From be471d011fe5c902541c9ae2ca68902faf5c1975 Mon Sep 17 00:00:00 2001 From: chn Date: Tue, 17 Sep 2024 14:09:54 +0800 Subject: [PATCH] =?UTF-8?q?modules.services.docker:=20=E6=95=B4=E7=90=86?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- devices/pc/default.nix | 2 +- devices/surface/default.nix | 2 +- devices/vps7/default.nix | 2 +- devices/xmupc1/default.nix | 3 ++- devices/xmupc2/default.nix | 3 ++- modules/services/chatgpt.nix | 12 +++------ modules/services/default.nix | 16 +++++------- modules/services/docker.nix | 39 ++++++++++++++++++++++++++++++ modules/services/huginn.nix | 1 - modules/services/send.nix | 14 ++++------- modules/services/waydroid.nix | 9 +++---- modules/services/xray/default.nix | 2 +- modules/virtualization/default.nix | 22 ----------------- 13 files changed, 65 insertions(+), 62 deletions(-) create mode 100644 modules/services/docker.nix diff --git a/devices/pc/default.nix b/devices/pc/default.nix index ac6813a6..fdc1cc2a 100644 --- a/devices/pc/default.nix +++ b/devices/pc/default.nix @@ -68,7 +68,6 @@ inputs: }; virtualization = { - docker.enable = true; kvmHost = { enable = true; gui = true; }; nspawn = [ "arch" "ubuntu-22.04" "fedora" ]; }; @@ -142,6 +141,7 @@ inputs: }; ollama = {}; waydroid = {}; + docker = {}; }; bugs = [ "xmunet" "backlight" "amdpstate" ]; user.users = [ "chn" "zzn" ]; diff --git a/devices/surface/default.nix b/devices/surface/default.nix index 7726e4dd..df81337e 100644 --- a/devices/surface/default.nix +++ b/devices/surface/default.nix @@ -29,7 +29,6 @@ inputs: gui.enable = true; }; hardware = { cpus = [ "intel" ]; gpu.type = "intel"; }; - virtualization.docker.enable = true; services = { snapper.enable = true; @@ -54,6 +53,7 @@ inputs: }; beesd.instances.root = { device = "/"; hashTableSizeMB = 512; }; waydroid = {}; + docker = {}; }; bugs = [ "xmunet" "suspend-hibernate-no-platform" ]; packages.vasp = null; diff --git a/devices/vps7/default.nix b/devices/vps7/default.nix index efcbf6e6..a3da33e1 100644 --- a/devices/vps7/default.nix +++ b/devices/vps7/default.nix @@ -70,8 +70,8 @@ inputs: chatgpt = {}; xray.server = { serverName = "xserver.vps7.chn.moe"; userNumber = 4; }; writefreely = {}; + docker = {}; }; - virtualization.docker.enable = true; }; specialisation.generic.configuration = { diff --git a/devices/xmupc1/default.nix b/devices/xmupc1/default.nix index cc177076..e4a90bfa 100644 --- a/devices/xmupc1/default.nix +++ b/devices/xmupc1/default.nix @@ -51,7 +51,7 @@ inputs: nix.remote.slave.enable = true; }; hardware = { cpus = [ "amd" ]; gpu.type = "nvidia"; }; - virtualization = { docker.enable = true; kvmHost = { enable = true; gui = true; }; }; + virtualization.kvmHost = { enable = true; gui = true; }; services = { snapper.enable = true; @@ -93,6 +93,7 @@ inputs: }; groupshare = {}; hpcstat = {}; + docker = {}; }; bugs = [ "xmunet" "amdpstate" ]; user.users = [ "chn" "xll" "zem" "yjq" "gb" "wp" "hjp" "wm" ]; diff --git a/devices/xmupc2/default.nix b/devices/xmupc2/default.nix index 856b7d31..1c0a61ad 100644 --- a/devices/xmupc2/default.nix +++ b/devices/xmupc2/default.nix @@ -54,7 +54,7 @@ inputs: grub.windowsEntries."8F50-83B8" = "猿神,启动!"; }; hardware = { cpus = [ "intel" ]; gpu.type = "nvidia"; }; - virtualization = { docker.enable = true; kvmHost = { enable = true; gui = true; }; }; + virtualization.kvmHost = { enable = true; gui = true; }; services = { snapper.enable = true; @@ -86,6 +86,7 @@ inputs: xrdp = { enable = true; hostname = [ "xmupc2.chn.moe" ]; }; samba = { enable = true; hostsAllowed = ""; shares = { home.path = "/home"; root.path = "/"; }; }; groupshare = {}; + docker = {}; }; bugs = [ "xmunet" ]; user.users = [ "chn" "xll" "zem" "yjq" "gb" "wp" "hjp" "wm" ]; diff --git a/modules/services/chatgpt.nix b/modules/services/chatgpt.nix index c1c0ee7a..b6ce14d2 100644 --- a/modules/services/chatgpt.nix +++ b/modules/services/chatgpt.nix @@ -34,15 +34,11 @@ inputs: ''; secrets."chatgpt/key" = {}; }; - nixos = + nixos.services.nginx = { - services.nginx = - { - enable = true; - https."${chatgpt.hostname}".location."/".proxy = - { upstream = "http://127.0.0.1:6184"; detectAuth.users = [ "chat" ]; }; - }; - virtualization.docker.enable = true; + enable = true; + https."${chatgpt.hostname}".location."/".proxy = + { upstream = "http://127.0.0.1:6184"; detectAuth.users = [ "chat" ]; }; }; }; } diff --git a/modules/services/default.nix b/modules/services/default.nix index d488bc04..e75950ef 100644 --- a/modules/services/default.nix +++ b/modules/services/default.nix @@ -61,19 +61,15 @@ inputs: # SYMFONY__ENV__TWOFACTOR_SENDER=bot@chn.moe secrets."mail/bot-encoded" = {}; }; - nixos = + nixos.services = { - services = + nginx = { - nginx = - { - enable = true; - https."wallabag.chn.moe".location."/".proxy.upstream = "http://127.0.0.1:4398"; - }; - postgresql.instances.wallabag = {}; - redis.instances.wallabag = { user = "root"; port = 8790; }; + enable = true; + https."wallabag.chn.moe".location."/".proxy.upstream = "http://127.0.0.1:4398"; }; - virtualization.docker.enable = true; + postgresql.instances.wallabag = {}; + redis.instances.wallabag = { user = "root"; port = 8790; }; }; } ) diff --git a/modules/services/docker.nix b/modules/services/docker.nix new file mode 100644 index 00000000..5da8cd40 --- /dev/null +++ b/modules/services/docker.nix @@ -0,0 +1,39 @@ +inputs: +{ + options.nixos.services.docker = let inherit (inputs.lib) mkOption types; in mkOption + { type = types.nullOr (types.submodule {}); default = null; }; + config = let inherit (inputs.config.nixos.services) docker; in inputs.lib.mkMerge + [ + ( + inputs.lib.mkIf (docker != null) + { + # system-wide docker is not needed + # virtualisation.docker.enable = true; + virtualisation.docker.rootless = + { + enable = true; + setSocketVariable = true; + daemon.settings = + { + features.buildkit = true; + # dns 127.0.0.1 make docker not work + dns = [ "1.1.1.1" ]; + # prevent create btrfs subvol + storage-driver = "overlay2"; + }; + }; + } + ) + # some docker settings should be set unconditionally, as some services depend on them + { + virtualisation.docker = + { + enableNvidia = inputs.lib.mkIf inputs.config.nixos.system.nixpkgs.cuda.enable true; + # prevent create btrfs subvol + storageDriver = "overlay2"; + daemon.settings.dns = [ "1.1.1.1" ]; + }; + nixos.services.firewall.trustedInterfaces = [ "docker0" ]; + } + ]; +} diff --git a/modules/services/huginn.nix b/modules/services/huginn.nix index cebfcb03..af8c09bc 100644 --- a/modules/services/huginn.nix +++ b/modules/services/huginn.nix @@ -60,7 +60,6 @@ inputs: }; mariadb.instances.huginn = {}; }; - virtualization.docker.enable = true; }; }; } diff --git a/modules/services/send.nix b/modules/services/send.nix index 91de0616..51886bef 100644 --- a/modules/services/send.nix +++ b/modules/services/send.nix @@ -38,18 +38,14 @@ inputs: REDIS_PASSWORD=${inputs.config.sops.placeholder."redis/send"} ''; }; - nixos = + nixos.services = { - services = + nginx = { - nginx = - { - enable = true; - https."${send.hostname}".location."/".proxy = { upstream = "http://127.0.0.1:1443"; websocket = true; }; - }; - redis.instances.send = { user = "root"; port = 9184; }; + enable = true; + https."${send.hostname}".location."/".proxy = { upstream = "http://127.0.0.1:1443"; websocket = true; }; }; - virtualization.docker.enable = true; + redis.instances.send = { user = "root"; port = 9184; }; }; }; } diff --git a/modules/services/waydroid.nix b/modules/services/waydroid.nix index 64caad15..b0b8a99d 100644 --- a/modules/services/waydroid.nix +++ b/modules/services/waydroid.nix @@ -1,11 +1,8 @@ inputs: { - options.nixos.service.waydroid = let inherit (inputs.lib) mkOption types; in mkOption - { - type = types.nullOr (types.submodule {}); - default = null; - }; - config = let inherit (inputs.config.nixos.service) waydroid; in inputs.lib.mkIf waydroid != null + options.nixos.services.waydroid = let inherit (inputs.lib) mkOption types; in mkOption + { type = types.nullOr (types.submodule {}); default = null; }; + config = let inherit (inputs.config.nixos.services) waydroid; in inputs.lib.mkIf (waydroid != null) { virtualisation.waydroid.enable = true; }; } diff --git a/modules/services/xray/default.nix b/modules/services/xray/default.nix index dd7f9a86..750448ae 100644 --- a/modules/services/xray/default.nix +++ b/modules/services/xray/default.nix @@ -15,7 +15,7 @@ inputs: extraInterfaces = mkOption { type = types.listOf types.nonEmptyStr; - default = inputs.lib.optional inputs.config.nixos.virtualization.docker.enable "docker0"; + default = inputs.lib.optional (inputs.config.nixos.services.docker != null) "docker0"; }; hosts = mkOption { type = types.attrsOf types.nonEmptyStr; default = {}; }; }; diff --git a/modules/virtualization/default.nix b/modules/virtualization/default.nix index 27c8ca8a..b0df4eee 100644 --- a/modules/virtualization/default.nix +++ b/modules/virtualization/default.nix @@ -2,7 +2,6 @@ inputs: { options.nixos.virtualization = let inherit (inputs.lib) mkOption types; in { - docker.enable = mkOption { default = false; type = types.bool; }; kvmHost = { enable = mkOption { default = false; type = types.bool; }; @@ -14,27 +13,6 @@ inputs: }; config = let inherit (inputs.lib) mkMerge mkIf; in mkMerge [ - # docker - ( - mkIf inputs.config.nixos.virtualization.docker.enable - { - virtualisation.docker = - { - # enable = true; - rootless = - { - enable = true; - setSocketVariable = true; - daemon.settings = { features.buildkit = true; dns = [ "1.1.1.1" ]; storage-driver = "overlay2"; }; - }; - enableNvidia = - let gpu = inputs.config.nixos.hardware.gpu.type; - in inputs.lib.mkIf (gpu != null && inputs.lib.strings.hasInfix "nvidia" gpu) true; - storageDriver = "overlay2"; - }; - nixos.services.firewall.trustedInterfaces = [ "docker0" ]; - } - ) # kvmHost ( mkIf inputs.config.nixos.virtualization.kvmHost.enable