diff --git a/common/programs/default.nix b/common/programs/default.nix index 83e7271..9dcd9d3 100644 --- a/common/programs/default.nix +++ b/common/programs/default.nix @@ -1,8 +1,4 @@ -{ config, lib, ... }: -let - ccfg = import ../config.nix; - cfg = config.${ccfg.custom_config_key}.programs; -in +{ ... }: { imports = [ ./qFlipper.nix @@ -11,31 +7,6 @@ in ./tailnet.nix ./ssh.nix ./docker.nix - ./podman.nix ./incus.nix ]; - config = { - assertions = [ - ( - let - enabledVirtualizers = lib.filter (x: x.enabled) [ - { - name = "docker"; - enabled = cfg.docker.enable; - } - { - name = "podman"; - enabled = cfg.podman.enable; - } - ]; - in - { - assertion = lib.length enabledVirtualizers <= 1; - message = - "Only one virtualizer can be enabled at a time. Enabled: " - + lib.concatStringsSep ", " (map (x: x.name) enabledVirtualizers); - } - ) - ]; - }; } diff --git a/common/programs/podman.nix b/common/programs/podman.nix deleted file mode 100644 index 8be88f9..0000000 --- a/common/programs/podman.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ - config, - lib, - ... -}: -let - ccfg = import ../config.nix; - cfg_path = [ - ccfg.custom_config_key - "programs" - "podman" - ]; - cfg = lib.attrsets.getAttrFromPath cfg_path config; - users_cfg = config.${ccfg.custom_config_key}.users; -in -{ - options = - { } - // lib.attrsets.setAttrByPath cfg_path { - enable = lib.mkEnableOption "podman"; - }; - - config = lib.mkIf cfg.enable { - virtualisation.podman = { - enable = true; - dockerSocket.enable = true; - autoPrune.enable = true; - }; - # TODO add admins? - users.extraGroups.podman.members = lib.mkIf (users_cfg.primary != null) [ users_cfg.primary ]; - }; -} diff --git a/hosts/h001/containers/default.nix b/hosts/h001/containers/default.nix deleted file mode 100644 index a8952cd..0000000 --- a/hosts/h001/containers/default.nix +++ /dev/null @@ -1,96 +0,0 @@ -{ common }: -{ - ... -}: -{ - imports = [ - # common.nixosModules.containers.librechat - # common.nixosModules.containers.forgejo - ]; - - config = { - ## Give internet access - networking = { - nat = { - enable = true; - internalInterfaces = [ "ve-*" ]; - externalInterface = "enp0s31f6"; - enableIPv6 = true; - }; - firewall.trustedInterfaces = [ "ve-*" ]; - }; - - containers.wasabi = { - ephemeral = true; - autoStart = true; - privateNetwork = true; - hostAddress = "10.0.0.1"; - localAddress = "10.0.0.111"; - config = - { config, pkgs, ... }: - { - system.stateVersion = "24.11"; - services.httpd.enable = true; - services.httpd.adminAddr = "foo@example.org"; - networking.firewall = { - enable = true; - allowedTCPPorts = [ 80 ]; - }; - }; - }; - - virtualisation.oci-containers.containers = { - ntest = { - image = "nginx:alpine"; - ports = [ - "127.0.0.1:8085:80" - ]; - }; - }; - - virtualisation.oci-containers.backend = "podman"; - - services.nginx = { - enable = true; - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - virtualHosts = { - "localhost" = { - locations."/" = { - proxyPass = "http://10.0.0.111"; - }; - }; - - # "git.joshuabell.xyz" = { - # # GIT passthrough - # locations."/" = { - # proxyPass = "http://10.0.0.2:3000"; - # }; - # }; - - "_" = { - default = true; - locations."/" = { - return = "404"; # or 444 for drop - }; - }; - }; - - # STREAMS - streamConfig = '' - server { - listen 3032; - proxy_pass 10.0.0.2:3032; - } - ''; - - }; - - networking.firewall.allowedTCPPorts = [ - 80 - 443 - ]; - }; -} diff --git a/hosts/h001/flake.nix b/hosts/h001/flake.nix index e9643ae..ef45406 100644 --- a/hosts/h001/flake.nix +++ b/hosts/h001/flake.nix @@ -30,7 +30,6 @@ ros_neovim.nixosModules.default ./configuration.nix ./hardware-configuration.nix - (import ./containers { inherit common; }) ( { config, pkgs, ... }: { @@ -45,7 +44,7 @@ programs = { tailnet.enable = true; ssh.enable = true; - podman.enable = true; + docker.enable = true; }; users = { admins = [ "luser" ]; # First admin is also the primary user owning nix config diff --git a/hosts/h002/flake.lock b/hosts/h002/flake.lock index ea91b0e..ac5caf1 100644 --- a/hosts/h002/flake.lock +++ b/hosts/h002/flake.lock @@ -32,17 +32,17 @@ "ragenix": "ragenix" }, "locked": { - "lastModified": 1745957989, - "narHash": "sha256-mLYJXPri4DVRa6exEPtzlkje5FZVSYAteObHOxcAvfA=", + "lastModified": 1742406739, + "narHash": "sha256-1Tdt3a0Le9cDD0voBeDcSuHtRbVTX/vAhbDrMIOE/+o=", "ref": "refs/heads/master", - "rev": "6277d06b4dcaa6665e92aaf5f20eee49a8362556", - "revCount": 426, + "rev": "2b026ed0c883c942a84d20a9c0491905e61ddbf3", + "revCount": 373, "type": "git", - "url": "https://git.joshuabell.xyz/ringofstorms/dotfiles" + "url": "https://git.joshuabell.xyz/dotfiles" }, "original": { "type": "git", - "url": "https://git.joshuabell.xyz/ringofstorms/dotfiles" + "url": "https://git.joshuabell.xyz/dotfiles" } }, "crane": { @@ -210,15 +210,16 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1745961410, - "narHash": "sha256-RU4c9JVZp/CdWyPUUZGsZvTWvjrFtXLUnlMs38IeHD0=", + "lastModified": 1735697839, + "narHash": "sha256-0Acw0UaLi+VNThsmeX8zOKi000DFrYXNnrgpOpk2+MM=", "owner": "nixos", "repo": "nixpkgs", - "rev": "a2001229477b3a343b13e6e7870fa37fedd8e09d", + "rev": "5eaa5fdf06d2b15d373b82c0f3a1ec1c6cab02ae", "type": "github" }, "original": { "owner": "nixos", + "ref": "master", "repo": "nixpkgs", "type": "github" } @@ -623,6 +624,22 @@ "type": "github" } }, + "nvim_plugin-lvimuser/lsp-inlayhints.nvim": { + "flake": false, + "locked": { + "lastModified": 1686236485, + "narHash": "sha256-06CiJ+xeMO4+OJkckcslqwloJyt2gwg514JuxV6KOfQ=", + "owner": "lvimuser", + "repo": "lsp-inlayhints.nvim", + "rev": "d981f65c9ae0b6062176f0accb9c151daeda6f16", + "type": "github" + }, + "original": { + "owner": "lvimuser", + "repo": "lsp-inlayhints.nvim", + "type": "github" + } + }, "nvim_plugin-m4xshen/hardtime.nvim": { "flake": false, "locked": { @@ -1176,6 +1193,7 @@ "nvim_plugin-lewis6991/gitsigns.nvim": "nvim_plugin-lewis6991/gitsigns.nvim", "nvim_plugin-lnc3l0t/glow.nvim": "nvim_plugin-lnc3l0t/glow.nvim", "nvim_plugin-lukas-reineke/indent-blankline.nvim": "nvim_plugin-lukas-reineke/indent-blankline.nvim", + "nvim_plugin-lvimuser/lsp-inlayhints.nvim": "nvim_plugin-lvimuser/lsp-inlayhints.nvim", "nvim_plugin-m4xshen/hardtime.nvim": "nvim_plugin-m4xshen/hardtime.nvim", "nvim_plugin-mbbill/undotree": "nvim_plugin-mbbill/undotree", "nvim_plugin-mfussenegger/nvim-lint": "nvim_plugin-mfussenegger/nvim-lint", @@ -1210,17 +1228,17 @@ "rust-overlay": "rust-overlay_2" }, "locked": { - "lastModified": 1745585761, - "narHash": "sha256-xS3068xhndFrZh9GcTTNTmeebGq1A3uVykRRdzJOj3Y=", + "lastModified": 1735841437, + "narHash": "sha256-ZwmlaFhOlQ7f6Rq6VxRup7giPiwQlwe71HcoO/laRJo=", "ref": "refs/heads/master", - "rev": "e5523910a0c07c88d026d006f5962434bfa53548", - "revCount": 277, + "rev": "71d82c875fff85ae250804f45f1acf65f42cdc1e", + "revCount": 253, "type": "git", - "url": "https://git.joshuabell.xyz/ringofstorms/nvim" + "url": "https://git.joshuabell.xyz/nvim" }, "original": { "type": "git", - "url": "https://git.joshuabell.xyz/ringofstorms/nvim" + "url": "https://git.joshuabell.xyz/nvim" } }, "rust-overlay": { diff --git a/hosts/h002/flake.nix b/hosts/h002/flake.nix index 3e62499..a3ce5aa 100644 --- a/hosts/h002/flake.nix +++ b/hosts/h002/flake.nix @@ -35,7 +35,6 @@ { environment.systemPackages = with pkgs; [ lua - qdirstat ]; ringofstorms_common = { @@ -44,12 +43,10 @@ secrets.enable = true; desktopEnvironment.gnome.enable = true; programs = { - qFlipper.enable = true; rustDev.enable = true; tailnet.enable = true; ssh.enable = true; docker.enable = true; - uhkAgent.enable = true; }; users = { admins = [ "luser" ]; # First admin is also the primary user owning nix config @@ -72,10 +69,6 @@ packages = with pkgs; [ bitwarden vaultwarden - google-chrome - firefox-esr - openscad - vlc ]; }; }; diff --git a/hosts/lio/containers.nix b/hosts/lio/containers.nix index a8a25ac..c7ccf60 100644 --- a/hosts/lio/containers.nix +++ b/hosts/lio/containers.nix @@ -26,12 +26,15 @@ firewall.trustedInterfaces = [ "ve-*" ]; }; + # mathesar + # services.mathesar.secretKey = "mImvhwyu0cFmtUNOAyOjm6qozWjEmHyrGIpOTZXWW7lnkj5RP3"; + containers.wasabi = { ephemeral = true; autoStart = true; privateNetwork = true; - hostAddress = "10.0.0.1"; - localAddress = "10.0.0.111"; + hostAddress = "192.168.100.2"; + localAddress = "192.168.100.11"; config = { config, pkgs, ... }: { @@ -45,17 +48,10 @@ }; }; - virtualisation.oci-containers.containers = { - ntest = { - image = "nginx:alpine"; - ports = [ - "127.0.0.1:8085:80" - ]; - }; - }; - virtualisation.oci-containers.backend = "docker"; + security.acme.acceptTerms = true; + security.acme.defaults.email = "admin@joshuabell.xyz"; services.nginx = { enable = true; recommendedGzipSettings = true; diff --git a/hosts/lio/flake.lock b/hosts/lio/flake.lock index 157fe4b..602500b 100644 --- a/hosts/lio/flake.lock +++ b/hosts/lio/flake.lock @@ -32,11 +32,11 @@ "ragenix": "ragenix" }, "locked": { - "lastModified": 1745957989, - "narHash": "sha256-mLYJXPri4DVRa6exEPtzlkje5FZVSYAteObHOxcAvfA=", + "lastModified": 1745953495, + "narHash": "sha256-8FzNmiQ4FuAk3Lz1vP3Up2npluYPXe5eos05h3npvrA=", "ref": "refs/heads/master", - "rev": "6277d06b4dcaa6665e92aaf5f20eee49a8362556", - "revCount": 426, + "rev": "37d4ac85b2450a407d8528aef1f5de38fbabb72d", + "revCount": 413, "type": "git", "url": "https://git.joshuabell.xyz/ringofstorms/dotfiles" }, diff --git a/readme.md b/readme.md index 7b2acce..066ded1 100644 --- a/readme.md +++ b/readme.md @@ -68,7 +68,9 @@ - atuin setup - if atuin is on enable that mod in configuration.nix, make sure to `atuin login` get key from existing device - TODO move key into secrets and mount it to atuin local share +- stormd onboard to network - ssh key access, ssh iden in config in nix config +- ### Notes