diff --git a/configurations.nix b/configurations.nix index 5c77292..f14c0a0 100644 --- a/configurations.nix +++ b/configurations.nix @@ -8,6 +8,7 @@ let nur colmena flake-registry + nixos-hypervisor nixos-hardware nixpkgs-unstable srvos @@ -35,7 +36,7 @@ let ./modules/network.nix ./modules/zsh.nix ./modules/ssh-cursed.nix - # FIXME: ./modules/buildbot — whenever you are ready. + ./modules/buildbot disko.nixosModules.disko @@ -44,6 +45,8 @@ let srvos.nixosModules.mixins-trusted-nix-caches srvos.nixosModules.mixins-terminfo + nixos-hypervisor.nixosModules.host + # srvos.nixosModules.mixins-telegraf # srvos.nixosModules.mixins-terminfo @@ -105,6 +108,9 @@ in flake.colmena = { meta.nixpkgs = import nixpkgs { system = "x86_64-linux"; + overlays = [ + nixos-hypervisor.overlays.default + ]; }; epyc = { imports = diff --git a/docs/epyc.lstopo.svg b/docs/epyc.lstopo.svg index 4b13ca6..6c0d2ec 100644 --- a/docs/epyc.lstopo.svg +++ b/docs/epyc.lstopo.svg @@ -1,7 +1,7 @@ - - - Machine (252GB total) + + + Machine (126GB total) Package L#0 @@ -153,18 +153,18 @@ PU L#127 P#127 - NUMANode L#0 P#0 (252GB) + NUMANode L#0 P#0 (126GB) 7.9 - 3.9 - - 0.2 - - 1.0 - + 4.0 + + 0.2 + + 1.0 + @@ -178,56 +178,52 @@ - 3.9 - - PCI 42:00.0 - - Block nvme1n1 - 3726 GB - - - - 0.2 - - - - - - - PCI 45:00.0 - - - - 1.0 - - 1.0 - - - PCI 47:00.0 - - Net nat-lan - - PCI 47:00.1 - - Net wan + + PCI 43:00.0 + + + + 0.2 + + + + + + + PCI 46:00.0 + + + + 1.0 + + 1.0 + + + PCI 48:00.0 + + Net eno1 + + PCI 48:00.1 + + Net eno2 MemoryModule MemoryModule - - MemoryModule - - MemoryModule - - MemoryModule - - MemoryModule - - MemoryModule - - MemoryModule - - Host: epyc - Date: Mon 04 Mar 2024 12:28:26 AM UTC + + MemoryModule + + MemoryModule + + MemoryModule + + MemoryModule + + MemoryModule + + MemoryModule + + Host: epyc + Date: Mon 05 Jun 2023 03:19:33 PM UTC diff --git a/docs/epyc.md b/docs/epyc.md index e26978d..bd39c52 100644 --- a/docs/epyc.md +++ b/docs/epyc.md @@ -1,25 +1,20 @@ # epyc ``` -System: Host: epyc Kernel: 6.7.7 x86_64 bits: 64 compiler: gcc v: 12.3.0 - parameters: initrd=\efi\nixos\48dkb2vcxwmxxfk7wpl0qx884ibz5gk5-initrd-linux-6.7.7-initrd.efi - init=/nix/store/vz6r23gya5q3b8lr1yiadkv6h5lcjmmz-nixos-system-epyc-23.11pre-git/init - console=tty0 console=ttyS0,115200 pci=realloc console=ttyS1,115200n8 console=tty1 +System: Host: epyc Kernel: 6.1.31 x86_64 bits: 64 compiler: gcc v: 12.2.0 + parameters: initrd=\efi\nixos\11cjvasd1nh1dk783alsa14v4w00d467-initrd-linux-6.1.31-initrd.efi + init=/nix/store/9lnrp5ryf7gh3j94q8xn39zyl21kaw9f-nixos-system-epyc-23.05.419.3a70dd92993/init loglevel=4 - Console: N/A Distro: NixOS 23.11 (Tapir) + Console: N/A Distro: NixOS 23.05 (Stoat) Machine: Type: Server System: Supermicro product: Super Server v: 0123456789 serial: 0123456789 Chassis: type: 17 v: 0123456789 serial: 0123456789 Mobo: Supermicro model: H12SSL-i v: 1.01 serial: WM21AS601818 UEFI: American Megatrends v: 2.4 date: 04/14/2022 -Memory: RAM: total: 251.54 GiB used: 4.56 GiB (1.8%) +Memory: RAM: total: 125.64 GiB used: 2.32 GiB (1.8%) Array-1: capacity: 4 TiB note: check slots: 8 EC: Multi-bit ECC max-module-size: 512 GiB note: est. - Device-1: DIMMA1 size: 64 GiB speed: 3200 MT/s type: DDR4 - detail: synchronous registered (buffered) bus-width: 64 bits total: 72 bits - manufacturer: Samsung part-no: M393A8G40AB2-CWE serial: H0S100013847D8748B - Device-2: DIMMB1 size: 64 GiB speed: 3200 MT/s type: DDR4 - detail: synchronous registered (buffered) bus-width: 64 bits total: 72 bits - manufacturer: Samsung part-no: M393A8G40AB2-CWE serial: H0MK00013847D79D40 + Device-1: DIMMA1 size: No Module Installed + Device-2: DIMMB1 size: No Module Installed Device-3: DIMMC1 size: 64 GiB speed: 3200 MT/s type: DDR4 detail: synchronous registered (buffered) bus-width: 64 bits total: 72 bits manufacturer: Samsung part-no: M393A8G40AB2-CWE serial: Y10R120249249E38E1 @@ -32,7 +27,7 @@ Memory: RAM: total: 251.54 GiB used: 4.56 GiB (1.8%) Device-8: DIMMH1 size: No Module Installed PCI Slots: Slot: 1 type: x16 PCI Express 4 x16 CPU SLOT1 PCI-E 4.0 X16 status: Available length: Long - Slot: 2 type: x8 PCI Express 4 x8 CPU SLOT2 PCI-E 4.0 X8 status: Available length: Long + Slot: 2 type: x8 PCI Express 4 x8 CPU SLOT2 PCI-E 4.0 X8 status: In Use length: Long Slot: 3 type: x16 PCI Express 4 x16 CPU SLOT3 PCI-E 4.0 X16 status: Available length: Long Slot: 4 type: x8 PCI Express 4 x8 CPU SLOT4 PCI-E 4.0 X8 status: Available length: Long @@ -45,16 +40,16 @@ PCI Slots: Slot: 1 type: x16 PCI Express 4 x16 CPU SLOT1 PCI-E 4.0 X16 status: A Slot: N/A type: x4 M.2 Socket 3 PCI-E M.2-M1 status: Available length: Short Slot: N/A type: x4 M.2 Socket 3 PCI-E M.2-M2 status: Available length: Short CPU: Info: 64-Core model: AMD EPYC 7763 socket: SP3 bits: 64 type: MT MCP arch: Zen 3 - family: 19 (25) model-id: 1 stepping: 1 microcode: A0011D3 cache: L1: 4 MiB L2: 32 MiB + family: 19 (25) model-id: 1 stepping: 1 microcode: A0011CE cache: L1: 4 MiB L2: 32 MiB L3: 256 MiB - flags: avx avx2 lm nx pae sse sse2 sse3 sse4_1 sse4_2 sse4a ssse3 svm bogomips: 627200 + flags: avx avx2 lm nx pae sse sse2 sse3 sse4_1 sse4_2 sse4a ssse3 svm bogomips: 627203 Speed: 2450 MHz min/max: 1500/2450 MHz base/boost: 2450/3525 boost: enabled volts: 1.1 V ext-clock: 100 MHz Core speeds (MHz): 1: 2450 2: 2450 3: 2450 4: 2450 5: 2450 6: 2450 7: 2450 8: 2450 9: 2450 10: 2450 11: 2450 12: 2450 13: 2450 14: 2450 - 15: 2450 16: 2450 17: 2450 18: 2450 19: 2450 20: 2450 21: 2450 22: 2450 23: 2450 + 15: 2450 16: 2450 17: 2450 18: 2450 19: 2450 20: 2450 21: 1799 22: 2450 23: 2450 24: 2450 25: 2450 26: 2450 27: 2450 28: 2450 29: 2450 30: 2450 31: 2450 32: 2450 33: 2450 34: 2450 35: 2450 36: 2450 37: 2450 38: 2450 39: 2450 40: 2450 41: 2450 - 42: 2450 43: 2450 44: 2450 45: 3525 46: 2450 47: 2450 48: 2450 49: 2450 50: 2450 + 42: 2450 43: 2450 44: 3525 45: 2450 46: 2450 47: 2450 48: 2450 49: 2450 50: 2450 51: 2450 52: 2450 53: 2450 54: 2450 55: 2450 56: 2450 57: 2450 58: 2450 59: 2450 60: 2450 61: 2450 62: 2450 63: 2450 64: 2450 65: 2450 66: 2450 67: 2450 68: 2450 69: 2450 70: 2450 71: 2450 72: 2450 73: 2450 74: 2450 75: 2450 76: 2450 77: 2450 @@ -62,16 +57,14 @@ CPU: Info: 64-Core model: AMD EPYC 7763 socket: SP3 bits: 64 type: MT MCP 87: 2450 88: 2450 89: 2450 90: 2450 91: 2450 92: 2450 93: 2450 94: 2450 95: 2450 96: 2450 97: 2450 98: 2450 99: 2450 100: 2450 101: 2450 102: 2450 103: 2450 104: 2450 105: 2450 106: 2450 107: 2450 108: 2450 109: 2450 110: 2450 111: 2450 112: 2450 - 113: 2450 114: 2450 115: 2450 116: 2450 117: 2450 118: 2450 119: 2450 120: 2450 + 113: 2450 114: 2450 115: 2450 116: 2450 117: 2450 118: 1799 119: 2450 120: 2450 121: 2450 122: 2450 123: 2450 124: 2450 125: 2450 126: 2450 127: 2450 128: 2450 - Vulnerabilities: Type: gather_data_sampling status: Not affected - Type: itlb_multihit status: Not affected + Vulnerabilities: Type: itlb_multihit status: Not affected Type: l1tf status: Not affected Type: mds status: Not affected Type: meltdown status: Not affected Type: mmio_stale_data status: Not affected Type: retbleed status: Not affected - Type: spec_rstack_overflow mitigation: Safe RET Type: spec_store_bypass mitigation: Speculative Store Bypass disabled via prctl Type: spectre_v1 mitigation: usercopy/swapgs barriers and __user pointer sanitization Type: spectre_v2 mitigation: Retpolines, IBPB: conditional, IBRS_FW, STIBP: always-on, @@ -79,47 +72,50 @@ CPU: Info: 64-Core model: AMD EPYC 7763 socket: SP3 bits: 64 type: MT MCP Type: srbds status: Not affected Type: tsx_async_abort status: Not affected Graphics: Device-1: ASPEED Graphics Family vendor: Super Micro H12SSL-i driver: ast v: kernel - bus-ID: 45:00.0 chip-ID: 1a03:2000 class-ID: 0300 + bus-ID: 46:00.0 chip-ID: 1a03:2000 class-ID: 0300 Display: server: No display server data found. Headless machine? tty: N/A Message: Advanced graphics data unavailable in console for root. Audio: Message: No device data found. -Network: Device-1: Broadcom NetXtreme BCM5720 Gigabit Ethernet PCIe vendor: Super Micro H12SSL-i - driver: tg3 v: kernel port: N/A bus-ID: 47:00.0 chip-ID: 14e4:165f class-ID: 0200 - IF: nat-lan state: up speed: 1000 Mbps duplex: full mac: 3c:ec:ef:7e:bd:c8 - IP v4: 10.32.65.13/20 type: dynamic scope: global - IP v6: fe80::3eec:efff:fe7e:bdc8/64 virtual: proto kernel_ll scope: link +Network: Device-1: Intel 82599ES 10-Gigabit SFI/SFP+ Network driver: N/A modules: ixgbe + port: 1000 bus-ID: 43:00.0 chip-ID: 8086:10fb class-ID: 0200 Device-2: Broadcom NetXtreme BCM5720 Gigabit Ethernet PCIe vendor: Super Micro H12SSL-i - driver: tg3 v: kernel port: N/A bus-ID: 47:00.1 chip-ID: 14e4:165f class-ID: 0200 - IF: wan state: up speed: 1000 Mbps duplex: full mac: 3c:ec:ef:7e:bd:c9 - IP v6: 2001:bc8:38ee:100::500/128 scope: global - IP v6: fe80::3eec:efff:fe7e:bdc9/64 virtual: proto kernel_ll scope: link - IF-ID-1: enp73s0f3u1u2c2 state: down mac: be:3a:f2:b6:05:9f + driver: tg3 v: kernel port: 2000 bus-ID: 48:00.0 chip-ID: 14e4:165f class-ID: 0200 + IF: eno1 state: up speed: 1000 Mbps duplex: full mac: 3c:ec:ef:7e:bd:c8 + IP v4: 10.32.65.13/20 type: dynamic noprefixroute scope: global broadcast: 10.32.79.255 + IP v6: fe80::3eec:efff:fe7e:bdc8/64 scope: link + Device-3: Broadcom NetXtreme BCM5720 Gigabit Ethernet PCIe vendor: Super Micro H12SSL-i + driver: tg3 v: kernel port: 2000 bus-ID: 48:00.1 chip-ID: 14e4:165f class-ID: 0200 + IF: eno2 state: up speed: 1000 Mbps duplex: full mac: 3c:ec:ef:7e:bd:c9 + IP v4: 169.254.249.6/16 type: noprefixroute scope: global broadcast: 169.254.255.255 + IP v6: 2001:470:ca5e:dee:587c:7a50:f36c:cae8/64 type: temporary dynamic scope: global + IP v6: 2001:470:ca5e:dee:3eec:efff:fe7e:bdc9/64 type: dynamic mngtmpaddr noprefixroute + scope: global + IP v6: fe80::3eec:efff:fe7e:bdc9/64 scope: link + IF-ID-1: enp74s0f3u1u2c2 state: unknown speed: -1 duplex: half mac: be:3a:f2:b6:05:9f + IP v4: 169.254.3.1/24 type: dynamic noprefixroute scope: global + broadcast: 169.254.3.255 + IP v6: fe80::bc3a:f2ff:feb6:59f/64 scope: link WAN IP: 82.65.118.1 Bluetooth: Device-1: Insyde RNDIS/Ethernet Gadget type: USB driver: rndis_host v: kernel bus-ID: 7-1.2:4 chip-ID: 0b1f:03ee class-ID: 0a00 Report: This feature requires one of these tools: hciconfig/bt-adapter -Drives: Local Storage: total: 9.82 TiB used: 1.06 TiB (10.7%) - ID-1: /dev/nvme0n1 maj-min: 259:2 vendor: Samsung model: MZWLJ7T6HALA-00AU3 +Drives: Local Storage: total: 6.19 TiB used: 2.08 GiB (0.0%) + ID-1: /dev/nvme0n1 maj-min: 259:1 vendor: Samsung model: MZWLJ7T6HALA-00AU3 size: 6.19 TiB block-size: physical: 512 B logical: 512 B rotation: SSD - serial: S5RTNG0T110589 rev: EPK96R5Q temp: 40 Celsius C scheme: GPT - SMART: yes health: PASSED on: 273d 5h cycles: 113 read-units: 192,543,495 [98.5 TB] - written-units: 258,494,659 [132 TB] - ID-2: /dev/nvme1n1 maj-min: 259:0 vendor: Intel model: SSDPE2KX040T8 size: 3.64 TiB - block-size: physical: 512 B logical: 512 B speed: 31.6 Gb/s lanes: 4 rotation: SSD - serial: PHLJ940301WZ4P0DGN rev: VDV10131 temp: 33 Celsius C - SMART: yes health: PASSED on: 2y 188d 9h cycles: 36 read-units: 9,478,214,631 [4.85 PB] - written-units: 9,225,614,032 [4.72 PB] -Partition: ID-1: / raw-size: 6.18 TiB size: 6.18 TiB (100.00%) used: 1.06 TiB (17.1%) fs: btrfs + serial: S5RTNG0T110589 rev: EPK96R5Q temp: 44 Celsius C scheme: GPT + SMART: yes health: PASSED on: 24 hrs cycles: 44 read-units: 1,449,016 [741 GB] + written-units: 13,364,537 [6.84 TB] +Partition: ID-1: / raw-size: 6.18 TiB size: 6.18 TiB (100.00%) used: 2.04 GiB (0.0%) fs: btrfs block-size: 4096 B dev: /dev/dm-0 maj-min: 254:0 mapped: nixroot - ID-2: /boot raw-size: 1023 MiB size: 1021 MiB (99.80%) used: 23.9 MiB (2.3%) fs: vfat - block-size: 512 B dev: /dev/nvme0n1p1 maj-min: 259:3 + ID-2: /boot raw-size: 1023 MiB size: 1021 MiB (99.80%) used: 37 MiB (3.6%) fs: vfat + block-size: 512 B dev: /dev/nvme0n1p1 maj-min: 259:2 Swap: Kernel: swappiness: 60 (default) cache-pressure: 100 (default) ID-1: swap-1 type: partition size: 8 GiB used: 0 KiB (0.0%) priority: -2 - dev: /dev/nvme0n1p2 maj-min: 259:4 + dev: /dev/nvme0n1p2 maj-min: 259:3 Sensors: Message: No ipmi sensor data found. Message: No sensor data found. Is lm-sensors configured? -Info: Processes: 1226 Uptime: N/A wakeups: 0 Init: systemd v: 254 target: multi-user.target - tool: systemctl Compilers: gcc: 12.3.0 Packages: nix-default: 0 nix-sys: 415 lib: 65 - nix-usr: 0 Client: Sudo v: 1.9.15p2 inxi: 3.3.04 +Info: Processes: 1010 Uptime: 20h 25m wakeups: 0 Init: systemd v: 253 + target: multi-user.target tool: systemctl Compilers: gcc: 12.2.0 Packages: + nix-default: 0 nix-sys: 268 lib: 47 nix-usr: 0 Client: Sudo v: 1.9.13p3 inxi: 3.3.04 ``` ![hardware topology](epyc.lstopo.svg) diff --git a/flake.lock b/flake.lock index be91cc1..5f9ac55 100644 --- a/flake.lock +++ b/flake.lock @@ -6,15 +6,14 @@ "home-manager": "home-manager", "nixpkgs": [ "nixpkgs" - ], - "systems": "systems" + ] }, "locked": { - "lastModified": 1716561646, - "narHash": "sha256-UIGtLO89RxKt7RF2iEgPikSdU53r6v/6WYB0RW3k89I=", + "lastModified": 1690228878, + "narHash": "sha256-9Xe7JV0krp4RJC9W9W9WutZVlw6BlHTFMiUP/k48LQY=", "owner": "ryantm", "repo": "agenix", - "rev": "c2fc0762bbe8feb06a2e59a364fa81b3a57671c9", + "rev": "d8c973fd228949736dedf61b7f8cc1ece3236792", "type": "github" }, "original": { @@ -32,11 +31,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1711742460, - "narHash": "sha256-0O4v6e4a1toxXZ2gf5INhg4WPE5C5T+SVvsBt+45Mcc=", + "lastModified": 1689457600, + "narHash": "sha256-1XLn2ZZMaqQx+Ys3eel5hQRkgUn3DeHcVb2JT8WYU0A=", "owner": "zhaofengli", "repo": "attic", - "rev": "4dbdbee45728d8ce5788db6461aaaa89d98081f0", + "rev": "4902d57f5dae8ec660ee9ee14c45c2192f9fe8b1", "type": "github" }, "original": { @@ -55,11 +54,11 @@ "stable": "stable" }, "locked": { - "lastModified": 1711386353, - "narHash": "sha256-gWEpb8Hybnoqb4O4tmpohGZk6+aerAbJpywKcFIiMlg=", + "lastModified": 1688224393, + "narHash": "sha256-rsAvFNhRFzTF7qyb6WprLFghJnRxMFjvD2e5/dqMp4I=", "owner": "zhaofengli", "repo": "colmena", - "rev": "cd65ef7a25cdc75052fbd04b120aeb066c3881db", + "rev": "19384f3ee2058c56021e4465a3ec57e84a47d8dd", "type": "github" }, "original": { @@ -70,17 +69,26 @@ }, "crane": { "inputs": { + "flake-compat": [ + "attic", + "flake-compat" + ], + "flake-utils": [ + "attic", + "flake-utils" + ], "nixpkgs": [ "attic", "nixpkgs" - ] + ], + "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1702918879, - "narHash": "sha256-tWJqzajIvYcaRWxn+cLUB9L9Pv4dQ3Bfit/YjU5ze3g=", + "lastModified": 1677892403, + "narHash": "sha256-/Wi0L1spSWLFj+UQxN3j0mPYMoc7ZoAujpUF/juFVII=", "owner": "ipetkov", "repo": "crane", - "rev": "7195c00c272fdd92fc74e7d5a0a2844b9fadb2fb", + "rev": "105e27adb70a9890986b6d543a67761cbc1964a2", "type": "github" }, "original": { @@ -97,11 +105,11 @@ ] }, "locked": { - "lastModified": 1700795494, - "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=", + "lastModified": 1673295039, + "narHash": "sha256-AsdYgE8/GPwcelGgrntlijMg4t3hLFJFCRF3tL5WVjA=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d", + "rev": "87b9d090ad39b25b2400029c64825fc2a8868943", "type": "github" }, "original": { @@ -118,11 +126,11 @@ ] }, "locked": { - "lastModified": 1716431128, - "narHash": "sha256-t3T8HlX3udO6f4ilLcN+j5eC3m2gqsouzSGiriKK6vk=", + "lastModified": 1690739034, + "narHash": "sha256-roW02IaiQ3gnEEDMCDWL5YyN+C4nBf/te6vfL7rG0jk=", "owner": "nix-community", "repo": "disko", - "rev": "7ffc4354dfeb37c8c725ae1465f04a9b45ec8606", + "rev": "4015740375676402a2ee6adebc3c30ea625b9a94", "type": "github" }, "original": { @@ -170,11 +178,32 @@ ] }, "locked": { - "lastModified": 1715865404, - "narHash": "sha256-/GJvTdTpuDjNn84j82cU6bXztE0MSkdnTWClUCRub78=", + "lastModified": 1690933134, + "narHash": "sha256-ab989mN63fQZBFrkk4Q8bYxQCktuHmBIBqUG1jl6/FQ=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "8dc45382d5206bd292f9c2768b8058a8fd8311d9", + "rev": "59cf3f1447cfc75087e7273b04b31e689a8599fb", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_2": { + "inputs": { + "nixpkgs-lib": [ + "nixos-hypervisor", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1687762428, + "narHash": "sha256-DIf7mi45PKo+s8dOYF+UlXHzE0Wl/+k3tXUyAoAnoGE=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "37dd7bb15791c86d55c5121740a1887ab55ee836", "type": "github" }, "original": { @@ -186,11 +215,11 @@ "flake-registry": { "flake": false, "locked": { - "lastModified": 1705308826, - "narHash": "sha256-Z3xTYZ9EcRIqZAufZbci912MUKB0sD+qxi/KTGMFVwY=", + "lastModified": 1689333397, + "narHash": "sha256-g1Nn0sgH/hR/gEAQ1q6bloU+Q+V+Y4HlBBH6CBxC0HM=", "owner": "NixOS", "repo": "flake-registry", - "rev": "9c69f7bd2363e71fe5cd7f608113290c7614dcdd", + "rev": "5d8dc3eb692809ffd9a2f22cdb8015aa11972905", "type": "github" }, "original": { @@ -237,11 +266,11 @@ ] }, "locked": { - "lastModified": 1703113217, - "narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=", + "lastModified": 1682203081, + "narHash": "sha256-kRL4ejWDhi0zph/FpebFYhzqlOBrk0Pl3dzGEKSAlEw=", "owner": "nix-community", "repo": "home-manager", - "rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1", + "rev": "32d3e39c491e2f91152c84f8ad8b003420eab0a1", "type": "github" }, "original": { @@ -257,27 +286,27 @@ ] }, "locked": { - "lastModified": 1717527182, - "narHash": "sha256-vWSkg6AMok1UUQiSYVdGMOXKD2cDFnajITiSi0Zjd1A=", + "lastModified": 1687871164, + "narHash": "sha256-bBFlPthuYX322xOlpJvkjUBz0C+MOBjZdDOOJJ+G2jU=", "owner": "rycee", "repo": "home-manager", - "rev": "845a5c4c073f74105022533907703441e0464bc3", + "rev": "07c347bb50994691d7b0095f45ebd8838cf6bc38", "type": "github" }, "original": { "owner": "rycee", - "ref": "release-24.05", + "ref": "release-23.05", "repo": "home-manager", "type": "github" } }, "nixos-hardware": { "locked": { - "lastModified": 1716715385, - "narHash": "sha256-fe6Z33pbfqu4TI5ijmcaNc5vRBs633tyxJ12HTghy3w=", + "lastModified": 1690957133, + "narHash": "sha256-0Y4CiOIszhHDDXHFmvHUpmhUotKOIn0m3jpMlm6zUTE=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "2e7d6c568063c83355fe066b8a8917ee758de1b8", + "rev": "24f9162b26f0debd163f6d94752aa2acb9db395a", "type": "github" }, "original": { @@ -286,13 +315,36 @@ "type": "github" } }, + "nixos-hypervisor": { + "inputs": { + "flake-parts": "flake-parts_2", + "nixpkgs": [ + "nixpkgs" + ], + "treefmt-nix": "treefmt-nix" + }, + "locked": { + "lastModified": 1688428885, + "narHash": "sha256-fVIbXKvHmxSUAKTMiXx799UasQwU2XT+op7bzvtfl8c=", + "ref": "main", + "rev": "9f32a304708fd9c91c081db05eee1b4f2e0226cc", + "revCount": 2, + "type": "git", + "url": "ssh://gitea@git.newtype.fr/newtype/nixos-hypervisor" + }, + "original": { + "ref": "main", + "type": "git", + "url": "ssh://gitea@git.newtype.fr/newtype/nixos-hypervisor" + } + }, "nixpkgs": { "locked": { - "lastModified": 1711401922, - "narHash": "sha256-QoQqXoj8ClGo0sqD/qWKFWezgEwUL0SUh37/vY2jNhc=", + "lastModified": 1686519857, + "narHash": "sha256-VkBhuq67aXXiCoEmicziuDLUPPjeOTLQoj6OeVai5zM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "07262b18b97000d16a4bdb003418bd2fb067a932", + "rev": "6b1b72c0f887a478a5aac355674ff6df0fc44f44", "type": "github" }, "original": { @@ -304,27 +356,27 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1711460390, - "narHash": "sha256-akSgjDZL6pVHEfSE6sz1DNSXuYX6hq+P/1Z5IoYWs7E=", + "lastModified": 1685004253, + "narHash": "sha256-AbVL1nN/TDicUQ5wXZ8xdLERxz/eJr7+o8lqkIOVuaE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "44733514b72e732bd49f5511bd0203dea9b9a434", + "rev": "3e01645c40b92d29f3ae76344a6d654986a91a91", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-23.11", + "ref": "nixos-23.05", "repo": "nixpkgs", "type": "github" } }, "nixpkgs-unstable": { "locked": { - "lastModified": 1716715802, - "narHash": "sha256-usk0vE7VlxPX8jOavrtpOqphdfqEQpf9lgedlY/r66c=", + "lastModified": 1691003216, + "narHash": "sha256-Qq/MPkhS12Bl0X060pPvX3v9ac3f2rRQfHjjozPh/Qs=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e2dd4e18cc1c7314e24154331bae07df76eb582f", + "rev": "4a56ce9727a0c5478a836a0d8a8f641c5b9a3d5f", "type": "github" }, "original": { @@ -336,27 +388,27 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1717796960, - "narHash": "sha256-BKjQ9tQdsuoROrojHZb7KTAv95WprqCkNFvuzatfEo0=", + "lastModified": 1691083802, + "narHash": "sha256-bjWTVGskCWR2BdB0Glnj2FyHooNiFThkFBF4oaAMe2s=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "8e0a5f16b7bf7f212be068dd302c49888c6ad68f", + "rev": "096c262bbb73d84b8298d81c7daa9890c6ccd6da", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-24.05-small", + "ref": "release-23.05", "repo": "nixpkgs", "type": "github" } }, "nur": { "locked": { - "lastModified": 1716741358, - "narHash": "sha256-4bxptwbmplGKq3W4tl6Zem/bOHsdLP4DSPcm/FfCaFE=", + "lastModified": 1691109630, + "narHash": "sha256-NkltnE+ZMABNP7pJVj7ftu/58aTGa5PXxICLr8fjkI4=", "owner": "nix-community", "repo": "NUR", - "rev": "c65a3bde6793b437a705edfe5ff8435cbb8307a2", + "rev": "dcd922e7738fc027c73cd2cc110015d38fba9651", "type": "github" }, "original": { @@ -375,12 +427,40 @@ "flake-registry": "flake-registry", "home-manager": "home-manager_2", "nixos-hardware": "nixos-hardware", + "nixos-hypervisor": "nixos-hypervisor", "nixpkgs": "nixpkgs_2", "nixpkgs-unstable": "nixpkgs-unstable", "nur": "nur", "srvos": "srvos" } }, + "rust-overlay": { + "inputs": { + "flake-utils": [ + "attic", + "crane", + "flake-utils" + ], + "nixpkgs": [ + "attic", + "crane", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1675391458, + "narHash": "sha256-ukDKZw922BnK5ohL9LhwtaDAdCsJL7L6ScNEyF1lO9w=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "383a4acfd11d778d5c2efcf28376cbd845eeaedf", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, "srvos": { "inputs": { "nixpkgs": [ @@ -388,11 +468,11 @@ ] }, "locked": { - "lastModified": 1716425501, - "narHash": "sha256-BSLhmGYY1khyyBAjraR+N0Pa9Nha/et5yQQlEZxcfkU=", + "lastModified": 1690557184, + "narHash": "sha256-KMGPz3pP7OoUZaUhgcuYG84CtVaJOQw6RK8J0fAtKt0=", "owner": "numtide", "repo": "srvos", - "rev": "1122cd50a23647e09c3e7a679d37ec02113bc412", + "rev": "ceed433086a85e5540bd73cff46497af5a09e36f", "type": "github" }, "original": { @@ -403,32 +483,38 @@ }, "stable": { "locked": { - "lastModified": 1696039360, - "narHash": "sha256-g7nIUV4uq1TOVeVIDEZLb005suTWCUjSY0zYOlSBsyE=", + "lastModified": 1669735802, + "narHash": "sha256-qtG/o/i5ZWZLmXw108N2aPiVsxOcidpHJYNkT45ry9Q=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "32dcb45f66c0487e92db8303a798ebc548cadedc", + "rev": "731cc710aeebecbf45a258e977e8b68350549522", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-23.05", + "ref": "nixos-22.11", "repo": "nixpkgs", "type": "github" } }, - "systems": { + "treefmt-nix": { + "inputs": { + "nixpkgs": [ + "nixos-hypervisor", + "nixpkgs" + ] + }, "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "lastModified": 1688026376, + "narHash": "sha256-qJmkr9BWDpqblk4E9/rCsAEl39y2n4Ycw6KRopvpUcY=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "df3f32b0cc253dfc7009b7317e8f0e7ccd70b1cf", "type": "github" }, "original": { - "owner": "nix-systems", - "repo": "default", + "owner": "numtide", + "repo": "treefmt-nix", "type": "github" } } diff --git a/flake.nix b/flake.nix index 779165c..d4b5920 100644 --- a/flake.nix +++ b/flake.nix @@ -10,13 +10,13 @@ flake-parts.url = "github:hercules-ci/flake-parts"; flake-parts.inputs.nixpkgs-lib.follows = "nixpkgs"; - nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05-small"; + nixpkgs.url = "github:NixOS/nixpkgs/release-23.05"; nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; nixos-hardware.url = "github:NixOS/nixos-hardware"; nur.url = "github:nix-community/NUR"; - home-manager.url = "github:rycee/home-manager/release-24.05"; + home-manager.url = "github:rycee/home-manager/release-23.05"; home-manager.inputs.nixpkgs.follows = "nixpkgs"; agenix.url = "github:ryantm/agenix"; @@ -33,8 +33,8 @@ # Ryan's experimental hypervisor based on cloud-hypervisor # Private repository, you need a valid SSH key to access it - # nixos-hypervisor.url = "git+ssh://gitea@git.newtype.fr/newtype/nixos-hypervisor?ref=main"; - # nixos-hypervisor.inputs.nixpkgs.follows = "nixpkgs"; + nixos-hypervisor.url = "git+ssh://gitea@git.newtype.fr/newtype/nixos-hypervisor?ref=main"; + nixos-hypervisor.inputs.nixpkgs.follows = "nixpkgs"; flake-registry.url = "github:NixOS/flake-registry"; flake-registry.flake = false; diff --git a/hosts/epyc.nix b/hosts/epyc.nix index 10a8d07..128c2e8 100644 --- a/hosts/epyc.nix +++ b/hosts/epyc.nix @@ -1,4 +1,4 @@ -{ lib, pkgs, ... }: +{ lib, ... }: let gcc-system-features = arch: lib.optionals (arch != null) ([ "gccarch-${arch}" ] ++ map (x: "gccarch-${x}") lib.systems.architectures.inferiors.${arch}); @@ -20,23 +20,21 @@ in boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; - virtualisation.docker = { - enable = true; - rootless.enable = true; - }; - - # TODO: there's a critical bug on 6.8+ where btrfs won't mount the rootfs at all. - # Do not upgrade until it is fixed. Ping Raito when needed. - # boot.kernelPackages = pkgs.linuxPackage_latest; - # Open public access to our PostgreSQL. - services.postgresql.enable = true; services.postgresql.enableTCPIP = true; services.postgresql.authentication = '' host hydra-nixos-org hydra_ro ::/0 trust ''; networking.firewall.allowedTCPPorts = [ 5432 ]; + virtualisation.nvisor.vms = { + vm01 = { + config = { pkgs, ... }: { + environment.systemPackages = [ pkgs.hello ]; + }; + }; + }; + nix.buildMachines = [ { hostName = "localhost"; systems = [ diff --git a/modules/android-cache.nix b/modules/android-cache.nix index 1193f37..96a2968 100644 --- a/modules/android-cache.nix +++ b/modules/android-cache.nix @@ -1,9 +1,9 @@ { lib, ... }: let mirrors = { - # "https://android.googlesource.com" = "/mnt/aospaosp/mirror"; - # "https://github.com/LineageOS" = "/var/lib/src/lineageos/LineageOS"; - # "https://github.com/TheMuppets" = "/var/lib/src/themuppets/TheMuppets"; + "https://android.googlesource.com" = "/var/lib/src/aosp/mirror"; + "https://github.com/LineageOS" = "/var/lib/src/lineageos/LineageOS"; + "https://github.com/TheMuppets" = "/var/lib/src/themuppets/TheMuppets"; }; in { diff --git a/modules/auto-upgrade.nix b/modules/auto-upgrade.nix index 399b5e2..ef3f0db 100644 --- a/modules/auto-upgrade.nix +++ b/modules/auto-upgrade.nix @@ -1,9 +1,7 @@ { pkgs, ... }: { - system.autoUpgrade = { - enable = true; - flake = "git+https://git.newtype.fr/newtype/newtype-org-configurations"; - flags = [ "--option" "accept-flake-config" "true" ]; - }; + system.autoUpgrade.enable = true; + system.autoUpgrade.flake = "git:git.newtype.fr/newtype/newtype-org-configurations"; + system.autoUpgrade.flags = [ "--option" "accept-flake-config" "true" ]; # add a random jitter so not all machines reboot at the same time. systemd.timers.auto-reboot.timerConfig.RandomizedDelaySec = 60 * 20; diff --git a/modules/builder.nix b/modules/builder.nix index 7c691c8..08340ea 100644 --- a/modules/builder.nix +++ b/modules/builder.nix @@ -5,8 +5,6 @@ openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA3hCOyFwuoCLt5W9e9yQSwj9I+VspB0kNNHsoFngbgZ raito@thors" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF07Sy0O+oletFYlrfS0+XtBWJO2F+Rc9J/ocNLBa/OE raito@thorkell" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDu4cEqZzAI/1vZjSQkTJ4ijIg9nuloOuSKUrnkJIOFn buildbot@top-secret" # Top secret's project buildbot key - "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIH/LDRUG+U+++UmlxvA2kspioTjktQZ8taDcHq8gVlkfAAAABHNzaDo=" # winterqt ]; uid = 5001; }; diff --git a/modules/hardware/supermicro-H12SSL-i.nix b/modules/hardware/supermicro-H12SSL-i.nix index 68ffc38..455f2f4 100644 --- a/modules/hardware/supermicro-H12SSL-i.nix +++ b/modules/hardware/supermicro-H12SSL-i.nix @@ -8,18 +8,12 @@ [ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.kernelParams = [ "pci=realloc" "boot.shell_on_fail" ]; + boot.kernelParams = [ "pci=realloc" ]; boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usbhid" "usb_storage" "sd_mod" ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ "kvm-amd" ]; boot.extraModulePackages = [ ]; - boot.initrd.extraUtilsCommands = '' - copy_bin_and_libs ${pkgs.nvme-cli}/bin/nvme - copy_bin_and_libs ${pkgs.util-linux}/bin/blkzone - copy_bin_and_libs ${pkgs.util-linux}/bin/lsblk - ''; - boot.initrd.systemd.enable = lib.mkForce false; fileSystems."/" = @@ -40,7 +34,7 @@ swapDevices = [ { device = "/dev/disk/by-uuid/93e251e1-1bfc-4bd4-8585-ea2eae7795bf"; } - ]; + ]; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; diff --git a/modules/hosts.nix b/modules/hosts.nix index e979692..9a5bc26 100644 --- a/modules/hosts.nix +++ b/modules/hosts.nix @@ -40,7 +40,7 @@ in # usually, for each host there is a hostname.dse.in.tum.de and hostname.r domain networking.newtype.hosts = { epyc = { - ipv6 = "2001:bc8:38ee:100::500"; + ipv6 = "2001:470:ca5e:dee:587c:7a50:f36c:cae8"; }; }; }; diff --git a/modules/hydra/coordinator.nix b/modules/hydra/coordinator.nix index 0f28dfd..55dda02 100644 --- a/modules/hydra/coordinator.nix +++ b/modules/hydra/coordinator.nix @@ -1,6 +1,6 @@ { pkgs, ... }: { services.hydra = { - enable = false; + enable = true; hydraURL = "https://hydra.newtype.fr"; notificationSender = "hydra@localhost"; buildMachinesFiles = [ "/etc/nix/machines" ]; diff --git a/modules/hypervisor.nix b/modules/hypervisor.nix index 4b2c5c4..2b11b5c 100644 --- a/modules/hypervisor.nix +++ b/modules/hypervisor.nix @@ -1,2 +1,5 @@ { ... }: { + virtualisation.nvisor = { + enable = true; + }; } diff --git a/modules/nix-daemon.nix b/modules/nix-daemon.nix index 59e7ac5..760c768 100644 --- a/modules/nix-daemon.nix +++ b/modules/nix-daemon.nix @@ -30,13 +30,6 @@ in { domain = "*"; item = "nofile"; type = "-"; value = "20480"; } ]; - # Makes the computer go faster. - # nixos.jobserver.enable = true; - # TODO(raito): rework this. - - # Avoid weird failures for builders. - services.openssh.settings.MaxStartups = 100; - # Memory accounting techniques systemd.services.nix-daemon.serviceConfig = { MemoryAccounting = true; @@ -58,19 +51,18 @@ in gc.randomizedDelaySec = "1800"; # Inchallah, it works. - package = pkgs.nixVersions.nix_2_18; # package = lib.mkForce inputs.nixpkgs-unstable.legacyPackages.x86_64-linux.nixVersions.nix_2_17; # should be enough? nrBuildUsers = 128; settings = { - keep-outputs = false; - keep-derivations = false; + keep-outputs = true; + keep-derivations = true; use-cgroups = true; http-connections = 0; auto-allocate-uids = true; - cores = 0; + cores = 64; # 128 is too much, it will explode the RAM for now. Let's keep it serious. max-jobs = 2; # Do not build more than 2 derivations at once in the event, both of them are too big, yes this is stupid, fix it in Nix. fsync-metadata = true; substituters = [ @@ -84,8 +76,9 @@ in ]; experimental-features = [ "auto-allocate-uids" - # "ca-derivations" this feature is really extremely broken. + "ca-derivations" "cgroups" + "discard-references" "fetch-closure" "impure-derivations" ]; diff --git a/modules/users/admins.nix b/modules/users/admins.nix index eb2794c..877eb09 100644 --- a/modules/users/admins.nix +++ b/modules/users/admins.nix @@ -22,6 +22,7 @@ in luj = { isNormalUser = true; home = "/home/luj"; + inherit (config.users.users.raito); extraGroups = extraGroups ++ [ "production-hydra-db" ]; shell = "/run/current-system/sw/bin/zsh"; uid = 1001; @@ -65,6 +66,6 @@ in }; }; - nix.settings.trusted-users = [ "raito" "luj" "gdd" "akechi" "tomate" "niklas" "jade" "winter" ]; + nix.settings.trusted-users = [ "raito" "luj" "gdd" "akechi" "tomate" ]; }; } diff --git a/modules/users/friends.nix b/modules/users/friends.nix index 932660f..afb5437 100644 --- a/modules/users/friends.nix +++ b/modules/users/friends.nix @@ -5,8 +5,15 @@ let ]; in { - # deleted users: ninjatrappeur, flokli users.users = { + ninjatrappeur = { + isNormalUser = true; + home = "/home/ninjatrappeur"; + shell = "/run/current-system/sw/bin/zsh"; + uid = 2000; + extraGroups = trustedFriendGroups; + openssh.authorizedKeys.keyFiles = [ ./keys/ninjatrappeur.keys ]; + }; linus = { isNormalUser = true; home = "/home/linus"; @@ -17,68 +24,5 @@ in extraGroups = [ "wheel" ] ++ trustedFriendGroups; openssh.authorizedKeys.keyFiles = [ ./keys/linus.keys ]; }; - niklas = { - isNormalUser = true; - home = "/home/niklas"; - shell = "/run/current-system/sw/bin/zsh"; - uid = 2002; - extraGroups = trustedFriendGroups; - openssh.authorizedKeys.keyFiles = [ ./keys/niklas.keys ]; - }; - # Raito: Permanent account for Jade who has been driving a lot of good work. - # expires = 2060 because of a convergence bug, I cannot remove the expiration date anymore. - jade = { - isNormalUser = true; - home = "/home/jade"; - shell = "/run/current-system/sw/bin/zsh"; - uid = 2004; - expires = "2060-05-01"; - extraGroups = trustedFriendGroups; - openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDNldAg4t13/i69TD786The+U3wbiNUdW2Kc9KNWvEhgpf4y4x4Sft0oYfkPw5cjX4H3APqfD+b7ItAG0GCbwHw6KMYPoVMNK08zBMJUqt1XExbqGeFLqBaeqDsmEAYXJRbjMTAorpOCtgQdoCKK/DvZ51zUWXxT8UBNHSl19Ryv5Ry5VVdbAE35rqs57DQ9+ma6htXnsBEmmnC+1Zv1FE956m/OpBTId50mor7nS2FguAtPZnDPpTd5zl9kZmJEuWCrmy6iinw5V4Uy1mLeZkQv+/FtozbyifCRCvps9nHpv4mBSU5ABLgnRRvXs+D41Jx7xloNADr1nNgpsNrYaTh hed-bot-ssh-tpm-rsa" - "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIKYljH8iPMrH00lOb3ETxRrZimdKzPPEdsJQ5D5ovtOwAAAACnNzaDpzc2hrZXk= ssh:sshkey" - "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBO4idMfdJxDJuBNOid60d4I+qxj09RHt+YkCYV2eXt6tGrEXg+S8hTQusy/SqooiXUH9pt4tea2RuBPN9+UwrH0= type-a yubikey slot 9a" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHGIBMfUypLctmorlRz9xIzXRgmtqDMxF5T5Fxy4JxNb root@tail-bot" - ]; - }; - # Raito: Permanent account for winter, she was the one in charge of the Darwin build box for a while, - # helped a bunch of people and deserve it :-). - # expires = 2060 because of a convergence bug, I cannot remove the expiration date anymore. - winter = { - isNormalUser = true; - home = "/home/winter"; - shell = "/run/current-system/sw/bin/zsh"; - uid = 2005; - expires = "2060-05-01"; - extraGroups = trustedFriendGroups; - openssh.authorizedKeys.keys = [ - "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIH/LDRUG+U+++UmlxvA2kspioTjktQZ8taDcHq8gVlkfAAAABHNzaDo=" - ]; - }; - # Raito: Permanent account for pennae, they are doing a bunch of excellent Nix work (including performance). - pennae = { - isNormalUser = true; - home = "/home/pennae"; - shell = "/run/current-system/sw/bin/zsh"; - uid = 2006; - # Raito: Allowed to debug jobserver. - extraGroups = [ "wheel" ] ++ trustedFriendGroups; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC5Wf5/IbyFpdziWfwxkQqxOf3r1L9pYn6xQBEKFwmMY" - "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIK8icXjHkb4XzbIVN3djH4CE7RvgGd+3xbG4cgh0Yls5AAAABHNzaDo=" - ]; - }; - # Raito: Temporary account until next year, for delroth, who is going to work on building capabilities for improving build infrastructure. - delroth = { - isNormalUser = true; - home = "/home/delroth"; - shell = "/run/current-system/sw/bin/zsh"; - uid = 2007; - # Raito: Allowed to spawn new VMs and do various stuff for isolating the workloads. - extraGroups = [ "wheel" ]; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII3tjB4KYDok3KlWxdBp/yEmqhhmybd+w0VO4xUwLKKV" - ]; - }; }; } diff --git a/modules/users/keys/niklas.keys b/modules/users/keys/niklas.keys deleted file mode 100644 index 69b674c..0000000 --- a/modules/users/keys/niklas.keys +++ /dev/null @@ -1 +0,0 @@ -sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAINHd1ay1FSTHZzE+3XCdUiS5efFmJ9GUvx4+7F5uXVtMAAAABHNzaDo= nikstur diff --git a/modules/users/keys/raito.keys b/modules/users/keys/raito.keys index cda49dd..7a717dd 100644 --- a/modules/users/keys/raito.keys +++ b/modules/users/keys/raito.keys @@ -1,4 +1,3 @@ ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDcEkYM1r8QVNM/G5CxJInEdoBCWjEHHDdHlzDYNSUIdHHsn04QY+XI67AdMCm8w30GZnLUIj5RiJEWXREUApby0GrfxGGcy8otforygfgtmuUKAUEHdU2MMwrQI7RtTZ8oQ0USRGuqvmegxz3l5caVU7qGvBllJ4NUHXrkZSja2/51vq80RF4MKkDGiz7xUTixI2UcBwQBCA/kQedKV9G28EH+1XfvePqmMivZjl+7VyHsgUVj9eRGA1XWFw59UPZG8a7VkxO/Eb3K9NF297HUAcFMcbY6cPFi9AaBgu3VC4eetDnoN/+xT1owiHi7BReQhGAy/6cdf7C/my5ehZwD ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE0xMwWedkKosax9+7D2OlnMxFL/eV4CvFZLsbLptpXr ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKiXXYkhRh+s7ixZ8rvG8ntIqd6FELQ9hh7HoaHQJRPU -ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJFsZ7PMDt80tYXHyScQajNhqH4wuYg/o0OxfOHaZD4rXuT0VIKflKH1M9LslfHWIEH3XNeqhQOziH9r+Ny5JcM=