Minor fixes

Podman to user groups
Arion flake input
2024-07-05 18:59:10 +01:00 · 2024-07-05 18:58:46 +01:00 · 2024-07-05 18:58:30 +01:00 · 2024-07-05 18:58:03 +01:00 · 2024-07-05 18:57:17 +01:00 · 2024-07-05 18:56:41 +01:00
8 changed files with 194 additions and 25 deletions
--- a/flake.lock
+++ b/flake.lock
@ -1,5 +1,27 @@
 {
  "nodes": {
    "arion": {
      "inputs": {
        "flake-parts": "flake-parts",
        "haskell-flake": "haskell-flake",
        "hercules-ci-effects": "hercules-ci-effects",
        "nixpkgs": "nixpkgs"
      },
      "locked": {
        "lastModified": 1720147808,
        "narHash": "sha256-hlWEQGUbIwYb+vnd8egzlW/P++yKu3HjV/rOdOPVank=",
        "owner": "hercules-ci",
        "repo": "arion",
        "rev": "236f9dd82d6ef6a2d9987c7a7df3e75f1bc8b318",
        "type": "github"
      },
      "original": {
        "owner": "hercules-ci",
        "repo": "arion",
        "rev": "236f9dd82d6ef6a2d9987c7a7df3e75f1bc8b318",
        "type": "github"
      }
    },
    "base16-schemes": {
      "flake": false,
      "locked": {
@ -90,6 +112,48 @@
      }
    },
    "flake-parts": {
      "inputs": {
        "nixpkgs-lib": [
          "arion",
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1719994518,
        "narHash": "sha256-pQMhCCHyQGRzdfAkdJ4cIWiw+JNuWsTX7f0ZYSyz0VY=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
        "rev": "9227223f6d922fee3c7b190b2cc238a99527bbb7",
        "type": "github"
      },
      "original": {
        "owner": "hercules-ci",
        "repo": "flake-parts",
        "type": "github"
      }
    },
    "flake-parts_2": {
      "inputs": {
        "nixpkgs-lib": [
          "arion",
          "hercules-ci-effects",
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1712014858,
        "narHash": "sha256-sB4SWl2lX95bExY2gMFG5HIzvva5AVMJd4Igm+GpZNw=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
        "rev": "9126214d0a59633752a136528f5f3b9aa8565b7d",
        "type": "github"
      },
      "original": {
        "id": "flake-parts",
        "type": "indirect"
      }
    },
    "flake-parts_3": {
      "inputs": {
        "nixpkgs-lib": [
          "nixvim",
@ -177,6 +241,44 @@
        "type": "github"
      }
    },
    "haskell-flake": {
      "locked": {
        "lastModified": 1675296942,
        "narHash": "sha256-u1X1sblozi5qYEcLp1hxcyo8FfDHnRUVX3dJ/tW19jY=",
        "owner": "srid",
        "repo": "haskell-flake",
        "rev": "c2cafce9d57bfca41794dc3b99c593155006c71e",
        "type": "github"
      },
      "original": {
        "owner": "srid",
        "ref": "0.1.0",
        "repo": "haskell-flake",
        "type": "github"
      }
    },
    "hercules-ci-effects": {
      "inputs": {
        "flake-parts": "flake-parts_2",
        "nixpkgs": [
          "arion",
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1719226092,
        "narHash": "sha256-YNkUMcCUCpnULp40g+svYsaH1RbSEj6s4WdZY/SHe38=",
        "owner": "hercules-ci",
        "repo": "hercules-ci-effects",
        "rev": "11e4b8dc112e2f485d7c97e1cee77f9958f498f5",
        "type": "github"
      },
      "original": {
        "owner": "hercules-ci",
        "repo": "hercules-ci-effects",
        "type": "github"
      }
    },
    "home-manager": {
      "inputs": {
        "nixpkgs": [
@ -278,11 +380,11 @@
    "nix-secrets": {
      "flake": false,
      "locked": {
-        "lastModified": 1719601133,
+        "lastModified": 1719686367,
-        "narHash": "sha256-2+e92LyX1fFj3mIZft+K8OzR9NT/1xtheO8hO/3DyRc=",
+        "narHash": "sha256-zQ/Mgrg3GjE4QkweXPLAtbO8SnfzTXZrqmm8oZwXBV4=",
        "ref": "refs/heads/master",
-        "rev": "278ccbbd646e86cab5fd38d43d9134270d8123d0",
+        "rev": "eb8d568c7e30a8c45148fa5c235ebd49bc8effee",
-        "revCount": 141,
+        "revCount": 148,
        "type": "git",
        "url": "ssh://git@git.bitlab21.com/sam/nix-secrets.git"
      },
@ -293,16 +395,16 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1719426051,
+        "lastModified": 1720031269,
-        "narHash": "sha256-yJL9VYQhaRM7xs0M867ZFxwaONB9T2Q4LnGo1WovuR4=",
+        "narHash": "sha256-rwz8NJZV+387rnWpTYcXaRNvzUSnnF9aHONoJIYmiUQ=",
-        "owner": "nixos",
+        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "89c49874fb15f4124bf71ca5f42a04f2ee5825fd",
+        "rev": "9f4128e00b0ae8ec65918efeba59db998750ead6",
        "type": "github"
      },
      "original": {
-        "owner": "nixos",
+        "owner": "NixOS",
-        "ref": "nixos-24.05",
+        "ref": "nixos-unstable",
        "repo": "nixpkgs",
        "type": "github"
      }
@ -354,11 +456,27 @@
        "type": "github"
      }
    },
    "nixpkgs_2": {
      "locked": {
        "lastModified": 1719426051,
        "narHash": "sha256-yJL9VYQhaRM7xs0M867ZFxwaONB9T2Q4LnGo1WovuR4=",
        "owner": "nixos",
        "repo": "nixpkgs",
        "rev": "89c49874fb15f4124bf71ca5f42a04f2ee5825fd",
        "type": "github"
      },
      "original": {
        "owner": "nixos",
        "ref": "nixos-24.05",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nixvim": {
      "inputs": {
        "devshell": "devshell",
        "flake-compat": "flake-compat",
-        "flake-parts": "flake-parts",
+        "flake-parts": "flake-parts_3",
        "git-hooks": "git-hooks",
        "home-manager": "home-manager_2",
        "nix-darwin": "nix-darwin",
@ -399,12 +517,13 @@
    },
    "root": {
      "inputs": {
        "arion": "arion",
        "disko": "disko",
        "home-manager": "home-manager",
        "impermanence": "impermanence",
        "nix-colors": "nix-colors",
        "nix-secrets": "nix-secrets",
-        "nixpkgs": "nixpkgs",
+        "nixpkgs": "nixpkgs_2",
        "nixpkgs-unstable": "nixpkgs-unstable",
        "nixvim": "nixvim",
        "nur": "nur",
--- a/flake.nix
+++ b/flake.nix
@ -21,6 +21,11 @@
      inputs.nixpkgs.follows = "nixpkgs";
    };
    # Arion for docker
    arion = {
      url = "github:hercules-ci/arion/236f9dd82d6ef6a2d9987c7a7df3e75f1bc8b318";
    };
    # Nix colors
    nix-colors.url = "github:misterio77/nix-colors";
--- a/hosts/common/core/sops.nix
+++ b/hosts/common/core/sops.nix
@ -21,9 +21,6 @@ in
    };
    secrets = {
      "passwords/root".neededForUsers = true;
      "ssh_keys/deploy_key/id_ed25519" = {
        path = "/etc/ssh/deploy_key-ssh-ed25519";
      };
    };
  };
 }
--- a/hosts/common/disks/zfs/zspeed.nix
+++ b/hosts/common/disks/zfs/zspeed.nix
@ -53,14 +53,11 @@
          postgres = {
            type = "zfs_volume";
            size = "10G -s";
-            options = {
+            content = {
-              "com.sun:auto-snapshot:daily" = "true";
+              type = "filesystem";
-              "volblocksize" = "8k";
+              format = "btrfs";
              mountpoint = "/postgres";
            };
          };
          lxc = {
            type = "zfs_volume";
            size = "10G -s";
            options = {
              "com.sun:auto-snapshot:daily" = "true";
              "volblocksize" = "8k";
--- a/hosts/common/optional/docker/default.nix
+++ b/hosts/common/optional/docker/default.nix
@ -0,0 +1,20 @@
 { inputs, ... }: {
  imports = [ inputs.arion.nixosModules.arion ];
  # Arion works with Docker, but for NixOS-based containers, you need Podman
  # since NixOS 21.05.
  virtualisation = {
    podman = {
      enable = true;
      defaultNetwork.settings.dns_enabled = true;
    };
    docker = {
      storageDriver = "btrfs";
      rootless = {
        enable = true;
        setSocketVariable = true;
      };
    };
  };
 }
--- a/hosts/common/optional/docker/postgres.nix
+++ b/hosts/common/optional/docker/postgres.nix
@ -0,0 +1,29 @@
 { pkgs, ... }:
 {
  virtualisation.arion = {
    backend = "docker";
    projects = {
      "db".settings.services."db".service = {
        image = "postgres:16";
        restart = "unless-stopped";
        environment = {
          POSTGRES_PASSWORD = "balls1234";
          POSTGRES_USER = "admin";
          POSTGRES_DATABASE = "test_db";
        };
        ports = [ "5432:5432" ];
        volumes = [
          "/mnt/postgres/data:/var/lib/postgres/data"
          "${pkgs.writeScript "load_extensions" ''
            psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" <<EOF
            create extension postgis;
            select * FROM pg_extension;
            EOF
           ''}:/docker-entrypoint-initdb.d/"
        ];
      };
    };
  };
 }
--- a/hosts/common/users/admin/default.nix
+++ b/hosts/common/users/admin/default.nix
@ -22,6 +22,7 @@ in
      "docker"
      "lxc"
      "git"
      "podman"
    ];
    packages = with pkgs; [
--- a/hosts/nebula/default.nix
+++ b/hosts/nebula/default.nix
@ -2,9 +2,9 @@
 let
  # Disko setup
  fsType = "btrfs"; # one of ext4 or btrfs. Use btrfs if using impermanence
-  dev = "/dev/disk/by-id/ata-QEMU_HARDDISK_QM00005"; # depends on target hardware
+  dev = "/dev/disk/by-id/ata-QEMU_HARDDISK_QM00005";
  encrypted = false; # currrently only applies to btrfs
-  impermanence = false; # currrently only applies to btrfs
+  impermanence = false;
  user = "admin";
 in
 {
@ -23,7 +23,8 @@ in
      # Import optional options
      ../common/optional/openssh.nix
-      ../common/optional/lxd
+      ../common/optional/docker
      ../common/optional/docker/postgres.nix
    ];
Author	SHA1	Message	Date
Sam	f71ece31f1	Minor fixes	2024-07-05 18:59:10 +01:00
Sam	a71ee506d3	Podman to user groups	2024-07-05 18:58:46 +01:00
Sam	7f9c3535ef	Arion flake input	2024-07-05 18:58:30 +01:00
Sam	9ace130029	Docker and postgres config	2024-07-05 18:58:03 +01:00
Sam	92d09646fa	Add postgres btrfs zvol	2024-07-05 18:57:17 +01:00
Sam	33981eea6d	Remove deploy_key from sops	2024-07-05 18:56:41 +01:00
Sam	bd719c72fa	Update flake secrets	2024-07-05 18:56:18 +01:00