Merge branch 'main' of https://git.syzygial.cc/Syzygial/NixMachines

flake.lock

@@ -1,24 +1,42 @@
 {
   "nodes": {
-    "flake-utils": {
+    "deploy-rs": {
       "inputs": {
-        "systems": "systems"
+        "flake-compat": "flake-compat",
+        "nixpkgs": "nixpkgs",
+        "utils": "utils"
       },
       "locked": {
-        "lastModified": 1731533236,
+        "lastModified": 1727447169,
-        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
+        "narHash": "sha256-3KyjMPUKHkiWhwR91J1YchF6zb6gvckCAY1jOE+ne0U=",
-        "owner": "numtide",
+        "owner": "serokell",
-        "repo": "flake-utils",
+        "repo": "deploy-rs",
-        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
+        "rev": "aa07eb05537d4cd025e2310397a6adcedfe72c76",
         "type": "github"
       },
       "original": {
-        "owner": "numtide",
+        "owner": "serokell",
-        "repo": "flake-utils",
+        "repo": "deploy-rs",
         "type": "github"
       }
     },
-    "flake-utils_2": {
+    "flake-compat": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1696426674,
+        "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
+        "type": "github"
+      },
+      "original": {
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "type": "github"
+      }
+    },
+    "flake-utils": {
       "inputs": {
         "systems": "systems_2"
       },
@@ -36,7 +54,7 @@
         "type": "github"
       }
     },
-    "flake-utils_3": {
+    "flake-utils_2": {
       "inputs": {
         "systems": "systems_3"
       },
@@ -54,6 +72,24 @@
         "type": "github"
       }
     },
+    "flake-utils_3": {
+      "inputs": {
+        "systems": "systems_4"
+      },
+      "locked": {
+        "lastModified": 1731533236,
+        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
     "flakey-profile": {
       "locked": {
         "lastModified": 1712898590,
@@ -189,6 +225,22 @@
       }
     },
     "nixpkgs": {
+      "locked": {
+        "lastModified": 1702272962,
+        "narHash": "sha256-D+zHwkwPc6oYQ4G3A1HuadopqRwUY/JkMwHz1YF7j4Q=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "e97b3e4186bcadf0ef1b6be22b8558eab1cdeb5d",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixpkgs-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_2": {
       "locked": {
         "lastModified": 1742422364,
         "narHash": "sha256-mNqIplmEohk5jRkqYqG19GA8MbQ/D4gQSK0Mu4LvfRQ=",
@@ -204,7 +256,7 @@
         "type": "github"
       }
     },
-    "nixpkgs_2": {
+    "nixpkgs_3": {
       "locked": {
         "lastModified": 1741865919,
         "narHash": "sha256-4thdbnP6dlbdq+qZWTsm4ffAwoS8Tiq1YResB+RP6WE=",
@@ -222,18 +274,19 @@
     },
     "root": {
       "inputs": {
+        "deploy-rs": "deploy-rs",
         "home-manager": "home-manager",
         "lix-module": "lix-module",
         "me-emacs": "me-emacs",
         "microvm": "microvm",
         "nix-darwin": "nix-darwin",
-        "nixpkgs": "nixpkgs",
+        "nixpkgs": "nixpkgs_2",
         "sops-nix": "sops-nix"
       }
     },
     "sops-nix": {
       "inputs": {
-        "nixpkgs": "nixpkgs_2"
+        "nixpkgs": "nixpkgs_3"
       },
       "locked": {
         "lastModified": 1742595978,
@@ -309,6 +362,39 @@
         "repo": "default",
         "type": "github"
       }
+    },
+    "systems_4": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    },
+    "utils": {
+      "inputs": {
+        "systems": "systems"
+      },
+      "locked": {
+        "lastModified": 1701680307,
+        "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
     }
   },
   "root": "root",

flake.nix

@@ -14,9 +14,10 @@
     };
     microvm.url = "github:astro/microvm.nix";
     microvm.inputs.nixpkgs.follows = "nixpkgs";
+    deploy-rs.url = "github:serokell/deploy-rs";
   };
   
-  outputs = { self, nixpkgs, sops-nix, me-emacs, nix-darwin, home-manager, lix-module, microvm }@inputs: let
+  outputs = { self, nixpkgs, sops-nix, me-emacs, nix-darwin, home-manager, lix-module, microvm, deploy-rs }@inputs: let
     overlays = import ./overlays/default.nix inputs;
     modules = import ./modules/default.nix inputs;
 
@@ -69,7 +70,7 @@
         modules = [
           ./machines/pericyte/configuration.nix
           modules.sops
-          # lix-module.nixosModules.default
+          lix-module.nixosModules.default
           microvm.nixosModules.host
         ];
       };
@@ -101,6 +102,21 @@
       };
     };
 
+    deploy = {
+      nodes = {
+        pericyte = {
+          hostname = "opcp";
+          sshUser = "root";
+          profiles.system = {
+            user = "root";
+            path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.pericyte;
+          };
+        };
+      };
+    };
+    # This is highly advised, and will prevent many possible mistakes
+    checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib;
+
     hydraJobs = {
       inherit (me-emacs) packages;
     };

machines/pericyte/configuration.nix

@@ -4,8 +4,11 @@
     "${inputs.nixpkgs}/nixos/modules/profiles/headless.nix"
     "${inputs.nixpkgs}/nixos/modules/profiles/minimal.nix"
 
-    ./microvm-configuration.nix
+    ./podman.nix
-    ./k3s.nix
+    ./container-registry.nix
+    ./test.nix
+    # ./microvm-configuration.nix
+    # ./k3s.nix
   ];
 
   nix.settings.experimental-features = [ "nix-command" "flakes" ];
@@ -13,10 +16,12 @@
   environment.systemPackages = with pkgs; [
     git
     btop
+    tmux
+    oci-cli
   ];
 
   boot.tmp.cleanOnBoot = true;
-  zramSwap.enable = true;
+  # zramSwap.enable = true;
   networking.hostName = "pericyte";
   networking.domain = "";
   services.openssh.enable = true;

machines/pericyte/container-registry.nix

@@ -0,0 +1,6 @@
+{ pkgs, ... }: {
+  services.dockerRegistry = {
+    enable  = true;
+    package = pkgs.distribution;
+  };
+}

machines/pericyte/hardware-configuration.nix

@@ -7,8 +7,12 @@
     device = "nodev";
   };
   fileSystems."/boot" = { device = "/dev/disk/by-uuid/FCE4-1F46"; fsType = "vfat"; };
+  fileSystems."/" = { device = "/dev/sda1"; fsType = "ext4"; };
+  swapDevices = [
+    {
+      device = "/swapfile";
+    }
+  ];
   boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
   boot.initrd.kernelModules = [ "nvme" ];
-  fileSystems."/" = { device = "/dev/sda1"; fsType = "ext4"; };
-  
 }

machines/pericyte/podman.nix

@@ -0,0 +1,21 @@
+{ pkgs, ... }: {
+  # Enable common container config files in /etc/containers
+  virtualisation.containers.enable = true;
+  virtualisation = {
+    podman = {
+      enable = true;
+
+      # Required for containers under podman-compose to be able to talk to each other.
+      defaultNetwork.settings.dns_enabled = true;
+    };
+  };
+
+  # Useful other development tools
+  environment.systemPackages = with pkgs; [
+    dive # look into docker image layers
+    skopeo # Inspect images
+    podlet # create quadlets (systemd units)
+    podman-tui # status of containers in the terminal
+    podman-compose # start group of containers for dev
+  ];
+}

machines/pericyte/test.nix

@@ -0,0 +1,32 @@
+{ pkgs, ... }: {
+  users.groups.peertube = { };
+  users.users.peertube = {
+    isSystemUser = true;
+    group = "peertube";
+    home = "/var/lib/peertube";
+    createHome = true;
+    uid = 2342;
+    subUidRanges = [
+      {
+        count = 65536;
+        startUid = 2147483646;
+      }
+    ];
+    subGidRanges = [
+      {
+        count = 65536;
+        startGid = 2147483647;
+      }
+    ];
+  };
+  virtualisation.oci-containers = {
+    backend = "podman";
+    # containers.peertube = {
+    #   image = "chocobozzz/peertube:latest";
+    #   ports = [ ];
+    #   podman = {
+    #     user = "peertube";
+    #   };
+    # };
+  };
+}