wigust
/
dotfiles


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688
							apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: workstation
spec:
  updateStrategy:
    type: OnDelete
  selector:
    matchLabels:
      app.kubernetes.io/name: workstation
      app.kubernetes.io/part-of: workstation
  template:
    metadata:
      labels:
        app.kubernetes.io/name: workstation
        app.kubernetes.io/part-of: workstation
    spec:
      automountServiceAccountToken: false
      terminationGracePeriodSeconds: 600
      initContainers:
      - name: volume-mount-hack
        image: busybox
        imagePullPolicy: IfNotPresent
        command:
        - sh
        - -c
        - |
          set -o nounset -o errexit -o pipefail

          chown 1000:998 /home/oleg
          chmod 0755 /home/oleg

          mkdir /home/oleg/.cache
          chown 1000:998 /home/oleg/.cache

          mkdir /home/oleg/.config
          chown 1000:998 /home/oleg/.config

          mkdir /home/oleg/.local
          chown 1000:998 /home/oleg/.local

          mkdir /home/oleg/.local/var
          chown 1000:998 /home/oleg/.local/var

          mkdir /home/oleg/.local/var/log
          chown 1000:998 /home/oleg/.local/var/log

          mkdir /home/oleg/.local/share
          chown 1000:998 /home/oleg/.local/share

          mkdir /home/oleg/.ssh
          chown 1000:998 /home/oleg/.ssh

          mkdir /mnt/nixos/home/oleg
          chown 1000:998 /mnt/nixos/home/oleg

          mkdir -p /mnt/nixos/home/oleg/.mozilla
          chown 1000:998 /mnt/nixos/home/oleg/.mozilla

          mkdir -p /mnt/nixos/home/oleg/.config
          chown 1000:998 /mnt/nixos/home/oleg/.config

          mkdir /mnt/nixos/home/oleg/.local
          chown 1000:998 /mnt/nixos/home/oleg/.local

          mkdir /mnt/nixos/home/oleg/.local/share
          chown 1000:998 /mnt/nixos/home/oleg/.local/share

          mkdir /mnt/nixos/home/oleg/.ssh
          chown 1000:998 /mnt/nixos/home/oleg/.ssh
        volumeMounts:
        - mountPath: /home/oleg
          name: container-home-oleg
        - mountPath: /mnt/nixos/home
          name: nixos-home
      - name: clean-gnupg
        image: busybox
        imagePullPolicy: IfNotPresent
        command:
        - sh
        - -c
        - |
          set -o nounset -o errexit -o pipefail
          rm -f /home/oleg/.gnupg/gpg-agent.conf /home/oleg/.gnupg/gpg.conf
        volumeMounts:
        - name: home-oleg-dot-gnupg
          mountPath: /home/oleg/.gnupg
      containers:
      - image: harbor.home.wugi.info/library/guix-image-workstation:latest
        name: guix
        ports:
        - containerPort: 5353
          name: avahi
          protocol: UDP
        - containerPort: 16400
          name: scream
          protocol: UDP
        securityContext:
          capabilities:
            add:
            # - CHOWN
            # - DAC_OVERRIDE
            # - DAC_READ_SEARCH
            # - FOWNER
            # - FSETID
            # - KILL
            # - SETGID
            # - SETUID
            # - SETPCAP
            # - LINUX_IMMUTABLE
            # - NET_BIND_SERVICE
            # - NET_BROADCAST
            # - NET_ADMIN
            # - NET_RAW
            # - IPC_LOCK
            # - IPC_OWNER
            # - SYS_MODULE
            # - SYS_RAWIO
            # - SYS_CHROOT
            # - SYS_PTRACE
            # - SYS_PACCT
            - SYS_ADMIN
            # - SYS_BOOT
            # - SYS_NICE
            # - SYS_RESOURCE
            # - SYS_TIME
            # - SYS_TTY_CONFIG
            # - MKNOD
            # - LEASE
            # - AUDIT_WRITE
            # - AUDIT_CONTROL
            # - SETFCAP
            # - MAC_OVERRIDE
            # - MAC_ADMIN
            # - SYSLOG
            # - WAKE_ALARM
            # - BLOCK_SUSPEND
            # - AUDIT_READ
            # - PERFMON
            # - BPF
            # - CHECKPOINT_RESTORE
          privileged: true
          # allowPrivilegeEscalation: true
        tty: true
        volumeMounts:
        - mountPath: /run
          name: guix-run
          mountPropagation: Bidirectional
        - mountPath: /dev/dri
          name: dev-dri
        - mountPath: /dev/input
          name: dev-input
        - mountPath: /dev/tty0
          name: dev-tty2
        - mountPath: /dev/tty2
          name: dev-tty2
        - mountPath: /dev/fuse
          name: dev-fuse
        - mountPath: /etc/nsswitch.conf
          name: nsswitch
        - mountPath: /etc/services
          name: services
        - mountPath: /dev/shm
          name: guix-shm
        - mountPath: /tmp
          name: guix-tmp
        - mountPath: /mnt/guix/var/run/shepherd/socket
          name: var-run-shepherd-socket
        - mountPath: /home/oleg
          name: container-home-oleg
        - name: home-oleg-dot-cache-ihs
          mountPath: /home/oleg/.cache/ihs
        - name: home-oleg-dot-config-obs-studio
          mountPath: /home/oleg/.config/obs-studio
        - name: home-oleg-dot-config-remmina
          mountPath: /home/oleg/.config/remmina
        - name: home-oleg-dot-config-sway
          mountPath: /home/oleg/.config/sway
        - name: home-oleg-dot-local-share-remmina
          mountPath: /home/oleg/.local/share/remmina
        - name: home-oleg-dot-local-share-telegram
          mountPath: /home/oleg/.local/share/TelegramDesktop
        - name: home-oleg-dot-password-store
          mountPath: /home/oleg/.password-store
        - name: home-oleg-dot-gnupg
          mountPath: /home/oleg/.gnupg
        - name: home-oleg-ssh-private-key
          mountPath: /home/oleg/.ssh/id_ed25519
        - name: home-oleg-ssh-public-key
          mountPath: /home/oleg/.ssh/id_ed25519.pub
        - name: home-oleg-ssh-majordomo-gitlab-private-key
          mountPath: /home/oleg/.ssh/id_rsa_gitlab_intr_nopass
        - name: home-oleg-ssh-majordomo-gitlab-public-key
          mountPath: /home/oleg/.ssh/id_rsa_gitlab_intr_nopass.pub
        - name: home-oleg-ssh-known-hosts
          mountPath: /home/oleg/.ssh/known_hosts
        - name: home-oleg-bash-history
          mountPath: /home/oleg/.bash_history
        - name: root-bash-history
          mountPath: /root/.bash_history
        - name: home-oleg-src
          mountPath: /home/oleg/src
        - name: home-oleg-local-share-chezmoi
          mountPath: /home/oleg/.local/share/chezmoi
        - name: srv
          mountPath: /srv
        - name: home-oleg-config-qbittorrent
          mountPath: /home/oleg/.config/qBittorrent
        - name: home-oleg-dot-local-share-qbittorrent
          mountPath: /home/oleg/.local/share/qBittorrent
        - name: qbittorrent-incomplete
          mountPath: /mnt/qbittorrent-incomplete
        - name: guix-var-log
          mountPath: /var/log
        - name: guix-home-oleg-local-var-log
          mountPath: /home/oleg/.local/var/log
        lifecycle:
           preStop:
             exec:
               command:
               - /bin/sh
               - -c
               - |
                 if /run/current-system/profile/sbin/halt
                 then
                     :
                 else
                     exit 0
                 fi
      - name: nixos
        image: harbor.home.wugi.info/library/nixos-systemd:latest
        command:
        - /entrypoint.sh
        env:
        - name: container
          value: docker
        ports:
        - containerPort: 5900
          name: vnc
          protocol: TCP
        securityContext:
          capabilities:
            add:
            - SETUID
            - BLOCK_SUSPEND
            - NET_ADMIN
            - NET_BIND_SERVICE
            - NET_RAW
            - SYS_ADMIN
            - SYS_CHROOT
            - SYS_NICE
            - SYS_PTRACE
            - SYS_RESOURCE
            - SYS_TIME
          privileged: true
        lifecycle:
           preStop:
             exec:
               command:
               - /bin/sh
               - -c
               - |
                 if /run/current-system/sw/bin/systemctl poweroff
                 then
                     :
                 else
                     exit 0
                 fi
        tty: true
        volumeMounts:
        - mountPath: /dev/dri
          name: dev-dri
        - mountPath: /dev/tty0
          name: dev-tty9
        - mountPath: /dev/tty9
          name: dev-tty9
        - mountPath: /run
          name: nixos-run
        - mountPath: /mnt/guix/tmp
          name: guix-tmp
        - mountPath: /mnt/guix/run
          name: guix-run
          mountPropagation: HostToContainer
        # - name: mnt-web-ext4
        #   mountPath: /home
        - name: mnt-web-btrfs
          mountPath: /home
        # - mountPath: /home
        #   name: nixos-home
        - mountPath: /home/oleg/.mozilla/firefox
          name: home-oleg-mozilla-firefox
        - name: home-oleg-bash-history
          mountPath: /home/oleg/.bash_history
        - name: home-oleg-dot-config-google-chrome
          mountPath: /home/oleg/.config/google-chrome
        - name: root-bash-history
          mountPath: /root/.bash_history
        - name: home-oleg-config-wayvnc
          mountPath: /home/oleg/.config/wayvnc
        - name: home-oleg-dot-local-share-chatterino
          mountPath: /home/oleg/.local/share/chatterino
        - name: nixos-var-log
          mountPath: /var/log
        - name: home-oleg-ssh-majordomo-gitlab-private-key
          mountPath: /home/oleg/.ssh/id_rsa_gitlab_intr_nopass
        - name: home-oleg-ssh-majordomo-gitlab-public-key
          mountPath: /home/oleg/.ssh/id_rsa_gitlab_intr_nopass.pub
        - name: home-oleg-src
          mountPath: /home/oleg/src
        - name: home-oleg-ssh-known-hosts
          mountPath: /home/oleg/.ssh/known_hosts
        - name: home-oleg-robo3t
          mountPath: /home/oleg/.3T
        - name: nixos-var-lib-docker
          mountPath: /var/lib/docker
      - image: harbor.home.wugi.info/library/archlinux-systemd:latest
        name: archlinux
        env:
        - name: container
          value: docker
        securityContext:
          capabilities:
            add:
            - NET_ADMIN
            - NET_BIND_SERVICE
            - NET_RAW
            - SYS_ADMIN
            - SYS_NICE
            - SYS_TIME
          privileged: true
        tty: true
        lifecycle:
           preStop:
             exec:
               command:
               - /bin/sh
               - -c
               - |
                 if /bin/systemctl poweroff
                 then
                     :
                 else
                     exit 0
                 fi
        volumeMounts:
        - mountPath: /run
          name: archlinux-run
        - mountPath: /tmp
          name: archlinux-tmp
        - mountPath: /dev/dri
          name: dev-dri
        - mountPath: /mnt/guix/run
          name: guix-run
          mountPropagation: HostToContainer
        - mountPath: /mnt/guix/tmp
          name: guix-tmp
        - name: home-oleg-bash-history
          mountPath: /home/oleg/.bash_history
        - name: root-bash-history
          mountPath: /root/.bash_history
        - name: home-oleg-config-socialstream
          mountPath: /home/oleg/.config/SocialStream
        - name: archlinux-var-log
          mountPath: /var/log
        - name: home-oleg-src
          mountPath: /home/oleg/src
      - image: harbor.home.wugi.info/library/kali-rolling:latest
        name: kali-rolling
        env:
        - name: container
          value: docker
        securityContext:
          capabilities:
            add:
            - NET_ADMIN
            - NET_BIND_SERVICE
            - NET_RAW
            - SYS_ADMIN
            - SYS_NICE
            - SYS_TIME
          privileged: true
        tty: true
        lifecycle:
           preStop:
             exec:
               command:
               - /bin/sh
               - -c
               - |
                 if /bin/systemctl poweroff
                 then
                     :
                 else
                     exit 0
                 fi
        volumeMounts:
        - mountPath: /run
          name: kali-rolling-run
        - mountPath: /tmp
          name: kali-rolling-tmp
        - mountPath: /dev/dri
          name: dev-dri
        - mountPath: /mnt/guix/run
          name: guix-run
          mountPropagation: HostToContainer
        - mountPath: /mnt/guix/tmp
          name: guix-tmp
        - name: home-oleg-bash-history
          mountPath: /home/oleg/.bash_history
        - name: root-bash-history
          mountPath: /root/.bash_history
        - name: kali-rolling-var-log
          mountPath: /var/log
      - image: harbor.home.wugi.info/library/gentoo-systemd:latest
        name: gentoo
        env:
        - name: container
          value: docker
        securityContext:
          capabilities:
            add:
            - NET_ADMIN
            - NET_BIND_SERVICE
            - NET_RAW
            - SYS_ADMIN
            - SYS_NICE
            - SYS_TIME
          privileged: true
        tty: true
        lifecycle:
           preStop:
             exec:
               command:
               - /bin/sh
               - -c
               - |
                 if /bin/systemctl poweroff
                 then
                     :
                 else
                     exit 0
                 fi
        volumeMounts:
        - mountPath: /run
          name: gentoo-run
        - mountPath: /tmp
          name: gentoo-tmp
        - mountPath: /dev/dri
          name: dev-dri
        - mountPath: /mnt/guix/run
          name: guix-run
          mountPropagation: HostToContainer
        - mountPath: /mnt/guix/tmp
          name: guix-tmp
        - name: home-oleg-bash-history
          mountPath: /home/oleg/.bash_history
        - name: root-bash-history
          mountPath: /root/.bash_history
        - name: gentoo-var-log
          mountPath: /var/log
      volumes:
      - name: dev-dri
        hostPath:
          path: /dev/dri
          type: Directory
      - name: dev-input
        hostPath:
          path: /dev/input
          type: Directory
      - name: dev-tty2
        hostPath:
          path: /dev/tty2
          type: CharDevice
      - name: dev-tty9
        hostPath:
          path: /dev/tty9
          type: CharDevice
      - name: dev-fuse
        hostPath:
          path: /dev/fuse
          type: CharDevice
      - name: nsswitch
        hostPath:
          path: /etc/nsswitch.conf
          type: File
      - name: services
        hostPath:
          path: /etc/services
          type: File
      - name: guix-shm
        emptyDir:
          medium: Memory
          sizeLimit: 1Gi
      - hostPath:
          path: /home/oleg
          type: Directory
        name: home-oleg
      - emptyDir:
          medium: Memory
          sizeLimit: 4G
        name: guix-tmp
      - emptyDir:
          medium: Memory
          sizeLimit: 4G
        name: archlinux-tmp
      - emptyDir:
          medium: Memory
          sizeLimit: 512M
        name: guix-run
      - emptyDir:
          medium: Memory
          sizeLimit: 512M
        name: nixos-run
      - emptyDir:
        name: nixos-home
      - emptyDir:
          medium: Memory
          sizeLimit: 512M
        name: archlinux-run
      - name: var-run-shepherd-socket
        hostPath:
          path: /var/run/shepherd/socket
          type: Socket
      - emptyDir:
          sizeLimit: 4G
        name: container-home-oleg
      - name: home-oleg-dot-cache-ihs
        hostPath:
          path: /home/oleg/.cache/ihs
          type: Directory
      - name: home-oleg-dot-config-google-chrome
        hostPath:
          path: /home/oleg/.config/google-chrome
          type: Directory
      - name: home-oleg-dot-config-obs-studio
        hostPath:
          path: /home/oleg/.config/obs-studio-4k
          type: Directory
      - name: home-oleg-dot-config-remmina
        hostPath:
          path: /home/oleg/.config/remmina
          type: Directory
      - name: home-oleg-dot-config-sway
        hostPath:
          path: /home/oleg/.config/sway
          type: Directory
      - name: home-oleg-dot-local-share-remmina
        hostPath:
          path: /home/oleg/.local/share/remmina
          type: Directory
      - name: home-oleg-dot-local-share-telegram
        hostPath:
          path: /home/oleg/.local/share/TelegramDesktop
          type: Directory
      - name: home-oleg-dot-local-share-chatterino
        hostPath:
          path: /home/oleg/.local/share/chatterino
          type: Directory
      - name: home-oleg-dot-mozilla
        hostPath:
          path: /home/oleg/.mozilla
          type: Directory
      - name: home-oleg-dot-password-store
        hostPath:
          path: /home/oleg/.password-store
          type: Directory
      - name: home-oleg-dot-gnupg
        hostPath:
          path: /home/oleg/.gnupg
          type: Directory
      - name: home-oleg-robo3t
        hostPath:
          path: /home/oleg/.3T
          type: Directory
      - name: home-oleg-mozilla-firefox
        hostPath:
          path: /home/oleg/.mozilla/firefox
          type: Directory
      - name: home-oleg-ssh-private-key
        hostPath:
          path: /home/oleg/.ssh/id_ed25519
          type: File
      - name: home-oleg-ssh-public-key
        hostPath:
          path: /home/oleg/.ssh/id_ed25519.pub
          type: File
      - name: home-oleg-ssh-majordomo-gitlab-private-key
        hostPath:
          path: /home/oleg/.ssh/id_rsa_gitlab_intr_nopass
          type: File
      - name: home-oleg-ssh-majordomo-gitlab-public-key
        hostPath:
          path: /home/oleg/.ssh/id_rsa_gitlab_intr_nopass.pub
          type: File
      - name: home-oleg-ssh-known-hosts
        hostPath:
          path: /home/oleg/.ssh/known_hosts
          type: File
      - name: home-oleg-bash-history
        hostPath:
          path: /home/oleg/.bash_history
          type: File
      - name: root-bash-history
        hostPath:
          path: /root/.bash_history
          type: File
      - name: home-oleg-config-socialstream
        hostPath:
          path: /home/oleg/.config/SocialStream
          type: Directory
      - name: home-oleg-config-qbittorrent
        hostPath:
          path: /home/oleg/.config/qBittorrent
          type: Directory
      - name: home-oleg-dot-local-share-qbittorrent
        hostPath:
          path: /home/oleg/.local/share/qBittorrent
          type: Directory
      - name: home-oleg-src
        hostPath:
          path: /home/oleg/src
          type: Directory
      - name: taskexecutor
        hostPath:
          path: /home/oleg/src/gitlab.intr/hms/taskexecutor
          type: Directory
      - name: home-oleg-local-share-chezmoi
        hostPath:
          path: /home/oleg/.local/share/chezmoi
          type: Directory
      - name: srv
        hostPath:
          path: /srv
          type: Directory
      - name: qbittorrent-incomplete
        hostPath:
          path: /mnt/qbittorrent-incomplete
          type: Directory
      - name: home-oleg-config-wayvnc
        hostPath:
          path: /home/oleg/.config/wayvnc
          type: Directory
      - name: mnt-web-ext4
        hostPath:
          path: /mnt/web-ext4
          type: Directory
      - name: mnt-web-btrfs
        hostPath:
          path: /mnt/web-btrfs
          type: Directory
      - emptyDir:
          medium: Memory
          sizeLimit: 4G
        name: kali-rolling-tmp
      - emptyDir:
          medium: Memory
          sizeLimit: 512M
        name: kali-rolling-run
      - emptyDir:
          medium: Memory
          sizeLimit: 4G
        name: gentoo-tmp
      - emptyDir:
          medium: Memory
          sizeLimit: 512M
        name: gentoo-run
      - emptyDir:
          sizeLimit: 512M
        name: archlinux-var-log
      - emptyDir:
          sizeLimit: 512M
        name: gentoo-var-log
      - emptyDir:
          sizeLimit: 512M
        name: guix-var-log
      - emptyDir:
          sizeLimit: 512M
        name: guix-home-oleg-local-var-log
      - emptyDir:
          sizeLimit: 512M
        name: kali-rolling-var-log
      - emptyDir:
          sizeLimit: 512M
        name: nixos-var-log
      - emptyDir:
          sizeLimit: 16G
        name: nixos-var-lib-docker