feat: add delroth as root@ for capability building

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
chore: disable jobserver
2024-06-08 12:27:55 +02:00 · 2024-06-08 12:27:43 +02:00 · 2024-06-08 12:24:40 +02:00 · 2024-06-08 12:23:57 +02:00 · 2024-06-08 12:23:45 +02:00 · 2024-06-08 12:23:39 +02:00
7 changed files with 73 additions and 51 deletions
--- a/flake.lock
+++ b/flake.lock
@ -10,11 +10,11 @@
        "systems": "systems"
      },
      "locked": {
-        "lastModified": 1707830867,
-        "narHash": "sha256-PAdwm5QqdlwIqGrfzzvzZubM+FXtilekQ/FA0cI49/o=",
+        "lastModified": 1716561646,
+        "narHash": "sha256-UIGtLO89RxKt7RF2iEgPikSdU53r6v/6WYB0RW3k89I=",
        "owner": "ryantm",
        "repo": "agenix",
-        "rev": "8cb01a0e717311680e0cbca06a76cbceba6f3ed6",
+        "rev": "c2fc0762bbe8feb06a2e59a364fa81b3a57671c9",
        "type": "github"
      },
      "original": {
@ -32,11 +32,11 @@
        "nixpkgs-stable": "nixpkgs-stable"
      },
      "locked": {
-        "lastModified": 1707922053,
-        "narHash": "sha256-wSZjK+rOXn+UQiP1NbdNn5/UW6UcBxjvlqr2wh++MbM=",
+        "lastModified": 1711742460,
+        "narHash": "sha256-0O4v6e4a1toxXZ2gf5INhg4WPE5C5T+SVvsBt+45Mcc=",
        "owner": "zhaofengli",
        "repo": "attic",
-        "rev": "6eabc3f02fae3683bffab483e614bebfcd476b21",
+        "rev": "4dbdbee45728d8ce5788db6461aaaa89d98081f0",
        "type": "github"
      },
      "original": {
@ -55,11 +55,11 @@
        "stable": "stable"
      },
      "locked": {
-        "lastModified": 1706509311,
-        "narHash": "sha256-QQKQ6r3CID8aXn2ZXZ79ZJxdCOeVP+JTnOctDALErOw=",
+        "lastModified": 1711386353,
+        "narHash": "sha256-gWEpb8Hybnoqb4O4tmpohGZk6+aerAbJpywKcFIiMlg=",
        "owner": "zhaofengli",
        "repo": "colmena",
-        "rev": "c84ccd0a7a712475e861c2b111574472b1a8d0cd",
+        "rev": "cd65ef7a25cdc75052fbd04b120aeb066c3881db",
        "type": "github"
      },
      "original": {
@ -118,11 +118,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1709439398,
-        "narHash": "sha256-MW0zp3ta7SvdpjvhVCbtP20ewRwQZX2vRFn14gTc4Kg=",
+        "lastModified": 1716431128,
+        "narHash": "sha256-t3T8HlX3udO6f4ilLcN+j5eC3m2gqsouzSGiriKK6vk=",
        "owner": "nix-community",
        "repo": "disko",
-        "rev": "1f76b318aa11170c8ca8c225a9b4c458a5fcbb57",
+        "rev": "7ffc4354dfeb37c8c725ae1465f04a9b45ec8606",
        "type": "github"
      },
      "original": {
@ -170,11 +170,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1709336216,
-        "narHash": "sha256-Dt/wOWeW6Sqm11Yh+2+t0dfEWxoMxGBvv3JpIocFl9E=",
+        "lastModified": 1715865404,
+        "narHash": "sha256-/GJvTdTpuDjNn84j82cU6bXztE0MSkdnTWClUCRub78=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
-        "rev": "f7b3c975cf067e56e7cda6cb098ebe3fb4d74ca2",
+        "rev": "8dc45382d5206bd292f9c2768b8058a8fd8311d9",
        "type": "github"
      },
      "original": {
@ -257,27 +257,27 @@
        ]
      },
      "locked": {
-        "lastModified": 1706981411,
-        "narHash": "sha256-cLbLPTL1CDmETVh4p0nQtvoF+FSEjsnJTFpTxhXywhQ=",
+        "lastModified": 1717527182,
+        "narHash": "sha256-vWSkg6AMok1UUQiSYVdGMOXKD2cDFnajITiSi0Zjd1A=",
        "owner": "rycee",
        "repo": "home-manager",
-        "rev": "652fda4ca6dafeb090943422c34ae9145787af37",
+        "rev": "845a5c4c073f74105022533907703441e0464bc3",
        "type": "github"
      },
      "original": {
        "owner": "rycee",
-        "ref": "release-23.11",
+        "ref": "release-24.05",
        "repo": "home-manager",
        "type": "github"
      }
    },
    "nixos-hardware": {
      "locked": {
-        "lastModified": 1709410583,
-        "narHash": "sha256-esOSUoQ7mblwcsSea0K17McZuwAIjoS6dq/4b83+lvw=",
+        "lastModified": 1716715385,
+        "narHash": "sha256-fe6Z33pbfqu4TI5ijmcaNc5vRBs633tyxJ12HTghy3w=",
        "owner": "NixOS",
        "repo": "nixos-hardware",
-        "rev": "59e37017b9ed31dee303dbbd4531c594df95cfbc",
+        "rev": "2e7d6c568063c83355fe066b8a8917ee758de1b8",
        "type": "github"
      },
      "original": {
@ -288,11 +288,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1702539185,
-        "narHash": "sha256-KnIRG5NMdLIpEkZTnN5zovNYc0hhXjAgv6pfd5Z4c7U=",
+        "lastModified": 1711401922,
+        "narHash": "sha256-QoQqXoj8ClGo0sqD/qWKFWezgEwUL0SUh37/vY2jNhc=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "aa9d4729cbc99dabacb50e3994dcefb3ea0f7447",
+        "rev": "07262b18b97000d16a4bdb003418bd2fb067a932",
        "type": "github"
      },
      "original": {
@ -304,11 +304,11 @@
    },
    "nixpkgs-stable": {
      "locked": {
-        "lastModified": 1702780907,
-        "narHash": "sha256-blbrBBXjjZt6OKTcYX1jpe9SRof2P9ZYWPzq22tzXAA=",
+        "lastModified": 1711460390,
+        "narHash": "sha256-akSgjDZL6pVHEfSE6sz1DNSXuYX6hq+P/1Z5IoYWs7E=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "1e2e384c5b7c50dbf8e9c441a9e58d85f408b01f",
+        "rev": "44733514b72e732bd49f5511bd0203dea9b9a434",
        "type": "github"
      },
      "original": {
@ -320,11 +320,11 @@
    },
    "nixpkgs-unstable": {
      "locked": {
-        "lastModified": 1709356872,
-        "narHash": "sha256-mvxCirJbtkP0cZ6ABdwcgTk0u3bgLoIoEFIoYBvD6+4=",
+        "lastModified": 1716715802,
+        "narHash": "sha256-usk0vE7VlxPX8jOavrtpOqphdfqEQpf9lgedlY/r66c=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "458b097d81f90275b3fdf03796f0563844926708",
+        "rev": "e2dd4e18cc1c7314e24154331bae07df76eb582f",
        "type": "github"
      },
      "original": {
@ -336,27 +336,27 @@
    },
    "nixpkgs_2": {
      "locked": {
-        "lastModified": 1716330751,
-        "narHash": "sha256-JLvLi84gRMwgF9DumUwiOUA5UciXf9e2Aaa07sKx4Y0=",
-        "owner": "pennae",
+        "lastModified": 1717796960,
+        "narHash": "sha256-BKjQ9tQdsuoROrojHZb7KTAv95WprqCkNFvuzatfEo0=",
+        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "8e505de834edbac6d581589ebd18339c38d32731",
+        "rev": "8e0a5f16b7bf7f212be068dd302c49888c6ad68f",
        "type": "github"
      },
      "original": {
-        "owner": "pennae",
+        "owner": "NixOS",
+        "ref": "nixos-24.05-small",
        "repo": "nixpkgs",
-        "rev": "8e505de834edbac6d581589ebd18339c38d32731",
        "type": "github"
      }
    },
    "nur": {
      "locked": {
-        "lastModified": 1709439575,
-        "narHash": "sha256-49f8WbTUE4C8VrIxS2DrINOncakhFChcmZ6xccVSfkA=",
+        "lastModified": 1716741358,
+        "narHash": "sha256-4bxptwbmplGKq3W4tl6Zem/bOHsdLP4DSPcm/FfCaFE=",
        "owner": "nix-community",
        "repo": "NUR",
-        "rev": "075c3094d6c6c3fae0e107de41e2367d17341ac4",
+        "rev": "c65a3bde6793b437a705edfe5ff8435cbb8307a2",
        "type": "github"
      },
      "original": {
@ -388,11 +388,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1709301784,
-        "narHash": "sha256-Yf7HeS2VZCD8kD/wEgnToyt9YqQhCle/9TazmFYnjsE=",
+        "lastModified": 1716425501,
+        "narHash": "sha256-BSLhmGYY1khyyBAjraR+N0Pa9Nha/et5yQQlEZxcfkU=",
        "owner": "numtide",
        "repo": "srvos",
-        "rev": "9501896e0edf01d2cbd5fa6f0dbb3aafc00dae81",
+        "rev": "1122cd50a23647e09c3e7a679d37ec02113bc412",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@ -10,13 +10,13 @@
    flake-parts.url = "github:hercules-ci/flake-parts";
    flake-parts.inputs.nixpkgs-lib.follows = "nixpkgs";

-    nixpkgs.url = "github:pennae/nixpkgs/8e505de834edbac6d581589ebd18339c38d32731";
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05-small";
    nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixpkgs-unstable";

    nixos-hardware.url = "github:NixOS/nixos-hardware";
    nur.url = "github:nix-community/NUR";

-    home-manager.url = "github:rycee/home-manager/release-23.11";
+    home-manager.url = "github:rycee/home-manager/release-24.05";
    home-manager.inputs.nixpkgs.follows = "nixpkgs";

    agenix.url = "github:ryantm/agenix";
--- a/hosts/epyc.nix
+++ b/hosts/epyc.nix
@ -25,8 +25,9 @@ in
    rootless.enable = true;
  };

-  # We want to use EEVDF and AMD-related niceties.
-  boot.kernelPackages = pkgs.linuxPackages_latest;
+  # TODO: there's a critical bug on 6.8+ where btrfs won't mount the rootfs at all.
+  # Do not upgrade until it is fixed. Ping Raito when needed.
+  # boot.kernelPackages = pkgs.linuxPackage_latest;

  # Open public access to our PostgreSQL.
  services.postgresql.enable = true;
--- a/modules/hardware/supermicro-H12SSL-i.nix
+++ b/modules/hardware/supermicro-H12SSL-i.nix
@ -8,12 +8,18 @@
    [ (modulesPath + "/installer/scan/not-detected.nix")
    ];

-  boot.kernelParams = [ "pci=realloc" ];
+  boot.kernelParams = [ "pci=realloc" "boot.shell_on_fail" ];
  boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
  boot.initrd.kernelModules = [ ];
  boot.kernelModules = [ "kvm-amd" ];
  boot.extraModulePackages = [ ];

+  boot.initrd.extraUtilsCommands = ''
+    copy_bin_and_libs ${pkgs.nvme-cli}/bin/nvme
+    copy_bin_and_libs ${pkgs.util-linux}/bin/blkzone
+    copy_bin_and_libs ${pkgs.util-linux}/bin/lsblk
+  '';
+
  boot.initrd.systemd.enable = lib.mkForce false;

  fileSystems."/" =
@ -34,7 +40,7 @@

  swapDevices =
    [ { device = "/dev/disk/by-uuid/93e251e1-1bfc-4bd4-8585-ea2eae7795bf"; }
-    ];
+  ];

  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
--- a/modules/nix-daemon.nix
+++ b/modules/nix-daemon.nix
@ -31,7 +31,11 @@ in
    ];

    # Makes the computer go faster.
-    nixos.jobserver.enable = true;
+    # nixos.jobserver.enable = true;
+    # TODO(raito): rework this.
+
+    # Avoid weird failures for builders.
+    services.openssh.settings.MaxStartups = 100;

    # Memory accounting techniques
    systemd.services.nix-daemon.serviceConfig = {
--- a/modules/users/admins.nix
+++ b/modules/users/admins.nix
@ -22,7 +22,6 @@ in
      luj = {
        isNormalUser = true;
        home = "/home/luj";
-        inherit (config.users.users.raito);
        extraGroups = extraGroups ++ [ "production-hydra-db" ];
        shell = "/run/current-system/sw/bin/zsh";
        uid = 1001;
--- a/modules/users/friends.nix
+++ b/modules/users/friends.nix
@ -68,5 +68,17 @@ in
        "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIK8icXjHkb4XzbIVN3djH4CE7RvgGd+3xbG4cgh0Yls5AAAABHNzaDo="
      ];
    };
+    # Raito: Temporary account until next year, for delroth, who is going to work on building capabilities for improving build infrastructure.
+    delroth = {
+      isNormalUser = true;
+      home = "/home/delroth";
+      shell = "/run/current-system/sw/bin/zsh";
+      uid = 2007;
+      # Raito: Allowed to spawn new VMs and do various stuff for isolating the workloads.
+      extraGroups = [ "wheel" ];
+      openssh.authorizedKeys.keys = [
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII3tjB4KYDok3KlWxdBp/yEmqhhmybd+w0VO4xUwLKKV"
+      ];
+    };
  };
 }
Author	SHA1	Message	Date
Raito Bezarius	e68d5a95c0	feat: add delroth as root@ for capability building Signed-off-by: Raito Bezarius <masterancpp@gmail.com>	2024-06-08 12:27:55 +02:00
Raito Bezarius	8c574200c1	chore: disable jobserver Signed-off-by: Raito Bezarius <masterancpp@gmail.com>	2024-06-08 12:27:43 +02:00
Raito Bezarius	797d109938	chore: bump to 24.05-small Signed-off-by: Raito Bezarius <masterancpp@gmail.com>	2024-06-08 12:24:40 +02:00
Raito Bezarius	9ede9fe3be	fix: enable a bunch of startups for sshd Signed-off-by: Raito Bezarius <masterancpp@gmail.com>	2024-06-08 12:23:57 +02:00
Raito Bezarius	0e01e1e3e9	chore: cleanup luj entry Signed-off-by: Raito Bezarius <masterancpp@gmail.com>	2024-06-08 12:23:45 +02:00
Raito Bezarius	59cbb85ebe	fix: debug attempts for the weird reboot issue Signed-off-by: Raito Bezarius <masterancpp@gmail.com>	2024-06-08 12:23:39 +02:00