +1,35 @@ -{pkgs, ...}: { - virtualisation = { - podman = { - enable = true; - - # Create a `docker` alias for podman, to use it as a drop-in replacement - dockerCompat = true; - - # Required for containers under podman-compose to be able to talk to each other. - defaultNetwork.settings.dns_enabled = true; - }; +{ + pkgs, + lib, + config, + ... +}: { + options = { + podman.enable = lib.mkEnableOption "Enables podman and installs container tools"; }; - environment.systemPackages = with pkgs; [ - buildah # Tool for building OCI (Open Container Initiative) and Docker container images. - distrobox # Lightweight utility for running Linux distributions in containers. - dive # A tool for exploring a Docker image, allowing inspection of layer contents. - #grype # A vulnerability scanner for container images and filesystems. - hadolint # Dockerfile linter to analyze and enforce best practices in containerization. - podman-compose # Podman plugin for managing multi-container applications. - podman-tui # Text-based user interface (TUI) for Podman, facilitating container management. - syft # Open-source tool for scanning and analyzing container images for software composition and vulnerabilities. - ]; + config = lib.mkIf config.podman.enable { + virtualisation = { + podman = { + enable = true; + + # Create a `docker` alias for podman, to use it as a drop-in replacement + dockerCompat = true; + + # Required for containers under podman-compose to be able to talk to each other. + defaultNetwork.settings.dns_enabled = true; + }; + }; + + environment.systemPackages = with pkgs; [ + buildah # Tool for building OCI (Open Container Initiative) and Docker container images. + distrobox # Lightweight utility for running Linux distributions in containers. + dive # A tool for exploring a Docker image, allowing inspection of layer contents. + grype # A vulnerability scanner for container images and filesystems. + hadolint # Dockerfile linter to analyze and enforce best practices in containerization. + podman-compose # Podman plugin for managing multi-container applications. + podman-tui # Text-based user interface (TUI) for Podman, facilitating container management. + syft # Open-source tool for scanning and analyzing container images for software composition and vulnerabilities. + ]; + }; } diff --git a/flake.lock b/flake.lock index 7cd1289..cca05c1 100644 --- a/flake.lock +++ b/flake.lock @@ -366,6 +366,22 @@ "type": "github" } }, + "flake-compat_8": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, "flake-parts": { "inputs": { "nixpkgs-lib": [ @@ -496,6 +512,42 @@ "type": "github" } }, + "flake-utils_7": { + "inputs": { + "systems": "systems_8" + }, + "locked": { + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_8": { + "inputs": { + "systems": "systems_9" + }, + "locked": { + "lastModified": 1694529238, + "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "ff7b65b44d01cf9ba6a71320833626af21126384", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "fromYaml": { "flake": false, "locked": { @@ -617,6 +669,28 @@ "type": "github" } }, + "gomod2nix": { + "inputs": { + "flake-utils": "flake-utils_8", + "nixpkgs": [ + "superfile", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1710154385, + "narHash": "sha256-4c3zQ2YY4BZOufaBJB4v9VBBeN2dH7iVdoJw8SDNCfI=", + "owner": "nix-community", + "repo": "gomod2nix", + "rev": "872b63ddd28f318489c929d25f1f0a3c6039c971", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "gomod2nix", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -1131,6 +1205,22 @@ "type": "github" } }, + "nixpkgs_7": { + "locked": { + "lastModified": 1712439257, + "narHash": "sha256-aSpiNepFOMk9932HOax0XwNxbA38GOUVOiXfUVPOrck=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "ff0dbd94265ac470dda06a657d5fe49de93b4599", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "nixvim": { "inputs": { "devshell": "devshell", @@ -1298,7 +1388,8 @@ "nixpkgs-unstable": "nixpkgs-unstable", "pre-commit-hooks": "pre-commit-hooks_4", "sops-nix": "sops-nix", - "stylix": "stylix" + "stylix": "stylix", + "superfile": "superfile" } }, "sops-nix": { @@ -1352,6 +1443,27 @@ "type": "github" } }, + "superfile": { + "inputs": { + "flake-compat": "flake-compat_8", + "flake-utils": "flake-utils_7", + "gomod2nix": "gomod2nix", + "nixpkgs": "nixpkgs_7" + }, + "locked": { + "lastModified": 1713886578, + "narHash": "sha256-oWkL+jvuut/cy44zghbVmbv6Cq+b49E/J7y/LDsS3+A=", + "owner": "MHNightCat", + "repo": "superfile", + "rev": "a2b1a563b0e626099c08939aa330b3c1cb331f2f", + "type": "github" + }, + "original": { + "owner": "MHNightCat", + "repo": "superfile", + "type": "github" + } + }, "systems": { "locked": { "lastModified": 1681028828, @@ -1457,6 +1569,36 @@ "type": "github" } }, + "systems_8": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_9": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "wlroots": { "flake": false, "locked": { diff --git a/flake.nix b/flake.nix index 7c6830f..0f5806f 100644 --- a/flake.nix +++ b/flake.nix @@ -39,6 +39,10 @@ sops-nix.url = "github:Mic92/sops-nix"; + superfile = { + url = "github:MHNightCat/superfile"; + }; + pre-commit-hooks.url = "github:cachix/pre-commit-hooks.nix"; pre-commit-hooks.inputs.nixpkgs.follows = "nixpkgs"; }; diff --git a/hosts/candlekeep/configuration.nix b/hosts/candlekeep/configuration.nix index ff0b73e..41c5461 100644 --- a/hosts/candlekeep/configuration.nix +++ b/hosts/candlekeep/configuration.nix @@ -15,7 +15,7 @@ # outputs.nixosModules.example ../../common/nixos/common.nix ../../common/nixos/laptop.nix - ../../common/networking/zerotier.nix + ../../common/networking/default.nix ../../common/nixos/bluetooth.nix ../../common/nixos/restic.nix ../../common/nixos/ssh.nix @@ -24,9 +24,7 @@ ../../common/gui/hyprland.nix ../../common/gui/thunar.nix ../../common/style/stylix.nix - ../../common/virtualization/podman.nix - ../../common/virtualization/kubernetes.nix - ../../common/virtualization/libvirt.nix + ../../common/virtualization/default.nix ../../common/nixos/sysctl/default.nix ./auditd.nix