From df5ab8e0c693c80022dfe7d88f7a351f84b191f6 Mon Sep 17 00:00:00 2001 From: Christoph Urlacher Date: Sun, 13 Oct 2024 13:00:09 +0200 Subject: [PATCH] Nixos: Remove the containers system module --- config/rofi/menus/systemd-podman.fish | 34 ---- lib/{ => 1_deprecated}/virtualisation.nix | 20 ++- lib/default.nix | 1 - .../1_deprecated/containers/default.nix | 76 +++++++++ .../{ => 1_deprecated}/containers/options.nix | 0 system/modules/containers/default.nix | 148 ------------------ system/modules/default.nix | 11 +- system/nixinator/default.nix | 40 +---- 8 files changed, 94 insertions(+), 236 deletions(-) delete mode 100755 config/rofi/menus/systemd-podman.fish rename lib/{ => 1_deprecated}/virtualisation.nix (84%) create mode 100644 system/modules/1_deprecated/containers/default.nix rename system/modules/{ => 1_deprecated}/containers/options.nix (100%) delete mode 100644 system/modules/containers/default.nix diff --git a/config/rofi/menus/systemd-podman.fish b/config/rofi/menus/systemd-podman.fish deleted file mode 100755 index e4b37a4d..00000000 --- a/config/rofi/menus/systemd-podman.fish +++ /dev/null @@ -1,34 +0,0 @@ -#!/usr/bin/env fish - -# User chooses service, running services are marked in green -set SERVICES (cat /etc/rofi-containers) -set PROMPT "" -for SERVICE in $SERVICES - set SERVICE_RUNNING "$(systemctl list-units podman-$SERVICE.service | grep podman-$SERVICE.service)" - if test -z $SERVICE_RUNNING - set PROMPT $PROMPT$SERVICE"\n" - else - set PROMPT $PROMPT"$SERVICE\n" - end -end -set SERVICE (echo -e $PROMPT | rofi -dmenu -p " pod " -i -markup-rows) -set SERVICE (echo -e $SERVICE | sd "<.*?>" "") -if not contains $SERVICE $SERVICES - exit -end - -# User chooses action -set ACTIONS "start" "stop" "restart" "status" -set ACTION (echo -e (string join "\n" $ACTIONS) | rofi -dmenu -p " action " -i) -if not contains $ACTION $ACTIONS - exit -end - -# Execute command -set COMMAND "systemctl $ACTION podman-$SERVICE.service" -set EVAL_RESULT "$(eval $COMMAND)" - -if test $ACTION = "status" && test -n "$EVAL_RESULT" - # Display result if it exists - rofi -theme ~/NixFlake/config/rofi/rofi.rasi -e "$EVAL_RESULT" -end diff --git a/lib/virtualisation.nix b/lib/1_deprecated/virtualisation.nix similarity index 84% rename from lib/virtualisation.nix rename to lib/1_deprecated/virtualisation.nix index 776da2d2..8c847eb0 100644 --- a/lib/virtualisation.nix +++ b/lib/1_deprecated/virtualisation.nix @@ -26,16 +26,19 @@ "--dns=${netdns}" ]); in - lib.mergeAttrs extraConfig { + extraConfig + // { image = image; autoStart = autoStart; ports = ports ++ expanded-id-ports; volumes = vols; - environment = lib.mergeAttrs env { - PUID = "1000"; - PGID = "1000"; - TZ = "Europe/Berlin"; - }; + environment = + env + // { + PUID = "1000"; + PGID = "1000"; + TZ = "Europe/Berlin"; + }; extraOptions = opts ++ additional-opts; }; @@ -43,11 +46,12 @@ # Example: podman-stablediffusion = mkOciUserService config.systemd.services.podman-stablediffusion; # NOTE: This doesn't work, since the cidfile is located in /run, which is not writable for regular users... mkOciUserService = attrs: - lib.mergeAttrs (lib.attrsets.filterAttrs (n: v: + (lib.attrsets.filterAttrs (n: v: !((n == "confinement") || (n == "runner") || (n == "environment"))) - attrs) { + attrs) + // { startLimitIntervalSec = 1; startLimitBurst = 5; }; diff --git a/lib/default.nix b/lib/default.nix index 1914ea37..78656509 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -10,7 +10,6 @@ nixos = import ./nixos.nix {inherit inputs pkgs lib;}; modules = import ./modules.nix {inherit inputs pkgs lib;}; networking = import ./networking.nix {inherit inputs pkgs lib;}; - virtualisation = import ./virtualisation.nix {inherit inputs pkgs lib;}; rofi = import ./rofi.nix {inherit inputs pkgs lib;}; generators = import ./generators.nix {inherit inputs pkgs lib;}; } diff --git a/system/modules/1_deprecated/containers/default.nix b/system/modules/1_deprecated/containers/default.nix new file mode 100644 index 00000000..ca4274e1 --- /dev/null +++ b/system/modules/1_deprecated/containers/default.nix @@ -0,0 +1,76 @@ +# TODO: Generate file with names for rofi +{ + config, + nixosConfig, + lib, + mylib, + pkgs, + ... +}: +with lib; +with mylib.virtualisation; +with mylib.modules; let + cfg = config.modules.containers; +in { + options.modules.containers = import ./options.nix {inherit lib mylib;}; + + # TODO: These need config options exposed through the module, + # e.g. to set paths/volumes/binds differently per system... + + config = mkIf cfg.enable rec { + virtualisation.oci-containers.containers = { + # Examples how to use the mkOciContainer function: + + # stablediffusion = mkIf cfg.stablediffusion.enable (mkOciContainer { + # image = "rocm/pytorch:rocm5.5_ubuntu20.04_py3.8_pytorch_1.13.1"; + # vols = [ + # "/home/christoph/NoSync/StableDiffusionWebUI:/webui-data" + # ]; + # opts = [ + # "--network=host" + # "--device=/dev/kfd" + # "--device=/dev/dri" + # "--group-add=video" + # "--ipc=host" + # "--cap-add=SYS_PTRACE" + # "--security-opt=seccomp=unconfined" + # ]; + # extraConfig = { + # entrypoint = "/webui-data/launch.sh"; + # }; + # }); + + # sonarr = mkIf cfg.sonarr.enable (mkOciContainer { + # image = "linuxserver/sonarr:3.0.10"; + # id-ports = [8989]; + # vols = [ + # "sonarr-config:/config:Z" + # "/media/Shows:/media/Shows" + # "/media/Usenet:/media/Usenet" + # ]; + # netns = "wg0-de-115"; + # netdns = "10.2.0.1"; + # }); + }; + + # Allow start/stop containers without root password + modules.polkit.allowed-system-services = let + container-services = lib.pipe virtualisation.oci-containers.containers [ + builtins.attrNames + (builtins.filter (c: cfg.${c}.enable)) + (builtins.map (c: "podman-${c}.service")) + ]; + in + container-services; + + # Generate list of containers for rofi menu + environment.etc."rofi-containers".text = let + containers = lib.pipe virtualisation.oci-containers.containers [ + builtins.attrNames + (builtins.filter (c: cfg.${c}.enable)) + (builtins.concatStringsSep "\n") + ]; + in + containers; + }; +} diff --git a/system/modules/containers/options.nix b/system/modules/1_deprecated/containers/options.nix similarity index 100% rename from system/modules/containers/options.nix rename to system/modules/1_deprecated/containers/options.nix diff --git a/system/modules/containers/default.nix b/system/modules/containers/default.nix deleted file mode 100644 index 6d237079..00000000 --- a/system/modules/containers/default.nix +++ /dev/null @@ -1,148 +0,0 @@ -# TODO: Generate file with names for rofi -{ - config, - nixosConfig, - lib, - mylib, - pkgs, - ... -}: -with lib; -with mylib.virtualisation; -with mylib.modules; let - cfg = config.modules.containers; -in { - options.modules.containers = import ./options.nix {inherit lib mylib;}; - - # TODO: These need config options exposed through the module, - # e.g. to set paths/volumes/binds differently per system... - - config = mkIf cfg.enable rec { - virtualisation.oci-containers.containers = { - # Home Automation - homeassistant = mkIf cfg.homeassistant.enable (mkOciContainer { - image = "homeassistant/home-assistant:2023:5"; - id-ports = [8123]; - vols = [ - "homeassistant-config:/config:Z" - ]; - }); - - # Development - # NOTE: PyTorch ROCM image is 36 GB large... - # NOTE: This requires to setup the PodmanROCM direcory beforehand, as described here: - # https://github.com/AUTOMATIC1111/stable-diffusion-webui/wiki/Install-and-Run-on-AMD-GPUs#running-inside-docker - # NOTE: This requires to manually link the launch.sh, since this is a system module (can't use home.file) - stablediffusion = mkIf cfg.stablediffusion.enable (mkOciContainer { - image = "rocm/pytorch:rocm5.5_ubuntu20.04_py3.8_pytorch_1.13.1"; - vols = [ - "/home/christoph/NoSync/StableDiffusionWebUI:/webui-data" - ]; - opts = [ - "--network=host" - "--device=/dev/kfd" - "--device=/dev/dri" - "--group-add=video" - "--ipc=host" - "--cap-add=SYS_PTRACE" - "--security-opt=seccomp=unconfined" - ]; - extraConfig = { - entrypoint = "/webui-data/launch.sh"; - }; - }); - - # Multimedia - jellyfin = mkIf cfg.jellyfin.enable (mkOciContainer { - image = "linuxserver/jellyfin:10.8.10"; - id-ports = [8096]; - autoStart = true; - vols = [ - "jellyfin-cache:/cache:Z" - "jellyfin-config:/config:Z" - "/media/Picture:/media/Picture" - "/media/Video:/media/Video" - ]; - }); - - fileflows = mkIf cfg.fileflows.enable (mkOciContainer { - image = "revenz/fileflows"; - id-ports = [5000]; - vols = [ - "fileflows-cache:/temp:Z" - "fileflows-data:/app/Data:Z" - "/media/Shows:/media/Shows" - "/media/Movies:/media/Movies" - "/media/Video:/media/Video" - ]; - }); - - # Errr... - sonarr = mkIf cfg.sonarr.enable (mkOciContainer { - image = "linuxserver/sonarr:3.0.10"; - id-ports = [8989]; - vols = [ - "sonarr-config:/config:Z" - "/media/Shows:/media/Shows" - "/media/Usenet:/media/Usenet" - ]; - netns = "wg0-de-115"; - netdns = "10.2.0.1"; - }); - - radarr = mkIf cfg.radarr.enable (mkOciContainer { - image = "linuxserver/radarr:4.4.4"; - id-ports = [7878]; - vols = [ - "radarr-config:/config:Z" - "/media/Movies:/media/Movies" - "/media/Usenet:/media/Usenet" - ]; - netns = "wg0-de-115"; - netdns = "10.2.0.1"; - }); - - hydra = mkIf cfg.hydra.enable (mkOciContainer { - image = "linuxserver/nzbhydra2:5.1.8"; - id-ports = [5076]; - vols = [ - "hydra-config:/config:Z" - "/media/Usenet:/media/Usenet" - ]; - netns = "wg0-de-115"; - netdns = "10.2.0.1"; - }); - - sabnzbd = mkIf cfg.sabnzbd.enable (mkOciContainer { - image = "linuxserver/sabnzbd:4.0.1"; - id-ports = [8080]; - vols = [ - "sabnzbd-config:/config:Z" - "/media/Usenet:/media/Usenet" - ]; - netns = "wg0-de-115"; - netdns = "10.2.0.1"; - }); - }; - - # Allow start/stop containers without root password - modules.polkit.allowed-system-services = let - container-services = lib.pipe virtualisation.oci-containers.containers [ - builtins.attrNames - (builtins.filter (c: cfg.${c}.enable)) - (builtins.map (c: "podman-${c}.service")) - ]; - in - container-services; - - # Generate list of containers for rofi menu - environment.etc."rofi-containers".text = let - containers = lib.pipe virtualisation.oci-containers.containers [ - builtins.attrNames - (builtins.filter (c: cfg.${c}.enable)) - (builtins.concatStringsSep "\n") - ]; - in - containers; - }; -} diff --git a/system/modules/default.nix b/system/modules/default.nix index 899808b0..43955e8d 100644 --- a/system/modules/default.nix +++ b/system/modules/default.nix @@ -1,14 +1,5 @@ -{ - inputs, - config, - nixosConfig, - lib, - pkgs, - mylib, - ... -}: { +{...}: { imports = [ - ./containers ./polkit ./systemd-networkd ]; diff --git a/system/nixinator/default.nix b/system/nixinator/default.nix index a4af136c..1186b93e 100644 --- a/system/nixinator/default.nix +++ b/system/nixinator/default.nix @@ -6,25 +6,11 @@ imports = [ # Include the results of the hardware scan. ./hardware-configuration.nix - ../modules - # inputs.musnix.nixosModules.musnix + ../modules ]; modules = { - containers = { - enable = true; - - homeassistant.enable = false; - stablediffusion.enable = true; - jellyfin.enable = false; - fileflows.enable = false; - sonarr.enable = false; - radarr.enable = false; - hydra.enable = false; - sabnzbd.enable = false; - }; - systemd-networkd = { networks = { # This should override the default network 50-ether @@ -38,17 +24,9 @@ # "10-ether-1G" = mylib.networking.mkStaticSystemdNetwork {...}; }; - allowedTCPPorts = [ - # AvaTalk ports - 7777 - 12777 - ]; + allowedTCPPorts = []; - allowedUDPPorts = [ - # AvaTalk ports - 7777 - 12777 - ]; + allowedUDPPorts = []; wireguard-tunnels = { wg0-de-115 = @@ -82,12 +60,6 @@ }; }; - # Low latency audio - # musnix = { - # enable = true; - # # musnix.soundcardPciId = ; - # }; - boot = { kernelPackages = pkgs.linuxPackages_zen; }; @@ -98,12 +70,10 @@ xkb.variant = "altgr-intl"; videoDrivers = ["nvidia"]; # NVIDIA - # videoDrivers = ["amdgpu"]; }; - # NOTE: This has been relocated here from the default config, because it forces en-US keyboard layout. - # The laptop needs de-DE... - # Chinese Input + # This has been relocated here from the default config, + # because it forces en-US keyboard layout. i18n.inputMethod = { enable = true; type = "fcitx5";