|
@@ -1,397 +0,0 @@
|
|
|
-apiVersion: v1
|
|
|
-kind: Pod
|
|
|
-metadata:
|
|
|
- name: workstation
|
|
|
- annotations:
|
|
|
- # Setting spec.force to true will make Flux recreate the Pod when any
|
|
|
- # immutable field is changed, forcing the Pod to run every time the
|
|
|
- # container image tag changes.
|
|
|
- kustomize.toolkit.fluxcd.io/force: enabled
|
|
|
- labels:
|
|
|
- app.kubernetes.io/name: workstation
|
|
|
-spec:
|
|
|
- restartPolicy: Never
|
|
|
- automountServiceAccountToken: false
|
|
|
- terminationGracePeriodSeconds: 600
|
|
|
- initContainers:
|
|
|
- - name: volume-mount-hack
|
|
|
- image: busybox
|
|
|
- imagePullPolicy: IfNotPresent
|
|
|
- command:
|
|
|
- - sh
|
|
|
- - -c
|
|
|
- - |
|
|
|
- set -o nounset -o errexit -o pipefail
|
|
|
-
|
|
|
- chown 1000:998 /home/oleg
|
|
|
-
|
|
|
- mkdir /home/oleg/.cache
|
|
|
- chown 1000:998 /home/oleg/.cache
|
|
|
-
|
|
|
- mkdir /home/oleg/.config
|
|
|
- chown 1000:998 /home/oleg/.config
|
|
|
-
|
|
|
- mkdir /home/oleg/.local
|
|
|
- chown 1000:998 /home/oleg/.local
|
|
|
-
|
|
|
- mkdir /home/oleg/.local/share
|
|
|
- chown 1000:998 /home/oleg/.local/share
|
|
|
-
|
|
|
- mkdir /home/oleg/.ssh
|
|
|
- chown 1000:998 /home/oleg/.ssh
|
|
|
-
|
|
|
- mkdir /mnt/nixos/home/oleg
|
|
|
- chown 1000:998 /mnt/nixos/home/oleg
|
|
|
-
|
|
|
- mkdir -p /mnt/nixos/home/oleg/.mozilla
|
|
|
- chown 1000:998 /mnt/nixos/home/oleg/.mozilla
|
|
|
-
|
|
|
- mkdir -p /mnt/nixos/home/oleg/.config
|
|
|
- chown 1000:998 /mnt/nixos/home/oleg/.config
|
|
|
- volumeMounts:
|
|
|
- - mountPath: /home/oleg
|
|
|
- name: container-home-oleg
|
|
|
- - mountPath: /mnt/nixos/home
|
|
|
- name: nixos-home
|
|
|
- containers:
|
|
|
- - image: harbor.home.wugi.info/library/guix-image-workstation:latest
|
|
|
- name: guix
|
|
|
- ports:
|
|
|
- - containerPort: 5353
|
|
|
- name: avahi
|
|
|
- protocol: UDP
|
|
|
- - containerPort: 16400
|
|
|
- name: scream
|
|
|
- protocol: UDP
|
|
|
- securityContext:
|
|
|
- capabilities:
|
|
|
- add:
|
|
|
- # - CHOWN
|
|
|
- # - DAC_OVERRIDE
|
|
|
- # - DAC_READ_SEARCH
|
|
|
- # - FOWNER
|
|
|
- # - FSETID
|
|
|
- # - KILL
|
|
|
- # - SETGID
|
|
|
- # - SETUID
|
|
|
- # - SETPCAP
|
|
|
- # - LINUX_IMMUTABLE
|
|
|
- # - NET_BIND_SERVICE
|
|
|
- # - NET_BROADCAST
|
|
|
- # - NET_ADMIN
|
|
|
- # - NET_RAW
|
|
|
- # - IPC_LOCK
|
|
|
- # - IPC_OWNER
|
|
|
- # - SYS_MODULE
|
|
|
- # - SYS_RAWIO
|
|
|
- # - SYS_CHROOT
|
|
|
- # - SYS_PTRACE
|
|
|
- # - SYS_PACCT
|
|
|
- - SYS_ADMIN
|
|
|
- # - SYS_BOOT
|
|
|
- # - SYS_NICE
|
|
|
- # - SYS_RESOURCE
|
|
|
- # - SYS_TIME
|
|
|
- # - SYS_TTY_CONFIG
|
|
|
- # - MKNOD
|
|
|
- # - LEASE
|
|
|
- # - AUDIT_WRITE
|
|
|
- # - AUDIT_CONTROL
|
|
|
- # - SETFCAP
|
|
|
- # - MAC_OVERRIDE
|
|
|
- # - MAC_ADMIN
|
|
|
- # - SYSLOG
|
|
|
- # - WAKE_ALARM
|
|
|
- # - BLOCK_SUSPEND
|
|
|
- # - AUDIT_READ
|
|
|
- # - PERFMON
|
|
|
- # - BPF
|
|
|
- # - CHECKPOINT_RESTORE
|
|
|
- privileged: true
|
|
|
- # allowPrivilegeEscalation: true
|
|
|
- tty: true
|
|
|
- volumeMounts:
|
|
|
- - mountPath: /run
|
|
|
- name: guix-run
|
|
|
- mountPropagation: Bidirectional
|
|
|
- - mountPath: /dev/dri
|
|
|
- name: dev-dri
|
|
|
- - mountPath: /dev/input
|
|
|
- name: dev-input
|
|
|
- - mountPath: /dev/tty0
|
|
|
- name: dev-tty2
|
|
|
- - mountPath: /dev/tty2
|
|
|
- name: dev-tty2
|
|
|
- - mountPath: /dev/fuse
|
|
|
- name: dev-fuse
|
|
|
- - mountPath: /etc/nsswitch.conf
|
|
|
- name: nsswitch
|
|
|
- - mountPath: /etc/services
|
|
|
- name: services
|
|
|
- - mountPath: /dev/shm
|
|
|
- name: guix-shm
|
|
|
- - mountPath: /tmp
|
|
|
- name: guix-tmp
|
|
|
- - mountPath: /mnt/guix/var/run/shepherd/socket
|
|
|
- name: var-run-shepherd-socket
|
|
|
- - mountPath: /home/oleg
|
|
|
- name: container-home-oleg
|
|
|
- - name: home-oleg-dot-cache-ihs
|
|
|
- mountPath: /home/oleg/.cache/ihs
|
|
|
- - name: home-oleg-dot-config-obs-studio
|
|
|
- mountPath: /home/oleg/.config/obs-studio
|
|
|
- - name: home-oleg-dot-config-remmina
|
|
|
- mountPath: /home/oleg/.config/remmina
|
|
|
- - name: home-oleg-dot-local-share-remmina
|
|
|
- mountPath: /home/oleg/.local/share/remmina
|
|
|
- - name: home-oleg-dot-local-share-telegram
|
|
|
- mountPath: /home/oleg/.local/share/TelegramDesktop
|
|
|
- - name: home-oleg-dot-password-store
|
|
|
- mountPath: /home/oleg/.password-store
|
|
|
- - name: home-oleg-ssh-private-key
|
|
|
- mountPath: /home/oleg/.ssh/id_ed25519
|
|
|
- - name: home-oleg-ssh-public-key
|
|
|
- mountPath: /home/oleg/.ssh/id_ed25519.pub
|
|
|
- - name: home-oleg-ssh-known-hosts
|
|
|
- mountPath: /home/oleg/.ssh/known_hosts
|
|
|
- - name: nix
|
|
|
- mountPath: /nix
|
|
|
- - name: home-oleg-bash-history
|
|
|
- mountPath: /home/oleg/.bash_history
|
|
|
- - name: root-bash-history
|
|
|
- mountPath: /root/.bash_history
|
|
|
- lifecycle:
|
|
|
- preStop:
|
|
|
- exec:
|
|
|
- command:
|
|
|
- - /run/current-system/profile/sbin/halt
|
|
|
- - name: nixos
|
|
|
- image: harbor.home.wugi.info/library/nixos-systemd:latest
|
|
|
- command:
|
|
|
- - /entrypoint.sh
|
|
|
- env:
|
|
|
- - name: container
|
|
|
- value: docker
|
|
|
- securityContext:
|
|
|
- capabilities:
|
|
|
- add:
|
|
|
- - SETUID
|
|
|
- - BLOCK_SUSPEND
|
|
|
- - NET_ADMIN
|
|
|
- - NET_BIND_SERVICE
|
|
|
- - NET_RAW
|
|
|
- - SYS_ADMIN
|
|
|
- - SYS_CHROOT
|
|
|
- - SYS_NICE
|
|
|
- - SYS_PTRACE
|
|
|
- - SYS_RESOURCE
|
|
|
- - SYS_TIME
|
|
|
- lifecycle:
|
|
|
- preStop:
|
|
|
- exec:
|
|
|
- command:
|
|
|
- - /run/current-system/sw/bin/systemctl
|
|
|
- - poweroff
|
|
|
- tty: true
|
|
|
- volumeMounts:
|
|
|
- - mountPath: /dev/dri
|
|
|
- name: dev-dri
|
|
|
- - mountPath: /run
|
|
|
- name: nixos-run
|
|
|
- - mountPath: /mnt/guix/tmp
|
|
|
- name: guix-tmp
|
|
|
- - mountPath: /mnt/guix/run
|
|
|
- name: guix-run
|
|
|
- mountPropagation: HostToContainer
|
|
|
- - mountPath: /home
|
|
|
- name: nixos-home
|
|
|
- - mountPath: /home/oleg/.mozilla/firefox
|
|
|
- name: home-oleg-mozilla-firefox
|
|
|
- - name: home-oleg-bash-history
|
|
|
- mountPath: /home/oleg/.bash_history
|
|
|
- - name: home-oleg-dot-config-google-chrome
|
|
|
- mountPath: /home/oleg/.config/google-chrome
|
|
|
- - name: root-bash-history
|
|
|
- mountPath: /root/.bash_history
|
|
|
- - name: home-oleg-config-wayvnc
|
|
|
- mountPath: /home/oleg/.config/wayvnc
|
|
|
- - name: home-oleg-dot-local-share-chatterino
|
|
|
- mountPath: /home/oleg/.local/share/chatterino
|
|
|
- - image: harbor.home.wugi.info/library/archlinux-systemd:latest
|
|
|
- name: archlinux
|
|
|
- env:
|
|
|
- - name: container
|
|
|
- value: docker
|
|
|
- securityContext:
|
|
|
- capabilities:
|
|
|
- add:
|
|
|
- - NET_ADMIN
|
|
|
- - NET_BIND_SERVICE
|
|
|
- - NET_RAW
|
|
|
- - SYS_ADMIN
|
|
|
- - SYS_NICE
|
|
|
- - SYS_TIME
|
|
|
- privileged: true
|
|
|
- tty: true
|
|
|
- lifecycle:
|
|
|
- preStop:
|
|
|
- exec:
|
|
|
- command:
|
|
|
- - /bin/systemctl
|
|
|
- - poweroff
|
|
|
- volumeMounts:
|
|
|
- - mountPath: /run
|
|
|
- name: archlinux-run
|
|
|
- - mountPath: /tmp
|
|
|
- name: archlinux-tmp
|
|
|
- - mountPath: /dev/dri
|
|
|
- name: dev-dri
|
|
|
- - mountPath: /mnt/guix/run
|
|
|
- name: guix-run
|
|
|
- mountPropagation: HostToContainer
|
|
|
- - mountPath: /mnt/guix/tmp
|
|
|
- name: guix-tmp
|
|
|
- - name: home-oleg-bash-history
|
|
|
- mountPath: /home/oleg/.bash_history
|
|
|
- - name: root-bash-history
|
|
|
- mountPath: /root/.bash_history
|
|
|
- - name: home-oleg-config-socialstream
|
|
|
- mountPath: /home/oleg/.config/SocialStream
|
|
|
- volumes:
|
|
|
- - name: dev-dri
|
|
|
- hostPath:
|
|
|
- path: /dev/dri
|
|
|
- type: Directory
|
|
|
- - name: dev-input
|
|
|
- hostPath:
|
|
|
- path: /dev/input
|
|
|
- type: Directory
|
|
|
- - name: dev-tty2
|
|
|
- hostPath:
|
|
|
- path: /dev/tty2
|
|
|
- type: CharDevice
|
|
|
- - name: dev-fuse
|
|
|
- hostPath:
|
|
|
- path: /dev/fuse
|
|
|
- type: CharDevice
|
|
|
- - name: nsswitch
|
|
|
- hostPath:
|
|
|
- path: /etc/nsswitch.conf
|
|
|
- type: File
|
|
|
- - name: services
|
|
|
- hostPath:
|
|
|
- path: /etc/services
|
|
|
- type: File
|
|
|
- - name: guix-shm
|
|
|
- emptyDir:
|
|
|
- medium: Memory
|
|
|
- sizeLimit: 1Gi
|
|
|
- - hostPath:
|
|
|
- path: /home/oleg
|
|
|
- type: Directory
|
|
|
- name: home-oleg
|
|
|
- - hostPath:
|
|
|
- path: /nix
|
|
|
- type: Directory
|
|
|
- name: nix
|
|
|
- - emptyDir:
|
|
|
- medium: Memory
|
|
|
- sizeLimit: 4G
|
|
|
- name: guix-tmp
|
|
|
- - emptyDir:
|
|
|
- medium: Memory
|
|
|
- sizeLimit: 4G
|
|
|
- name: archlinux-tmp
|
|
|
- - emptyDir:
|
|
|
- medium: Memory
|
|
|
- sizeLimit: 512M
|
|
|
- name: guix-run
|
|
|
- - emptyDir:
|
|
|
- medium: Memory
|
|
|
- sizeLimit: 512M
|
|
|
- name: nixos-run
|
|
|
- - emptyDir:
|
|
|
- name: nixos-home
|
|
|
- - emptyDir:
|
|
|
- medium: Memory
|
|
|
- sizeLimit: 512M
|
|
|
- name: archlinux-run
|
|
|
- - name: var-run-shepherd-socket
|
|
|
- hostPath:
|
|
|
- path: /var/run/shepherd/socket
|
|
|
- type: Socket
|
|
|
- - emptyDir:
|
|
|
- sizeLimit: 4G
|
|
|
- name: container-home-oleg
|
|
|
- - name: home-oleg-dot-cache-ihs
|
|
|
- hostPath:
|
|
|
- path: /home/oleg/.cache/ihs
|
|
|
- type: Directory
|
|
|
- - name: home-oleg-dot-config-google-chrome
|
|
|
- hostPath:
|
|
|
- path: /home/oleg/.config/google-chrome
|
|
|
- type: Directory
|
|
|
- - name: home-oleg-dot-config-obs-studio
|
|
|
- hostPath:
|
|
|
- path: /home/oleg/.config/obs-studio-4k
|
|
|
- type: Directory
|
|
|
- - name: home-oleg-dot-config-remmina
|
|
|
- hostPath:
|
|
|
- path: /home/oleg/.config/remmina
|
|
|
- type: Directory
|
|
|
- - name: home-oleg-dot-local-share-remmina
|
|
|
- hostPath:
|
|
|
- path: /home/oleg/.local/share/remmina
|
|
|
- type: Directory
|
|
|
- - name: home-oleg-dot-local-share-telegram
|
|
|
- hostPath:
|
|
|
- path: /home/oleg/.local/share/TelegramDesktop
|
|
|
- type: Directory
|
|
|
- - name: home-oleg-dot-local-share-chatterino
|
|
|
- hostPath:
|
|
|
- path: /home/oleg/.local/share/chatterino
|
|
|
- type: Directory
|
|
|
- - name: home-oleg-dot-mozilla
|
|
|
- hostPath:
|
|
|
- path: /home/oleg/.mozilla
|
|
|
- type: Directory
|
|
|
- - name: home-oleg-dot-password-store
|
|
|
- hostPath:
|
|
|
- path: /home/oleg/.password-store
|
|
|
- type: Directory
|
|
|
- - name: home-oleg-mozilla-firefox
|
|
|
- hostPath:
|
|
|
- path: /home/oleg/.mozilla/firefox
|
|
|
- type: Directory
|
|
|
- - name: nix
|
|
|
- hostPath:
|
|
|
- path: /nix
|
|
|
- type: Directory
|
|
|
- - name: home-oleg-ssh-private-key
|
|
|
- hostPath:
|
|
|
- path: /home/oleg/.ssh/id_ed25519
|
|
|
- type: File
|
|
|
- - name: home-oleg-ssh-public-key
|
|
|
- hostPath:
|
|
|
- path: /home/oleg/.ssh/id_ed25519.pub
|
|
|
- type: File
|
|
|
- - name: home-oleg-ssh-known-hosts
|
|
|
- hostPath:
|
|
|
- path: /home/oleg/.ssh/known_hosts
|
|
|
- type: File
|
|
|
- - name: home-oleg-bash-history
|
|
|
- hostPath:
|
|
|
- path: /home/oleg/.bash_history
|
|
|
- type: File
|
|
|
- - name: root-bash-history
|
|
|
- hostPath:
|
|
|
- path: /root/.bash_history
|
|
|
- type: File
|
|
|
- - name: home-oleg-config-socialstream
|
|
|
- hostPath:
|
|
|
- path: /home/oleg/.config/SocialStream
|
|
|
- type: Directory
|
|
|
- - name: home-oleg-config-wayvnc
|
|
|
- hostPath:
|
|
|
- path: /home/oleg/.config/wayvnc
|
|
|
- type: Directory
|