diff --git a/hosts/arr/default.nix b/hosts/arr/default.nix index 9a28b57..ac3f590 100644 --- a/hosts/arr/default.nix +++ b/hosts/arr/default.nix @@ -1,63 +1,31 @@ -{ config, pkgs, ... }: - -let - - # parameters = import ./parameters.nix { }; - - # GID = 888; - # user = "rtorrent"; - # passwordHash = "$y$j9T$dA94KVg1/jYLqclQQbTDk.$cnfxBWUN8P4shr8Kkipv5bU/RCtQNoAwYFDZ0X/BYs5"; - - timeZone = "Europe/Rome"; - defaultLocale = "en_US.UTF-8"; -in { + config, + pkgs, + lib, + ... +}: +{ + my = { + utils.commons.enable = true; - commons.enable = true; - - proxmox.enable = true; - - download-pod = { - enable = false; - proxy.enable = false; - }; - - services.podmanPods = { - mywebapp = { - name = "mywebapp"; - ports = [ - "9090:80" - "9443:443" - ]; - containers = { - webserver = { - enable = true; - image = "nginx"; - volumes = [ - "aaa:/config" - "bbb:/data" - ]; - }; - appserver = { - image = "my-custom-app:latest"; - }; - }; + networking.tailscale = { + enable = false; + exitNode = "vps"; + # authKeyFile = builtins.toFile "authKey" ''${parameters.tailscaleAuthKey}''; }; - database = { - name = "database"; - ports = [ - "3333:4444" - "5432:5432" - ]; - containers = { - postgres = { - image = "postgres:13"; - }; - }; + services.download-pod = { + enable = true; + proxy.enable = false; + }; + + virtualisation = { + proxmox.enable = true; }; }; + time.timeZone = "Europe/Rome"; + # Extra packages environment.systemPackages = with pkgs; [ ]; @@ -65,13 +33,5 @@ in openssh.enable = true; }; - tailscale = { - enable = false; - exitNode = "vps"; - # authKeyFile = builtins.toFile "authKey" ''${parameters.tailscaleAuthKey}''; - }; - - time.timeZone = timeZone; - system.stateVersion = "24.05"; } diff --git a/hosts/deadbeef/default.nix b/hosts/deadbeef/default.nix index cf88798..3d7a837 100644 --- a/hosts/deadbeef/default.nix +++ b/hosts/deadbeef/default.nix @@ -1,6 +1,7 @@ { config, pkgs, + lib, home-manager, ... }: @@ -8,8 +9,6 @@ imports = [ ./hardware-configuration.nix # home-manager.nixosModules.home-manager - # ../../modules - # "${config.inputs.self}/modules" ]; # Don't use the systemd-boot EFI boot loader. @@ -38,16 +37,20 @@ }; }; - desktopUser = { - enable = true; - userName = "pazpi"; - hashedPassword = "$y$j9T$dA94KVg1/jYLqclQQbTDk.$cnfxBWUN8P4shr8Kkipv5bU/RCtQNoAwYFDZ0X/BYs5"; + my = { + desktop = { + + desktopUser = { + enable = true; + userName = "pazpi"; + hashedPassword = "$y$j9T$dA94KVg1/jYLqclQQbTDk.$cnfxBWUN8P4shr8Kkipv5bU/RCtQNoAwYFDZ0X/BYs5"; + }; + + audio.enable = false; + }; + }; - audio.enable = false; - - # podman.enable = true; - # Vedi https://github.com/TLATER/dotfiles/blob/f989a86890f27f6b089e9d74b7e8356ec8e5683d/home-config/hosts/yui.nix # home-manager.users.pazpi = import "${flake-inputs.self}/home-config/hosts/deadbeef.nix"; diff --git a/modules/desktop/audio.nix b/modules/desktop/audio.nix index 0520083..627c33e 100644 --- a/modules/desktop/audio.nix +++ b/modules/desktop/audio.nix @@ -5,10 +5,10 @@ ... }: let - cfg = config.audio; + cfg = config.my.desktop.audio; in { - options.audio = { + options.my.desktop.audio = { enable = lib.mkEnableOption "Enable sound module"; }; diff --git a/modules/desktop/desktop-user.nix b/modules/desktop/desktop-user.nix index b1e4102..78c613c 100644 --- a/modules/desktop/desktop-user.nix +++ b/modules/desktop/desktop-user.nix @@ -5,10 +5,10 @@ ... }: let - cfg = config.desktopUser; + cfg = config.my.desktop.desktopUser; in { - options.desktopUser = { + options.my.desktop.desktopUser = { enable = lib.mkEnableOption "Enable desktop user module"; userName = lib.mkOption { diff --git a/modules/desktop/gnome.nix b/modules/desktop/gnome.nix index ed2f222..1bf59b6 100644 --- a/modules/desktop/gnome.nix +++ b/modules/desktop/gnome.nix @@ -5,10 +5,10 @@ ... }: let - cfg = config.gnome; + cfg = config.my.desktop.gnome; in { - options.gnome = { + options.my.desktop.gnome = { enable = lib.mkEnableOption "Enable Gnome and apply customization module"; keyboardLayout = lib.mkOption { diff --git a/modules/desktop/plymouth.nix b/modules/desktop/plymouth.nix index f310158..970bd15 100644 --- a/modules/desktop/plymouth.nix +++ b/modules/desktop/plymouth.nix @@ -5,10 +5,10 @@ ... }: let - cfg = config.plymouth; + cfg = config.my.desktop.plymouth; in { - options.plymouth = { + options.my.desktop.plymouth = { enable = lib.mkEnableOption "Enable Plymouth and apply customization module"; }; diff --git a/modules/desktop/steam.nix b/modules/desktop/steam.nix index 9c964cb..539220e 100644 --- a/modules/desktop/steam.nix +++ b/modules/desktop/steam.nix @@ -5,10 +5,10 @@ ... }: let - cfg = config.steam; + cfg = config.my.desktop.steam; in { - options.steam = { + options.my.desktop.steam = { enable = lib.mkEnableOption "Enable Steam and apply customization module"; }; diff --git a/modules/networking/avahi.nix b/modules/networking/avahi.nix index abb0be8..c520f8b 100644 --- a/modules/networking/avahi.nix +++ b/modules/networking/avahi.nix @@ -5,10 +5,10 @@ ... }: let - cfg = config.avahi; + cfg = config.my.networking.avahi; in { - options.avahi = { + options.my.networking.avahi = { enable = lib.mkEnableOption "Enable Avahi and apply customization module"; }; diff --git a/modules/networking/tailscale.nix b/modules/networking/tailscale.nix index 2cbcbb6..b5c9188 100644 --- a/modules/networking/tailscale.nix +++ b/modules/networking/tailscale.nix @@ -5,10 +5,10 @@ ... }: let - cfg = config.tailscale; + cfg = config.my.networking.tailscale; in { - options.tailscale = { + options.my.networking.tailscale = { enable = lib.mkEnableOption "Enable Tailscale module"; authKeyFile = lib.mkOption { diff --git a/modules/services/download-pod copy.nix b/modules/services/download-pod copy.nix new file mode 100644 index 0000000..2532778 --- /dev/null +++ b/modules/services/download-pod copy.nix @@ -0,0 +1,149 @@ +{ + config, + pkgs, + lib, + ... +}: +let + cfg = config.my.services.download-pod; +in +{ + options.my.services.download-pod = { + enable = lib.mkEnableOption "Enable the download searcher stack"; + + proxy = { + enable = lib.mkEnableOption "Enable proxy for the services"; + + hostName = lib.mkOption { + default = "example.com"; + type = lib.types.str; + description = '' + Top level hostname + ''; + }; + + serverName = lib.mkOption { + default = "localhost"; + type = lib.types.str; + description = '' + Server name where Caddy is + ''; + }; + + }; + + }; + + config = lib.mkIf cfg.enable { + + my.virtualisation.podman.enable = true; + + systemd.services.pod-download = { + description = "Start podman 'download' pod"; + wants = [ "network-online.target" ]; + after = [ "network-online.target" ]; + requiredBy = [ + "podman-jackett.service" + "podman-radarr.service" + "podman-sabnzbd.service" + "podman-sonarr.service" + ]; + unitConfig = { + RequiresMountsFor = "/run/containers"; + }; + serviceConfig = { + Type = "oneshot"; + # - 7878: Radarr + # - 8080: Sabnzbd + # - 8989: Sonarr + # - 9117: Jackett + # - 9696: Prowlarr + ExecStart = "-${pkgs.podman}/bin/podman pod create -p 9117:9117 -p 7878:7878 -p 8080:8080 -p 8989:8989 -p 9696:9696 download"; + }; + path = [ pkgs.podman ]; + }; + + virtualisation.oci-containers.containers = { + + my-pod = { + image = "k8s.gcr.io/pause:3.9"; + extraOptions = [ + "--pod=new:my-pod" + "--publish=8081:80" # Expose port 80 in the pod as 8080 on the host + "--publish=8082:82" # Expose port 82 in the pod as 8082 on the host + "--publish=83:9117" # Expose port 9117 in the pod as 83 on the host + ]; + }; + + jackett = { + image = "linuxserver/jackett"; + autoStart = true; + extraOptions = [ "--pod=my-pod" ]; + volumes = [ + "jackett_config:/config" + "jackett_data:/data" + ]; + }; + + radarr = { + image = "linuxserver/radarr"; + autoStart = true; + extraOptions = [ "--pod=download" ]; + volumes = [ + "radarr_config:/config" + "radarr_data:/data" + ]; + }; + + sabnzbd = { + image = "linuxserver/sabnzbd"; + autoStart = true; + extraOptions = [ "--pod=download" ]; + volumes = [ + "sabnzbd_config:/config" + "sabnzbd_data:/data" + ]; + }; + + sonarr = { + image = "linuxserver/sonarr"; + autoStart = true; + extraOptions = [ "--pod=download" ]; + volumes = [ + "sonarr_config:/config" + "sonarr_data:/data" + ]; + }; + + prowlarr = { + image = "linuxserver/prowlarr"; + autoStart = true; + extraOptions = [ "--pod=download" ]; + volumes = [ "prowlarr_config:/config" ]; + }; + + }; + + services.caddy = lib.mkIf cfg.proxy.enable { + enable = true; + enableReload = false; + virtualHosts = { + "jackett.${cfg.proxy.hostName}".extraConfig = '' + reverse_proxy http://${cfg.proxy.serverName}:9117 + ''; + "radarr.${cfg.proxy.hostName}".extraConfig = '' + reverse_proxy http://${cfg.proxy.serverName}:7878 + ''; + "sabnzbd.${cfg.proxy.hostName}".extraConfig = '' + reverse_proxy http://${cfg.proxy.serverName}:8080 + ''; + "sonarr.${cfg.proxy.hostName}".extraConfig = '' + reverse_proxy http://${cfg.proxy.serverName}:8989 + ''; + }; + + }; + + }; + +} diff --git a/modules/services/download-pod-old.nix b/modules/services/download-pod-old.nix index 4275e09..50835b3 100644 --- a/modules/services/download-pod-old.nix +++ b/modules/services/download-pod-old.nix @@ -5,10 +5,10 @@ ... }: let - cfg = config.download-pod-old; + cfg = config.my.services.download-pod-old; in { - options.download-pod-old = { + options.my.services.download-pod-old = { enable = lib.mkEnableOption "Enable download services module"; proxy = { @@ -43,7 +43,7 @@ in }; config = lib.mkIf cfg.enable { - podman.enable = true; + my.virtualisation.podman.enable = true; systemd.services.pod-download = { description = "Start podman 'download' pod"; diff --git a/modules/services/download-pod.nix b/modules/services/download-pod.nix index 40be8b8..a456a58 100644 --- a/modules/services/download-pod.nix +++ b/modules/services/download-pod.nix @@ -5,10 +5,33 @@ ... }: let - cfg = config.download-pod; + cfg = config.my.services.download-pod; + + containers = { + webserver = { + enable = true; + image = "nginx"; + volumes = [ + "aaa:/config" + "bbb:/data" + ]; + }; + + postgres = { + enable = false; + image = "postgres:13"; + }; + }; + + enabledContainers = + containers: + lib.mapAttrs (name: container: lib.removeAttrs container [ "enable" ]) ( + lib.filterAttrs (name: container: container.enable) containers + ); + in { - options.download-pod = { + options.my.services.download-pod = { enable = lib.mkEnableOption "Enable the download searcher stack"; proxy = { @@ -36,93 +59,69 @@ in config = lib.mkIf cfg.enable { - podman.enable = true; - - systemd.services.pod-download = { - description = "Start podman 'download' pod"; - wants = [ "network-online.target" ]; - after = [ "network-online.target" ]; - requiredBy = [ - "podman-jackett.service" - "podman-radarr.service" - "podman-sabnzbd.service" - "podman-sonarr.service" - ]; - unitConfig = { - RequiresMountsFor = "/run/containers"; + my.virtualisation.podmanPods = { + mywebapp = { + name = "mywebapp"; + ports = [ + "9090:80" + "9443:443" + ]; + containers = enabledContainers containers; }; - serviceConfig = { - Type = "oneshot"; - # - 7878: Radarr - # - 8080: Sabnzbd - # - 8989: Sonarr - # - 9117: Jackett - # - 9696: Prowlarr - ExecStart = "-${pkgs.podman}/bin/podman pod create -p 9117:9117 -p 7878:7878 -p 8080:8080 -p 8989:8989 -p 9696:9696 download"; - }; - path = [ pkgs.podman ]; }; - virtualisation.oci-containers.containers = { + virtualisation.oci-containers.containers = enabledContainers containers; - my-pod = { - image = "k8s.gcr.io/pause:3.9"; - extraOptions = [ - "--pod=new:my-pod" - "--publish=8081:80" # Expose port 80 in the pod as 8080 on the host - "--publish=8082:82" # Expose port 82 in the pod as 8082 on the host - "--publish=83:9117" # Expose port 9117 in the pod as 83 on the host - ]; - }; + # virtualisation.oci-containers.containers = { - jackett = { - image = "linuxserver/jackett"; - autoStart = true; - extraOptions = [ "--pod=my-pod" ]; - volumes = [ - "jackett_config:/config" - "jackett_data:/data" - ]; - }; + # jackett = { + # image = "linuxserver/jackett"; + # autoStart = true; + # extraOptions = [ "--pod=my-pod" ]; + # volumes = [ + # "jackett_config:/config" + # "jackett_data:/data" + # ]; + # }; - radarr = { - image = "linuxserver/radarr"; - autoStart = true; - extraOptions = [ "--pod=download" ]; - volumes = [ - "radarr_config:/config" - "radarr_data:/data" - ]; - }; + # radarr = { + # image = "linuxserver/radarr"; + # autoStart = true; + # extraOptions = [ "--pod=download" ]; + # volumes = [ + # "radarr_config:/config" + # "radarr_data:/data" + # ]; + # }; - sabnzbd = { - image = "linuxserver/sabnzbd"; - autoStart = true; - extraOptions = [ "--pod=download" ]; - volumes = [ - "sabnzbd_config:/config" - "sabnzbd_data:/data" - ]; - }; + # sabnzbd = { + # image = "linuxserver/sabnzbd"; + # autoStart = true; + # extraOptions = [ "--pod=download" ]; + # volumes = [ + # "sabnzbd_config:/config" + # "sabnzbd_data:/data" + # ]; + # }; - sonarr = { - image = "linuxserver/sonarr"; - autoStart = true; - extraOptions = [ "--pod=download" ]; - volumes = [ - "sonarr_config:/config" - "sonarr_data:/data" - ]; - }; + # sonarr = { + # image = "linuxserver/sonarr"; + # autoStart = true; + # extraOptions = [ "--pod=download" ]; + # volumes = [ + # "sonarr_config:/config" + # "sonarr_data:/data" + # ]; + # }; - prowlarr = { - image = "linuxserver/prowlarr"; - autoStart = true; - extraOptions = [ "--pod=download" ]; - volumes = [ "prowlarr_config:/config" ]; - }; + # prowlarr = { + # image = "linuxserver/prowlarr"; + # autoStart = true; + # extraOptions = [ "--pod=download" ]; + # volumes = [ "prowlarr_config:/config" ]; + # }; - }; + # }; services.caddy = lib.mkIf cfg.proxy.enable { enable = true; diff --git a/modules/services/nextcloud-podman.nix b/modules/services/nextcloud-podman.nix index 1ff4cec..b677258 100644 --- a/modules/services/nextcloud-podman.nix +++ b/modules/services/nextcloud-podman.nix @@ -5,15 +5,15 @@ ... }: let - cfg = config.nextcloud-pd; + cfg = config.my.services.nextcloud-pd; in { - options.nextcloud-pd = { + options.my.services.nextcloud-pd = { enable = lib.mkEnableOption "Enable Nextcloud module"; }; config = lib.mkIf cfg.enable { - podman.enable = true; + my.virtualisation.podman.enable = true; virtualisation.oci-containers.containers = { }; diff --git a/modules/services/rutorrent.nix b/modules/services/rutorrent.nix index bfe114f..9f1908a 100644 --- a/modules/services/rutorrent.nix +++ b/modules/services/rutorrent.nix @@ -8,7 +8,7 @@ with lib; let - cfg = config.services.rutorrent; + cfg = config.my.services.rutorrent; rutorrentPkgs = import ../packages/rutorrent.nix { inherit pkgs; @@ -44,7 +44,7 @@ let in { - options = { + options.my = { services.rutorrent = { enable = mkEnableOption "ruTorrent"; diff --git a/modules/systems/btrfs-autoscrub.nix b/modules/systems/btrfs-autoscrub.nix index f861cf3..d2714d7 100644 --- a/modules/systems/btrfs-autoscrub.nix +++ b/modules/systems/btrfs-autoscrub.nix @@ -5,10 +5,10 @@ ... }: let - cfg = config.btrfsAutoscrub; + cfg = config.my.system.btrfsAutoscrub; in { - options.btrfsAutoscrub = { + options.my.system.btrfsAutoscrub = { enable = lib.mkEnableOption "Enable BTRFS Auto Scrub module"; interval = lib.mkOption { diff --git a/modules/systems/ssh.nix b/modules/systems/ssh.nix new file mode 100644 index 0000000..fb31426 --- /dev/null +++ b/modules/systems/ssh.nix @@ -0,0 +1,21 @@ +{ config, lib, ... }: +let + cfg = config.my.systems.ssh; +in +{ + options.my.systems.ssh = { + enable = lib.mkEnableOption "Enable SSH Server"; + }; + + config = lib.mkIf cfg.enable { + + services.openssh = { + enable = true; + + # require public key authentication for better security + settings.PasswordAuthentication = false; + settings.KbdInteractiveAuthentication = false; + settings.PermitRootLogin = false; + }; + }; +} diff --git a/modules/utils/commons.nix b/modules/utils/commons.nix index cc8bed9..edd8626 100644 --- a/modules/utils/commons.nix +++ b/modules/utils/commons.nix @@ -1,9 +1,9 @@ { config, lib, ... }: let - cfg = config.commons; + cfg = config.my.utils.commons; in { - options.commons = { + options.my.utils.commons = { enable = lib.mkEnableOption "Enable commons stuff that are always nice to have"; allowReboot = lib.mkOption { diff --git a/modules/utils/server-node-users.nix b/modules/utils/server-node-users.nix index a9e326d..a3b7945 100644 --- a/modules/utils/server-node-users.nix +++ b/modules/utils/server-node-users.nix @@ -5,10 +5,10 @@ ... }: let - cfg = config.serverNodeUsers; + cfg = config.my.utils.serverNodeUsers; in { - options.serverNodeUsers = { + options.my.utils.serverNodeUsers = { enable = lib.mkEnableOption "Set users for server hosts"; }; @@ -24,9 +24,6 @@ in users.root = { hashedPassword = "!"; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDhiGLc/whCY3lCmDiRlYnMJOLiO/gvcRj/sKVEFVAhQ pazpi@deadbeef" - ]; }; users.pazpi = { diff --git a/modules/virtualisation/default.nix b/modules/virtualisation/default.nix index 97f31bb..f03c000 100644 --- a/modules/virtualisation/default.nix +++ b/modules/virtualisation/default.nix @@ -6,6 +6,5 @@ ./lxc-guest.nix ./podman.nix ./podman-pod.nix - ./proxmox.nix ]; } diff --git a/modules/virtualisation/docker.nix b/modules/virtualisation/docker.nix index 3122873..3d9227b 100644 --- a/modules/virtualisation/docker.nix +++ b/modules/virtualisation/docker.nix @@ -5,10 +5,10 @@ ... }: let - cfg = config.docker; + cfg = config.my.virtualisation.docker; in { - options.docker = { + options.my.virtualisation.docker = { enable = lib.mkEnableOption "Enable Docker module"; }; diff --git a/modules/virtualisation/libvirtd.nix b/modules/virtualisation/libvirtd.nix index 94c1c5d..6ec3d63 100644 --- a/modules/virtualisation/libvirtd.nix +++ b/modules/virtualisation/libvirtd.nix @@ -5,10 +5,10 @@ ... }: let - cfg = config.libvirtd; + cfg = config.my.virtualisation.libvirtd; in { - options.libvirtd = { + options.my.virtualisation.libvirtd = { enable = lib.mkEnableOption "Enable libvirtd module"; }; diff --git a/modules/virtualisation/lxc-guest.nix b/modules/virtualisation/lxc-guest.nix index 108e3ad..bccb1f3 100644 --- a/modules/virtualisation/lxc-guest.nix +++ b/modules/virtualisation/lxc-guest.nix @@ -1,9 +1,9 @@ { config, lib, ... }: let - cfg = config.lxcGuest; + cfg = config.my.virtualisation.lxcGuest; in { - options.lxcGuest = { + options.my.virtualisation.lxcGuest = { enable = lib.mkEnableOption "NixOs inside LXC container"; }; diff --git a/modules/virtualisation/lxc.nix b/modules/virtualisation/lxc.nix index 58ba282..df86b8c 100644 --- a/modules/virtualisation/lxc.nix +++ b/modules/virtualisation/lxc.nix @@ -5,10 +5,10 @@ ... }: let - cfg = config.lxc; + cfg = config.my.virtualisation.lxc; in { - options.lxc = { + options.my.virtualisation.lxc = { enable = lib.mkEnableOption "Enable LXC module"; }; diff --git a/modules/virtualisation/podman-pod.nix b/modules/virtualisation/podman-pod.nix index 7f90771..3a70613 100644 --- a/modules/virtualisation/podman-pod.nix +++ b/modules/virtualisation/podman-pod.nix @@ -1,4 +1,3 @@ -# Save this as podman-pod.nix { config, lib, @@ -9,44 +8,67 @@ with lib; let - cfg = config.services.podmanPods; + cfg = config.my.virtualisation.podmanPods; # Get the options from the original oci-containers module - containerOptions = ( - filterAttrs ( - n: v: n != "definition" - ) config.virtualisation.oci-containers.containers.type.getSubOptions - ); + # containerOptions = ( + # filterAttrs ( + # n: v: n != "definition" + # ) config.virtualisation.oci-containers.containers.type.getSubOptions + # ); + + # containerDefinition = mkOption { + # type = types.attrs; + # description = "The container definition, derived from virtualisation.oci-containers.containers."; + # example = { + # image = "nginx:latest"; + # ports = [ "8080:80" ]; + # }; + # default = { }; + # }; + + # containerDefinition = mkOption { + # type = types.attrs; + # description = "The container definition, derived from virtualisation.oci-containers.containers."; + # example = { + # image = "nginx:latest"; + # ports = [ "8080:80" ]; + # }; + # default = {}; + + # }; + # # config.virtualisation.oci-containers.containers.type.getSubOptions; + + containerDefinition = config.virtualisation.oci-containers.containers.type.getSubOptions; # Add our enable option - extendedContainerOptions = containerOptions // { + extendedContainerOptions = containerDefinition // { enable = mkEnableOption "Enable this container"; }; - podOptions = - { name, config, ... }: - { - options = { + podOptions = { + options = with types; { - name = mkOption { - type = types.str; - description = "Name of the pod"; - }; + name = mkOption { + type = str; + description = "Name of the pod"; + }; - ports = mkOption { - type = types.listOf types.str; - default = [ ]; - description = "List of port mappings (e.g. ['8080:80'])"; - }; - - containers = mkOption { - type = types.attrsOf (types.submodule { options = extendedContainerOptions; }); - default = { }; - description = "Attribute set of OCI container configurations for this set"; - }; + ports = mkOption { + type = listOf str; + default = [ ]; + description = "List of port mappings (e.g. ['8080:80'])"; + }; + containers = mkOption { + type = attrsOf (submodule { + options = extendedContainerOptions; + }); + default = { }; + description = "Attribute set of OCI container configurations for this set"; }; }; + }; createPodScript = name: podDef: @@ -82,27 +104,49 @@ let fi ''; - enabledContainers = lib.flatten ( - mapAttrs ( - podName: podConfig: filterAttrs (name: value: value.enable or true) podConfig.containers - ) cfg - ); + # enabledContainers = lib.flatten ( + # mapAttrs ( + # podName: podConfig: filterAttrs (name: value: value.enable or true) podConfig.containers + # ) cfg + # ); + + # flattenPodContainers = + # pods: + # mapAttrs' ( + # podName: pod: + # mapAttrs' ( + # containerName: container: + # nameValuePair "${podName}-${containerName}" ( + # container + # # // { + # # inherit (pod) name; + # # extraOptions = (container.extraOptions or [ ]) ++ [ "--pod=${pod.name}" ]; + # # } + # ) + # ) (filterAttrs (n: v: v.enable or true) pod.containers) + # ) pods; in { - options.services.podmanPods = mkOption { + options.my.virtualisation.podmanPods = mkOption { type = types.attrsOf (types.submodule podOptions); default = { }; description = "Podman pods to create"; }; config = mkIf (cfg != { }) { - virtualisation.podman.enable = true; - virtualisation.oci-containers.backend = "podman"; + + my.virtualisation.podman.enable = true; environment.systemPackages = [ pkgs.jq ]; - virtualisation.oci-containers.containers = enabledContainers; + # virtualisation.oci-containers.containers = enabledContainers; + + # virtualisation.oci-containers.containers = flattenPodContainers cfg; + + # virtualisation.oci-containers.containers = lib.mkMerge ( + # map (entry: entry.container) (filter (entry: entry.enable) cfg.containers) + # ); # virtualisation.oci-containers.containers = listToAttrs (flatten (mapAttrsToList # (podName: podDef: @@ -159,6 +203,7 @@ in wantedBy = [ "multi-user.target" ]; } ) cfg; + containerServices = mapAttrs' ( name: container: nameValuePair "podman-${name}" { @@ -166,8 +211,9 @@ in requires = [ "podman-pod-${lib.head (lib.splitString "-" name)}.service" ]; partOf = [ "podman-pod-${lib.head (lib.splitString "-" name)}.service" ]; } - ) config.virtualisation.oci-containers.containers; + ) config.containers; in podServices // containerServices; + }; } diff --git a/modules/virtualisation/podman.nix b/modules/virtualisation/podman.nix index 4cba6f1..5966847 100644 --- a/modules/virtualisation/podman.nix +++ b/modules/virtualisation/podman.nix @@ -5,10 +5,10 @@ ... }: let - cfg = config.podman; + cfg = config.my.virtualisation.podman; in { - options.podman = { + options.my.virtualisation.podman = { enable = lib.mkEnableOption "Enable Podman module"; }; diff --git a/modules/virtualisation/proxmox.nix b/modules/virtualisation/proxmox.nix index 2499230..c03044e 100644 --- a/modules/virtualisation/proxmox.nix +++ b/modules/virtualisation/proxmox.nix @@ -2,15 +2,16 @@ config, lib, pkgs, + inputs, ... }: let - cfg = config.proxmox; + cfg = config.my.virtualisation.proxmox; in { - options.proxmox = { + options.my.virtualisation.proxmox = { enable = lib.mkEnableOption "If this host is running inside Proxmox"; privileged = lib.mkOption { @@ -50,7 +51,7 @@ in manageHostName = cfg.manageHostName; }; - serverNodeUsers.enable = true; + my.utils.serverNodeUsers.enable = true; }; }