diff --git a/.gitignore b/.gitignore
deleted file mode 100644
index 92b2793..0000000
--- a/.gitignore
+++ /dev/null
@@ -1 +0,0 @@
-.direnv
diff --git a/configurations.nix b/configurations.nix
index f14c0a0..05ccb4f 100644
--- a/configurations.nix
+++ b/configurations.nix
@@ -8,7 +8,6 @@ let
nur
colmena
flake-registry
- nixos-hypervisor
nixos-hardware
nixpkgs-unstable
srvos
@@ -35,61 +34,53 @@ let
./modules/hosts.nix
./modules/network.nix
./modules/zsh.nix
- ./modules/ssh-cursed.nix
- ./modules/buildbot
disko.nixosModules.disko
srvos.nixosModules.server
+ # srvos.nixosModules.mixins-telegraf
srvos.nixosModules.mixins-trusted-nix-caches
srvos.nixosModules.mixins-terminfo
- nixos-hypervisor.nixosModules.host
-
- # srvos.nixosModules.mixins-telegraf
- # srvos.nixosModules.mixins-terminfo
-
agenix.nixosModules.default
({ pkgs
, config
, lib
, ...
- }:
- let
- sopsFile = ./. + "/hosts/${config.networking.hostName}.yml";
- in
- {
- nix.nixPath = [
- "home-manager=${home-manager}"
- "nixpkgs=${pkgs.path}"
- "nur=${nur}"
- ];
- # TODO: share nixpkgs for each machine to speed up local evaluation.
- #nixpkgs.pkgs = self.inputs.nixpkgs.legacyPackages.${system};
+ }: let
+ sopsFile = ./. + "/hosts/${config.networking.hostName}.yml";
+ in {
+ nix.nixPath = [
+ "home-manager=${home-manager}"
+ "nixpkgs=${pkgs.path}"
+ "nur=${nur}"
+ ];
- #users.withSops = builtins.pathExists sopsFile;
- #sops.secrets = lib.mkIf (config.users.withSops) {
- # root-password-hash.neededForUsers = true;
- #};
- # sops.defaultSopsFile = lib.mkIf (builtins.pathExists sopsFile) sopsFile;
+ environment.systemPackages = [
+ pkgs.kitty.terminfo
+ ];
- nix.extraOptions = ''
- flake-registry = ${flake-registry}/flake-registry.json
- builders-use-substitutes = true
- '';
+ # TODO: share nixpkgs for each machine to speed up local evaluation.
+ #nixpkgs.pkgs = self.inputs.nixpkgs.legacyPackages.${system};
- nix.registry = {
- home-manager.flake = home-manager;
- nixpkgs.flake = nixpkgs;
- nur.flake = nur;
- };
- time.timeZone = "UTC";
+ #users.withSops = builtins.pathExists sopsFile;
+ #sops.secrets = lib.mkIf (config.users.withSops) {
+ # root-password-hash.neededForUsers = true;
+ #};
+ # sops.defaultSopsFile = lib.mkIf (builtins.pathExists sopsFile) sopsFile;
- environment.systemPackages = [
- pkgs.kitty.terminfo
- ];
- })
+ nix.extraOptions = ''
+ flake-registry = ${flake-registry}/flake-registry.json
+ '';
+
+ nix.registry = {
+ home-manager.flake = home-manager;
+ nixpkgs.flake = nixpkgs;
+ nur.flake = nur;
+ };
+ time.timeZone = "UTC";
+ })
];
in
{
@@ -102,15 +93,21 @@ in
++ [
./hosts/epyc.nix
];
+ };
+ vieuxtype = nixosSystem {
+ system = "x86_64-linux";
+ modules =
+ commonModules
+ ++ colmenaModules
+ ++ [
+ ./hosts/vieuxtype.nix
+ ];
};
};
flake.colmena = {
meta.nixpkgs = import nixpkgs {
system = "x86_64-linux";
- overlays = [
- nixos-hypervisor.overlays.default
- ];
};
epyc = {
imports =
@@ -118,6 +115,15 @@ in
++ [
./hosts/epyc.nix
];
+ };
+ vieuxtype = {
+ system = "x86_64-linux";
+ modules =
+ commonModules
+ ++ [
+ ./hosts/vieuxtype.nix
+ ];
};
+
};
}
diff --git a/docs/vieuxtype.lstopo.svg b/docs/vieuxtype.lstopo.svg
new file mode 100644
index 0000000..da866d3
--- /dev/null
+++ b/docs/vieuxtype.lstopo.svg
@@ -0,0 +1,63 @@
+
+
diff --git a/docs/vieuxtype.md b/docs/vieuxtype.md
new file mode 100644
index 0000000..ca86ff2
--- /dev/null
+++ b/docs/vieuxtype.md
@@ -0,0 +1,83 @@
+# vieuxtype
+
+```
+System: Host: vieuxtype Kernel: 6.1.31 x86_64 bits: 64 compiler: gcc v: 12.2.0
+ parameters: initrd=\efi\nixos\mf13ryz0gl48s8672gzg80lvq9yd8189-initrd-linux-6.1.31-initrd.efi
+ init=/nix/store/5c8yhqcmf24d61m99cpqc3ffjma90cxs-nixos-system-vieuxtype-23.05.553.e7603eba51f/init
+ console=ttyS0,115200 panic=30 boot.panic_on_fail loglevel=4
+ Console: N/A Distro: NixOS 23.05 (Stoat)
+Machine: Type: Kvm System: QEMU product: Standard PC (i440FX + PIIX, 1996) v: pc-i440fx-7.2
+ serial: N/A Chassis: type: 1 v: pc-i440fx-7.2 serial: N/A
+ Mobo: N/A model: N/A serial: N/A UEFI: EFI Development Kit II / OVMF v: 3.20230228-2
+ date: 04/04/2023
+Memory: RAM: total: 5.8 GiB used: 820.6 MiB (13.8%)
+ Array-1: capacity: 6 GiB slots: 1 EC: Multi-bit ECC max-module-size: 6 GiB note: est.
+ Device-1: DIMM 0 size: 6 GiB speed: N/A type: RAM detail: other bus-width: Unknown
+ total: Unknown manufacturer: QEMU part-no: Not Specified serial: Not Specified
+PCI Slots: Message: No PCI Slot data found.
+CPU: Info: Single Core model: Common KVM bits: 64 type: MCP arch: Netburst Presler
+ family: F (15) model-id: 6 stepping: 1 microcode: 1 cache: L2: 16 MiB
+ flags: lm nx pae sse sse2 sse3 bogomips: 5199
+ Speed: 2600 MHz min/max: N/A base/boost: 2000/2000 Core speed (MHz): 1: 2600
+ Vulnerabilities: Type: itlb_multihit status: KVM: VMX unsupported
+ Type: l1tf mitigation: PTE Inversion
+ Type: mds
+ status: Vulnerable: Clear CPU buffers attempted, no microcode; SMT Host state unknown
+ Type: meltdown mitigation: PTI
+ Type: mmio_stale_data status: Unknown: No mitigations
+ Type: retbleed status: Not affected
+ Type: spec_store_bypass status: Vulnerable
+ Type: spectre_v1 mitigation: usercopy/swapgs barriers and __user pointer sanitization
+ Type: spectre_v2
+ mitigation: Retpolines, STIBP: disabled, RSB filling, PBRSB-eIBRS: Not affected
+ Type: srbds status: Not affected
+ Type: tsx_async_abort status: Not affected
+Graphics: Device-1: vendor: Red Hat driver: bochs-drm v: N/A alternate: bochs bus-ID: 00:02.0
+ chip-ID: 1234:1111 class-ID: 0300
+ Display: server: No display server data found. Headless machine? tty: N/A
+ Message: Advanced graphics data unavailable in console for root.
+Audio: Message: No device data found.
+Network: Device-1: Intel 82371AB/EB/MB PIIX4 ACPI vendor: Red Hat Qemu virtual machine
+ type: network bridge driver: piix4_smbus v: N/A modules: i2c_piix4 port: 10c0
+ bus-ID: 00:01.3 chip-ID: 8086:7113 class-ID: 0680
+ Device-2: Red Hat Virtio network driver: virtio-pci v: 1 modules: virtio_pci port: 10e0
+ bus-ID: 00:12.0 chip-ID: 1af4:1000 class-ID: 0200
+ IF: ens18 state: up speed: -1 duplex: unknown mac: da:3e:b0:11:ae:0a
+ IP v4: 169.254.129.42/16 type: noprefixroute scope: global broadcast: 169.254.255.255
+ IP v6: 2a01:e0a:5f9:9681:33ba:55f5:6e55:beef/64 type: temporary dynamic scope: global
+ IP v6: 2a01:e0a:5f9:9681:d83e:b0ff:fe11:ae0a/64 type: dynamic mngtmpaddr scope: global
+ IP v6: 2a01:e0a:5f9:9681:a498:fffb:e48d:299/64 scope: global
+ IP v6: fe80::d83e:b0ff:fe11:ae0a/64 scope: link
+ Device-3: Red Hat Virtio network driver: virtio-pci v: 1 modules: virtio_pci port: 1400
+ bus-ID: 00:13.0 chip-ID: 1af4:1000 class-ID: 0200
+ IF: ens19 state: up speed: -1 duplex: unknown mac: 72:38:5f:a6:82:5a
+ IP v4: 10.32.64.196/20 type: dynamic noprefixroute scope: global
+ broadcast: 10.32.79.255
+ IP v6: fe80::7038:5fff:fea6:825a/64 scope: link
+ Device-4: Red Hat Virtio network driver: virtio-pci v: 1 modules: virtio_pci port: 1420
+ bus-ID: 00:14.0 chip-ID: 1af4:1000 class-ID: 0200
+ IF: ens20 state: up speed: -1 duplex: unknown mac: 8e:38:09:a2:8c:9e
+ IP v4: 10.32.64.224/20 type: dynamic noprefixroute scope: global
+ broadcast: 10.32.79.255
+ IP v6: fe80::8c38:9ff:fea2:8c9e/64 scope: link
+ IF-ID-1: tailscale0 state: unknown speed: -1 duplex: full mac: N/A
+ IP v6: fe80::7d4f:3369:71cc:66d5/64 virtual: stable-privacy scope: link
+ WAN IP: 82.65.118.1
+Drives: Local Storage: total: 40 GiB used: 10.33 GiB (25.8%)
+ ID-1: /dev/sda maj-min: 8:0 vendor: QEMU model: HARDDISK size: 40 GiB block-size:
+ physical: 512 B logical: 512 B speed: serial: drive-scsi0 rev: 2.5+
+ scheme: GPT
+ SMART: no
+Partition: ID-1: / raw-size: 11.5 GiB size: 11.22 GiB (97.55%) used: 10.27 GiB (91.6%) fs: ext4
+ block-size: 4096 B dev: /dev/sda1 maj-min: 8:1
+ ID-2: /boot raw-size: 511 MiB size: 510 MiB (99.80%) used: 54.9 MiB (10.8%) fs: vfat
+ block-size: 512 B dev: /dev/sda3 maj-min: 8:3
+Swap: Kernel: swappiness: 60 (default) cache-pressure: 100 (default)
+ ID-1: swap-1 type: partition size: 8 GiB used: 0 KiB (0.0%) priority: -2 dev: /dev/sda2
+ maj-min: 8:2
+Sensors: Message: No sensor data found. Is lm-sensors configured?
+Info: Processes: 107 Uptime: N/A wakeups: 1 Init: systemd v: 253 target: multi-user.target
+ tool: systemctl Compilers: gcc: 12.2.0 Packages: 899 nix-default: 9 nix-sys: 881
+ lib: 155 nix-usr: 9 lib: 3 Client: Sudo v: 1.9.13p3 inxi: 3.3.04
+```
+
diff --git a/flake.lock b/flake.lock
index 5f9ac55..1e7db14 100644
--- a/flake.lock
+++ b/flake.lock
@@ -9,11 +9,11 @@
]
},
"locked": {
- "lastModified": 1690228878,
- "narHash": "sha256-9Xe7JV0krp4RJC9W9W9WutZVlw6BlHTFMiUP/k48LQY=",
+ "lastModified": 1684153753,
+ "narHash": "sha256-PVbWt3qrjYAK+T5KplFcO+h7aZWfEj1UtyoKlvcDxh0=",
"owner": "ryantm",
"repo": "agenix",
- "rev": "d8c973fd228949736dedf61b7f8cc1ece3236792",
+ "rev": "db5637d10f797bb251b94ef9040b237f4702cde3",
"type": "github"
},
"original": {
@@ -22,43 +22,21 @@
"type": "github"
}
},
- "attic": {
- "inputs": {
- "crane": "crane",
- "flake-compat": "flake-compat",
- "flake-utils": "flake-utils",
- "nixpkgs": "nixpkgs",
- "nixpkgs-stable": "nixpkgs-stable"
- },
- "locked": {
- "lastModified": 1689457600,
- "narHash": "sha256-1XLn2ZZMaqQx+Ys3eel5hQRkgUn3DeHcVb2JT8WYU0A=",
- "owner": "zhaofengli",
- "repo": "attic",
- "rev": "4902d57f5dae8ec660ee9ee14c45c2192f9fe8b1",
- "type": "github"
- },
- "original": {
- "owner": "zhaofengli",
- "repo": "attic",
- "type": "github"
- }
- },
"colmena": {
"inputs": {
- "flake-compat": "flake-compat_2",
- "flake-utils": "flake-utils_2",
+ "flake-compat": "flake-compat",
+ "flake-utils": "flake-utils",
"nixpkgs": [
"nixpkgs"
],
"stable": "stable"
},
"locked": {
- "lastModified": 1688224393,
- "narHash": "sha256-rsAvFNhRFzTF7qyb6WprLFghJnRxMFjvD2e5/dqMp4I=",
+ "lastModified": 1685163780,
+ "narHash": "sha256-tMwseHtEFDpO3WKeZKWqrKRAZI6TiEULidxEbzicuFg=",
"owner": "zhaofengli",
"repo": "colmena",
- "rev": "19384f3ee2058c56021e4465a3ec57e84a47d8dd",
+ "rev": "c61bebae1dc1d57237577080b1ca1e37a3fbcebf",
"type": "github"
},
"original": {
@@ -67,36 +45,6 @@
"type": "github"
}
},
- "crane": {
- "inputs": {
- "flake-compat": [
- "attic",
- "flake-compat"
- ],
- "flake-utils": [
- "attic",
- "flake-utils"
- ],
- "nixpkgs": [
- "attic",
- "nixpkgs"
- ],
- "rust-overlay": "rust-overlay"
- },
- "locked": {
- "lastModified": 1677892403,
- "narHash": "sha256-/Wi0L1spSWLFj+UQxN3j0mPYMoc7ZoAujpUF/juFVII=",
- "owner": "ipetkov",
- "repo": "crane",
- "rev": "105e27adb70a9890986b6d543a67761cbc1964a2",
- "type": "github"
- },
- "original": {
- "owner": "ipetkov",
- "repo": "crane",
- "type": "github"
- }
- },
"darwin": {
"inputs": {
"nixpkgs": [
@@ -126,11 +74,11 @@
]
},
"locked": {
- "lastModified": 1690739034,
- "narHash": "sha256-roW02IaiQ3gnEEDMCDWL5YyN+C4nBf/te6vfL7rG0jk=",
+ "lastModified": 1685970051,
+ "narHash": "sha256-F5ZxBD2DeNd+Q0dDKYBhv76kfjVG/X0ccXjSKpa8KdI=",
"owner": "nix-community",
"repo": "disko",
- "rev": "4015740375676402a2ee6adebc3c30ea625b9a94",
+ "rev": "29d632d7e8fa86f937153ecdfd7d768411001d2d",
"type": "github"
},
"original": {
@@ -140,22 +88,6 @@
}
},
"flake-compat": {
- "flake": false,
- "locked": {
- "lastModified": 1673956053,
- "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
- "owner": "edolstra",
- "repo": "flake-compat",
- "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
- "type": "github"
- },
- "original": {
- "owner": "edolstra",
- "repo": "flake-compat",
- "type": "github"
- }
- },
- "flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1650374568,
@@ -178,32 +110,11 @@
]
},
"locked": {
- "lastModified": 1690933134,
- "narHash": "sha256-ab989mN63fQZBFrkk4Q8bYxQCktuHmBIBqUG1jl6/FQ=",
+ "lastModified": 1685662779,
+ "narHash": "sha256-cKDDciXGpMEjP1n6HlzKinN0H+oLmNpgeCTzYnsA2po=",
"owner": "hercules-ci",
"repo": "flake-parts",
- "rev": "59cf3f1447cfc75087e7273b04b31e689a8599fb",
- "type": "github"
- },
- "original": {
- "owner": "hercules-ci",
- "repo": "flake-parts",
- "type": "github"
- }
- },
- "flake-parts_2": {
- "inputs": {
- "nixpkgs-lib": [
- "nixos-hypervisor",
- "nixpkgs"
- ]
- },
- "locked": {
- "lastModified": 1687762428,
- "narHash": "sha256-DIf7mi45PKo+s8dOYF+UlXHzE0Wl/+k3tXUyAoAnoGE=",
- "owner": "hercules-ci",
- "repo": "flake-parts",
- "rev": "37dd7bb15791c86d55c5121740a1887ab55ee836",
+ "rev": "71fb97f0d875fd4de4994dfb849f2c75e17eb6c3",
"type": "github"
},
"original": {
@@ -215,11 +126,11 @@
"flake-registry": {
"flake": false,
"locked": {
- "lastModified": 1689333397,
- "narHash": "sha256-g1Nn0sgH/hR/gEAQ1q6bloU+Q+V+Y4HlBBH6CBxC0HM=",
+ "lastModified": 1682423975,
+ "narHash": "sha256-zvOBrH3hwCedgpaWiOSHYSt+fgF/RhaJs8R5qOX6AYc=",
"owner": "NixOS",
"repo": "flake-registry",
- "rev": "5d8dc3eb692809ffd9a2f22cdb8015aa11972905",
+ "rev": "8054bfa00d60437297d670ab3296a117e7059a10",
"type": "github"
},
"original": {
@@ -229,21 +140,6 @@
}
},
"flake-utils": {
- "locked": {
- "lastModified": 1667395993,
- "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
- "owner": "numtide",
- "repo": "flake-utils",
- "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
- "type": "github"
- },
- "original": {
- "owner": "numtide",
- "repo": "flake-utils",
- "type": "github"
- }
- },
- "flake-utils_2": {
"locked": {
"lastModified": 1659877975,
"narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
@@ -286,27 +182,27 @@
]
},
"locked": {
- "lastModified": 1687871164,
- "narHash": "sha256-bBFlPthuYX322xOlpJvkjUBz0C+MOBjZdDOOJJ+G2jU=",
+ "lastModified": 1667907331,
+ "narHash": "sha256-bHkAwkYlBjkupPUFcQjimNS8gxWSWjOTevEuwdnp5m0=",
"owner": "rycee",
"repo": "home-manager",
- "rev": "07c347bb50994691d7b0095f45ebd8838cf6bc38",
+ "rev": "6639e3a837fc5deb6f99554072789724997bc8e5",
"type": "github"
},
"original": {
"owner": "rycee",
- "ref": "release-23.05",
+ "ref": "release-22.05",
"repo": "home-manager",
"type": "github"
}
},
"nixos-hardware": {
"locked": {
- "lastModified": 1690957133,
- "narHash": "sha256-0Y4CiOIszhHDDXHFmvHUpmhUotKOIn0m3jpMlm6zUTE=",
+ "lastModified": 1684899633,
+ "narHash": "sha256-NtwerXX8UFsoNy6k+DukJMriWtEjQtMU/Urbff2O2Dg=",
"owner": "NixOS",
"repo": "nixos-hardware",
- "rev": "24f9162b26f0debd163f6d94752aa2acb9db395a",
+ "rev": "4cc688ee711159b9bcb5a367be44007934e1a49d",
"type": "github"
},
"original": {
@@ -315,84 +211,13 @@
"type": "github"
}
},
- "nixos-hypervisor": {
- "inputs": {
- "flake-parts": "flake-parts_2",
- "nixpkgs": [
- "nixpkgs"
- ],
- "treefmt-nix": "treefmt-nix"
- },
- "locked": {
- "lastModified": 1688428885,
- "narHash": "sha256-fVIbXKvHmxSUAKTMiXx799UasQwU2XT+op7bzvtfl8c=",
- "ref": "main",
- "rev": "9f32a304708fd9c91c081db05eee1b4f2e0226cc",
- "revCount": 2,
- "type": "git",
- "url": "ssh://gitea@git.newtype.fr/newtype/nixos-hypervisor"
- },
- "original": {
- "ref": "main",
- "type": "git",
- "url": "ssh://gitea@git.newtype.fr/newtype/nixos-hypervisor"
- }
- },
"nixpkgs": {
"locked": {
- "lastModified": 1686519857,
- "narHash": "sha256-VkBhuq67aXXiCoEmicziuDLUPPjeOTLQoj6OeVai5zM=",
+ "lastModified": 1685952468,
+ "narHash": "sha256-YCOr9kttCqoa9IZMjHxX6SlwenTg7FsSmG9TaT76mSE=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "6b1b72c0f887a478a5aac355674ff6df0fc44f44",
- "type": "github"
- },
- "original": {
- "owner": "NixOS",
- "ref": "nixpkgs-unstable",
- "repo": "nixpkgs",
- "type": "github"
- }
- },
- "nixpkgs-stable": {
- "locked": {
- "lastModified": 1685004253,
- "narHash": "sha256-AbVL1nN/TDicUQ5wXZ8xdLERxz/eJr7+o8lqkIOVuaE=",
- "owner": "NixOS",
- "repo": "nixpkgs",
- "rev": "3e01645c40b92d29f3ae76344a6d654986a91a91",
- "type": "github"
- },
- "original": {
- "owner": "NixOS",
- "ref": "nixos-23.05",
- "repo": "nixpkgs",
- "type": "github"
- }
- },
- "nixpkgs-unstable": {
- "locked": {
- "lastModified": 1691003216,
- "narHash": "sha256-Qq/MPkhS12Bl0X060pPvX3v9ac3f2rRQfHjjozPh/Qs=",
- "owner": "NixOS",
- "repo": "nixpkgs",
- "rev": "4a56ce9727a0c5478a836a0d8a8f641c5b9a3d5f",
- "type": "github"
- },
- "original": {
- "owner": "NixOS",
- "ref": "nixpkgs-unstable",
- "repo": "nixpkgs",
- "type": "github"
- }
- },
- "nixpkgs_2": {
- "locked": {
- "lastModified": 1691083802,
- "narHash": "sha256-bjWTVGskCWR2BdB0Glnj2FyHooNiFThkFBF4oaAMe2s=",
- "owner": "NixOS",
- "repo": "nixpkgs",
- "rev": "096c262bbb73d84b8298d81c7daa9890c6ccd6da",
+ "rev": "70f7275b32f49bc67ae3532b758b80cb6c27f98a",
"type": "github"
},
"original": {
@@ -402,13 +227,29 @@
"type": "github"
}
},
+ "nixpkgs-unstable": {
+ "locked": {
+ "lastModified": 1685938391,
+ "narHash": "sha256-96Jw6TbWDLSopt5jqCW8w1Fc1cjQyZlhfBnJ3OZGpME=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "31cd1b4afbaf0b1e81272ee9c31d1ab606503aed",
+ "type": "github"
+ },
+ "original": {
+ "owner": "NixOS",
+ "ref": "nixpkgs-unstable",
+ "repo": "nixpkgs",
+ "type": "github"
+ }
+ },
"nur": {
"locked": {
- "lastModified": 1691109630,
- "narHash": "sha256-NkltnE+ZMABNP7pJVj7ftu/58aTGa5PXxICLr8fjkI4=",
+ "lastModified": 1685980073,
+ "narHash": "sha256-7BkreZ2cH488dR1XPcdlALj+2g+NvrZdG9ZhwRt0YFI=",
"owner": "nix-community",
"repo": "NUR",
- "rev": "dcd922e7738fc027c73cd2cc110015d38fba9651",
+ "rev": "de817406e39c1f9be28fde1d62c1f1f0c91acb09",
"type": "github"
},
"original": {
@@ -420,47 +261,18 @@
"root": {
"inputs": {
"agenix": "agenix",
- "attic": "attic",
"colmena": "colmena",
"disko": "disko",
"flake-parts": "flake-parts",
"flake-registry": "flake-registry",
"home-manager": "home-manager_2",
"nixos-hardware": "nixos-hardware",
- "nixos-hypervisor": "nixos-hypervisor",
- "nixpkgs": "nixpkgs_2",
+ "nixpkgs": "nixpkgs",
"nixpkgs-unstable": "nixpkgs-unstable",
"nur": "nur",
"srvos": "srvos"
}
},
- "rust-overlay": {
- "inputs": {
- "flake-utils": [
- "attic",
- "crane",
- "flake-utils"
- ],
- "nixpkgs": [
- "attic",
- "crane",
- "nixpkgs"
- ]
- },
- "locked": {
- "lastModified": 1675391458,
- "narHash": "sha256-ukDKZw922BnK5ohL9LhwtaDAdCsJL7L6ScNEyF1lO9w=",
- "owner": "oxalica",
- "repo": "rust-overlay",
- "rev": "383a4acfd11d778d5c2efcf28376cbd845eeaedf",
- "type": "github"
- },
- "original": {
- "owner": "oxalica",
- "repo": "rust-overlay",
- "type": "github"
- }
- },
"srvos": {
"inputs": {
"nixpkgs": [
@@ -468,11 +280,11 @@
]
},
"locked": {
- "lastModified": 1690557184,
- "narHash": "sha256-KMGPz3pP7OoUZaUhgcuYG84CtVaJOQw6RK8J0fAtKt0=",
+ "lastModified": 1685966850,
+ "narHash": "sha256-HaWNbihBIBATmSbuXLzA92C4858tNdS9Q5kRHJNagVo=",
"owner": "numtide",
"repo": "srvos",
- "rev": "ceed433086a85e5540bd73cff46497af5a09e36f",
+ "rev": "4f22e6fcaf17c6313c2ecdc996760c3e4b14a623",
"type": "github"
},
"original": {
@@ -496,27 +308,6 @@
"repo": "nixpkgs",
"type": "github"
}
- },
- "treefmt-nix": {
- "inputs": {
- "nixpkgs": [
- "nixos-hypervisor",
- "nixpkgs"
- ]
- },
- "locked": {
- "lastModified": 1688026376,
- "narHash": "sha256-qJmkr9BWDpqblk4E9/rCsAEl39y2n4Ycw6KRopvpUcY=",
- "owner": "numtide",
- "repo": "treefmt-nix",
- "rev": "df3f32b0cc253dfc7009b7317e8f0e7ccd70b1cf",
- "type": "github"
- },
- "original": {
- "owner": "numtide",
- "repo": "treefmt-nix",
- "type": "github"
- }
}
},
"root": "root",
diff --git a/flake.nix b/flake.nix
index d4b5920..13302ee 100644
--- a/flake.nix
+++ b/flake.nix
@@ -1,6 +1,13 @@
{
description = "NixOS configuration with flakes";
+ nixConfig.extra-substituters = [
+ "https://newtype.cachix.org"
+ ];
+ nixConfig.extra-trusted-public-keys = [
+ "newtype.cachix.org-1:Gd5G2EVFNJslfR3PxA2+JY7mHT6MwVJ6biv5Cg47SD0="
+ ];
+
# To update all inputs:
# $ nix flake update --recreate-lock-file
inputs = {
@@ -16,7 +23,7 @@
nixos-hardware.url = "github:NixOS/nixos-hardware";
nur.url = "github:nix-community/NUR";
- home-manager.url = "github:rycee/home-manager/release-23.05";
+ home-manager.url = "github:rycee/home-manager/release-22.05";
home-manager.inputs.nixpkgs.follows = "nixpkgs";
agenix.url = "github:ryantm/agenix";
@@ -25,17 +32,10 @@
colmena.url = "github:zhaofengli/colmena";
colmena.inputs.nixpkgs.follows = "nixpkgs";
- attic.url = "github:zhaofengli/attic";
-
srvos.url = "github:numtide/srvos";
# actually not used when using the modules but than nothing ever will try to fetch this nixpkgs variant
srvos.inputs.nixpkgs.follows = "nixpkgs";
- # Ryan's experimental hypervisor based on cloud-hypervisor
- # Private repository, you need a valid SSH key to access it
- nixos-hypervisor.url = "git+ssh://gitea@git.newtype.fr/newtype/nixos-hypervisor?ref=main";
- nixos-hypervisor.inputs.nixpkgs.follows = "nixpkgs";
-
flake-registry.url = "github:NixOS/flake-registry";
flake-registry.flake = false;
};
@@ -83,19 +83,19 @@
] ++ pkgs.lib.optional (pkgs.stdenv.isLinux) pkgs.mkpasswd;
};
packages = {
- # netboot = pkgs.callPackage ./modules/netboot/netboot.nix {
- # # this nixosSystem is built for x86_64 machines regardless of the host machine
- # pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux;
- # inherit (inputs.nixpkgs.lib) nixosSystem;
- # extraModules = [
- # self.inputs.nur.nixosModules.nur
- # { _module.args.inputs = self.inputs; }
- # ];
- # };
+ # netboot = pkgs.callPackage ./modules/netboot/netboot.nix {
+ # # this nixosSystem is built for x86_64 machines regardless of the host machine
+ # pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux;
+ # inherit (inputs.nixpkgs.lib) nixosSystem;
+ # extraModules = [
+ # self.inputs.nur.nixosModules.nur
+ # { _module.args.inputs = self.inputs; }
+ # ];
+ # };
- # netboot-pixie-core = pkgs.callPackage ./modules/netboot/netboot-pixie-core.nix {
- # inherit (self'.packages) netboot;
- # };
+ # netboot-pixie-core = pkgs.callPackage ./modules/netboot/netboot-pixie-core.nix {
+ # inherit (self'.packages) netboot;
+ # };
};
};
flake = {
diff --git a/hosts/epyc.nix b/hosts/epyc.nix
index 128c2e8..efbf696 100644
--- a/hosts/epyc.nix
+++ b/hosts/epyc.nix
@@ -1,53 +1,14 @@
-{ lib, ... }:
-let
- gcc-system-features = arch: lib.optionals (arch != null) ([ "gccarch-${arch}" ]
- ++ map (x: "gccarch-${x}") lib.systems.architectures.inferiors.${arch});
-in
{
imports = [
../modules/ipmi-supermicro.nix
../modules/hardware/supermicro-H12SSL-i.nix
../modules/iperf-server.nix
- ../modules/hypervisor.nix
- ../modules/hydra/coordinator.nix
- ../modules/android-cache.nix
- ../modules/garage.nix
- ../modules/users/friends.nix
];
networking.hostName = "epyc";
-
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
- # Open public access to our PostgreSQL.
- services.postgresql.enableTCPIP = true;
- services.postgresql.authentication = ''
- host hydra-nixos-org hydra_ro ::/0 trust
- '';
- networking.firewall.allowedTCPPorts = [ 5432 ];
-
- virtualisation.nvisor.vms = {
- vm01 = {
- config = { pkgs, ... }: {
- environment.systemPackages = [ pkgs.hello ];
- };
- };
- };
-
- nix.buildMachines = [
- { hostName = "localhost";
- systems = [
- "x86_64-linux"
- "riscv64-linux"
- ];
- supportedFeatures = [ "kvm" "nixos-test" "big-parallel" "benchmark" ] ++ gcc-system-features "znver3";
- maxJobs = 2;
- }
- ];
-
- boot.binfmt.emulatedSystems = [ "riscv64-linux" "aarch64-linux" "riscv64-linux" ];
-
simd.arch = "znver3";
system.stateVersion = "23.05";
}
diff --git a/hosts/vieuxtype.nix b/hosts/vieuxtype.nix
new file mode 100644
index 0000000..41bd6e5
--- /dev/null
+++ b/hosts/vieuxtype.nix
@@ -0,0 +1,28 @@
+{
+ imports = [
+ ../modules/hardware/vm.nix
+ ../modules/gitea.nix
+ ../modules/tailscale.nix
+ ../modules/users/yvan.nix
+ ];
+
+ fileSystems."/" = {
+ device = "/dev/disk/by-uuid/fe1d2e0d-9210-4a2d-b584-d1e131747ea3";
+ fsType = "ext4";
+ };
+
+ fileSystems."/boot" = {
+ device = "/dev/disk/by-uuid/8782-7801";
+ fsType = "vfat";
+ };
+
+ swapDevices =
+ [{ device = "/dev/disk/by-uuid/c9511ddb-e41f-436c-ad1f-9b587ed0ba11"; }];
+
+ networking.hostName = "vieuxtype";
+ boot.loader.systemd-boot.enable = true;
+ boot.loader.efi.canTouchEfiVariables = true;
+
+ # simd.arch = "znver3";
+ system.stateVersion = "23.05";
+}
diff --git a/modules/android-cache.nix b/modules/android-cache.nix
deleted file mode 100644
index 96a2968..0000000
--- a/modules/android-cache.nix
+++ /dev/null
@@ -1,14 +0,0 @@
-{ lib, ... }:
-let
- mirrors = {
- "https://android.googlesource.com" = "/var/lib/src/aosp/mirror";
- "https://github.com/LineageOS" = "/var/lib/src/lineageos/LineageOS";
- "https://github.com/TheMuppets" = "/var/lib/src/themuppets/TheMuppets";
- };
-in
-{
- nix.envVars.ROBOTNIX_GIT_MIRRORS = lib.concatStringsSep "|" (lib.mapAttrsToList (local: remote: "${local}=${remote}") mirrors);
-
- # Also add local mirrors to nix sandbox exceptions
- nix.sandboxPaths = lib.attrValues mirrors;
-}
diff --git a/modules/buildbot/default.nix b/modules/buildbot/default.nix
deleted file mode 100644
index 99c7387..0000000
--- a/modules/buildbot/default.nix
+++ /dev/null
@@ -1,59 +0,0 @@
-{ lib, pkgs, config, inputs, ... }:
-with lib;
-let
- cfg = config.luj.buildbot;
- port = "1810";
- package = pkgs.buildbot-worker;
- python = package.pythonModule;
- home = "/var/lib/buildbot-worker";
- buildbotDir = "${home}/worker";
-in
-{
- #buildbot worker
-
- # nix.settings.allowed-users = [ "buildbot-worker" ];
- nix.settings.trusted-users = [ "buildbot-worker" ];
- users.users.buildbot-worker = {
- description = "Buildbot Worker User.";
- isSystemUser = true;
- createHome = true;
- home = "/var/lib/buildbot-worker";
- group = "buildbot-worker";
- useDefaultShell = true;
- };
- users.groups.buildbot-worker = { };
-
- systemd.services.buildbot-worker = {
- reloadIfChanged = true;
- description = "Buildbot Worker.";
- after = [ "network.target" "buildbot-master.service" ];
- wantedBy = [ "multi-user.target" ];
- path = [
- pkgs.nix-eval-jobs
- pkgs.git
- pkgs.gh
- pkgs.nix
- pkgs.nix-output-monitor
- inputs.attic.packages.x86_64-linux.attic
- ];
- environment.PYTHONPATH = "${python.withPackages (_: [package])}/${python.sitePackages}";
- environment.MASTER_URL = ''TCP:2a01\\:e34\\:ec2a\\:8e60\\:8ec7\\:b5d2\\:f663\\:a67a:9989'';
- environment.BUILDBOT_DIR = buildbotDir;
- environment.WORKER_PASSWORD_FILE = "/var/lib/buildbot-worker/password.txt";
-
- serviceConfig = {
- Type = "simple";
- User = "buildbot-worker";
- Group = "buildbot-worker";
- WorkingDirectory = home;
-
- # Restart buildbot with a delay. This time way we can use buildbot to deploy itself.
- ExecReload = "+${pkgs.systemd}/bin/systemd-run --on-active=60 ${pkgs.systemd}/bin/systemctl restart buildbot-worker";
- ExecStart = "${python.pkgs.twisted}/bin/twistd --nodaemon --pidfile= --logfile - --python ${./worker.py}";
- };
- };
-
-}
-
-
-
diff --git a/modules/buildbot/worker.py b/modules/buildbot/worker.py
deleted file mode 100644
index 198dfae..0000000
--- a/modules/buildbot/worker.py
+++ /dev/null
@@ -1,58 +0,0 @@
-#!/usr/bin/env python3
-
-import multiprocessing
-import os
-import socket
-from io import open
-
-from buildbot_worker.bot import Worker
-from twisted.application import service
-
-
-def require_env(key: str) -> str:
- val = os.environ.get(key)
- assert val is not None, "val is not set"
- return val
-
-
-def setup_worker(application: service.Application, id: int) -> None:
- basedir = f"{require_env('BUILDBOT_DIR')}-{id}"
- os.makedirs(basedir, mode=0o700, exist_ok=True)
-
- master_url = require_env("MASTER_URL")
- hostname = socket.gethostname()
- workername = f"{hostname}-{id}"
-
- with open(
- require_env("WORKER_PASSWORD_FILE"), "r", encoding="utf-8"
- ) as passwd_file:
- passwd = passwd_file.read().strip("\r\n")
- keepalive = 600
- umask = None
- maxdelay = 300
- numcpus = None
- allow_shutdown = None
-
- s = Worker(
- "2a01:e34:ec2a:8e60:8ec7:b5d2:f663:a67a",
- 9989,
- workername,
- passwd,
- basedir,
- keepalive,
- umask=umask,
- maxdelay=maxdelay,
- numcpus=numcpus,
- allow_shutdown=allow_shutdown,
- )
- s.setServiceParent(application)
-
-
-# note: this line is matched against to check that this is a worker
-# directory; do not edit it.
-application = service.Application("buildbot-worker")
-
-for i in range(14):
- setup_worker(application, i)
-
-
diff --git a/modules/builder.nix b/modules/builder.nix
index 08340ea..5dc80c8 100644
--- a/modules/builder.nix
+++ b/modules/builder.nix
@@ -3,8 +3,8 @@
isNormalUser = true;
home = "/home/nix";
openssh.authorizedKeys.keys = [
+ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAZpEtSfB0GDwcELc5/AKNiBZJV9OVfQ0BMFzBlF+8Yd raito@everywhere"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA3hCOyFwuoCLt5W9e9yQSwj9I+VspB0kNNHsoFngbgZ raito@thors"
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF07Sy0O+oletFYlrfS0+XtBWJO2F+Rc9J/ocNLBa/OE raito@thorkell"
];
uid = 5001;
};
diff --git a/modules/garage.nix b/modules/garage.nix
deleted file mode 100644
index be45bfe..0000000
--- a/modules/garage.nix
+++ /dev/null
@@ -1,37 +0,0 @@
-{ pkgs, ... }: {
- services.garage = {
- enable = true;
- package = pkgs.garage_0_8;
- settings = {
- db_engine = "lmdb";
- block_size = (10 * 1024 * 1024); # 10MB
- replication_mode = "none";
- rpc_bind_addr = "[::1]:3901";
- rpc_public_addr = "[::1]:3901";
- rpc_secret = "f5b8ede0abe0a3d454d96e8b352e29a1d94522b64274d23b256d57482441ccc1";
-
- s3_api = {
- s3_region = "garage";
- api_bind_addr = "[::1]:3900";
- root_domain = ".s3.infra.newtype.fr";
- };
-
- s3_web = {
- bind_addr = "[::1]:3902";
- root_domain = ".web.infra.newtype.fr";
- index = "index.html";
- };
- };
- };
-
- services.nginx = {
- enable = true;
- virtualHosts."s3.infra.newtype.fr" = {
- forceSSL = true;
- enableACME = true;
- locations."/".proxyPass = "http://[::1]:3900/";
- };
- };
-
- networking.firewall.allowedTCPPorts = [ 80 443 ];
-}
diff --git a/modules/gitea.nix b/modules/gitea.nix
new file mode 100644
index 0000000..1fd9dc7
--- /dev/null
+++ b/modules/gitea.nix
@@ -0,0 +1,34 @@
+{ ... }: {
+ services.gitea = {
+ enable = true;
+ appName = "Newtype's Git";
+ mailerPasswordFile = "/var/lib/secrets/gitea/mailpw";
+ settings = {
+ server = {
+ ROOT_URL = "https://git.newtype.fr";
+ DOMAIN = "git.newtype.fr";
+ };
+ service.DISABLE_REGISTRATION = true;
+ session.COOKIE_SECURE = true;
+ mailer = {
+ ENABLED = true;
+ HOST = "mail.gandi.net:465";
+ USER = "git@newtype.fr";
+ FROM = "Newtype's Git ";
+ IS_TLS_ENABLED = true;
+ };
+ };
+ };
+
+ services.nginx = {
+ enable = true;
+ virtualHosts."git.newtype.fr" = {
+ enableACME = true;
+ forceSSL = true;
+ locations."/" = { proxyPass = "http://127.0.0.1:3000"; };
+ };
+ };
+
+ security.acme.certs = { "git.newtype.fr".email = "contact@newtype.fr"; };
+ security.acme.acceptTerms = true;
+}
diff --git a/modules/hardware/vm.nix b/modules/hardware/vm.nix
new file mode 100644
index 0000000..9d457ec
--- /dev/null
+++ b/modules/hardware/vm.nix
@@ -0,0 +1,14 @@
+{ lib, modulesPath, ... }: {
+ imports = [ "${modulesPath}/profiles/qemu-guest.nix" ];
+
+ boot.initrd.availableKernelModules =
+ [ "ata_piix" "uhci_hcd" "virtio_pci" "sd_mod" "sr_mod" ];
+ boot.initrd.kernelModules = [ ];
+ boot.kernelModules = [ ];
+ boot.extraModulePackages = [ ];
+
+ services.qemuGuest.enable = true;
+
+ # VMs are noisy for this type of thing usually.
+ nix.settings.max-jobs = lib.mkDefault 1;
+}
diff --git a/modules/hosts.nix b/modules/hosts.nix
index 9a5bc26..794b6d8 100644
--- a/modules/hosts.nix
+++ b/modules/hosts.nix
@@ -37,11 +37,14 @@ in
)
"Please add network configuration for ${config.networking.hostName}. None found in ${./hosts.nix}";
- # usually, for each host there is a hostname.dse.in.tum.de and hostname.r domain
+ # usually, for each host there is a hostname.infra.newtype.fr
networking.newtype.hosts = {
epyc = {
ipv6 = "2001:470:ca5e:dee:587c:7a50:f36c:cae8";
};
+ vieuxtype = {
+ ipv6 = "2a01:e0a:5f9:9681:a498:fffb:e48d:299";
+ };
};
};
}
diff --git a/modules/hydra/coordinator.nix b/modules/hydra/coordinator.nix
deleted file mode 100644
index 55dda02..0000000
--- a/modules/hydra/coordinator.nix
+++ /dev/null
@@ -1,81 +0,0 @@
-{ pkgs, ... }: {
- services.hydra = {
- enable = true;
- hydraURL = "https://hydra.newtype.fr";
- notificationSender = "hydra@localhost";
- buildMachinesFiles = [ "/etc/nix/machines" ];
- useSubstitutes = true;
- };
-
- environment.systemPackages = [ pkgs.nix-prefetch-git ];
- nix.trustedUsers = [ "hydra" "hydra-www" ];
-
- services.postgresql = {
- enableJIT = true;
- settings = {
- checkpoint_completion_target = "0.9";
- default_statistics_target = 100;
-
- max_connections = 500;
- work_mem = "20MB";
- maintenance_work_mem = "2GB";
-
- shared_buffers = "8GB";
-
- min_wal_size = "1GB";
- max_wal_size = "2GB";
- wal_buffers = "16MB";
-
- max_worker_processes = 16;
- max_parallel_workers_per_gather = 8;
- max_parallel_workers = 16;
-
- # NVMe related performance tuning
- effective_io_concurrency = 200;
- random_page_cost = "1.1";
-
- # We can risk losing some transactions.
- synchronous_commit = "off";
-
- effective_cache_size = "16GB";
-
- # autovacuum and autoanalyze much more frequently:
- # at these values vacuum should run approximately
- # every 2 mass rebuilds, or a couple times a day
- # on the builds table. Some of those queries really
- # benefit from frequent vacuums, so this should
- # help. In particular, I'm thinking the jobsets
- # pages.
- autovacuum_vacuum_scale_factor = 0.002;
- autovacuum_analyze_scale_factor = 0.001;
-
- shared_preload_libraries = "pg_stat_statements";
- compute_query_id = "on";
- };
- };
-
- security.acme = {
- acceptTerms = true;
- defaults.email = "ryan@lahfa.xyz";
- };
-
- services.nginx = {
- enable = true;
-
- recommendedZstdSettings = true;
- recommendedBrotliSettings = true;
- recommendedGzipSettings = true;
- recommendedOptimisation =true;
- recommendedTlsSettings = true;
- recommendedProxySettings = true;
- };
-
- services.nginx.virtualHosts."hydra.newtype.fr" = {
- forceSSL = true;
- enableACME = true;
- # TODO: remove compression for some locations
- locations."/".proxyPass = "http://localhost:3000";
- };
-
- networking.firewall.allowedTCPPorts = [ 80 443 ];
-}
diff --git a/modules/hypervisor.nix b/modules/hypervisor.nix
deleted file mode 100644
index 2b11b5c..0000000
--- a/modules/hypervisor.nix
+++ /dev/null
@@ -1,5 +0,0 @@
-{ ... }: {
- virtualisation.nvisor = {
- enable = true;
- };
-}
diff --git a/modules/nix-daemon.nix b/modules/nix-daemon.nix
index 760c768..b45d3a8 100644
--- a/modules/nix-daemon.nix
+++ b/modules/nix-daemon.nix
@@ -1,7 +1,6 @@
{ lib
, config
, pkgs
-, inputs
, ...
}:
@@ -30,17 +29,6 @@ in
{ domain = "*"; item = "nofile"; type = "-"; value = "20480"; }
];
- # Memory accounting techniques
- systemd.services.nix-daemon.serviceConfig = {
- MemoryAccounting = true;
- MemoryMax = "225G";
- MemoryHigh = "220G";
- MemorySwapMax = "2G";
- ManagedOOMSwap = "kill";
- ManagedOOMMemoryPressure = "kill";
- MemoryPressureWatch = "on";
- };
-
nix = {
# Garbage-collect often
gc.automatic = true;
@@ -50,21 +38,19 @@ in
# Randomize GC to avoid thundering herd effects.
gc.randomizedDelaySec = "1800";
- # Inchallah, it works.
- # package = lib.mkForce inputs.nixpkgs-unstable.legacyPackages.x86_64-linux.nixVersions.nix_2_17;
+ # 2.11, 2.12 suffers from a bug with remote builders…
+ package = pkgs.nixVersions.nix_2_13;
# should be enough?
- nrBuildUsers = 128;
+ nrBuildUsers = lib.mkDefault 32;
+
+ # https://github.com/NixOS/nix/issues/719
settings = {
keep-outputs = true;
keep-derivations = true;
- use-cgroups = true;
- http-connections = 0;
- auto-allocate-uids = true;
- cores = 64; # 128 is too much, it will explode the RAM for now. Let's keep it serious.
- max-jobs = 2; # Do not build more than 2 derivations at once in the event, both of them are too big, yes this is stupid, fix it in Nix.
- fsync-metadata = true;
+ # in zfs we trust
+ fsync-metadata = lib.boolToString (!config.boot.isContainer or config.fileSystems."/".fsType != "zfs");
substituters = [
"https://nix-community.cachix.org"
"https://tum-dse.cachix.org"
@@ -74,14 +60,6 @@ in
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"tum-dse.cachix.org-1:v67rK18oLwgO0Z4b69l30SrV1yRtqxKpiHodG4YxhNM="
];
- experimental-features = [
- "auto-allocate-uids"
- "ca-derivations"
- "cgroups"
- "discard-references"
- "fetch-closure"
- "impure-derivations"
- ];
};
};
diff --git a/modules/packages.nix b/modules/packages.nix
index 45482a8..1086d5f 100644
--- a/modules/packages.nix
+++ b/modules/packages.nix
@@ -1,12 +1,13 @@
-{ pkgs, inputs, ... }: {
+{ pkgs, ... }: {
+ # documentation.dev.enable = true;
+ # environment.extraOutputsToInstall = [ "info" "man" "devman" ];
+
# this extends the list from:
# https://github.com/numtide/srvos/blob/master/server.nix#L10
environment.systemPackages = with pkgs; [
socat
whois
- nix-output-monitor
- inputs.attic.packages.x86_64-linux.attic
jq
psmisc
libarchive
@@ -37,7 +38,22 @@
ipmitool
- nix-top
+ (neovim.override {
+ viAlias = true;
+ vimAlias = true;
+ configure = {
+ packages.myPlugins = with pkgs.vimPlugins; {
+ start = [ vim-lastplace vim-nix ];
+ opt = [ ];
+ };
+ };
+ })
+
# tries to default to soft-float due to out-dated cc-rs
] ++ lib.optional (!stdenv.hostPlatform.isRiscV) bandwhich;
+
+ programs.vim.defaultEditor = true;
+ environment.variables = { EDITOR = "nvim"; };
+ programs.mosh.enable = true;
+ programs.tmux.enable = true;
}
diff --git a/modules/ssh-cursed.nix b/modules/ssh-cursed.nix
deleted file mode 100644
index deb956d..0000000
--- a/modules/ssh-cursed.nix
+++ /dev/null
@@ -1,36 +0,0 @@
-{
- programs.ssh.extraConfig = ''
- Host telecom-bastion
- HostName ssh.enst.fr
- User jmalka
- IdentityFile /home/luj/.ssh/id_ed25519
-
- Host lame11
- Hostname lame11.enst.fr
- User nix-remote-builder
- ProxyJump telecom-bastion
- IdentityFile /home/luj/.ssh/id_ed25519
- Host lame10
- Hostname lame10.enst.fr
- User nix-remote-builder
- ProxyJump telecom-bastion
- IdentityFile /home/luj/.ssh/id_ed25519
- Host lame12
- Hostname lame12.enst.fr
- User nix-remote-builder
- ProxyJump telecom-bastion
- IdentityFile /home/luj/.ssh/id_ed25519
- Host lame16
- Hostname lame16.enst.fr
- User nix-remote-builder
- ProxyJump telecom-bastion
- IdentityFile /home/luj/.ssh/id_ed25519
- Host lame17
- Hostname lame17.enst.fr
- User nix-remote-builder
- ProxyJump telecom-bastion
- IdentityFile /home/luj/.ssh/id_ed25519
-
- '';
-
-}
diff --git a/modules/tailscale.nix b/modules/tailscale.nix
new file mode 100644
index 0000000..14ffc74
--- /dev/null
+++ b/modules/tailscale.nix
@@ -0,0 +1,5 @@
+{ config, ... }: {
+ services.tailscale.enable = true;
+ networking.firewall.checkReversePath = "loose";
+ networking.firewall.allowedUDPPorts = [ config.services.tailscale.port ];
+}
diff --git a/modules/users/admins.nix b/modules/users/admins.nix
index 877eb09..f7c44d1 100644
--- a/modules/users/admins.nix
+++ b/modules/users/admins.nix
@@ -13,7 +13,6 @@ in
isNormalUser = true;
home = "/home/raito";
inherit extraGroups;
- shell = "/run/current-system/sw/bin/zsh";
uid = 1000;
openssh.authorizedKeys.keyFiles = [ ./keys/raito.keys ];
};
@@ -22,9 +21,7 @@ in
luj = {
isNormalUser = true;
home = "/home/luj";
- inherit (config.users.users.raito);
- extraGroups = extraGroups ++ [ "production-hydra-db" ];
- shell = "/run/current-system/sw/bin/zsh";
+ inherit (config.users.users.raito) extraGroups;
uid = 1001;
openssh.authorizedKeys.keyFiles = [ ./keys/luj.keys ];
};
@@ -34,7 +31,6 @@ in
isNormalUser = true;
home = "/home/gdd";
inherit (config.users.users.raito) extraGroups;
- shell = "/run/current-system/sw/bin/zsh";
uid = 1002;
openssh.authorizedKeys.keyFiles = [ ./keys/gdd.keys ];
};
@@ -44,7 +40,6 @@ in
isNormalUser = true;
home = "/home/akechi";
inherit (config.users.users.raito) extraGroups;
- shell = "/run/current-system/sw/bin/zsh";
uid = 1003;
openssh.authorizedKeys.keyFiles = [ ./keys/akechi.keys ];
};
@@ -54,7 +49,6 @@ in
isNormalUser = true;
home = "/home/tomate";
inherit (config.users.users.raito) extraGroups;
- shell = "/run/current-system/sw/bin/zsh";
uid = 1004;
openssh.authorizedKeys.keyFiles = [ ./keys/tomate.keys ];
};
diff --git a/modules/users/friends.nix b/modules/users/friends.nix
deleted file mode 100644
index afb5437..0000000
--- a/modules/users/friends.nix
+++ /dev/null
@@ -1,28 +0,0 @@
-{ ... }:
-let
- trustedFriendGroups = [
- "production-hydra-db"
- ];
-in
-{
- users.users = {
- ninjatrappeur = {
- isNormalUser = true;
- home = "/home/ninjatrappeur";
- shell = "/run/current-system/sw/bin/zsh";
- uid = 2000;
- extraGroups = trustedFriendGroups;
- openssh.authorizedKeys.keyFiles = [ ./keys/ninjatrappeur.keys ];
- };
- linus = {
- isNormalUser = true;
- home = "/home/linus";
- shell = "/run/current-system/sw/bin/zsh";
- uid = 2001;
- # Raito: I allowed linus to be root to get some stuff done
- # on behalf of me.
- extraGroups = [ "wheel" ] ++ trustedFriendGroups;
- openssh.authorizedKeys.keyFiles = [ ./keys/linus.keys ];
- };
- };
-}
diff --git a/modules/users/keys/gdd.keys b/modules/users/keys/gdd.keys
index 324c5aa..f176c04 100644
--- a/modules/users/keys/gdd.keys
+++ b/modules/users/keys/gdd.keys
@@ -1,2 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICE7TN5NQKGojNGIeTFiHjLHTDQGT8i05JFqX/zLW2zc
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIqnCNhMl5KgERtpFAVUjd11JDsf0uQ/8NY5sj4tnjw5
diff --git a/modules/users/keys/linus.keys b/modules/users/keys/linus.keys
deleted file mode 100644
index 59249fb..0000000
--- a/modules/users/keys/linus.keys
+++ /dev/null
@@ -1,4 +0,0 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDf7hGFfUHhtgYY0G/Dh9isjIxkvUjlAKAMvLIZs5NLXwEfnxDTVZW/ijfF2qDozAmYQHZqbeyhJX7YlO6nYjWRBxqBeqAMHhtu3PkiysSCCUymhJ2uDHUAox+BT8IGE3sCKYIXRdmSFoibgQad9AHsQ6OLoIaNgMV7rspdBcO/CjyCkHN440XhQKz/Sq2SyygI9Qkuz0qDdQOgIraVi//EXDAvij0QXlkmh+3xBJwEqt8Pe1KP9itwvGyzGX/aAheCBSf7HPcLzJUgcWymW6FL4AE0KqNVb8Q8ahaEM5UgbXUCauDON8H4OR1Zngszw128wklwxOr7q5gB++Ks1OQlHMGgiVYZ2wC0DXlx68BKSMNnJRHWCI4r63a3bAWGCqKbcCHpimjPAHisPoaoHffVUaIpj65klj+GkoHAgo/pl0S6o4OqVpOau3Qkn95D1KDbUiE1l0HdgZaRmOKRvTKec1V3tfB2rA83Q1cZCWC5ZSwk3wihYPywMyIo6G8f2M2bFot7k/sS9ZMSle6oZDrc6A8qWnaxMZYbEXdFGy02550vdymshJ9RpSLfK1oBKoKk7yL2hk1UHm6obXYXn/F0KvDr7nAM6gOf9NnOrPHKt14WDb0GsZwNd34g1RCcBUcXewh4ZJOHerzsS2h3D30BNQUNCaF8ZQr6FYXp7v9gnQ==
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN3EmXYSXsimS+vlGYtfTkOGuwvkXU0uHd2yYKLOxD2F
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIJWYrcu8usyqdLv4XO4i5TPaQhB+lH3Xbu2uz64hQe3
-sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAICDgQA1A1uHJsqLsSLLkuWNlxXrpGRD6Qx11WBbfP+SmAAAAEXNzaDpsaW51c0BiZWl3ZXJr
diff --git a/modules/users/keys/luj.keys b/modules/users/keys/luj.keys
index 2536b0e..c9c3829 100644
--- a/modules/users/keys/luj.keys
+++ b/modules/users/keys/luj.keys
@@ -1,5 +1,4 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM9Uzb7szWlux7HuxLZej9cBR5MhLz/vaAPPfSoozt2k
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHoYi9YFzovZfwrY3BUA3QqcyBE8gfNTncbs3qqkLbyY
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDCKfPoMNrnyNWH6J1OvQ+n1rvSS9Sc2iZf6E1JQC+L4
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIESMWr29i3rhj32oLV3DKe57YI+jvNaKjZhhpq6dEjsn
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJOCKgHRHAJDSgKqYNfWboL04mnEOM0m0K3TGxBhBNDR
@@ -9,5 +8,4 @@ ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILxfFq8wx5Bet5Q0gI28/lc9ryYYFQelpZdPPdzxGBbA
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGa+7n7kNzb86pTqaMn554KiPrkHRGeTJ0asY1NjSbpr
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILKIDLmQQ+P+jE4zVRpdVp8fmYEe4nzPDqYZt6A4eyIi
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAkj2xsN7Qt/Ew2QO+HiF2yOjXPRucZ3SbIdPDLJoh22
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDMBW7rTtfZL9wtrpCVgariKdpN60/VeAzXkh9w3MwbO
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCUt5I3IgONzYsMOFnRXtvR/uLXlIs6oWsCmh6YGgnpGD4M9lFdoYAOeC1faQUnP66sNs6AoacrGlPZ1UkVUqYEoIr2hiNCDRzzLCQ2J/sSaw7Hv0PKT7MWMo8R076M3TrdunCchBJI1noez3waM9aL4b/iYVhxym28ET55QrWjyMQfZL9PXzOKZatNVcK8AmdtSbI+pFrm/tTZPa321drm9PHOo9CL+lG4YmVZcXa0bVfVtk1GXlWwNpCj2ExLmbF1rRpAa05khfnbg3sBSklwf5NRXj11KneodKRF81ji7MtBhIIfoEXSYht7yspdkkS9e9mv16VGV+2ziM8zG3MK/iUq7fg5ksN54D3DNrd9iI5WjQZsLUrK0ypxO2NtvupWGYt3rCyKA/QvynbxOWFp6cy3Evej142hsfbiOcPIgCtGdHIBevp+KmPxkHBqsJPBqb3Y7nOMT1/ggDMtvHZEZJjEI2D2RjZNEXGbq63OPAqEkgmecW0cXlrjLEGhF2E=
diff --git a/modules/users/keys/ninjatrappeur.keys b/modules/users/keys/ninjatrappeur.keys
deleted file mode 100644
index 2dd6171..0000000
--- a/modules/users/keys/ninjatrappeur.keys
+++ /dev/null
@@ -1,3 +0,0 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQClF9ko5u4zf0CEvleEeRbo9r6BMNgXEGO/rDNZOEHcKxVaeIi+/xF6ZQ5MZbcmH08lswq32hb1XwXg7Gk+ofUdEvCD/kC/vJijt7IFkardy6BNOSWQJLEf6/BpL3LzDQhi7iZXPF46VYoPVGHBh8fKQaAtOCrhbf/8JutfTwCglEztjoiQxY5b8OMfntjBSl6TJwZPJAoQllbJJz9q90sBetvqx6Y08eqIzsSZw6pznpvivRR+TSKU0EkVYS2y2zBAvPK6oyunj5zi01/FACT+Qn70dUkumZAvcPssbl0hCs/xDLgEL6hCEvoszodyMYVn7HS0KwfUlfiGdNUOFHIl
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHzd1XAB7Pc8Tplur5iV3llOXtvlHru8pLtQlbvHzmt1
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOE7oDtq+xt5RuvMigDZMeZQODFr5Otz6HCO8wnI80oo
diff --git a/modules/users/keys/tomate.keys b/modules/users/keys/tomate.keys
index 4dffc5d..c5428d0 100644
--- a/modules/users/keys/tomate.keys
+++ b/modules/users/keys/tomate.keys
@@ -1,2 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL+EZXYziiaynJX99EW8KesnmRTZMof3BoIs3mdEl8L3
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPM1jpXR7BWQa7Sed7ii3SbvIPRRlKb3G91qC0vOwfJn thubrecht@dell-xps
diff --git a/modules/users/yvan.nix b/modules/users/yvan.nix
new file mode 100644
index 0000000..e9f11a9
--- /dev/null
+++ b/modules/users/yvan.nix
@@ -0,0 +1,17 @@
+{ ... }: {
+ users.users.yvan = {
+ isNormalUser = true;
+ home = "/home/yvan";
+ description = "Yvan's account";
+ extraGroups = [ "wheel" "www-data" ];
+ openssh.authorizedKeys.keys = [
+ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCdMWQ1D9VJNrIzvgU8QMQwhy7Q/OFI9JNLpo/Kr0uXCeZBtSn9eMzZa88Q8gDaHnlc/BlTnlSomWP/S9u8+j21d+rXgDyPgJUqMjGBxFo4lZue3DlACXKQcwWXiNlGQKFPzSNBN62N3cRwm1R7Won9xVwedS4UnxsXbOGHkBnajQx40Ej3WRVBVbSjKKGaZKKCNO5hfistRP7RtqhwxYK7D/CyOfwnIUuBAnC3QYDYDph7SD2E5OX3rKwPDPnei0zaIMMXyFrMtv/czYOsisOud2H/VX0vipQh59qji/ZNSE31LemF4VcvC1307JX3uEwSfVWiBsWGPGfc/epQ4ixl yvan@X230" # Yvan's X230
+ ];
+ };
+
+ services.mastodon = {
+ enable = true;
+ smtp = { host = "mail.gandi.net"; fromAddress = "yvan@sraka.xyz"; };
+ localDomain = "sraka.xyz";
+ };
+}
diff --git a/modules/zsh.nix b/modules/zsh.nix
index 8a7fae2..df628fb 100644
--- a/modules/zsh.nix
+++ b/modules/zsh.nix
@@ -4,7 +4,8 @@
programs.zsh.enableGlobalCompInit = false;
programs.zsh.interactiveShellInit = ''
source ${pkgs.zsh-nix-shell}/share/zsh-nix-shell/nix-shell.plugin.zsh
- '';
+ '';
+
programs.zsh = {
autosuggestions.enable = true;
promptInit = ''