Minor fixes

Podman to user groups
Arion flake input
2024-07-05 18:59:10 +01:00 · 2024-07-05 18:58:46 +01:00 · 2024-07-05 18:58:30 +01:00 · 2024-07-05 18:58:03 +01:00 · 2024-07-05 18:57:17 +01:00 · 2024-07-05 18:56:41 +01:00
8 changed files with 194 additions and 25 deletions
--- a/flake.lock
+++ b/flake.lock
@ -1,5 +1,27 @@
 {
  "nodes": {
+    "arion": {
+      "inputs": {
+        "flake-parts": "flake-parts",
+        "haskell-flake": "haskell-flake",
+        "hercules-ci-effects": "hercules-ci-effects",
+        "nixpkgs": "nixpkgs"
+      },
+      "locked": {
+        "lastModified": 1720147808,
+        "narHash": "sha256-hlWEQGUbIwYb+vnd8egzlW/P++yKu3HjV/rOdOPVank=",
+        "owner": "hercules-ci",
+        "repo": "arion",
+        "rev": "236f9dd82d6ef6a2d9987c7a7df3e75f1bc8b318",
+        "type": "github"
+      },
+      "original": {
+        "owner": "hercules-ci",
+        "repo": "arion",
+        "rev": "236f9dd82d6ef6a2d9987c7a7df3e75f1bc8b318",
+        "type": "github"
+      }
+    },
    "base16-schemes": {
      "flake": false,
      "locked": {
@ -90,6 +112,48 @@
      }
    },
    "flake-parts": {
+      "inputs": {
+        "nixpkgs-lib": [
+          "arion",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1719994518,
+        "narHash": "sha256-pQMhCCHyQGRzdfAkdJ4cIWiw+JNuWsTX7f0ZYSyz0VY=",
+        "owner": "hercules-ci",
+        "repo": "flake-parts",
+        "rev": "9227223f6d922fee3c7b190b2cc238a99527bbb7",
+        "type": "github"
+      },
+      "original": {
+        "owner": "hercules-ci",
+        "repo": "flake-parts",
+        "type": "github"
+      }
+    },
+    "flake-parts_2": {
+      "inputs": {
+        "nixpkgs-lib": [
+          "arion",
+          "hercules-ci-effects",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1712014858,
+        "narHash": "sha256-sB4SWl2lX95bExY2gMFG5HIzvva5AVMJd4Igm+GpZNw=",
+        "owner": "hercules-ci",
+        "repo": "flake-parts",
+        "rev": "9126214d0a59633752a136528f5f3b9aa8565b7d",
+        "type": "github"
+      },
+      "original": {
+        "id": "flake-parts",
+        "type": "indirect"
+      }
+    },
+    "flake-parts_3": {
      "inputs": {
        "nixpkgs-lib": [
          "nixvim",
@ -177,6 +241,44 @@
        "type": "github"
      }
    },
+    "haskell-flake": {
+      "locked": {
+        "lastModified": 1675296942,
+        "narHash": "sha256-u1X1sblozi5qYEcLp1hxcyo8FfDHnRUVX3dJ/tW19jY=",
+        "owner": "srid",
+        "repo": "haskell-flake",
+        "rev": "c2cafce9d57bfca41794dc3b99c593155006c71e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "srid",
+        "ref": "0.1.0",
+        "repo": "haskell-flake",
+        "type": "github"
+      }
+    },
+    "hercules-ci-effects": {
+      "inputs": {
+        "flake-parts": "flake-parts_2",
+        "nixpkgs": [
+          "arion",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1719226092,
+        "narHash": "sha256-YNkUMcCUCpnULp40g+svYsaH1RbSEj6s4WdZY/SHe38=",
+        "owner": "hercules-ci",
+        "repo": "hercules-ci-effects",
+        "rev": "11e4b8dc112e2f485d7c97e1cee77f9958f498f5",
+        "type": "github"
+      },
+      "original": {
+        "owner": "hercules-ci",
+        "repo": "hercules-ci-effects",
+        "type": "github"
+      }
+    },
    "home-manager": {
      "inputs": {
        "nixpkgs": [
@ -278,11 +380,11 @@
    "nix-secrets": {
      "flake": false,
      "locked": {
-        "lastModified": 1719601133,
-        "narHash": "sha256-2+e92LyX1fFj3mIZft+K8OzR9NT/1xtheO8hO/3DyRc=",
+        "lastModified": 1719686367,
+        "narHash": "sha256-zQ/Mgrg3GjE4QkweXPLAtbO8SnfzTXZrqmm8oZwXBV4=",
        "ref": "refs/heads/master",
-        "rev": "278ccbbd646e86cab5fd38d43d9134270d8123d0",
-        "revCount": 141,
+        "rev": "eb8d568c7e30a8c45148fa5c235ebd49bc8effee",
+        "revCount": 148,
        "type": "git",
        "url": "ssh://git@git.bitlab21.com/sam/nix-secrets.git"
      },
@ -293,16 +395,16 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1719426051,
-        "narHash": "sha256-yJL9VYQhaRM7xs0M867ZFxwaONB9T2Q4LnGo1WovuR4=",
-        "owner": "nixos",
+        "lastModified": 1720031269,
+        "narHash": "sha256-rwz8NJZV+387rnWpTYcXaRNvzUSnnF9aHONoJIYmiUQ=",
+        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "89c49874fb15f4124bf71ca5f42a04f2ee5825fd",
+        "rev": "9f4128e00b0ae8ec65918efeba59db998750ead6",
        "type": "github"
      },
      "original": {
-        "owner": "nixos",
-        "ref": "nixos-24.05",
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
        "repo": "nixpkgs",
        "type": "github"
      }
@ -354,11 +456,27 @@
        "type": "github"
      }
    },
+    "nixpkgs_2": {
+      "locked": {
+        "lastModified": 1719426051,
+        "narHash": "sha256-yJL9VYQhaRM7xs0M867ZFxwaONB9T2Q4LnGo1WovuR4=",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "89c49874fb15f4124bf71ca5f42a04f2ee5825fd",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "ref": "nixos-24.05",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
    "nixvim": {
      "inputs": {
        "devshell": "devshell",
        "flake-compat": "flake-compat",
-        "flake-parts": "flake-parts",
+        "flake-parts": "flake-parts_3",
        "git-hooks": "git-hooks",
        "home-manager": "home-manager_2",
        "nix-darwin": "nix-darwin",
@ -399,12 +517,13 @@
    },
    "root": {
      "inputs": {
+        "arion": "arion",
        "disko": "disko",
        "home-manager": "home-manager",
        "impermanence": "impermanence",
        "nix-colors": "nix-colors",
        "nix-secrets": "nix-secrets",
-        "nixpkgs": "nixpkgs",
+        "nixpkgs": "nixpkgs_2",
        "nixpkgs-unstable": "nixpkgs-unstable",
        "nixvim": "nixvim",
        "nur": "nur",
--- a/flake.nix
+++ b/flake.nix
@ -21,6 +21,11 @@
      inputs.nixpkgs.follows = "nixpkgs";
    };

+    # Arion for docker
+    arion = {
+      url = "github:hercules-ci/arion/236f9dd82d6ef6a2d9987c7a7df3e75f1bc8b318";
+    };
+
    # Nix colors
    nix-colors.url = "github:misterio77/nix-colors";

--- a/hosts/common/core/sops.nix
+++ b/hosts/common/core/sops.nix
@ -21,9 +21,6 @@ in
    };
    secrets = {
      "passwords/root".neededForUsers = true;
-      "ssh_keys/deploy_key/id_ed25519" = {
-        path = "/etc/ssh/deploy_key-ssh-ed25519";
-      };
    };
  };
 }
--- a/hosts/common/disks/zfs/zspeed.nix
+++ b/hosts/common/disks/zfs/zspeed.nix
@ -53,14 +53,11 @@
          postgres = {
            type = "zfs_volume";
            size = "10G -s";
-            options = {
-              "com.sun:auto-snapshot:daily" = "true";
-              "volblocksize" = "8k";
+            content = {
+              type = "filesystem";
+              format = "btrfs";
+              mountpoint = "/postgres";
            };
-          };
-          lxc = {
-            type = "zfs_volume";
-            size = "10G -s";
            options = {
              "com.sun:auto-snapshot:daily" = "true";
              "volblocksize" = "8k";
--- a/hosts/common/optional/docker/default.nix
+++ b/hosts/common/optional/docker/default.nix
@ -0,0 +1,20 @@
+{ inputs, ... }: {
+
+  imports = [ inputs.arion.nixosModules.arion ];
+  # Arion works with Docker, but for NixOS-based containers, you need Podman
+  # since NixOS 21.05.
+  virtualisation = {
+    podman = {
+      enable = true;
+      defaultNetwork.settings.dns_enabled = true;
+    };
+    docker = {
+      storageDriver = "btrfs";
+      rootless = {
+        enable = true;
+        setSocketVariable = true;
+      };
+    };
+  };
+
+}
--- a/hosts/common/optional/docker/postgres.nix
+++ b/hosts/common/optional/docker/postgres.nix
@ -0,0 +1,29 @@
+{ pkgs, ... }:
+{
+  virtualisation.arion = {
+    backend = "docker";
+    projects = {
+      "db".settings.services."db".service = {
+        image = "postgres:16";
+        restart = "unless-stopped";
+        environment = {
+          POSTGRES_PASSWORD = "balls1234";
+          POSTGRES_USER = "admin";
+          POSTGRES_DATABASE = "test_db";
+        };
+        ports = [ "5432:5432" ];
+        volumes = [
+          "/mnt/postgres/data:/var/lib/postgres/data"
+          "${pkgs.writeScript "load_extensions" ''
+            psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" <<EOF
+            create extension postgis;
+            select * FROM pg_extension;
+            EOF
+           ''}:/docker-entrypoint-initdb.d/"
+        ];
+      };
+    };
+  };
+
+}
+
--- a/hosts/common/users/admin/default.nix
+++ b/hosts/common/users/admin/default.nix
@ -22,6 +22,7 @@ in
      "docker"
      "lxc"
      "git"
+      "podman"
    ];

    packages = with pkgs; [
--- a/hosts/nebula/default.nix
+++ b/hosts/nebula/default.nix
@ -2,9 +2,9 @@
 let
  # Disko setup
  fsType = "btrfs"; # one of ext4 or btrfs. Use btrfs if using impermanence
-  dev = "/dev/disk/by-id/ata-QEMU_HARDDISK_QM00005"; # depends on target hardware
+  dev = "/dev/disk/by-id/ata-QEMU_HARDDISK_QM00005";
  encrypted = false; # currrently only applies to btrfs
-  impermanence = false; # currrently only applies to btrfs
+  impermanence = false;
  user = "admin";
 in
 {
@ -23,7 +23,8 @@ in

      # Import optional options
      ../common/optional/openssh.nix
-      ../common/optional/lxd
+      ../common/optional/docker
+      ../common/optional/docker/postgres.nix

    ];
Author	SHA1	Message	Date
Sam	f71ece31f1	Minor fixes	2024-07-05 18:59:10 +01:00
Sam	a71ee506d3	Podman to user groups	2024-07-05 18:58:46 +01:00
Sam	7f9c3535ef	Arion flake input	2024-07-05 18:58:30 +01:00
Sam	9ace130029	Docker and postgres config	2024-07-05 18:58:03 +01:00
Sam	92d09646fa	Add postgres btrfs zvol	2024-07-05 18:57:17 +01:00
Sam	33981eea6d	Remove deploy_key from sops	2024-07-05 18:56:41 +01:00
Sam	bd719c72fa	Update flake secrets	2024-07-05 18:56:18 +01:00