diff --git a/README.md b/README.md index b6a7119..bed2f65 100644 --- a/README.md +++ b/README.md @@ -17,16 +17,19 @@ * [x] merge hosted docs into a single subdomain * [x] Setup some remote-development and deploy flow * [ ] host older versions of nixpkgs documentation (like 20.09) -* [ ] add a hidpi profile? https://wiki.archlinux.org/title/HiDPI +* [x] add a hidpi profile? https://wiki.archlinux.org/title/HiDPI * [ ] rocm +* [ ] cuda * [ ] xclip * [ ] https://git.m-labs.hk/M-Labs/wfvm * [ ] https://github.com/kholia/OSX-KVM +* [ ] s3: minio or garage * [ ] mlflow / wandb -* [ ] xforwarding over ssh -* [ ] autogenerate ssh keys +* [x] xforwarding over ssh +* [ ] autogenerate ssh keys for new hosts * [ ] switch to systemd networkd * [ ] pre-commit hook with 'nix eval ...outPath' + * https://github.com/cachix/pre-commit-hooks.nix * [x] use `nom` when deploying * [ ] figure out how to reuse system flake lock while deplying, leave the night job to upgrade * [ ] users/pbsds: Support multiple profiles, like headless, nixpkgs-dev, various desktops, hpc, pvv, etc @@ -35,18 +38,21 @@ * [ ] replace gnome terminal * [x] themes * [x] shortcuts - * [ ] pavucontrol + * [x] pavucontrol * [ ] nixos-generate-config instructions for new hosts * [ ] zfs, declarative pools? * [ ] some tunneling for NFS hosts * [ ] transgui config * [ ] secrets - nix-sops ? - * flexget - * transmission - * transmission remote gui - * domeneshop + * [ ] flexget + * [ ] transmission + * [ ] transmission remote gui + * [ ] domeneshop + * [ ] webdav + * [ ] code-remote + * [ ] add .netrc * [ ] hydra - * perfect for CUDA + * perfect for CUDA and RISCV * [ ] self-hosted binary cache (single-machine) (nix-serve, carinae, harmonia, eris or attic, ssh?) * https://discourse.nixos.org/t/announcing-harmonia-a-nix-binary-cache-written-in-rust/19855 * https://discourse.nixos.org/t/introducing-attic-a-self-hostable-nix-binary-cache-server/24343/1 @@ -58,5 +64,7 @@ * [ ] Setup aliases instead of a per-vhost cert? * [ ] Preferably setup a wildchar cert per host * [ ] once secrets are in place: coin a one true ssh key, automate adding ssh host public keys to flake + * [ ] then add darwin and aarch64 community remote builders * [ ] https://github.com/dali99/nix-dotfiles/blob/85dcafb4e0b8382a3d04b9a5f63afd01a4144143/machines/pvv-terminal.nix#L3 * [ ] wrap windowmanager in nixGL on non-nixos https://github.com/dali99/nix-dotfiles/blob/85dcafb4e0b8382a3d04b9a5f63afd01a4144143/profiles/xsession/default.nix#LL138C1-L138C1 + * [ ] requires GNOME xstart in home-manager diff --git a/hardware/gpu/cuda.nix b/hardware/gpu/cuda.nix index 94af955..71c1e05 100644 --- a/hardware/gpu/cuda.nix +++ b/hardware/gpu/cuda.nix @@ -29,7 +29,8 @@ #hardware.nvidia.package = config.boot.kernelPackages.nvidiaPackages.latest; # only do this per-host hardware.nvidia.powerManagement.enable = true; # Fix graphical corruption on suspend/resume - + virtualisation.docker.enableNvidia = true; + virtualisation.podman.enableNvidia = true; # add this to the host in question: #hardware.nvidia.prime = { diff --git a/hosts/sopp/default.nix b/hosts/sopp/default.nix index fa91619..48c9e71 100644 --- a/hosts/sopp/default.nix +++ b/hosts/sopp/default.nix @@ -27,6 +27,7 @@ ../../profiles/sshd.nix ../../profiles/no-suspend.nix ../../profiles/podman.nix + ../../profiles/docker.nix ../../users # home-manager ../../users/pbsds diff --git a/profiles/docker.nix b/profiles/docker.nix new file mode 100644 index 0000000..2fd6fdd --- /dev/null +++ b/profiles/docker.nix @@ -0,0 +1,22 @@ +{ lib, pkgs, ... }: +{ + virtualisation.docker.enable = true; + #virtualisation.oci-containers.backend = lib.mkDefault "docker"; + + virtualisation.docker.autoPrune.enable = true; + virtualisation.docker.autoPrune.dates = "weekly"; + #virtualisation.docker.autoPrune.flags = [ "--all" ]; + + environment.systemPackages = with pkgs; [ + #docker-compose + ]; + + # remember to add your user: + #users.users.USERNAME.extraGroups = [ "docker" ]; + + # Required for containers under podman-compose to be able to talk to each other. + #virtualisation.defaultNetwork.settings.dns_enabled = true; + + # TODO: if root-on-zfs + #virtualisation.podman.extraPackages = [ pkgs.zfs ]; +} diff --git a/profiles/podman.nix b/profiles/podman.nix index 48fdb6b..dd1bc87 100644 --- a/profiles/podman.nix +++ b/profiles/podman.nix @@ -1,9 +1,13 @@ -{ pkgs, ... }: +{ config, pkgs, ... }: { virtualisation.podman.enable = true; - virtualisation.podman.dockerCompat = true; # alias docker to podman + virtualisation.podman.dockerCompat = !config.virtualisation.docker.enable; # alias docker to podman virtualisation.oci-containers.backend = "podman"; # default + virtualisation.podman.autoPrune.enable = true; + virtualisation.podman.autoPrune.dates = "weekly"; + #virtualisation.podman.autoPrune.flags = [ "--all" ]; + environment.systemPackages = with pkgs; [ #podman-compose podman-tui diff --git a/users/pbsds/default.nix b/users/pbsds/default.nix index 1068a48..e871512 100644 --- a/users/pbsds/default.nix +++ b/users/pbsds/default.nix @@ -46,7 +46,8 @@ "wheel" "nixbld" # TODO: NAS stuff - ]; + + ] ++ lib.optional config.virtualisation.docker.enable "docker"; initialHashedPassword = "$6$yNgxTHcP1UYkNwuZ$1sBehnKgPjVnDe0tSV8kyfynWpfjDzuohZX6SoTrMnYFa3/aiMOtI6JppYevl.M6qYhBIT0XBvL6TqSSFWn8B/"; # TODO: fetch from github? diff --git a/users/pbsds/home/profiles/shell.nix b/users/pbsds/home/profiles/shell.nix index e9edcb9..c4f3130 100644 --- a/users/pbsds/home/profiles/shell.nix +++ b/users/pbsds/home/profiles/shell.nix @@ -48,7 +48,7 @@ home.packages = with pkgs; [ rsync - bind.dnsutils + bind.dnsutils # dig vimv git curl