James/eve-psr-nix0
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Remove Docker and replace Swarm orchestration with Podman systemd units

Browse Source
This commit is contained in:
James Eversole
2023-06-25 13:27:19 -05:00
parent 1fa1f4e9d3
commit 5ba19a0cea
3 changed files with 128 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

52
flake.nix
View File

@ -9,26 +9,30 @@
outputs = { self, nixpkgs, sops, ... }@attrs:
let
containerDef = import ./containers.nix;
serviceContainers = containerDef.containers;
pkgs = import nixpkgs { inherit system; };
system = "x86_64-linux";
in {
devShell.x86_64-linux = pkgs.mkShell {
buildInputs =
[ (pkgs.nixos { }).nixos-rebuild pkgs.terraform pkgs.sops ];
shellHook =
" alias deploy=\"nixos-rebuild switch --target-host root@matri.cx --build-host root@matri.cx --flake .#eve-psr-nix0\"\n";
shellHook = ''
alias deploy="nixos-rebuild switch --target-host root@matri.cx --build-host root@matri.cx --flake .#eve-psr-nix0"
'';
};
formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixfmt;
nixosConfigurations = {
eve-psr-nix0 = nixpkgs.lib.nixosSystem {
inherit system;
specialArgs = attrs;
modules = [
({ modulesPath, ... }: {
imports = [ sops.nixosModules.sops ./hardware-configuration.nix ];
boot = {
loader.systemd-boot.enable = true;
loader.efi.canTouchEfiVariables = true;
};
nix = {
buildMachines = [ ];
@ -36,6 +40,12 @@
settings.experimental-features = [ "nix-command" "flakes" ];
};
boot = {
loader.systemd-boot.enable = true;
loader.efi.canTouchEfiVariables = true;
};
time.timeZone = "America/Chicago";
networking = {
hostName = "eve-psr-nix0";
firewall = {
@ -44,9 +54,13 @@
};
};
time.timeZone = "America/Chicago";
environment.systemPackages = with pkgs; [ git pciutils vim wget ];
services = {
openssh = {
enable = true;
};
hydra = {
enable = true;
hydraURL = "https://hydra.matri.cx";
@ -61,26 +75,24 @@
useSubstitutes = true;
notificationSender = "hydra@matri.cx";
buildMachinesFiles = [];
buildMachinesFiles = [ ];
};
openssh.enable = true;
};
virtualisation.docker = {
enable = true;
liveRestore = false;
virtualisation = {
oci-containers = {
backend = "podman";
containers = serviceContainers;
};
};
environment.systemPackages = with pkgs; [ git pciutils vim wget ];
programs.zsh.enable = true;
security.sudo.wheelNeedsPassword = false;
users = {
defaultUserShell = pkgs.zsh;
users = {
sezycei = {
isNormalUser = true;
initialPassword = "bootMaster";
extraGroups = [ "wheel" "docker" ];
extraGroups = [ "wheel" ];
packages = with pkgs; [ byobu tmux stack ];
};
torrent = {
@ -91,12 +103,12 @@
};
security.sudo.wheelNeedsPassword = false;
sops = {
age = { sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; };
defaultSopsFile = ./secrets/keys.yaml;
secrets = { hostname = { }; };
secrets = {
hostname = { };
};
};
system.stateVersion = "22.11";