fujin/Nixos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Working version of izanagi config

Browse Source
This commit is contained in:
Alexander Derevianko
2025-07-31 18:35:17 +02:00
parent 045687bb5f
commit 688ff22ca3
5 changed files with 34 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files
machines/izanagi-minimal/disko-config.nix
+1 -1
View File
@@ -6,7 +6,7 @@
disko.devices = { disko.devices = {
disk = { disk = {
main = { main = {
device = "/dev/sda"; device = "/dev/vda";
type = "disk"; type = "disk";
content = { content = {
type = "gpt"; type = "gpt";
machines/izanagi/.sops.yaml
+1 -1
View File
@@ -1,6 +1,6 @@
keys: keys:
- &primary age19wvqtn4ju6k4vs8fxr34unl6xx4cv04jw0lx9ps20xlde927zfssgl4qke - &primary age19wvqtn4ju6k4vs8fxr34unl6xx4cv04jw0lx9ps20xlde927zfssgl4qke
- &izanagi age1rfxyntqw6kgjr3akm80a84c99ez4sl3r6gqdnxhljc0dqsjj94vqfu67a2 - &izanagi age1pqnf52umkjf5taee6wznn5a0kve9ms0dcny2ypx55sksnnneppvqk7srxu
creation_rules: creation_rules:
- path_regex: secrets/secrets.yaml$ - path_regex: secrets/secrets.yaml$
key_groups: key_groups:
machines/izanagi/default.nix
+8 -4
View File
@@ -1,7 +1,6 @@
{ config, pkgs, extraHomeModules, inputs, lib, ... }: { config, pkgs, extraHomeModules, inputs, lib, username, ... }:
let let
username = "susano";
flakeInputs = lib.filterAttrs (_: lib.isType "flake") inputs; flakeInputs = lib.filterAttrs (_: lib.isType "flake") inputs;
in { in {
imports = imports =
@@ -32,7 +31,7 @@ in {
nix-path = config.nix.nixPath; nix-path = config.nix.nixPath;
# Allow user to reubild nixos without sudo # Allow user to reubild nixos without sudo
trusted-users = [ "root" username ]; trusted-users = [ "root" "omen" username ];
}; };
# Opinionated: disable channels # Opinionated: disable channels
channel.enable = false; channel.enable = false;
@@ -129,7 +128,12 @@ in {
dov = { dov = {
virtualisation = { virtualisation = {
podman.enable = false; podman.enable = false;
docker.enable = true; docker = {
enable = true;
isBtrfsStorageDriver = false;
inherit username;
};
}; };
}; };
machines/izanagi/secrets/secrets.yaml
+11 -11
View File
@@ -20,20 +20,20 @@ sops:
- recipient: age19wvqtn4ju6k4vs8fxr34unl6xx4cv04jw0lx9ps20xlde927zfssgl4qke - recipient: age19wvqtn4ju6k4vs8fxr34unl6xx4cv04jw0lx9ps20xlde927zfssgl4qke
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvdXBSVm9adncvMUVPQVc3 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjWlVrOGxXRVJXdUxnV0V0
MStnazNDQ29tQlh2ZVZtSElvZnhTenFtYXlFCnNPU0VKaUR6dG90ZlBBMFdaL2Fz WTlsMm02Q0RhTFdFczFJb0pxQzMrVDZBUXdZCkdQZHgzVUVMQ3g2OGxhS3NBTldF
OFc4aTFxdU9DUjhhUk9xUW1GRjB1bGcKLS0tIFg1cEFEejRsMTNJQThoYytmdk1H dVVSRC9tZmdBeTBKQVVDazh3WWI0Ym8KLS0tIFdDWVlkRXByMnhoQUhSWFZPbVVL
RFY3T0tYcDFoQUxaL3h1YW8vdXBSQk0KF2nhM4S8vyzCrij5lTvoErgtvUkCrFwh Wko4RFJMMktDazJ2Q1pDWU1ad2paMWsKnnUH9R8GuN0T7kj8FIBXZHT80QJoTm2Y
eOhHP2QddxK1dwJsvrqOIQl9Gnd+GBgsNs/CY37MLkPGHXcUb9sCsA== BUM8pvcSxRO6U26O6YUZTyE5YHZzGRSDhbLtf480mlCTIDkSq7mrow==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1rfxyntqw6kgjr3akm80a84c99ez4sl3r6gqdnxhljc0dqsjj94vqfu67a2 - recipient: age1pqnf52umkjf5taee6wznn5a0kve9ms0dcny2ypx55sksnnneppvqk7srxu
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXd29NUjRGN0FDTHVTSG1v YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAycXBxVy9WcHh6VGlWN202
bVBYYUpPYTF0aVRpRlJQbmlMaXgxWGk4OUFJCk0yLzkrcUwwaUhESW1pc1QzNldC TkdJTXorVVdYNytCSEROQVRlaEpNQ29wWUhJCmR5bVRUL1RvTlpTbkFBWUwwWWNa
dDAvdVVFN0hHa200bDhJTE9vVUs5RFkKLS0tIEVmRG5Ec3ZRTHRwNW8yd09MTXMv UUYzR2p2UWdMOG5SOC84NjduZnpCOEUKLS0tIHk2NVpiTUdzUnRxZ01pRDR2RitT
VEZhR2NPVjdBa3BadHpMMUZkWDBMY00K5khR4JEKkg4czyNJ+StdM/18Qaw9ci0n cWlaR2gwblZhTzhkaVVHNDNXc2ZudzQKPEB5buoL9r9QnPCtY2L+G+DVlb8GY+Zl
zmO/uPFFb1T9IDwQVPQwgbwzv7BSjC3r7tPGjh0hWokaTtDBWxI08Q== k6WO2eozHIFDh/D5F7QC5E+Iey6mgs3nRn3zlKEqxtcI69MUb2Tnjg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-07-28T09:08:03Z" lastmodified: "2025-07-28T09:08:03Z"
mac: ENC[AES256_GCM,data:R66Wy3x0MQxwvS1vR59IEG31p3i9x/IXCusK28HhOH611TPRt5Zy4iWv3pLJpuG36v4qTmGOGq5Fznf/iYl4kj313KXeo45opDZixyOEDTLhaY4ZBLTa0Ozh9DBoq/emrwis8eEysFESBM5WKtQZUDw7gQXgTcgaEa4/RQYtn+o=,iv:dvTmKh0EAEOYY9QikQMXtkxOPLy7XsF131Lnm1E6Kcc=,tag:tBbb8EbTcMkhRCE/NuED9g==,type:str] mac: ENC[AES256_GCM,data:R66Wy3x0MQxwvS1vR59IEG31p3i9x/IXCusK28HhOH611TPRt5Zy4iWv3pLJpuG36v4qTmGOGq5Fznf/iYl4kj313KXeo45opDZixyOEDTLhaY4ZBLTa0Ozh9DBoq/emrwis8eEysFESBM5WKtQZUDw7gQXgTcgaEa4/RQYtn+o=,iv:dvTmKh0EAEOYY9QikQMXtkxOPLy7XsF131Lnm1E6Kcc=,tag:tBbb8EbTcMkhRCE/NuED9g==,type:str]
modules/virtualisation/docker/default.nix
+13 -4
View File
@@ -4,12 +4,21 @@ with lib;
let let
cfg = config.dov.virtualisation.docker; cfg = config.dov.virtualisation.docker;
username = "susano";
in { in {
options.dov.virtualisation.docker = { enable = mkEnableOption "docker config"; }; options.dov.virtualisation.docker = {
enable = mkEnableOption "docker config";
username = mkOption {
default = "susano";
type = types.string;
};
isBtrfsStorageDriver = mkOption {
default = true;
type = types.bool;
};
};
config = mkIf cfg.enable { config = mkIf cfg.enable {
users.extraGroups.docker.members = [ username ]; users.extraGroups.docker.members = [ cfg.username ];
virtualisation.docker = { virtualisation.docker = {
enable = true; enable = true;
@@ -19,7 +28,7 @@ in {
}; };
# TODO use if disko is btrfs # TODO use if disko is btrfs
storageDriver = "btrfs"; storageDriver = mkIf cfg.isBtrfsStorageDriver "btrfs";
}; };
}; };