gwg313/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

stuff

Browse source
This commit is contained in:
gwg313 2024-04-24 23:44:30 -04:00
parent c59da0e4ba
commit 0a45d838ff
Signed by: gwg313
GPG key ID: 60FF63B4826B7400
10 changed files with 246 additions and 52 deletions
Download patch file Download diff file Expand all files Collapse all files

9
common/networking/default.nix Normal file
View file

@ -0,0 +1,9 @@
{
config,
lib,
...
}: {
imports = [./zerotier.nix];
zerotier.enable = lib.mkDefault true;
}

25
common/networking/zerotier.nix
View file

@ -6,16 +6,21 @@
outputs, outputs,
... ...
}: { }: {
services.zerotierone = { options = {
joinNetworks = [ zerotier.enable = lib.mkEnableOption "Enables zerotier and joins my network";
"ebe7fbd445359e9d"
];
enable = true;
}; };
config = lib.mkIf config.zerotier.enable {
services.zerotierone = {
joinNetworks = [
"ebe7fbd445359e9d"
];
enable = true;
};
networking.extraHosts = '' networking.extraHosts = ''
192.168.194.241 nothing.zt 192.168.194.241 nothing.zt
192.168.191.213 candlekeep.zt 192.168.191.213 candlekeep.zt
192.168.191.168 grymforge.zt 192.168.191.168 grymforge.zt
''; '';
};
} }

1
common/nixos/packages.nix
View file

@ -27,6 +27,7 @@
nh nh
nix-output-monitor nix-output-monitor
nvd nvd
inputs.superfile.packages.${system}.default
]; ];
environment.sessionVariables = { environment.sessionVariables = {
FLAKE = "/home/${user}/repos/nixos-config"; FLAKE = "/home/${user}/repos/nixos-config";

13
common/virtualization/default.nix Normal file
View file

@ -0,0 +1,13 @@
{
config,
pkgs,
user,
lib,
...
}: {
imports = [./libvirt.nix ./podman.nix ./kubernetes.nix];
libvirt.enable = lib.mkDefault true;
podman.enable = lib.mkDefault true;
kubernetes.enable = lib.mkDefault true;
}

29
common/virtualization/kubernetes.nix
View file

@ -1,18 +1,23 @@
{ {
config, config,
pkgs, pkgs,
user, lib,
... ...
}: { }: {
environment.systemPackages = with pkgs; [ options = {
argocd # Declarative, GitOps continuous delivery tool for Kubernetes. kubernetes.enable = lib.mkEnableOption "Enables Kubernetes and tooling";
k3d # Lightweight utility to run Kubernetes clusters using Docker. };
k9s # Kubernetes CLI to visually navigate and manage resources in clusters. config = lib.mkIf config.kubernetes.enable {
kind # Kubernetes IN Docker: Tool for running local Kubernetes clusters using Docker container nodes. environment.systemPackages = with pkgs; [
kubectl # Kubernetes command-line tool for interacting with clusters. argocd # Declarative, GitOps continuous delivery tool for Kubernetes.
kubectx # Switch between Kubernetes contexts and namespaces with ease. k3d # Lightweight utility to run Kubernetes clusters using Docker.
kubernetes-helm # Package manager for Kubernetes applications, simplifying deployment and management. k9s # Kubernetes CLI to visually navigate and manage resources in clusters.
minikube # Local Kubernetes cluster for easy testing and development. kind # Kubernetes IN Docker: Tool for running local Kubernetes clusters using Docker container nodes.
stern # Multi-container log tailing and streaming for Kubernetes. kubectl # Kubernetes command-line tool for interacting with clusters.
]; kubectx # Switch between Kubernetes contexts and namespaces with ease.
kubernetes-helm # Package manager for Kubernetes applications, simplifying deployment and management.
minikube # Local Kubernetes cluster for easy testing and development.
stern # Multi-container log tailing and streaming for Kubernetes.
];
};
} }

14
common/virtualization/libvirt.nix
View file

@ -2,10 +2,16 @@
config, config,
pkgs, pkgs,
user, user,
lib,
... ...
}: { }: {
boot.kernelModules = ["kvm-amd"]; options = {
environment.systemPackages = with pkgs; [virt-manager]; libvirt.enable = lib.mkEnableOption "Enables Libvirt";
virtualisation.libvirtd.enable = true; };
users.extraGroups.libvirtd.members = ["${user}"]; config = lib.mkIf config.libvirt.enable {
boot.kernelModules = ["kvm-amd"];
environment.systemPackages = with pkgs; [virt-manager];
virtualisation.libvirtd.enable = true;
users.extraGroups.libvirtd.members = ["${user}"];
};
} }

53
common/virtualization/podman.nix
View file

@ -1,24 +1,35 @@
{pkgs, ...}: { {
virtualisation = { pkgs,
podman = { lib,
enable = true; config,
...
# Create a `docker` alias for podman, to use it as a drop-in replacement }: {
dockerCompat = true; options = {
podman.enable = lib.mkEnableOption "Enables podman and installs container tools";
# Required for containers under podman-compose to be able to talk to each other.
defaultNetwork.settings.dns_enabled = true;
};
}; };
environment.systemPackages = with pkgs; [ config = lib.mkIf config.podman.enable {
buildah # Tool for building OCI (Open Container Initiative) and Docker container images. virtualisation = {
distrobox # Lightweight utility for running Linux distributions in containers. podman = {
dive # A tool for exploring a Docker image, allowing inspection of layer contents. enable = true;
#grype # A vulnerability scanner for container images and filesystems.
hadolint # Dockerfile linter to analyze and enforce best practices in containerization. # Create a `docker` alias for podman, to use it as a drop-in replacement
podman-compose # Podman plugin for managing multi-container applications. dockerCompat = true;
podman-tui # Text-based user interface (TUI) for Podman, facilitating container management.
syft # Open-source tool for scanning and analyzing container images for software composition and vulnerabilities. # Required for containers under podman-compose to be able to talk to each other.
]; defaultNetwork.settings.dns_enabled = true;
};
};
environment.systemPackages = with pkgs; [
buildah # Tool for building OCI (Open Container Initiative) and Docker container images.
distrobox # Lightweight utility for running Linux distributions in containers.
dive # A tool for exploring a Docker image, allowing inspection of layer contents.
grype # A vulnerability scanner for container images and filesystems.
hadolint # Dockerfile linter to analyze and enforce best practices in containerization.
podman-compose # Podman plugin for managing multi-container applications.
podman-tui # Text-based user interface (TUI) for Podman, facilitating container management.
syft # Open-source tool for scanning and analyzing container images for software composition and vulnerabilities.
];
};
} }

144
flake.lock generated
View file

@ -366,6 +366,22 @@
"type": "github" "type": "github"
} }
}, },
"flake-compat_8": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-parts": { "flake-parts": {
"inputs": { "inputs": {
"nixpkgs-lib": [ "nixpkgs-lib": [
@ -496,6 +512,42 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils_7": {
"inputs": {
"systems": "systems_8"
},
"locked": {
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_8": {
"inputs": {
"systems": "systems_9"
},
"locked": {
"lastModified": 1694529238,
"narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"fromYaml": { "fromYaml": {
"flake": false, "flake": false,
"locked": { "locked": {
@ -617,6 +669,28 @@
"type": "github" "type": "github"
} }
}, },
"gomod2nix": {
"inputs": {
"flake-utils": "flake-utils_8",
"nixpkgs": [
"superfile",
"nixpkgs"
]
},
"locked": {
"lastModified": 1710154385,
"narHash": "sha256-4c3zQ2YY4BZOufaBJB4v9VBBeN2dH7iVdoJw8SDNCfI=",
"owner": "nix-community",
"repo": "gomod2nix",
"rev": "872b63ddd28f318489c929d25f1f0a3c6039c971",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "gomod2nix",
"type": "github"
}
},
"home-manager": { "home-manager": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -1131,6 +1205,22 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_7": {
"locked": {
"lastModified": 1712439257,
"narHash": "sha256-aSpiNepFOMk9932HOax0XwNxbA38GOUVOiXfUVPOrck=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "ff0dbd94265ac470dda06a657d5fe49de93b4599",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixvim": { "nixvim": {
"inputs": { "inputs": {
"devshell": "devshell", "devshell": "devshell",
@ -1298,7 +1388,8 @@
"nixpkgs-unstable": "nixpkgs-unstable", "nixpkgs-unstable": "nixpkgs-unstable",
"pre-commit-hooks": "pre-commit-hooks_4", "pre-commit-hooks": "pre-commit-hooks_4",
"sops-nix": "sops-nix", "sops-nix": "sops-nix",
"stylix": "stylix" "stylix": "stylix",
"superfile": "superfile"
} }
}, },
"sops-nix": { "sops-nix": {
@ -1352,6 +1443,27 @@
"type": "github" "type": "github"
} }
}, },
"superfile": {
"inputs": {
"flake-compat": "flake-compat_8",
"flake-utils": "flake-utils_7",
"gomod2nix": "gomod2nix",
"nixpkgs": "nixpkgs_7"
},
"locked": {
"lastModified": 1713886578,
"narHash": "sha256-oWkL+jvuut/cy44zghbVmbv6Cq+b49E/J7y/LDsS3+A=",
"owner": "MHNightCat",
"repo": "superfile",
"rev": "a2b1a563b0e626099c08939aa330b3c1cb331f2f",
"type": "github"
},
"original": {
"owner": "MHNightCat",
"repo": "superfile",
"type": "github"
}
},
"systems": { "systems": {
"locked": { "locked": {
"lastModified": 1681028828, "lastModified": 1681028828,
@ -1457,6 +1569,36 @@
"type": "github" "type": "github"
} }
}, },
"systems_8": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_9": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"wlroots": { "wlroots": {
"flake": false, "flake": false,
"locked": { "locked": {

4
flake.nix
View file

@ -39,6 +39,10 @@
sops-nix.url = "github:Mic92/sops-nix"; sops-nix.url = "github:Mic92/sops-nix";
superfile = {
url = "github:MHNightCat/superfile";
};
pre-commit-hooks.url = "github:cachix/pre-commit-hooks.nix"; pre-commit-hooks.url = "github:cachix/pre-commit-hooks.nix";
pre-commit-hooks.inputs.nixpkgs.follows = "nixpkgs"; pre-commit-hooks.inputs.nixpkgs.follows = "nixpkgs";
}; };

6
hosts/candlekeep/configuration.nix
View file

@ -15,7 +15,7 @@
# outputs.nixosModules.example # outputs.nixosModules.example
../../common/nixos/common.nix ../../common/nixos/common.nix
../../common/nixos/laptop.nix ../../common/nixos/laptop.nix
../../common/networking/zerotier.nix ../../common/networking/default.nix
../../common/nixos/bluetooth.nix ../../common/nixos/bluetooth.nix
../../common/nixos/restic.nix ../../common/nixos/restic.nix
../../common/nixos/ssh.nix ../../common/nixos/ssh.nix
@ -24,9 +24,7 @@
../../common/gui/hyprland.nix ../../common/gui/hyprland.nix
../../common/gui/thunar.nix ../../common/gui/thunar.nix
../../common/style/stylix.nix ../../common/style/stylix.nix
../../common/virtualization/podman.nix ../../common/virtualization/default.nix
../../common/virtualization/kubernetes.nix
../../common/virtualization/libvirt.nix
../../common/nixos/sysctl/default.nix ../../common/nixos/sysctl/default.nix
./auditd.nix ./auditd.nix