Merge pull request 'bagel factory: init' (#2) from delroth/raito-shared-public-infra:container-prep into main
Reviewed-on: #2
This commit is contained in:
commit
edf11d7650
2
.gitignore
vendored
2
.gitignore
vendored
|
@ -1 +1,3 @@
|
||||||
.direnv
|
.direnv
|
||||||
|
result
|
||||||
|
.gcroots
|
||||||
|
|
|
@ -9,7 +9,6 @@ let
|
||||||
colmena
|
colmena
|
||||||
flake-registry
|
flake-registry
|
||||||
nixos-hardware
|
nixos-hardware
|
||||||
nixpkgs-unstable
|
|
||||||
srvos
|
srvos
|
||||||
disko
|
disko
|
||||||
;
|
;
|
||||||
|
|
102
flake.lock
102
flake.lock
|
@ -10,11 +10,11 @@
|
||||||
"systems": "systems"
|
"systems": "systems"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1716561646,
|
"lastModified": 1718371084,
|
||||||
"narHash": "sha256-UIGtLO89RxKt7RF2iEgPikSdU53r6v/6WYB0RW3k89I=",
|
"narHash": "sha256-abpBi61mg0g+lFFU0zY4C6oP6fBwPzbHPKBGw676xsA=",
|
||||||
"owner": "ryantm",
|
"owner": "ryantm",
|
||||||
"repo": "agenix",
|
"repo": "agenix",
|
||||||
"rev": "c2fc0762bbe8feb06a2e59a364fa81b3a57671c9",
|
"rev": "3a56735779db467538fb2e577eda28a9daacaca6",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -32,11 +32,11 @@
|
||||||
"nixpkgs-stable": "nixpkgs-stable"
|
"nixpkgs-stable": "nixpkgs-stable"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1711742460,
|
"lastModified": 1717279440,
|
||||||
"narHash": "sha256-0O4v6e4a1toxXZ2gf5INhg4WPE5C5T+SVvsBt+45Mcc=",
|
"narHash": "sha256-kH04ReTjxOpQumgWnqy40vvQLSnLGxWP6RF3nq5Esrk=",
|
||||||
"owner": "zhaofengli",
|
"owner": "zhaofengli",
|
||||||
"repo": "attic",
|
"repo": "attic",
|
||||||
"rev": "4dbdbee45728d8ce5788db6461aaaa89d98081f0",
|
"rev": "717cc95983cdc357bc347d70be20ced21f935843",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -76,11 +76,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1702918879,
|
"lastModified": 1717025063,
|
||||||
"narHash": "sha256-tWJqzajIvYcaRWxn+cLUB9L9Pv4dQ3Bfit/YjU5ze3g=",
|
"narHash": "sha256-dIubLa56W9sNNz0e8jGxrX3CAkPXsq7snuFA/Ie6dn8=",
|
||||||
"owner": "ipetkov",
|
"owner": "ipetkov",
|
||||||
"repo": "crane",
|
"repo": "crane",
|
||||||
"rev": "7195c00c272fdd92fc74e7d5a0a2844b9fadb2fb",
|
"rev": "480dff0be03dac0e51a8dfc26e882b0d123a450e",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -118,11 +118,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1716431128,
|
"lastModified": 1718846788,
|
||||||
"narHash": "sha256-t3T8HlX3udO6f4ilLcN+j5eC3m2gqsouzSGiriKK6vk=",
|
"narHash": "sha256-9dtXYtEkmXoUJV+PGLqscqF7qTn4AIhAKpFWRFU2NYs=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "disko",
|
"repo": "disko",
|
||||||
"rev": "7ffc4354dfeb37c8c725ae1465f04a9b45ec8606",
|
"rev": "e1174d991944a01eaaa04bc59c6281edca4c0e6e",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -170,11 +170,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1715865404,
|
"lastModified": 1717285511,
|
||||||
"narHash": "sha256-/GJvTdTpuDjNn84j82cU6bXztE0MSkdnTWClUCRub78=",
|
"narHash": "sha256-iKzJcpdXih14qYVcZ9QC9XuZYnPc6T8YImb6dX166kw=",
|
||||||
"owner": "hercules-ci",
|
"owner": "hercules-ci",
|
||||||
"repo": "flake-parts",
|
"repo": "flake-parts",
|
||||||
"rev": "8dc45382d5206bd292f9c2768b8058a8fd8311d9",
|
"rev": "2a55567fcf15b1b1c7ed712a2c6fadaec7412ea8",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -186,11 +186,11 @@
|
||||||
"flake-registry": {
|
"flake-registry": {
|
||||||
"flake": false,
|
"flake": false,
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1705308826,
|
"lastModified": 1717415742,
|
||||||
"narHash": "sha256-Z3xTYZ9EcRIqZAufZbci912MUKB0sD+qxi/KTGMFVwY=",
|
"narHash": "sha256-HKvoLGZUsBpjkxWkdtctGYj6RH0bl6vcw0OjTOqyzJk=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "flake-registry",
|
"repo": "flake-registry",
|
||||||
"rev": "9c69f7bd2363e71fe5cd7f608113290c7614dcdd",
|
"rev": "895a65f8d5acf848136ee8fe8e8f736f0d27df96",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -257,11 +257,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1717527182,
|
"lastModified": 1718530513,
|
||||||
"narHash": "sha256-vWSkg6AMok1UUQiSYVdGMOXKD2cDFnajITiSi0Zjd1A=",
|
"narHash": "sha256-BmO8d0r+BVlwWtMLQEYnwmngqdXIuyFzMwvmTcLMee8=",
|
||||||
"owner": "rycee",
|
"owner": "rycee",
|
||||||
"repo": "home-manager",
|
"repo": "home-manager",
|
||||||
"rev": "845a5c4c073f74105022533907703441e0464bc3",
|
"rev": "a1fddf0967c33754271761d91a3d921772b30d0e",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -273,11 +273,11 @@
|
||||||
},
|
},
|
||||||
"nixos-hardware": {
|
"nixos-hardware": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1716715385,
|
"lastModified": 1719069430,
|
||||||
"narHash": "sha256-fe6Z33pbfqu4TI5ijmcaNc5vRBs633tyxJ12HTghy3w=",
|
"narHash": "sha256-d9KzCJv3UG6nX9Aur5OSEf4Uj+ywuxojhiCiRKYVzXA=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixos-hardware",
|
"repo": "nixos-hardware",
|
||||||
"rev": "2e7d6c568063c83355fe066b8a8917ee758de1b8",
|
"rev": "e8232c132a95ddc62df9d404120ad4ff53862910",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -302,6 +302,22 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"nixpkgs-for-kernel": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1709742294,
|
||||||
|
"narHash": "sha256-8iPomMqw7grXVsugMJhsnHdbre8LnXOQUtHtMXRaWqc=",
|
||||||
|
"owner": "NixOS",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"rev": "56051fbe049bf39adc1f08eb51740c226a4c3b90",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "NixOS",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"rev": "56051fbe049bf39adc1f08eb51740c226a4c3b90",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
"nixpkgs-stable": {
|
"nixpkgs-stable": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1711460390,
|
"lastModified": 1711460390,
|
||||||
|
@ -318,13 +334,13 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"nixpkgs-unstable": {
|
"nixpkgs_2": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1716715802,
|
"lastModified": 1718983919,
|
||||||
"narHash": "sha256-usk0vE7VlxPX8jOavrtpOqphdfqEQpf9lgedlY/r66c=",
|
"narHash": "sha256-+1xgeIow4gJeiwo4ETvMRvWoircnvb0JOt7NS9kUhoM=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "e2dd4e18cc1c7314e24154331bae07df76eb582f",
|
"rev": "90338afd6177fc683a04d934199d693708c85a3b",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -334,29 +350,13 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"nixpkgs_2": {
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1709742294,
|
|
||||||
"narHash": "sha256-8iPomMqw7grXVsugMJhsnHdbre8LnXOQUtHtMXRaWqc=",
|
|
||||||
"owner": "NixOS",
|
|
||||||
"repo": "nixpkgs",
|
|
||||||
"rev": "56051fbe049bf39adc1f08eb51740c226a4c3b90",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "NixOS",
|
|
||||||
"repo": "nixpkgs",
|
|
||||||
"rev": "56051fbe049bf39adc1f08eb51740c226a4c3b90",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"nur": {
|
"nur": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1716741358,
|
"lastModified": 1719099906,
|
||||||
"narHash": "sha256-4bxptwbmplGKq3W4tl6Zem/bOHsdLP4DSPcm/FfCaFE=",
|
"narHash": "sha256-xo1cNkVBW7NxTU5zMu0B7ZkismtkHfTRWfhBXbNnp9g=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "NUR",
|
"repo": "NUR",
|
||||||
"rev": "c65a3bde6793b437a705edfe5ff8435cbb8307a2",
|
"rev": "315cf1f8c5f5e92150d81ccafba7525c54327094",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -376,7 +376,7 @@
|
||||||
"home-manager": "home-manager_2",
|
"home-manager": "home-manager_2",
|
||||||
"nixos-hardware": "nixos-hardware",
|
"nixos-hardware": "nixos-hardware",
|
||||||
"nixpkgs": "nixpkgs_2",
|
"nixpkgs": "nixpkgs_2",
|
||||||
"nixpkgs-unstable": "nixpkgs-unstable",
|
"nixpkgs-for-kernel": "nixpkgs-for-kernel",
|
||||||
"nur": "nur",
|
"nur": "nur",
|
||||||
"srvos": "srvos"
|
"srvos": "srvos"
|
||||||
}
|
}
|
||||||
|
@ -388,11 +388,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1716425501,
|
"lastModified": 1718844164,
|
||||||
"narHash": "sha256-BSLhmGYY1khyyBAjraR+N0Pa9Nha/et5yQQlEZxcfkU=",
|
"narHash": "sha256-QUXWv6llKIQ5To2N24d9dRI78Hqfm9iFyhvmvlOICNo=",
|
||||||
"owner": "numtide",
|
"owner": "numtide",
|
||||||
"repo": "srvos",
|
"repo": "srvos",
|
||||||
"rev": "1122cd50a23647e09c3e7a679d37ec02113bc412",
|
"rev": "557ff94aa1b48a723f8fa16eb9e7a2e6de991682",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
|
@ -10,9 +10,9 @@
|
||||||
flake-parts.url = "github:hercules-ci/flake-parts";
|
flake-parts.url = "github:hercules-ci/flake-parts";
|
||||||
flake-parts.inputs.nixpkgs-lib.follows = "nixpkgs";
|
flake-parts.inputs.nixpkgs-lib.follows = "nixpkgs";
|
||||||
|
|
||||||
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
|
nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
|
||||||
# contains kernel 6.7.7, do not update
|
# contains kernel 6.7.7, do not update
|
||||||
nixpkgs.url = "github:NixOS/nixpkgs/56051fbe049bf39adc1f08eb51740c226a4c3b90";
|
nixpkgs-for-kernel.url = "github:NixOS/nixpkgs/56051fbe049bf39adc1f08eb51740c226a4c3b90";
|
||||||
|
|
||||||
nixos-hardware.url = "github:NixOS/nixos-hardware";
|
nixos-hardware.url = "github:NixOS/nixos-hardware";
|
||||||
nur.url = "github:nix-community/NUR";
|
nur.url = "github:nix-community/NUR";
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ lib, pkgs, ... }:
|
{ inputs, lib, pkgs, ... }:
|
||||||
let
|
let
|
||||||
gcc-system-features = arch: lib.optionals (arch != null) ([ "gccarch-${arch}" ]
|
gcc-system-features = arch: lib.optionals (arch != null) ([ "gccarch-${arch}" ]
|
||||||
++ map (x: "gccarch-${x}") lib.systems.architectures.inferiors.${arch});
|
++ map (x: "gccarch-${x}") lib.systems.architectures.inferiors.${arch});
|
||||||
|
@ -13,6 +13,7 @@ in
|
||||||
../modules/android-cache.nix
|
../modules/android-cache.nix
|
||||||
../modules/garage.nix
|
../modules/garage.nix
|
||||||
../modules/users/friends.nix
|
../modules/users/friends.nix
|
||||||
|
../modules/bagel-container.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
networking.hostName = "epyc";
|
networking.hostName = "epyc";
|
||||||
|
@ -27,7 +28,11 @@ in
|
||||||
|
|
||||||
# TODO: there's a critical bug on 6.8+ where btrfs won't mount the rootfs at all.
|
# TODO: there's a critical bug on 6.8+ where btrfs won't mount the rootfs at all.
|
||||||
# Do not upgrade until it is fixed. Ping Raito when needed.
|
# Do not upgrade until it is fixed. Ping Raito when needed.
|
||||||
boot.kernelPackages = pkgs.linuxPackages_6_7;
|
boot.kernelPackages = let
|
||||||
|
pkgsForKernel = import inputs.nixpkgs-for-kernel {
|
||||||
|
system = "x86_64-linux";
|
||||||
|
};
|
||||||
|
in pkgsForKernel.linuxPackages_6_7;
|
||||||
|
|
||||||
# Open public access to our PostgreSQL.
|
# Open public access to our PostgreSQL.
|
||||||
services.postgresql.enable = true;
|
services.postgresql.enable = true;
|
||||||
|
|
33
modules/bagel-container.nix
Normal file
33
modules/bagel-container.nix
Normal file
|
@ -0,0 +1,33 @@
|
||||||
|
# Stateful/mutable container used for Bagel (tm) related infra (mostly
|
||||||
|
# rebuilding nixpkgs a lot).
|
||||||
|
#
|
||||||
|
# System image is stored at /var/lib/machines/bagel.
|
||||||
|
{
|
||||||
|
systemd.nspawn.bagel = {
|
||||||
|
execConfig = {
|
||||||
|
Boot = true;
|
||||||
|
Ephemeral = false;
|
||||||
|
PrivateUsers = true;
|
||||||
|
NotifyReady = true;
|
||||||
|
LinkJournal = "try-guest";
|
||||||
|
};
|
||||||
|
|
||||||
|
networkConfig = {
|
||||||
|
Bridge = "wan-br";
|
||||||
|
VirtualEthernetExtra = "vb-bagel-v4:host1";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.services."systemd-nspawn@bagel" = {
|
||||||
|
wantedBy = [ "machines.target" ];
|
||||||
|
wants = [ "network.target" ];
|
||||||
|
after = [ "network.target" ];
|
||||||
|
overrideStrategy = "asDropin";
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.network.networks."20-vb-bagel-v4" = {
|
||||||
|
matchConfig.Name = "vb-bagel-v4";
|
||||||
|
networkConfig.Address = [ "172.16.100.1/24" ];
|
||||||
|
networkConfig.IPMasquerade = true;
|
||||||
|
};
|
||||||
|
}
|
|
@ -14,8 +14,8 @@
|
||||||
'')
|
'')
|
||||||
config.networking.newtype.hosts);
|
config.networking.newtype.hosts);
|
||||||
|
|
||||||
# leave container interfaces alone
|
# leave container interfaces alone unless otherwise specified
|
||||||
systemd.network.networks."05-veth".extraConfig = ''
|
systemd.network.networks."95-veth".extraConfig = ''
|
||||||
[Match]
|
[Match]
|
||||||
Driver = veth
|
Driver = veth
|
||||||
|
|
||||||
|
@ -34,12 +34,29 @@
|
||||||
linkConfig.Name = "nat-lan";
|
linkConfig.Name = "nat-lan";
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.network.networks."10-wan" = {
|
systemd.network.netdevs."10-wan-br" = {
|
||||||
matchConfig.Name = "wan";
|
netdevConfig.Name = "wan-br";
|
||||||
|
netdevConfig.Kind = "bridge";
|
||||||
|
netdevConfig.MACAddress = "none";
|
||||||
|
bridgeConfig.MulticastSnooping = false;
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.network.links."10-wan-br" = {
|
||||||
|
matchConfig.Name = "wan-br";
|
||||||
|
linkConfig.MACAddressPolicy = "none";
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.network.networks."10-wan-br" = {
|
||||||
|
matchConfig.Name = "wan-br";
|
||||||
linkConfig.RequiredForOnline = true;
|
linkConfig.RequiredForOnline = true;
|
||||||
networkConfig.Address = [ config.networking.newtype.currentHost.ipv6 ];
|
networkConfig.Address = [ config.networking.newtype.currentHost.ipv6 ];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
systemd.network.networks."10-wan" = {
|
||||||
|
matchConfig.Name = "wan";
|
||||||
|
networkConfig.Bridge = "wan-br";
|
||||||
|
};
|
||||||
|
|
||||||
systemd.network.links."10-wan" = {
|
systemd.network.links."10-wan" = {
|
||||||
matchConfig.MACAddress = "3c:ec:ef:7e:bd:c9";
|
matchConfig.MACAddress = "3c:ec:ef:7e:bd:c9";
|
||||||
linkConfig.Name = "wan";
|
linkConfig.Name = "wan";
|
||||||
|
|
|
@ -36,8 +36,6 @@
|
||||||
usbutils
|
usbutils
|
||||||
|
|
||||||
ipmitool
|
ipmitool
|
||||||
|
|
||||||
nix-top
|
|
||||||
# tries to default to soft-float due to out-dated cc-rs
|
# tries to default to soft-float due to out-dated cc-rs
|
||||||
] ++ lib.optional (!stdenv.hostPlatform.isRiscV) bandwhich;
|
] ++ lib.optional (!stdenv.hostPlatform.isRiscV) bandwhich;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue