From 3304bb35337583c77d5656a7cc4386e9899ef808 Mon Sep 17 00:00:00 2001
From: foosinn <stefan@f2o.io>
Date: Tue, 3 Nov 2020 17:47:18 +0100
Subject: [PATCH 1/3] add argocd

---
 roles/admin.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/roles/admin.nix b/roles/admin.nix
index 439f110..6269237 100644
--- a/roles/admin.nix
+++ b/roles/admin.nix
@@ -8,6 +8,7 @@ in {
     kubectl
     pwgen
     whois
+    unstable.argocd
     unstable.kubernetes-helm
     unstable.kustomize
     unstable.vault

From b44f659e96e369ef78b8975489769afd6c34bb79 Mon Sep 17 00:00:00 2001
From: foosinn <stefan@f2o.io>
Date: Tue, 3 Nov 2020 17:47:39 +0100
Subject: [PATCH 2/3] update podman config for 20.09

---
 roles/admin.nix | 39 ++++-----------------------------------
 1 file changed, 4 insertions(+), 35 deletions(-)

diff --git a/roles/admin.nix b/roles/admin.nix
index 6269237..9797b1e 100644
--- a/roles/admin.nix
+++ b/roles/admin.nix
@@ -13,43 +13,12 @@ in {
     unstable.kustomize
     unstable.vault
 
-    # podman
-    conmon
-    fuse-overlayfs
-    podman
     podman-compose
-    runc
-    slirp4netns
+    fuse-overlayfs
   ];
 
-  users.users.stefan.subUidRanges = [{ startUid = 100000; count = 65536; }];
-  users.users.stefan.subGidRanges = [{ startGid = 100000; count = 65536; }];
-
-  environment.etc."containers/policy.json" = {
-    mode="0644";
-    text=''
-      {
-        "default": [
-          {
-            "type": "insecureAcceptAnything"
-          }
-        ],
-        "transports":
-          {
-            "docker-daemon":
-              {
-                "": [{"type":"insecureAcceptAnything"}]
-              }
-          }
-      }
-    '';
-  };
-
-  environment.etc."containers/registries.conf" = {
-    mode="0644";
-    text=''
-      [registries.search]
-      registries = ['docker.io', 'quay.io']
-    '';
+  virtualisation.podman = {
+    enable = true;
+    dockerCompat = true;
   };
 }

From af10b49f39133efb4941c313638769581fe2cf1c Mon Sep 17 00:00:00 2001
From: foosinn <stefan@f2o.io>
Date: Tue, 3 Nov 2020 17:48:17 +0100
Subject: [PATCH 3/3] add zfs auto snapshop

---
 roles/base.nix | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/roles/base.nix b/roles/base.nix
index b61b74a..6070db7 100644
--- a/roles/base.nix
+++ b/roles/base.nix
@@ -98,4 +98,10 @@ in {
 
   services.resolved.enable = true;
   services.lorri.enable = true;
+
+  services.zfs.autoSnapshot = {
+    enable = true;
+    frequent = 8;
+    monthly = 6;
+  };
 }