2 Commits 9361d51733 ... 68ed32da31

Author SHA1 Message Date
  Oleg Pykhalov 68ed32da31 apps: base: workstation: Move pod to daemonset. 1 month ago
  Oleg Pykhalov dc17c7ca60 run-guix-workstation: Include rerun scripts. 1 month ago

+ 400 - 0
apps/base/workstation/daemonset.yaml

@@ -0,0 +1,400 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: workstation
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: workstation
+      app.kubernetes.io/part-of: workstation
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: workstation
+        app.kubernetes.io/part-of: workstation
+    spec:
+      restartPolicy: Never
+      automountServiceAccountToken: false
+      terminationGracePeriodSeconds: 600
+      initContainers:
+      - name: volume-mount-hack
+        image: busybox
+        imagePullPolicy: IfNotPresent
+        command:
+        - sh
+        - -c
+        - |
+          set -o nounset -o errexit -o pipefail
+
+          chown 1000:998 /home/oleg
+
+          mkdir /home/oleg/.cache
+          chown 1000:998 /home/oleg/.cache
+
+          mkdir /home/oleg/.config
+          chown 1000:998 /home/oleg/.config
+
+          mkdir /home/oleg/.local
+          chown 1000:998 /home/oleg/.local
+
+          mkdir /home/oleg/.local/share
+          chown 1000:998 /home/oleg/.local/share
+
+          mkdir /home/oleg/.ssh
+          chown 1000:998 /home/oleg/.ssh
+
+          mkdir /mnt/nixos/home/oleg
+          chown 1000:998 /mnt/nixos/home/oleg
+
+          mkdir -p /mnt/nixos/home/oleg/.mozilla
+          chown 1000:998 /mnt/nixos/home/oleg/.mozilla
+
+          mkdir -p /mnt/nixos/home/oleg/.config
+          chown 1000:998 /mnt/nixos/home/oleg/.config
+        volumeMounts:
+        - mountPath: /home/oleg
+          name: container-home-oleg
+        - mountPath: /mnt/nixos/home
+          name: nixos-home
+      containers:
+      - image: harbor.home.wugi.info/library/guix-image-workstation:latest
+        name: guix
+        ports:
+        - containerPort: 5353
+          name: avahi
+          protocol: UDP
+        - containerPort: 16400
+          name: scream
+          protocol: UDP
+        securityContext:
+          capabilities:
+            add:
+            # - CHOWN
+            # - DAC_OVERRIDE
+            # - DAC_READ_SEARCH
+            # - FOWNER
+            # - FSETID
+            # - KILL
+            # - SETGID
+            # - SETUID
+            # - SETPCAP
+            # - LINUX_IMMUTABLE
+            # - NET_BIND_SERVICE
+            # - NET_BROADCAST
+            # - NET_ADMIN
+            # - NET_RAW
+            # - IPC_LOCK
+            # - IPC_OWNER
+            # - SYS_MODULE
+            # - SYS_RAWIO
+            # - SYS_CHROOT
+            # - SYS_PTRACE
+            # - SYS_PACCT
+            - SYS_ADMIN
+            # - SYS_BOOT
+            # - SYS_NICE
+            # - SYS_RESOURCE
+            # - SYS_TIME
+            # - SYS_TTY_CONFIG
+            # - MKNOD
+            # - LEASE
+            # - AUDIT_WRITE
+            # - AUDIT_CONTROL
+            # - SETFCAP
+            # - MAC_OVERRIDE
+            # - MAC_ADMIN
+            # - SYSLOG
+            # - WAKE_ALARM
+            # - BLOCK_SUSPEND
+            # - AUDIT_READ
+            # - PERFMON
+            # - BPF
+            # - CHECKPOINT_RESTORE
+          privileged: true
+          # allowPrivilegeEscalation: true
+        tty: true
+        volumeMounts:
+        - mountPath: /run
+          name: guix-run
+          mountPropagation: Bidirectional
+        - mountPath: /dev/dri
+          name: dev-dri
+        - mountPath: /dev/input
+          name: dev-input
+        - mountPath: /dev/tty0
+          name: dev-tty2
+        - mountPath: /dev/tty2
+          name: dev-tty2
+        - mountPath: /dev/fuse
+          name: dev-fuse
+        - mountPath: /etc/nsswitch.conf
+          name: nsswitch
+        - mountPath: /etc/services
+          name: services
+        - mountPath: /dev/shm
+          name: guix-shm
+        - mountPath: /tmp
+          name: guix-tmp
+        - mountPath: /mnt/guix/var/run/shepherd/socket
+          name: var-run-shepherd-socket
+        - mountPath: /home/oleg
+          name: container-home-oleg
+        - name: home-oleg-dot-cache-ihs
+          mountPath: /home/oleg/.cache/ihs
+        - name: home-oleg-dot-config-obs-studio
+          mountPath: /home/oleg/.config/obs-studio
+        - name: home-oleg-dot-config-remmina
+          mountPath: /home/oleg/.config/remmina
+        - name: home-oleg-dot-local-share-remmina
+          mountPath: /home/oleg/.local/share/remmina
+        - name: home-oleg-dot-local-share-telegram
+          mountPath: /home/oleg/.local/share/TelegramDesktop
+        - name: home-oleg-dot-password-store
+          mountPath: /home/oleg/.password-store
+        - name: home-oleg-ssh-private-key
+          mountPath: /home/oleg/.ssh/id_ed25519
+        - name: home-oleg-ssh-public-key
+          mountPath: /home/oleg/.ssh/id_ed25519.pub
+        - name: home-oleg-ssh-known-hosts
+          mountPath: /home/oleg/.ssh/known_hosts
+        - name: nix
+          mountPath: /nix
+        - name: home-oleg-bash-history
+          mountPath: /home/oleg/.bash_history
+        - name: root-bash-history
+          mountPath: /root/.bash_history
+        lifecycle:
+           preStop:
+             exec:
+               command:
+               - /run/current-system/profile/sbin/halt
+      - name: nixos
+        image: harbor.home.wugi.info/library/nixos-systemd:latest
+        command:
+        - /entrypoint.sh
+        env:
+        - name: container
+          value: docker
+        securityContext:
+          capabilities:
+            add:
+            - SETUID
+            - BLOCK_SUSPEND
+            - NET_ADMIN
+            - NET_BIND_SERVICE
+            - NET_RAW
+            - SYS_ADMIN
+            - SYS_CHROOT
+            - SYS_NICE
+            - SYS_PTRACE
+            - SYS_RESOURCE
+            - SYS_TIME
+        lifecycle:
+           preStop:
+             exec:
+               command:
+               - /run/current-system/sw/bin/systemctl
+               - poweroff
+        tty: true
+        volumeMounts:
+        - mountPath: /dev/dri
+          name: dev-dri
+        - mountPath: /run
+          name: nixos-run
+        - mountPath: /mnt/guix/tmp
+          name: guix-tmp
+        - mountPath: /mnt/guix/run
+          name: guix-run
+          mountPropagation: HostToContainer
+        - mountPath: /home
+          name: nixos-home
+        - mountPath: /home/oleg/.mozilla/firefox
+          name: home-oleg-mozilla-firefox
+        - name: home-oleg-bash-history
+          mountPath: /home/oleg/.bash_history
+        - name: home-oleg-dot-config-google-chrome
+          mountPath: /home/oleg/.config/google-chrome
+        - name: root-bash-history
+          mountPath: /root/.bash_history
+        - name: home-oleg-config-wayvnc
+          mountPath: /home/oleg/.config/wayvnc
+        - name: home-oleg-dot-local-share-chatterino
+          mountPath: /home/oleg/.local/share/chatterino
+      - image: harbor.home.wugi.info/library/archlinux-systemd:latest
+        name: archlinux
+        env:
+        - name: container
+          value: docker
+        securityContext:
+          capabilities:
+            add:
+            - NET_ADMIN
+            - NET_BIND_SERVICE
+            - NET_RAW
+            - SYS_ADMIN
+            - SYS_NICE
+            - SYS_TIME
+          privileged: true
+        tty: true
+        lifecycle:
+           preStop:
+             exec:
+               command:
+               - /bin/systemctl
+               - poweroff
+        volumeMounts:
+        - mountPath: /run
+          name: archlinux-run
+        - mountPath: /tmp
+          name: archlinux-tmp
+        - mountPath: /dev/dri
+          name: dev-dri
+        - mountPath: /mnt/guix/run
+          name: guix-run
+          mountPropagation: HostToContainer
+        - mountPath: /mnt/guix/tmp
+          name: guix-tmp
+        - name: home-oleg-bash-history
+          mountPath: /home/oleg/.bash_history
+        - name: root-bash-history
+          mountPath: /root/.bash_history
+        - name: home-oleg-config-socialstream
+          mountPath: /home/oleg/.config/SocialStream
+      volumes:
+      - name: dev-dri
+        hostPath:
+          path: /dev/dri
+          type: Directory
+      - name: dev-input
+        hostPath:
+          path: /dev/input
+          type: Directory
+      - name: dev-tty2
+        hostPath:
+          path: /dev/tty2
+          type: CharDevice
+      - name: dev-fuse
+        hostPath:
+          path: /dev/fuse
+          type: CharDevice
+      - name: nsswitch
+        hostPath:
+          path: /etc/nsswitch.conf
+          type: File
+      - name: services
+        hostPath:
+          path: /etc/services
+          type: File
+      - name: guix-shm
+        emptyDir:
+          medium: Memory
+          sizeLimit: 1Gi
+      - hostPath:
+          path: /home/oleg
+          type: Directory
+        name: home-oleg
+      - hostPath:
+          path: /nix
+          type: Directory
+        name: nix
+      - emptyDir:
+          medium: Memory
+          sizeLimit: 4G
+        name: guix-tmp
+      - emptyDir:
+          medium: Memory
+          sizeLimit: 4G
+        name: archlinux-tmp
+      - emptyDir:
+          medium: Memory
+          sizeLimit: 512M
+        name: guix-run
+      - emptyDir:
+          medium: Memory
+          sizeLimit: 512M
+        name: nixos-run
+      - emptyDir:
+        name: nixos-home
+      - emptyDir:
+          medium: Memory
+          sizeLimit: 512M
+        name: archlinux-run
+      - name: var-run-shepherd-socket
+        hostPath:
+          path: /var/run/shepherd/socket
+          type: Socket
+      - emptyDir:
+          sizeLimit: 4G
+        name: container-home-oleg
+      - name: home-oleg-dot-cache-ihs
+        hostPath:
+          path: /home/oleg/.cache/ihs
+          type: Directory
+      - name: home-oleg-dot-config-google-chrome
+        hostPath:
+          path: /home/oleg/.config/google-chrome
+          type: Directory
+      - name: home-oleg-dot-config-obs-studio
+        hostPath:
+          path: /home/oleg/.config/obs-studio-4k
+          type: Directory
+      - name: home-oleg-dot-config-remmina
+        hostPath:
+          path: /home/oleg/.config/remmina
+          type: Directory
+      - name: home-oleg-dot-local-share-remmina
+        hostPath:
+          path: /home/oleg/.local/share/remmina
+          type: Directory
+      - name: home-oleg-dot-local-share-telegram
+        hostPath:
+          path: /home/oleg/.local/share/TelegramDesktop
+          type: Directory
+      - name: home-oleg-dot-local-share-chatterino
+        hostPath:
+          path: /home/oleg/.local/share/chatterino
+          type: Directory
+      - name: home-oleg-dot-mozilla
+        hostPath:
+          path: /home/oleg/.mozilla
+          type: Directory
+      - name: home-oleg-dot-password-store
+        hostPath:
+          path: /home/oleg/.password-store
+          type: Directory
+      - name: home-oleg-mozilla-firefox
+        hostPath:
+          path: /home/oleg/.mozilla/firefox
+          type: Directory
+      - name: nix
+        hostPath:
+          path: /nix
+          type: Directory
+      - name: home-oleg-ssh-private-key
+        hostPath:
+          path: /home/oleg/.ssh/id_ed25519
+          type: File
+      - name: home-oleg-ssh-public-key
+        hostPath:
+          path: /home/oleg/.ssh/id_ed25519.pub
+          type: File
+      - name: home-oleg-ssh-known-hosts
+        hostPath:
+          path: /home/oleg/.ssh/known_hosts
+          type: File
+      - name: home-oleg-bash-history
+        hostPath:
+          path: /home/oleg/.bash_history
+          type: File
+      - name: root-bash-history
+        hostPath:
+          path: /root/.bash_history
+          type: File
+      - name: home-oleg-config-socialstream
+        hostPath:
+          path: /home/oleg/.config/SocialStream
+          type: Directory
+      - name: home-oleg-config-wayvnc
+        hostPath:
+          path: /home/oleg/.config/wayvnc
+          type: Directory

+ 1 - 1
apps/base/workstation/kustomization.yaml

@@ -3,4 +3,4 @@ kind: Kustomization
 namespace: workstation
 resources:
 - namespace.yaml
-- pod.yaml
+- daemonset.yaml

+ 0 - 397
apps/base/workstation/pod.yaml

@@ -1,397 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: workstation
-  annotations:
-    # Setting spec.force to true will make Flux recreate the Pod when any
-    # immutable field is changed, forcing the Pod to run every time the
-    # container image tag changes.
-    kustomize.toolkit.fluxcd.io/force: enabled
-  labels:
-    app.kubernetes.io/name: workstation
-spec:
-  restartPolicy: Never
-  automountServiceAccountToken: false
-  terminationGracePeriodSeconds: 600
-  initContainers:
-  - name: volume-mount-hack
-    image: busybox
-    imagePullPolicy: IfNotPresent
-    command:
-    - sh
-    - -c
-    - |
-      set -o nounset -o errexit -o pipefail
-
-      chown 1000:998 /home/oleg
-
-      mkdir /home/oleg/.cache
-      chown 1000:998 /home/oleg/.cache
-
-      mkdir /home/oleg/.config
-      chown 1000:998 /home/oleg/.config
-
-      mkdir /home/oleg/.local
-      chown 1000:998 /home/oleg/.local
-
-      mkdir /home/oleg/.local/share
-      chown 1000:998 /home/oleg/.local/share
-
-      mkdir /home/oleg/.ssh
-      chown 1000:998 /home/oleg/.ssh
-
-      mkdir /mnt/nixos/home/oleg
-      chown 1000:998 /mnt/nixos/home/oleg
-
-      mkdir -p /mnt/nixos/home/oleg/.mozilla
-      chown 1000:998 /mnt/nixos/home/oleg/.mozilla
-
-      mkdir -p /mnt/nixos/home/oleg/.config
-      chown 1000:998 /mnt/nixos/home/oleg/.config
-    volumeMounts:
-    - mountPath: /home/oleg
-      name: container-home-oleg
-    - mountPath: /mnt/nixos/home
-      name: nixos-home
-  containers:
-  - image: harbor.home.wugi.info/library/guix-image-workstation:latest
-    name: guix
-    ports:
-    - containerPort: 5353
-      name: avahi
-      protocol: UDP
-    - containerPort: 16400
-      name: scream
-      protocol: UDP
-    securityContext:
-      capabilities:
-        add:
-        # - CHOWN
-        # - DAC_OVERRIDE
-        # - DAC_READ_SEARCH
-        # - FOWNER
-        # - FSETID
-        # - KILL
-        # - SETGID
-        # - SETUID
-        # - SETPCAP
-        # - LINUX_IMMUTABLE
-        # - NET_BIND_SERVICE
-        # - NET_BROADCAST
-        # - NET_ADMIN
-        # - NET_RAW
-        # - IPC_LOCK
-        # - IPC_OWNER
-        # - SYS_MODULE
-        # - SYS_RAWIO
-        # - SYS_CHROOT
-        # - SYS_PTRACE
-        # - SYS_PACCT
-        - SYS_ADMIN
-        # - SYS_BOOT
-        # - SYS_NICE
-        # - SYS_RESOURCE
-        # - SYS_TIME
-        # - SYS_TTY_CONFIG
-        # - MKNOD
-        # - LEASE
-        # - AUDIT_WRITE
-        # - AUDIT_CONTROL
-        # - SETFCAP
-        # - MAC_OVERRIDE
-        # - MAC_ADMIN
-        # - SYSLOG
-        # - WAKE_ALARM
-        # - BLOCK_SUSPEND
-        # - AUDIT_READ
-        # - PERFMON
-        # - BPF
-        # - CHECKPOINT_RESTORE
-      privileged: true
-      # allowPrivilegeEscalation: true
-    tty: true
-    volumeMounts:
-    - mountPath: /run
-      name: guix-run
-      mountPropagation: Bidirectional
-    - mountPath: /dev/dri
-      name: dev-dri
-    - mountPath: /dev/input
-      name: dev-input
-    - mountPath: /dev/tty0
-      name: dev-tty2
-    - mountPath: /dev/tty2
-      name: dev-tty2
-    - mountPath: /dev/fuse
-      name: dev-fuse
-    - mountPath: /etc/nsswitch.conf
-      name: nsswitch
-    - mountPath: /etc/services
-      name: services
-    - mountPath: /dev/shm
-      name: guix-shm
-    - mountPath: /tmp
-      name: guix-tmp
-    - mountPath: /mnt/guix/var/run/shepherd/socket
-      name: var-run-shepherd-socket
-    - mountPath: /home/oleg
-      name: container-home-oleg
-    - name: home-oleg-dot-cache-ihs
-      mountPath: /home/oleg/.cache/ihs
-    - name: home-oleg-dot-config-obs-studio
-      mountPath: /home/oleg/.config/obs-studio
-    - name: home-oleg-dot-config-remmina
-      mountPath: /home/oleg/.config/remmina
-    - name: home-oleg-dot-local-share-remmina
-      mountPath: /home/oleg/.local/share/remmina
-    - name: home-oleg-dot-local-share-telegram
-      mountPath: /home/oleg/.local/share/TelegramDesktop
-    - name: home-oleg-dot-password-store
-      mountPath: /home/oleg/.password-store
-    - name: home-oleg-ssh-private-key
-      mountPath: /home/oleg/.ssh/id_ed25519
-    - name: home-oleg-ssh-public-key
-      mountPath: /home/oleg/.ssh/id_ed25519.pub
-    - name: home-oleg-ssh-known-hosts
-      mountPath: /home/oleg/.ssh/known_hosts
-    - name: nix
-      mountPath: /nix
-    - name: home-oleg-bash-history
-      mountPath: /home/oleg/.bash_history
-    - name: root-bash-history
-      mountPath: /root/.bash_history
-    lifecycle:
-       preStop:
-         exec:
-           command:
-           - /run/current-system/profile/sbin/halt
-  - name: nixos
-    image: harbor.home.wugi.info/library/nixos-systemd:latest
-    command:
-    - /entrypoint.sh
-    env:
-    - name: container
-      value: docker
-    securityContext:
-      capabilities:
-        add:
-        - SETUID
-        - BLOCK_SUSPEND
-        - NET_ADMIN
-        - NET_BIND_SERVICE
-        - NET_RAW
-        - SYS_ADMIN
-        - SYS_CHROOT
-        - SYS_NICE
-        - SYS_PTRACE
-        - SYS_RESOURCE
-        - SYS_TIME
-    lifecycle:
-       preStop:
-         exec:
-           command:
-           - /run/current-system/sw/bin/systemctl
-           - poweroff
-    tty: true
-    volumeMounts:
-    - mountPath: /dev/dri
-      name: dev-dri
-    - mountPath: /run
-      name: nixos-run
-    - mountPath: /mnt/guix/tmp
-      name: guix-tmp
-    - mountPath: /mnt/guix/run
-      name: guix-run
-      mountPropagation: HostToContainer
-    - mountPath: /home
-      name: nixos-home
-    - mountPath: /home/oleg/.mozilla/firefox
-      name: home-oleg-mozilla-firefox
-    - name: home-oleg-bash-history
-      mountPath: /home/oleg/.bash_history
-    - name: home-oleg-dot-config-google-chrome
-      mountPath: /home/oleg/.config/google-chrome
-    - name: root-bash-history
-      mountPath: /root/.bash_history
-    - name: home-oleg-config-wayvnc
-      mountPath: /home/oleg/.config/wayvnc
-    - name: home-oleg-dot-local-share-chatterino
-      mountPath: /home/oleg/.local/share/chatterino
-  - image: harbor.home.wugi.info/library/archlinux-systemd:latest
-    name: archlinux
-    env:
-    - name: container
-      value: docker
-    securityContext:
-      capabilities:
-        add:
-        - NET_ADMIN
-        - NET_BIND_SERVICE
-        - NET_RAW
-        - SYS_ADMIN
-        - SYS_NICE
-        - SYS_TIME
-      privileged: true
-    tty: true
-    lifecycle:
-       preStop:
-         exec:
-           command:
-           - /bin/systemctl
-           - poweroff
-    volumeMounts:
-    - mountPath: /run
-      name: archlinux-run
-    - mountPath: /tmp
-      name: archlinux-tmp
-    - mountPath: /dev/dri
-      name: dev-dri
-    - mountPath: /mnt/guix/run
-      name: guix-run
-      mountPropagation: HostToContainer
-    - mountPath: /mnt/guix/tmp
-      name: guix-tmp
-    - name: home-oleg-bash-history
-      mountPath: /home/oleg/.bash_history
-    - name: root-bash-history
-      mountPath: /root/.bash_history
-    - name: home-oleg-config-socialstream
-      mountPath: /home/oleg/.config/SocialStream
-  volumes:
-  - name: dev-dri
-    hostPath:
-      path: /dev/dri
-      type: Directory
-  - name: dev-input
-    hostPath:
-      path: /dev/input
-      type: Directory
-  - name: dev-tty2
-    hostPath:
-      path: /dev/tty2
-      type: CharDevice
-  - name: dev-fuse
-    hostPath:
-      path: /dev/fuse
-      type: CharDevice
-  - name: nsswitch
-    hostPath:
-      path: /etc/nsswitch.conf
-      type: File
-  - name: services
-    hostPath:
-      path: /etc/services
-      type: File
-  - name: guix-shm
-    emptyDir:
-      medium: Memory
-      sizeLimit: 1Gi
-  - hostPath:
-      path: /home/oleg
-      type: Directory
-    name: home-oleg
-  - hostPath:
-      path: /nix
-      type: Directory
-    name: nix
-  - emptyDir:
-      medium: Memory
-      sizeLimit: 4G
-    name: guix-tmp
-  - emptyDir:
-      medium: Memory
-      sizeLimit: 4G
-    name: archlinux-tmp
-  - emptyDir:
-      medium: Memory
-      sizeLimit: 512M
-    name: guix-run
-  - emptyDir:
-      medium: Memory
-      sizeLimit: 512M
-    name: nixos-run
-  - emptyDir:
-    name: nixos-home
-  - emptyDir:
-      medium: Memory
-      sizeLimit: 512M
-    name: archlinux-run
-  - name: var-run-shepherd-socket
-    hostPath:
-      path: /var/run/shepherd/socket
-      type: Socket
-  - emptyDir:
-      sizeLimit: 4G
-    name: container-home-oleg
-  - name: home-oleg-dot-cache-ihs
-    hostPath:
-      path: /home/oleg/.cache/ihs
-      type: Directory
-  - name: home-oleg-dot-config-google-chrome
-    hostPath:
-      path: /home/oleg/.config/google-chrome
-      type: Directory
-  - name: home-oleg-dot-config-obs-studio
-    hostPath:
-      path: /home/oleg/.config/obs-studio-4k
-      type: Directory
-  - name: home-oleg-dot-config-remmina
-    hostPath:
-      path: /home/oleg/.config/remmina
-      type: Directory
-  - name: home-oleg-dot-local-share-remmina
-    hostPath:
-      path: /home/oleg/.local/share/remmina
-      type: Directory
-  - name: home-oleg-dot-local-share-telegram
-    hostPath:
-      path: /home/oleg/.local/share/TelegramDesktop
-      type: Directory
-  - name: home-oleg-dot-local-share-chatterino
-    hostPath:
-      path: /home/oleg/.local/share/chatterino
-      type: Directory
-  - name: home-oleg-dot-mozilla
-    hostPath:
-      path: /home/oleg/.mozilla
-      type: Directory
-  - name: home-oleg-dot-password-store
-    hostPath:
-      path: /home/oleg/.password-store
-      type: Directory
-  - name: home-oleg-mozilla-firefox
-    hostPath:
-      path: /home/oleg/.mozilla/firefox
-      type: Directory
-  - name: nix
-    hostPath:
-      path: /nix
-      type: Directory
-  - name: home-oleg-ssh-private-key
-    hostPath:
-      path: /home/oleg/.ssh/id_ed25519
-      type: File
-  - name: home-oleg-ssh-public-key
-    hostPath:
-      path: /home/oleg/.ssh/id_ed25519.pub
-      type: File
-  - name: home-oleg-ssh-known-hosts
-    hostPath:
-      path: /home/oleg/.ssh/known_hosts
-      type: File
-  - name: home-oleg-bash-history
-    hostPath:
-      path: /home/oleg/.bash_history
-      type: File
-  - name: root-bash-history
-    hostPath:
-      path: /root/.bash_history
-      type: File
-  - name: home-oleg-config-socialstream
-    hostPath:
-      path: /home/oleg/.config/SocialStream
-      type: Directory
-  - name: home-oleg-config-wayvnc
-    hostPath:
-      path: /home/oleg/.config/wayvnc
-      type: Directory

+ 14 - 0
apps/cluster1/workstation/daemonset.yaml

@@ -0,0 +1,14 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: workstation
+spec:
+  template:
+    spec:
+      nodeSelector:
+        kubernetes.io/hostname: kube3
+      tolerations:
+      - key: workstation.cluster.local
+        operator: Equal
+        value: 'true'
+        effect: NoSchedule

+ 1 - 1
apps/cluster1/workstation/kustomization.yaml

@@ -4,7 +4,7 @@ namespace: workstation
 resources:
 - ../../base/workstation
 patchesStrategicMerge:
-- pod.yaml
+- daemonset.yaml
 images:
 - name: harbor.home.wugi.info/library/guix-image-workstation
   newTag: "6677e699"

+ 0 - 12
apps/cluster1/workstation/pod.yaml

@@ -1,12 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: workstation
-spec:
-  nodeSelector:
-    kubernetes.io/hostname: kube3
-  tolerations:
-  - key: workstation.cluster.local
-    operator: Equal
-    value: 'true'
-    effect: NoSchedule

+ 0 - 18
rerun.2.sh

@@ -1,18 +0,0 @@
-#!/usr/bin/env bash
-
-set -o nounset -o errexit -o pipefail -o xtrace
-
-ssh 192.168.0.192 <<'EOF'
-bar()
-{
-if sudo /home/oleg/bin/nerdctl-guix-exec /bin/sh -lc 'export SWAYSOCK="$(echo /run/user/1000/sway-ipc*sock)"; /home/oleg/.guix-home/profile/bin/swaymsg -t get_outputs'
-then
-    sudo herd restart container-guix-sway-autostart
-    exit 0
-fi
-}
-until bar
-do
-    sleep 2
-done
-EOF

+ 0 - 29
rerun.sh

@@ -1,29 +0,0 @@
-#!/usr/bin/env bash
-
-set -o nounset -o errexit -o pipefail -o xtrace
-
-if kubectl -n workstation delete --wait=false pod/workstation
-then
-    :
-fi
-
-check()
-{
-    if ssh 192.168.0.192 sudo nerdctl -n k8s.io ps | grep --quiet workstation
-    then
-        return 1
-    else
-        if kubectl -n workstation delete --force pod/workstation
-        then
-            :
-        fi
-    fi
-}
-
-until check
-do
-    sleep 2
-done
-
-cd /home/oleg/.local/share/chezmoi/apps/cluster1/workstation || exit 1
-flux reconcile kustomization workstation

+ 41 - 4
run-guix-workstation.sh

@@ -2,7 +2,32 @@
 
 set -o nounset -o errexit -o pipefail
 
-/home/oleg/.local/share/chezmoi/rerun.sh
+if kubectl -n workstation delete --wait=false pod/workstation
+then
+    :
+fi
+
+check()
+{
+    if ssh 192.168.0.192 sudo nerdctl -n k8s.io ps | grep --quiet workstation
+    then
+        return 1
+    else
+        if kubectl -n workstation delete --force pod/workstation
+        then
+            :
+        fi
+    fi
+}
+
+until check
+do
+    sleep 2
+done
+
+cd /home/oleg/.local/share/chezmoi/apps/cluster1/workstation || exit 1
+flux reconcile kustomization workstation
+
 ssh 192.168.0.192 <<'EOF'
 PATH="/home/oleg/.guix-profile/bin:/gnu/store/3q2x34wg1fff833wwzxnagnv7vbfxb0w-jc-1.25.2/bin:$PATH"
 export PATH
@@ -23,7 +48,19 @@ sleep 10
 sudo /root/run.py
 sleep 1
 sudo /root/run.py
-EOF
+
 echo "INFO: Waiting Guix workstation container to start for 10 seconds." 1>&2
-sleep 10
-/home/oleg/.local/share/chezmoi/rerun.2.sh
+
+bar()
+{
+if sudo /home/oleg/bin/nerdctl-guix-exec /bin/sh -lc 'export SWAYSOCK="$(echo /run/user/1000/sway-ipc*sock)"; /home/oleg/.guix-home/profile/bin/swaymsg -t get_outputs'
+then
+    sudo herd restart container-guix-sway-autostart
+    exit 0
+fi
+}
+until bar
+do
+    sleep 2
+done
+EOF