From c93db5a8f0796786c9410eaee2a37c9951db6d3c Mon Sep 17 00:00:00 2001 From: Dennis Date: Mon, 7 Jul 2025 09:09:28 +0200 Subject: [PATCH] adds docker to dnsc-vps-sm --- README.md | 1 + hosts/dnsc-vps-sm/default.nix | 33 ++++++++++++++++++++++----------- modules/docker/default.nix | 11 +++++++++++ 3 files changed, 34 insertions(+), 11 deletions(-) create mode 100644 modules/docker/default.nix diff --git a/README.md b/README.md index b96473d..078218a 100644 --- a/README.md +++ b/README.md @@ -4,3 +4,4 @@ - [ ] Creation of SSH Keys - [ ] Restic root SSH config & keys (even better: do not run restic as root) +- [ ] Splitpro diff --git a/hosts/dnsc-vps-sm/default.nix b/hosts/dnsc-vps-sm/default.nix index 7a146fc..3e742be 100644 --- a/hosts/dnsc-vps-sm/default.nix +++ b/hosts/dnsc-vps-sm/default.nix @@ -5,7 +5,8 @@ config, pkgs, ... -}: { +}: +{ imports = [ ./hardware-configuration.nix ./networking.nix @@ -14,6 +15,7 @@ ../../modules/vaultwarden ../../modules/uptime-kuma ../../modules/homepage + ../../modules/docker ]; # Secrets @@ -42,11 +44,11 @@ # Launch fish shell programs.bash = { interactiveShellInit = '' - if [[ $(${pkgs.procps}/bin/ps --no-header --pid=$PPID --format=comm) != "fish" && -z ''${BASH_EXECUTION_STRING} ]] - then - shopt -q login_shell && LOGIN_OPTION='--login' || LOGIN_OPTION="" - exec ${pkgs.fish}/bin/fish $LOGIN_OPTION - fi + if [[ $(${pkgs.procps}/bin/ps --no-header --pid=$PPID --format=comm) != "fish" && -z ''${BASH_EXECUTION_STRING} ]] + then + shopt -q login_shell && LOGIN_OPTION='--login' || LOGIN_OPTION="" + exec ${pkgs.fish}/bin/fish $LOGIN_OPTION + fi ''; }; @@ -64,7 +66,7 @@ networking.firewall = { enable = true; allowedTCPPorts = [ - 80 + 80 443 ]; ipBasedAllowedTCPPorts = [ @@ -78,13 +80,16 @@ } ]; }; - + # My user account users.users.dennis = { description = "dennis"; initialPassword = "admin"; isNormalUser = true; - extraGroups = [ "wheel" "networkmanager" ]; + extraGroups = [ + "wheel" + "networkmanager" + ]; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILvXWZOPOJJDAoF+Sx/ZLoAVu6G/7/MAWoknBgMAzjul dennis@dnsc-mac" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKnmuxDkpDIku5t1Tykz21u78xoQ7LJR8JEcfth32LGu dennis@dnsc-work" @@ -101,7 +106,10 @@ }; # Enable new Nix CLI and flakes - nix.settings.experimental-features = [ "nix-command" "flakes" ]; + nix.settings.experimental-features = [ + "nix-command" + "flakes" + ]; # Install system wide packages environment.systemPackages = with pkgs; [ @@ -109,6 +117,7 @@ btop neovim wget + docker-compose ]; # Programs @@ -160,6 +169,9 @@ virtualHosts."home.dnsc.io".extraConfig = '' reverse_proxy localhost:9001 ''; + virtualHosts."split.dnsc.io".extraConfig = '' + reverse_proxy localhost:9002 + ''; }; # Environment variables @@ -175,4 +187,3 @@ # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . system.stateVersion = "23.11"; } - diff --git a/modules/docker/default.nix b/modules/docker/default.nix new file mode 100644 index 0000000..dcc7271 --- /dev/null +++ b/modules/docker/default.nix @@ -0,0 +1,11 @@ +{ + virtualization.docker = { + enable = true; + rootless = { + enable = true; + setSocketVariable = true; + }; + }; + + users.users.dennis.extraGroups = [ "docker" ]; +}