christoph/flake-nixinator
1
Fork 0
Code Activity

Nixos: Remove the containers system module

Browse Source
This commit is contained in:
Christoph Urlacher
2024-10-13 13:00:09 +02:00
parent 7fecb6fce3
commit df5ab8e0c6
8 changed files with 94 additions and 236 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
config/rofi/menus/systemd-podman.fish
View File

@ -1,34 +0,0 @@
#!/usr/bin/env fish
# User chooses service, running services are marked in green
set SERVICES (cat /etc/rofi-containers)
set PROMPT ""
for SERVICE in $SERVICES
set SERVICE_RUNNING "$(systemctl list-units podman-$SERVICE.service | grep podman-$SERVICE.service)"
if test -z $SERVICE_RUNNING
set PROMPT $PROMPT$SERVICE"\n"
else
set PROMPT $PROMPT"<span foreground=\"green\">$SERVICE</span>\n"
end
end
set SERVICE (echo -e $PROMPT | rofi -dmenu -p " pod " -i -markup-rows)
set SERVICE (echo -e $SERVICE | sd "<.*?>" "")
if not contains $SERVICE $SERVICES
exit
end
# User chooses action
set ACTIONS "start" "stop" "restart" "status"
set ACTION (echo -e (string join "\n" $ACTIONS) | rofi -dmenu -p " action " -i)
if not contains $ACTION $ACTIONS
exit
end
# Execute command
set COMMAND "systemctl $ACTION podman-$SERVICE.service"
set EVAL_RESULT "$(eval $COMMAND)"
if test $ACTION = "status" && test -n "$EVAL_RESULT"
# Display result if it exists
rofi -theme ~/NixFlake/config/rofi/rofi.rasi -e "$EVAL_RESULT"
end

20
lib/virtualisation.nix → lib/1_deprecated/virtualisation.nix
View File

@ -26,16 +26,19 @@
"--dns=${netdns}"
]);
in
lib.mergeAttrs extraConfig {
extraConfig
// {
image = image;
autoStart = autoStart;
ports = ports ++ expanded-id-ports;
volumes = vols;
environment = lib.mergeAttrs env {
PUID = "1000";
PGID = "1000";
TZ = "Europe/Berlin";
};
environment =
env
// {
PUID = "1000";
PGID = "1000";
TZ = "Europe/Berlin";
};
extraOptions = opts ++ additional-opts;
};
@ -43,11 +46,12 @@
# Example: podman-stablediffusion = mkOciUserService config.systemd.services.podman-stablediffusion;
# NOTE: This doesn't work, since the cidfile is located in /run, which is not writable for regular users...
mkOciUserService = attrs:
lib.mergeAttrs (lib.attrsets.filterAttrs (n: v:
(lib.attrsets.filterAttrs (n: v:
!((n == "confinement")
|| (n == "runner")
|| (n == "environment")))
attrs) {
attrs)
// {
startLimitIntervalSec = 1;
startLimitBurst = 5;
};

1
lib/default.nix
View File

@ -10,7 +10,6 @@
nixos = import ./nixos.nix {inherit inputs pkgs lib;};
modules = import ./modules.nix {inherit inputs pkgs lib;};
networking = import ./networking.nix {inherit inputs pkgs lib;};
virtualisation = import ./virtualisation.nix {inherit inputs pkgs lib;};
rofi = import ./rofi.nix {inherit inputs pkgs lib;};
generators = import ./generators.nix {inherit inputs pkgs lib;};
}

76
system/modules/1_deprecated/containers/default.nix Normal file
View File

@ -0,0 +1,76 @@
# TODO: Generate file with names for rofi
{
config,
nixosConfig,
lib,
mylib,
pkgs,
...
}:
with lib;
with mylib.virtualisation;
with mylib.modules; let
cfg = config.modules.containers;
in {
options.modules.containers = import ./options.nix {inherit lib mylib;};
# TODO: These need config options exposed through the module,
# e.g. to set paths/volumes/binds differently per system...
config = mkIf cfg.enable rec {
virtualisation.oci-containers.containers = {
# Examples how to use the mkOciContainer function:
# stablediffusion = mkIf cfg.stablediffusion.enable (mkOciContainer {
# image = "rocm/pytorch:rocm5.5_ubuntu20.04_py3.8_pytorch_1.13.1";
# vols = [
# "/home/christoph/NoSync/StableDiffusionWebUI:/webui-data"
# ];
# opts = [
# "--network=host"
# "--device=/dev/kfd"
# "--device=/dev/dri"
# "--group-add=video"
# "--ipc=host"
# "--cap-add=SYS_PTRACE"
# "--security-opt=seccomp=unconfined"
# ];
# extraConfig = {
# entrypoint = "/webui-data/launch.sh";
# };
# });
# sonarr = mkIf cfg.sonarr.enable (mkOciContainer {
# image = "linuxserver/sonarr:3.0.10";
# id-ports = [8989];
# vols = [
# "sonarr-config:/config:Z"
# "/media/Shows:/media/Shows"
# "/media/Usenet:/media/Usenet"
# ];
# netns = "wg0-de-115";
# netdns = "10.2.0.1";
# });
};
# Allow start/stop containers without root password
modules.polkit.allowed-system-services = let
container-services = lib.pipe virtualisation.oci-containers.containers [
builtins.attrNames
(builtins.filter (c: cfg.${c}.enable))
(builtins.map (c: "podman-${c}.service"))
];
in
container-services;
# Generate list of containers for rofi menu
environment.etc."rofi-containers".text = let
containers = lib.pipe virtualisation.oci-containers.containers [
builtins.attrNames
(builtins.filter (c: cfg.${c}.enable))
(builtins.concatStringsSep "\n")
];
in
containers;
};
}

0
system/modules/containers/options.nix → system/modules/1_deprecated/containers/options.nix
View File

148
system/modules/containers/default.nix
View File

@ -1,148 +0,0 @@
# TODO: Generate file with names for rofi
{
config,
nixosConfig,
lib,
mylib,
pkgs,
...
}:
with lib;
with mylib.virtualisation;
with mylib.modules; let
cfg = config.modules.containers;
in {
options.modules.containers = import ./options.nix {inherit lib mylib;};
# TODO: These need config options exposed through the module,
# e.g. to set paths/volumes/binds differently per system...
config = mkIf cfg.enable rec {
virtualisation.oci-containers.containers = {
# Home Automation
homeassistant = mkIf cfg.homeassistant.enable (mkOciContainer {
image = "homeassistant/home-assistant:2023:5";
id-ports = [8123];
vols = [
"homeassistant-config:/config:Z"
];
});
# Development
# NOTE: PyTorch ROCM image is 36 GB large...
# NOTE: This requires to setup the PodmanROCM direcory beforehand, as described here:
# https://github.com/AUTOMATIC1111/stable-diffusion-webui/wiki/Install-and-Run-on-AMD-GPUs#running-inside-docker
# NOTE: This requires to manually link the launch.sh, since this is a system module (can't use home.file)
stablediffusion = mkIf cfg.stablediffusion.enable (mkOciContainer {
image = "rocm/pytorch:rocm5.5_ubuntu20.04_py3.8_pytorch_1.13.1";
vols = [
"/home/christoph/NoSync/StableDiffusionWebUI:/webui-data"
];
opts = [
"--network=host"
"--device=/dev/kfd"
"--device=/dev/dri"
"--group-add=video"
"--ipc=host"
"--cap-add=SYS_PTRACE"
"--security-opt=seccomp=unconfined"
];
extraConfig = {
entrypoint = "/webui-data/launch.sh";
};
});
# Multimedia
jellyfin = mkIf cfg.jellyfin.enable (mkOciContainer {
image = "linuxserver/jellyfin:10.8.10";
id-ports = [8096];
autoStart = true;
vols = [
"jellyfin-cache:/cache:Z"
"jellyfin-config:/config:Z"
"/media/Picture:/media/Picture"
"/media/Video:/media/Video"
];
});
fileflows = mkIf cfg.fileflows.enable (mkOciContainer {
image = "revenz/fileflows";
id-ports = [5000];
vols = [
"fileflows-cache:/temp:Z"
"fileflows-data:/app/Data:Z"
"/media/Shows:/media/Shows"
"/media/Movies:/media/Movies"
"/media/Video:/media/Video"
];
});
# Errr...
sonarr = mkIf cfg.sonarr.enable (mkOciContainer {
image = "linuxserver/sonarr:3.0.10";
id-ports = [8989];
vols = [
"sonarr-config:/config:Z"
"/media/Shows:/media/Shows"
"/media/Usenet:/media/Usenet"
];
netns = "wg0-de-115";
netdns = "10.2.0.1";
});
radarr = mkIf cfg.radarr.enable (mkOciContainer {
image = "linuxserver/radarr:4.4.4";
id-ports = [7878];
vols = [
"radarr-config:/config:Z"
"/media/Movies:/media/Movies"
"/media/Usenet:/media/Usenet"
];
netns = "wg0-de-115";
netdns = "10.2.0.1";
});
hydra = mkIf cfg.hydra.enable (mkOciContainer {
image = "linuxserver/nzbhydra2:5.1.8";
id-ports = [5076];
vols = [
"hydra-config:/config:Z"
"/media/Usenet:/media/Usenet"
];
netns = "wg0-de-115";
netdns = "10.2.0.1";
});
sabnzbd = mkIf cfg.sabnzbd.enable (mkOciContainer {
image = "linuxserver/sabnzbd:4.0.1";
id-ports = [8080];
vols = [
"sabnzbd-config:/config:Z"
"/media/Usenet:/media/Usenet"
];
netns = "wg0-de-115";
netdns = "10.2.0.1";
});
};
# Allow start/stop containers without root password
modules.polkit.allowed-system-services = let
container-services = lib.pipe virtualisation.oci-containers.containers [
builtins.attrNames
(builtins.filter (c: cfg.${c}.enable))
(builtins.map (c: "podman-${c}.service"))
];
in
container-services;
# Generate list of containers for rofi menu
environment.etc."rofi-containers".text = let
containers = lib.pipe virtualisation.oci-containers.containers [
builtins.attrNames
(builtins.filter (c: cfg.${c}.enable))
(builtins.concatStringsSep "\n")
];
in
containers;
};
}

11
system/modules/default.nix
View File

@ -1,14 +1,5 @@
{
inputs,
config,
nixosConfig,
lib,
pkgs,
mylib,
...
}: {
{...}: {
imports = [
./containers
./polkit
./systemd-networkd
];

40
system/nixinator/default.nix
View File

@ -6,25 +6,11 @@
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
../modules
# inputs.musnix.nixosModules.musnix
../modules
];
modules = {
containers = {
enable = true;
homeassistant.enable = false;
stablediffusion.enable = true;
jellyfin.enable = false;
fileflows.enable = false;
sonarr.enable = false;
radarr.enable = false;
hydra.enable = false;
sabnzbd.enable = false;
};
systemd-networkd = {
networks = {
# This should override the default network 50-ether
@ -38,17 +24,9 @@
# "10-ether-1G" = mylib.networking.mkStaticSystemdNetwork {...};
};
allowedTCPPorts = [
# AvaTalk ports
7777
12777
];
allowedTCPPorts = [];
allowedUDPPorts = [
# AvaTalk ports
7777
12777
];
allowedUDPPorts = [];
wireguard-tunnels = {
wg0-de-115 =
@ -82,12 +60,6 @@
};
};
# Low latency audio
# musnix = {
# enable = true;
# # musnix.soundcardPciId = ;
# };
boot = {
kernelPackages = pkgs.linuxPackages_zen;
};
@ -98,12 +70,10 @@
xkb.variant = "altgr-intl";
videoDrivers = ["nvidia"]; # NVIDIA
# videoDrivers = ["amdgpu"];
};
# NOTE: This has been relocated here from the default config, because it forces en-US keyboard layout.
# The laptop needs de-DE...
# Chinese Input
# This has been relocated here from the default config,
# because it forces en-US keyboard layout.
i18n.inputMethod = {
enable = true;
type = "fcitx5";