Blunkall-Technologies/Olympus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

no podman

Browse Source
This commit is contained in:
blaknull
2024-11-10 13:02:48 -06:00
parent 9a6c1aa1ba
commit 445cf1d2bd
4 changed files with 14 additions and 112 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
flake.lock generated
View File

@@ -1385,11 +1385,11 @@
"locked": { "locked": {
"lastModified": 1, "lastModified": 1,
"narHash": "sha256-swUtIf1jN3XSE4xExChj4M5rBWCSs08qqxXsJu1tZYs=", "narHash": "sha256-swUtIf1jN3XSE4xExChj4M5rBWCSs08qqxXsJu1tZYs=",
"path": "/nix/store/5bj7fdgfpap72j7smprhlbaxlicqdad0-source/home-manager", "path": "/nix/store/gzxffjfgra88pvjlmdz85l11jblji1hz-source/home-manager",
"type": "path" "type": "path"
}, },
"original": { "original": {
"path": "/nix/store/5bj7fdgfpap72j7smprhlbaxlicqdad0-source/home-manager", "path": "/nix/store/gzxffjfgra88pvjlmdz85l11jblji1hz-source/home-manager",
"type": "path" "type": "path"
} }
}, },
@@ -2066,11 +2066,11 @@
"locked": { "locked": {
"lastModified": 1, "lastModified": 1,
"narHash": "sha256-HAuZ9X84fuwUcit6NWUoJCjHj+29nST/YN6Rs8JQugY=", "narHash": "sha256-HAuZ9X84fuwUcit6NWUoJCjHj+29nST/YN6Rs8JQugY=",
"path": "/nix/store/drd0wp9x6d08b8qwcrlipm1f83ddmw57-source/programs", "path": "/nix/store/wk0967i3j6a3fmh4hd07xdx6rd8248j3-source/programs",
"type": "path" "type": "path"
}, },
"original": { "original": {
"path": "/nix/store/drd0wp9x6d08b8qwcrlipm1f83ddmw57-source/programs", "path": "/nix/store/wk0967i3j6a3fmh4hd07xdx6rd8248j3-source/programs",
"type": "path" "type": "path"
} }
}, },
@@ -2142,11 +2142,11 @@
"locked": { "locked": {
"lastModified": 1, "lastModified": 1,
"narHash": "sha256-0Ztx5DVQ2I7hvCK/qjGa4XTdRgbzM8rhf19m0al8lVM=", "narHash": "sha256-0Ztx5DVQ2I7hvCK/qjGa4XTdRgbzM8rhf19m0al8lVM=",
"path": "/nix/store/drd0wp9x6d08b8qwcrlipm1f83ddmw57-source/services/sddm", "path": "/nix/store/wk0967i3j6a3fmh4hd07xdx6rd8248j3-source/services/sddm",
"type": "path" "type": "path"
}, },
"original": { "original": {
"path": "/nix/store/drd0wp9x6d08b8qwcrlipm1f83ddmw57-source/services/sddm", "path": "/nix/store/wk0967i3j6a3fmh4hd07xdx6rd8248j3-source/services/sddm",
"type": "path" "type": "path"
} }
}, },
@@ -2213,12 +2213,12 @@
}, },
"locked": { "locked": {
"lastModified": 1, "lastModified": 1,
"narHash": "sha256-eSNoCPMb96EB8yfn14pGsPCwBSabmOxKTA8Vo/jPVHE=", "narHash": "sha256-Jv1KhOPLo+4WowQe291MGrHciMI2vPOAVUPZ8cDFFvM=",
"path": "/nix/store/5bj7fdgfpap72j7smprhlbaxlicqdad0-source/system-config", "path": "/nix/store/gzxffjfgra88pvjlmdz85l11jblji1hz-source/system-config",
"type": "path" "type": "path"
}, },
"original": { "original": {
"path": "/nix/store/5bj7fdgfpap72j7smprhlbaxlicqdad0-source/system-config", "path": "/nix/store/gzxffjfgra88pvjlmdz85l11jblji1hz-source/system-config",
"type": "path" "type": "path"
} }
}, },

20
system-config/configuration/homebox/default.nix
View File

@@ -110,7 +110,7 @@
#hashedPasswordFile = config.sops.secrets."nathan/pass".path; #hashedPasswordFile = config.sops.secrets."nathan/pass".path;
extraGroups = [ extraGroups = [
"wheel" "wheel"
"podman" "docker"
]; # Enable sudo for the user. ]; # Enable sudo for the user.
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsU69CxfQk58CvItPN426h5Alnpb60SH37wet97Vb57 nathan@laptop" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsU69CxfQk58CvItPN426h5Alnpb60SH37wet97Vb57 nathan@laptop"
@@ -124,23 +124,9 @@
}; };
}; };
virtualisation.docker.enable = false; virtualisation.docker.enable = true;
virtualisation.podman = { #virtualisation.oci-containers.backend = "podman";
enable = true;
dockerCompat = true;
defaultNetwork.settings.dns_enabled = true;
};
virtualisation.oci-containers.backend = "podman";
environment.systemPackages = with pkgs; [
dive
podman-tui
podman-compose
arion
docker-client
];
boot.initrd.postDeviceCommands = lib.mkAfter '' boot.initrd.postDeviceCommands = lib.mkAfter ''
mkdir /btrfs_tmp mkdir /btrfs_tmp

4
system-config/services/containers/authentik/default.nix
View File

@@ -11,7 +11,7 @@
config = lib.mkIf config.sysconfig.opts.virtualization.authentik.enable { config = lib.mkIf config.sysconfig.opts.virtualization.authentik.enable {
sops.templates."authentik.env" = { sops.templates.".env" = {
content = '' content = ''
POSTGRES_DB=authentik-db POSTGRES_DB=authentik-db
POSTGRES_USER=authentik-admin POSTGRES_USER=authentik-admin
@@ -19,7 +19,7 @@
AUTHENTIK_SECRET_KEY=${config.sops.placeholder."authentik/secret_key"} AUTHENTIK_SECRET_KEY=${config.sops.placeholder."authentik/secret_key"}
''; '';
path = "/home/nathan/Projects/System/system-config/services/containers/authentik/.env"; path = "/ssd1/Authentik/.env";
}; };
/*systemd.services.launchAuthentik = { /*systemd.services.launchAuthentik = {

84
system-config/services/containers/authentik/docker-compose.yml
View File

@@ -1,84 +0,0 @@
---
services:
postgresql:
image: docker.io/library/postgres:16-alpine
restart: unless-stopped
healthcheck:
test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"]
start_period: 20s
interval: 30s
retries: 5
timeout: 5s
volumes:
- database:/var/lib/postgresql/data
environment:
- POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
- POSTGRES_USER=${POSTGRES_USER}
- POSTGRES_DB=${POSTGRES_DB}
env_file:
- .env
redis:
image: docker.io/library/redis:alpine
command: --save 60 1 --loglevel warning
restart: unless-stopped
healthcheck:
test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
start_period: 20s
interval: 30s
retries: 5
timeout: 3s
volumes:
- redis:/data
server:
image: ghcr.io/goauthentik/server:2024.10.1
restart: unless-stopped
command: server
environment:
- AUTHENTIK_REDIS__HOST=redis
- AUTHENTIK_POSTGRESQL__HOST=postgresql
- AUTHENTIK_POSTGRESQL__USER=${POSTGRES_USER}
- AUTHENTIK_POSTGRESQL__NAME=${POSTGRES_DB}
- AUTHENTIK_POSTGRESQL__PASSWORD=${POSTGRES_PASSWORD}
- AUTHENTIK_ERROR_REPORTING__ENABLED=true
- AUTHENTIK_SECRET_KEY=${AUTHENTIK_SECRET_KEY}
volumes:
- ./media:/media
- ./custom-templates:/templates
env_file:
- .env
ports:
- "${COMPOSE_PORT_HTTP:-9000}:9000"
- "${COMPOSE_PORT_HTTPS:-9443}:9443"
depends_on:
- postgresql
- redis
worker:
image: ghcr.io/goauthentik/server:2024.10.1
restart: unless-stopped
command: worker
environment:
- AUTHENTIK_REDIS__HOST=redis
- AUTHENTIK_POSTGRESQL__HOST=postgresql
- AUTHENTIK_POSTGRESQL__USER=${POSTGRES_USER}
- AUTHENTIK_POSTGRESQL__NAME=${POSTGRES_DB}
- AUTHENTIK_POSTGRESQL__PASSWORD=${POSTGRES_PASSWORD}
- AUTHENTIK_ERROR_REPORTING__ENABLED=true
- AUTHENTIK_SECRET_KEY=${AUTHENTIK_SECRET_KEY}
user: root
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./media:/media
- ./certs:/certs
- ./custom-templates:/templates
env_file:
- .env
depends_on:
- postgresql
- redis
volumes:
database:
driver: local
redis:
driver: local