chn/nixos
1
0
Fork 0
mirror of https://github.com/CHN-beta/nixos.git synced 2024-10-22 21:18:44 +08:00
Code Issues Packages Projects Releases Wiki Activity

modules.services.docker: 整理

Browse Source
This commit is contained in:
陈浩南 2024-09-17 14:09:54 +08:00
parent 51301788fc
commit be471d011f
13 changed files with 65 additions and 62 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
devices/pc/default.nix
View File

@ -68,7 +68,6 @@ inputs:
};
virtualization =
{
docker.enable = true;
kvmHost = { enable = true; gui = true; };
nspawn = [ "arch" "ubuntu-22.04" "fedora" ];
};
@ -142,6 +141,7 @@ inputs:
};
ollama = {};
waydroid = {};
docker = {};
};
bugs = [ "xmunet" "backlight" "amdpstate" ];
user.users = [ "chn" "zzn" ];

2
devices/surface/default.nix
View File

@ -29,7 +29,6 @@ inputs:
gui.enable = true;
};
hardware = { cpus = [ "intel" ]; gpu.type = "intel"; };
virtualization.docker.enable = true;
services =
{
snapper.enable = true;
@ -54,6 +53,7 @@ inputs:
};
beesd.instances.root = { device = "/"; hashTableSizeMB = 512; };
waydroid = {};
docker = {};
};
bugs = [ "xmunet" "suspend-hibernate-no-platform" ];
packages.vasp = null;

2
devices/vps7/default.nix
View File

@ -70,8 +70,8 @@ inputs:
chatgpt = {};
xray.server = { serverName = "xserver.vps7.chn.moe"; userNumber = 4; };
writefreely = {};
docker = {};
};
virtualization.docker.enable = true;
};
specialisation.generic.configuration =
{

3
devices/xmupc1/default.nix
View File

@ -51,7 +51,7 @@ inputs:
nix.remote.slave.enable = true;
};
hardware = { cpus = [ "amd" ]; gpu.type = "nvidia"; };
virtualization = { docker.enable = true; kvmHost = { enable = true; gui = true; }; };
virtualization.kvmHost = { enable = true; gui = true; };
services =
{
snapper.enable = true;
@ -93,6 +93,7 @@ inputs:
};
groupshare = {};
hpcstat = {};
docker = {};
};
bugs = [ "xmunet" "amdpstate" ];
user.users = [ "chn" "xll" "zem" "yjq" "gb" "wp" "hjp" "wm" ];

3
devices/xmupc2/default.nix
View File

@ -54,7 +54,7 @@ inputs:
grub.windowsEntries."8F50-83B8" = "";
};
hardware = { cpus = [ "intel" ]; gpu.type = "nvidia"; };
virtualization = { docker.enable = true; kvmHost = { enable = true; gui = true; }; };
virtualization.kvmHost = { enable = true; gui = true; };
services =
{
snapper.enable = true;
@ -86,6 +86,7 @@ inputs:
xrdp = { enable = true; hostname = [ "xmupc2.chn.moe" ]; };
samba = { enable = true; hostsAllowed = ""; shares = { home.path = "/home"; root.path = "/"; }; };
groupshare = {};
docker = {};
};
bugs = [ "xmunet" ];
user.users = [ "chn" "xll" "zem" "yjq" "gb" "wp" "hjp" "wm" ];

12
modules/services/chatgpt.nix
View File

@ -34,15 +34,11 @@ inputs:
'';
secrets."chatgpt/key" = {};
};
nixos =
nixos.services.nginx =
{
services.nginx =
{
enable = true;
https."${chatgpt.hostname}".location."/".proxy =
{ upstream = "http://127.0.0.1:6184"; detectAuth.users = [ "chat" ]; };
};
virtualization.docker.enable = true;
enable = true;
https."${chatgpt.hostname}".location."/".proxy =
{ upstream = "http://127.0.0.1:6184"; detectAuth.users = [ "chat" ]; };
};
};
}

16
modules/services/default.nix
View File

@ -61,19 +61,15 @@ inputs:
# SYMFONY__ENV__TWOFACTOR_SENDER=bot@chn.moe
secrets."mail/bot-encoded" = {};
};
nixos =
nixos.services =
{
services =
nginx =
{
nginx =
{
enable = true;
https."wallabag.chn.moe".location."/".proxy.upstream = "http://127.0.0.1:4398";
};
postgresql.instances.wallabag = {};
redis.instances.wallabag = { user = "root"; port = 8790; };
enable = true;
https."wallabag.chn.moe".location."/".proxy.upstream = "http://127.0.0.1:4398";
};
virtualization.docker.enable = true;
postgresql.instances.wallabag = {};
redis.instances.wallabag = { user = "root"; port = 8790; };
};
}
)

39
modules/services/docker.nix Normal file
View File

@ -0,0 +1,39 @@
inputs:
{
options.nixos.services.docker = let inherit (inputs.lib) mkOption types; in mkOption
{ type = types.nullOr (types.submodule {}); default = null; };
config = let inherit (inputs.config.nixos.services) docker; in inputs.lib.mkMerge
[
(
inputs.lib.mkIf (docker != null)
{
# system-wide docker is not needed
# virtualisation.docker.enable = true;
virtualisation.docker.rootless =
{
enable = true;
setSocketVariable = true;
daemon.settings =
{
features.buildkit = true;
# dns 127.0.0.1 make docker not work
dns = [ "1.1.1.1" ];
# prevent create btrfs subvol
storage-driver = "overlay2";
};
};
}
)
# some docker settings should be set unconditionally, as some services depend on them
{
virtualisation.docker =
{
enableNvidia = inputs.lib.mkIf inputs.config.nixos.system.nixpkgs.cuda.enable true;
# prevent create btrfs subvol
storageDriver = "overlay2";
daemon.settings.dns = [ "1.1.1.1" ];
};
nixos.services.firewall.trustedInterfaces = [ "docker0" ];
}
];
}

1
modules/services/huginn.nix
View File

@ -60,7 +60,6 @@ inputs:
};
mariadb.instances.huginn = {};
};
virtualization.docker.enable = true;
};
};
}

14
modules/services/send.nix
View File

@ -38,18 +38,14 @@ inputs:
REDIS_PASSWORD=${inputs.config.sops.placeholder."redis/send"}
'';
};
nixos =
nixos.services =
{
services =
nginx =
{
nginx =
{
enable = true;
https."${send.hostname}".location."/".proxy = { upstream = "http://127.0.0.1:1443"; websocket = true; };
};
redis.instances.send = { user = "root"; port = 9184; };
enable = true;
https."${send.hostname}".location."/".proxy = { upstream = "http://127.0.0.1:1443"; websocket = true; };
};
virtualization.docker.enable = true;
redis.instances.send = { user = "root"; port = 9184; };
};
};
}

9
modules/services/waydroid.nix
View File

@ -1,11 +1,8 @@
inputs:
{
options.nixos.service.waydroid = let inherit (inputs.lib) mkOption types; in mkOption
{
type = types.nullOr (types.submodule {});
default = null;
};
config = let inherit (inputs.config.nixos.service) waydroid; in inputs.lib.mkIf waydroid != null
options.nixos.services.waydroid = let inherit (inputs.lib) mkOption types; in mkOption
{ type = types.nullOr (types.submodule {}); default = null; };
config = let inherit (inputs.config.nixos.services) waydroid; in inputs.lib.mkIf (waydroid != null)
{ virtualisation.waydroid.enable = true; };
}

2
modules/services/xray/default.nix
View File

@ -15,7 +15,7 @@ inputs:
extraInterfaces = mkOption
{
type = types.listOf types.nonEmptyStr;
default = inputs.lib.optional inputs.config.nixos.virtualization.docker.enable "docker0";
default = inputs.lib.optional (inputs.config.nixos.services.docker != null) "docker0";
};
hosts = mkOption { type = types.attrsOf types.nonEmptyStr; default = {}; };
};

22
modules/virtualization/default.nix
View File

@ -2,7 +2,6 @@ inputs:
{
options.nixos.virtualization = let inherit (inputs.lib) mkOption types; in
{
docker.enable = mkOption { default = false; type = types.bool; };
kvmHost =
{
enable = mkOption { default = false; type = types.bool; };
@ -14,27 +13,6 @@ inputs:
};
config = let inherit (inputs.lib) mkMerge mkIf; in mkMerge
[
# docker
(
mkIf inputs.config.nixos.virtualization.docker.enable
{
virtualisation.docker =
{
# enable = true;
rootless =
{
enable = true;
setSocketVariable = true;
daemon.settings = { features.buildkit = true; dns = [ "1.1.1.1" ]; storage-driver = "overlay2"; };
};
enableNvidia =
let gpu = inputs.config.nixos.hardware.gpu.type;
in inputs.lib.mkIf (gpu != null && inputs.lib.strings.hasInfix "nvidia" gpu) true;
storageDriver = "overlay2";
};
nixos.services.firewall.trustedInterfaces = [ "docker0" ];
}
)
# kvmHost
(
mkIf inputs.config.nixos.virtualization.kvmHost.enable