From 1640f74ea96ff85936fb6f59fae13ed4a0e31857 Mon Sep 17 00:00:00 2001 From: Raito Bezarius Date: Fri, 22 Sep 2023 16:23:14 +0200 Subject: [PATCH 01/39] epyc: change IPv6 We remove the old legacy tunnel from HE. --- modules/hosts.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/hosts.nix b/modules/hosts.nix index 9a5bc26..e979692 100644 --- a/modules/hosts.nix +++ b/modules/hosts.nix @@ -40,7 +40,7 @@ in # usually, for each host there is a hostname.dse.in.tum.de and hostname.r domain networking.newtype.hosts = { epyc = { - ipv6 = "2001:470:ca5e:dee:587c:7a50:f36c:cae8"; + ipv6 = "2001:bc8:38ee:100::500"; }; }; }; From 0d508468e6f057f7b69c1448ae275f6ff5faa76b Mon Sep 17 00:00:00 2001 From: Linus Heckemann Date: Mon, 18 Sep 2023 11:18:07 +0200 Subject: [PATCH 02/39] garage: add reverse proxy for S3 access from outside TODO: subdomains? --- modules/garage.nix | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/modules/garage.nix b/modules/garage.nix index 8859d9c..be45bfe 100644 --- a/modules/garage.nix +++ b/modules/garage.nix @@ -23,4 +23,15 @@ }; }; }; + + services.nginx = { + enable = true; + virtualHosts."s3.infra.newtype.fr" = { + forceSSL = true; + enableACME = true; + locations."/".proxyPass = "http://[::1]:3900/"; + }; + }; + + networking.firewall.allowedTCPPorts = [ 80 443 ]; } From 4e29b67e2980ce4336c85bb0f6530604479308c0 Mon Sep 17 00:00:00 2001 From: Raito Bezarius Date: Wed, 6 Dec 2023 10:45:04 +0100 Subject: [PATCH 03/39] raito: key update --- modules/users/keys/raito.keys | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/users/keys/raito.keys b/modules/users/keys/raito.keys index 7a717dd..cda49dd 100644 --- a/modules/users/keys/raito.keys +++ b/modules/users/keys/raito.keys @@ -1,3 +1,4 @@ ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDcEkYM1r8QVNM/G5CxJInEdoBCWjEHHDdHlzDYNSUIdHHsn04QY+XI67AdMCm8w30GZnLUIj5RiJEWXREUApby0GrfxGGcy8otforygfgtmuUKAUEHdU2MMwrQI7RtTZ8oQ0USRGuqvmegxz3l5caVU7qGvBllJ4NUHXrkZSja2/51vq80RF4MKkDGiz7xUTixI2UcBwQBCA/kQedKV9G28EH+1XfvePqmMivZjl+7VyHsgUVj9eRGA1XWFw59UPZG8a7VkxO/Eb3K9NF297HUAcFMcbY6cPFi9AaBgu3VC4eetDnoN/+xT1owiHi7BReQhGAy/6cdf7C/my5ehZwD ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE0xMwWedkKosax9+7D2OlnMxFL/eV4CvFZLsbLptpXr ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKiXXYkhRh+s7ixZ8rvG8ntIqd6FELQ9hh7HoaHQJRPU +ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJFsZ7PMDt80tYXHyScQajNhqH4wuYg/o0OxfOHaZD4rXuT0VIKflKH1M9LslfHWIEH3XNeqhQOziH9r+Ny5JcM= From aaef0b57ee3be80ea66b1f534e4aea3aa81998f3 Mon Sep 17 00:00:00 2001 From: Julien Malka Date: Fri, 29 Dec 2023 17:54:33 +0100 Subject: [PATCH 04/39] added niklas as friend --- modules/users/admins.nix | 2 +- modules/users/friends.nix | 9 +++++++++ modules/users/keys/niklas.keys | 1 + 3 files changed, 11 insertions(+), 1 deletion(-) create mode 100644 modules/users/keys/niklas.keys diff --git a/modules/users/admins.nix b/modules/users/admins.nix index 877eb09..8e5363a 100644 --- a/modules/users/admins.nix +++ b/modules/users/admins.nix @@ -66,6 +66,6 @@ in }; }; - nix.settings.trusted-users = [ "raito" "luj" "gdd" "akechi" "tomate" ]; + nix.settings.trusted-users = [ "raito" "luj" "gdd" "akechi" "tomate" "fuckuniklas" ]; }; } diff --git a/modules/users/friends.nix b/modules/users/friends.nix index afb5437..6923709 100644 --- a/modules/users/friends.nix +++ b/modules/users/friends.nix @@ -24,5 +24,14 @@ in extraGroups = [ "wheel" ] ++ trustedFriendGroups; openssh.authorizedKeys.keyFiles = [ ./keys/linus.keys ]; }; + fuckuniklas = { + isNormalUser = true; + home = "/home/fuckuniklas"; + shell = "/run/current-system/sw/bin/zsh"; + uid = 2002; + extraGroups = trustedFriendGroups; + openssh.authorizedKeys.keyFiles = [ ./keys/niklas.keys ]; + }; + }; } diff --git a/modules/users/keys/niklas.keys b/modules/users/keys/niklas.keys new file mode 100644 index 0000000..69b674c --- /dev/null +++ b/modules/users/keys/niklas.keys @@ -0,0 +1 @@ +sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAINHd1ay1FSTHZzE+3XCdUiS5efFmJ9GUvx4+7F5uXVtMAAAABHNzaDo= nikstur From 4b452f8818a9940b572a8d894b219644887414d7 Mon Sep 17 00:00:00 2001 From: Tom Hubrecht Date: Mon, 20 Nov 2023 10:16:44 +0100 Subject: [PATCH 05/39] fix(system.autoUpgrade): Use correct URI --- modules/auto-upgrade.nix | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/modules/auto-upgrade.nix b/modules/auto-upgrade.nix index ef3f0db..399b5e2 100644 --- a/modules/auto-upgrade.nix +++ b/modules/auto-upgrade.nix @@ -1,7 +1,9 @@ { pkgs, ... }: { - system.autoUpgrade.enable = true; - system.autoUpgrade.flake = "git:git.newtype.fr/newtype/newtype-org-configurations"; - system.autoUpgrade.flags = [ "--option" "accept-flake-config" "true" ]; + system.autoUpgrade = { + enable = true; + flake = "git+https://git.newtype.fr/newtype/newtype-org-configurations"; + flags = [ "--option" "accept-flake-config" "true" ]; + }; # add a random jitter so not all machines reboot at the same time. systemd.timers.auto-reboot.timerConfig.RandomizedDelaySec = 60 * 20; From b5f4697ad144008b600d8aea463bdeaf0b16af52 Mon Sep 17 00:00:00 2001 From: Julien Malka Date: Thu, 4 Jan 2024 23:34:49 +0100 Subject: [PATCH 06/39] rename niklas --- modules/users/admins.nix | 2 +- modules/users/friends.nix | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/users/admins.nix b/modules/users/admins.nix index 8e5363a..c30fe20 100644 --- a/modules/users/admins.nix +++ b/modules/users/admins.nix @@ -66,6 +66,6 @@ in }; }; - nix.settings.trusted-users = [ "raito" "luj" "gdd" "akechi" "tomate" "fuckuniklas" ]; + nix.settings.trusted-users = [ "raito" "luj" "gdd" "akechi" "tomate" "niklas" ]; }; } diff --git a/modules/users/friends.nix b/modules/users/friends.nix index 6923709..7914906 100644 --- a/modules/users/friends.nix +++ b/modules/users/friends.nix @@ -24,9 +24,9 @@ in extraGroups = [ "wheel" ] ++ trustedFriendGroups; openssh.authorizedKeys.keyFiles = [ ./keys/linus.keys ]; }; - fuckuniklas = { + niklas = { isNormalUser = true; - home = "/home/fuckuniklas"; + home = "/home/niklas"; shell = "/run/current-system/sw/bin/zsh"; uid = 2002; extraGroups = trustedFriendGroups; From ce2c4ef1802af1fba8e2b957cfe33225f6da1b7a Mon Sep 17 00:00:00 2001 From: Raito Bezarius Date: Fri, 5 Jan 2024 18:02:22 +0100 Subject: [PATCH 07/39] epyc: move to latest kernel for snappier performance --- hosts/epyc.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/hosts/epyc.nix b/hosts/epyc.nix index 128c2e8..1c79bf2 100644 --- a/hosts/epyc.nix +++ b/hosts/epyc.nix @@ -1,4 +1,4 @@ -{ lib, ... }: +{ lib, pkgs, ... }: let gcc-system-features = arch: lib.optionals (arch != null) ([ "gccarch-${arch}" ] ++ map (x: "gccarch-${x}") lib.systems.architectures.inferiors.${arch}); @@ -20,6 +20,9 @@ in boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; + # We want to use EEVDF and AMD-related niceties. + boot.kernelPackages = pkgs.linuxPackages_latest; + # Open public access to our PostgreSQL. services.postgresql.enableTCPIP = true; services.postgresql.authentication = '' From 89e64355ea33495d0392526301db805d11ab2dcf Mon Sep 17 00:00:00 2001 From: Raito Bezarius Date: Sat, 27 Jan 2024 19:12:59 +0100 Subject: [PATCH 08/39] epyc: disable hydra Signed-off-by: Raito Bezarius --- modules/hydra/coordinator.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/hydra/coordinator.nix b/modules/hydra/coordinator.nix index 55dda02..0f28dfd 100644 --- a/modules/hydra/coordinator.nix +++ b/modules/hydra/coordinator.nix @@ -1,6 +1,6 @@ { pkgs, ... }: { services.hydra = { - enable = true; + enable = false; hydraURL = "https://hydra.newtype.fr"; notificationSender = "hydra@localhost"; buildMachinesFiles = [ "/etc/nix/machines" ]; From 495790a1425dff7ecb9a386ceac59e03544d557f Mon Sep 17 00:00:00 2001 From: Raito Bezarius Date: Sat, 27 Jan 2024 19:13:04 +0100 Subject: [PATCH 09/39] android-cache: remove the aosp mirror for now Signed-off-by: Raito Bezarius --- modules/android-cache.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/android-cache.nix b/modules/android-cache.nix index 96a2968..64e161b 100644 --- a/modules/android-cache.nix +++ b/modules/android-cache.nix @@ -1,7 +1,7 @@ { lib, ... }: let mirrors = { - "https://android.googlesource.com" = "/var/lib/src/aosp/mirror"; + # "https://android.googlesource.com" = "/mnt/aospaosp/mirror"; "https://github.com/LineageOS" = "/var/lib/src/lineageos/LineageOS"; "https://github.com/TheMuppets" = "/var/lib/src/themuppets/TheMuppets"; }; From b5053ab520aa8550e5b169e620d111167a9cf64d Mon Sep 17 00:00:00 2001 From: Raito Bezarius Date: Sat, 27 Jan 2024 19:13:13 +0100 Subject: [PATCH 10/39] nix: clean up various things for upcoming GC Signed-off-by: Raito Bezarius --- modules/nix-daemon.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/nix-daemon.nix b/modules/nix-daemon.nix index 760c768..0cad83b 100644 --- a/modules/nix-daemon.nix +++ b/modules/nix-daemon.nix @@ -57,8 +57,8 @@ in nrBuildUsers = 128; settings = { - keep-outputs = true; - keep-derivations = true; + keep-outputs = false; + keep-derivations = false; use-cgroups = true; http-connections = 0; auto-allocate-uids = true; @@ -76,7 +76,7 @@ in ]; experimental-features = [ "auto-allocate-uids" - "ca-derivations" + # "ca-derivations" this feature is really extremely broken. "cgroups" "discard-references" "fetch-closure" From 3cc55253a4799233bcd495fdf9c677307275bb1c Mon Sep 17 00:00:00 2001 From: Raito Bezarius Date: Sat, 27 Jan 2024 19:18:05 +0100 Subject: [PATCH 11/39] flake: upgrade to 23.11 systems Signed-off-by: Raito Bezarius --- flake.lock | 16 ++++++++-------- flake.nix | 4 ++-- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/flake.lock b/flake.lock index 5f9ac55..12b99b1 100644 --- a/flake.lock +++ b/flake.lock @@ -286,16 +286,16 @@ ] }, "locked": { - "lastModified": 1687871164, - "narHash": "sha256-bBFlPthuYX322xOlpJvkjUBz0C+MOBjZdDOOJJ+G2jU=", + "lastModified": 1705659542, + "narHash": "sha256-WA3xVfAk1AYmFdwghT7mt/erYpsU6JPu9mdTEP/e9HQ=", "owner": "rycee", "repo": "home-manager", - "rev": "07c347bb50994691d7b0095f45ebd8838cf6bc38", + "rev": "10cd9c53115061aa6a0a90aad0b0dde6a999cdb9", "type": "github" }, "original": { "owner": "rycee", - "ref": "release-23.05", + "ref": "release-23.11", "repo": "home-manager", "type": "github" } @@ -388,16 +388,16 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1691083802, - "narHash": "sha256-bjWTVGskCWR2BdB0Glnj2FyHooNiFThkFBF4oaAMe2s=", + "lastModified": 1706373441, + "narHash": "sha256-S1hbgNbVYhuY2L05OANWqmRzj4cElcbLuIkXTb69xkk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "096c262bbb73d84b8298d81c7daa9890c6ccd6da", + "rev": "56911ef3403a9318b7621ce745f5452fb9ef6867", "type": "github" }, "original": { "owner": "NixOS", - "ref": "release-23.05", + "ref": "release-23.11", "repo": "nixpkgs", "type": "github" } diff --git a/flake.nix b/flake.nix index d4b5920..88aaf19 100644 --- a/flake.nix +++ b/flake.nix @@ -10,13 +10,13 @@ flake-parts.url = "github:hercules-ci/flake-parts"; flake-parts.inputs.nixpkgs-lib.follows = "nixpkgs"; - nixpkgs.url = "github:NixOS/nixpkgs/release-23.05"; + nixpkgs.url = "github:NixOS/nixpkgs/release-23.11"; nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; nixos-hardware.url = "github:NixOS/nixos-hardware"; nur.url = "github:nix-community/NUR"; - home-manager.url = "github:rycee/home-manager/release-23.05"; + home-manager.url = "github:rycee/home-manager/release-23.11"; home-manager.inputs.nixpkgs.follows = "nixpkgs"; agenix.url = "github:ryantm/agenix"; From 056f8be2a50e6b0b771d5117389f8139d0704f0a Mon Sep 17 00:00:00 2001 From: Raito Bezarius Date: Sat, 27 Jan 2024 19:15:22 +0100 Subject: [PATCH 12/39] epyc: disable ninjatrappeur's account Signed-off-by: Raito Bezarius --- modules/users/friends.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/users/friends.nix b/modules/users/friends.nix index 7914906..58620aa 100644 --- a/modules/users/friends.nix +++ b/modules/users/friends.nix @@ -6,12 +6,14 @@ let in { users.users = { + # Raito: unused since a while, it was made for working on the production database of Hydra. ninjatrappeur = { isNormalUser = true; home = "/home/ninjatrappeur"; shell = "/run/current-system/sw/bin/zsh"; uid = 2000; extraGroups = trustedFriendGroups; + expires = "2024-01-01"; openssh.authorizedKeys.keyFiles = [ ./keys/ninjatrappeur.keys ]; }; linus = { From ed5f2cb13fdb1f9c4ce3827e14ad0c1b2cdc55b2 Mon Sep 17 00:00:00 2001 From: Raito Bezarius Date: Sat, 27 Jan 2024 19:15:28 +0100 Subject: [PATCH 13/39] epyc: add flokli account for 3-ish days Signed-off-by: Raito Bezarius --- modules/users/friends.nix | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/modules/users/friends.nix b/modules/users/friends.nix index 58620aa..068f799 100644 --- a/modules/users/friends.nix +++ b/modules/users/friends.nix @@ -34,6 +34,17 @@ in extraGroups = trustedFriendGroups; openssh.authorizedKeys.keyFiles = [ ./keys/niklas.keys ]; }; - + # Raito: Temporary account for flokli, disable when he's done with it. + flokli = { + isNormalUser = true; + home = "/home/flokli"; + shell = "/run/current-system/sw/bin/zsh"; + uid = 2003; + expires = "2024-02-01"; + extraGroups = trustedFriendGroups; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPTVTXOutUZZjXLB0lUSgeKcSY/8mxKkC0ingGK1whD2 flokli" + ]; + }; }; } From f1692a7287867487b4b133bd936942a2e563596b Mon Sep 17 00:00:00 2001 From: raito Date: Mon, 12 Feb 2024 19:07:59 +0100 Subject: [PATCH 14/39] epyc: re-enable postgresql Signed-off-by: raito --- hosts/epyc.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/epyc.nix b/hosts/epyc.nix index 1c79bf2..8389142 100644 --- a/hosts/epyc.nix +++ b/hosts/epyc.nix @@ -24,6 +24,7 @@ in boot.kernelPackages = pkgs.linuxPackages_latest; # Open public access to our PostgreSQL. + services.postgresql.enable = true; services.postgresql.enableTCPIP = true; services.postgresql.authentication = '' host hydra-nixos-org hydra_ro ::/0 trust From c459d2a74422738dfdcc6a1cd88321a09fac1790 Mon Sep 17 00:00:00 2001 From: raito Date: Mon, 12 Feb 2024 19:08:12 +0100 Subject: [PATCH 15/39] epyc: disable buildbot not used Signed-off-by: raito --- configurations.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configurations.nix b/configurations.nix index f14c0a0..6645be4 100644 --- a/configurations.nix +++ b/configurations.nix @@ -36,7 +36,7 @@ let ./modules/network.nix ./modules/zsh.nix ./modules/ssh-cursed.nix - ./modules/buildbot + # FIXME: ./modules/buildbot — whenever you are ready. disko.nixosModules.disko From 84d0cd52c220683d5ac466a703f5ef312a5cb0a9 Mon Sep 17 00:00:00 2001 From: Raito Bezarius Date: Mon, 4 Mar 2024 00:59:08 +0100 Subject: [PATCH 16/39] epyc: bump things Signed-off-by: Raito Bezarius --- flake.lock | 168 +++++++++++++++++++++++------------------------------ 1 file changed, 74 insertions(+), 94 deletions(-) diff --git a/flake.lock b/flake.lock index 12b99b1..c5de10c 100644 --- a/flake.lock +++ b/flake.lock @@ -6,14 +6,15 @@ "home-manager": "home-manager", "nixpkgs": [ "nixpkgs" - ] + ], + "systems": "systems" }, "locked": { - "lastModified": 1690228878, - "narHash": "sha256-9Xe7JV0krp4RJC9W9W9WutZVlw6BlHTFMiUP/k48LQY=", + "lastModified": 1707830867, + "narHash": "sha256-PAdwm5QqdlwIqGrfzzvzZubM+FXtilekQ/FA0cI49/o=", "owner": "ryantm", "repo": "agenix", - "rev": "d8c973fd228949736dedf61b7f8cc1ece3236792", + "rev": "8cb01a0e717311680e0cbca06a76cbceba6f3ed6", "type": "github" }, "original": { @@ -31,11 +32,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1689457600, - "narHash": "sha256-1XLn2ZZMaqQx+Ys3eel5hQRkgUn3DeHcVb2JT8WYU0A=", + "lastModified": 1707922053, + "narHash": "sha256-wSZjK+rOXn+UQiP1NbdNn5/UW6UcBxjvlqr2wh++MbM=", "owner": "zhaofengli", "repo": "attic", - "rev": "4902d57f5dae8ec660ee9ee14c45c2192f9fe8b1", + "rev": "6eabc3f02fae3683bffab483e614bebfcd476b21", "type": "github" }, "original": { @@ -54,11 +55,11 @@ "stable": "stable" }, "locked": { - "lastModified": 1688224393, - "narHash": "sha256-rsAvFNhRFzTF7qyb6WprLFghJnRxMFjvD2e5/dqMp4I=", + "lastModified": 1706509311, + "narHash": "sha256-QQKQ6r3CID8aXn2ZXZ79ZJxdCOeVP+JTnOctDALErOw=", "owner": "zhaofengli", "repo": "colmena", - "rev": "19384f3ee2058c56021e4465a3ec57e84a47d8dd", + "rev": "c84ccd0a7a712475e861c2b111574472b1a8d0cd", "type": "github" }, "original": { @@ -69,26 +70,17 @@ }, "crane": { "inputs": { - "flake-compat": [ - "attic", - "flake-compat" - ], - "flake-utils": [ - "attic", - "flake-utils" - ], "nixpkgs": [ "attic", "nixpkgs" - ], - "rust-overlay": "rust-overlay" + ] }, "locked": { - "lastModified": 1677892403, - "narHash": "sha256-/Wi0L1spSWLFj+UQxN3j0mPYMoc7ZoAujpUF/juFVII=", + "lastModified": 1702918879, + "narHash": "sha256-tWJqzajIvYcaRWxn+cLUB9L9Pv4dQ3Bfit/YjU5ze3g=", "owner": "ipetkov", "repo": "crane", - "rev": "105e27adb70a9890986b6d543a67761cbc1964a2", + "rev": "7195c00c272fdd92fc74e7d5a0a2844b9fadb2fb", "type": "github" }, "original": { @@ -105,11 +97,11 @@ ] }, "locked": { - "lastModified": 1673295039, - "narHash": "sha256-AsdYgE8/GPwcelGgrntlijMg4t3hLFJFCRF3tL5WVjA=", + "lastModified": 1700795494, + "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "87b9d090ad39b25b2400029c64825fc2a8868943", + "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d", "type": "github" }, "original": { @@ -126,11 +118,11 @@ ] }, "locked": { - "lastModified": 1690739034, - "narHash": "sha256-roW02IaiQ3gnEEDMCDWL5YyN+C4nBf/te6vfL7rG0jk=", + "lastModified": 1709439398, + "narHash": "sha256-MW0zp3ta7SvdpjvhVCbtP20ewRwQZX2vRFn14gTc4Kg=", "owner": "nix-community", "repo": "disko", - "rev": "4015740375676402a2ee6adebc3c30ea625b9a94", + "rev": "1f76b318aa11170c8ca8c225a9b4c458a5fcbb57", "type": "github" }, "original": { @@ -178,11 +170,11 @@ ] }, "locked": { - "lastModified": 1690933134, - "narHash": "sha256-ab989mN63fQZBFrkk4Q8bYxQCktuHmBIBqUG1jl6/FQ=", + "lastModified": 1709336216, + "narHash": "sha256-Dt/wOWeW6Sqm11Yh+2+t0dfEWxoMxGBvv3JpIocFl9E=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "59cf3f1447cfc75087e7273b04b31e689a8599fb", + "rev": "f7b3c975cf067e56e7cda6cb098ebe3fb4d74ca2", "type": "github" }, "original": { @@ -215,11 +207,11 @@ "flake-registry": { "flake": false, "locked": { - "lastModified": 1689333397, - "narHash": "sha256-g1Nn0sgH/hR/gEAQ1q6bloU+Q+V+Y4HlBBH6CBxC0HM=", + "lastModified": 1705308826, + "narHash": "sha256-Z3xTYZ9EcRIqZAufZbci912MUKB0sD+qxi/KTGMFVwY=", "owner": "NixOS", "repo": "flake-registry", - "rev": "5d8dc3eb692809ffd9a2f22cdb8015aa11972905", + "rev": "9c69f7bd2363e71fe5cd7f608113290c7614dcdd", "type": "github" }, "original": { @@ -266,11 +258,11 @@ ] }, "locked": { - "lastModified": 1682203081, - "narHash": "sha256-kRL4ejWDhi0zph/FpebFYhzqlOBrk0Pl3dzGEKSAlEw=", + "lastModified": 1703113217, + "narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=", "owner": "nix-community", "repo": "home-manager", - "rev": "32d3e39c491e2f91152c84f8ad8b003420eab0a1", + "rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1", "type": "github" }, "original": { @@ -286,11 +278,11 @@ ] }, "locked": { - "lastModified": 1705659542, - "narHash": "sha256-WA3xVfAk1AYmFdwghT7mt/erYpsU6JPu9mdTEP/e9HQ=", + "lastModified": 1706981411, + "narHash": "sha256-cLbLPTL1CDmETVh4p0nQtvoF+FSEjsnJTFpTxhXywhQ=", "owner": "rycee", "repo": "home-manager", - "rev": "10cd9c53115061aa6a0a90aad0b0dde6a999cdb9", + "rev": "652fda4ca6dafeb090943422c34ae9145787af37", "type": "github" }, "original": { @@ -302,11 +294,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1690957133, - "narHash": "sha256-0Y4CiOIszhHDDXHFmvHUpmhUotKOIn0m3jpMlm6zUTE=", + "lastModified": 1709410583, + "narHash": "sha256-esOSUoQ7mblwcsSea0K17McZuwAIjoS6dq/4b83+lvw=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "24f9162b26f0debd163f6d94752aa2acb9db395a", + "rev": "59e37017b9ed31dee303dbbd4531c594df95cfbc", "type": "github" }, "original": { @@ -340,11 +332,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1686519857, - "narHash": "sha256-VkBhuq67aXXiCoEmicziuDLUPPjeOTLQoj6OeVai5zM=", + "lastModified": 1702539185, + "narHash": "sha256-KnIRG5NMdLIpEkZTnN5zovNYc0hhXjAgv6pfd5Z4c7U=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6b1b72c0f887a478a5aac355674ff6df0fc44f44", + "rev": "aa9d4729cbc99dabacb50e3994dcefb3ea0f7447", "type": "github" }, "original": { @@ -356,27 +348,27 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1685004253, - "narHash": "sha256-AbVL1nN/TDicUQ5wXZ8xdLERxz/eJr7+o8lqkIOVuaE=", + "lastModified": 1702780907, + "narHash": "sha256-blbrBBXjjZt6OKTcYX1jpe9SRof2P9ZYWPzq22tzXAA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3e01645c40b92d29f3ae76344a6d654986a91a91", + "rev": "1e2e384c5b7c50dbf8e9c441a9e58d85f408b01f", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-23.05", + "ref": "nixos-23.11", "repo": "nixpkgs", "type": "github" } }, "nixpkgs-unstable": { "locked": { - "lastModified": 1691003216, - "narHash": "sha256-Qq/MPkhS12Bl0X060pPvX3v9ac3f2rRQfHjjozPh/Qs=", + "lastModified": 1709356872, + "narHash": "sha256-mvxCirJbtkP0cZ6ABdwcgTk0u3bgLoIoEFIoYBvD6+4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "4a56ce9727a0c5478a836a0d8a8f641c5b9a3d5f", + "rev": "458b097d81f90275b3fdf03796f0563844926708", "type": "github" }, "original": { @@ -388,11 +380,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1706373441, - "narHash": "sha256-S1hbgNbVYhuY2L05OANWqmRzj4cElcbLuIkXTb69xkk=", + "lastModified": 1709428628, + "narHash": "sha256-//ZCCnpVai/ShtO2vPjh3AWgo8riXCaret6V9s7Hew4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "56911ef3403a9318b7621ce745f5452fb9ef6867", + "rev": "66d65cb00b82ffa04ee03347595aa20e41fe3555", "type": "github" }, "original": { @@ -404,11 +396,11 @@ }, "nur": { "locked": { - "lastModified": 1691109630, - "narHash": "sha256-NkltnE+ZMABNP7pJVj7ftu/58aTGa5PXxICLr8fjkI4=", + "lastModified": 1709439575, + "narHash": "sha256-49f8WbTUE4C8VrIxS2DrINOncakhFChcmZ6xccVSfkA=", "owner": "nix-community", "repo": "NUR", - "rev": "dcd922e7738fc027c73cd2cc110015d38fba9651", + "rev": "075c3094d6c6c3fae0e107de41e2367d17341ac4", "type": "github" }, "original": { @@ -434,33 +426,6 @@ "srvos": "srvos" } }, - "rust-overlay": { - "inputs": { - "flake-utils": [ - "attic", - "crane", - "flake-utils" - ], - "nixpkgs": [ - "attic", - "crane", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1675391458, - "narHash": "sha256-ukDKZw922BnK5ohL9LhwtaDAdCsJL7L6ScNEyF1lO9w=", - "owner": "oxalica", - "repo": "rust-overlay", - "rev": "383a4acfd11d778d5c2efcf28376cbd845eeaedf", - "type": "github" - }, - "original": { - "owner": "oxalica", - "repo": "rust-overlay", - "type": "github" - } - }, "srvos": { "inputs": { "nixpkgs": [ @@ -468,11 +433,11 @@ ] }, "locked": { - "lastModified": 1690557184, - "narHash": "sha256-KMGPz3pP7OoUZaUhgcuYG84CtVaJOQw6RK8J0fAtKt0=", + "lastModified": 1709301784, + "narHash": "sha256-Yf7HeS2VZCD8kD/wEgnToyt9YqQhCle/9TazmFYnjsE=", "owner": "numtide", "repo": "srvos", - "rev": "ceed433086a85e5540bd73cff46497af5a09e36f", + "rev": "9501896e0edf01d2cbd5fa6f0dbb3aafc00dae81", "type": "github" }, "original": { @@ -483,20 +448,35 @@ }, "stable": { "locked": { - "lastModified": 1669735802, - "narHash": "sha256-qtG/o/i5ZWZLmXw108N2aPiVsxOcidpHJYNkT45ry9Q=", + "lastModified": 1696039360, + "narHash": "sha256-g7nIUV4uq1TOVeVIDEZLb005suTWCUjSY0zYOlSBsyE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "731cc710aeebecbf45a258e977e8b68350549522", + "rev": "32dcb45f66c0487e92db8303a798ebc548cadedc", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-22.11", + "ref": "nixos-23.05", "repo": "nixpkgs", "type": "github" } }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "treefmt-nix": { "inputs": { "nixpkgs": [ From 6beda4c58f7206032de6c1e4ededaca0154be98d Mon Sep 17 00:00:00 2001 From: Raito Bezarius Date: Mon, 4 Mar 2024 00:59:16 +0100 Subject: [PATCH 17/39] epyc: move to Nix 2.18, remove discard references exp feature Signed-off-by: Raito Bezarius --- modules/nix-daemon.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nix-daemon.nix b/modules/nix-daemon.nix index 0cad83b..9ebbe82 100644 --- a/modules/nix-daemon.nix +++ b/modules/nix-daemon.nix @@ -51,6 +51,7 @@ in gc.randomizedDelaySec = "1800"; # Inchallah, it works. + package = pkgs.nixVersions.nix_2_18; # package = lib.mkForce inputs.nixpkgs-unstable.legacyPackages.x86_64-linux.nixVersions.nix_2_17; # should be enough? @@ -78,7 +79,6 @@ in "auto-allocate-uids" # "ca-derivations" this feature is really extremely broken. "cgroups" - "discard-references" "fetch-closure" "impure-derivations" ]; From 6c0d19e0052ef3d4698b68f146b4e794fe08d5a0 Mon Sep 17 00:00:00 2001 From: Raito Bezarius Date: Mon, 4 Mar 2024 00:59:21 +0100 Subject: [PATCH 18/39] epyc: disable all android cache for now Signed-off-by: Raito Bezarius --- modules/android-cache.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/android-cache.nix b/modules/android-cache.nix index 64e161b..1193f37 100644 --- a/modules/android-cache.nix +++ b/modules/android-cache.nix @@ -2,8 +2,8 @@ let mirrors = { # "https://android.googlesource.com" = "/mnt/aospaosp/mirror"; - "https://github.com/LineageOS" = "/var/lib/src/lineageos/LineageOS"; - "https://github.com/TheMuppets" = "/var/lib/src/themuppets/TheMuppets"; + # "https://github.com/LineageOS" = "/var/lib/src/lineageos/LineageOS"; + # "https://github.com/TheMuppets" = "/var/lib/src/themuppets/TheMuppets"; }; in { From 0c4334571c8f4cd35958caa3db8ab6e9d9b2b042 Mon Sep 17 00:00:00 2001 From: Raito Bezarius Date: Mon, 4 Mar 2024 00:59:45 +0100 Subject: [PATCH 19/39] builder: add top secret's project buildbot key The cgroup will be nerfed and noise should be low, ping me if something goes wrong. Signed-off-by: Raito Bezarius --- modules/builder.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/builder.nix b/modules/builder.nix index 08340ea..7c3ff3e 100644 --- a/modules/builder.nix +++ b/modules/builder.nix @@ -5,6 +5,7 @@ openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA3hCOyFwuoCLt5W9e9yQSwj9I+VspB0kNNHsoFngbgZ raito@thors" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF07Sy0O+oletFYlrfS0+XtBWJO2F+Rc9J/ocNLBa/OE raito@thorkell" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDu4cEqZzAI/1vZjSQkTJ4ijIg9nuloOuSKUrnkJIOFn buildbot@top-secret" # Top secret's project buildbot key ]; uid = 5001; }; From d3505a8b2dac7de78f7683a23ef3d0c34f60c70e Mon Sep 17 00:00:00 2001 From: Raito Bezarius Date: Mon, 4 Mar 2024 01:28:44 +0100 Subject: [PATCH 20/39] docs: update Signed-off-by: Raito Bezarius --- docs/epyc.lstopo.svg | 110 ++++++++++++++++++++++--------------------- docs/epyc.md | 94 ++++++++++++++++++------------------ 2 files changed, 106 insertions(+), 98 deletions(-) diff --git a/docs/epyc.lstopo.svg b/docs/epyc.lstopo.svg index 6c0d2ec..4b13ca6 100644 --- a/docs/epyc.lstopo.svg +++ b/docs/epyc.lstopo.svg @@ -1,7 +1,7 @@ - - - Machine (126GB total) + + + Machine (252GB total) Package L#0 @@ -153,18 +153,18 @@ PU L#127 P#127 - NUMANode L#0 P#0 (126GB) + NUMANode L#0 P#0 (252GB) 7.9 - 4.0 - - 0.2 - - 1.0 - + 3.9 + + 0.2 + + 1.0 + @@ -178,52 +178,56 @@ + 3.9 - - PCI 43:00.0 - - - - 0.2 - - - - - - - PCI 46:00.0 - - - - 1.0 - - 1.0 - - - PCI 48:00.0 - - Net eno1 - - PCI 48:00.1 - - Net eno2 + + PCI 42:00.0 + + Block nvme1n1 + 3726 GB + + + + 0.2 + + + + + + + PCI 45:00.0 + + + + 1.0 + + 1.0 + + + PCI 47:00.0 + + Net nat-lan + + PCI 47:00.1 + + Net wan MemoryModule MemoryModule - - MemoryModule - - MemoryModule - - MemoryModule - - MemoryModule - - MemoryModule - - MemoryModule - - Host: epyc - Date: Mon 05 Jun 2023 03:19:33 PM UTC + + MemoryModule + + MemoryModule + + MemoryModule + + MemoryModule + + MemoryModule + + MemoryModule + + Host: epyc + Date: Mon 04 Mar 2024 12:28:26 AM UTC diff --git a/docs/epyc.md b/docs/epyc.md index bd39c52..e26978d 100644 --- a/docs/epyc.md +++ b/docs/epyc.md @@ -1,20 +1,25 @@ # epyc ``` -System: Host: epyc Kernel: 6.1.31 x86_64 bits: 64 compiler: gcc v: 12.2.0 - parameters: initrd=\efi\nixos\11cjvasd1nh1dk783alsa14v4w00d467-initrd-linux-6.1.31-initrd.efi - init=/nix/store/9lnrp5ryf7gh3j94q8xn39zyl21kaw9f-nixos-system-epyc-23.05.419.3a70dd92993/init +System: Host: epyc Kernel: 6.7.7 x86_64 bits: 64 compiler: gcc v: 12.3.0 + parameters: initrd=\efi\nixos\48dkb2vcxwmxxfk7wpl0qx884ibz5gk5-initrd-linux-6.7.7-initrd.efi + init=/nix/store/vz6r23gya5q3b8lr1yiadkv6h5lcjmmz-nixos-system-epyc-23.11pre-git/init + console=tty0 console=ttyS0,115200 pci=realloc console=ttyS1,115200n8 console=tty1 loglevel=4 - Console: N/A Distro: NixOS 23.05 (Stoat) + Console: N/A Distro: NixOS 23.11 (Tapir) Machine: Type: Server System: Supermicro product: Super Server v: 0123456789 serial: 0123456789 Chassis: type: 17 v: 0123456789 serial: 0123456789 Mobo: Supermicro model: H12SSL-i v: 1.01 serial: WM21AS601818 UEFI: American Megatrends v: 2.4 date: 04/14/2022 -Memory: RAM: total: 125.64 GiB used: 2.32 GiB (1.8%) +Memory: RAM: total: 251.54 GiB used: 4.56 GiB (1.8%) Array-1: capacity: 4 TiB note: check slots: 8 EC: Multi-bit ECC max-module-size: 512 GiB note: est. - Device-1: DIMMA1 size: No Module Installed - Device-2: DIMMB1 size: No Module Installed + Device-1: DIMMA1 size: 64 GiB speed: 3200 MT/s type: DDR4 + detail: synchronous registered (buffered) bus-width: 64 bits total: 72 bits + manufacturer: Samsung part-no: M393A8G40AB2-CWE serial: H0S100013847D8748B + Device-2: DIMMB1 size: 64 GiB speed: 3200 MT/s type: DDR4 + detail: synchronous registered (buffered) bus-width: 64 bits total: 72 bits + manufacturer: Samsung part-no: M393A8G40AB2-CWE serial: H0MK00013847D79D40 Device-3: DIMMC1 size: 64 GiB speed: 3200 MT/s type: DDR4 detail: synchronous registered (buffered) bus-width: 64 bits total: 72 bits manufacturer: Samsung part-no: M393A8G40AB2-CWE serial: Y10R120249249E38E1 @@ -27,7 +32,7 @@ Memory: RAM: total: 125.64 GiB used: 2.32 GiB (1.8%) Device-8: DIMMH1 size: No Module Installed PCI Slots: Slot: 1 type: x16 PCI Express 4 x16 CPU SLOT1 PCI-E 4.0 X16 status: Available length: Long - Slot: 2 type: x8 PCI Express 4 x8 CPU SLOT2 PCI-E 4.0 X8 status: In Use length: Long + Slot: 2 type: x8 PCI Express 4 x8 CPU SLOT2 PCI-E 4.0 X8 status: Available length: Long Slot: 3 type: x16 PCI Express 4 x16 CPU SLOT3 PCI-E 4.0 X16 status: Available length: Long Slot: 4 type: x8 PCI Express 4 x8 CPU SLOT4 PCI-E 4.0 X8 status: Available length: Long @@ -40,16 +45,16 @@ PCI Slots: Slot: 1 type: x16 PCI Express 4 x16 CPU SLOT1 PCI-E 4.0 X16 status: A Slot: N/A type: x4 M.2 Socket 3 PCI-E M.2-M1 status: Available length: Short Slot: N/A type: x4 M.2 Socket 3 PCI-E M.2-M2 status: Available length: Short CPU: Info: 64-Core model: AMD EPYC 7763 socket: SP3 bits: 64 type: MT MCP arch: Zen 3 - family: 19 (25) model-id: 1 stepping: 1 microcode: A0011CE cache: L1: 4 MiB L2: 32 MiB + family: 19 (25) model-id: 1 stepping: 1 microcode: A0011D3 cache: L1: 4 MiB L2: 32 MiB L3: 256 MiB - flags: avx avx2 lm nx pae sse sse2 sse3 sse4_1 sse4_2 sse4a ssse3 svm bogomips: 627203 + flags: avx avx2 lm nx pae sse sse2 sse3 sse4_1 sse4_2 sse4a ssse3 svm bogomips: 627200 Speed: 2450 MHz min/max: 1500/2450 MHz base/boost: 2450/3525 boost: enabled volts: 1.1 V ext-clock: 100 MHz Core speeds (MHz): 1: 2450 2: 2450 3: 2450 4: 2450 5: 2450 6: 2450 7: 2450 8: 2450 9: 2450 10: 2450 11: 2450 12: 2450 13: 2450 14: 2450 - 15: 2450 16: 2450 17: 2450 18: 2450 19: 2450 20: 2450 21: 1799 22: 2450 23: 2450 + 15: 2450 16: 2450 17: 2450 18: 2450 19: 2450 20: 2450 21: 2450 22: 2450 23: 2450 24: 2450 25: 2450 26: 2450 27: 2450 28: 2450 29: 2450 30: 2450 31: 2450 32: 2450 33: 2450 34: 2450 35: 2450 36: 2450 37: 2450 38: 2450 39: 2450 40: 2450 41: 2450 - 42: 2450 43: 2450 44: 3525 45: 2450 46: 2450 47: 2450 48: 2450 49: 2450 50: 2450 + 42: 2450 43: 2450 44: 2450 45: 3525 46: 2450 47: 2450 48: 2450 49: 2450 50: 2450 51: 2450 52: 2450 53: 2450 54: 2450 55: 2450 56: 2450 57: 2450 58: 2450 59: 2450 60: 2450 61: 2450 62: 2450 63: 2450 64: 2450 65: 2450 66: 2450 67: 2450 68: 2450 69: 2450 70: 2450 71: 2450 72: 2450 73: 2450 74: 2450 75: 2450 76: 2450 77: 2450 @@ -57,14 +62,16 @@ CPU: Info: 64-Core model: AMD EPYC 7763 socket: SP3 bits: 64 type: MT MCP 87: 2450 88: 2450 89: 2450 90: 2450 91: 2450 92: 2450 93: 2450 94: 2450 95: 2450 96: 2450 97: 2450 98: 2450 99: 2450 100: 2450 101: 2450 102: 2450 103: 2450 104: 2450 105: 2450 106: 2450 107: 2450 108: 2450 109: 2450 110: 2450 111: 2450 112: 2450 - 113: 2450 114: 2450 115: 2450 116: 2450 117: 2450 118: 1799 119: 2450 120: 2450 + 113: 2450 114: 2450 115: 2450 116: 2450 117: 2450 118: 2450 119: 2450 120: 2450 121: 2450 122: 2450 123: 2450 124: 2450 125: 2450 126: 2450 127: 2450 128: 2450 - Vulnerabilities: Type: itlb_multihit status: Not affected + Vulnerabilities: Type: gather_data_sampling status: Not affected + Type: itlb_multihit status: Not affected Type: l1tf status: Not affected Type: mds status: Not affected Type: meltdown status: Not affected Type: mmio_stale_data status: Not affected Type: retbleed status: Not affected + Type: spec_rstack_overflow mitigation: Safe RET Type: spec_store_bypass mitigation: Speculative Store Bypass disabled via prctl Type: spectre_v1 mitigation: usercopy/swapgs barriers and __user pointer sanitization Type: spectre_v2 mitigation: Retpolines, IBPB: conditional, IBRS_FW, STIBP: always-on, @@ -72,50 +79,47 @@ CPU: Info: 64-Core model: AMD EPYC 7763 socket: SP3 bits: 64 type: MT MCP Type: srbds status: Not affected Type: tsx_async_abort status: Not affected Graphics: Device-1: ASPEED Graphics Family vendor: Super Micro H12SSL-i driver: ast v: kernel - bus-ID: 46:00.0 chip-ID: 1a03:2000 class-ID: 0300 + bus-ID: 45:00.0 chip-ID: 1a03:2000 class-ID: 0300 Display: server: No display server data found. Headless machine? tty: N/A Message: Advanced graphics data unavailable in console for root. Audio: Message: No device data found. -Network: Device-1: Intel 82599ES 10-Gigabit SFI/SFP+ Network driver: N/A modules: ixgbe - port: 1000 bus-ID: 43:00.0 chip-ID: 8086:10fb class-ID: 0200 +Network: Device-1: Broadcom NetXtreme BCM5720 Gigabit Ethernet PCIe vendor: Super Micro H12SSL-i + driver: tg3 v: kernel port: N/A bus-ID: 47:00.0 chip-ID: 14e4:165f class-ID: 0200 + IF: nat-lan state: up speed: 1000 Mbps duplex: full mac: 3c:ec:ef:7e:bd:c8 + IP v4: 10.32.65.13/20 type: dynamic scope: global + IP v6: fe80::3eec:efff:fe7e:bdc8/64 virtual: proto kernel_ll scope: link Device-2: Broadcom NetXtreme BCM5720 Gigabit Ethernet PCIe vendor: Super Micro H12SSL-i - driver: tg3 v: kernel port: 2000 bus-ID: 48:00.0 chip-ID: 14e4:165f class-ID: 0200 - IF: eno1 state: up speed: 1000 Mbps duplex: full mac: 3c:ec:ef:7e:bd:c8 - IP v4: 10.32.65.13/20 type: dynamic noprefixroute scope: global broadcast: 10.32.79.255 - IP v6: fe80::3eec:efff:fe7e:bdc8/64 scope: link - Device-3: Broadcom NetXtreme BCM5720 Gigabit Ethernet PCIe vendor: Super Micro H12SSL-i - driver: tg3 v: kernel port: 2000 bus-ID: 48:00.1 chip-ID: 14e4:165f class-ID: 0200 - IF: eno2 state: up speed: 1000 Mbps duplex: full mac: 3c:ec:ef:7e:bd:c9 - IP v4: 169.254.249.6/16 type: noprefixroute scope: global broadcast: 169.254.255.255 - IP v6: 2001:470:ca5e:dee:587c:7a50:f36c:cae8/64 type: temporary dynamic scope: global - IP v6: 2001:470:ca5e:dee:3eec:efff:fe7e:bdc9/64 type: dynamic mngtmpaddr noprefixroute - scope: global - IP v6: fe80::3eec:efff:fe7e:bdc9/64 scope: link - IF-ID-1: enp74s0f3u1u2c2 state: unknown speed: -1 duplex: half mac: be:3a:f2:b6:05:9f - IP v4: 169.254.3.1/24 type: dynamic noprefixroute scope: global - broadcast: 169.254.3.255 - IP v6: fe80::bc3a:f2ff:feb6:59f/64 scope: link + driver: tg3 v: kernel port: N/A bus-ID: 47:00.1 chip-ID: 14e4:165f class-ID: 0200 + IF: wan state: up speed: 1000 Mbps duplex: full mac: 3c:ec:ef:7e:bd:c9 + IP v6: 2001:bc8:38ee:100::500/128 scope: global + IP v6: fe80::3eec:efff:fe7e:bdc9/64 virtual: proto kernel_ll scope: link + IF-ID-1: enp73s0f3u1u2c2 state: down mac: be:3a:f2:b6:05:9f WAN IP: 82.65.118.1 Bluetooth: Device-1: Insyde RNDIS/Ethernet Gadget type: USB driver: rndis_host v: kernel bus-ID: 7-1.2:4 chip-ID: 0b1f:03ee class-ID: 0a00 Report: This feature requires one of these tools: hciconfig/bt-adapter -Drives: Local Storage: total: 6.19 TiB used: 2.08 GiB (0.0%) - ID-1: /dev/nvme0n1 maj-min: 259:1 vendor: Samsung model: MZWLJ7T6HALA-00AU3 +Drives: Local Storage: total: 9.82 TiB used: 1.06 TiB (10.7%) + ID-1: /dev/nvme0n1 maj-min: 259:2 vendor: Samsung model: MZWLJ7T6HALA-00AU3 size: 6.19 TiB block-size: physical: 512 B logical: 512 B rotation: SSD - serial: S5RTNG0T110589 rev: EPK96R5Q temp: 44 Celsius C scheme: GPT - SMART: yes health: PASSED on: 24 hrs cycles: 44 read-units: 1,449,016 [741 GB] - written-units: 13,364,537 [6.84 TB] -Partition: ID-1: / raw-size: 6.18 TiB size: 6.18 TiB (100.00%) used: 2.04 GiB (0.0%) fs: btrfs + serial: S5RTNG0T110589 rev: EPK96R5Q temp: 40 Celsius C scheme: GPT + SMART: yes health: PASSED on: 273d 5h cycles: 113 read-units: 192,543,495 [98.5 TB] + written-units: 258,494,659 [132 TB] + ID-2: /dev/nvme1n1 maj-min: 259:0 vendor: Intel model: SSDPE2KX040T8 size: 3.64 TiB + block-size: physical: 512 B logical: 512 B speed: 31.6 Gb/s lanes: 4 rotation: SSD + serial: PHLJ940301WZ4P0DGN rev: VDV10131 temp: 33 Celsius C + SMART: yes health: PASSED on: 2y 188d 9h cycles: 36 read-units: 9,478,214,631 [4.85 PB] + written-units: 9,225,614,032 [4.72 PB] +Partition: ID-1: / raw-size: 6.18 TiB size: 6.18 TiB (100.00%) used: 1.06 TiB (17.1%) fs: btrfs block-size: 4096 B dev: /dev/dm-0 maj-min: 254:0 mapped: nixroot - ID-2: /boot raw-size: 1023 MiB size: 1021 MiB (99.80%) used: 37 MiB (3.6%) fs: vfat - block-size: 512 B dev: /dev/nvme0n1p1 maj-min: 259:2 + ID-2: /boot raw-size: 1023 MiB size: 1021 MiB (99.80%) used: 23.9 MiB (2.3%) fs: vfat + block-size: 512 B dev: /dev/nvme0n1p1 maj-min: 259:3 Swap: Kernel: swappiness: 60 (default) cache-pressure: 100 (default) ID-1: swap-1 type: partition size: 8 GiB used: 0 KiB (0.0%) priority: -2 - dev: /dev/nvme0n1p2 maj-min: 259:3 + dev: /dev/nvme0n1p2 maj-min: 259:4 Sensors: Message: No ipmi sensor data found. Message: No sensor data found. Is lm-sensors configured? -Info: Processes: 1010 Uptime: 20h 25m wakeups: 0 Init: systemd v: 253 - target: multi-user.target tool: systemctl Compilers: gcc: 12.2.0 Packages: - nix-default: 0 nix-sys: 268 lib: 47 nix-usr: 0 Client: Sudo v: 1.9.13p3 inxi: 3.3.04 +Info: Processes: 1226 Uptime: N/A wakeups: 0 Init: systemd v: 254 target: multi-user.target + tool: systemctl Compilers: gcc: 12.3.0 Packages: nix-default: 0 nix-sys: 415 lib: 65 + nix-usr: 0 Client: Sudo v: 1.9.15p2 inxi: 3.3.04 ``` ![hardware topology](epyc.lstopo.svg) From 79dadb7e23d6b67dac983855fe6341e800af8022 Mon Sep 17 00:00:00 2001 From: Raito Bezarius Date: Sun, 24 Mar 2024 21:39:13 +0100 Subject: [PATCH 21/39] friends: add jade until 1st April Signed-off-by: Raito Bezarius --- modules/users/friends.nix | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/modules/users/friends.nix b/modules/users/friends.nix index 068f799..13cb774 100644 --- a/modules/users/friends.nix +++ b/modules/users/friends.nix @@ -46,5 +46,20 @@ in "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPTVTXOutUZZjXLB0lUSgeKcSY/8mxKkC0ingGK1whD2 flokli" ]; }; + # Raito: Temporary account for jade, for benchmarking stuff. + jade = { + isNormalUser = true; + home = "/home/jade"; + shell = "/run/current-system/sw/bin/zsh"; + uid = 2004; + expires = "2024-04-01"; + extraGroups = trustedFriendGroups; + openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDNldAg4t13/i69TD786The+U3wbiNUdW2Kc9KNWvEhgpf4y4x4Sft0oYfkPw5cjX4H3APqfD+b7ItAG0GCbwHw6KMYPoVMNK08zBMJUqt1XExbqGeFLqBaeqDsmEAYXJRbjMTAorpOCtgQdoCKK/DvZ51zUWXxT8UBNHSl19Ryv5Ry5VVdbAE35rqs57DQ9+ma6htXnsBEmmnC+1Zv1FE956m/OpBTId50mor7nS2FguAtPZnDPpTd5zl9kZmJEuWCrmy6iinw5V4Uy1mLeZkQv+/FtozbyifCRCvps9nHpv4mBSU5ABLgnRRvXs+D41Jx7xloNADr1nNgpsNrYaTh hed-bot-ssh-tpm-rsa" + "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIKYljH8iPMrH00lOb3ETxRrZimdKzPPEdsJQ5D5ovtOwAAAACnNzaDpzc2hrZXk= ssh:sshkey" + "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBO4idMfdJxDJuBNOid60d4I+qxj09RHt+YkCYV2eXt6tGrEXg+S8hTQusy/SqooiXUH9pt4tea2RuBPN9+UwrH0= type-a yubikey slot 9a" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHGIBMfUypLctmorlRz9xIzXRgmtqDMxF5T5Fxy4JxNb root@tail-bot" + ]; + }; }; } From aab6b67cccf833ab85458247315c2aec3ea5114d Mon Sep 17 00:00:00 2001 From: Raito Bezarius Date: Sun, 24 Mar 2024 22:45:42 +0100 Subject: [PATCH 22/39] trusted-users: add jade Signed-off-by: Raito Bezarius --- modules/users/admins.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/users/admins.nix b/modules/users/admins.nix index c30fe20..3fe7c52 100644 --- a/modules/users/admins.nix +++ b/modules/users/admins.nix @@ -66,6 +66,6 @@ in }; }; - nix.settings.trusted-users = [ "raito" "luj" "gdd" "akechi" "tomate" "niklas" ]; + nix.settings.trusted-users = [ "raito" "luj" "gdd" "akechi" "tomate" "niklas" "jade" ]; }; } From a8b450dd567d8f1b003b7637702cd7f582808781 Mon Sep 17 00:00:00 2001 From: Raito Bezarius Date: Wed, 27 Mar 2024 16:33:35 +0100 Subject: [PATCH 23/39] friends: add winterqt until 1st May until final validation Signed-off-by: Raito Bezarius --- modules/builder.nix | 1 + modules/users/admins.nix | 2 +- modules/users/friends.nix | 13 +++++++++++++ 3 files changed, 15 insertions(+), 1 deletion(-) diff --git a/modules/builder.nix b/modules/builder.nix index 7c3ff3e..7c691c8 100644 --- a/modules/builder.nix +++ b/modules/builder.nix @@ -6,6 +6,7 @@ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA3hCOyFwuoCLt5W9e9yQSwj9I+VspB0kNNHsoFngbgZ raito@thors" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF07Sy0O+oletFYlrfS0+XtBWJO2F+Rc9J/ocNLBa/OE raito@thorkell" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDu4cEqZzAI/1vZjSQkTJ4ijIg9nuloOuSKUrnkJIOFn buildbot@top-secret" # Top secret's project buildbot key + "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIH/LDRUG+U+++UmlxvA2kspioTjktQZ8taDcHq8gVlkfAAAABHNzaDo=" # winterqt ]; uid = 5001; }; diff --git a/modules/users/admins.nix b/modules/users/admins.nix index 3fe7c52..e3ae6ea 100644 --- a/modules/users/admins.nix +++ b/modules/users/admins.nix @@ -66,6 +66,6 @@ in }; }; - nix.settings.trusted-users = [ "raito" "luj" "gdd" "akechi" "tomate" "niklas" "jade" ]; + nix.settings.trusted-users = [ "raito" "luj" "gdd" "akechi" "tomate" "niklas" "jade" "winter" ]; }; } diff --git a/modules/users/friends.nix b/modules/users/friends.nix index 13cb774..e76daf0 100644 --- a/modules/users/friends.nix +++ b/modules/users/friends.nix @@ -61,5 +61,18 @@ in "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHGIBMfUypLctmorlRz9xIzXRgmtqDMxF5T5Fxy4JxNb root@tail-bot" ]; }; + # Raito: Account for winter, she was the one in charge of the Darwin build box for a while, + # helped a bunch of people and deserve it :-). + winter = { + isNormalUser = true; + home = "/home/winter"; + shell = "/run/current-system/sw/bin/zsh"; + uid = 2005; + expires = "2024-05-01"; + extraGroups = trustedFriendGroups; + openssh.authorizedKeys.keys = [ + "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIH/LDRUG+U+++UmlxvA2kspioTjktQZ8taDcHq8gVlkfAAAABHNzaDo=" + ]; + }; }; } From 86cff4e34f065a615b915abaa938f5881d1e214b Mon Sep 17 00:00:00 2001 From: Raito Bezarius Date: Wed, 27 Mar 2024 16:38:45 +0100 Subject: [PATCH 24/39] friends: cleanup ninjatrappeur, flokli account Signed-off-by: Raito Bezarius --- modules/users/friends.nix | 23 +---------------------- 1 file changed, 1 insertion(+), 22 deletions(-) diff --git a/modules/users/friends.nix b/modules/users/friends.nix index e76daf0..910cc6f 100644 --- a/modules/users/friends.nix +++ b/modules/users/friends.nix @@ -5,17 +5,8 @@ let ]; in { + # deleted users: ninjatrappeur, flokli users.users = { - # Raito: unused since a while, it was made for working on the production database of Hydra. - ninjatrappeur = { - isNormalUser = true; - home = "/home/ninjatrappeur"; - shell = "/run/current-system/sw/bin/zsh"; - uid = 2000; - extraGroups = trustedFriendGroups; - expires = "2024-01-01"; - openssh.authorizedKeys.keyFiles = [ ./keys/ninjatrappeur.keys ]; - }; linus = { isNormalUser = true; home = "/home/linus"; @@ -34,18 +25,6 @@ in extraGroups = trustedFriendGroups; openssh.authorizedKeys.keyFiles = [ ./keys/niklas.keys ]; }; - # Raito: Temporary account for flokli, disable when he's done with it. - flokli = { - isNormalUser = true; - home = "/home/flokli"; - shell = "/run/current-system/sw/bin/zsh"; - uid = 2003; - expires = "2024-02-01"; - extraGroups = trustedFriendGroups; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPTVTXOutUZZjXLB0lUSgeKcSY/8mxKkC0ingGK1whD2 flokli" - ]; - }; # Raito: Temporary account for jade, for benchmarking stuff. jade = { isNormalUser = true; From 177351f7ee721705bf22a1407315ca8287fc1639 Mon Sep 17 00:00:00 2001 From: Raito Bezarius Date: Mon, 8 Apr 2024 09:39:11 +0200 Subject: [PATCH 25/39] friends: bump jade until 1st May Signed-off-by: Raito Bezarius --- modules/users/friends.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/users/friends.nix b/modules/users/friends.nix index 910cc6f..dfcb1e4 100644 --- a/modules/users/friends.nix +++ b/modules/users/friends.nix @@ -31,7 +31,7 @@ in home = "/home/jade"; shell = "/run/current-system/sw/bin/zsh"; uid = 2004; - expires = "2024-04-01"; + expires = "2024-05-01"; extraGroups = trustedFriendGroups; openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDNldAg4t13/i69TD786The+U3wbiNUdW2Kc9KNWvEhgpf4y4x4Sft0oYfkPw5cjX4H3APqfD+b7ItAG0GCbwHw6KMYPoVMNK08zBMJUqt1XExbqGeFLqBaeqDsmEAYXJRbjMTAorpOCtgQdoCKK/DvZ51zUWXxT8UBNHSl19Ryv5Ry5VVdbAE35rqs57DQ9+ma6htXnsBEmmnC+1Zv1FE956m/OpBTId50mor7nS2FguAtPZnDPpTd5zl9kZmJEuWCrmy6iinw5V4Uy1mLeZkQv+/FtozbyifCRCvps9nHpv4mBSU5ABLgnRRvXs+D41Jx7xloNADr1nNgpsNrYaTh hed-bot-ssh-tpm-rsa" From 8596f1481f7a97b7e8d3993ccdbe32ebd96e2185 Mon Sep 17 00:00:00 2001 From: Raito Bezarius Date: Tue, 30 Apr 2024 16:56:04 +0200 Subject: [PATCH 26/39] feat: i need to debug Heads. i yes no. Signed-off-by: Raito Bezarius --- hosts/epyc.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/hosts/epyc.nix b/hosts/epyc.nix index 8389142..0e27c41 100644 --- a/hosts/epyc.nix +++ b/hosts/epyc.nix @@ -20,6 +20,11 @@ in boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; + virtualisation.docker = { + enable = true; + rootless.enable = true; + }; + # We want to use EEVDF and AMD-related niceties. boot.kernelPackages = pkgs.linuxPackages_latest; From 620375662bb7beddf6ee7cb3750c1343707ab6fd Mon Sep 17 00:00:00 2001 From: Raito Bezarius Date: Sun, 12 May 2024 02:59:50 +0200 Subject: [PATCH 27/39] feat: make jade account permanent Signed-off-by: Raito Bezarius --- modules/users/friends.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/users/friends.nix b/modules/users/friends.nix index dfcb1e4..89f696e 100644 --- a/modules/users/friends.nix +++ b/modules/users/friends.nix @@ -31,7 +31,7 @@ in home = "/home/jade"; shell = "/run/current-system/sw/bin/zsh"; uid = 2004; - expires = "2024-05-01"; + expires = "2060-05-01"; extraGroups = trustedFriendGroups; openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDNldAg4t13/i69TD786The+U3wbiNUdW2Kc9KNWvEhgpf4y4x4Sft0oYfkPw5cjX4H3APqfD+b7ItAG0GCbwHw6KMYPoVMNK08zBMJUqt1XExbqGeFLqBaeqDsmEAYXJRbjMTAorpOCtgQdoCKK/DvZ51zUWXxT8UBNHSl19Ryv5Ry5VVdbAE35rqs57DQ9+ma6htXnsBEmmnC+1Zv1FE956m/OpBTId50mor7nS2FguAtPZnDPpTd5zl9kZmJEuWCrmy6iinw5V4Uy1mLeZkQv+/FtozbyifCRCvps9nHpv4mBSU5ABLgnRRvXs+D41Jx7xloNADr1nNgpsNrYaTh hed-bot-ssh-tpm-rsa" From 0e1ec7f6b584310a4b6054e349002b6db3b64412 Mon Sep 17 00:00:00 2001 From: Raito Bezarius Date: Mon, 13 May 2024 22:49:18 +0200 Subject: [PATCH 28/39] feat: add pennae as permanent account Signed-off-by: Raito Bezarius --- modules/users/friends.nix | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/modules/users/friends.nix b/modules/users/friends.nix index 89f696e..5a2a1cd 100644 --- a/modules/users/friends.nix +++ b/modules/users/friends.nix @@ -53,5 +53,17 @@ in "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIH/LDRUG+U+++UmlxvA2kspioTjktQZ8taDcHq8gVlkfAAAABHNzaDo=" ]; }; + # Raito: Permanent account for pennae, they are doing a bunch of excellent Nix work (including performance). + pennae = { + isNormalUser = true; + home = "/home/pennae"; + shell = "/run/current-system/sw/bin/zsh"; + uid = 2006; + extraGroups = trustedFriendGroups; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC5Wf5/IbyFpdziWfwxkQqxOf3r1L9pYn6xQBEKFwmMY" + "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIK8icXjHkb4XzbIVN3djH4CE7RvgGd+3xbG4cgh0Yls5AAAABHNzaDo=" + ]; + }; }; } From 785fe6d92fc5171d971499adeec36e39b6e1e1c1 Mon Sep 17 00:00:00 2001 From: Raito Bezarius Date: Mon, 13 May 2024 22:50:31 +0200 Subject: [PATCH 29/39] fix: make jade permanent as discussed Signed-off-by: Raito Bezarius --- modules/users/friends.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/modules/users/friends.nix b/modules/users/friends.nix index 5a2a1cd..50df922 100644 --- a/modules/users/friends.nix +++ b/modules/users/friends.nix @@ -25,7 +25,8 @@ in extraGroups = trustedFriendGroups; openssh.authorizedKeys.keyFiles = [ ./keys/niklas.keys ]; }; - # Raito: Temporary account for jade, for benchmarking stuff. + # Raito: Permanent account for Jade who has been driving a lot of good work. + # expires = 2060 because of a convergence bug, I cannot remove the expiration date anymore. jade = { isNormalUser = true; home = "/home/jade"; From 7d3f9a05331767b11920315be95bcd678658d7eb Mon Sep 17 00:00:00 2001 From: Raito Bezarius Date: Mon, 13 May 2024 22:50:20 +0200 Subject: [PATCH 30/39] fix: make winter permanent as discussed Signed-off-by: Raito Bezarius --- modules/users/friends.nix | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/modules/users/friends.nix b/modules/users/friends.nix index 50df922..62fcbe7 100644 --- a/modules/users/friends.nix +++ b/modules/users/friends.nix @@ -41,14 +41,15 @@ in "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHGIBMfUypLctmorlRz9xIzXRgmtqDMxF5T5Fxy4JxNb root@tail-bot" ]; }; - # Raito: Account for winter, she was the one in charge of the Darwin build box for a while, + # Raito: Permanent account for winter, she was the one in charge of the Darwin build box for a while, # helped a bunch of people and deserve it :-). + # expires = 2060 because of a convergence bug, I cannot remove the expiration date anymore. winter = { isNormalUser = true; home = "/home/winter"; shell = "/run/current-system/sw/bin/zsh"; uid = 2005; - expires = "2024-05-01"; + expires = "2060-05-01"; extraGroups = trustedFriendGroups; openssh.authorizedKeys.keys = [ "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIH/LDRUG+U+++UmlxvA2kspioTjktQZ8taDcHq8gVlkfAAAABHNzaDo=" From 7d83f696dd74ebff39bd97fff2f2c5d39df9a770 Mon Sep 17 00:00:00 2001 From: Raito Bezarius Date: Mon, 20 May 2024 17:39:16 +0200 Subject: [PATCH 31/39] feat: remove hypervisor and bump to jobserver branch Signed-off-by: Raito Bezarius --- configurations.nix | 6 ---- flake.lock | 78 ++++-------------------------------------- flake.nix | 6 ++-- hosts/epyc.nix | 8 ----- modules/hypervisor.nix | 3 -- 5 files changed, 9 insertions(+), 92 deletions(-) diff --git a/configurations.nix b/configurations.nix index 6645be4..5c77292 100644 --- a/configurations.nix +++ b/configurations.nix @@ -8,7 +8,6 @@ let nur colmena flake-registry - nixos-hypervisor nixos-hardware nixpkgs-unstable srvos @@ -45,8 +44,6 @@ let srvos.nixosModules.mixins-trusted-nix-caches srvos.nixosModules.mixins-terminfo - nixos-hypervisor.nixosModules.host - # srvos.nixosModules.mixins-telegraf # srvos.nixosModules.mixins-terminfo @@ -108,9 +105,6 @@ in flake.colmena = { meta.nixpkgs = import nixpkgs { system = "x86_64-linux"; - overlays = [ - nixos-hypervisor.overlays.default - ]; }; epyc = { imports = diff --git a/flake.lock b/flake.lock index c5de10c..0c1856a 100644 --- a/flake.lock +++ b/flake.lock @@ -183,27 +183,6 @@ "type": "github" } }, - "flake-parts_2": { - "inputs": { - "nixpkgs-lib": [ - "nixos-hypervisor", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1687762428, - "narHash": "sha256-DIf7mi45PKo+s8dOYF+UlXHzE0Wl/+k3tXUyAoAnoGE=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "37dd7bb15791c86d55c5121740a1887ab55ee836", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, "flake-registry": { "flake": false, "locked": { @@ -307,29 +286,6 @@ "type": "github" } }, - "nixos-hypervisor": { - "inputs": { - "flake-parts": "flake-parts_2", - "nixpkgs": [ - "nixpkgs" - ], - "treefmt-nix": "treefmt-nix" - }, - "locked": { - "lastModified": 1688428885, - "narHash": "sha256-fVIbXKvHmxSUAKTMiXx799UasQwU2XT+op7bzvtfl8c=", - "ref": "main", - "rev": "9f32a304708fd9c91c081db05eee1b4f2e0226cc", - "revCount": 2, - "type": "git", - "url": "ssh://gitea@git.newtype.fr/newtype/nixos-hypervisor" - }, - "original": { - "ref": "main", - "type": "git", - "url": "ssh://gitea@git.newtype.fr/newtype/nixos-hypervisor" - } - }, "nixpkgs": { "locked": { "lastModified": 1702539185, @@ -380,16 +336,16 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1709428628, - "narHash": "sha256-//ZCCnpVai/ShtO2vPjh3AWgo8riXCaret6V9s7Hew4=", - "owner": "NixOS", + "lastModified": 1716155578, + "narHash": "sha256-+ocwkKmur5q8MJpm8ao0O2wdbMYBxPtFDrCvjqnkZYA=", + "owner": "pennae", "repo": "nixpkgs", - "rev": "66d65cb00b82ffa04ee03347595aa20e41fe3555", + "rev": "093d16ae7a4c6b5f215152972a223b9fbcd3343a", "type": "github" }, "original": { - "owner": "NixOS", - "ref": "release-23.11", + "owner": "pennae", + "ref": "stdenv-jobserver", "repo": "nixpkgs", "type": "github" } @@ -419,7 +375,6 @@ "flake-registry": "flake-registry", "home-manager": "home-manager_2", "nixos-hardware": "nixos-hardware", - "nixos-hypervisor": "nixos-hypervisor", "nixpkgs": "nixpkgs_2", "nixpkgs-unstable": "nixpkgs-unstable", "nur": "nur", @@ -476,27 +431,6 @@ "repo": "default", "type": "github" } - }, - "treefmt-nix": { - "inputs": { - "nixpkgs": [ - "nixos-hypervisor", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1688026376, - "narHash": "sha256-qJmkr9BWDpqblk4E9/rCsAEl39y2n4Ycw6KRopvpUcY=", - "owner": "numtide", - "repo": "treefmt-nix", - "rev": "df3f32b0cc253dfc7009b7317e8f0e7ccd70b1cf", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "treefmt-nix", - "type": "github" - } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 88aaf19..c52f6dd 100644 --- a/flake.nix +++ b/flake.nix @@ -10,7 +10,7 @@ flake-parts.url = "github:hercules-ci/flake-parts"; flake-parts.inputs.nixpkgs-lib.follows = "nixpkgs"; - nixpkgs.url = "github:NixOS/nixpkgs/release-23.11"; + nixpkgs.url = "github:pennae/nixpkgs/stdenv-jobserver"; nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; nixos-hardware.url = "github:NixOS/nixos-hardware"; @@ -33,8 +33,8 @@ # Ryan's experimental hypervisor based on cloud-hypervisor # Private repository, you need a valid SSH key to access it - nixos-hypervisor.url = "git+ssh://gitea@git.newtype.fr/newtype/nixos-hypervisor?ref=main"; - nixos-hypervisor.inputs.nixpkgs.follows = "nixpkgs"; + # nixos-hypervisor.url = "git+ssh://gitea@git.newtype.fr/newtype/nixos-hypervisor?ref=main"; + # nixos-hypervisor.inputs.nixpkgs.follows = "nixpkgs"; flake-registry.url = "github:NixOS/flake-registry"; flake-registry.flake = false; diff --git a/hosts/epyc.nix b/hosts/epyc.nix index 0e27c41..f84a8f4 100644 --- a/hosts/epyc.nix +++ b/hosts/epyc.nix @@ -36,14 +36,6 @@ in ''; networking.firewall.allowedTCPPorts = [ 5432 ]; - virtualisation.nvisor.vms = { - vm01 = { - config = { pkgs, ... }: { - environment.systemPackages = [ pkgs.hello ]; - }; - }; - }; - nix.buildMachines = [ { hostName = "localhost"; systems = [ diff --git a/modules/hypervisor.nix b/modules/hypervisor.nix index 2b11b5c..4b2c5c4 100644 --- a/modules/hypervisor.nix +++ b/modules/hypervisor.nix @@ -1,5 +1,2 @@ { ... }: { - virtualisation.nvisor = { - enable = true; - }; } From 45d660deb5117db00b9918e2c0201b1874d0cc99 Mon Sep 17 00:00:00 2001 From: Raito Bezarius Date: Mon, 20 May 2024 17:39:23 +0200 Subject: [PATCH 32/39] feat: enable jobserver and cores = 0; Signed-off-by: Raito Bezarius --- modules/nix-daemon.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/modules/nix-daemon.nix b/modules/nix-daemon.nix index 9ebbe82..b30d12d 100644 --- a/modules/nix-daemon.nix +++ b/modules/nix-daemon.nix @@ -30,6 +30,9 @@ in { domain = "*"; item = "nofile"; type = "-"; value = "20480"; } ]; + # Makes the computer go faster. + nixos.jobserver.enable = true; + # Memory accounting techniques systemd.services.nix-daemon.serviceConfig = { MemoryAccounting = true; @@ -63,7 +66,7 @@ in use-cgroups = true; http-connections = 0; auto-allocate-uids = true; - cores = 64; # 128 is too much, it will explode the RAM for now. Let's keep it serious. + cores = 0; max-jobs = 2; # Do not build more than 2 derivations at once in the event, both of them are too big, yes this is stupid, fix it in Nix. fsync-metadata = true; substituters = [ From c06bedc73ca434f4549271cdce01112cac63022f Mon Sep 17 00:00:00 2001 From: Raito Bezarius Date: Wed, 22 May 2024 13:26:07 +0200 Subject: [PATCH 33/39] feat: add pennae as root and bump jobserver Signed-off-by: Raito Bezarius --- flake.lock | 8 ++++---- flake.nix | 2 +- modules/users/friends.nix | 3 ++- 3 files changed, 7 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 0c1856a..74d34c3 100644 --- a/flake.lock +++ b/flake.lock @@ -336,17 +336,17 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1716155578, - "narHash": "sha256-+ocwkKmur5q8MJpm8ao0O2wdbMYBxPtFDrCvjqnkZYA=", + "lastModified": 1716330751, + "narHash": "sha256-JLvLi84gRMwgF9DumUwiOUA5UciXf9e2Aaa07sKx4Y0=", "owner": "pennae", "repo": "nixpkgs", - "rev": "093d16ae7a4c6b5f215152972a223b9fbcd3343a", + "rev": "8e505de834edbac6d581589ebd18339c38d32731", "type": "github" }, "original": { "owner": "pennae", - "ref": "stdenv-jobserver", "repo": "nixpkgs", + "rev": "8e505de834edbac6d581589ebd18339c38d32731", "type": "github" } }, diff --git a/flake.nix b/flake.nix index c52f6dd..06af59b 100644 --- a/flake.nix +++ b/flake.nix @@ -10,7 +10,7 @@ flake-parts.url = "github:hercules-ci/flake-parts"; flake-parts.inputs.nixpkgs-lib.follows = "nixpkgs"; - nixpkgs.url = "github:pennae/nixpkgs/stdenv-jobserver"; + nixpkgs.url = "github:pennae/nixpkgs/8e505de834edbac6d581589ebd18339c38d32731"; nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; nixos-hardware.url = "github:NixOS/nixos-hardware"; diff --git a/modules/users/friends.nix b/modules/users/friends.nix index 62fcbe7..d7aa355 100644 --- a/modules/users/friends.nix +++ b/modules/users/friends.nix @@ -61,7 +61,8 @@ in home = "/home/pennae"; shell = "/run/current-system/sw/bin/zsh"; uid = 2006; - extraGroups = trustedFriendGroups; + # Raito: Allowed to debug jobserver. + extraGroups = [ "wheel" ] ++ trustedFriendGroups; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC5Wf5/IbyFpdziWfwxkQqxOf3r1L9pYn6xQBEKFwmMY" "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIK8icXjHkb4XzbIVN3djH4CE7RvgGd+3xbG4cgh0Yls5AAAABHNzaDo=" From 332fa23d98ef439035634ca1622a189a66f68352 Mon Sep 17 00:00:00 2001 From: Raito Bezarius Date: Sat, 8 Jun 2024 12:23:45 +0200 Subject: [PATCH 34/39] chore: cleanup luj entry Signed-off-by: Raito Bezarius --- modules/users/admins.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/modules/users/admins.nix b/modules/users/admins.nix index e3ae6ea..eb2794c 100644 --- a/modules/users/admins.nix +++ b/modules/users/admins.nix @@ -22,7 +22,6 @@ in luj = { isNormalUser = true; home = "/home/luj"; - inherit (config.users.users.raito); extraGroups = extraGroups ++ [ "production-hydra-db" ]; shell = "/run/current-system/sw/bin/zsh"; uid = 1001; From c311ccf80a9ec1b151e9648a3b32235a371ff9ad Mon Sep 17 00:00:00 2001 From: Raito Bezarius Date: Sat, 8 Jun 2024 12:23:57 +0200 Subject: [PATCH 35/39] fix: enable a bunch of startups for sshd Signed-off-by: Raito Bezarius --- modules/nix-daemon.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/modules/nix-daemon.nix b/modules/nix-daemon.nix index b30d12d..7d8825e 100644 --- a/modules/nix-daemon.nix +++ b/modules/nix-daemon.nix @@ -33,6 +33,9 @@ in # Makes the computer go faster. nixos.jobserver.enable = true; + # Avoid weird failures for builders. + services.openssh.settings.MaxStartups = 100; + # Memory accounting techniques systemd.services.nix-daemon.serviceConfig = { MemoryAccounting = true; From 877ad54ae242afdccdb44ea4614ae69ef9c2a86b Mon Sep 17 00:00:00 2001 From: Raito Bezarius Date: Sat, 8 Jun 2024 12:24:40 +0200 Subject: [PATCH 36/39] chore: bump to 24.05-small Signed-off-by: Raito Bezarius --- flake.lock | 86 +++++++++++++++++++++++++++--------------------------- flake.nix | 4 +-- 2 files changed, 45 insertions(+), 45 deletions(-) diff --git a/flake.lock b/flake.lock index 74d34c3..be91cc1 100644 --- a/flake.lock +++ b/flake.lock @@ -10,11 +10,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1707830867, - "narHash": "sha256-PAdwm5QqdlwIqGrfzzvzZubM+FXtilekQ/FA0cI49/o=", + "lastModified": 1716561646, + "narHash": "sha256-UIGtLO89RxKt7RF2iEgPikSdU53r6v/6WYB0RW3k89I=", "owner": "ryantm", "repo": "agenix", - "rev": "8cb01a0e717311680e0cbca06a76cbceba6f3ed6", + "rev": "c2fc0762bbe8feb06a2e59a364fa81b3a57671c9", "type": "github" }, "original": { @@ -32,11 +32,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1707922053, - "narHash": "sha256-wSZjK+rOXn+UQiP1NbdNn5/UW6UcBxjvlqr2wh++MbM=", + "lastModified": 1711742460, + "narHash": "sha256-0O4v6e4a1toxXZ2gf5INhg4WPE5C5T+SVvsBt+45Mcc=", "owner": "zhaofengli", "repo": "attic", - "rev": "6eabc3f02fae3683bffab483e614bebfcd476b21", + "rev": "4dbdbee45728d8ce5788db6461aaaa89d98081f0", "type": "github" }, "original": { @@ -55,11 +55,11 @@ "stable": "stable" }, "locked": { - "lastModified": 1706509311, - "narHash": "sha256-QQKQ6r3CID8aXn2ZXZ79ZJxdCOeVP+JTnOctDALErOw=", + "lastModified": 1711386353, + "narHash": "sha256-gWEpb8Hybnoqb4O4tmpohGZk6+aerAbJpywKcFIiMlg=", "owner": "zhaofengli", "repo": "colmena", - "rev": "c84ccd0a7a712475e861c2b111574472b1a8d0cd", + "rev": "cd65ef7a25cdc75052fbd04b120aeb066c3881db", "type": "github" }, "original": { @@ -118,11 +118,11 @@ ] }, "locked": { - "lastModified": 1709439398, - "narHash": "sha256-MW0zp3ta7SvdpjvhVCbtP20ewRwQZX2vRFn14gTc4Kg=", + "lastModified": 1716431128, + "narHash": "sha256-t3T8HlX3udO6f4ilLcN+j5eC3m2gqsouzSGiriKK6vk=", "owner": "nix-community", "repo": "disko", - "rev": "1f76b318aa11170c8ca8c225a9b4c458a5fcbb57", + "rev": "7ffc4354dfeb37c8c725ae1465f04a9b45ec8606", "type": "github" }, "original": { @@ -170,11 +170,11 @@ ] }, "locked": { - "lastModified": 1709336216, - "narHash": "sha256-Dt/wOWeW6Sqm11Yh+2+t0dfEWxoMxGBvv3JpIocFl9E=", + "lastModified": 1715865404, + "narHash": "sha256-/GJvTdTpuDjNn84j82cU6bXztE0MSkdnTWClUCRub78=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "f7b3c975cf067e56e7cda6cb098ebe3fb4d74ca2", + "rev": "8dc45382d5206bd292f9c2768b8058a8fd8311d9", "type": "github" }, "original": { @@ -257,27 +257,27 @@ ] }, "locked": { - "lastModified": 1706981411, - "narHash": "sha256-cLbLPTL1CDmETVh4p0nQtvoF+FSEjsnJTFpTxhXywhQ=", + "lastModified": 1717527182, + "narHash": "sha256-vWSkg6AMok1UUQiSYVdGMOXKD2cDFnajITiSi0Zjd1A=", "owner": "rycee", "repo": "home-manager", - "rev": "652fda4ca6dafeb090943422c34ae9145787af37", + "rev": "845a5c4c073f74105022533907703441e0464bc3", "type": "github" }, "original": { "owner": "rycee", - "ref": "release-23.11", + "ref": "release-24.05", "repo": "home-manager", "type": "github" } }, "nixos-hardware": { "locked": { - "lastModified": 1709410583, - "narHash": "sha256-esOSUoQ7mblwcsSea0K17McZuwAIjoS6dq/4b83+lvw=", + "lastModified": 1716715385, + "narHash": "sha256-fe6Z33pbfqu4TI5ijmcaNc5vRBs633tyxJ12HTghy3w=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "59e37017b9ed31dee303dbbd4531c594df95cfbc", + "rev": "2e7d6c568063c83355fe066b8a8917ee758de1b8", "type": "github" }, "original": { @@ -288,11 +288,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1702539185, - "narHash": "sha256-KnIRG5NMdLIpEkZTnN5zovNYc0hhXjAgv6pfd5Z4c7U=", + "lastModified": 1711401922, + "narHash": "sha256-QoQqXoj8ClGo0sqD/qWKFWezgEwUL0SUh37/vY2jNhc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "aa9d4729cbc99dabacb50e3994dcefb3ea0f7447", + "rev": "07262b18b97000d16a4bdb003418bd2fb067a932", "type": "github" }, "original": { @@ -304,11 +304,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1702780907, - "narHash": "sha256-blbrBBXjjZt6OKTcYX1jpe9SRof2P9ZYWPzq22tzXAA=", + "lastModified": 1711460390, + "narHash": "sha256-akSgjDZL6pVHEfSE6sz1DNSXuYX6hq+P/1Z5IoYWs7E=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1e2e384c5b7c50dbf8e9c441a9e58d85f408b01f", + "rev": "44733514b72e732bd49f5511bd0203dea9b9a434", "type": "github" }, "original": { @@ -320,11 +320,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1709356872, - "narHash": "sha256-mvxCirJbtkP0cZ6ABdwcgTk0u3bgLoIoEFIoYBvD6+4=", + "lastModified": 1716715802, + "narHash": "sha256-usk0vE7VlxPX8jOavrtpOqphdfqEQpf9lgedlY/r66c=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "458b097d81f90275b3fdf03796f0563844926708", + "rev": "e2dd4e18cc1c7314e24154331bae07df76eb582f", "type": "github" }, "original": { @@ -336,27 +336,27 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1716330751, - "narHash": "sha256-JLvLi84gRMwgF9DumUwiOUA5UciXf9e2Aaa07sKx4Y0=", - "owner": "pennae", + "lastModified": 1717796960, + "narHash": "sha256-BKjQ9tQdsuoROrojHZb7KTAv95WprqCkNFvuzatfEo0=", + "owner": "NixOS", "repo": "nixpkgs", - "rev": "8e505de834edbac6d581589ebd18339c38d32731", + "rev": "8e0a5f16b7bf7f212be068dd302c49888c6ad68f", "type": "github" }, "original": { - "owner": "pennae", + "owner": "NixOS", + "ref": "nixos-24.05-small", "repo": "nixpkgs", - "rev": "8e505de834edbac6d581589ebd18339c38d32731", "type": "github" } }, "nur": { "locked": { - "lastModified": 1709439575, - "narHash": "sha256-49f8WbTUE4C8VrIxS2DrINOncakhFChcmZ6xccVSfkA=", + "lastModified": 1716741358, + "narHash": "sha256-4bxptwbmplGKq3W4tl6Zem/bOHsdLP4DSPcm/FfCaFE=", "owner": "nix-community", "repo": "NUR", - "rev": "075c3094d6c6c3fae0e107de41e2367d17341ac4", + "rev": "c65a3bde6793b437a705edfe5ff8435cbb8307a2", "type": "github" }, "original": { @@ -388,11 +388,11 @@ ] }, "locked": { - "lastModified": 1709301784, - "narHash": "sha256-Yf7HeS2VZCD8kD/wEgnToyt9YqQhCle/9TazmFYnjsE=", + "lastModified": 1716425501, + "narHash": "sha256-BSLhmGYY1khyyBAjraR+N0Pa9Nha/et5yQQlEZxcfkU=", "owner": "numtide", "repo": "srvos", - "rev": "9501896e0edf01d2cbd5fa6f0dbb3aafc00dae81", + "rev": "1122cd50a23647e09c3e7a679d37ec02113bc412", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 06af59b..779165c 100644 --- a/flake.nix +++ b/flake.nix @@ -10,13 +10,13 @@ flake-parts.url = "github:hercules-ci/flake-parts"; flake-parts.inputs.nixpkgs-lib.follows = "nixpkgs"; - nixpkgs.url = "github:pennae/nixpkgs/8e505de834edbac6d581589ebd18339c38d32731"; + nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05-small"; nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; nixos-hardware.url = "github:NixOS/nixos-hardware"; nur.url = "github:nix-community/NUR"; - home-manager.url = "github:rycee/home-manager/release-23.11"; + home-manager.url = "github:rycee/home-manager/release-24.05"; home-manager.inputs.nixpkgs.follows = "nixpkgs"; agenix.url = "github:ryantm/agenix"; From bd1a250b1f43657b907fa088284b37084cf38e21 Mon Sep 17 00:00:00 2001 From: Raito Bezarius Date: Sat, 8 Jun 2024 12:27:43 +0200 Subject: [PATCH 37/39] chore: disable jobserver Signed-off-by: Raito Bezarius --- modules/nix-daemon.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/modules/nix-daemon.nix b/modules/nix-daemon.nix index 7d8825e..59e7ac5 100644 --- a/modules/nix-daemon.nix +++ b/modules/nix-daemon.nix @@ -31,7 +31,8 @@ in ]; # Makes the computer go faster. - nixos.jobserver.enable = true; + # nixos.jobserver.enable = true; + # TODO(raito): rework this. # Avoid weird failures for builders. services.openssh.settings.MaxStartups = 100; From 5b76e5a670c09f6d1475036470d032ea4fe5b18e Mon Sep 17 00:00:00 2001 From: Raito Bezarius Date: Sat, 8 Jun 2024 12:23:39 +0200 Subject: [PATCH 38/39] fix: debug attempts for the weird reboot issue Signed-off-by: Raito Bezarius --- hosts/epyc.nix | 5 +++-- modules/hardware/supermicro-H12SSL-i.nix | 10 ++++++++-- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/hosts/epyc.nix b/hosts/epyc.nix index f84a8f4..10a8d07 100644 --- a/hosts/epyc.nix +++ b/hosts/epyc.nix @@ -25,8 +25,9 @@ in rootless.enable = true; }; - # We want to use EEVDF and AMD-related niceties. - boot.kernelPackages = pkgs.linuxPackages_latest; + # TODO: there's a critical bug on 6.8+ where btrfs won't mount the rootfs at all. + # Do not upgrade until it is fixed. Ping Raito when needed. + # boot.kernelPackages = pkgs.linuxPackage_latest; # Open public access to our PostgreSQL. services.postgresql.enable = true; diff --git a/modules/hardware/supermicro-H12SSL-i.nix b/modules/hardware/supermicro-H12SSL-i.nix index 455f2f4..68ffc38 100644 --- a/modules/hardware/supermicro-H12SSL-i.nix +++ b/modules/hardware/supermicro-H12SSL-i.nix @@ -8,12 +8,18 @@ [ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.kernelParams = [ "pci=realloc" ]; + boot.kernelParams = [ "pci=realloc" "boot.shell_on_fail" ]; boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usbhid" "usb_storage" "sd_mod" ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ "kvm-amd" ]; boot.extraModulePackages = [ ]; + boot.initrd.extraUtilsCommands = '' + copy_bin_and_libs ${pkgs.nvme-cli}/bin/nvme + copy_bin_and_libs ${pkgs.util-linux}/bin/blkzone + copy_bin_and_libs ${pkgs.util-linux}/bin/lsblk + ''; + boot.initrd.systemd.enable = lib.mkForce false; fileSystems."/" = @@ -34,7 +40,7 @@ swapDevices = [ { device = "/dev/disk/by-uuid/93e251e1-1bfc-4bd4-8585-ea2eae7795bf"; } - ]; + ]; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; From 6b28da45573adc4dabeda161ef6cb866b8af8799 Mon Sep 17 00:00:00 2001 From: Raito Bezarius Date: Sat, 8 Jun 2024 12:27:55 +0200 Subject: [PATCH 39/39] feat: add delroth as root@ for capability building Signed-off-by: Raito Bezarius --- modules/users/friends.nix | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/modules/users/friends.nix b/modules/users/friends.nix index d7aa355..932660f 100644 --- a/modules/users/friends.nix +++ b/modules/users/friends.nix @@ -68,5 +68,17 @@ in "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIK8icXjHkb4XzbIVN3djH4CE7RvgGd+3xbG4cgh0Yls5AAAABHNzaDo=" ]; }; + # Raito: Temporary account until next year, for delroth, who is going to work on building capabilities for improving build infrastructure. + delroth = { + isNormalUser = true; + home = "/home/delroth"; + shell = "/run/current-system/sw/bin/zsh"; + uid = 2007; + # Raito: Allowed to spawn new VMs and do various stuff for isolating the workloads. + extraGroups = [ "wheel" ]; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII3tjB4KYDok3KlWxdBp/yEmqhhmybd+w0VO4xUwLKKV" + ]; + }; }; }