Fix docker/kubernetes secret management

Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
2025-01-20 12:08:27 +00:00
parent 67e7549452
commit d9c9e40f6c
6 changed files with 64 additions and 76 deletions
--- a/hosts/common/configs/user/console/docker/default.nix
+++ b/hosts/common/configs/user/console/docker/default.nix
@@ -1,6 +1,7 @@
 {
  user ? throw "user argument is required",
  home ? throw "home argument is required",
+  rootless ? true,
 }:
 {
  config,
@@ -8,45 +9,49 @@
  pkgs,
  ...
 }:
-{
-  virtualisation.docker.rootless = {
-    enable = true;
-    setSocketVariable = true;
-    enableOnBoot = false;
-    storageDriver = "btrfs";
+lib.mkMerge (
+  [
+    {
+      virtualisation.docker.rootless = {
+        enable = rootless;
+        setSocketVariable = true;
+        enableOnBoot = false;
+        storageDriver = "btrfs";

-    daemon.settings = {
-      experimental = true;
-      ipv6 = true;
-      fixed-cidr-v6 = "fd00::/80";
+        daemon.settings = {
+          experimental = true;
+          ipv6 = true;
+          fixed-cidr-v6 = "fd00::/80";
+        };
+
+        autoPrune = {
+          enable = true;
+          flags = [ "--all" ];
+        };
+      };
+
+      home-manager.users.${user}.home = {
+        packages = with pkgs; [ docker-compose ];
+
+        sessionVariables = {
+          DOCKER_CONFIG = "${home}/.config/docker";
+        };
+      };
+    }
+  ]
+  ++ (lib.lists.optional rootless {
+    environment.persistence."/persist"."${home}/.local/share/docker" = { };
+
+    systemd.user = {
+      services.docker.after = [
+        config.environment.persistence."/persist"."${home}/.local/share/docker".mount
+      ];
+      sockets.docker.after = [
+        config.environment.persistence."/persist"."${home}/.local/share/docker".mount
+      ];
    };
-
-    autoPrune = {
-      enable = true;
-      flags = [ "--all" ];
-    };
-  };
-
-  home-manager.users.${user}.home = {
-    packages = with pkgs; [ docker-compose ];
-
-    sessionVariables = {
-      DOCKER_CONFIG = "${home}/.config/docker";
-    };
-  };
-}
-// lib.mkIf config.virtualisation.docker.rootless.enable {
-  environment.persistence."/persist"."${home}/.local/share/docker" = { };
-
-  systemd.user = {
-    services.docker.after = [
-      config.environment.persistence."/persist"."${home}/.local/share/docker".mount
-    ];
-    sockets.docker.after = [
-      config.environment.persistence."/persist"."${home}/.local/share/docker".mount
-    ];
-  };
-}
-// lib.mkIf (!config.virtualisation.docker.rootless.enable) {
-  users.users.${user}.extraGroups = [ "docker" ];
-}
+  })
+  ++ (lib.lists.optional (!rootless) {
+    users.users.${user}.extraGroups = [ "docker" ];
+  })
+)
--- a/hosts/common/configs/user/console/kubernetes/default.nix
+++ b/hosts/common/configs/user/console/kubernetes/default.nix
@@ -12,12 +12,16 @@
    })
  ];

-  environment.persistence."/cache"."${home}/.kube/cache" = { };
+  environment.persistence = {
+    "/persist"."${home}/.kube" = { };
+    "/cache"."${home}/.kube/cache" = { };
+  };

  home-manager.users.${user} = {
    home.packages = with pkgs; [
      kubectl
      kubernetes-helm
+      kustomize
      kind
    ];

--- a/hosts/common/configs/user/console/zsh/default.nix
+++ b/hosts/common/configs/user/console/zsh/default.nix
@@ -4,10 +4,7 @@
 }:
 { config, pkgs, ... }:
 {
-  environment = {
-    sessionVariables.ZDOTDIR = "$HOME/.config/zsh";
-    persistence."/persist"."${home}/.local/share/zsh" = { };
-  };
+  environment.persistence."/persist"."${home}/.local/share/zsh" = { };

  home-manager.users.${user} = {
    imports = [ ./options.nix ];
@@ -36,6 +33,9 @@
      '';
    };

-    home.file.".zshenv".enable = false;
+    home = {
+      file.".zshenv".enable = false;
+      sessionVariables.ZDOTDIR = "${home}/.config/zsh";
+    };
  };
 }