diff --git a/.gitignore b/.gitignore deleted file mode 100644 index 92b2793..0000000 --- a/.gitignore +++ /dev/null @@ -1 +0,0 @@ -.direnv diff --git a/configurations.nix b/configurations.nix index 5c77292..05ccb4f 100644 --- a/configurations.nix +++ b/configurations.nix @@ -34,59 +34,53 @@ let ./modules/hosts.nix ./modules/network.nix ./modules/zsh.nix - ./modules/ssh-cursed.nix - # FIXME: ./modules/buildbot — whenever you are ready. disko.nixosModules.disko srvos.nixosModules.server + # srvos.nixosModules.mixins-telegraf srvos.nixosModules.mixins-trusted-nix-caches srvos.nixosModules.mixins-terminfo - # srvos.nixosModules.mixins-telegraf - # srvos.nixosModules.mixins-terminfo - agenix.nixosModules.default ({ pkgs , config , lib , ... - }: - let - sopsFile = ./. + "/hosts/${config.networking.hostName}.yml"; - in - { - nix.nixPath = [ - "home-manager=${home-manager}" - "nixpkgs=${pkgs.path}" - "nur=${nur}" - ]; - # TODO: share nixpkgs for each machine to speed up local evaluation. - #nixpkgs.pkgs = self.inputs.nixpkgs.legacyPackages.${system}; + }: let + sopsFile = ./. + "/hosts/${config.networking.hostName}.yml"; + in { + nix.nixPath = [ + "home-manager=${home-manager}" + "nixpkgs=${pkgs.path}" + "nur=${nur}" + ]; - #users.withSops = builtins.pathExists sopsFile; - #sops.secrets = lib.mkIf (config.users.withSops) { - # root-password-hash.neededForUsers = true; - #}; - # sops.defaultSopsFile = lib.mkIf (builtins.pathExists sopsFile) sopsFile; + environment.systemPackages = [ + pkgs.kitty.terminfo + ]; - nix.extraOptions = '' - flake-registry = ${flake-registry}/flake-registry.json - builders-use-substitutes = true - ''; + # TODO: share nixpkgs for each machine to speed up local evaluation. + #nixpkgs.pkgs = self.inputs.nixpkgs.legacyPackages.${system}; - nix.registry = { - home-manager.flake = home-manager; - nixpkgs.flake = nixpkgs; - nur.flake = nur; - }; - time.timeZone = "UTC"; + #users.withSops = builtins.pathExists sopsFile; + #sops.secrets = lib.mkIf (config.users.withSops) { + # root-password-hash.neededForUsers = true; + #}; + # sops.defaultSopsFile = lib.mkIf (builtins.pathExists sopsFile) sopsFile; - environment.systemPackages = [ - pkgs.kitty.terminfo - ]; - }) + nix.extraOptions = '' + flake-registry = ${flake-registry}/flake-registry.json + ''; + + nix.registry = { + home-manager.flake = home-manager; + nixpkgs.flake = nixpkgs; + nur.flake = nur; + }; + time.timeZone = "UTC"; + }) ]; in { @@ -99,6 +93,15 @@ in ++ [ ./hosts/epyc.nix ]; + }; + vieuxtype = nixosSystem { + system = "x86_64-linux"; + modules = + commonModules + ++ colmenaModules + ++ [ + ./hosts/vieuxtype.nix + ]; }; }; @@ -112,6 +115,15 @@ in ++ [ ./hosts/epyc.nix ]; + }; + vieuxtype = { + system = "x86_64-linux"; + modules = + commonModules + ++ [ + ./hosts/vieuxtype.nix + ]; }; + }; } diff --git a/docs/epyc.lstopo.svg b/docs/epyc.lstopo.svg index 4b13ca6..6c0d2ec 100644 --- a/docs/epyc.lstopo.svg +++ b/docs/epyc.lstopo.svg @@ -1,7 +1,7 @@ - - - Machine (252GB total) + + + Machine (126GB total) Package L#0 @@ -153,18 +153,18 @@ PU L#127 P#127 - NUMANode L#0 P#0 (252GB) + NUMANode L#0 P#0 (126GB) 7.9 - 3.9 - - 0.2 - - 1.0 - + 4.0 + + 0.2 + + 1.0 + @@ -178,56 +178,52 @@ - 3.9 - - PCI 42:00.0 - - Block nvme1n1 - 3726 GB - - - - 0.2 - - - - - - - PCI 45:00.0 - - - - 1.0 - - 1.0 - - - PCI 47:00.0 - - Net nat-lan - - PCI 47:00.1 - - Net wan + + PCI 43:00.0 + + + + 0.2 + + + + + + + PCI 46:00.0 + + + + 1.0 + + 1.0 + + + PCI 48:00.0 + + Net eno1 + + PCI 48:00.1 + + Net eno2 MemoryModule MemoryModule - - MemoryModule - - MemoryModule - - MemoryModule - - MemoryModule - - MemoryModule - - MemoryModule - - Host: epyc - Date: Mon 04 Mar 2024 12:28:26 AM UTC + + MemoryModule + + MemoryModule + + MemoryModule + + MemoryModule + + MemoryModule + + MemoryModule + + Host: epyc + Date: Mon 05 Jun 2023 03:19:33 PM UTC diff --git a/docs/epyc.md b/docs/epyc.md index e26978d..bd39c52 100644 --- a/docs/epyc.md +++ b/docs/epyc.md @@ -1,25 +1,20 @@ # epyc ``` -System: Host: epyc Kernel: 6.7.7 x86_64 bits: 64 compiler: gcc v: 12.3.0 - parameters: initrd=\efi\nixos\48dkb2vcxwmxxfk7wpl0qx884ibz5gk5-initrd-linux-6.7.7-initrd.efi - init=/nix/store/vz6r23gya5q3b8lr1yiadkv6h5lcjmmz-nixos-system-epyc-23.11pre-git/init - console=tty0 console=ttyS0,115200 pci=realloc console=ttyS1,115200n8 console=tty1 +System: Host: epyc Kernel: 6.1.31 x86_64 bits: 64 compiler: gcc v: 12.2.0 + parameters: initrd=\efi\nixos\11cjvasd1nh1dk783alsa14v4w00d467-initrd-linux-6.1.31-initrd.efi + init=/nix/store/9lnrp5ryf7gh3j94q8xn39zyl21kaw9f-nixos-system-epyc-23.05.419.3a70dd92993/init loglevel=4 - Console: N/A Distro: NixOS 23.11 (Tapir) + Console: N/A Distro: NixOS 23.05 (Stoat) Machine: Type: Server System: Supermicro product: Super Server v: 0123456789 serial: 0123456789 Chassis: type: 17 v: 0123456789 serial: 0123456789 Mobo: Supermicro model: H12SSL-i v: 1.01 serial: WM21AS601818 UEFI: American Megatrends v: 2.4 date: 04/14/2022 -Memory: RAM: total: 251.54 GiB used: 4.56 GiB (1.8%) +Memory: RAM: total: 125.64 GiB used: 2.32 GiB (1.8%) Array-1: capacity: 4 TiB note: check slots: 8 EC: Multi-bit ECC max-module-size: 512 GiB note: est. - Device-1: DIMMA1 size: 64 GiB speed: 3200 MT/s type: DDR4 - detail: synchronous registered (buffered) bus-width: 64 bits total: 72 bits - manufacturer: Samsung part-no: M393A8G40AB2-CWE serial: H0S100013847D8748B - Device-2: DIMMB1 size: 64 GiB speed: 3200 MT/s type: DDR4 - detail: synchronous registered (buffered) bus-width: 64 bits total: 72 bits - manufacturer: Samsung part-no: M393A8G40AB2-CWE serial: H0MK00013847D79D40 + Device-1: DIMMA1 size: No Module Installed + Device-2: DIMMB1 size: No Module Installed Device-3: DIMMC1 size: 64 GiB speed: 3200 MT/s type: DDR4 detail: synchronous registered (buffered) bus-width: 64 bits total: 72 bits manufacturer: Samsung part-no: M393A8G40AB2-CWE serial: Y10R120249249E38E1 @@ -32,7 +27,7 @@ Memory: RAM: total: 251.54 GiB used: 4.56 GiB (1.8%) Device-8: DIMMH1 size: No Module Installed PCI Slots: Slot: 1 type: x16 PCI Express 4 x16 CPU SLOT1 PCI-E 4.0 X16 status: Available length: Long - Slot: 2 type: x8 PCI Express 4 x8 CPU SLOT2 PCI-E 4.0 X8 status: Available length: Long + Slot: 2 type: x8 PCI Express 4 x8 CPU SLOT2 PCI-E 4.0 X8 status: In Use length: Long Slot: 3 type: x16 PCI Express 4 x16 CPU SLOT3 PCI-E 4.0 X16 status: Available length: Long Slot: 4 type: x8 PCI Express 4 x8 CPU SLOT4 PCI-E 4.0 X8 status: Available length: Long @@ -45,16 +40,16 @@ PCI Slots: Slot: 1 type: x16 PCI Express 4 x16 CPU SLOT1 PCI-E 4.0 X16 status: A Slot: N/A type: x4 M.2 Socket 3 PCI-E M.2-M1 status: Available length: Short Slot: N/A type: x4 M.2 Socket 3 PCI-E M.2-M2 status: Available length: Short CPU: Info: 64-Core model: AMD EPYC 7763 socket: SP3 bits: 64 type: MT MCP arch: Zen 3 - family: 19 (25) model-id: 1 stepping: 1 microcode: A0011D3 cache: L1: 4 MiB L2: 32 MiB + family: 19 (25) model-id: 1 stepping: 1 microcode: A0011CE cache: L1: 4 MiB L2: 32 MiB L3: 256 MiB - flags: avx avx2 lm nx pae sse sse2 sse3 sse4_1 sse4_2 sse4a ssse3 svm bogomips: 627200 + flags: avx avx2 lm nx pae sse sse2 sse3 sse4_1 sse4_2 sse4a ssse3 svm bogomips: 627203 Speed: 2450 MHz min/max: 1500/2450 MHz base/boost: 2450/3525 boost: enabled volts: 1.1 V ext-clock: 100 MHz Core speeds (MHz): 1: 2450 2: 2450 3: 2450 4: 2450 5: 2450 6: 2450 7: 2450 8: 2450 9: 2450 10: 2450 11: 2450 12: 2450 13: 2450 14: 2450 - 15: 2450 16: 2450 17: 2450 18: 2450 19: 2450 20: 2450 21: 2450 22: 2450 23: 2450 + 15: 2450 16: 2450 17: 2450 18: 2450 19: 2450 20: 2450 21: 1799 22: 2450 23: 2450 24: 2450 25: 2450 26: 2450 27: 2450 28: 2450 29: 2450 30: 2450 31: 2450 32: 2450 33: 2450 34: 2450 35: 2450 36: 2450 37: 2450 38: 2450 39: 2450 40: 2450 41: 2450 - 42: 2450 43: 2450 44: 2450 45: 3525 46: 2450 47: 2450 48: 2450 49: 2450 50: 2450 + 42: 2450 43: 2450 44: 3525 45: 2450 46: 2450 47: 2450 48: 2450 49: 2450 50: 2450 51: 2450 52: 2450 53: 2450 54: 2450 55: 2450 56: 2450 57: 2450 58: 2450 59: 2450 60: 2450 61: 2450 62: 2450 63: 2450 64: 2450 65: 2450 66: 2450 67: 2450 68: 2450 69: 2450 70: 2450 71: 2450 72: 2450 73: 2450 74: 2450 75: 2450 76: 2450 77: 2450 @@ -62,16 +57,14 @@ CPU: Info: 64-Core model: AMD EPYC 7763 socket: SP3 bits: 64 type: MT MCP 87: 2450 88: 2450 89: 2450 90: 2450 91: 2450 92: 2450 93: 2450 94: 2450 95: 2450 96: 2450 97: 2450 98: 2450 99: 2450 100: 2450 101: 2450 102: 2450 103: 2450 104: 2450 105: 2450 106: 2450 107: 2450 108: 2450 109: 2450 110: 2450 111: 2450 112: 2450 - 113: 2450 114: 2450 115: 2450 116: 2450 117: 2450 118: 2450 119: 2450 120: 2450 + 113: 2450 114: 2450 115: 2450 116: 2450 117: 2450 118: 1799 119: 2450 120: 2450 121: 2450 122: 2450 123: 2450 124: 2450 125: 2450 126: 2450 127: 2450 128: 2450 - Vulnerabilities: Type: gather_data_sampling status: Not affected - Type: itlb_multihit status: Not affected + Vulnerabilities: Type: itlb_multihit status: Not affected Type: l1tf status: Not affected Type: mds status: Not affected Type: meltdown status: Not affected Type: mmio_stale_data status: Not affected Type: retbleed status: Not affected - Type: spec_rstack_overflow mitigation: Safe RET Type: spec_store_bypass mitigation: Speculative Store Bypass disabled via prctl Type: spectre_v1 mitigation: usercopy/swapgs barriers and __user pointer sanitization Type: spectre_v2 mitigation: Retpolines, IBPB: conditional, IBRS_FW, STIBP: always-on, @@ -79,47 +72,50 @@ CPU: Info: 64-Core model: AMD EPYC 7763 socket: SP3 bits: 64 type: MT MCP Type: srbds status: Not affected Type: tsx_async_abort status: Not affected Graphics: Device-1: ASPEED Graphics Family vendor: Super Micro H12SSL-i driver: ast v: kernel - bus-ID: 45:00.0 chip-ID: 1a03:2000 class-ID: 0300 + bus-ID: 46:00.0 chip-ID: 1a03:2000 class-ID: 0300 Display: server: No display server data found. Headless machine? tty: N/A Message: Advanced graphics data unavailable in console for root. Audio: Message: No device data found. -Network: Device-1: Broadcom NetXtreme BCM5720 Gigabit Ethernet PCIe vendor: Super Micro H12SSL-i - driver: tg3 v: kernel port: N/A bus-ID: 47:00.0 chip-ID: 14e4:165f class-ID: 0200 - IF: nat-lan state: up speed: 1000 Mbps duplex: full mac: 3c:ec:ef:7e:bd:c8 - IP v4: 10.32.65.13/20 type: dynamic scope: global - IP v6: fe80::3eec:efff:fe7e:bdc8/64 virtual: proto kernel_ll scope: link +Network: Device-1: Intel 82599ES 10-Gigabit SFI/SFP+ Network driver: N/A modules: ixgbe + port: 1000 bus-ID: 43:00.0 chip-ID: 8086:10fb class-ID: 0200 Device-2: Broadcom NetXtreme BCM5720 Gigabit Ethernet PCIe vendor: Super Micro H12SSL-i - driver: tg3 v: kernel port: N/A bus-ID: 47:00.1 chip-ID: 14e4:165f class-ID: 0200 - IF: wan state: up speed: 1000 Mbps duplex: full mac: 3c:ec:ef:7e:bd:c9 - IP v6: 2001:bc8:38ee:100::500/128 scope: global - IP v6: fe80::3eec:efff:fe7e:bdc9/64 virtual: proto kernel_ll scope: link - IF-ID-1: enp73s0f3u1u2c2 state: down mac: be:3a:f2:b6:05:9f + driver: tg3 v: kernel port: 2000 bus-ID: 48:00.0 chip-ID: 14e4:165f class-ID: 0200 + IF: eno1 state: up speed: 1000 Mbps duplex: full mac: 3c:ec:ef:7e:bd:c8 + IP v4: 10.32.65.13/20 type: dynamic noprefixroute scope: global broadcast: 10.32.79.255 + IP v6: fe80::3eec:efff:fe7e:bdc8/64 scope: link + Device-3: Broadcom NetXtreme BCM5720 Gigabit Ethernet PCIe vendor: Super Micro H12SSL-i + driver: tg3 v: kernel port: 2000 bus-ID: 48:00.1 chip-ID: 14e4:165f class-ID: 0200 + IF: eno2 state: up speed: 1000 Mbps duplex: full mac: 3c:ec:ef:7e:bd:c9 + IP v4: 169.254.249.6/16 type: noprefixroute scope: global broadcast: 169.254.255.255 + IP v6: 2001:470:ca5e:dee:587c:7a50:f36c:cae8/64 type: temporary dynamic scope: global + IP v6: 2001:470:ca5e:dee:3eec:efff:fe7e:bdc9/64 type: dynamic mngtmpaddr noprefixroute + scope: global + IP v6: fe80::3eec:efff:fe7e:bdc9/64 scope: link + IF-ID-1: enp74s0f3u1u2c2 state: unknown speed: -1 duplex: half mac: be:3a:f2:b6:05:9f + IP v4: 169.254.3.1/24 type: dynamic noprefixroute scope: global + broadcast: 169.254.3.255 + IP v6: fe80::bc3a:f2ff:feb6:59f/64 scope: link WAN IP: 82.65.118.1 Bluetooth: Device-1: Insyde RNDIS/Ethernet Gadget type: USB driver: rndis_host v: kernel bus-ID: 7-1.2:4 chip-ID: 0b1f:03ee class-ID: 0a00 Report: This feature requires one of these tools: hciconfig/bt-adapter -Drives: Local Storage: total: 9.82 TiB used: 1.06 TiB (10.7%) - ID-1: /dev/nvme0n1 maj-min: 259:2 vendor: Samsung model: MZWLJ7T6HALA-00AU3 +Drives: Local Storage: total: 6.19 TiB used: 2.08 GiB (0.0%) + ID-1: /dev/nvme0n1 maj-min: 259:1 vendor: Samsung model: MZWLJ7T6HALA-00AU3 size: 6.19 TiB block-size: physical: 512 B logical: 512 B rotation: SSD - serial: S5RTNG0T110589 rev: EPK96R5Q temp: 40 Celsius C scheme: GPT - SMART: yes health: PASSED on: 273d 5h cycles: 113 read-units: 192,543,495 [98.5 TB] - written-units: 258,494,659 [132 TB] - ID-2: /dev/nvme1n1 maj-min: 259:0 vendor: Intel model: SSDPE2KX040T8 size: 3.64 TiB - block-size: physical: 512 B logical: 512 B speed: 31.6 Gb/s lanes: 4 rotation: SSD - serial: PHLJ940301WZ4P0DGN rev: VDV10131 temp: 33 Celsius C - SMART: yes health: PASSED on: 2y 188d 9h cycles: 36 read-units: 9,478,214,631 [4.85 PB] - written-units: 9,225,614,032 [4.72 PB] -Partition: ID-1: / raw-size: 6.18 TiB size: 6.18 TiB (100.00%) used: 1.06 TiB (17.1%) fs: btrfs + serial: S5RTNG0T110589 rev: EPK96R5Q temp: 44 Celsius C scheme: GPT + SMART: yes health: PASSED on: 24 hrs cycles: 44 read-units: 1,449,016 [741 GB] + written-units: 13,364,537 [6.84 TB] +Partition: ID-1: / raw-size: 6.18 TiB size: 6.18 TiB (100.00%) used: 2.04 GiB (0.0%) fs: btrfs block-size: 4096 B dev: /dev/dm-0 maj-min: 254:0 mapped: nixroot - ID-2: /boot raw-size: 1023 MiB size: 1021 MiB (99.80%) used: 23.9 MiB (2.3%) fs: vfat - block-size: 512 B dev: /dev/nvme0n1p1 maj-min: 259:3 + ID-2: /boot raw-size: 1023 MiB size: 1021 MiB (99.80%) used: 37 MiB (3.6%) fs: vfat + block-size: 512 B dev: /dev/nvme0n1p1 maj-min: 259:2 Swap: Kernel: swappiness: 60 (default) cache-pressure: 100 (default) ID-1: swap-1 type: partition size: 8 GiB used: 0 KiB (0.0%) priority: -2 - dev: /dev/nvme0n1p2 maj-min: 259:4 + dev: /dev/nvme0n1p2 maj-min: 259:3 Sensors: Message: No ipmi sensor data found. Message: No sensor data found. Is lm-sensors configured? -Info: Processes: 1226 Uptime: N/A wakeups: 0 Init: systemd v: 254 target: multi-user.target - tool: systemctl Compilers: gcc: 12.3.0 Packages: nix-default: 0 nix-sys: 415 lib: 65 - nix-usr: 0 Client: Sudo v: 1.9.15p2 inxi: 3.3.04 +Info: Processes: 1010 Uptime: 20h 25m wakeups: 0 Init: systemd v: 253 + target: multi-user.target tool: systemctl Compilers: gcc: 12.2.0 Packages: + nix-default: 0 nix-sys: 268 lib: 47 nix-usr: 0 Client: Sudo v: 1.9.13p3 inxi: 3.3.04 ``` ![hardware topology](epyc.lstopo.svg) diff --git a/docs/vieuxtype.lstopo.svg b/docs/vieuxtype.lstopo.svg new file mode 100644 index 0000000..da866d3 --- /dev/null +++ b/docs/vieuxtype.lstopo.svg @@ -0,0 +1,63 @@ + + + + Machine (5936MB total) + + Package L#0 + + L3 (16MB) + + L2 (4096KB) + + L1d (32KB) + + L1i (32KB) + + Core L#0 + + PU L#0 + P#0 + + NUMANode L#0 P#0 (5936MB) + + + + + + + + + + + + PCI 00:01.1 + + Block sr0 + 541 MB + + PCI 00:02.0 + + PCI 00:03.0 + + PCI 00:05.0 + + Block sda + 40 GB + + PCI 00:12.0 + + Net ens18 + + PCI 00:13.0 + + Net ens19 + + PCI 00:14.0 + + Net ens20 + + MemoryModule + + Host: vieuxtype + Date: Mon 05 Jun 2023 08:15:31 PM CEST + diff --git a/docs/vieuxtype.md b/docs/vieuxtype.md new file mode 100644 index 0000000..ca86ff2 --- /dev/null +++ b/docs/vieuxtype.md @@ -0,0 +1,83 @@ +# vieuxtype + +``` +System: Host: vieuxtype Kernel: 6.1.31 x86_64 bits: 64 compiler: gcc v: 12.2.0 + parameters: initrd=\efi\nixos\mf13ryz0gl48s8672gzg80lvq9yd8189-initrd-linux-6.1.31-initrd.efi + init=/nix/store/5c8yhqcmf24d61m99cpqc3ffjma90cxs-nixos-system-vieuxtype-23.05.553.e7603eba51f/init + console=ttyS0,115200 panic=30 boot.panic_on_fail loglevel=4 + Console: N/A Distro: NixOS 23.05 (Stoat) +Machine: Type: Kvm System: QEMU product: Standard PC (i440FX + PIIX, 1996) v: pc-i440fx-7.2 + serial: N/A Chassis: type: 1 v: pc-i440fx-7.2 serial: N/A + Mobo: N/A model: N/A serial: N/A UEFI: EFI Development Kit II / OVMF v: 3.20230228-2 + date: 04/04/2023 +Memory: RAM: total: 5.8 GiB used: 820.6 MiB (13.8%) + Array-1: capacity: 6 GiB slots: 1 EC: Multi-bit ECC max-module-size: 6 GiB note: est. + Device-1: DIMM 0 size: 6 GiB speed: N/A type: RAM detail: other bus-width: Unknown + total: Unknown manufacturer: QEMU part-no: Not Specified serial: Not Specified +PCI Slots: Message: No PCI Slot data found. +CPU: Info: Single Core model: Common KVM bits: 64 type: MCP arch: Netburst Presler + family: F (15) model-id: 6 stepping: 1 microcode: 1 cache: L2: 16 MiB + flags: lm nx pae sse sse2 sse3 bogomips: 5199 + Speed: 2600 MHz min/max: N/A base/boost: 2000/2000 Core speed (MHz): 1: 2600 + Vulnerabilities: Type: itlb_multihit status: KVM: VMX unsupported + Type: l1tf mitigation: PTE Inversion + Type: mds + status: Vulnerable: Clear CPU buffers attempted, no microcode; SMT Host state unknown + Type: meltdown mitigation: PTI + Type: mmio_stale_data status: Unknown: No mitigations + Type: retbleed status: Not affected + Type: spec_store_bypass status: Vulnerable + Type: spectre_v1 mitigation: usercopy/swapgs barriers and __user pointer sanitization + Type: spectre_v2 + mitigation: Retpolines, STIBP: disabled, RSB filling, PBRSB-eIBRS: Not affected + Type: srbds status: Not affected + Type: tsx_async_abort status: Not affected +Graphics: Device-1: vendor: Red Hat driver: bochs-drm v: N/A alternate: bochs bus-ID: 00:02.0 + chip-ID: 1234:1111 class-ID: 0300 + Display: server: No display server data found. Headless machine? tty: N/A + Message: Advanced graphics data unavailable in console for root. +Audio: Message: No device data found. +Network: Device-1: Intel 82371AB/EB/MB PIIX4 ACPI vendor: Red Hat Qemu virtual machine + type: network bridge driver: piix4_smbus v: N/A modules: i2c_piix4 port: 10c0 + bus-ID: 00:01.3 chip-ID: 8086:7113 class-ID: 0680 + Device-2: Red Hat Virtio network driver: virtio-pci v: 1 modules: virtio_pci port: 10e0 + bus-ID: 00:12.0 chip-ID: 1af4:1000 class-ID: 0200 + IF: ens18 state: up speed: -1 duplex: unknown mac: da:3e:b0:11:ae:0a + IP v4: 169.254.129.42/16 type: noprefixroute scope: global broadcast: 169.254.255.255 + IP v6: 2a01:e0a:5f9:9681:33ba:55f5:6e55:beef/64 type: temporary dynamic scope: global + IP v6: 2a01:e0a:5f9:9681:d83e:b0ff:fe11:ae0a/64 type: dynamic mngtmpaddr scope: global + IP v6: 2a01:e0a:5f9:9681:a498:fffb:e48d:299/64 scope: global + IP v6: fe80::d83e:b0ff:fe11:ae0a/64 scope: link + Device-3: Red Hat Virtio network driver: virtio-pci v: 1 modules: virtio_pci port: 1400 + bus-ID: 00:13.0 chip-ID: 1af4:1000 class-ID: 0200 + IF: ens19 state: up speed: -1 duplex: unknown mac: 72:38:5f:a6:82:5a + IP v4: 10.32.64.196/20 type: dynamic noprefixroute scope: global + broadcast: 10.32.79.255 + IP v6: fe80::7038:5fff:fea6:825a/64 scope: link + Device-4: Red Hat Virtio network driver: virtio-pci v: 1 modules: virtio_pci port: 1420 + bus-ID: 00:14.0 chip-ID: 1af4:1000 class-ID: 0200 + IF: ens20 state: up speed: -1 duplex: unknown mac: 8e:38:09:a2:8c:9e + IP v4: 10.32.64.224/20 type: dynamic noprefixroute scope: global + broadcast: 10.32.79.255 + IP v6: fe80::8c38:9ff:fea2:8c9e/64 scope: link + IF-ID-1: tailscale0 state: unknown speed: -1 duplex: full mac: N/A + IP v6: fe80::7d4f:3369:71cc:66d5/64 virtual: stable-privacy scope: link + WAN IP: 82.65.118.1 +Drives: Local Storage: total: 40 GiB used: 10.33 GiB (25.8%) + ID-1: /dev/sda maj-min: 8:0 vendor: QEMU model: HARDDISK size: 40 GiB block-size: + physical: 512 B logical: 512 B speed: serial: drive-scsi0 rev: 2.5+ + scheme: GPT + SMART: no +Partition: ID-1: / raw-size: 11.5 GiB size: 11.22 GiB (97.55%) used: 10.27 GiB (91.6%) fs: ext4 + block-size: 4096 B dev: /dev/sda1 maj-min: 8:1 + ID-2: /boot raw-size: 511 MiB size: 510 MiB (99.80%) used: 54.9 MiB (10.8%) fs: vfat + block-size: 512 B dev: /dev/sda3 maj-min: 8:3 +Swap: Kernel: swappiness: 60 (default) cache-pressure: 100 (default) + ID-1: swap-1 type: partition size: 8 GiB used: 0 KiB (0.0%) priority: -2 dev: /dev/sda2 + maj-min: 8:2 +Sensors: Message: No sensor data found. Is lm-sensors configured? +Info: Processes: 107 Uptime: N/A wakeups: 1 Init: systemd v: 253 target: multi-user.target + tool: systemctl Compilers: gcc: 12.2.0 Packages: 899 nix-default: 9 nix-sys: 881 + lib: 155 nix-usr: 9 lib: 3 Client: Sudo v: 1.9.13p3 inxi: 3.3.04 +``` +![hardware topology](vieuxtype.lstopo.svg) diff --git a/flake.lock b/flake.lock index be91cc1..1e7db14 100644 --- a/flake.lock +++ b/flake.lock @@ -6,15 +6,14 @@ "home-manager": "home-manager", "nixpkgs": [ "nixpkgs" - ], - "systems": "systems" + ] }, "locked": { - "lastModified": 1716561646, - "narHash": "sha256-UIGtLO89RxKt7RF2iEgPikSdU53r6v/6WYB0RW3k89I=", + "lastModified": 1684153753, + "narHash": "sha256-PVbWt3qrjYAK+T5KplFcO+h7aZWfEj1UtyoKlvcDxh0=", "owner": "ryantm", "repo": "agenix", - "rev": "c2fc0762bbe8feb06a2e59a364fa81b3a57671c9", + "rev": "db5637d10f797bb251b94ef9040b237f4702cde3", "type": "github" }, "original": { @@ -23,43 +22,21 @@ "type": "github" } }, - "attic": { - "inputs": { - "crane": "crane", - "flake-compat": "flake-compat", - "flake-utils": "flake-utils", - "nixpkgs": "nixpkgs", - "nixpkgs-stable": "nixpkgs-stable" - }, - "locked": { - "lastModified": 1711742460, - "narHash": "sha256-0O4v6e4a1toxXZ2gf5INhg4WPE5C5T+SVvsBt+45Mcc=", - "owner": "zhaofengli", - "repo": "attic", - "rev": "4dbdbee45728d8ce5788db6461aaaa89d98081f0", - "type": "github" - }, - "original": { - "owner": "zhaofengli", - "repo": "attic", - "type": "github" - } - }, "colmena": { "inputs": { - "flake-compat": "flake-compat_2", - "flake-utils": "flake-utils_2", + "flake-compat": "flake-compat", + "flake-utils": "flake-utils", "nixpkgs": [ "nixpkgs" ], "stable": "stable" }, "locked": { - "lastModified": 1711386353, - "narHash": "sha256-gWEpb8Hybnoqb4O4tmpohGZk6+aerAbJpywKcFIiMlg=", + "lastModified": 1685163780, + "narHash": "sha256-tMwseHtEFDpO3WKeZKWqrKRAZI6TiEULidxEbzicuFg=", "owner": "zhaofengli", "repo": "colmena", - "rev": "cd65ef7a25cdc75052fbd04b120aeb066c3881db", + "rev": "c61bebae1dc1d57237577080b1ca1e37a3fbcebf", "type": "github" }, "original": { @@ -68,27 +45,6 @@ "type": "github" } }, - "crane": { - "inputs": { - "nixpkgs": [ - "attic", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1702918879, - "narHash": "sha256-tWJqzajIvYcaRWxn+cLUB9L9Pv4dQ3Bfit/YjU5ze3g=", - "owner": "ipetkov", - "repo": "crane", - "rev": "7195c00c272fdd92fc74e7d5a0a2844b9fadb2fb", - "type": "github" - }, - "original": { - "owner": "ipetkov", - "repo": "crane", - "type": "github" - } - }, "darwin": { "inputs": { "nixpkgs": [ @@ -97,11 +53,11 @@ ] }, "locked": { - "lastModified": 1700795494, - "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=", + "lastModified": 1673295039, + "narHash": "sha256-AsdYgE8/GPwcelGgrntlijMg4t3hLFJFCRF3tL5WVjA=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d", + "rev": "87b9d090ad39b25b2400029c64825fc2a8868943", "type": "github" }, "original": { @@ -118,11 +74,11 @@ ] }, "locked": { - "lastModified": 1716431128, - "narHash": "sha256-t3T8HlX3udO6f4ilLcN+j5eC3m2gqsouzSGiriKK6vk=", + "lastModified": 1685970051, + "narHash": "sha256-F5ZxBD2DeNd+Q0dDKYBhv76kfjVG/X0ccXjSKpa8KdI=", "owner": "nix-community", "repo": "disko", - "rev": "7ffc4354dfeb37c8c725ae1465f04a9b45ec8606", + "rev": "29d632d7e8fa86f937153ecdfd7d768411001d2d", "type": "github" }, "original": { @@ -132,22 +88,6 @@ } }, "flake-compat": { - "flake": false, - "locked": { - "lastModified": 1673956053, - "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-compat_2": { "flake": false, "locked": { "lastModified": 1650374568, @@ -170,11 +110,11 @@ ] }, "locked": { - "lastModified": 1715865404, - "narHash": "sha256-/GJvTdTpuDjNn84j82cU6bXztE0MSkdnTWClUCRub78=", + "lastModified": 1685662779, + "narHash": "sha256-cKDDciXGpMEjP1n6HlzKinN0H+oLmNpgeCTzYnsA2po=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "8dc45382d5206bd292f9c2768b8058a8fd8311d9", + "rev": "71fb97f0d875fd4de4994dfb849f2c75e17eb6c3", "type": "github" }, "original": { @@ -186,11 +126,11 @@ "flake-registry": { "flake": false, "locked": { - "lastModified": 1705308826, - "narHash": "sha256-Z3xTYZ9EcRIqZAufZbci912MUKB0sD+qxi/KTGMFVwY=", + "lastModified": 1682423975, + "narHash": "sha256-zvOBrH3hwCedgpaWiOSHYSt+fgF/RhaJs8R5qOX6AYc=", "owner": "NixOS", "repo": "flake-registry", - "rev": "9c69f7bd2363e71fe5cd7f608113290c7614dcdd", + "rev": "8054bfa00d60437297d670ab3296a117e7059a10", "type": "github" }, "original": { @@ -200,21 +140,6 @@ } }, "flake-utils": { - "locked": { - "lastModified": 1667395993, - "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_2": { "locked": { "lastModified": 1659877975, "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", @@ -237,11 +162,11 @@ ] }, "locked": { - "lastModified": 1703113217, - "narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=", + "lastModified": 1682203081, + "narHash": "sha256-kRL4ejWDhi0zph/FpebFYhzqlOBrk0Pl3dzGEKSAlEw=", "owner": "nix-community", "repo": "home-manager", - "rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1", + "rev": "32d3e39c491e2f91152c84f8ad8b003420eab0a1", "type": "github" }, "original": { @@ -257,27 +182,27 @@ ] }, "locked": { - "lastModified": 1717527182, - "narHash": "sha256-vWSkg6AMok1UUQiSYVdGMOXKD2cDFnajITiSi0Zjd1A=", + "lastModified": 1667907331, + "narHash": "sha256-bHkAwkYlBjkupPUFcQjimNS8gxWSWjOTevEuwdnp5m0=", "owner": "rycee", "repo": "home-manager", - "rev": "845a5c4c073f74105022533907703441e0464bc3", + "rev": "6639e3a837fc5deb6f99554072789724997bc8e5", "type": "github" }, "original": { "owner": "rycee", - "ref": "release-24.05", + "ref": "release-22.05", "repo": "home-manager", "type": "github" } }, "nixos-hardware": { "locked": { - "lastModified": 1716715385, - "narHash": "sha256-fe6Z33pbfqu4TI5ijmcaNc5vRBs633tyxJ12HTghy3w=", + "lastModified": 1684899633, + "narHash": "sha256-NtwerXX8UFsoNy6k+DukJMriWtEjQtMU/Urbff2O2Dg=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "2e7d6c568063c83355fe066b8a8917ee758de1b8", + "rev": "4cc688ee711159b9bcb5a367be44007934e1a49d", "type": "github" }, "original": { @@ -288,43 +213,27 @@ }, "nixpkgs": { "locked": { - "lastModified": 1711401922, - "narHash": "sha256-QoQqXoj8ClGo0sqD/qWKFWezgEwUL0SUh37/vY2jNhc=", + "lastModified": 1685952468, + "narHash": "sha256-YCOr9kttCqoa9IZMjHxX6SlwenTg7FsSmG9TaT76mSE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "07262b18b97000d16a4bdb003418bd2fb067a932", + "rev": "70f7275b32f49bc67ae3532b758b80cb6c27f98a", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs-stable": { - "locked": { - "lastModified": 1711460390, - "narHash": "sha256-akSgjDZL6pVHEfSE6sz1DNSXuYX6hq+P/1Z5IoYWs7E=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "44733514b72e732bd49f5511bd0203dea9b9a434", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-23.11", + "ref": "release-23.05", "repo": "nixpkgs", "type": "github" } }, "nixpkgs-unstable": { "locked": { - "lastModified": 1716715802, - "narHash": "sha256-usk0vE7VlxPX8jOavrtpOqphdfqEQpf9lgedlY/r66c=", + "lastModified": 1685938391, + "narHash": "sha256-96Jw6TbWDLSopt5jqCW8w1Fc1cjQyZlhfBnJ3OZGpME=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e2dd4e18cc1c7314e24154331bae07df76eb582f", + "rev": "31cd1b4afbaf0b1e81272ee9c31d1ab606503aed", "type": "github" }, "original": { @@ -334,29 +243,13 @@ "type": "github" } }, - "nixpkgs_2": { - "locked": { - "lastModified": 1717796960, - "narHash": "sha256-BKjQ9tQdsuoROrojHZb7KTAv95WprqCkNFvuzatfEo0=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "8e0a5f16b7bf7f212be068dd302c49888c6ad68f", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-24.05-small", - "repo": "nixpkgs", - "type": "github" - } - }, "nur": { "locked": { - "lastModified": 1716741358, - "narHash": "sha256-4bxptwbmplGKq3W4tl6Zem/bOHsdLP4DSPcm/FfCaFE=", + "lastModified": 1685980073, + "narHash": "sha256-7BkreZ2cH488dR1XPcdlALj+2g+NvrZdG9ZhwRt0YFI=", "owner": "nix-community", "repo": "NUR", - "rev": "c65a3bde6793b437a705edfe5ff8435cbb8307a2", + "rev": "de817406e39c1f9be28fde1d62c1f1f0c91acb09", "type": "github" }, "original": { @@ -368,14 +261,13 @@ "root": { "inputs": { "agenix": "agenix", - "attic": "attic", "colmena": "colmena", "disko": "disko", "flake-parts": "flake-parts", "flake-registry": "flake-registry", "home-manager": "home-manager_2", "nixos-hardware": "nixos-hardware", - "nixpkgs": "nixpkgs_2", + "nixpkgs": "nixpkgs", "nixpkgs-unstable": "nixpkgs-unstable", "nur": "nur", "srvos": "srvos" @@ -388,11 +280,11 @@ ] }, "locked": { - "lastModified": 1716425501, - "narHash": "sha256-BSLhmGYY1khyyBAjraR+N0Pa9Nha/et5yQQlEZxcfkU=", + "lastModified": 1685966850, + "narHash": "sha256-HaWNbihBIBATmSbuXLzA92C4858tNdS9Q5kRHJNagVo=", "owner": "numtide", "repo": "srvos", - "rev": "1122cd50a23647e09c3e7a679d37ec02113bc412", + "rev": "4f22e6fcaf17c6313c2ecdc996760c3e4b14a623", "type": "github" }, "original": { @@ -403,34 +295,19 @@ }, "stable": { "locked": { - "lastModified": 1696039360, - "narHash": "sha256-g7nIUV4uq1TOVeVIDEZLb005suTWCUjSY0zYOlSBsyE=", + "lastModified": 1669735802, + "narHash": "sha256-qtG/o/i5ZWZLmXw108N2aPiVsxOcidpHJYNkT45ry9Q=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "32dcb45f66c0487e92db8303a798ebc548cadedc", + "rev": "731cc710aeebecbf45a258e977e8b68350549522", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-23.05", + "ref": "nixos-22.11", "repo": "nixpkgs", "type": "github" } - }, - "systems": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 779165c..13302ee 100644 --- a/flake.nix +++ b/flake.nix @@ -1,6 +1,13 @@ { description = "NixOS configuration with flakes"; + nixConfig.extra-substituters = [ + "https://newtype.cachix.org" + ]; + nixConfig.extra-trusted-public-keys = [ + "newtype.cachix.org-1:Gd5G2EVFNJslfR3PxA2+JY7mHT6MwVJ6biv5Cg47SD0=" + ]; + # To update all inputs: # $ nix flake update --recreate-lock-file inputs = { @@ -10,13 +17,13 @@ flake-parts.url = "github:hercules-ci/flake-parts"; flake-parts.inputs.nixpkgs-lib.follows = "nixpkgs"; - nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05-small"; + nixpkgs.url = "github:NixOS/nixpkgs/release-23.05"; nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; nixos-hardware.url = "github:NixOS/nixos-hardware"; nur.url = "github:nix-community/NUR"; - home-manager.url = "github:rycee/home-manager/release-24.05"; + home-manager.url = "github:rycee/home-manager/release-22.05"; home-manager.inputs.nixpkgs.follows = "nixpkgs"; agenix.url = "github:ryantm/agenix"; @@ -25,17 +32,10 @@ colmena.url = "github:zhaofengli/colmena"; colmena.inputs.nixpkgs.follows = "nixpkgs"; - attic.url = "github:zhaofengli/attic"; - srvos.url = "github:numtide/srvos"; # actually not used when using the modules but than nothing ever will try to fetch this nixpkgs variant srvos.inputs.nixpkgs.follows = "nixpkgs"; - # Ryan's experimental hypervisor based on cloud-hypervisor - # Private repository, you need a valid SSH key to access it - # nixos-hypervisor.url = "git+ssh://gitea@git.newtype.fr/newtype/nixos-hypervisor?ref=main"; - # nixos-hypervisor.inputs.nixpkgs.follows = "nixpkgs"; - flake-registry.url = "github:NixOS/flake-registry"; flake-registry.flake = false; }; @@ -83,19 +83,19 @@ ] ++ pkgs.lib.optional (pkgs.stdenv.isLinux) pkgs.mkpasswd; }; packages = { - # netboot = pkgs.callPackage ./modules/netboot/netboot.nix { - # # this nixosSystem is built for x86_64 machines regardless of the host machine - # pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux; - # inherit (inputs.nixpkgs.lib) nixosSystem; - # extraModules = [ - # self.inputs.nur.nixosModules.nur - # { _module.args.inputs = self.inputs; } - # ]; - # }; + # netboot = pkgs.callPackage ./modules/netboot/netboot.nix { + # # this nixosSystem is built for x86_64 machines regardless of the host machine + # pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux; + # inherit (inputs.nixpkgs.lib) nixosSystem; + # extraModules = [ + # self.inputs.nur.nixosModules.nur + # { _module.args.inputs = self.inputs; } + # ]; + # }; - # netboot-pixie-core = pkgs.callPackage ./modules/netboot/netboot-pixie-core.nix { - # inherit (self'.packages) netboot; - # }; + # netboot-pixie-core = pkgs.callPackage ./modules/netboot/netboot-pixie-core.nix { + # inherit (self'.packages) netboot; + # }; }; }; flake = { diff --git a/hosts/epyc.nix b/hosts/epyc.nix index 10a8d07..efbf696 100644 --- a/hosts/epyc.nix +++ b/hosts/epyc.nix @@ -1,55 +1,14 @@ -{ lib, pkgs, ... }: -let - gcc-system-features = arch: lib.optionals (arch != null) ([ "gccarch-${arch}" ] - ++ map (x: "gccarch-${x}") lib.systems.architectures.inferiors.${arch}); -in { imports = [ ../modules/ipmi-supermicro.nix ../modules/hardware/supermicro-H12SSL-i.nix ../modules/iperf-server.nix - ../modules/hypervisor.nix - ../modules/hydra/coordinator.nix - ../modules/android-cache.nix - ../modules/garage.nix - ../modules/users/friends.nix ]; networking.hostName = "epyc"; - boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; - virtualisation.docker = { - enable = true; - rootless.enable = true; - }; - - # TODO: there's a critical bug on 6.8+ where btrfs won't mount the rootfs at all. - # Do not upgrade until it is fixed. Ping Raito when needed. - # boot.kernelPackages = pkgs.linuxPackage_latest; - - # Open public access to our PostgreSQL. - services.postgresql.enable = true; - services.postgresql.enableTCPIP = true; - services.postgresql.authentication = '' - host hydra-nixos-org hydra_ro ::/0 trust - ''; - networking.firewall.allowedTCPPorts = [ 5432 ]; - - nix.buildMachines = [ - { hostName = "localhost"; - systems = [ - "x86_64-linux" - "riscv64-linux" - ]; - supportedFeatures = [ "kvm" "nixos-test" "big-parallel" "benchmark" ] ++ gcc-system-features "znver3"; - maxJobs = 2; - } - ]; - - boot.binfmt.emulatedSystems = [ "riscv64-linux" "aarch64-linux" "riscv64-linux" ]; - simd.arch = "znver3"; system.stateVersion = "23.05"; } diff --git a/hosts/vieuxtype.nix b/hosts/vieuxtype.nix new file mode 100644 index 0000000..41bd6e5 --- /dev/null +++ b/hosts/vieuxtype.nix @@ -0,0 +1,28 @@ +{ + imports = [ + ../modules/hardware/vm.nix + ../modules/gitea.nix + ../modules/tailscale.nix + ../modules/users/yvan.nix + ]; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/fe1d2e0d-9210-4a2d-b584-d1e131747ea3"; + fsType = "ext4"; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/8782-7801"; + fsType = "vfat"; + }; + + swapDevices = + [{ device = "/dev/disk/by-uuid/c9511ddb-e41f-436c-ad1f-9b587ed0ba11"; }]; + + networking.hostName = "vieuxtype"; + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + # simd.arch = "znver3"; + system.stateVersion = "23.05"; +} diff --git a/modules/android-cache.nix b/modules/android-cache.nix deleted file mode 100644 index 1193f37..0000000 --- a/modules/android-cache.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ lib, ... }: -let - mirrors = { - # "https://android.googlesource.com" = "/mnt/aospaosp/mirror"; - # "https://github.com/LineageOS" = "/var/lib/src/lineageos/LineageOS"; - # "https://github.com/TheMuppets" = "/var/lib/src/themuppets/TheMuppets"; - }; -in -{ - nix.envVars.ROBOTNIX_GIT_MIRRORS = lib.concatStringsSep "|" (lib.mapAttrsToList (local: remote: "${local}=${remote}") mirrors); - - # Also add local mirrors to nix sandbox exceptions - nix.sandboxPaths = lib.attrValues mirrors; -} diff --git a/modules/auto-upgrade.nix b/modules/auto-upgrade.nix index 399b5e2..ef3f0db 100644 --- a/modules/auto-upgrade.nix +++ b/modules/auto-upgrade.nix @@ -1,9 +1,7 @@ { pkgs, ... }: { - system.autoUpgrade = { - enable = true; - flake = "git+https://git.newtype.fr/newtype/newtype-org-configurations"; - flags = [ "--option" "accept-flake-config" "true" ]; - }; + system.autoUpgrade.enable = true; + system.autoUpgrade.flake = "git:git.newtype.fr/newtype/newtype-org-configurations"; + system.autoUpgrade.flags = [ "--option" "accept-flake-config" "true" ]; # add a random jitter so not all machines reboot at the same time. systemd.timers.auto-reboot.timerConfig.RandomizedDelaySec = 60 * 20; diff --git a/modules/buildbot/default.nix b/modules/buildbot/default.nix deleted file mode 100644 index 99c7387..0000000 --- a/modules/buildbot/default.nix +++ /dev/null @@ -1,59 +0,0 @@ -{ lib, pkgs, config, inputs, ... }: -with lib; -let - cfg = config.luj.buildbot; - port = "1810"; - package = pkgs.buildbot-worker; - python = package.pythonModule; - home = "/var/lib/buildbot-worker"; - buildbotDir = "${home}/worker"; -in -{ - #buildbot worker - - # nix.settings.allowed-users = [ "buildbot-worker" ]; - nix.settings.trusted-users = [ "buildbot-worker" ]; - users.users.buildbot-worker = { - description = "Buildbot Worker User."; - isSystemUser = true; - createHome = true; - home = "/var/lib/buildbot-worker"; - group = "buildbot-worker"; - useDefaultShell = true; - }; - users.groups.buildbot-worker = { }; - - systemd.services.buildbot-worker = { - reloadIfChanged = true; - description = "Buildbot Worker."; - after = [ "network.target" "buildbot-master.service" ]; - wantedBy = [ "multi-user.target" ]; - path = [ - pkgs.nix-eval-jobs - pkgs.git - pkgs.gh - pkgs.nix - pkgs.nix-output-monitor - inputs.attic.packages.x86_64-linux.attic - ]; - environment.PYTHONPATH = "${python.withPackages (_: [package])}/${python.sitePackages}"; - environment.MASTER_URL = ''TCP:2a01\\:e34\\:ec2a\\:8e60\\:8ec7\\:b5d2\\:f663\\:a67a:9989''; - environment.BUILDBOT_DIR = buildbotDir; - environment.WORKER_PASSWORD_FILE = "/var/lib/buildbot-worker/password.txt"; - - serviceConfig = { - Type = "simple"; - User = "buildbot-worker"; - Group = "buildbot-worker"; - WorkingDirectory = home; - - # Restart buildbot with a delay. This time way we can use buildbot to deploy itself. - ExecReload = "+${pkgs.systemd}/bin/systemd-run --on-active=60 ${pkgs.systemd}/bin/systemctl restart buildbot-worker"; - ExecStart = "${python.pkgs.twisted}/bin/twistd --nodaemon --pidfile= --logfile - --python ${./worker.py}"; - }; - }; - -} - - - diff --git a/modules/buildbot/worker.py b/modules/buildbot/worker.py deleted file mode 100644 index 198dfae..0000000 --- a/modules/buildbot/worker.py +++ /dev/null @@ -1,58 +0,0 @@ -#!/usr/bin/env python3 - -import multiprocessing -import os -import socket -from io import open - -from buildbot_worker.bot import Worker -from twisted.application import service - - -def require_env(key: str) -> str: - val = os.environ.get(key) - assert val is not None, "val is not set" - return val - - -def setup_worker(application: service.Application, id: int) -> None: - basedir = f"{require_env('BUILDBOT_DIR')}-{id}" - os.makedirs(basedir, mode=0o700, exist_ok=True) - - master_url = require_env("MASTER_URL") - hostname = socket.gethostname() - workername = f"{hostname}-{id}" - - with open( - require_env("WORKER_PASSWORD_FILE"), "r", encoding="utf-8" - ) as passwd_file: - passwd = passwd_file.read().strip("\r\n") - keepalive = 600 - umask = None - maxdelay = 300 - numcpus = None - allow_shutdown = None - - s = Worker( - "2a01:e34:ec2a:8e60:8ec7:b5d2:f663:a67a", - 9989, - workername, - passwd, - basedir, - keepalive, - umask=umask, - maxdelay=maxdelay, - numcpus=numcpus, - allow_shutdown=allow_shutdown, - ) - s.setServiceParent(application) - - -# note: this line is matched against to check that this is a worker -# directory; do not edit it. -application = service.Application("buildbot-worker") - -for i in range(14): - setup_worker(application, i) - - diff --git a/modules/builder.nix b/modules/builder.nix index 7c691c8..5dc80c8 100644 --- a/modules/builder.nix +++ b/modules/builder.nix @@ -3,10 +3,8 @@ isNormalUser = true; home = "/home/nix"; openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAZpEtSfB0GDwcELc5/AKNiBZJV9OVfQ0BMFzBlF+8Yd raito@everywhere" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA3hCOyFwuoCLt5W9e9yQSwj9I+VspB0kNNHsoFngbgZ raito@thors" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF07Sy0O+oletFYlrfS0+XtBWJO2F+Rc9J/ocNLBa/OE raito@thorkell" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDu4cEqZzAI/1vZjSQkTJ4ijIg9nuloOuSKUrnkJIOFn buildbot@top-secret" # Top secret's project buildbot key - "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIH/LDRUG+U+++UmlxvA2kspioTjktQZ8taDcHq8gVlkfAAAABHNzaDo=" # winterqt ]; uid = 5001; }; diff --git a/modules/garage.nix b/modules/garage.nix deleted file mode 100644 index be45bfe..0000000 --- a/modules/garage.nix +++ /dev/null @@ -1,37 +0,0 @@ -{ pkgs, ... }: { - services.garage = { - enable = true; - package = pkgs.garage_0_8; - settings = { - db_engine = "lmdb"; - block_size = (10 * 1024 * 1024); # 10MB - replication_mode = "none"; - rpc_bind_addr = "[::1]:3901"; - rpc_public_addr = "[::1]:3901"; - rpc_secret = "f5b8ede0abe0a3d454d96e8b352e29a1d94522b64274d23b256d57482441ccc1"; - - s3_api = { - s3_region = "garage"; - api_bind_addr = "[::1]:3900"; - root_domain = ".s3.infra.newtype.fr"; - }; - - s3_web = { - bind_addr = "[::1]:3902"; - root_domain = ".web.infra.newtype.fr"; - index = "index.html"; - }; - }; - }; - - services.nginx = { - enable = true; - virtualHosts."s3.infra.newtype.fr" = { - forceSSL = true; - enableACME = true; - locations."/".proxyPass = "http://[::1]:3900/"; - }; - }; - - networking.firewall.allowedTCPPorts = [ 80 443 ]; -} diff --git a/modules/gitea.nix b/modules/gitea.nix new file mode 100644 index 0000000..1fd9dc7 --- /dev/null +++ b/modules/gitea.nix @@ -0,0 +1,34 @@ +{ ... }: { + services.gitea = { + enable = true; + appName = "Newtype's Git"; + mailerPasswordFile = "/var/lib/secrets/gitea/mailpw"; + settings = { + server = { + ROOT_URL = "https://git.newtype.fr"; + DOMAIN = "git.newtype.fr"; + }; + service.DISABLE_REGISTRATION = true; + session.COOKIE_SECURE = true; + mailer = { + ENABLED = true; + HOST = "mail.gandi.net:465"; + USER = "git@newtype.fr"; + FROM = "Newtype's Git "; + IS_TLS_ENABLED = true; + }; + }; + }; + + services.nginx = { + enable = true; + virtualHosts."git.newtype.fr" = { + enableACME = true; + forceSSL = true; + locations."/" = { proxyPass = "http://127.0.0.1:3000"; }; + }; + }; + + security.acme.certs = { "git.newtype.fr".email = "contact@newtype.fr"; }; + security.acme.acceptTerms = true; +} diff --git a/modules/hardware/supermicro-H12SSL-i.nix b/modules/hardware/supermicro-H12SSL-i.nix index 68ffc38..455f2f4 100644 --- a/modules/hardware/supermicro-H12SSL-i.nix +++ b/modules/hardware/supermicro-H12SSL-i.nix @@ -8,18 +8,12 @@ [ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.kernelParams = [ "pci=realloc" "boot.shell_on_fail" ]; + boot.kernelParams = [ "pci=realloc" ]; boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usbhid" "usb_storage" "sd_mod" ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ "kvm-amd" ]; boot.extraModulePackages = [ ]; - boot.initrd.extraUtilsCommands = '' - copy_bin_and_libs ${pkgs.nvme-cli}/bin/nvme - copy_bin_and_libs ${pkgs.util-linux}/bin/blkzone - copy_bin_and_libs ${pkgs.util-linux}/bin/lsblk - ''; - boot.initrd.systemd.enable = lib.mkForce false; fileSystems."/" = @@ -40,7 +34,7 @@ swapDevices = [ { device = "/dev/disk/by-uuid/93e251e1-1bfc-4bd4-8585-ea2eae7795bf"; } - ]; + ]; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; diff --git a/modules/hardware/vm.nix b/modules/hardware/vm.nix new file mode 100644 index 0000000..9d457ec --- /dev/null +++ b/modules/hardware/vm.nix @@ -0,0 +1,14 @@ +{ lib, modulesPath, ... }: { + imports = [ "${modulesPath}/profiles/qemu-guest.nix" ]; + + boot.initrd.availableKernelModules = + [ "ata_piix" "uhci_hcd" "virtio_pci" "sd_mod" "sr_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + services.qemuGuest.enable = true; + + # VMs are noisy for this type of thing usually. + nix.settings.max-jobs = lib.mkDefault 1; +} diff --git a/modules/hosts.nix b/modules/hosts.nix index e979692..794b6d8 100644 --- a/modules/hosts.nix +++ b/modules/hosts.nix @@ -37,10 +37,13 @@ in ) "Please add network configuration for ${config.networking.hostName}. None found in ${./hosts.nix}"; - # usually, for each host there is a hostname.dse.in.tum.de and hostname.r domain + # usually, for each host there is a hostname.infra.newtype.fr networking.newtype.hosts = { epyc = { - ipv6 = "2001:bc8:38ee:100::500"; + ipv6 = "2001:470:ca5e:dee:587c:7a50:f36c:cae8"; + }; + vieuxtype = { + ipv6 = "2a01:e0a:5f9:9681:a498:fffb:e48d:299"; }; }; }; diff --git a/modules/hydra/coordinator.nix b/modules/hydra/coordinator.nix deleted file mode 100644 index 0f28dfd..0000000 --- a/modules/hydra/coordinator.nix +++ /dev/null @@ -1,81 +0,0 @@ -{ pkgs, ... }: { - services.hydra = { - enable = false; - hydraURL = "https://hydra.newtype.fr"; - notificationSender = "hydra@localhost"; - buildMachinesFiles = [ "/etc/nix/machines" ]; - useSubstitutes = true; - }; - - environment.systemPackages = [ pkgs.nix-prefetch-git ]; - nix.trustedUsers = [ "hydra" "hydra-www" ]; - - services.postgresql = { - enableJIT = true; - settings = { - checkpoint_completion_target = "0.9"; - default_statistics_target = 100; - - max_connections = 500; - work_mem = "20MB"; - maintenance_work_mem = "2GB"; - - shared_buffers = "8GB"; - - min_wal_size = "1GB"; - max_wal_size = "2GB"; - wal_buffers = "16MB"; - - max_worker_processes = 16; - max_parallel_workers_per_gather = 8; - max_parallel_workers = 16; - - # NVMe related performance tuning - effective_io_concurrency = 200; - random_page_cost = "1.1"; - - # We can risk losing some transactions. - synchronous_commit = "off"; - - effective_cache_size = "16GB"; - - # autovacuum and autoanalyze much more frequently: - # at these values vacuum should run approximately - # every 2 mass rebuilds, or a couple times a day - # on the builds table. Some of those queries really - # benefit from frequent vacuums, so this should - # help. In particular, I'm thinking the jobsets - # pages. - autovacuum_vacuum_scale_factor = 0.002; - autovacuum_analyze_scale_factor = 0.001; - - shared_preload_libraries = "pg_stat_statements"; - compute_query_id = "on"; - }; - }; - - security.acme = { - acceptTerms = true; - defaults.email = "ryan@lahfa.xyz"; - }; - - services.nginx = { - enable = true; - - recommendedZstdSettings = true; - recommendedBrotliSettings = true; - recommendedGzipSettings = true; - recommendedOptimisation =true; - recommendedTlsSettings = true; - recommendedProxySettings = true; - }; - - services.nginx.virtualHosts."hydra.newtype.fr" = { - forceSSL = true; - enableACME = true; - # TODO: remove compression for some locations - locations."/".proxyPass = "http://localhost:3000"; - }; - - networking.firewall.allowedTCPPorts = [ 80 443 ]; -} diff --git a/modules/hypervisor.nix b/modules/hypervisor.nix deleted file mode 100644 index 4b2c5c4..0000000 --- a/modules/hypervisor.nix +++ /dev/null @@ -1,2 +0,0 @@ -{ ... }: { -} diff --git a/modules/nix-daemon.nix b/modules/nix-daemon.nix index 59e7ac5..b45d3a8 100644 --- a/modules/nix-daemon.nix +++ b/modules/nix-daemon.nix @@ -1,7 +1,6 @@ { lib , config , pkgs -, inputs , ... }: @@ -30,24 +29,6 @@ in { domain = "*"; item = "nofile"; type = "-"; value = "20480"; } ]; - # Makes the computer go faster. - # nixos.jobserver.enable = true; - # TODO(raito): rework this. - - # Avoid weird failures for builders. - services.openssh.settings.MaxStartups = 100; - - # Memory accounting techniques - systemd.services.nix-daemon.serviceConfig = { - MemoryAccounting = true; - MemoryMax = "225G"; - MemoryHigh = "220G"; - MemorySwapMax = "2G"; - ManagedOOMSwap = "kill"; - ManagedOOMMemoryPressure = "kill"; - MemoryPressureWatch = "on"; - }; - nix = { # Garbage-collect often gc.automatic = true; @@ -57,22 +38,19 @@ in # Randomize GC to avoid thundering herd effects. gc.randomizedDelaySec = "1800"; - # Inchallah, it works. - package = pkgs.nixVersions.nix_2_18; - # package = lib.mkForce inputs.nixpkgs-unstable.legacyPackages.x86_64-linux.nixVersions.nix_2_17; + # 2.11, 2.12 suffers from a bug with remote builders… + package = pkgs.nixVersions.nix_2_13; # should be enough? - nrBuildUsers = 128; + nrBuildUsers = lib.mkDefault 32; + + # https://github.com/NixOS/nix/issues/719 settings = { - keep-outputs = false; - keep-derivations = false; - use-cgroups = true; - http-connections = 0; - auto-allocate-uids = true; - cores = 0; - max-jobs = 2; # Do not build more than 2 derivations at once in the event, both of them are too big, yes this is stupid, fix it in Nix. - fsync-metadata = true; + keep-outputs = true; + keep-derivations = true; + # in zfs we trust + fsync-metadata = lib.boolToString (!config.boot.isContainer or config.fileSystems."/".fsType != "zfs"); substituters = [ "https://nix-community.cachix.org" "https://tum-dse.cachix.org" @@ -82,13 +60,6 @@ in "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "tum-dse.cachix.org-1:v67rK18oLwgO0Z4b69l30SrV1yRtqxKpiHodG4YxhNM=" ]; - experimental-features = [ - "auto-allocate-uids" - # "ca-derivations" this feature is really extremely broken. - "cgroups" - "fetch-closure" - "impure-derivations" - ]; }; }; diff --git a/modules/packages.nix b/modules/packages.nix index 45482a8..1086d5f 100644 --- a/modules/packages.nix +++ b/modules/packages.nix @@ -1,12 +1,13 @@ -{ pkgs, inputs, ... }: { +{ pkgs, ... }: { + # documentation.dev.enable = true; + # environment.extraOutputsToInstall = [ "info" "man" "devman" ]; + # this extends the list from: # https://github.com/numtide/srvos/blob/master/server.nix#L10 environment.systemPackages = with pkgs; [ socat whois - nix-output-monitor - inputs.attic.packages.x86_64-linux.attic jq psmisc libarchive @@ -37,7 +38,22 @@ ipmitool - nix-top + (neovim.override { + viAlias = true; + vimAlias = true; + configure = { + packages.myPlugins = with pkgs.vimPlugins; { + start = [ vim-lastplace vim-nix ]; + opt = [ ]; + }; + }; + }) + # tries to default to soft-float due to out-dated cc-rs ] ++ lib.optional (!stdenv.hostPlatform.isRiscV) bandwhich; + + programs.vim.defaultEditor = true; + environment.variables = { EDITOR = "nvim"; }; + programs.mosh.enable = true; + programs.tmux.enable = true; } diff --git a/modules/ssh-cursed.nix b/modules/ssh-cursed.nix deleted file mode 100644 index deb956d..0000000 --- a/modules/ssh-cursed.nix +++ /dev/null @@ -1,36 +0,0 @@ -{ - programs.ssh.extraConfig = '' - Host telecom-bastion - HostName ssh.enst.fr - User jmalka - IdentityFile /home/luj/.ssh/id_ed25519 - - Host lame11 - Hostname lame11.enst.fr - User nix-remote-builder - ProxyJump telecom-bastion - IdentityFile /home/luj/.ssh/id_ed25519 - Host lame10 - Hostname lame10.enst.fr - User nix-remote-builder - ProxyJump telecom-bastion - IdentityFile /home/luj/.ssh/id_ed25519 - Host lame12 - Hostname lame12.enst.fr - User nix-remote-builder - ProxyJump telecom-bastion - IdentityFile /home/luj/.ssh/id_ed25519 - Host lame16 - Hostname lame16.enst.fr - User nix-remote-builder - ProxyJump telecom-bastion - IdentityFile /home/luj/.ssh/id_ed25519 - Host lame17 - Hostname lame17.enst.fr - User nix-remote-builder - ProxyJump telecom-bastion - IdentityFile /home/luj/.ssh/id_ed25519 - - ''; - -} diff --git a/modules/tailscale.nix b/modules/tailscale.nix new file mode 100644 index 0000000..14ffc74 --- /dev/null +++ b/modules/tailscale.nix @@ -0,0 +1,5 @@ +{ config, ... }: { + services.tailscale.enable = true; + networking.firewall.checkReversePath = "loose"; + networking.firewall.allowedUDPPorts = [ config.services.tailscale.port ]; +} diff --git a/modules/users/admins.nix b/modules/users/admins.nix index eb2794c..f7c44d1 100644 --- a/modules/users/admins.nix +++ b/modules/users/admins.nix @@ -13,7 +13,6 @@ in isNormalUser = true; home = "/home/raito"; inherit extraGroups; - shell = "/run/current-system/sw/bin/zsh"; uid = 1000; openssh.authorizedKeys.keyFiles = [ ./keys/raito.keys ]; }; @@ -22,8 +21,7 @@ in luj = { isNormalUser = true; home = "/home/luj"; - extraGroups = extraGroups ++ [ "production-hydra-db" ]; - shell = "/run/current-system/sw/bin/zsh"; + inherit (config.users.users.raito) extraGroups; uid = 1001; openssh.authorizedKeys.keyFiles = [ ./keys/luj.keys ]; }; @@ -33,7 +31,6 @@ in isNormalUser = true; home = "/home/gdd"; inherit (config.users.users.raito) extraGroups; - shell = "/run/current-system/sw/bin/zsh"; uid = 1002; openssh.authorizedKeys.keyFiles = [ ./keys/gdd.keys ]; }; @@ -43,7 +40,6 @@ in isNormalUser = true; home = "/home/akechi"; inherit (config.users.users.raito) extraGroups; - shell = "/run/current-system/sw/bin/zsh"; uid = 1003; openssh.authorizedKeys.keyFiles = [ ./keys/akechi.keys ]; }; @@ -53,7 +49,6 @@ in isNormalUser = true; home = "/home/tomate"; inherit (config.users.users.raito) extraGroups; - shell = "/run/current-system/sw/bin/zsh"; uid = 1004; openssh.authorizedKeys.keyFiles = [ ./keys/tomate.keys ]; }; @@ -65,6 +60,6 @@ in }; }; - nix.settings.trusted-users = [ "raito" "luj" "gdd" "akechi" "tomate" "niklas" "jade" "winter" ]; + nix.settings.trusted-users = [ "raito" "luj" "gdd" "akechi" "tomate" ]; }; } diff --git a/modules/users/friends.nix b/modules/users/friends.nix deleted file mode 100644 index 932660f..0000000 --- a/modules/users/friends.nix +++ /dev/null @@ -1,84 +0,0 @@ -{ ... }: -let - trustedFriendGroups = [ - "production-hydra-db" - ]; -in -{ - # deleted users: ninjatrappeur, flokli - users.users = { - linus = { - isNormalUser = true; - home = "/home/linus"; - shell = "/run/current-system/sw/bin/zsh"; - uid = 2001; - # Raito: I allowed linus to be root to get some stuff done - # on behalf of me. - extraGroups = [ "wheel" ] ++ trustedFriendGroups; - openssh.authorizedKeys.keyFiles = [ ./keys/linus.keys ]; - }; - niklas = { - isNormalUser = true; - home = "/home/niklas"; - shell = "/run/current-system/sw/bin/zsh"; - uid = 2002; - extraGroups = trustedFriendGroups; - openssh.authorizedKeys.keyFiles = [ ./keys/niklas.keys ]; - }; - # Raito: Permanent account for Jade who has been driving a lot of good work. - # expires = 2060 because of a convergence bug, I cannot remove the expiration date anymore. - jade = { - isNormalUser = true; - home = "/home/jade"; - shell = "/run/current-system/sw/bin/zsh"; - uid = 2004; - expires = "2060-05-01"; - extraGroups = trustedFriendGroups; - openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDNldAg4t13/i69TD786The+U3wbiNUdW2Kc9KNWvEhgpf4y4x4Sft0oYfkPw5cjX4H3APqfD+b7ItAG0GCbwHw6KMYPoVMNK08zBMJUqt1XExbqGeFLqBaeqDsmEAYXJRbjMTAorpOCtgQdoCKK/DvZ51zUWXxT8UBNHSl19Ryv5Ry5VVdbAE35rqs57DQ9+ma6htXnsBEmmnC+1Zv1FE956m/OpBTId50mor7nS2FguAtPZnDPpTd5zl9kZmJEuWCrmy6iinw5V4Uy1mLeZkQv+/FtozbyifCRCvps9nHpv4mBSU5ABLgnRRvXs+D41Jx7xloNADr1nNgpsNrYaTh hed-bot-ssh-tpm-rsa" - "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIKYljH8iPMrH00lOb3ETxRrZimdKzPPEdsJQ5D5ovtOwAAAACnNzaDpzc2hrZXk= ssh:sshkey" - "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBO4idMfdJxDJuBNOid60d4I+qxj09RHt+YkCYV2eXt6tGrEXg+S8hTQusy/SqooiXUH9pt4tea2RuBPN9+UwrH0= type-a yubikey slot 9a" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHGIBMfUypLctmorlRz9xIzXRgmtqDMxF5T5Fxy4JxNb root@tail-bot" - ]; - }; - # Raito: Permanent account for winter, she was the one in charge of the Darwin build box for a while, - # helped a bunch of people and deserve it :-). - # expires = 2060 because of a convergence bug, I cannot remove the expiration date anymore. - winter = { - isNormalUser = true; - home = "/home/winter"; - shell = "/run/current-system/sw/bin/zsh"; - uid = 2005; - expires = "2060-05-01"; - extraGroups = trustedFriendGroups; - openssh.authorizedKeys.keys = [ - "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIH/LDRUG+U+++UmlxvA2kspioTjktQZ8taDcHq8gVlkfAAAABHNzaDo=" - ]; - }; - # Raito: Permanent account for pennae, they are doing a bunch of excellent Nix work (including performance). - pennae = { - isNormalUser = true; - home = "/home/pennae"; - shell = "/run/current-system/sw/bin/zsh"; - uid = 2006; - # Raito: Allowed to debug jobserver. - extraGroups = [ "wheel" ] ++ trustedFriendGroups; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC5Wf5/IbyFpdziWfwxkQqxOf3r1L9pYn6xQBEKFwmMY" - "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIK8icXjHkb4XzbIVN3djH4CE7RvgGd+3xbG4cgh0Yls5AAAABHNzaDo=" - ]; - }; - # Raito: Temporary account until next year, for delroth, who is going to work on building capabilities for improving build infrastructure. - delroth = { - isNormalUser = true; - home = "/home/delroth"; - shell = "/run/current-system/sw/bin/zsh"; - uid = 2007; - # Raito: Allowed to spawn new VMs and do various stuff for isolating the workloads. - extraGroups = [ "wheel" ]; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII3tjB4KYDok3KlWxdBp/yEmqhhmybd+w0VO4xUwLKKV" - ]; - }; - }; -} diff --git a/modules/users/keys/gdd.keys b/modules/users/keys/gdd.keys index 324c5aa..f176c04 100644 --- a/modules/users/keys/gdd.keys +++ b/modules/users/keys/gdd.keys @@ -1,2 +1 @@ ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICE7TN5NQKGojNGIeTFiHjLHTDQGT8i05JFqX/zLW2zc -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIqnCNhMl5KgERtpFAVUjd11JDsf0uQ/8NY5sj4tnjw5 diff --git a/modules/users/keys/linus.keys b/modules/users/keys/linus.keys deleted file mode 100644 index 59249fb..0000000 --- a/modules/users/keys/linus.keys +++ /dev/null @@ -1,4 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDf7hGFfUHhtgYY0G/Dh9isjIxkvUjlAKAMvLIZs5NLXwEfnxDTVZW/ijfF2qDozAmYQHZqbeyhJX7YlO6nYjWRBxqBeqAMHhtu3PkiysSCCUymhJ2uDHUAox+BT8IGE3sCKYIXRdmSFoibgQad9AHsQ6OLoIaNgMV7rspdBcO/CjyCkHN440XhQKz/Sq2SyygI9Qkuz0qDdQOgIraVi//EXDAvij0QXlkmh+3xBJwEqt8Pe1KP9itwvGyzGX/aAheCBSf7HPcLzJUgcWymW6FL4AE0KqNVb8Q8ahaEM5UgbXUCauDON8H4OR1Zngszw128wklwxOr7q5gB++Ks1OQlHMGgiVYZ2wC0DXlx68BKSMNnJRHWCI4r63a3bAWGCqKbcCHpimjPAHisPoaoHffVUaIpj65klj+GkoHAgo/pl0S6o4OqVpOau3Qkn95D1KDbUiE1l0HdgZaRmOKRvTKec1V3tfB2rA83Q1cZCWC5ZSwk3wihYPywMyIo6G8f2M2bFot7k/sS9ZMSle6oZDrc6A8qWnaxMZYbEXdFGy02550vdymshJ9RpSLfK1oBKoKk7yL2hk1UHm6obXYXn/F0KvDr7nAM6gOf9NnOrPHKt14WDb0GsZwNd34g1RCcBUcXewh4ZJOHerzsS2h3D30BNQUNCaF8ZQr6FYXp7v9gnQ== -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN3EmXYSXsimS+vlGYtfTkOGuwvkXU0uHd2yYKLOxD2F -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIJWYrcu8usyqdLv4XO4i5TPaQhB+lH3Xbu2uz64hQe3 -sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAICDgQA1A1uHJsqLsSLLkuWNlxXrpGRD6Qx11WBbfP+SmAAAAEXNzaDpsaW51c0BiZWl3ZXJr diff --git a/modules/users/keys/luj.keys b/modules/users/keys/luj.keys index 2536b0e..c9c3829 100644 --- a/modules/users/keys/luj.keys +++ b/modules/users/keys/luj.keys @@ -1,5 +1,4 @@ ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM9Uzb7szWlux7HuxLZej9cBR5MhLz/vaAPPfSoozt2k -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHoYi9YFzovZfwrY3BUA3QqcyBE8gfNTncbs3qqkLbyY ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDCKfPoMNrnyNWH6J1OvQ+n1rvSS9Sc2iZf6E1JQC+L4 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIESMWr29i3rhj32oLV3DKe57YI+jvNaKjZhhpq6dEjsn ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJOCKgHRHAJDSgKqYNfWboL04mnEOM0m0K3TGxBhBNDR @@ -9,5 +8,4 @@ ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILxfFq8wx5Bet5Q0gI28/lc9ryYYFQelpZdPPdzxGBbA ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGa+7n7kNzb86pTqaMn554KiPrkHRGeTJ0asY1NjSbpr ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILKIDLmQQ+P+jE4zVRpdVp8fmYEe4nzPDqYZt6A4eyIi ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAkj2xsN7Qt/Ew2QO+HiF2yOjXPRucZ3SbIdPDLJoh22 -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDMBW7rTtfZL9wtrpCVgariKdpN60/VeAzXkh9w3MwbO ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCUt5I3IgONzYsMOFnRXtvR/uLXlIs6oWsCmh6YGgnpGD4M9lFdoYAOeC1faQUnP66sNs6AoacrGlPZ1UkVUqYEoIr2hiNCDRzzLCQ2J/sSaw7Hv0PKT7MWMo8R076M3TrdunCchBJI1noez3waM9aL4b/iYVhxym28ET55QrWjyMQfZL9PXzOKZatNVcK8AmdtSbI+pFrm/tTZPa321drm9PHOo9CL+lG4YmVZcXa0bVfVtk1GXlWwNpCj2ExLmbF1rRpAa05khfnbg3sBSklwf5NRXj11KneodKRF81ji7MtBhIIfoEXSYht7yspdkkS9e9mv16VGV+2ziM8zG3MK/iUq7fg5ksN54D3DNrd9iI5WjQZsLUrK0ypxO2NtvupWGYt3rCyKA/QvynbxOWFp6cy3Evej142hsfbiOcPIgCtGdHIBevp+KmPxkHBqsJPBqb3Y7nOMT1/ggDMtvHZEZJjEI2D2RjZNEXGbq63OPAqEkgmecW0cXlrjLEGhF2E= diff --git a/modules/users/keys/niklas.keys b/modules/users/keys/niklas.keys deleted file mode 100644 index 69b674c..0000000 --- a/modules/users/keys/niklas.keys +++ /dev/null @@ -1 +0,0 @@ -sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAINHd1ay1FSTHZzE+3XCdUiS5efFmJ9GUvx4+7F5uXVtMAAAABHNzaDo= nikstur diff --git a/modules/users/keys/ninjatrappeur.keys b/modules/users/keys/ninjatrappeur.keys deleted file mode 100644 index 2dd6171..0000000 --- a/modules/users/keys/ninjatrappeur.keys +++ /dev/null @@ -1,3 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQClF9ko5u4zf0CEvleEeRbo9r6BMNgXEGO/rDNZOEHcKxVaeIi+/xF6ZQ5MZbcmH08lswq32hb1XwXg7Gk+ofUdEvCD/kC/vJijt7IFkardy6BNOSWQJLEf6/BpL3LzDQhi7iZXPF46VYoPVGHBh8fKQaAtOCrhbf/8JutfTwCglEztjoiQxY5b8OMfntjBSl6TJwZPJAoQllbJJz9q90sBetvqx6Y08eqIzsSZw6pznpvivRR+TSKU0EkVYS2y2zBAvPK6oyunj5zi01/FACT+Qn70dUkumZAvcPssbl0hCs/xDLgEL6hCEvoszodyMYVn7HS0KwfUlfiGdNUOFHIl -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHzd1XAB7Pc8Tplur5iV3llOXtvlHru8pLtQlbvHzmt1 -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOE7oDtq+xt5RuvMigDZMeZQODFr5Otz6HCO8wnI80oo diff --git a/modules/users/keys/raito.keys b/modules/users/keys/raito.keys index cda49dd..7a717dd 100644 --- a/modules/users/keys/raito.keys +++ b/modules/users/keys/raito.keys @@ -1,4 +1,3 @@ ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDcEkYM1r8QVNM/G5CxJInEdoBCWjEHHDdHlzDYNSUIdHHsn04QY+XI67AdMCm8w30GZnLUIj5RiJEWXREUApby0GrfxGGcy8otforygfgtmuUKAUEHdU2MMwrQI7RtTZ8oQ0USRGuqvmegxz3l5caVU7qGvBllJ4NUHXrkZSja2/51vq80RF4MKkDGiz7xUTixI2UcBwQBCA/kQedKV9G28EH+1XfvePqmMivZjl+7VyHsgUVj9eRGA1XWFw59UPZG8a7VkxO/Eb3K9NF297HUAcFMcbY6cPFi9AaBgu3VC4eetDnoN/+xT1owiHi7BReQhGAy/6cdf7C/my5ehZwD ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE0xMwWedkKosax9+7D2OlnMxFL/eV4CvFZLsbLptpXr ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKiXXYkhRh+s7ixZ8rvG8ntIqd6FELQ9hh7HoaHQJRPU -ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJFsZ7PMDt80tYXHyScQajNhqH4wuYg/o0OxfOHaZD4rXuT0VIKflKH1M9LslfHWIEH3XNeqhQOziH9r+Ny5JcM= diff --git a/modules/users/keys/tomate.keys b/modules/users/keys/tomate.keys index 4dffc5d..c5428d0 100644 --- a/modules/users/keys/tomate.keys +++ b/modules/users/keys/tomate.keys @@ -1,2 +1 @@ ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL+EZXYziiaynJX99EW8KesnmRTZMof3BoIs3mdEl8L3 -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPM1jpXR7BWQa7Sed7ii3SbvIPRRlKb3G91qC0vOwfJn thubrecht@dell-xps diff --git a/modules/users/yvan.nix b/modules/users/yvan.nix new file mode 100644 index 0000000..e9f11a9 --- /dev/null +++ b/modules/users/yvan.nix @@ -0,0 +1,17 @@ +{ ... }: { + users.users.yvan = { + isNormalUser = true; + home = "/home/yvan"; + description = "Yvan's account"; + extraGroups = [ "wheel" "www-data" ]; + openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCdMWQ1D9VJNrIzvgU8QMQwhy7Q/OFI9JNLpo/Kr0uXCeZBtSn9eMzZa88Q8gDaHnlc/BlTnlSomWP/S9u8+j21d+rXgDyPgJUqMjGBxFo4lZue3DlACXKQcwWXiNlGQKFPzSNBN62N3cRwm1R7Won9xVwedS4UnxsXbOGHkBnajQx40Ej3WRVBVbSjKKGaZKKCNO5hfistRP7RtqhwxYK7D/CyOfwnIUuBAnC3QYDYDph7SD2E5OX3rKwPDPnei0zaIMMXyFrMtv/czYOsisOud2H/VX0vipQh59qji/ZNSE31LemF4VcvC1307JX3uEwSfVWiBsWGPGfc/epQ4ixl yvan@X230" # Yvan's X230 + ]; + }; + + services.mastodon = { + enable = true; + smtp = { host = "mail.gandi.net"; fromAddress = "yvan@sraka.xyz"; }; + localDomain = "sraka.xyz"; + }; +} diff --git a/modules/zsh.nix b/modules/zsh.nix index 8a7fae2..df628fb 100644 --- a/modules/zsh.nix +++ b/modules/zsh.nix @@ -4,7 +4,8 @@ programs.zsh.enableGlobalCompInit = false; programs.zsh.interactiveShellInit = '' source ${pkgs.zsh-nix-shell}/share/zsh-nix-shell/nix-shell.plugin.zsh - ''; + ''; + programs.zsh = { autosuggestions.enable = true; promptInit = ''