Compare commits
2 Commits
Author | SHA1 | Date |
---|---|---|
Raito Bezarius | df0771e346 | 2 years ago |
Raito Bezarius | f6c1177c38 | 2 years ago |
@ -1 +0,0 @@
|
||||
.direnv
|
Before Width: | Height: | Size: 30 KiB After Width: | Height: | Size: 29 KiB |
@ -0,0 +1,63 @@
|
||||
<?xml version='1.0' encoding='UTF-8'?>
|
||||
<svg xmlns='http://www.w3.org/2000/svg' xmlns:xlink='http://www.w3.org/1999/xlink' width='412px' height='462px' viewBox='0 0 412px 462px' version='1.1'>
|
||||
<rect id='Machine_0_rect' class='Machine' x='0' y='0' width='412' height='424' fill='rgb(255,255,255)' stroke='rgb(0,0,0)' stroke-width='1'/>
|
||||
<text id='Machine_0_text' class='Machine' font-family='Monospace' x='7' y='17' fill='rgb(0,0,0)' font-size='10px'>Machine (5936MB total)</text>
|
||||
<rect id='Package_0_rect' class='Package' x='7' y='24' width='178' height='255' fill='rgb(210,231,164)' stroke='rgb(0,0,0)' stroke-width='1'/>
|
||||
<text id='Package_0_text' class='Package' font-family='Monospace' x='14' y='41' fill='rgb(0,0,0)' font-size='10px'>Package L#0</text>
|
||||
<rect id='L3_0_rect' class='L3' x='14' y='79' width='80' height='24' fill='rgb(255,255,255)' stroke='rgb(0,0,0)' stroke-width='1'/>
|
||||
<text id='L3_0_text' class='L3' font-family='Monospace' x='21' y='96' fill='rgb(0,0,0)' font-size='10px'>L3 (16MB)</text>
|
||||
<rect id='L2_0_rect' class='L2' x='14' y='110' width='80' height='24' fill='rgb(255,255,255)' stroke='rgb(0,0,0)' stroke-width='1'/>
|
||||
<text id='L2_0_text' class='L2' font-family='Monospace' x='21' y='127' fill='rgb(0,0,0)' font-size='10px'>L2 (4096KB)</text>
|
||||
<rect id='L1d_0_rect' class='L1d' x='14' y='141' width='74' height='24' fill='rgb(255,255,255)' stroke='rgb(0,0,0)' stroke-width='1'/>
|
||||
<text id='L1d_0_text' class='L1d' font-family='Monospace' x='21' y='158' fill='rgb(0,0,0)' font-size='10px'>L1d (32KB)</text>
|
||||
<rect id='L1i_0_rect' class='L1i' x='14' y='172' width='74' height='24' fill='rgb(255,255,255)' stroke='rgb(0,0,0)' stroke-width='1'/>
|
||||
<text id='L1i_0_text' class='L1i' font-family='Monospace' x='21' y='189' fill='rgb(0,0,0)' font-size='10px'>L1i (32KB)</text>
|
||||
<rect id='Core_0_rect' class='Core' x='14' y='203' width='64' height='69' fill='rgb(190,190,190)' stroke='rgb(0,0,0)' stroke-width='1'/>
|
||||
<text id='Core_0_text' class='Core' font-family='Monospace' x='21' y='220' fill='rgb(0,0,0)' font-size='10px'>Core L#0</text>
|
||||
<rect id='PU_0_rect' class='PU' x='21' y='227' width='50' height='38' fill='rgb(255,255,255)' stroke='rgb(0,0,0)' stroke-width='1'/>
|
||||
<text id='PU_0_text' class='PU' font-family='Monospace' x='28' y='244' fill='rgb(0,0,0)' font-size='10px'>PU L#0</text>
|
||||
<text id='PU_0_text_1' class='PU' font-family='Monospace' x='37' y='258' fill='rgb(0,0,0)' font-size='10px'>P#0</text>
|
||||
<rect id='NUMANode_0_rect' class='NUMANode' x='14' y='48' width='164' height='24' fill='rgb(239,223,222)' stroke='rgb(0,0,0)' stroke-width='1'/>
|
||||
<text id='NUMANode_0_text' class='NUMANode' font-family='Monospace' x='21' y='65' fill='rgb(0,0,0)' font-size='10px'>NUMANode L#0 P#0 (5936MB)</text>
|
||||
<rect id='HostBridge_0_rect' class='HostBridge' x='192' y='24' width='7' height='7' fill='rgb(255,255,255)' stroke='rgb(0,0,0)' stroke-width='1'/>
|
||||
<line id='HostBridge_0_line' class='HostBridge' x1='199' y1='27' x2='206' y2='27' stroke='rgb(0,0,0)' stroke-width='1'/>
|
||||
<line id='HostBridge_0_line_2' class='HostBridge' x1='206' y1='27' x2='230' y2='27' stroke='rgb(0,0,0)' stroke-width='1'/>
|
||||
<line id='HostBridge_0_line_3' class='HostBridge' x1='206' y1='103' x2='230' y2='103' stroke='rgb(0,0,0)' stroke-width='1'/>
|
||||
<line id='HostBridge_0_line_4' class='HostBridge' x1='206' y1='134' x2='230' y2='134' stroke='rgb(0,0,0)' stroke-width='1'/>
|
||||
<line id='HostBridge_0_line_5' class='HostBridge' x1='206' y1='165' x2='230' y2='165' stroke='rgb(0,0,0)' stroke-width='1'/>
|
||||
<line id='HostBridge_0_line_6' class='HostBridge' x1='206' y1='241' x2='230' y2='241' stroke='rgb(0,0,0)' stroke-width='1'/>
|
||||
<line id='HostBridge_0_line_7' class='HostBridge' x1='206' y1='303' x2='230' y2='303' stroke='rgb(0,0,0)' stroke-width='1'/>
|
||||
<line id='HostBridge_0_line_8' class='HostBridge' x1='206' y1='365' x2='230' y2='365' stroke='rgb(0,0,0)' stroke-width='1'/>
|
||||
<line id='HostBridge_0_line_1' class='HostBridge' x1='206' y1='27' x2='206' y2='365' stroke='rgb(0,0,0)' stroke-width='1'/>
|
||||
<rect id='PCI_0_rect' class='PCI' x='230' y='24' width='82' height='69' fill='rgb(190,210,149)' stroke='rgb(0,0,0)' stroke-width='1'/>
|
||||
<text id='PCI_0_text' class='PCI' font-family='Monospace' x='237' y='41' fill='rgb(0,0,0)' font-size='10px'>PCI 00:01.1</text>
|
||||
<rect id='Block_0_rect' class='Block' x='237' y='48' width='68' height='38' fill='rgb(222,222,222)' stroke='rgb(0,0,0)' stroke-width='1'/>
|
||||
<text id='Block_0_text' class='Block' font-family='Monospace' x='244' y='65' fill='rgb(0,0,0)' font-size='10px'>Block sr0</text>
|
||||
<text id='Block_0_text_1' class='Block' font-family='Monospace' x='244' y='79' fill='rgb(0,0,0)' font-size='10px'>541 MB</text>
|
||||
<rect id='PCI_1_rect' class='PCI' x='230' y='100' width='80' height='24' fill='rgb(190,210,149)' stroke='rgb(0,0,0)' stroke-width='1'/>
|
||||
<text id='PCI_1_text' class='PCI' font-family='Monospace' x='237' y='117' fill='rgb(0,0,0)' font-size='10px'>PCI 00:02.0</text>
|
||||
<rect id='PCI_2_rect' class='PCI' x='230' y='131' width='80' height='24' fill='rgb(190,210,149)' stroke='rgb(0,0,0)' stroke-width='1'/>
|
||||
<text id='PCI_2_text' class='PCI' font-family='Monospace' x='237' y='148' fill='rgb(0,0,0)' font-size='10px'>PCI 00:03.0</text>
|
||||
<rect id='PCI_3_rect' class='PCI' x='230' y='162' width='82' height='69' fill='rgb(190,210,149)' stroke='rgb(0,0,0)' stroke-width='1'/>
|
||||
<text id='PCI_3_text' class='PCI' font-family='Monospace' x='237' y='179' fill='rgb(0,0,0)' font-size='10px'>PCI 00:05.0</text>
|
||||
<rect id='Block_1_rect' class='Block' x='237' y='186' width='68' height='38' fill='rgb(222,222,222)' stroke='rgb(0,0,0)' stroke-width='1'/>
|
||||
<text id='Block_1_text' class='Block' font-family='Monospace' x='244' y='203' fill='rgb(0,0,0)' font-size='10px'>Block sda</text>
|
||||
<text id='Block_1_text_1' class='Block' font-family='Monospace' x='244' y='217' fill='rgb(0,0,0)' font-size='10px'>40 GB</text>
|
||||
<rect id='PCI_4_rect' class='PCI' x='230' y='238' width='82' height='55' fill='rgb(190,210,149)' stroke='rgb(0,0,0)' stroke-width='1'/>
|
||||
<text id='PCI_4_text' class='PCI' font-family='Monospace' x='237' y='255' fill='rgb(0,0,0)' font-size='10px'>PCI 00:12.0</text>
|
||||
<rect id='Net_2_rect' class='Net' x='237' y='262' width='68' height='24' fill='rgb(222,222,222)' stroke='rgb(0,0,0)' stroke-width='1'/>
|
||||
<text id='Net_2_text' class='Net' font-family='Monospace' x='244' y='279' fill='rgb(0,0,0)' font-size='10px'>Net ens18</text>
|
||||
<rect id='PCI_5_rect' class='PCI' x='230' y='300' width='82' height='55' fill='rgb(190,210,149)' stroke='rgb(0,0,0)' stroke-width='1'/>
|
||||
<text id='PCI_5_text' class='PCI' font-family='Monospace' x='237' y='317' fill='rgb(0,0,0)' font-size='10px'>PCI 00:13.0</text>
|
||||
<rect id='Net_3_rect' class='Net' x='237' y='324' width='68' height='24' fill='rgb(222,222,222)' stroke='rgb(0,0,0)' stroke-width='1'/>
|
||||
<text id='Net_3_text' class='Net' font-family='Monospace' x='244' y='341' fill='rgb(0,0,0)' font-size='10px'>Net ens19</text>
|
||||
<rect id='PCI_6_rect' class='PCI' x='230' y='362' width='82' height='55' fill='rgb(190,210,149)' stroke='rgb(0,0,0)' stroke-width='1'/>
|
||||
<text id='PCI_6_text' class='PCI' font-family='Monospace' x='237' y='379' fill='rgb(0,0,0)' font-size='10px'>PCI 00:14.0</text>
|
||||
<rect id='Net_4_rect' class='Net' x='237' y='386' width='68' height='24' fill='rgb(222,222,222)' stroke='rgb(0,0,0)' stroke-width='1'/>
|
||||
<text id='Net_4_text' class='Net' font-family='Monospace' x='244' y='403' fill='rgb(0,0,0)' font-size='10px'>Net ens20</text>
|
||||
<rect id='Misc_0_rect' class='Misc' x='319' y='24' width='86' height='24' fill='rgb(255,255,255)' stroke='rgb(0,0,0)' stroke-width='1'/>
|
||||
<text id='Misc_0_text' class='Misc' font-family='Monospace' x='326' y='41' fill='rgb(0,0,0)' font-size='10px'>MemoryModule</text>
|
||||
<rect id='anon_rect' x='0' y='424' width='412' height='38' fill='rgb(255,255,255)' stroke='rgb(0,0,0)' stroke-width='1'/>
|
||||
<text id='anon_text' font-family='Monospace' x='7' y='441' fill='rgb(0,0,0)' font-size='10px'>Host: vieuxtype</text>
|
||||
<text id='anon_text_1' font-family='Monospace' x='7' y='455' fill='rgb(0,0,0)' font-size='10px'>Date: Mon 05 Jun 2023 08:15:31 PM CEST</text>
|
||||
</svg>
|
After Width: | Height: | Size: 7.9 KiB |
@ -0,0 +1,83 @@
|
||||
# vieuxtype
|
||||
|
||||
```
|
||||
System: Host: vieuxtype Kernel: 6.1.31 x86_64 bits: 64 compiler: gcc v: 12.2.0
|
||||
parameters: initrd=\efi\nixos\mf13ryz0gl48s8672gzg80lvq9yd8189-initrd-linux-6.1.31-initrd.efi
|
||||
init=/nix/store/5c8yhqcmf24d61m99cpqc3ffjma90cxs-nixos-system-vieuxtype-23.05.553.e7603eba51f/init
|
||||
console=ttyS0,115200 panic=30 boot.panic_on_fail loglevel=4
|
||||
Console: N/A Distro: NixOS 23.05 (Stoat)
|
||||
Machine: Type: Kvm System: QEMU product: Standard PC (i440FX + PIIX, 1996) v: pc-i440fx-7.2
|
||||
serial: N/A Chassis: type: 1 v: pc-i440fx-7.2 serial: N/A
|
||||
Mobo: N/A model: N/A serial: N/A UEFI: EFI Development Kit II / OVMF v: 3.20230228-2
|
||||
date: 04/04/2023
|
||||
Memory: RAM: total: 5.8 GiB used: 820.6 MiB (13.8%)
|
||||
Array-1: capacity: 6 GiB slots: 1 EC: Multi-bit ECC max-module-size: 6 GiB note: est.
|
||||
Device-1: DIMM 0 size: 6 GiB speed: N/A type: RAM detail: other bus-width: Unknown
|
||||
total: Unknown manufacturer: QEMU part-no: Not Specified serial: Not Specified
|
||||
PCI Slots: Message: No PCI Slot data found.
|
||||
CPU: Info: Single Core model: Common KVM bits: 64 type: MCP arch: Netburst Presler
|
||||
family: F (15) model-id: 6 stepping: 1 microcode: 1 cache: L2: 16 MiB
|
||||
flags: lm nx pae sse sse2 sse3 bogomips: 5199
|
||||
Speed: 2600 MHz min/max: N/A base/boost: 2000/2000 Core speed (MHz): 1: 2600
|
||||
Vulnerabilities: Type: itlb_multihit status: KVM: VMX unsupported
|
||||
Type: l1tf mitigation: PTE Inversion
|
||||
Type: mds
|
||||
status: Vulnerable: Clear CPU buffers attempted, no microcode; SMT Host state unknown
|
||||
Type: meltdown mitigation: PTI
|
||||
Type: mmio_stale_data status: Unknown: No mitigations
|
||||
Type: retbleed status: Not affected
|
||||
Type: spec_store_bypass status: Vulnerable
|
||||
Type: spectre_v1 mitigation: usercopy/swapgs barriers and __user pointer sanitization
|
||||
Type: spectre_v2
|
||||
mitigation: Retpolines, STIBP: disabled, RSB filling, PBRSB-eIBRS: Not affected
|
||||
Type: srbds status: Not affected
|
||||
Type: tsx_async_abort status: Not affected
|
||||
Graphics: Device-1: vendor: Red Hat driver: bochs-drm v: N/A alternate: bochs bus-ID: 00:02.0
|
||||
chip-ID: 1234:1111 class-ID: 0300
|
||||
Display: server: No display server data found. Headless machine? tty: N/A
|
||||
Message: Advanced graphics data unavailable in console for root.
|
||||
Audio: Message: No device data found.
|
||||
Network: Device-1: Intel 82371AB/EB/MB PIIX4 ACPI vendor: Red Hat Qemu virtual machine
|
||||
type: network bridge driver: piix4_smbus v: N/A modules: i2c_piix4 port: 10c0
|
||||
bus-ID: 00:01.3 chip-ID: 8086:7113 class-ID: 0680
|
||||
Device-2: Red Hat Virtio network driver: virtio-pci v: 1 modules: virtio_pci port: 10e0
|
||||
bus-ID: 00:12.0 chip-ID: 1af4:1000 class-ID: 0200
|
||||
IF: ens18 state: up speed: -1 duplex: unknown mac: da:3e:b0:11:ae:0a
|
||||
IP v4: 169.254.129.42/16 type: noprefixroute scope: global broadcast: 169.254.255.255
|
||||
IP v6: 2a01:e0a:5f9:9681:33ba:55f5:6e55:beef/64 type: temporary dynamic scope: global
|
||||
IP v6: 2a01:e0a:5f9:9681:d83e:b0ff:fe11:ae0a/64 type: dynamic mngtmpaddr scope: global
|
||||
IP v6: 2a01:e0a:5f9:9681:a498:fffb:e48d:299/64 scope: global
|
||||
IP v6: fe80::d83e:b0ff:fe11:ae0a/64 scope: link
|
||||
Device-3: Red Hat Virtio network driver: virtio-pci v: 1 modules: virtio_pci port: 1400
|
||||
bus-ID: 00:13.0 chip-ID: 1af4:1000 class-ID: 0200
|
||||
IF: ens19 state: up speed: -1 duplex: unknown mac: 72:38:5f:a6:82:5a
|
||||
IP v4: 10.32.64.196/20 type: dynamic noprefixroute scope: global
|
||||
broadcast: 10.32.79.255
|
||||
IP v6: fe80::7038:5fff:fea6:825a/64 scope: link
|
||||
Device-4: Red Hat Virtio network driver: virtio-pci v: 1 modules: virtio_pci port: 1420
|
||||
bus-ID: 00:14.0 chip-ID: 1af4:1000 class-ID: 0200
|
||||
IF: ens20 state: up speed: -1 duplex: unknown mac: 8e:38:09:a2:8c:9e
|
||||
IP v4: 10.32.64.224/20 type: dynamic noprefixroute scope: global
|
||||
broadcast: 10.32.79.255
|
||||
IP v6: fe80::8c38:9ff:fea2:8c9e/64 scope: link
|
||||
IF-ID-1: tailscale0 state: unknown speed: -1 duplex: full mac: N/A
|
||||
IP v6: fe80::7d4f:3369:71cc:66d5/64 virtual: stable-privacy scope: link
|
||||
WAN IP: 82.65.118.1
|
||||
Drives: Local Storage: total: 40 GiB used: 10.33 GiB (25.8%)
|
||||
ID-1: /dev/sda maj-min: 8:0 vendor: QEMU model: HARDDISK size: 40 GiB block-size:
|
||||
physical: 512 B logical: 512 B speed: <unknown> serial: drive-scsi0 rev: 2.5+
|
||||
scheme: GPT
|
||||
SMART: no
|
||||
Partition: ID-1: / raw-size: 11.5 GiB size: 11.22 GiB (97.55%) used: 10.27 GiB (91.6%) fs: ext4
|
||||
block-size: 4096 B dev: /dev/sda1 maj-min: 8:1
|
||||
ID-2: /boot raw-size: 511 MiB size: 510 MiB (99.80%) used: 54.9 MiB (10.8%) fs: vfat
|
||||
block-size: 512 B dev: /dev/sda3 maj-min: 8:3
|
||||
Swap: Kernel: swappiness: 60 (default) cache-pressure: 100 (default)
|
||||
ID-1: swap-1 type: partition size: 8 GiB used: 0 KiB (0.0%) priority: -2 dev: /dev/sda2
|
||||
maj-min: 8:2
|
||||
Sensors: Message: No sensor data found. Is lm-sensors configured?
|
||||
Info: Processes: 107 Uptime: N/A wakeups: 1 Init: systemd v: 253 target: multi-user.target
|
||||
tool: systemctl Compilers: gcc: 12.2.0 Packages: 899 nix-default: 9 nix-sys: 881
|
||||
lib: 155 nix-usr: 9 lib: 3 Client: Sudo v: 1.9.13p3 inxi: 3.3.04
|
||||
```
|
||||
![hardware topology](vieuxtype.lstopo.svg)
|
@ -1,55 +1,14 @@
|
||||
{ lib, pkgs, ... }:
|
||||
let
|
||||
gcc-system-features = arch: lib.optionals (arch != null) ([ "gccarch-${arch}" ]
|
||||
++ map (x: "gccarch-${x}") lib.systems.architectures.inferiors.${arch});
|
||||
in
|
||||
{
|
||||
imports = [
|
||||
../modules/ipmi-supermicro.nix
|
||||
../modules/hardware/supermicro-H12SSL-i.nix
|
||||
../modules/iperf-server.nix
|
||||
../modules/hypervisor.nix
|
||||
../modules/hydra/coordinator.nix
|
||||
../modules/android-cache.nix
|
||||
../modules/garage.nix
|
||||
../modules/users/friends.nix
|
||||
];
|
||||
|
||||
networking.hostName = "epyc";
|
||||
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
|
||||
virtualisation.docker = {
|
||||
enable = true;
|
||||
rootless.enable = true;
|
||||
};
|
||||
|
||||
# TODO: there's a critical bug on 6.8+ where btrfs won't mount the rootfs at all.
|
||||
# Do not upgrade until it is fixed. Ping Raito when needed.
|
||||
# boot.kernelPackages = pkgs.linuxPackage_latest;
|
||||
|
||||
# Open public access to our PostgreSQL.
|
||||
services.postgresql.enable = true;
|
||||
services.postgresql.enableTCPIP = true;
|
||||
services.postgresql.authentication = ''
|
||||
host hydra-nixos-org hydra_ro ::/0 trust
|
||||
'';
|
||||
networking.firewall.allowedTCPPorts = [ 5432 ];
|
||||
|
||||
nix.buildMachines = [
|
||||
{ hostName = "localhost";
|
||||
systems = [
|
||||
"x86_64-linux"
|
||||
"riscv64-linux"
|
||||
];
|
||||
supportedFeatures = [ "kvm" "nixos-test" "big-parallel" "benchmark" ] ++ gcc-system-features "znver3";
|
||||
maxJobs = 2;
|
||||
}
|
||||
];
|
||||
|
||||
boot.binfmt.emulatedSystems = [ "riscv64-linux" "aarch64-linux" "riscv64-linux" ];
|
||||
|
||||
simd.arch = "znver3";
|
||||
system.stateVersion = "23.05";
|
||||
}
|
||||
|
@ -0,0 +1,28 @@
|
||||
{
|
||||
imports = [
|
||||
../modules/hardware/vm.nix
|
||||
../modules/gitea.nix
|
||||
../modules/tailscale.nix
|
||||
../modules/users/yvan.nix
|
||||
];
|
||||
|
||||
fileSystems."/" = {
|
||||
device = "/dev/disk/by-uuid/fe1d2e0d-9210-4a2d-b584-d1e131747ea3";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
fileSystems."/boot" = {
|
||||
device = "/dev/disk/by-uuid/8782-7801";
|
||||
fsType = "vfat";
|
||||
};
|
||||
|
||||
swapDevices =
|
||||
[{ device = "/dev/disk/by-uuid/c9511ddb-e41f-436c-ad1f-9b587ed0ba11"; }];
|
||||
|
||||
networking.hostName = "vieuxtype";
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
|
||||
# simd.arch = "znver3";
|
||||
system.stateVersion = "23.05";
|
||||
}
|
@ -1,14 +0,0 @@
|
||||
{ lib, ... }:
|
||||
let
|
||||
mirrors = {
|
||||
# "https://android.googlesource.com" = "/mnt/aospaosp/mirror";
|
||||
# "https://github.com/LineageOS" = "/var/lib/src/lineageos/LineageOS";
|
||||
# "https://github.com/TheMuppets" = "/var/lib/src/themuppets/TheMuppets";
|
||||
};
|
||||
in
|
||||
{
|
||||
nix.envVars.ROBOTNIX_GIT_MIRRORS = lib.concatStringsSep "|" (lib.mapAttrsToList (local: remote: "${local}=${remote}") mirrors);
|
||||
|
||||
# Also add local mirrors to nix sandbox exceptions
|
||||
nix.sandboxPaths = lib.attrValues mirrors;
|
||||
}
|
@ -1,59 +0,0 @@
|
||||
{ lib, pkgs, config, inputs, ... }:
|
||||
with lib;
|
||||
let
|
||||
cfg = config.luj.buildbot;
|
||||
port = "1810";
|
||||
package = pkgs.buildbot-worker;
|
||||
python = package.pythonModule;
|
||||
home = "/var/lib/buildbot-worker";
|
||||
buildbotDir = "${home}/worker";
|
||||
in
|
||||
{
|
||||
#buildbot worker
|
||||
|
||||
# nix.settings.allowed-users = [ "buildbot-worker" ];
|
||||
nix.settings.trusted-users = [ "buildbot-worker" ];
|
||||
users.users.buildbot-worker = {
|
||||
description = "Buildbot Worker User.";
|
||||
isSystemUser = true;
|
||||
createHome = true;
|
||||
home = "/var/lib/buildbot-worker";
|
||||
group = "buildbot-worker";
|
||||
useDefaultShell = true;
|
||||
};
|
||||
users.groups.buildbot-worker = { };
|
||||
|
||||
systemd.services.buildbot-worker = {
|
||||
reloadIfChanged = true;
|
||||
description = "Buildbot Worker.";
|
||||
after = [ "network.target" "buildbot-master.service" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
path = [
|
||||
pkgs.nix-eval-jobs
|
||||
pkgs.git
|
||||
pkgs.gh
|
||||
pkgs.nix
|
||||
pkgs.nix-output-monitor
|
||||
inputs.attic.packages.x86_64-linux.attic
|
||||
];
|
||||
environment.PYTHONPATH = "${python.withPackages (_: [package])}/${python.sitePackages}";
|
||||
environment.MASTER_URL = ''TCP:2a01\\:e34\\:ec2a\\:8e60\\:8ec7\\:b5d2\\:f663\\:a67a:9989'';
|
||||
environment.BUILDBOT_DIR = buildbotDir;
|
||||
environment.WORKER_PASSWORD_FILE = "/var/lib/buildbot-worker/password.txt";
|
||||
|
||||
serviceConfig = {
|
||||
Type = "simple";
|
||||
User = "buildbot-worker";
|
||||
Group = "buildbot-worker";
|
||||
WorkingDirectory = home;
|
||||
|
||||
# Restart buildbot with a delay. This time way we can use buildbot to deploy itself.
|
||||
ExecReload = "+${pkgs.systemd}/bin/systemd-run --on-active=60 ${pkgs.systemd}/bin/systemctl restart buildbot-worker";
|
||||
ExecStart = "${python.pkgs.twisted}/bin/twistd --nodaemon --pidfile= --logfile - --python ${./worker.py}";
|
||||
};
|
||||
};
|
||||
|
||||
}
|
||||
|
||||
|
||||
|
@ -1,58 +0,0 @@
|
||||
#!/usr/bin/env python3
|
||||
|
||||
import multiprocessing
|
||||
import os
|
||||
import socket
|
||||
from io import open
|
||||
|
||||
from buildbot_worker.bot import Worker
|
||||
from twisted.application import service
|
||||
|
||||
|
||||
def require_env(key: str) -> str:
|
||||
val = os.environ.get(key)
|
||||
assert val is not None, "val is not set"
|
||||
return val
|
||||
|
||||
|
||||
def setup_worker(application: service.Application, id: int) -> None:
|
||||
basedir = f"{require_env('BUILDBOT_DIR')}-{id}"
|
||||
os.makedirs(basedir, mode=0o700, exist_ok=True)
|
||||
|
||||
master_url = require_env("MASTER_URL")
|
||||
hostname = socket.gethostname()
|
||||
workername = f"{hostname}-{id}"
|
||||
|
||||
with open(
|
||||
require_env("WORKER_PASSWORD_FILE"), "r", encoding="utf-8"
|
||||
) as passwd_file:
|
||||
passwd = passwd_file.read().strip("\r\n")
|
||||
keepalive = 600
|
||||
umask = None
|
||||
maxdelay = 300
|
||||
numcpus = None
|
||||
allow_shutdown = None
|
||||
|
||||
s = Worker(
|
||||
"2a01:e34:ec2a:8e60:8ec7:b5d2:f663:a67a",
|
||||
9989,
|
||||
workername,
|
||||
passwd,
|
||||
basedir,
|
||||
keepalive,
|
||||
umask=umask,
|
||||
maxdelay=maxdelay,
|
||||
numcpus=numcpus,
|
||||
allow_shutdown=allow_shutdown,
|
||||
)
|
||||
s.setServiceParent(application)
|
||||
|
||||
|
||||
# note: this line is matched against to check that this is a worker
|
||||
# directory; do not edit it.
|
||||
application = service.Application("buildbot-worker")
|
||||
|
||||
for i in range(14):
|
||||
setup_worker(application, i)
|
||||
|
||||
|
@ -1,37 +0,0 @@
|
||||
{ pkgs, ... }: {
|
||||
services.garage = {
|
||||
enable = true;
|
||||
package = pkgs.garage_0_8;
|
||||
settings = {
|
||||
db_engine = "lmdb";
|
||||
block_size = (10 * 1024 * 1024); # 10MB
|
||||
replication_mode = "none";
|
||||
rpc_bind_addr = "[::1]:3901";
|
||||
rpc_public_addr = "[::1]:3901";
|
||||
rpc_secret = "f5b8ede0abe0a3d454d96e8b352e29a1d94522b64274d23b256d57482441ccc1";
|
||||
|
||||
s3_api = {
|
||||
s3_region = "garage";
|
||||
api_bind_addr = "[::1]:3900";
|
||||
root_domain = ".s3.infra.newtype.fr";
|
||||
};
|
||||
|
||||
s3_web = {
|
||||
bind_addr = "[::1]:3902";
|
||||
root_domain = ".web.infra.newtype.fr";
|
||||
index = "index.html";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
virtualHosts."s3.infra.newtype.fr" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."/".proxyPass = "http://[::1]:3900/";
|
||||
};
|
||||
};
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||
}
|
@ -0,0 +1,34 @@
|
||||
{ ... }: {
|
||||
services.gitea = {
|
||||
enable = true;
|
||||
appName = "Newtype's Git";
|
||||
mailerPasswordFile = "/var/lib/secrets/gitea/mailpw";
|
||||
settings = {
|
||||
server = {
|
||||
ROOT_URL = "https://git.newtype.fr";
|
||||
DOMAIN = "git.newtype.fr";
|
||||
};
|
||||
service.DISABLE_REGISTRATION = true;
|
||||
session.COOKIE_SECURE = true;
|
||||
mailer = {
|
||||
ENABLED = true;
|
||||
HOST = "mail.gandi.net:465";
|
||||
USER = "git@newtype.fr";
|
||||
FROM = "Newtype's Git <git@newtype.fr>";
|
||||
IS_TLS_ENABLED = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
virtualHosts."git.newtype.fr" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations."/" = { proxyPass = "http://127.0.0.1:3000"; };
|
||||
};
|
||||
};
|
||||
|
||||
security.acme.certs = { "git.newtype.fr".email = "contact@newtype.fr"; };
|
||||
security.acme.acceptTerms = true;
|
||||
}
|
@ -0,0 +1,14 @@
|
||||
{ lib, modulesPath, ... }: {
|
||||
imports = [ "${modulesPath}/profiles/qemu-guest.nix" ];
|
||||
|
||||
boot.initrd.availableKernelModules =
|
||||
[ "ata_piix" "uhci_hcd" "virtio_pci" "sd_mod" "sr_mod" ];
|
||||
boot.initrd.kernelModules = [ ];
|
||||
boot.kernelModules = [ ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
services.qemuGuest.enable = true;
|
||||
|
||||
# VMs are noisy for this type of thing usually.
|
||||
nix.settings.max-jobs = lib.mkDefault 1;
|
||||
}
|
@ -1,81 +0,0 @@
|
||||
{ pkgs, ... }: {
|
||||
services.hydra = {
|
||||
enable = false;
|
||||
hydraURL = "https://hydra.newtype.fr";
|
||||
notificationSender = "hydra@localhost";
|
||||
buildMachinesFiles = [ "/etc/nix/machines" ];
|
||||
useSubstitutes = true;
|
||||
};
|
||||
|
||||
environment.systemPackages = [ pkgs.nix-prefetch-git ];
|
||||
nix.trustedUsers = [ "hydra" "hydra-www" ];
|
||||
|
||||
services.postgresql = {
|
||||
enableJIT = true;
|
||||
settings = {
|
||||
checkpoint_completion_target = "0.9";
|
||||
default_statistics_target = 100;
|
||||
|
||||
max_connections = 500;
|
||||
work_mem = "20MB";
|
||||
maintenance_work_mem = "2GB";
|
||||
|
||||
shared_buffers = "8GB";
|
||||
|
||||
min_wal_size = "1GB";
|
||||
max_wal_size = "2GB";
|
||||
wal_buffers = "16MB";
|
||||
|
||||
max_worker_processes = 16;
|
||||
max_parallel_workers_per_gather = 8;
|
||||
max_parallel_workers = 16;
|
||||
|
||||
# NVMe related performance tuning
|
||||
effective_io_concurrency = 200;
|
||||
random_page_cost = "1.1";
|
||||
|
||||
# We can risk losing some transactions.
|
||||
synchronous_commit = "off";
|
||||
|
||||
effective_cache_size = "16GB";
|
||||
|
||||
# autovacuum and autoanalyze much more frequently:
|
||||
# at these values vacuum should run approximately
|
||||
# every 2 mass rebuilds, or a couple times a day
|
||||
# on the builds table. Some of those queries really
|
||||
# benefit from frequent vacuums, so this should
|
||||
# help. In particular, I'm thinking the jobsets
|
||||
# pages.
|
||||
autovacuum_vacuum_scale_factor = 0.002;
|
||||
autovacuum_analyze_scale_factor = 0.001;
|
||||
|
||||
shared_preload_libraries = "pg_stat_statements";
|
||||
compute_query_id = "on";
|
||||
};
|
||||
};
|
||||
|
||||
security.acme = {
|
||||
acceptTerms = true;
|
||||
defaults.email = "ryan@lahfa.xyz";
|
||||
};
|
||||
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
|
||||
recommendedZstdSettings = true;
|
||||
recommendedBrotliSettings = true;
|
||||
recommendedGzipSettings = true;
|
||||
recommendedOptimisation =true;
|
||||
recommendedTlsSettings = true;
|
||||
recommendedProxySettings = true;
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts."hydra.newtype.fr" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
# TODO: remove compression for some locations
|
||||
locations."/".proxyPass = "http://localhost:3000";
|
||||
};
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||
}
|
@ -1,2 +0,0 @@
|
||||
{ ... }: {
|
||||
}
|
@ -1,36 +0,0 @@
|
||||
{
|
||||
programs.ssh.extraConfig = ''
|
||||
Host telecom-bastion
|
||||
HostName ssh.enst.fr
|
||||
User jmalka
|
||||
IdentityFile /home/luj/.ssh/id_ed25519
|
||||
|
||||
Host lame11
|
||||
Hostname lame11.enst.fr
|
||||
User nix-remote-builder
|
||||
ProxyJump telecom-bastion
|
||||
IdentityFile /home/luj/.ssh/id_ed25519
|
||||
Host lame10
|
||||
Hostname lame10.enst.fr
|
||||
User nix-remote-builder
|
||||
ProxyJump telecom-bastion
|
||||
IdentityFile /home/luj/.ssh/id_ed25519
|
||||
Host lame12
|
||||
Hostname lame12.enst.fr
|
||||
User nix-remote-builder
|
||||
ProxyJump telecom-bastion
|
||||
IdentityFile /home/luj/.ssh/id_ed25519
|
||||
Host lame16
|
||||
Hostname lame16.enst.fr
|
||||
User nix-remote-builder
|
||||
ProxyJump telecom-bastion
|
||||
IdentityFile /home/luj/.ssh/id_ed25519
|
||||
Host lame17
|
||||
Hostname lame17.enst.fr
|
||||
User nix-remote-builder
|
||||
ProxyJump telecom-bastion
|
||||
IdentityFile /home/luj/.ssh/id_ed25519
|
||||
|
||||
'';
|
||||
|
||||
}
|
@ -0,0 +1,5 @@
|
||||
{ config, ... }: {
|
||||
services.tailscale.enable = true;
|
||||
networking.firewall.checkReversePath = "loose";
|
||||
networking.firewall.allowedUDPPorts = [ config.services.tailscale.port ];
|
||||
}
|
@ -1,84 +0,0 @@
|
||||
{ ... }:
|
||||
let
|
||||
trustedFriendGroups = [
|
||||
"production-hydra-db"
|
||||
];
|
||||
in
|
||||
{
|
||||
# deleted users: ninjatrappeur, flokli
|
||||
users.users = {
|
||||
linus = {
|
||||
isNormalUser = true;
|
||||
home = "/home/linus";
|
||||
shell = "/run/current-system/sw/bin/zsh";
|
||||
uid = 2001;
|
||||
# Raito: I allowed linus to be root to get some stuff done
|
||||
# on behalf of me.
|
||||
extraGroups = [ "wheel" ] ++ trustedFriendGroups;
|
||||
openssh.authorizedKeys.keyFiles = [ ./keys/linus.keys ];
|
||||
};
|
||||
niklas = {
|
||||
isNormalUser = true;
|
||||
home = "/home/niklas";
|
||||
shell = "/run/current-system/sw/bin/zsh";
|
||||
uid = 2002;
|
||||
extraGroups = trustedFriendGroups;
|
||||
openssh.authorizedKeys.keyFiles = [ ./keys/niklas.keys ];
|
||||
};
|
||||
# Raito: Permanent account for Jade who has been driving a lot of good work.
|
||||
# expires = 2060 because of a convergence bug, I cannot remove the expiration date anymore.
|
||||
jade = {
|
||||
isNormalUser = true;
|
||||
home = "/home/jade";
|
||||
shell = "/run/current-system/sw/bin/zsh";
|
||||
uid = 2004;
|
||||
expires = "2060-05-01";
|
||||
extraGroups = trustedFriendGroups;
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDNldAg4t13/i69TD786The+U3wbiNUdW2Kc9KNWvEhgpf4y4x4Sft0oYfkPw5cjX4H3APqfD+b7ItAG0GCbwHw6KMYPoVMNK08zBMJUqt1XExbqGeFLqBaeqDsmEAYXJRbjMTAorpOCtgQdoCKK/DvZ51zUWXxT8UBNHSl19Ryv5Ry5VVdbAE35rqs57DQ9+ma6htXnsBEmmnC+1Zv1FE956m/OpBTId50mor7nS2FguAtPZnDPpTd5zl9kZmJEuWCrmy6iinw5V4Uy1mLeZkQv+/FtozbyifCRCvps9nHpv4mBSU5ABLgnRRvXs+D41Jx7xloNADr1nNgpsNrYaTh hed-bot-ssh-tpm-rsa"
|
||||
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIKYljH8iPMrH00lOb3ETxRrZimdKzPPEdsJQ5D5ovtOwAAAACnNzaDpzc2hrZXk= ssh:sshkey"
|
||||
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBO4idMfdJxDJuBNOid60d4I+qxj09RHt+YkCYV2eXt6tGrEXg+S8hTQusy/SqooiXUH9pt4tea2RuBPN9+UwrH0= type-a yubikey slot 9a"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHGIBMfUypLctmorlRz9xIzXRgmtqDMxF5T5Fxy4JxNb root@tail-bot"
|
||||
];
|
||||
};
|
||||
# Raito: Permanent account for winter, she was the one in charge of the Darwin build box for a while,
|
||||
# helped a bunch of people and deserve it :-).
|
||||
# expires = 2060 because of a convergence bug, I cannot remove the expiration date anymore.
|
||||
winter = {
|
||||
isNormalUser = true;
|
||||
home = "/home/winter";
|
||||
shell = "/run/current-system/sw/bin/zsh";
|
||||
uid = 2005;
|
||||
expires = "2060-05-01";
|
||||
extraGroups = trustedFriendGroups;
|
||||
openssh.authorizedKeys.keys = [
|
||||
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIH/LDRUG+U+++UmlxvA2kspioTjktQZ8taDcHq8gVlkfAAAABHNzaDo="
|
||||
];
|
||||
};
|
||||
# Raito: Permanent account for pennae, they are doing a bunch of excellent Nix work (including performance).
|
||||
pennae = {
|
||||
isNormalUser = true;
|
||||
home = "/home/pennae";
|
||||
shell = "/run/current-system/sw/bin/zsh";
|
||||
uid = 2006;
|
||||
# Raito: Allowed to debug jobserver.
|
||||
extraGroups = [ "wheel" ] ++ trustedFriendGroups;
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC5Wf5/IbyFpdziWfwxkQqxOf3r1L9pYn6xQBEKFwmMY"
|
||||
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIK8icXjHkb4XzbIVN3djH4CE7RvgGd+3xbG4cgh0Yls5AAAABHNzaDo="
|
||||
];
|
||||
};
|
||||
# Raito: Temporary account until next year, for delroth, who is going to work on building capabilities for improving build infrastructure.
|
||||
delroth = {
|
||||
isNormalUser = true;
|
||||
home = "/home/delroth";
|
||||
shell = "/run/current-system/sw/bin/zsh";
|
||||
uid = 2007;
|
||||
# Raito: Allowed to spawn new VMs and do various stuff for isolating the workloads.
|
||||
extraGroups = [ "wheel" ];
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII3tjB4KYDok3KlWxdBp/yEmqhhmybd+w0VO4xUwLKKV"
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
@ -1,4 +0,0 @@
|
||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDf7hGFfUHhtgYY0G/Dh9isjIxkvUjlAKAMvLIZs5NLXwEfnxDTVZW/ijfF2qDozAmYQHZqbeyhJX7YlO6nYjWRBxqBeqAMHhtu3PkiysSCCUymhJ2uDHUAox+BT8IGE3sCKYIXRdmSFoibgQad9AHsQ6OLoIaNgMV7rspdBcO/CjyCkHN440XhQKz/Sq2SyygI9Qkuz0qDdQOgIraVi//EXDAvij0QXlkmh+3xBJwEqt8Pe1KP9itwvGyzGX/aAheCBSf7HPcLzJUgcWymW6FL4AE0KqNVb8Q8ahaEM5UgbXUCauDON8H4OR1Zngszw128wklwxOr7q5gB++Ks1OQlHMGgiVYZ2wC0DXlx68BKSMNnJRHWCI4r63a3bAWGCqKbcCHpimjPAHisPoaoHffVUaIpj65klj+GkoHAgo/pl0S6o4OqVpOau3Qkn95D1KDbUiE1l0HdgZaRmOKRvTKec1V3tfB2rA83Q1cZCWC5ZSwk3wihYPywMyIo6G8f2M2bFot7k/sS9ZMSle6oZDrc6A8qWnaxMZYbEXdFGy02550vdymshJ9RpSLfK1oBKoKk7yL2hk1UHm6obXYXn/F0KvDr7nAM6gOf9NnOrPHKt14WDb0GsZwNd34g1RCcBUcXewh4ZJOHerzsS2h3D30BNQUNCaF8ZQr6FYXp7v9gnQ==
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN3EmXYSXsimS+vlGYtfTkOGuwvkXU0uHd2yYKLOxD2F
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIJWYrcu8usyqdLv4XO4i5TPaQhB+lH3Xbu2uz64hQe3
|
||||
sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAICDgQA1A1uHJsqLsSLLkuWNlxXrpGRD6Qx11WBbfP+SmAAAAEXNzaDpsaW51c0BiZWl3ZXJr
|
@ -1 +0,0 @@
|
||||
sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAINHd1ay1FSTHZzE+3XCdUiS5efFmJ9GUvx4+7F5uXVtMAAAABHNzaDo= nikstur
|
@ -1,3 +0,0 @@
|
||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQClF9ko5u4zf0CEvleEeRbo9r6BMNgXEGO/rDNZOEHcKxVaeIi+/xF6ZQ5MZbcmH08lswq32hb1XwXg7Gk+ofUdEvCD/kC/vJijt7IFkardy6BNOSWQJLEf6/BpL3LzDQhi7iZXPF46VYoPVGHBh8fKQaAtOCrhbf/8JutfTwCglEztjoiQxY5b8OMfntjBSl6TJwZPJAoQllbJJz9q90sBetvqx6Y08eqIzsSZw6pznpvivRR+TSKU0EkVYS2y2zBAvPK6oyunj5zi01/FACT+Qn70dUkumZAvcPssbl0hCs/xDLgEL6hCEvoszodyMYVn7HS0KwfUlfiGdNUOFHIl
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHzd1XAB7Pc8Tplur5iV3llOXtvlHru8pLtQlbvHzmt1
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOE7oDtq+xt5RuvMigDZMeZQODFr5Otz6HCO8wnI80oo
|
@ -0,0 +1,17 @@
|
||||
{ ... }: {
|
||||
users.users.yvan = {
|
||||
isNormalUser = true;
|
||||
home = "/home/yvan";
|
||||
description = "Yvan's account";
|
||||
extraGroups = [ "wheel" "www-data" ];
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCdMWQ1D9VJNrIzvgU8QMQwhy7Q/OFI9JNLpo/Kr0uXCeZBtSn9eMzZa88Q8gDaHnlc/BlTnlSomWP/S9u8+j21d+rXgDyPgJUqMjGBxFo4lZue3DlACXKQcwWXiNlGQKFPzSNBN62N3cRwm1R7Won9xVwedS4UnxsXbOGHkBnajQx40Ej3WRVBVbSjKKGaZKKCNO5hfistRP7RtqhwxYK7D/CyOfwnIUuBAnC3QYDYDph7SD2E5OX3rKwPDPnei0zaIMMXyFrMtv/czYOsisOud2H/VX0vipQh59qji/ZNSE31LemF4VcvC1307JX3uEwSfVWiBsWGPGfc/epQ4ixl yvan@X230" # Yvan's X230
|
||||
];
|
||||
};
|
||||
|
||||
services.mastodon = {
|
||||
enable = true;
|
||||
smtp = { host = "mail.gandi.net"; fromAddress = "yvan@sraka.xyz"; };
|
||||
localDomain = "sraka.xyz";
|
||||
};
|
||||
}
|
Reference in New Issue