chore: disable the lix bug details plz patch

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
chore: lix can sometimes… have no patch!
2024-10-19 12:29:43 +02:00 · 2024-10-19 12:29:01 +02:00 · 2024-10-19 12:27:56 +02:00 · 2024-10-19 10:24:25 +00:00 · 2024-10-19 10:21:17 +00:00 · 2024-10-19 10:21:17 +00:00
18 changed files with 486 additions and 238 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1,3 @@
 .direnv
+result
+.gcroots
--- a/configurations.nix
+++ b/configurations.nix
@ -3,13 +3,13 @@ let
  inherit
    (self.inputs)
    nixpkgs
+    lix-module
    home-manager
    agenix
    nur
    colmena
    flake-registry
    nixos-hardware
-    nixpkgs-unstable
    srvos
    disko
    ;
@ -29,12 +29,10 @@ let
    ./modules/users/admins.nix
    ./modules/packages.nix
    ./modules/nix-daemon.nix
-    ./modules/auto-upgrade.nix
    ./modules/tor-ssh.nix
    ./modules/hosts.nix
    ./modules/network.nix
    ./modules/zsh.nix
-    ./modules/ssh-cursed.nix
    # FIXME: ./modules/buildbot — whenever you are ready.


@ -47,6 +45,9 @@ let
    # srvos.nixosModules.mixins-telegraf
    # srvos.nixosModules.mixins-terminfo

+    # use lix
+    lix-module.nixosModules.default
+
    agenix.nixosModules.default
    ({ pkgs
     , config
@ -59,7 +60,7 @@ let
      {
        nix.nixPath = [
          "home-manager=${home-manager}"
-          "nixpkgs=${pkgs.path}"
+          "nixpkgs=flake:nixpkgs"
          "nur=${nur}"
        ];
        # TODO: share nixpkgs for each machine to speed up local evaluation.
@ -71,10 +72,7 @@ let
        #};
        # sops.defaultSopsFile = lib.mkIf (builtins.pathExists sopsFile) sopsFile;

-        nix.extraOptions = ''
-          flake-registry = ${flake-registry}/flake-registry.json
-          builders-use-substitutes = true
-        '';
+        nix.settings.builders-use-substitutes = true;

        nix.registry = {
          home-manager.flake = home-manager;
@ -105,6 +103,12 @@ in
  flake.colmena = {
    meta.nixpkgs = import nixpkgs {
      system = "x86_64-linux";
+      # yikes, this overlay has to be listed twice since colmena makes us
+      # import nixpkgs explicitly here
+      overlays = [
+        # bonking cppnix out of the closure as much as possible
+        lix-module.overlays.default
+      ];
    };
    epyc = {
      imports =
--- a/flake.lock
+++ b/flake.lock
@ -10,11 +10,11 @@
        "systems": "systems"
      },
      "locked": {
-        "lastModified": 1716561646,
-        "narHash": "sha256-UIGtLO89RxKt7RF2iEgPikSdU53r6v/6WYB0RW3k89I=",
+        "lastModified": 1718371084,
+        "narHash": "sha256-abpBi61mg0g+lFFU0zY4C6oP6fBwPzbHPKBGw676xsA=",
        "owner": "ryantm",
        "repo": "agenix",
-        "rev": "c2fc0762bbe8feb06a2e59a364fa81b3a57671c9",
+        "rev": "3a56735779db467538fb2e577eda28a9daacaca6",
        "type": "github"
      },
      "original": {
@ -32,11 +32,11 @@
        "nixpkgs-stable": "nixpkgs-stable"
      },
      "locked": {
-        "lastModified": 1711742460,
-        "narHash": "sha256-0O4v6e4a1toxXZ2gf5INhg4WPE5C5T+SVvsBt+45Mcc=",
+        "lastModified": 1717279440,
+        "narHash": "sha256-kH04ReTjxOpQumgWnqy40vvQLSnLGxWP6RF3nq5Esrk=",
        "owner": "zhaofengli",
        "repo": "attic",
-        "rev": "4dbdbee45728d8ce5788db6461aaaa89d98081f0",
+        "rev": "717cc95983cdc357bc347d70be20ced21f935843",
        "type": "github"
      },
      "original": {
@ -76,11 +76,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1702918879,
-        "narHash": "sha256-tWJqzajIvYcaRWxn+cLUB9L9Pv4dQ3Bfit/YjU5ze3g=",
+        "lastModified": 1717025063,
+        "narHash": "sha256-dIubLa56W9sNNz0e8jGxrX3CAkPXsq7snuFA/Ie6dn8=",
        "owner": "ipetkov",
        "repo": "crane",
-        "rev": "7195c00c272fdd92fc74e7d5a0a2844b9fadb2fb",
+        "rev": "480dff0be03dac0e51a8dfc26e882b0d123a450e",
        "type": "github"
      },
      "original": {
@ -118,11 +118,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1716431128,
-        "narHash": "sha256-t3T8HlX3udO6f4ilLcN+j5eC3m2gqsouzSGiriKK6vk=",
+        "lastModified": 1718846788,
+        "narHash": "sha256-9dtXYtEkmXoUJV+PGLqscqF7qTn4AIhAKpFWRFU2NYs=",
        "owner": "nix-community",
        "repo": "disko",
-        "rev": "7ffc4354dfeb37c8c725ae1465f04a9b45ec8606",
+        "rev": "e1174d991944a01eaaa04bc59c6281edca4c0e6e",
        "type": "github"
      },
      "original": {
@ -163,6 +163,22 @@
        "type": "github"
      }
    },
+    "flake-compat_3": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1696426674,
+        "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
+        "type": "github"
+      },
+      "original": {
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "type": "github"
+      }
+    },
    "flake-parts": {
      "inputs": {
        "nixpkgs-lib": [
@ -170,11 +186,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1715865404,
-        "narHash": "sha256-/GJvTdTpuDjNn84j82cU6bXztE0MSkdnTWClUCRub78=",
+        "lastModified": 1717285511,
+        "narHash": "sha256-iKzJcpdXih14qYVcZ9QC9XuZYnPc6T8YImb6dX166kw=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
-        "rev": "8dc45382d5206bd292f9c2768b8058a8fd8311d9",
+        "rev": "2a55567fcf15b1b1c7ed712a2c6fadaec7412ea8",
        "type": "github"
      },
      "original": {
@ -183,22 +199,6 @@
        "type": "github"
      }
    },
-    "flake-registry": {
-      "flake": false,
-      "locked": {
-        "lastModified": 1705308826,
-        "narHash": "sha256-Z3xTYZ9EcRIqZAufZbci912MUKB0sD+qxi/KTGMFVwY=",
-        "owner": "NixOS",
-        "repo": "flake-registry",
-        "rev": "9c69f7bd2363e71fe5cd7f608113290c7614dcdd",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "repo": "flake-registry",
-        "type": "github"
-      }
-    },
    "flake-utils": {
      "locked": {
        "lastModified": 1667395993,
@ -229,6 +229,39 @@
        "type": "github"
      }
    },
+    "flake-utils_3": {
+      "inputs": {
+        "systems": "systems_2"
+      },
+      "locked": {
+        "lastModified": 1726560853,
+        "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "flakey-profile": {
+      "locked": {
+        "lastModified": 1712898590,
+        "narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=",
+        "owner": "lf-",
+        "repo": "flakey-profile",
+        "rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d",
+        "type": "github"
+      },
+      "original": {
+        "owner": "lf-",
+        "repo": "flakey-profile",
+        "type": "github"
+      }
+    },
    "home-manager": {
      "inputs": {
        "nixpkgs": [
@ -257,11 +290,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1717527182,
-        "narHash": "sha256-vWSkg6AMok1UUQiSYVdGMOXKD2cDFnajITiSi0Zjd1A=",
+        "lastModified": 1718530513,
+        "narHash": "sha256-BmO8d0r+BVlwWtMLQEYnwmngqdXIuyFzMwvmTcLMee8=",
        "owner": "rycee",
        "repo": "home-manager",
-        "rev": "845a5c4c073f74105022533907703441e0464bc3",
+        "rev": "a1fddf0967c33754271761d91a3d921772b30d0e",
        "type": "github"
      },
      "original": {
@ -271,13 +304,78 @@
        "type": "github"
      }
    },
+    "lix": {
+      "inputs": {
+        "flake-compat": "flake-compat_3",
+        "nix2container": "nix2container",
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "nixpkgs-regression": "nixpkgs-regression",
+        "pre-commit-hooks": "pre-commit-hooks"
+      },
+      "locked": {
+        "lastModified": 1729296222,
+        "narHash": "sha256-fwJyGrkTemR1SwkAPXfxlY0RYCxy34NedmR35amytCc=",
+        "ref": "refs/heads/main",
+        "rev": "60578b4d7d0dfc296c61cae963b6b2763422788e",
+        "revCount": 16362,
+        "type": "git",
+        "url": "https://git.lix.systems/lix-project/lix.git"
+      },
+      "original": {
+        "ref": "refs/heads/main",
+        "rev": "60578b4d7d0dfc296c61cae963b6b2763422788e",
+        "type": "git",
+        "url": "https://git.lix.systems/lix-project/lix.git"
+      }
+    },
+    "lix-module": {
+      "inputs": {
+        "flake-utils": "flake-utils_3",
+        "flakey-profile": "flakey-profile",
+        "lix": [
+          "lix"
+        ],
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1727752861,
+        "narHash": "sha256-jowmo2aEzrEpPSM96IWtajuogdJm7DjAWxFTEb7Ct0s=",
+        "rev": "fd186f535a4ac7ae35d98c1dd5d79f0a81b7976d",
+        "type": "tarball",
+        "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/fd186f535a4ac7ae35d98c1dd5d79f0a81b7976d.tar.gz?rev=fd186f535a4ac7ae35d98c1dd5d79f0a81b7976d"
+      },
+      "original": {
+        "type": "tarball",
+        "url": "https://git.lix.systems/lix-project/nixos-module/archive/main.tar.gz"
+      }
+    },
+    "nix2container": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1724996935,
+        "narHash": "sha256-njRK9vvZ1JJsP8oV2OgkBrpJhgQezI03S7gzskCcHos=",
+        "owner": "nlewo",
+        "repo": "nix2container",
+        "rev": "fa6bb0a1159f55d071ba99331355955ae30b3401",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nlewo",
+        "repo": "nix2container",
+        "type": "github"
+      }
+    },
    "nixos-hardware": {
      "locked": {
-        "lastModified": 1716715385,
-        "narHash": "sha256-fe6Z33pbfqu4TI5ijmcaNc5vRBs633tyxJ12HTghy3w=",
+        "lastModified": 1719069430,
+        "narHash": "sha256-d9KzCJv3UG6nX9Aur5OSEf4Uj+ywuxojhiCiRKYVzXA=",
        "owner": "NixOS",
        "repo": "nixos-hardware",
-        "rev": "2e7d6c568063c83355fe066b8a8917ee758de1b8",
+        "rev": "e8232c132a95ddc62df9d404120ad4ff53862910",
        "type": "github"
      },
      "original": {
@ -302,6 +400,22 @@
        "type": "github"
      }
    },
+    "nixpkgs-regression": {
+      "locked": {
+        "lastModified": 1643052045,
+        "narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
+        "type": "github"
+      }
+    },
    "nixpkgs-stable": {
      "locked": {
        "lastModified": 1711460390,
@ -318,13 +432,13 @@
        "type": "github"
      }
    },
-    "nixpkgs-unstable": {
+    "nixpkgs_2": {
      "locked": {
-        "lastModified": 1716715802,
-        "narHash": "sha256-usk0vE7VlxPX8jOavrtpOqphdfqEQpf9lgedlY/r66c=",
+        "lastModified": 1724932487,
+        "narHash": "sha256-zzbqHmY1mt21omyk1+14QbAkII1B7OHlwKLcczVq22w=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "e2dd4e18cc1c7314e24154331bae07df76eb582f",
+        "rev": "b4f7fb71438d00539b21f1b1e6968c0eac060127",
        "type": "github"
      },
      "original": {
@ -334,34 +448,34 @@
        "type": "github"
      }
    },
-    "nixpkgs_2": {
+    "nur": {
      "locked": {
-        "lastModified": 1717796960,
-        "narHash": "sha256-BKjQ9tQdsuoROrojHZb7KTAv95WprqCkNFvuzatfEo0=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "8e0a5f16b7bf7f212be068dd302c49888c6ad68f",
+        "lastModified": 1719099906,
+        "narHash": "sha256-xo1cNkVBW7NxTU5zMu0B7ZkismtkHfTRWfhBXbNnp9g=",
+        "owner": "nix-community",
+        "repo": "NUR",
+        "rev": "315cf1f8c5f5e92150d81ccafba7525c54327094",
        "type": "github"
      },
      "original": {
-        "owner": "NixOS",
-        "ref": "nixos-24.05-small",
-        "repo": "nixpkgs",
+        "owner": "nix-community",
+        "repo": "NUR",
        "type": "github"
      }
    },
-    "nur": {
+    "pre-commit-hooks": {
+      "flake": false,
      "locked": {
-        "lastModified": 1716741358,
-        "narHash": "sha256-4bxptwbmplGKq3W4tl6Zem/bOHsdLP4DSPcm/FfCaFE=",
-        "owner": "nix-community",
-        "repo": "NUR",
-        "rev": "c65a3bde6793b437a705edfe5ff8435cbb8307a2",
+        "lastModified": 1726745158,
+        "narHash": "sha256-D5AegvGoEjt4rkKedmxlSEmC+nNLMBPWFxvmYnVLhjk=",
+        "owner": "cachix",
+        "repo": "git-hooks.nix",
+        "rev": "4e743a6920eab45e8ba0fbe49dc459f1423a4b74",
        "type": "github"
      },
      "original": {
-        "owner": "nix-community",
-        "repo": "NUR",
+        "owner": "cachix",
+        "repo": "git-hooks.nix",
        "type": "github"
      }
    },
@ -372,11 +486,11 @@
        "colmena": "colmena",
        "disko": "disko",
        "flake-parts": "flake-parts",
-        "flake-registry": "flake-registry",
        "home-manager": "home-manager_2",
+        "lix": "lix",
+        "lix-module": "lix-module",
        "nixos-hardware": "nixos-hardware",
        "nixpkgs": "nixpkgs_2",
-        "nixpkgs-unstable": "nixpkgs-unstable",
        "nur": "nur",
        "srvos": "srvos"
      }
@ -388,15 +502,15 @@
        ]
      },
      "locked": {
-        "lastModified": 1716425501,
-        "narHash": "sha256-BSLhmGYY1khyyBAjraR+N0Pa9Nha/et5yQQlEZxcfkU=",
-        "owner": "numtide",
+        "lastModified": 1724920817,
+        "narHash": "sha256-qWXS+4M9kHXxG1HgZuv+3gm3KQc1aPdBZUPnLLev8w0=",
+        "owner": "nix-community",
        "repo": "srvos",
-        "rev": "1122cd50a23647e09c3e7a679d37ec02113bc412",
+        "rev": "977841b31ddbd3c919f56767a6f85d0615440759",
        "type": "github"
      },
      "original": {
-        "owner": "numtide",
+        "owner": "nix-community",
        "repo": "srvos",
        "type": "github"
      }
@ -431,6 +545,21 @@
        "repo": "default",
        "type": "github"
      }
+    },
+    "systems_2": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
    }
  },
  "root": "root",
--- a/flake.nix
+++ b/flake.nix
@ -4,14 +4,20 @@
  # To update all inputs:
  # $ nix flake update --recreate-lock-file
  inputs = {
+    lix.url = "git+https://git.lix.systems/lix-project/lix.git?ref=refs/heads/main&rev=60578b4d7d0dfc296c61cae963b6b2763422788e";
+    lix.inputs.nixpkgs.follows = "nixpkgs";
+
+    lix-module.url = "https://git.lix.systems/lix-project/nixos-module/archive/main.tar.gz";
+    lix-module.inputs.nixpkgs.follows = "nixpkgs";
+    lix-module.inputs.lix.follows = "lix";
+
    disko.url = "github:nix-community/disko";
    disko.inputs.nixpkgs.follows = "nixpkgs";

    flake-parts.url = "github:hercules-ci/flake-parts";
    flake-parts.inputs.nixpkgs-lib.follows = "nixpkgs";

-    nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05-small";
-    nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
+    nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";

    nixos-hardware.url = "github:NixOS/nixos-hardware";
    nur.url = "github:nix-community/NUR";
@ -27,7 +33,7 @@

    attic.url = "github:zhaofengli/attic";

-    srvos.url = "github:numtide/srvos";
+    srvos.url = "github:nix-community/srvos";
    # actually not used when using the modules but than nothing ever will try to fetch this nixpkgs variant
    srvos.inputs.nixpkgs.follows = "nixpkgs";

@ -35,74 +41,93 @@
    # Private repository, you need a valid SSH key to access it
    # nixos-hypervisor.url = "git+ssh://gitea@git.newtype.fr/newtype/nixos-hypervisor?ref=main";
    # nixos-hypervisor.inputs.nixpkgs.follows = "nixpkgs";
-
-    flake-registry.url = "github:NixOS/flake-registry";
-    flake-registry.flake = false;
  };

  outputs =
-    { flake-parts
-    , ...
-    } @ inputs:
-    (flake-parts.lib.evalFlakeModule
-      { inherit inputs; }
-      ({ self, inputs, ... }: {
-        systems = [ "x86_64-linux" "aarch64-linux" "aarch64-darwin" ];
+    {
+      flake-parts,
+      ...
+    }@inputs:
+    (flake-parts.lib.evalFlakeModule { inherit inputs; } (
+      { self, inputs, ... }:
+      {
+        systems = [
+          "x86_64-linux"
+          "aarch64-linux"
+          "aarch64-darwin"
+        ];
        imports = [
          ./configurations.nix
          # ./modules/monitoring/flake-module.nix
          # ./pkgs/flake-module.nix
          # ./templates
        ];
-        perSystem = { self', pkgs, ... }: {
-          devShells.default = pkgs.mkShellNoCC {
-            buildInputs = [
-              pkgs.ipmitool
-              pkgs.colmena

-              pkgs.python3.pkgs.invoke
-              #Until nixos-anywhere is packaged
-              pkgs.python3.pkgs.deploykit
-              pkgs.mypy
-              pkgs.pixiecore
-              pkgs.dnsmasq
-              pkgs.python3.pkgs.netaddr
-              pkgs.qemu_kvm
-              pkgs.openssh
-              pkgs.gitMinimal # for git flakes
-              pkgs.rsync
-              pkgs.nix
-              pkgs.coreutils
-              pkgs.curl # when uploading tarballs
-              pkgs.gnugrep
-              pkgs.findutils
-              pkgs.gnused # needed by ssh-copy-id
-              # sops dependencies
-              pkgs.age
-              pkgs.yq-go
-            ] ++ pkgs.lib.optional (pkgs.stdenv.isLinux) pkgs.mkpasswd;
-          };
-          packages = {
-            #  netboot = pkgs.callPackage ./modules/netboot/netboot.nix {
-            #    # this nixosSystem is built for x86_64 machines regardless of the host machine
-            #    pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux;
-            #    inherit (inputs.nixpkgs.lib) nixosSystem;
-            #    extraModules = [
-            #      self.inputs.nur.nixosModules.nur
-            #      { _module.args.inputs = self.inputs; }
-            #    ];
-            #  };
+        # provide debug, allSystems, currentSystem in the resulting flake
+        debug = true;

-            #  netboot-pixie-core = pkgs.callPackage ./modules/netboot/netboot-pixie-core.nix {
-            #    inherit (self'.packages) netboot;
-            #  };
+        perSystem =
+          { self', pkgs, system, ... }:
+          {
+            # apply the lix overlay to banish CppNix
+            _module.args.pkgs = import inputs.nixpkgs {
+              inherit system;
+              overlays = [ inputs.lix-module.overlays.default ];
+            };
+
+            devShells.default = pkgs.mkShellNoCC {
+              buildInputs = [
+                pkgs.ipmitool
+                pkgs.colmena
+
+                pkgs.python3.pkgs.invoke
+                #Until nixos-anywhere is packaged
+                pkgs.python3.pkgs.deploykit
+                pkgs.mypy
+                pkgs.pixiecore
+                pkgs.dnsmasq
+                pkgs.python3.pkgs.netaddr
+                pkgs.qemu_kvm
+                pkgs.openssh
+                pkgs.gitMinimal # for git flakes
+                pkgs.rsync
+                pkgs.nix
+                pkgs.coreutils
+                pkgs.curl # when uploading tarballs
+                pkgs.gnugrep
+                pkgs.findutils
+                pkgs.gnused # needed by ssh-copy-id
+                # sops dependencies
+                pkgs.age
+                pkgs.yq-go
+              ] ++ pkgs.lib.optional (pkgs.stdenv.isLinux) pkgs.mkpasswd;
+            };
+            packages = {
+              #  netboot = pkgs.callPackage ./modules/netboot/netboot.nix {
+              #    # this nixosSystem is built for x86_64 machines regardless of the host machine
+              #    pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux;
+              #    inherit (inputs.nixpkgs.lib) nixosSystem;
+              #    extraModules = [
+              #      self.inputs.nur.nixosModules.nur
+              #      { _module.args.inputs = self.inputs; }
+              #    ];
+              #  };
+
+              #  netboot-pixie-core = pkgs.callPackage ./modules/netboot/netboot-pixie-core.nix {
+              #    inherit (self'.packages) netboot;
+              #  };
+            };
          };
-        };
        flake = {
-          hydraJobs = inputs.nixpkgs.lib.mapAttrs' (name: config: inputs.nixpkgs.lib.nameValuePair "nixos-${name}" config.config.system.build.toplevel) self.nixosConfigurations // {
-            devShells = self.devShells.x86_64-linux.default;
-          };
+          hydraJobs =
+            inputs.nixpkgs.lib.mapAttrs' (
+              name: config: inputs.nixpkgs.lib.nameValuePair "nixos-${name}" config.config.system.build.toplevel
+            ) self.nixosConfigurations
+            // {
+              devShells = self.devShells.x86_64-linux.default;
+            };
        };
-      })).config.flake;
+      }
+    )).config.flake;

 }
--- a/hosts/epyc.nix
+++ b/hosts/epyc.nix
@ -1,7 +1,7 @@
-{ lib, pkgs, ... }:
+{ inputs, lib, pkgs, ... }:
 let
  gcc-system-features = arch: lib.optionals (arch != null) ([ "gccarch-${arch}" ]
-    ++ map (x: "gccarch-${x}") lib.systems.architectures.inferiors.${arch});
+  ++ map (x: "gccarch-${x}") lib.systems.architectures.inferiors.${arch});
 in
 {
  imports = [
@ -9,46 +9,41 @@ in
    ../modules/hardware/supermicro-H12SSL-i.nix
    ../modules/iperf-server.nix
    ../modules/hypervisor.nix
-    ../modules/hydra/coordinator.nix
    ../modules/android-cache.nix
    ../modules/garage.nix
    ../modules/users/friends.nix
+    ../modules/bagel-container.nix
+    ../modules/lix-bug-details-pls
+  ];
+
+  # Include debuginfo for Lix
+  environment.systemPackages = [
+    pkgs.lix.debug
+    pkgs.lix.passthru.capnproto-lix.debug
+  ];
+  environment.pathsToLink = [
+    "/lib/debug"
  ];

  networking.hostName = "epyc";

+  security.acme.acceptTerms = true;
+  security.acme.defaults.email = "epyc@lahfa.xyz";
+
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;

-  virtualisation.docker = {
-    enable = true;
-    rootless.enable = true;
-  };
-
-  # TODO: there's a critical bug on 6.8+ where btrfs won't mount the rootfs at all.
-  # Do not upgrade until it is fixed. Ping Raito when needed.
-  # boot.kernelPackages = pkgs.linuxPackage_latest;
+  boot.kernelPackages = pkgs.linuxPackages_latest;

  # Open public access to our PostgreSQL.
  services.postgresql.enable = true;
  services.postgresql.enableTCPIP = true;
  services.postgresql.authentication = ''
-  host  hydra-nixos-org hydra_ro  ::/0  trust
+    host  hydra-nixos-org hydra_ro  ::/0  trust
  '';
  networking.firewall.allowedTCPPorts = [ 5432 ];

-  nix.buildMachines = [
-    { hostName = "localhost";
-      systems = [
-        "x86_64-linux"
-        "riscv64-linux"
-      ];
-      supportedFeatures = [ "kvm" "nixos-test" "big-parallel" "benchmark" ] ++ gcc-system-features "znver3";
-      maxJobs = 2;
-    }
-  ];
-
-  boot.binfmt.emulatedSystems = [ "riscv64-linux" "aarch64-linux" "riscv64-linux" ];
+  boot.binfmt.emulatedSystems = [ "riscv64-linux" "aarch64-linux" ];

  simd.arch = "znver3";
  system.stateVersion = "23.05";
--- a/modules/bagel-container.nix
+++ b/modules/bagel-container.nix
@ -0,0 +1,46 @@
+# Stateful/mutable container used for Bagel (tm) related infra (mostly
+# rebuilding nixpkgs a lot).
+#
+# System image is stored at /var/lib/machines/bagel.
+{
+  systemd.nspawn.bagel = {
+    execConfig = {
+      Boot = true;
+      Ephemeral = false;
+      PrivateUsers = true;
+      NotifyReady = true;
+      LinkJournal = "try-guest";
+    };
+
+    networkConfig = {
+      Bridge = "wan-br";
+      VirtualEthernetExtra = "vb-bagel-v4:host1";
+    };
+  };
+
+  systemd.services."systemd-nspawn@bagel" = {
+    wantedBy = [ "machines.target" ];
+    wants = [ "network.target" ];
+    after = [ "network.target" ];
+    overrideStrategy = "asDropin";
+  };
+
+  systemd.network.networks."20-vb-bagel-v4" = {
+    matchConfig.Name = "vb-bagel-v4";
+    networkConfig.Address = [ "172.16.100.1/24" ];
+    networkConfig.IPMasquerade = true;
+  };
+
+  # Configure a local Nix builder account, since getting sandboxing and KVM
+  # working inside the container will be tricky.
+  users.users.bagel-builder = {
+    isSystemUser = true;
+    group = "nogroup";
+    home = "/var/empty";
+    shell = "/bin/sh";
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAvUT9YBig9LQPHgypIBHQuC32XqDKxlFZ2CfgDi0ZKx"
+    ];
+  };
+  nix.settings.trusted-users = [ "bagel-builder" ];
+}
--- a/modules/buildbot/default.nix
+++ b/modules/buildbot/default.nix
@ -34,7 +34,6 @@ in
      pkgs.gh
      pkgs.nix
      pkgs.nix-output-monitor
-      inputs.attic.packages.x86_64-linux.attic
    ];
    environment.PYTHONPATH = "${python.withPackages (_: [package])}/${python.sitePackages}";
    environment.MASTER_URL = ''TCP:2a01\\:e34\\:ec2a\\:8e60\\:8ec7\\:b5d2\\:f663\\:a67a:9989'';
--- a/modules/hardware/supermicro-H12SSL-i.nix
+++ b/modules/hardware/supermicro-H12SSL-i.nix
@ -14,33 +14,43 @@
  boot.kernelModules = [ "kvm-amd" ];
  boot.extraModulePackages = [ ];

-  boot.initrd.extraUtilsCommands = ''
-    copy_bin_and_libs ${pkgs.nvme-cli}/bin/nvme
-    copy_bin_and_libs ${pkgs.util-linux}/bin/blkzone
-    copy_bin_and_libs ${pkgs.util-linux}/bin/lsblk
-  '';
+  boot.initrd.services.lvm.enable = true;
+  boot.initrd.systemd.enable = true;

-  boot.initrd.systemd.enable = lib.mkForce false;
-
-  fileSystems."/" =
-    { device = "/dev/disk/by-uuid/3a81ba8f-f5bb-446c-89a3-ad77e354dae0";
-      fsType = "btrfs";
+  fileSystems."/experiments" =
+    { device = "/dev/disk/by-uuid/40ef7d25-91c5-41e4-a40f-b0fb93658ffe";
+      fsType = "ext4";
    };

-  boot.initrd.luks.devices."nixroot" = {
-   device = "/dev/disk/by-uuid/c10d2822-cb83-4666-98f8-0aa04be259bc";
-   keyFile = "/dev/zero";
-   keyFileSize = 1;
-  };
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/53cc33a3-1488-44c4-8f5d-a2bc67914274";
+      fsType = "xfs";
+    };
+
+  fileSystems."/nix" =
+    { device = "/dev/disk/by-uuid/cee7b903-53f6-4967-b95d-654d34ccd460";
+      fsType = "xfs";
+    };
+
+  fileSystems."/home" =
+    { device = "/dev/disk/by-uuid/5625935d-579b-41e4-be35-03df8437bc2c";
+      fsType = "xfs";
+    };
+
+  fileSystems."/var" =
+    { device = "/dev/disk/by-uuid/33bf7f4e-37f5-4121-84ac-70d06964ea21";
+      fsType = "xfs";
+    };

  fileSystems."/boot" =
    { device = "/dev/disk/by-uuid/AFF2-3149";
      fsType = "vfat";
+      options = [ "fmask=0022" "dmask=0022" ];
    };

  swapDevices =
    [ { device = "/dev/disk/by-uuid/93e251e1-1bfc-4bd4-8585-ea2eae7795bf"; }
-  ];
+    ];

  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
--- a/modules/lix-bug-details-pls/0001-wip-complain-about-failing-goals-at-warn-level.patch
+++ b/modules/lix-bug-details-pls/0001-wip-complain-about-failing-goals-at-warn-level.patch
@ -0,0 +1,40 @@
+From 96937c58232ad6eaa11d1370220101c3ce2d00c3 Mon Sep 17 00:00:00 2001
+From: Jade Lovelace <lix@jade.fyi>
+Date: Thu, 29 Aug 2024 23:04:39 -0700
+Subject: [PATCH] wip: complain about failing goals at warn level
+
+I want to fix the bug that appears here:
+
+error: build of '/nix/store/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-nixos-test-driver-nix-copy-closure.drv' on 'ssh-ng://nix@epyc.infra.newtype.fr' failed: error: some dependencies of '/nix/store/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-nixos-test-driver-nix-copy-closure.drv' are missing
+error: builder for '/nix/store/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-nixos-test-driver-nix-copy-closure.drv' failed with exit code 1
+error: 1 dependencies of derivation '/nix/store/bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb-vm-test-run-nix-copy-closure.drv' failed to build
+
+However, this is conditional on nrFailed, and I cannot for the life of
+me figure out *who* is failing and *why*.
+
+Hopefully with these data I can narrow down why this bug is happening
+
+Change-Id: I7dca71b1c8ac92e7cc40c47ab37c952a7673cf42
+---
+ src/libstore/build/worker.cc | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/src/libstore/build/worker.cc b/src/libstore/build/worker.cc
+index 1b4633e64..a93be28a6 100644
+--- a/src/libstore/build/worker.cc
+++ b/src/libstore/build/worker.cc
+@@ -160,7 +160,10 @@ void Worker::goalFinished(GoalPtr goal, Goal::Finished & f)
+ 
+             waiting->trace(fmt("waitee '%s' done; %d left", goal->name, waiting->waitees.size()));
+ 
+-            if (f.result != Goal::ecSuccess) ++waiting->nrFailed;
+            if (f.result != Goal::ecSuccess) {
+                ++waiting->nrFailed;
+                warn("Waiter %s experienced non-success of waitee %s with result %d", waiting->getName(), goal->getName(), f.result);
+            }
+             if (f.result == Goal::ecNoSubstituters) ++waiting->nrNoSubstituters;
+             if (f.result == Goal::ecIncompleteClosure) ++waiting->nrIncompleteClosure;
+ 
+-- 
+2.44.1
+
--- a/modules/lix-bug-details-pls/default.nix
+++ b/modules/lix-bug-details-pls/default.nix
@ -0,0 +1,22 @@
+{ ... }:
+{
+  # jade: this exists because of a Lix bug that has me losing my damn mind and we really cannot debug it without either:
+  # * debug logs (infeasible. they are way too spammy)
+  # * patching lix (well look where we are)
+  #
+  # I don't really think it's necessarily appropriate to log at info level when
+  # a derivation fails on `main`, so here we have a yolopatch to get the damn
+  # thing in the log.
+  #
+  # I suspect it is a race condition with the garbage collector.
+  nixpkgs.overlays = [
+    (final: prev: {
+      lix = prev.lix.overrideAttrs (old: {
+        patches = (old.patches or [ ]) ++ [
+          # This patch doesn't apply anymore.
+          # ./0001-wip-complain-about-failing-goals-at-warn-level.patch
+        ];
+      });
+    })
+  ];
+}
--- a/modules/network.nix
+++ b/modules/network.nix
@ -14,8 +14,8 @@
    '')
    config.networking.newtype.hosts);

-  # leave container interfaces alone
-  systemd.network.networks."05-veth".extraConfig = ''
+  # leave container interfaces alone unless otherwise specified
+  systemd.network.networks."95-veth".extraConfig = ''
    [Match]
    Driver = veth

@ -34,12 +34,29 @@
    linkConfig.Name = "nat-lan";
  };

-  systemd.network.networks."10-wan" = {
-    matchConfig.Name = "wan";
+  systemd.network.netdevs."10-wan-br" = {
+    netdevConfig.Name = "wan-br";
+    netdevConfig.Kind = "bridge";
+    netdevConfig.MACAddress = "none";
+    bridgeConfig.MulticastSnooping = false;
+  };
+
+  systemd.network.links."10-wan-br" = {
+    matchConfig.Name = "wan-br";
+    linkConfig.MACAddressPolicy = "none";
+  };
+
+  systemd.network.networks."10-wan-br" = {
+    matchConfig.Name = "wan-br";
    linkConfig.RequiredForOnline = true;
    networkConfig.Address = [ config.networking.newtype.currentHost.ipv6 ];
  };

+  systemd.network.networks."10-wan" = {
+    matchConfig.Name = "wan";
+    networkConfig.Bridge = "wan-br";
+  };
+
  systemd.network.links."10-wan" = {
    matchConfig.MACAddress = "3c:ec:ef:7e:bd:c9";
    linkConfig.Name = "wan";
--- a/modules/nix-daemon.nix
+++ b/modules/nix-daemon.nix
@ -1,7 +1,6 @@
 { lib
 , config
 , pkgs
-, inputs
 , ...
 }:

@ -36,6 +35,7 @@ in

    # Avoid weird failures for builders.
    services.openssh.settings.MaxStartups = 100;
+    services.openssh.settings.MaxSessions = 100;

    # Memory accounting techniques
    systemd.services.nix-daemon.serviceConfig = {
@ -57,10 +57,6 @@ in
      # Randomize GC to avoid thundering herd effects.
      gc.randomizedDelaySec = "1800";

-      # Inchallah, it works.
-      package = pkgs.nixVersions.nix_2_18;
-      # package = lib.mkForce inputs.nixpkgs-unstable.legacyPackages.x86_64-linux.nixVersions.nix_2_17;
-
      # should be enough?
      nrBuildUsers = 128;

--- a/modules/packages.nix
+++ b/modules/packages.nix
@ -1,4 +1,4 @@
-{ pkgs, inputs, ... }: {
+{ pkgs, config, inputs, ... }: {
  # this extends the list from:
  # https://github.com/numtide/srvos/blob/master/server.nix#L10
  environment.systemPackages = with pkgs; [
@ -6,7 +6,6 @@
    whois

    nix-output-monitor
-    inputs.attic.packages.x86_64-linux.attic
    jq
    psmisc
    libarchive
@ -35,9 +34,10 @@
    ethtool
    usbutils

-    ipmitool
+    config.boot.kernelPackages.perf
+    pwru

-    nix-top
+    ipmitool
    # tries to default to soft-float due to out-dated cc-rs
  ] ++ lib.optional (!stdenv.hostPlatform.isRiscV) bandwhich;
 }
--- a/modules/ssh-cursed.nix
+++ b/modules/ssh-cursed.nix
@ -1,36 +0,0 @@
-{
-  programs.ssh.extraConfig = ''
-        Host telecom-bastion
-    		HostName ssh.enst.fr
-    		User jmalka
-                IdentityFile /home/luj/.ssh/id_ed25519
-
-        Host lame11
-    		Hostname lame11.enst.fr
-    		User nix-remote-builder
-    		ProxyJump telecom-bastion
-                IdentityFile /home/luj/.ssh/id_ed25519
-        Host lame10
-    		Hostname lame10.enst.fr
-    		User nix-remote-builder
-    		ProxyJump telecom-bastion
-                IdentityFile /home/luj/.ssh/id_ed25519
-        Host lame12
-    		Hostname lame12.enst.fr
-    		User nix-remote-builder
-    		ProxyJump telecom-bastion
-                IdentityFile /home/luj/.ssh/id_ed25519
-        Host lame16
-    		Hostname lame16.enst.fr
-    		User nix-remote-builder
-    		ProxyJump telecom-bastion
-                IdentityFile /home/luj/.ssh/id_ed25519
-        Host lame17
-    		Hostname lame17.enst.fr
-    		User nix-remote-builder
-    		ProxyJump telecom-bastion
-                IdentityFile /home/luj/.ssh/id_ed25519
-
-  '';
-
-}
--- a/modules/users/admins.nix
+++ b/modules/users/admins.nix
@ -18,12 +18,12 @@ in
        openssh.authorizedKeys.keyFiles = [ ./keys/raito.keys ];
      };

-      # Julien Malka
+      # Luj
      luj = {
        isNormalUser = true;
        home = "/home/luj";
        extraGroups = extraGroups ++ [ "production-hydra-db" ];
-        shell = "/run/current-system/sw/bin/zsh";
+        shell = "/run/current-system/sw/bin/bash";
        uid = 1001;
        openssh.authorizedKeys.keyFiles = [ ./keys/luj.keys ];
      };
--- a/modules/users/friends.nix
+++ b/modules/users/friends.nix
@ -80,5 +80,15 @@ in
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII3tjB4KYDok3KlWxdBp/yEmqhhmybd+w0VO4xUwLKKV"
      ];
    };
+    # Raito: Temporary account for the next week, for VM testing in the context of the systemd-hardening project.
+    jmarquet = {
+      isNormalUser = true;
+      home = "/home/jmarquet";
+      uid = 2008;
+      expires = "2024-08-30";
+      openssh.authorizedKeys.keys = [
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFe4tx0+lNX2w7kG94c9u7U0wHuOc2A6zpHcbyAs+w/d thejohncrafter@system76-pc"
+      ];
+    };
  };
 }
--- a/modules/users/keys/akechi.keys
+++ b/modules/users/keys/akechi.keys
@ -1,2 +1 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDmC/lBooMyJZnyuU0/f6Qufi48DCEQ1RNT1l25cbvZWCXRrAJuQUTgb7u2nl8SEiQTRbZy/FTesaoPNBRWtWXK/8M0K58DeTMdNeTV8joW+vwEzRF3LPb9gU3FqCuuFFRqhJNC16cFBxXMCyjmktl8EG9o5yVcT/6HdwvXRKlas+EqXHlZblXxYQfCjWkpd3vzIoEfPwkUpQFlvLltTBT+EUWTiysvF8cCCuBx7EXHX++fNNySDoB9bQJ+sYoAvuhtfZ5eYNePpYQCV71KMEPYBqJ7AQpvdbMa34Rx7mghGCLk580qWTuXf/vqKRD4EAsvPYtK/xJNyjrCTX99TL60NIsBgNzQvvFFIaAsD91nD13gaEvybOjIo1lbzSZhbreX1qdWeUCR32HDUH4fEVv81VSaPbH2zxWqIf8bLDMJ7pCLKncyCZD1yVFCXsDV/J8BQq0c3GtFh3eEt59bkk6iU+LXv9dvwJtCvsp087Yh4qhj0L9z2zgczeljKJtFFTZhWbY3WEKiureoI7iPEJvLB8B6pGF0qQmIjbIIx6gtBoJc891w+XUmaXfHhWsVV7eq2y/AU7BvXAZp3LigWvosmPpoYsgjS0RNp2RJo2ufN6wKBtq+qv0xM+S6JvXo5pf2Oe11qp8hxF32MNv+djFK3Qf/JMkZAQd1Y/vW/Gg8Xw==
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK5vbxUd8I+uF/OY/PpPhSzrLN14Waq82uyQXNPYpHjA
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICRDM7fyeGRgYzuW+falRZayYSf5xMwj2d2PI9vSyjOD
--- a/modules/users/keys/luj.keys
+++ b/modules/users/keys/luj.keys
@ -1,13 +1,3 @@
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM9Uzb7szWlux7HuxLZej9cBR5MhLz/vaAPPfSoozt2k
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHoYi9YFzovZfwrY3BUA3QqcyBE8gfNTncbs3qqkLbyY
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDCKfPoMNrnyNWH6J1OvQ+n1rvSS9Sc2iZf6E1JQC+L4
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIESMWr29i3rhj32oLV3DKe57YI+jvNaKjZhhpq6dEjsn
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJOCKgHRHAJDSgKqYNfWboL04mnEOM0m0K3TGxBhBNDR
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOpGHx430EpJmbtJc8+lF1CpQ1gXeHT9OeZ08O8yzohF
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEaCGndojnmS5IoqHVMEPRfKuBZotMyqo7wNkAZJWigp
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILxfFq8wx5Bet5Q0gI28/lc9ryYYFQelpZdPPdzxGBbA
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGa+7n7kNzb86pTqaMn554KiPrkHRGeTJ0asY1NjSbpr
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILKIDLmQQ+P+jE4zVRpdVp8fmYEe4nzPDqYZt6A4eyIi
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAkj2xsN7Qt/Ew2QO+HiF2yOjXPRucZ3SbIdPDLJoh22
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDMBW7rTtfZL9wtrpCVgariKdpN60/VeAzXkh9w3MwbO
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCUt5I3IgONzYsMOFnRXtvR/uLXlIs6oWsCmh6YGgnpGD4M9lFdoYAOeC1faQUnP66sNs6AoacrGlPZ1UkVUqYEoIr2hiNCDRzzLCQ2J/sSaw7Hv0PKT7MWMo8R076M3TrdunCchBJI1noez3waM9aL4b/iYVhxym28ET55QrWjyMQfZL9PXzOKZatNVcK8AmdtSbI+pFrm/tTZPa321drm9PHOo9CL+lG4YmVZcXa0bVfVtk1GXlWwNpCj2ExLmbF1rRpAa05khfnbg3sBSklwf5NRXj11KneodKRF81ji7MtBhIIfoEXSYht7yspdkkS9e9mv16VGV+2ziM8zG3MK/iUq7fg5ksN54D3DNrd9iI5WjQZsLUrK0ypxO2NtvupWGYt3rCyKA/QvynbxOWFp6cy3Evej142hsfbiOcPIgCtGdHIBevp+KmPxkHBqsJPBqb3Y7nOMT1/ggDMtvHZEZJjEI2D2RjZNEXGbq63OPAqEkgmecW0cXlrjLEGhF2E=
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGa+7n7kNzb86pTqaMn554KiPrkHRGeTJ0asY1NjSbpr julien@tower
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIADCpuBL/kSZShtXD6p/Nq9ok4w1DnlSoxToYgdOvUqo julien@fischer
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMAa0wll9ildhgPiV0DhgJXXtw3TQr5VkNxxxPspHSbX julien@gallifrey
Author	SHA1	Message	Date
raito	5aeb620a66	chore: disable the lix bug details plz patch Signed-off-by: Raito Bezarius <masterancpp@gmail.com>	2024-10-19 12:29:43 +02:00
raito	8e72e4585e	chore: lix can sometimes… have no patch! Signed-off-by: Raito Bezarius <masterancpp@gmail.com>	2024-10-19 12:29:01 +02:00
raito	852d0c107b	chore: get rid of the deadlock factory Signed-off-by: Raito Bezarius <masterancpp@gmail.com>	2024-10-19 12:27:56 +02:00
Linus Heckemann	fe3e4a50fb	nix-daemon: set MaxSessions to 100 This makes more simultaneous remote builds possible when using a multiplexed SSH connection.	2024-10-19 10:24:25 +00:00
jade	c1f9e26c06	nix config: misc tidying Let's be real, I am doing this because I got impatient with the gratuitous copy to the store this eliminates caused by pkgs.path. Also gets rid of stuff in nix.extraOptions which is deprecated.	2024-10-19 10:21:17 +00:00
jade	227e8a381a	lix: link debuginfo into the closure This is to ease debugging of lix-project/lix#549	2024-10-19 10:21:17 +00:00
jade	4ae36d6b79	lix: use the lix module This is primarily to banish CppNix from Colmena's closure among other places.	2024-10-19 10:21:17 +00:00
raito	7248adf458	chore: update lix Signed-off-by: Raito Bezarius <masterancpp@gmail.com>	2024-10-19 12:17:03 +02:00
Julien Malka	9602ab9539	chore: remove PII	2024-10-12 20:27:00 +02:00
Julien Malka	be798718ce	chore(luj): switch shell to bash	2024-10-12 20:26:26 +02:00
Julien Malka	74ae6096fd	chore: drop ssh-cursed module	2024-10-12 20:24:27 +02:00
Julien Malka	e018572545	chore: update lix	2024-10-12 20:22:06 +02:00
Julien Malka	2b0bd95587	chore: update luj keys	2024-10-12 20:21:53 +02:00
raito	5c6e3b2715	feat: introduce cutting edge Lix Signed-off-by: Raito Bezarius <masterancpp@gmail.com>	2024-09-27 13:07:31 +02:00
raito	23831441b3	flake: update srvos Signed-off-by: Raito Bezarius <masterancpp@gmail.com>	2024-08-30 08:56:43 +02:00
raito	60b1cef998	Merge pull request 'epyc: hack in better lix logging for debugging our CI problems' (#5 ) from jade/raito-shared-public-infra:jade/logs-pls into main Reviewed-on: raito/shared-public-infra#5	2024-08-30 06:54:00 +00:00
jade	fdc980208d	epyc: hack in better lix logging for debugging our CI problems Sample broken thing: https://buildbot.lix.systems/#/builders/40/builds/3400/steps/1/logs/stdio I have a suspicion it's that the path vanished due to GC or something, and I want to catch the next occurrence. The error: error: build of '/nix/store/f02iygmil30yfy92xf8cwp224lcr2nay-nixos-test-driver-nix-copy-closure.drv' on 'ssh-ng://nix@epyc.infra.newtype.fr' failed: error: some dependencies of '/nix/store/f02iygmil30yfy92xf8cwp224lcr2nay-nixos-test-driver-nix-copy-closure.drv' are missing This is because nrFailed is not zero, which we don't have any god damned idea why that is because there is NO LOG for those. So we don't even know what goal type failed to begin with. ---- WARNING: this updates nixpkgs by two months!! You will potentially experience other breakage.	2024-08-29 23:33:54 -07:00
raito	0a1d7fe2e1	feat: use Lix ffs I ran into a bug with Nix 2.18.2. Signed-off-by: Raito Bezarius <masterancpp@gmail.com>	2024-08-22 18:23:53 +02:00
raito	ea74128e31	feat: add jmarquet account for the next week Signed-off-by: Raito Bezarius <masterancpp@gmail.com>	2024-08-22 15:47:59 +02:00
raito	2f09831cd8	Merge pull request 'akechi: update ssh keys' (#4 ) from akechishiro/shared-public-infra:update-ssh-keys into main Reviewed-on: raito/shared-public-infra#4	2024-07-09 18:48:38 +00:00
AkechiShiro	9af56ee89f	akechi: update ssh keys	2024-07-09 20:46:52 +02:00
raito	353ea2a57b	feat: add `perf` & `pwru` Signed-off-by: Raito Bezarius <masterancpp@gmail.com>	2024-07-08 16:25:42 +02:00
Pierre Bourdon	d5cf620e0a	bagel-container: provision a user with Nix store perms for remote builds	2024-07-04 19:45:48 +00:00
raito	1b1c6b2849	feat: cleanup post btrfs epic crash BTRFS had a bug and we know how it goes. Signed-off-by: Raito Bezarius <masterancpp@gmail.com>	2024-07-04 21:25:14 +02:00
raito	c96bce2975	fix: pin kernel to 6.7.5 6.7.6, 6.7.7 are not working for unknown reasons even though a previous NixOS stable 23.11 revision with 6.7.7 worked… Let's keep it that way for now, pending bisection between 6.7.5..6.7.6. Signed-off-by: Raito Bezarius <masterancpp@gmail.com>	2024-06-30 14:15:30 +02:00
raito	edf11d7650	Merge pull request 'bagel factory: init' (#2 ) from delroth/raito-shared-public-infra:container-prep into main Reviewed-on: raito/shared-public-infra#2	2024-06-23 18:26:57 +00:00
Pierre Bourdon	a1c645a1e6	bagel-container: provide IPv4 NAT for outbound access	2024-06-23 20:24:46 +02:00
Pierre Bourdon	7d9d2a93df	modules: add bagel-container	2024-06-23 19:33:00 +02:00
Pierre Bourdon	9e609128af	network: add a wan bridge for VMs/containers	2024-06-23 19:33:00 +02:00
Pierre Bourdon	6fe7c98069	gitignore: also ignore Nix result/ and colmena .gcroots/	2024-06-23 03:13:50 +02:00
Pierre Bourdon	f7902ae1c7	Bump nixpkgs to unstable and only pin for kernelPackages.	2024-06-23 03:13:50 +02:00
Julien Malka	9ff0d194aa	disable auto-upgrade	2024-06-17 21:18:17 +02:00
Julien Malka	544e12c33f	pin kernel to 6.7.7	2024-06-14 22:17:49 +02:00
Ryan Lahfa	61e044607c	Merge pull request 'feat: add delroth as root@ for capability building' (#5 ) from so-it-has-begun into main Reviewed-on: https://git.newtype.fr/newtype/newtype-org-configurations/pulls/5	2024-06-08 14:08:03 +02:00