Compare commits
31 commits
Author | SHA1 | Date | |
---|---|---|---|
5aeb620a66 | |||
8e72e4585e | |||
852d0c107b | |||
fe3e4a50fb | |||
c1f9e26c06 | |||
227e8a381a | |||
4ae36d6b79 | |||
7248adf458 | |||
9602ab9539 | |||
be798718ce | |||
74ae6096fd | |||
e018572545 | |||
2b0bd95587 | |||
5c6e3b2715 | |||
23831441b3 | |||
60b1cef998 | |||
fdc980208d | |||
0a1d7fe2e1 | |||
ea74128e31 | |||
2f09831cd8 | |||
|
9af56ee89f | ||
353ea2a57b | |||
d5cf620e0a | |||
1b1c6b2849 | |||
c96bce2975 | |||
edf11d7650 | |||
a1c645a1e6 | |||
7d9d2a93df | |||
9e609128af | |||
6fe7c98069 | |||
f7902ae1c7 |
18 changed files with 485 additions and 240 deletions
2
.gitignore
vendored
2
.gitignore
vendored
|
@ -1 +1,3 @@
|
||||||
.direnv
|
.direnv
|
||||||
|
result
|
||||||
|
.gcroots
|
||||||
|
|
|
@ -3,13 +3,13 @@ let
|
||||||
inherit
|
inherit
|
||||||
(self.inputs)
|
(self.inputs)
|
||||||
nixpkgs
|
nixpkgs
|
||||||
|
lix-module
|
||||||
home-manager
|
home-manager
|
||||||
agenix
|
agenix
|
||||||
nur
|
nur
|
||||||
colmena
|
colmena
|
||||||
flake-registry
|
flake-registry
|
||||||
nixos-hardware
|
nixos-hardware
|
||||||
nixpkgs-unstable
|
|
||||||
srvos
|
srvos
|
||||||
disko
|
disko
|
||||||
;
|
;
|
||||||
|
@ -33,7 +33,6 @@ let
|
||||||
./modules/hosts.nix
|
./modules/hosts.nix
|
||||||
./modules/network.nix
|
./modules/network.nix
|
||||||
./modules/zsh.nix
|
./modules/zsh.nix
|
||||||
./modules/ssh-cursed.nix
|
|
||||||
# FIXME: ./modules/buildbot — whenever you are ready.
|
# FIXME: ./modules/buildbot — whenever you are ready.
|
||||||
|
|
||||||
|
|
||||||
|
@ -46,6 +45,9 @@ let
|
||||||
# srvos.nixosModules.mixins-telegraf
|
# srvos.nixosModules.mixins-telegraf
|
||||||
# srvos.nixosModules.mixins-terminfo
|
# srvos.nixosModules.mixins-terminfo
|
||||||
|
|
||||||
|
# use lix
|
||||||
|
lix-module.nixosModules.default
|
||||||
|
|
||||||
agenix.nixosModules.default
|
agenix.nixosModules.default
|
||||||
({ pkgs
|
({ pkgs
|
||||||
, config
|
, config
|
||||||
|
@ -58,7 +60,7 @@ let
|
||||||
{
|
{
|
||||||
nix.nixPath = [
|
nix.nixPath = [
|
||||||
"home-manager=${home-manager}"
|
"home-manager=${home-manager}"
|
||||||
"nixpkgs=${pkgs.path}"
|
"nixpkgs=flake:nixpkgs"
|
||||||
"nur=${nur}"
|
"nur=${nur}"
|
||||||
];
|
];
|
||||||
# TODO: share nixpkgs for each machine to speed up local evaluation.
|
# TODO: share nixpkgs for each machine to speed up local evaluation.
|
||||||
|
@ -70,10 +72,7 @@ let
|
||||||
#};
|
#};
|
||||||
# sops.defaultSopsFile = lib.mkIf (builtins.pathExists sopsFile) sopsFile;
|
# sops.defaultSopsFile = lib.mkIf (builtins.pathExists sopsFile) sopsFile;
|
||||||
|
|
||||||
nix.extraOptions = ''
|
nix.settings.builders-use-substitutes = true;
|
||||||
flake-registry = ${flake-registry}/flake-registry.json
|
|
||||||
builders-use-substitutes = true
|
|
||||||
'';
|
|
||||||
|
|
||||||
nix.registry = {
|
nix.registry = {
|
||||||
home-manager.flake = home-manager;
|
home-manager.flake = home-manager;
|
||||||
|
@ -104,6 +103,12 @@ in
|
||||||
flake.colmena = {
|
flake.colmena = {
|
||||||
meta.nixpkgs = import nixpkgs {
|
meta.nixpkgs = import nixpkgs {
|
||||||
system = "x86_64-linux";
|
system = "x86_64-linux";
|
||||||
|
# yikes, this overlay has to be listed twice since colmena makes us
|
||||||
|
# import nixpkgs explicitly here
|
||||||
|
overlays = [
|
||||||
|
# bonking cppnix out of the closure as much as possible
|
||||||
|
lix-module.overlays.default
|
||||||
|
];
|
||||||
};
|
};
|
||||||
epyc = {
|
epyc = {
|
||||||
imports =
|
imports =
|
||||||
|
|
259
flake.lock
259
flake.lock
|
@ -10,11 +10,11 @@
|
||||||
"systems": "systems"
|
"systems": "systems"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1716561646,
|
"lastModified": 1718371084,
|
||||||
"narHash": "sha256-UIGtLO89RxKt7RF2iEgPikSdU53r6v/6WYB0RW3k89I=",
|
"narHash": "sha256-abpBi61mg0g+lFFU0zY4C6oP6fBwPzbHPKBGw676xsA=",
|
||||||
"owner": "ryantm",
|
"owner": "ryantm",
|
||||||
"repo": "agenix",
|
"repo": "agenix",
|
||||||
"rev": "c2fc0762bbe8feb06a2e59a364fa81b3a57671c9",
|
"rev": "3a56735779db467538fb2e577eda28a9daacaca6",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -32,11 +32,11 @@
|
||||||
"nixpkgs-stable": "nixpkgs-stable"
|
"nixpkgs-stable": "nixpkgs-stable"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1711742460,
|
"lastModified": 1717279440,
|
||||||
"narHash": "sha256-0O4v6e4a1toxXZ2gf5INhg4WPE5C5T+SVvsBt+45Mcc=",
|
"narHash": "sha256-kH04ReTjxOpQumgWnqy40vvQLSnLGxWP6RF3nq5Esrk=",
|
||||||
"owner": "zhaofengli",
|
"owner": "zhaofengli",
|
||||||
"repo": "attic",
|
"repo": "attic",
|
||||||
"rev": "4dbdbee45728d8ce5788db6461aaaa89d98081f0",
|
"rev": "717cc95983cdc357bc347d70be20ced21f935843",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -76,11 +76,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1702918879,
|
"lastModified": 1717025063,
|
||||||
"narHash": "sha256-tWJqzajIvYcaRWxn+cLUB9L9Pv4dQ3Bfit/YjU5ze3g=",
|
"narHash": "sha256-dIubLa56W9sNNz0e8jGxrX3CAkPXsq7snuFA/Ie6dn8=",
|
||||||
"owner": "ipetkov",
|
"owner": "ipetkov",
|
||||||
"repo": "crane",
|
"repo": "crane",
|
||||||
"rev": "7195c00c272fdd92fc74e7d5a0a2844b9fadb2fb",
|
"rev": "480dff0be03dac0e51a8dfc26e882b0d123a450e",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -118,11 +118,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1716431128,
|
"lastModified": 1718846788,
|
||||||
"narHash": "sha256-t3T8HlX3udO6f4ilLcN+j5eC3m2gqsouzSGiriKK6vk=",
|
"narHash": "sha256-9dtXYtEkmXoUJV+PGLqscqF7qTn4AIhAKpFWRFU2NYs=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "disko",
|
"repo": "disko",
|
||||||
"rev": "7ffc4354dfeb37c8c725ae1465f04a9b45ec8606",
|
"rev": "e1174d991944a01eaaa04bc59c6281edca4c0e6e",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -163,6 +163,22 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"flake-compat_3": {
|
||||||
|
"flake": false,
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1696426674,
|
||||||
|
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
|
||||||
|
"owner": "edolstra",
|
||||||
|
"repo": "flake-compat",
|
||||||
|
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "edolstra",
|
||||||
|
"repo": "flake-compat",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
"flake-parts": {
|
"flake-parts": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"nixpkgs-lib": [
|
"nixpkgs-lib": [
|
||||||
|
@ -170,11 +186,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1715865404,
|
"lastModified": 1717285511,
|
||||||
"narHash": "sha256-/GJvTdTpuDjNn84j82cU6bXztE0MSkdnTWClUCRub78=",
|
"narHash": "sha256-iKzJcpdXih14qYVcZ9QC9XuZYnPc6T8YImb6dX166kw=",
|
||||||
"owner": "hercules-ci",
|
"owner": "hercules-ci",
|
||||||
"repo": "flake-parts",
|
"repo": "flake-parts",
|
||||||
"rev": "8dc45382d5206bd292f9c2768b8058a8fd8311d9",
|
"rev": "2a55567fcf15b1b1c7ed712a2c6fadaec7412ea8",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -183,22 +199,6 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"flake-registry": {
|
|
||||||
"flake": false,
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1705308826,
|
|
||||||
"narHash": "sha256-Z3xTYZ9EcRIqZAufZbci912MUKB0sD+qxi/KTGMFVwY=",
|
|
||||||
"owner": "NixOS",
|
|
||||||
"repo": "flake-registry",
|
|
||||||
"rev": "9c69f7bd2363e71fe5cd7f608113290c7614dcdd",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "NixOS",
|
|
||||||
"repo": "flake-registry",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"flake-utils": {
|
"flake-utils": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1667395993,
|
"lastModified": 1667395993,
|
||||||
|
@ -229,6 +229,39 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"flake-utils_3": {
|
||||||
|
"inputs": {
|
||||||
|
"systems": "systems_2"
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1726560853,
|
||||||
|
"narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=",
|
||||||
|
"owner": "numtide",
|
||||||
|
"repo": "flake-utils",
|
||||||
|
"rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "numtide",
|
||||||
|
"repo": "flake-utils",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"flakey-profile": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1712898590,
|
||||||
|
"narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=",
|
||||||
|
"owner": "lf-",
|
||||||
|
"repo": "flakey-profile",
|
||||||
|
"rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "lf-",
|
||||||
|
"repo": "flakey-profile",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
"home-manager": {
|
"home-manager": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"nixpkgs": [
|
"nixpkgs": [
|
||||||
|
@ -257,11 +290,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1717527182,
|
"lastModified": 1718530513,
|
||||||
"narHash": "sha256-vWSkg6AMok1UUQiSYVdGMOXKD2cDFnajITiSi0Zjd1A=",
|
"narHash": "sha256-BmO8d0r+BVlwWtMLQEYnwmngqdXIuyFzMwvmTcLMee8=",
|
||||||
"owner": "rycee",
|
"owner": "rycee",
|
||||||
"repo": "home-manager",
|
"repo": "home-manager",
|
||||||
"rev": "845a5c4c073f74105022533907703441e0464bc3",
|
"rev": "a1fddf0967c33754271761d91a3d921772b30d0e",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -271,13 +304,78 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"lix": {
|
||||||
|
"inputs": {
|
||||||
|
"flake-compat": "flake-compat_3",
|
||||||
|
"nix2container": "nix2container",
|
||||||
|
"nixpkgs": [
|
||||||
|
"nixpkgs"
|
||||||
|
],
|
||||||
|
"nixpkgs-regression": "nixpkgs-regression",
|
||||||
|
"pre-commit-hooks": "pre-commit-hooks"
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1729296222,
|
||||||
|
"narHash": "sha256-fwJyGrkTemR1SwkAPXfxlY0RYCxy34NedmR35amytCc=",
|
||||||
|
"ref": "refs/heads/main",
|
||||||
|
"rev": "60578b4d7d0dfc296c61cae963b6b2763422788e",
|
||||||
|
"revCount": 16362,
|
||||||
|
"type": "git",
|
||||||
|
"url": "https://git.lix.systems/lix-project/lix.git"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"ref": "refs/heads/main",
|
||||||
|
"rev": "60578b4d7d0dfc296c61cae963b6b2763422788e",
|
||||||
|
"type": "git",
|
||||||
|
"url": "https://git.lix.systems/lix-project/lix.git"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"lix-module": {
|
||||||
|
"inputs": {
|
||||||
|
"flake-utils": "flake-utils_3",
|
||||||
|
"flakey-profile": "flakey-profile",
|
||||||
|
"lix": [
|
||||||
|
"lix"
|
||||||
|
],
|
||||||
|
"nixpkgs": [
|
||||||
|
"nixpkgs"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1727752861,
|
||||||
|
"narHash": "sha256-jowmo2aEzrEpPSM96IWtajuogdJm7DjAWxFTEb7Ct0s=",
|
||||||
|
"rev": "fd186f535a4ac7ae35d98c1dd5d79f0a81b7976d",
|
||||||
|
"type": "tarball",
|
||||||
|
"url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/fd186f535a4ac7ae35d98c1dd5d79f0a81b7976d.tar.gz?rev=fd186f535a4ac7ae35d98c1dd5d79f0a81b7976d"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"type": "tarball",
|
||||||
|
"url": "https://git.lix.systems/lix-project/nixos-module/archive/main.tar.gz"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"nix2container": {
|
||||||
|
"flake": false,
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1724996935,
|
||||||
|
"narHash": "sha256-njRK9vvZ1JJsP8oV2OgkBrpJhgQezI03S7gzskCcHos=",
|
||||||
|
"owner": "nlewo",
|
||||||
|
"repo": "nix2container",
|
||||||
|
"rev": "fa6bb0a1159f55d071ba99331355955ae30b3401",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "nlewo",
|
||||||
|
"repo": "nix2container",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
"nixos-hardware": {
|
"nixos-hardware": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1716715385,
|
"lastModified": 1719069430,
|
||||||
"narHash": "sha256-fe6Z33pbfqu4TI5ijmcaNc5vRBs633tyxJ12HTghy3w=",
|
"narHash": "sha256-d9KzCJv3UG6nX9Aur5OSEf4Uj+ywuxojhiCiRKYVzXA=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixos-hardware",
|
"repo": "nixos-hardware",
|
||||||
"rev": "2e7d6c568063c83355fe066b8a8917ee758de1b8",
|
"rev": "e8232c132a95ddc62df9d404120ad4ff53862910",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -302,6 +400,22 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"nixpkgs-regression": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1643052045,
|
||||||
|
"narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=",
|
||||||
|
"owner": "NixOS",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "NixOS",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
"nixpkgs-stable": {
|
"nixpkgs-stable": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1711460390,
|
"lastModified": 1711460390,
|
||||||
|
@ -318,13 +432,13 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"nixpkgs-unstable": {
|
"nixpkgs_2": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1716715802,
|
"lastModified": 1724932487,
|
||||||
"narHash": "sha256-usk0vE7VlxPX8jOavrtpOqphdfqEQpf9lgedlY/r66c=",
|
"narHash": "sha256-zzbqHmY1mt21omyk1+14QbAkII1B7OHlwKLcczVq22w=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "e2dd4e18cc1c7314e24154331bae07df76eb582f",
|
"rev": "b4f7fb71438d00539b21f1b1e6968c0eac060127",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -334,34 +448,34 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"nixpkgs_2": {
|
"nur": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1709742294,
|
"lastModified": 1719099906,
|
||||||
"narHash": "sha256-8iPomMqw7grXVsugMJhsnHdbre8LnXOQUtHtMXRaWqc=",
|
"narHash": "sha256-xo1cNkVBW7NxTU5zMu0B7ZkismtkHfTRWfhBXbNnp9g=",
|
||||||
"owner": "NixOS",
|
"owner": "nix-community",
|
||||||
"repo": "nixpkgs",
|
"repo": "NUR",
|
||||||
"rev": "56051fbe049bf39adc1f08eb51740c226a4c3b90",
|
"rev": "315cf1f8c5f5e92150d81ccafba7525c54327094",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"owner": "NixOS",
|
"owner": "nix-community",
|
||||||
"repo": "nixpkgs",
|
"repo": "NUR",
|
||||||
"rev": "56051fbe049bf39adc1f08eb51740c226a4c3b90",
|
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"nur": {
|
"pre-commit-hooks": {
|
||||||
|
"flake": false,
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1716741358,
|
"lastModified": 1726745158,
|
||||||
"narHash": "sha256-4bxptwbmplGKq3W4tl6Zem/bOHsdLP4DSPcm/FfCaFE=",
|
"narHash": "sha256-D5AegvGoEjt4rkKedmxlSEmC+nNLMBPWFxvmYnVLhjk=",
|
||||||
"owner": "nix-community",
|
"owner": "cachix",
|
||||||
"repo": "NUR",
|
"repo": "git-hooks.nix",
|
||||||
"rev": "c65a3bde6793b437a705edfe5ff8435cbb8307a2",
|
"rev": "4e743a6920eab45e8ba0fbe49dc459f1423a4b74",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"owner": "nix-community",
|
"owner": "cachix",
|
||||||
"repo": "NUR",
|
"repo": "git-hooks.nix",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
@ -372,11 +486,11 @@
|
||||||
"colmena": "colmena",
|
"colmena": "colmena",
|
||||||
"disko": "disko",
|
"disko": "disko",
|
||||||
"flake-parts": "flake-parts",
|
"flake-parts": "flake-parts",
|
||||||
"flake-registry": "flake-registry",
|
|
||||||
"home-manager": "home-manager_2",
|
"home-manager": "home-manager_2",
|
||||||
|
"lix": "lix",
|
||||||
|
"lix-module": "lix-module",
|
||||||
"nixos-hardware": "nixos-hardware",
|
"nixos-hardware": "nixos-hardware",
|
||||||
"nixpkgs": "nixpkgs_2",
|
"nixpkgs": "nixpkgs_2",
|
||||||
"nixpkgs-unstable": "nixpkgs-unstable",
|
|
||||||
"nur": "nur",
|
"nur": "nur",
|
||||||
"srvos": "srvos"
|
"srvos": "srvos"
|
||||||
}
|
}
|
||||||
|
@ -388,15 +502,15 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1716425501,
|
"lastModified": 1724920817,
|
||||||
"narHash": "sha256-BSLhmGYY1khyyBAjraR+N0Pa9Nha/et5yQQlEZxcfkU=",
|
"narHash": "sha256-qWXS+4M9kHXxG1HgZuv+3gm3KQc1aPdBZUPnLLev8w0=",
|
||||||
"owner": "numtide",
|
"owner": "nix-community",
|
||||||
"repo": "srvos",
|
"repo": "srvos",
|
||||||
"rev": "1122cd50a23647e09c3e7a679d37ec02113bc412",
|
"rev": "977841b31ddbd3c919f56767a6f85d0615440759",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"owner": "numtide",
|
"owner": "nix-community",
|
||||||
"repo": "srvos",
|
"repo": "srvos",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
|
@ -431,6 +545,21 @@
|
||||||
"repo": "default",
|
"repo": "default",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
|
},
|
||||||
|
"systems_2": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1681028828,
|
||||||
|
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
|
||||||
|
"owner": "nix-systems",
|
||||||
|
"repo": "default",
|
||||||
|
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "nix-systems",
|
||||||
|
"repo": "default",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"root": "root",
|
"root": "root",
|
||||||
|
|
142
flake.nix
142
flake.nix
|
@ -4,15 +4,20 @@
|
||||||
# To update all inputs:
|
# To update all inputs:
|
||||||
# $ nix flake update --recreate-lock-file
|
# $ nix flake update --recreate-lock-file
|
||||||
inputs = {
|
inputs = {
|
||||||
|
lix.url = "git+https://git.lix.systems/lix-project/lix.git?ref=refs/heads/main&rev=60578b4d7d0dfc296c61cae963b6b2763422788e";
|
||||||
|
lix.inputs.nixpkgs.follows = "nixpkgs";
|
||||||
|
|
||||||
|
lix-module.url = "https://git.lix.systems/lix-project/nixos-module/archive/main.tar.gz";
|
||||||
|
lix-module.inputs.nixpkgs.follows = "nixpkgs";
|
||||||
|
lix-module.inputs.lix.follows = "lix";
|
||||||
|
|
||||||
disko.url = "github:nix-community/disko";
|
disko.url = "github:nix-community/disko";
|
||||||
disko.inputs.nixpkgs.follows = "nixpkgs";
|
disko.inputs.nixpkgs.follows = "nixpkgs";
|
||||||
|
|
||||||
flake-parts.url = "github:hercules-ci/flake-parts";
|
flake-parts.url = "github:hercules-ci/flake-parts";
|
||||||
flake-parts.inputs.nixpkgs-lib.follows = "nixpkgs";
|
flake-parts.inputs.nixpkgs-lib.follows = "nixpkgs";
|
||||||
|
|
||||||
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
|
nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
|
||||||
# contains kernel 6.7.7, do not update
|
|
||||||
nixpkgs.url = "github:NixOS/nixpkgs/56051fbe049bf39adc1f08eb51740c226a4c3b90";
|
|
||||||
|
|
||||||
nixos-hardware.url = "github:NixOS/nixos-hardware";
|
nixos-hardware.url = "github:NixOS/nixos-hardware";
|
||||||
nur.url = "github:nix-community/NUR";
|
nur.url = "github:nix-community/NUR";
|
||||||
|
@ -28,7 +33,7 @@
|
||||||
|
|
||||||
attic.url = "github:zhaofengli/attic";
|
attic.url = "github:zhaofengli/attic";
|
||||||
|
|
||||||
srvos.url = "github:numtide/srvos";
|
srvos.url = "github:nix-community/srvos";
|
||||||
# actually not used when using the modules but than nothing ever will try to fetch this nixpkgs variant
|
# actually not used when using the modules but than nothing ever will try to fetch this nixpkgs variant
|
||||||
srvos.inputs.nixpkgs.follows = "nixpkgs";
|
srvos.inputs.nixpkgs.follows = "nixpkgs";
|
||||||
|
|
||||||
|
@ -36,74 +41,93 @@
|
||||||
# Private repository, you need a valid SSH key to access it
|
# Private repository, you need a valid SSH key to access it
|
||||||
# nixos-hypervisor.url = "git+ssh://gitea@git.newtype.fr/newtype/nixos-hypervisor?ref=main";
|
# nixos-hypervisor.url = "git+ssh://gitea@git.newtype.fr/newtype/nixos-hypervisor?ref=main";
|
||||||
# nixos-hypervisor.inputs.nixpkgs.follows = "nixpkgs";
|
# nixos-hypervisor.inputs.nixpkgs.follows = "nixpkgs";
|
||||||
|
|
||||||
flake-registry.url = "github:NixOS/flake-registry";
|
|
||||||
flake-registry.flake = false;
|
|
||||||
};
|
};
|
||||||
|
|
||||||
outputs =
|
outputs =
|
||||||
{ flake-parts
|
{
|
||||||
, ...
|
flake-parts,
|
||||||
} @ inputs:
|
...
|
||||||
(flake-parts.lib.evalFlakeModule
|
}@inputs:
|
||||||
{ inherit inputs; }
|
(flake-parts.lib.evalFlakeModule { inherit inputs; } (
|
||||||
({ self, inputs, ... }: {
|
{ self, inputs, ... }:
|
||||||
systems = [ "x86_64-linux" "aarch64-linux" "aarch64-darwin" ];
|
{
|
||||||
|
systems = [
|
||||||
|
"x86_64-linux"
|
||||||
|
"aarch64-linux"
|
||||||
|
"aarch64-darwin"
|
||||||
|
];
|
||||||
imports = [
|
imports = [
|
||||||
./configurations.nix
|
./configurations.nix
|
||||||
# ./modules/monitoring/flake-module.nix
|
# ./modules/monitoring/flake-module.nix
|
||||||
# ./pkgs/flake-module.nix
|
# ./pkgs/flake-module.nix
|
||||||
# ./templates
|
# ./templates
|
||||||
];
|
];
|
||||||
perSystem = { self', pkgs, ... }: {
|
|
||||||
devShells.default = pkgs.mkShellNoCC {
|
|
||||||
buildInputs = [
|
|
||||||
pkgs.ipmitool
|
|
||||||
pkgs.colmena
|
|
||||||
|
|
||||||
pkgs.python3.pkgs.invoke
|
# provide debug, allSystems, currentSystem in the resulting flake
|
||||||
#Until nixos-anywhere is packaged
|
debug = true;
|
||||||
pkgs.python3.pkgs.deploykit
|
|
||||||
pkgs.mypy
|
|
||||||
pkgs.pixiecore
|
|
||||||
pkgs.dnsmasq
|
|
||||||
pkgs.python3.pkgs.netaddr
|
|
||||||
pkgs.qemu_kvm
|
|
||||||
pkgs.openssh
|
|
||||||
pkgs.gitMinimal # for git flakes
|
|
||||||
pkgs.rsync
|
|
||||||
pkgs.nix
|
|
||||||
pkgs.coreutils
|
|
||||||
pkgs.curl # when uploading tarballs
|
|
||||||
pkgs.gnugrep
|
|
||||||
pkgs.findutils
|
|
||||||
pkgs.gnused # needed by ssh-copy-id
|
|
||||||
# sops dependencies
|
|
||||||
pkgs.age
|
|
||||||
pkgs.yq-go
|
|
||||||
] ++ pkgs.lib.optional (pkgs.stdenv.isLinux) pkgs.mkpasswd;
|
|
||||||
};
|
|
||||||
packages = {
|
|
||||||
# netboot = pkgs.callPackage ./modules/netboot/netboot.nix {
|
|
||||||
# # this nixosSystem is built for x86_64 machines regardless of the host machine
|
|
||||||
# pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux;
|
|
||||||
# inherit (inputs.nixpkgs.lib) nixosSystem;
|
|
||||||
# extraModules = [
|
|
||||||
# self.inputs.nur.nixosModules.nur
|
|
||||||
# { _module.args.inputs = self.inputs; }
|
|
||||||
# ];
|
|
||||||
# };
|
|
||||||
|
|
||||||
# netboot-pixie-core = pkgs.callPackage ./modules/netboot/netboot-pixie-core.nix {
|
perSystem =
|
||||||
# inherit (self'.packages) netboot;
|
{ self', pkgs, system, ... }:
|
||||||
# };
|
{
|
||||||
|
# apply the lix overlay to banish CppNix
|
||||||
|
_module.args.pkgs = import inputs.nixpkgs {
|
||||||
|
inherit system;
|
||||||
|
overlays = [ inputs.lix-module.overlays.default ];
|
||||||
|
};
|
||||||
|
|
||||||
|
devShells.default = pkgs.mkShellNoCC {
|
||||||
|
buildInputs = [
|
||||||
|
pkgs.ipmitool
|
||||||
|
pkgs.colmena
|
||||||
|
|
||||||
|
pkgs.python3.pkgs.invoke
|
||||||
|
#Until nixos-anywhere is packaged
|
||||||
|
pkgs.python3.pkgs.deploykit
|
||||||
|
pkgs.mypy
|
||||||
|
pkgs.pixiecore
|
||||||
|
pkgs.dnsmasq
|
||||||
|
pkgs.python3.pkgs.netaddr
|
||||||
|
pkgs.qemu_kvm
|
||||||
|
pkgs.openssh
|
||||||
|
pkgs.gitMinimal # for git flakes
|
||||||
|
pkgs.rsync
|
||||||
|
pkgs.nix
|
||||||
|
pkgs.coreutils
|
||||||
|
pkgs.curl # when uploading tarballs
|
||||||
|
pkgs.gnugrep
|
||||||
|
pkgs.findutils
|
||||||
|
pkgs.gnused # needed by ssh-copy-id
|
||||||
|
# sops dependencies
|
||||||
|
pkgs.age
|
||||||
|
pkgs.yq-go
|
||||||
|
] ++ pkgs.lib.optional (pkgs.stdenv.isLinux) pkgs.mkpasswd;
|
||||||
|
};
|
||||||
|
packages = {
|
||||||
|
# netboot = pkgs.callPackage ./modules/netboot/netboot.nix {
|
||||||
|
# # this nixosSystem is built for x86_64 machines regardless of the host machine
|
||||||
|
# pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux;
|
||||||
|
# inherit (inputs.nixpkgs.lib) nixosSystem;
|
||||||
|
# extraModules = [
|
||||||
|
# self.inputs.nur.nixosModules.nur
|
||||||
|
# { _module.args.inputs = self.inputs; }
|
||||||
|
# ];
|
||||||
|
# };
|
||||||
|
|
||||||
|
# netboot-pixie-core = pkgs.callPackage ./modules/netboot/netboot-pixie-core.nix {
|
||||||
|
# inherit (self'.packages) netboot;
|
||||||
|
# };
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
|
||||||
flake = {
|
flake = {
|
||||||
hydraJobs = inputs.nixpkgs.lib.mapAttrs' (name: config: inputs.nixpkgs.lib.nameValuePair "nixos-${name}" config.config.system.build.toplevel) self.nixosConfigurations // {
|
hydraJobs =
|
||||||
devShells = self.devShells.x86_64-linux.default;
|
inputs.nixpkgs.lib.mapAttrs' (
|
||||||
};
|
name: config: inputs.nixpkgs.lib.nameValuePair "nixos-${name}" config.config.system.build.toplevel
|
||||||
|
) self.nixosConfigurations
|
||||||
|
// {
|
||||||
|
devShells = self.devShells.x86_64-linux.default;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
})).config.flake;
|
}
|
||||||
|
)).config.flake;
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
{ lib, pkgs, ... }:
|
{ inputs, lib, pkgs, ... }:
|
||||||
let
|
let
|
||||||
gcc-system-features = arch: lib.optionals (arch != null) ([ "gccarch-${arch}" ]
|
gcc-system-features = arch: lib.optionals (arch != null) ([ "gccarch-${arch}" ]
|
||||||
++ map (x: "gccarch-${x}") lib.systems.architectures.inferiors.${arch});
|
++ map (x: "gccarch-${x}") lib.systems.architectures.inferiors.${arch});
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
|
@ -9,25 +9,31 @@ in
|
||||||
../modules/hardware/supermicro-H12SSL-i.nix
|
../modules/hardware/supermicro-H12SSL-i.nix
|
||||||
../modules/iperf-server.nix
|
../modules/iperf-server.nix
|
||||||
../modules/hypervisor.nix
|
../modules/hypervisor.nix
|
||||||
../modules/hydra/coordinator.nix
|
|
||||||
../modules/android-cache.nix
|
../modules/android-cache.nix
|
||||||
../modules/garage.nix
|
../modules/garage.nix
|
||||||
../modules/users/friends.nix
|
../modules/users/friends.nix
|
||||||
|
../modules/bagel-container.nix
|
||||||
|
../modules/lix-bug-details-pls
|
||||||
|
];
|
||||||
|
|
||||||
|
# Include debuginfo for Lix
|
||||||
|
environment.systemPackages = [
|
||||||
|
pkgs.lix.debug
|
||||||
|
pkgs.lix.passthru.capnproto-lix.debug
|
||||||
|
];
|
||||||
|
environment.pathsToLink = [
|
||||||
|
"/lib/debug"
|
||||||
];
|
];
|
||||||
|
|
||||||
networking.hostName = "epyc";
|
networking.hostName = "epyc";
|
||||||
|
|
||||||
|
security.acme.acceptTerms = true;
|
||||||
|
security.acme.defaults.email = "epyc@lahfa.xyz";
|
||||||
|
|
||||||
boot.loader.systemd-boot.enable = true;
|
boot.loader.systemd-boot.enable = true;
|
||||||
boot.loader.efi.canTouchEfiVariables = true;
|
boot.loader.efi.canTouchEfiVariables = true;
|
||||||
|
|
||||||
virtualisation.docker = {
|
boot.kernelPackages = pkgs.linuxPackages_latest;
|
||||||
enable = true;
|
|
||||||
rootless.enable = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
# TODO: there's a critical bug on 6.8+ where btrfs won't mount the rootfs at all.
|
|
||||||
# Do not upgrade until it is fixed. Ping Raito when needed.
|
|
||||||
boot.kernelPackages = pkgs.linuxPackages_6_7;
|
|
||||||
|
|
||||||
# Open public access to our PostgreSQL.
|
# Open public access to our PostgreSQL.
|
||||||
services.postgresql.enable = true;
|
services.postgresql.enable = true;
|
||||||
|
@ -37,19 +43,7 @@ in
|
||||||
'';
|
'';
|
||||||
networking.firewall.allowedTCPPorts = [ 5432 ];
|
networking.firewall.allowedTCPPorts = [ 5432 ];
|
||||||
|
|
||||||
nix.buildMachines = [
|
boot.binfmt.emulatedSystems = [ "riscv64-linux" "aarch64-linux" ];
|
||||||
{
|
|
||||||
hostName = "localhost";
|
|
||||||
systems = [
|
|
||||||
"x86_64-linux"
|
|
||||||
"riscv64-linux"
|
|
||||||
];
|
|
||||||
supportedFeatures = [ "kvm" "nixos-test" "big-parallel" "benchmark" ] ++ gcc-system-features "znver3";
|
|
||||||
maxJobs = 2;
|
|
||||||
}
|
|
||||||
];
|
|
||||||
|
|
||||||
boot.binfmt.emulatedSystems = [ "riscv64-linux" "aarch64-linux" "riscv64-linux" ];
|
|
||||||
|
|
||||||
simd.arch = "znver3";
|
simd.arch = "znver3";
|
||||||
system.stateVersion = "23.05";
|
system.stateVersion = "23.05";
|
||||||
|
|
46
modules/bagel-container.nix
Normal file
46
modules/bagel-container.nix
Normal file
|
@ -0,0 +1,46 @@
|
||||||
|
# Stateful/mutable container used for Bagel (tm) related infra (mostly
|
||||||
|
# rebuilding nixpkgs a lot).
|
||||||
|
#
|
||||||
|
# System image is stored at /var/lib/machines/bagel.
|
||||||
|
{
|
||||||
|
systemd.nspawn.bagel = {
|
||||||
|
execConfig = {
|
||||||
|
Boot = true;
|
||||||
|
Ephemeral = false;
|
||||||
|
PrivateUsers = true;
|
||||||
|
NotifyReady = true;
|
||||||
|
LinkJournal = "try-guest";
|
||||||
|
};
|
||||||
|
|
||||||
|
networkConfig = {
|
||||||
|
Bridge = "wan-br";
|
||||||
|
VirtualEthernetExtra = "vb-bagel-v4:host1";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.services."systemd-nspawn@bagel" = {
|
||||||
|
wantedBy = [ "machines.target" ];
|
||||||
|
wants = [ "network.target" ];
|
||||||
|
after = [ "network.target" ];
|
||||||
|
overrideStrategy = "asDropin";
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.network.networks."20-vb-bagel-v4" = {
|
||||||
|
matchConfig.Name = "vb-bagel-v4";
|
||||||
|
networkConfig.Address = [ "172.16.100.1/24" ];
|
||||||
|
networkConfig.IPMasquerade = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
# Configure a local Nix builder account, since getting sandboxing and KVM
|
||||||
|
# working inside the container will be tricky.
|
||||||
|
users.users.bagel-builder = {
|
||||||
|
isSystemUser = true;
|
||||||
|
group = "nogroup";
|
||||||
|
home = "/var/empty";
|
||||||
|
shell = "/bin/sh";
|
||||||
|
openssh.authorizedKeys.keys = [
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAvUT9YBig9LQPHgypIBHQuC32XqDKxlFZ2CfgDi0ZKx"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
nix.settings.trusted-users = [ "bagel-builder" ];
|
||||||
|
}
|
|
@ -34,7 +34,6 @@ in
|
||||||
pkgs.gh
|
pkgs.gh
|
||||||
pkgs.nix
|
pkgs.nix
|
||||||
pkgs.nix-output-monitor
|
pkgs.nix-output-monitor
|
||||||
inputs.attic.packages.x86_64-linux.attic
|
|
||||||
];
|
];
|
||||||
environment.PYTHONPATH = "${python.withPackages (_: [package])}/${python.sitePackages}";
|
environment.PYTHONPATH = "${python.withPackages (_: [package])}/${python.sitePackages}";
|
||||||
environment.MASTER_URL = ''TCP:2a01\\:e34\\:ec2a\\:8e60\\:8ec7\\:b5d2\\:f663\\:a67a:9989'';
|
environment.MASTER_URL = ''TCP:2a01\\:e34\\:ec2a\\:8e60\\:8ec7\\:b5d2\\:f663\\:a67a:9989'';
|
||||||
|
|
|
@ -14,33 +14,43 @@
|
||||||
boot.kernelModules = [ "kvm-amd" ];
|
boot.kernelModules = [ "kvm-amd" ];
|
||||||
boot.extraModulePackages = [ ];
|
boot.extraModulePackages = [ ];
|
||||||
|
|
||||||
boot.initrd.extraUtilsCommands = ''
|
boot.initrd.services.lvm.enable = true;
|
||||||
copy_bin_and_libs ${pkgs.nvme-cli}/bin/nvme
|
boot.initrd.systemd.enable = true;
|
||||||
copy_bin_and_libs ${pkgs.util-linux}/bin/blkzone
|
|
||||||
copy_bin_and_libs ${pkgs.util-linux}/bin/lsblk
|
|
||||||
'';
|
|
||||||
|
|
||||||
boot.initrd.systemd.enable = lib.mkForce false;
|
fileSystems."/experiments" =
|
||||||
|
{ device = "/dev/disk/by-uuid/40ef7d25-91c5-41e4-a40f-b0fb93658ffe";
|
||||||
fileSystems."/" =
|
fsType = "ext4";
|
||||||
{ device = "/dev/disk/by-uuid/3a81ba8f-f5bb-446c-89a3-ad77e354dae0";
|
|
||||||
fsType = "btrfs";
|
|
||||||
};
|
};
|
||||||
|
|
||||||
boot.initrd.luks.devices."nixroot" = {
|
fileSystems."/" =
|
||||||
device = "/dev/disk/by-uuid/c10d2822-cb83-4666-98f8-0aa04be259bc";
|
{ device = "/dev/disk/by-uuid/53cc33a3-1488-44c4-8f5d-a2bc67914274";
|
||||||
keyFile = "/dev/zero";
|
fsType = "xfs";
|
||||||
keyFileSize = 1;
|
};
|
||||||
};
|
|
||||||
|
fileSystems."/nix" =
|
||||||
|
{ device = "/dev/disk/by-uuid/cee7b903-53f6-4967-b95d-654d34ccd460";
|
||||||
|
fsType = "xfs";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/home" =
|
||||||
|
{ device = "/dev/disk/by-uuid/5625935d-579b-41e4-be35-03df8437bc2c";
|
||||||
|
fsType = "xfs";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/var" =
|
||||||
|
{ device = "/dev/disk/by-uuid/33bf7f4e-37f5-4121-84ac-70d06964ea21";
|
||||||
|
fsType = "xfs";
|
||||||
|
};
|
||||||
|
|
||||||
fileSystems."/boot" =
|
fileSystems."/boot" =
|
||||||
{ device = "/dev/disk/by-uuid/AFF2-3149";
|
{ device = "/dev/disk/by-uuid/AFF2-3149";
|
||||||
fsType = "vfat";
|
fsType = "vfat";
|
||||||
|
options = [ "fmask=0022" "dmask=0022" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
swapDevices =
|
swapDevices =
|
||||||
[ { device = "/dev/disk/by-uuid/93e251e1-1bfc-4bd4-8585-ea2eae7795bf"; }
|
[ { device = "/dev/disk/by-uuid/93e251e1-1bfc-4bd4-8585-ea2eae7795bf"; }
|
||||||
];
|
];
|
||||||
|
|
||||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||||
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||||
|
|
|
@ -0,0 +1,40 @@
|
||||||
|
From 96937c58232ad6eaa11d1370220101c3ce2d00c3 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jade Lovelace <lix@jade.fyi>
|
||||||
|
Date: Thu, 29 Aug 2024 23:04:39 -0700
|
||||||
|
Subject: [PATCH] wip: complain about failing goals at warn level
|
||||||
|
|
||||||
|
I want to fix the bug that appears here:
|
||||||
|
|
||||||
|
error: build of '/nix/store/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-nixos-test-driver-nix-copy-closure.drv' on 'ssh-ng://nix@epyc.infra.newtype.fr' failed: error: some dependencies of '/nix/store/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-nixos-test-driver-nix-copy-closure.drv' are missing
|
||||||
|
error: builder for '/nix/store/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-nixos-test-driver-nix-copy-closure.drv' failed with exit code 1
|
||||||
|
error: 1 dependencies of derivation '/nix/store/bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb-vm-test-run-nix-copy-closure.drv' failed to build
|
||||||
|
|
||||||
|
However, this is conditional on nrFailed, and I cannot for the life of
|
||||||
|
me figure out *who* is failing and *why*.
|
||||||
|
|
||||||
|
Hopefully with these data I can narrow down why this bug is happening
|
||||||
|
|
||||||
|
Change-Id: I7dca71b1c8ac92e7cc40c47ab37c952a7673cf42
|
||||||
|
---
|
||||||
|
src/libstore/build/worker.cc | 5 ++++-
|
||||||
|
1 file changed, 4 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/src/libstore/build/worker.cc b/src/libstore/build/worker.cc
|
||||||
|
index 1b4633e64..a93be28a6 100644
|
||||||
|
--- a/src/libstore/build/worker.cc
|
||||||
|
+++ b/src/libstore/build/worker.cc
|
||||||
|
@@ -160,7 +160,10 @@ void Worker::goalFinished(GoalPtr goal, Goal::Finished & f)
|
||||||
|
|
||||||
|
waiting->trace(fmt("waitee '%s' done; %d left", goal->name, waiting->waitees.size()));
|
||||||
|
|
||||||
|
- if (f.result != Goal::ecSuccess) ++waiting->nrFailed;
|
||||||
|
+ if (f.result != Goal::ecSuccess) {
|
||||||
|
+ ++waiting->nrFailed;
|
||||||
|
+ warn("Waiter %s experienced non-success of waitee %s with result %d", waiting->getName(), goal->getName(), f.result);
|
||||||
|
+ }
|
||||||
|
if (f.result == Goal::ecNoSubstituters) ++waiting->nrNoSubstituters;
|
||||||
|
if (f.result == Goal::ecIncompleteClosure) ++waiting->nrIncompleteClosure;
|
||||||
|
|
||||||
|
--
|
||||||
|
2.44.1
|
||||||
|
|
22
modules/lix-bug-details-pls/default.nix
Normal file
22
modules/lix-bug-details-pls/default.nix
Normal file
|
@ -0,0 +1,22 @@
|
||||||
|
{ ... }:
|
||||||
|
{
|
||||||
|
# jade: this exists because of a Lix bug that has me losing my damn mind and we really cannot debug it without either:
|
||||||
|
# * debug logs (infeasible. they are way too spammy)
|
||||||
|
# * patching lix (well look where we are)
|
||||||
|
#
|
||||||
|
# I don't really think it's necessarily appropriate to log at info level when
|
||||||
|
# a derivation fails on `main`, so here we have a yolopatch to get the damn
|
||||||
|
# thing in the log.
|
||||||
|
#
|
||||||
|
# I suspect it is a race condition with the garbage collector.
|
||||||
|
nixpkgs.overlays = [
|
||||||
|
(final: prev: {
|
||||||
|
lix = prev.lix.overrideAttrs (old: {
|
||||||
|
patches = (old.patches or [ ]) ++ [
|
||||||
|
# This patch doesn't apply anymore.
|
||||||
|
# ./0001-wip-complain-about-failing-goals-at-warn-level.patch
|
||||||
|
];
|
||||||
|
});
|
||||||
|
})
|
||||||
|
];
|
||||||
|
}
|
|
@ -14,8 +14,8 @@
|
||||||
'')
|
'')
|
||||||
config.networking.newtype.hosts);
|
config.networking.newtype.hosts);
|
||||||
|
|
||||||
# leave container interfaces alone
|
# leave container interfaces alone unless otherwise specified
|
||||||
systemd.network.networks."05-veth".extraConfig = ''
|
systemd.network.networks."95-veth".extraConfig = ''
|
||||||
[Match]
|
[Match]
|
||||||
Driver = veth
|
Driver = veth
|
||||||
|
|
||||||
|
@ -34,12 +34,29 @@
|
||||||
linkConfig.Name = "nat-lan";
|
linkConfig.Name = "nat-lan";
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.network.networks."10-wan" = {
|
systemd.network.netdevs."10-wan-br" = {
|
||||||
matchConfig.Name = "wan";
|
netdevConfig.Name = "wan-br";
|
||||||
|
netdevConfig.Kind = "bridge";
|
||||||
|
netdevConfig.MACAddress = "none";
|
||||||
|
bridgeConfig.MulticastSnooping = false;
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.network.links."10-wan-br" = {
|
||||||
|
matchConfig.Name = "wan-br";
|
||||||
|
linkConfig.MACAddressPolicy = "none";
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.network.networks."10-wan-br" = {
|
||||||
|
matchConfig.Name = "wan-br";
|
||||||
linkConfig.RequiredForOnline = true;
|
linkConfig.RequiredForOnline = true;
|
||||||
networkConfig.Address = [ config.networking.newtype.currentHost.ipv6 ];
|
networkConfig.Address = [ config.networking.newtype.currentHost.ipv6 ];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
systemd.network.networks."10-wan" = {
|
||||||
|
matchConfig.Name = "wan";
|
||||||
|
networkConfig.Bridge = "wan-br";
|
||||||
|
};
|
||||||
|
|
||||||
systemd.network.links."10-wan" = {
|
systemd.network.links."10-wan" = {
|
||||||
matchConfig.MACAddress = "3c:ec:ef:7e:bd:c9";
|
matchConfig.MACAddress = "3c:ec:ef:7e:bd:c9";
|
||||||
linkConfig.Name = "wan";
|
linkConfig.Name = "wan";
|
||||||
|
|
|
@ -1,7 +1,6 @@
|
||||||
{ lib
|
{ lib
|
||||||
, config
|
, config
|
||||||
, pkgs
|
, pkgs
|
||||||
, inputs
|
|
||||||
, ...
|
, ...
|
||||||
}:
|
}:
|
||||||
|
|
||||||
|
@ -36,6 +35,7 @@ in
|
||||||
|
|
||||||
# Avoid weird failures for builders.
|
# Avoid weird failures for builders.
|
||||||
services.openssh.settings.MaxStartups = 100;
|
services.openssh.settings.MaxStartups = 100;
|
||||||
|
services.openssh.settings.MaxSessions = 100;
|
||||||
|
|
||||||
# Memory accounting techniques
|
# Memory accounting techniques
|
||||||
systemd.services.nix-daemon.serviceConfig = {
|
systemd.services.nix-daemon.serviceConfig = {
|
||||||
|
@ -57,10 +57,6 @@ in
|
||||||
# Randomize GC to avoid thundering herd effects.
|
# Randomize GC to avoid thundering herd effects.
|
||||||
gc.randomizedDelaySec = "1800";
|
gc.randomizedDelaySec = "1800";
|
||||||
|
|
||||||
# Inchallah, it works.
|
|
||||||
package = pkgs.nixVersions.nix_2_18;
|
|
||||||
# package = lib.mkForce inputs.nixpkgs-unstable.legacyPackages.x86_64-linux.nixVersions.nix_2_17;
|
|
||||||
|
|
||||||
# should be enough?
|
# should be enough?
|
||||||
nrBuildUsers = 128;
|
nrBuildUsers = 128;
|
||||||
|
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ pkgs, inputs, ... }: {
|
{ pkgs, config, inputs, ... }: {
|
||||||
# this extends the list from:
|
# this extends the list from:
|
||||||
# https://github.com/numtide/srvos/blob/master/server.nix#L10
|
# https://github.com/numtide/srvos/blob/master/server.nix#L10
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
|
@ -6,7 +6,6 @@
|
||||||
whois
|
whois
|
||||||
|
|
||||||
nix-output-monitor
|
nix-output-monitor
|
||||||
inputs.attic.packages.x86_64-linux.attic
|
|
||||||
jq
|
jq
|
||||||
psmisc
|
psmisc
|
||||||
libarchive
|
libarchive
|
||||||
|
@ -35,9 +34,10 @@
|
||||||
ethtool
|
ethtool
|
||||||
usbutils
|
usbutils
|
||||||
|
|
||||||
ipmitool
|
config.boot.kernelPackages.perf
|
||||||
|
pwru
|
||||||
|
|
||||||
nix-top
|
ipmitool
|
||||||
# tries to default to soft-float due to out-dated cc-rs
|
# tries to default to soft-float due to out-dated cc-rs
|
||||||
] ++ lib.optional (!stdenv.hostPlatform.isRiscV) bandwhich;
|
] ++ lib.optional (!stdenv.hostPlatform.isRiscV) bandwhich;
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,36 +0,0 @@
|
||||||
{
|
|
||||||
programs.ssh.extraConfig = ''
|
|
||||||
Host telecom-bastion
|
|
||||||
HostName ssh.enst.fr
|
|
||||||
User jmalka
|
|
||||||
IdentityFile /home/luj/.ssh/id_ed25519
|
|
||||||
|
|
||||||
Host lame11
|
|
||||||
Hostname lame11.enst.fr
|
|
||||||
User nix-remote-builder
|
|
||||||
ProxyJump telecom-bastion
|
|
||||||
IdentityFile /home/luj/.ssh/id_ed25519
|
|
||||||
Host lame10
|
|
||||||
Hostname lame10.enst.fr
|
|
||||||
User nix-remote-builder
|
|
||||||
ProxyJump telecom-bastion
|
|
||||||
IdentityFile /home/luj/.ssh/id_ed25519
|
|
||||||
Host lame12
|
|
||||||
Hostname lame12.enst.fr
|
|
||||||
User nix-remote-builder
|
|
||||||
ProxyJump telecom-bastion
|
|
||||||
IdentityFile /home/luj/.ssh/id_ed25519
|
|
||||||
Host lame16
|
|
||||||
Hostname lame16.enst.fr
|
|
||||||
User nix-remote-builder
|
|
||||||
ProxyJump telecom-bastion
|
|
||||||
IdentityFile /home/luj/.ssh/id_ed25519
|
|
||||||
Host lame17
|
|
||||||
Hostname lame17.enst.fr
|
|
||||||
User nix-remote-builder
|
|
||||||
ProxyJump telecom-bastion
|
|
||||||
IdentityFile /home/luj/.ssh/id_ed25519
|
|
||||||
|
|
||||||
'';
|
|
||||||
|
|
||||||
}
|
|
|
@ -18,12 +18,12 @@ in
|
||||||
openssh.authorizedKeys.keyFiles = [ ./keys/raito.keys ];
|
openssh.authorizedKeys.keyFiles = [ ./keys/raito.keys ];
|
||||||
};
|
};
|
||||||
|
|
||||||
# Julien Malka
|
# Luj
|
||||||
luj = {
|
luj = {
|
||||||
isNormalUser = true;
|
isNormalUser = true;
|
||||||
home = "/home/luj";
|
home = "/home/luj";
|
||||||
extraGroups = extraGroups ++ [ "production-hydra-db" ];
|
extraGroups = extraGroups ++ [ "production-hydra-db" ];
|
||||||
shell = "/run/current-system/sw/bin/zsh";
|
shell = "/run/current-system/sw/bin/bash";
|
||||||
uid = 1001;
|
uid = 1001;
|
||||||
openssh.authorizedKeys.keyFiles = [ ./keys/luj.keys ];
|
openssh.authorizedKeys.keyFiles = [ ./keys/luj.keys ];
|
||||||
};
|
};
|
||||||
|
|
|
@ -80,5 +80,15 @@ in
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII3tjB4KYDok3KlWxdBp/yEmqhhmybd+w0VO4xUwLKKV"
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII3tjB4KYDok3KlWxdBp/yEmqhhmybd+w0VO4xUwLKKV"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
# Raito: Temporary account for the next week, for VM testing in the context of the systemd-hardening project.
|
||||||
|
jmarquet = {
|
||||||
|
isNormalUser = true;
|
||||||
|
home = "/home/jmarquet";
|
||||||
|
uid = 2008;
|
||||||
|
expires = "2024-08-30";
|
||||||
|
openssh.authorizedKeys.keys = [
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFe4tx0+lNX2w7kG94c9u7U0wHuOc2A6zpHcbyAs+w/d thejohncrafter@system76-pc"
|
||||||
|
];
|
||||||
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,2 +1 @@
|
||||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDmC/lBooMyJZnyuU0/f6Qufi48DCEQ1RNT1l25cbvZWCXRrAJuQUTgb7u2nl8SEiQTRbZy/FTesaoPNBRWtWXK/8M0K58DeTMdNeTV8joW+vwEzRF3LPb9gU3FqCuuFFRqhJNC16cFBxXMCyjmktl8EG9o5yVcT/6HdwvXRKlas+EqXHlZblXxYQfCjWkpd3vzIoEfPwkUpQFlvLltTBT+EUWTiysvF8cCCuBx7EXHX++fNNySDoB9bQJ+sYoAvuhtfZ5eYNePpYQCV71KMEPYBqJ7AQpvdbMa34Rx7mghGCLk580qWTuXf/vqKRD4EAsvPYtK/xJNyjrCTX99TL60NIsBgNzQvvFFIaAsD91nD13gaEvybOjIo1lbzSZhbreX1qdWeUCR32HDUH4fEVv81VSaPbH2zxWqIf8bLDMJ7pCLKncyCZD1yVFCXsDV/J8BQq0c3GtFh3eEt59bkk6iU+LXv9dvwJtCvsp087Yh4qhj0L9z2zgczeljKJtFFTZhWbY3WEKiureoI7iPEJvLB8B6pGF0qQmIjbIIx6gtBoJc891w+XUmaXfHhWsVV7eq2y/AU7BvXAZp3LigWvosmPpoYsgjS0RNp2RJo2ufN6wKBtq+qv0xM+S6JvXo5pf2Oe11qp8hxF32MNv+djFK3Qf/JMkZAQd1Y/vW/Gg8Xw==
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICRDM7fyeGRgYzuW+falRZayYSf5xMwj2d2PI9vSyjOD
|
||||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK5vbxUd8I+uF/OY/PpPhSzrLN14Waq82uyQXNPYpHjA
|
|
||||||
|
|
|
@ -1,15 +1,3 @@
|
||||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM9Uzb7szWlux7HuxLZej9cBR5MhLz/vaAPPfSoozt2k
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGa+7n7kNzb86pTqaMn554KiPrkHRGeTJ0asY1NjSbpr julien@tower
|
||||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHoYi9YFzovZfwrY3BUA3QqcyBE8gfNTncbs3qqkLbyY
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIADCpuBL/kSZShtXD6p/Nq9ok4w1DnlSoxToYgdOvUqo julien@fischer
|
||||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDCKfPoMNrnyNWH6J1OvQ+n1rvSS9Sc2iZf6E1JQC+L4
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMAa0wll9ildhgPiV0DhgJXXtw3TQr5VkNxxxPspHSbX julien@gallifrey
|
||||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIESMWr29i3rhj32oLV3DKe57YI+jvNaKjZhhpq6dEjsn
|
|
||||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJOCKgHRHAJDSgKqYNfWboL04mnEOM0m0K3TGxBhBNDR
|
|
||||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOpGHx430EpJmbtJc8+lF1CpQ1gXeHT9OeZ08O8yzohF
|
|
||||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEaCGndojnmS5IoqHVMEPRfKuBZotMyqo7wNkAZJWigp
|
|
||||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILxfFq8wx5Bet5Q0gI28/lc9ryYYFQelpZdPPdzxGBbA
|
|
||||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGa+7n7kNzb86pTqaMn554KiPrkHRGeTJ0asY1NjSbpr
|
|
||||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILKIDLmQQ+P+jE4zVRpdVp8fmYEe4nzPDqYZt6A4eyIi
|
|
||||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAkj2xsN7Qt/Ew2QO+HiF2yOjXPRucZ3SbIdPDLJoh22
|
|
||||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDMBW7rTtfZL9wtrpCVgariKdpN60/VeAzXkh9w3MwbO
|
|
||||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCUt5I3IgONzYsMOFnRXtvR/uLXlIs6oWsCmh6YGgnpGD4M9lFdoYAOeC1faQUnP66sNs6AoacrGlPZ1UkVUqYEoIr2hiNCDRzzLCQ2J/sSaw7Hv0PKT7MWMo8R076M3TrdunCchBJI1noez3waM9aL4b/iYVhxym28ET55QrWjyMQfZL9PXzOKZatNVcK8AmdtSbI+pFrm/tTZPa321drm9PHOo9CL+lG4YmVZcXa0bVfVtk1GXlWwNpCj2ExLmbF1rRpAa05khfnbg3sBSklwf5NRXj11KneodKRF81ji7MtBhIIfoEXSYht7yspdkkS9e9mv16VGV+2ziM8zG3MK/iUq7fg5ksN54D3DNrd9iI5WjQZsLUrK0ypxO2NtvupWGYt3rCyKA/QvynbxOWFp6cy3Evej142hsfbiOcPIgCtGdHIBevp+KmPxkHBqsJPBqb3Y7nOMT1/ggDMtvHZEZJjEI2D2RjZNEXGbq63OPAqEkgmecW0cXlrjLEGhF2E=
|
|
||||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIADCpuBL/kSZShtXD6p/Nq9ok4w1DnlSoxToYgdOvUqo
|
|
||||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC0yxKgDt5IsroNxjqRYpbt7F3m8kewrnFql9PRSQgUMoAmLjIdtaNolfTGwPnb+mkhfh1wac7+SdoFilVAWfxdcBpkt6smou0EG4ek6nRQDV+MceZb/Yaroj6qDZ0XdSnirCIXvVSLAs+z+rwRNVP/vPr+PZc7eRCjeTWZftjIAF0XPL09raDIpdZZKrWKOk7ieWV1NedEf72HvD720mmyEpR2z8iFKcVbZlVmC1KAnfozpX22nk+i9LLuwpFWdb8cDpObuu7OoGVPvX5h0TxI+6vH+9+u657G0AyHyJrBdbMzJDFdRolWYCzUo5G+2deBlY1VMJ36oNx17xkd4vBh
|
|
||||||
|
|
Loading…
Reference in a new issue