From 7711e69e5c0207e4049d01f8b2473e8cf866cccb Mon Sep 17 00:00:00 2001
From: foosinn <stefan@f2o.io>
Date: Sat, 13 Jun 2020 23:17:19 +0200
Subject: [PATCH] add admin role

---
 configuration.nix |  1 +
 roles/admin.nix   | 46 ++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 47 insertions(+)
 create mode 100644 roles/admin.nix

diff --git a/configuration.nix b/configuration.nix
index 61c4758..ace14f5 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -13,6 +13,7 @@
       # Include the results of the hardware scan.
       ./hardware-configuration.nix
 
+      ./roles/admin.nix
       ./roles/dev.nix
       ./roles/base.nix
       ./roles/desktop.nix
diff --git a/roles/admin.nix b/roles/admin.nix
new file mode 100644
index 0000000..dfeb70d
--- /dev/null
+++ b/roles/admin.nix
@@ -0,0 +1,46 @@
+{ pkgs, options, ...}:
+
+{
+  environment.systemPackages = with pkgs; [
+    kubectl
+
+    # podman
+    conmon
+    fuse-overlayfs
+    podman
+    podman-compose
+    runc
+    slirp4netns
+  ];
+
+  users.users.stefan.subUidRanges = [{ startUid = 100000; count = 65536; }];
+  users.users.stefan.subGidRanges = [{ startGid = 100000; count = 65536; }];
+
+  environment.etc."containers/policy.json" = {
+    mode="0644";
+    text=''
+      {
+        "default": [
+          {
+            "type": "insecureAcceptAnything"
+          }
+        ],
+        "transports":
+          {
+            "docker-daemon":
+              {
+                "": [{"type":"insecureAcceptAnything"}]
+              }
+          }
+      }
+    '';
+  };
+
+  environment.etc."containers/registries.conf" = {
+    mode="0644";
+    text=''
+      [registries.search]
+      registries = ['docker.io', 'quay.io']
+    '';
+  };
+}