diff --git a/configurations.nix b/configurations.nix
index caaed52..05ccb4f 100644
--- a/configurations.nix
+++ b/configurations.nix
@@ -40,7 +40,8 @@ let
srvos.nixosModules.server
# srvos.nixosModules.mixins-telegraf
- # srvos.nixosModules.mixins-terminfo
+ srvos.nixosModules.mixins-trusted-nix-caches
+ srvos.nixosModules.mixins-terminfo
agenix.nixosModules.default
({ pkgs
@@ -55,6 +56,11 @@ let
"nixpkgs=${pkgs.path}"
"nur=${nur}"
];
+
+ environment.systemPackages = [
+ pkgs.kitty.terminfo
+ ];
+
# TODO: share nixpkgs for each machine to speed up local evaluation.
#nixpkgs.pkgs = self.inputs.nixpkgs.legacyPackages.${system};
@@ -88,7 +94,16 @@ in
./hosts/epyc.nix
];
};
+ vieuxtype = nixosSystem {
+ system = "x86_64-linux";
+ modules =
+ commonModules
+ ++ colmenaModules
+ ++ [
+ ./hosts/vieuxtype.nix
+ ];
};
+ };
flake.colmena = {
meta.nixpkgs = import nixpkgs {
@@ -101,5 +116,14 @@ in
./hosts/epyc.nix
];
};
+ vieuxtype = {
+ system = "x86_64-linux";
+ modules =
+ commonModules
+ ++ [
+ ./hosts/vieuxtype.nix
+ ];
+ };
+
};
}
diff --git a/docs/vieuxtype.lstopo.svg b/docs/vieuxtype.lstopo.svg
new file mode 100644
index 0000000..da866d3
--- /dev/null
+++ b/docs/vieuxtype.lstopo.svg
@@ -0,0 +1,63 @@
+
+
diff --git a/docs/vieuxtype.md b/docs/vieuxtype.md
new file mode 100644
index 0000000..ca86ff2
--- /dev/null
+++ b/docs/vieuxtype.md
@@ -0,0 +1,83 @@
+# vieuxtype
+
+```
+System: Host: vieuxtype Kernel: 6.1.31 x86_64 bits: 64 compiler: gcc v: 12.2.0
+ parameters: initrd=\efi\nixos\mf13ryz0gl48s8672gzg80lvq9yd8189-initrd-linux-6.1.31-initrd.efi
+ init=/nix/store/5c8yhqcmf24d61m99cpqc3ffjma90cxs-nixos-system-vieuxtype-23.05.553.e7603eba51f/init
+ console=ttyS0,115200 panic=30 boot.panic_on_fail loglevel=4
+ Console: N/A Distro: NixOS 23.05 (Stoat)
+Machine: Type: Kvm System: QEMU product: Standard PC (i440FX + PIIX, 1996) v: pc-i440fx-7.2
+ serial: N/A Chassis: type: 1 v: pc-i440fx-7.2 serial: N/A
+ Mobo: N/A model: N/A serial: N/A UEFI: EFI Development Kit II / OVMF v: 3.20230228-2
+ date: 04/04/2023
+Memory: RAM: total: 5.8 GiB used: 820.6 MiB (13.8%)
+ Array-1: capacity: 6 GiB slots: 1 EC: Multi-bit ECC max-module-size: 6 GiB note: est.
+ Device-1: DIMM 0 size: 6 GiB speed: N/A type: RAM detail: other bus-width: Unknown
+ total: Unknown manufacturer: QEMU part-no: Not Specified serial: Not Specified
+PCI Slots: Message: No PCI Slot data found.
+CPU: Info: Single Core model: Common KVM bits: 64 type: MCP arch: Netburst Presler
+ family: F (15) model-id: 6 stepping: 1 microcode: 1 cache: L2: 16 MiB
+ flags: lm nx pae sse sse2 sse3 bogomips: 5199
+ Speed: 2600 MHz min/max: N/A base/boost: 2000/2000 Core speed (MHz): 1: 2600
+ Vulnerabilities: Type: itlb_multihit status: KVM: VMX unsupported
+ Type: l1tf mitigation: PTE Inversion
+ Type: mds
+ status: Vulnerable: Clear CPU buffers attempted, no microcode; SMT Host state unknown
+ Type: meltdown mitigation: PTI
+ Type: mmio_stale_data status: Unknown: No mitigations
+ Type: retbleed status: Not affected
+ Type: spec_store_bypass status: Vulnerable
+ Type: spectre_v1 mitigation: usercopy/swapgs barriers and __user pointer sanitization
+ Type: spectre_v2
+ mitigation: Retpolines, STIBP: disabled, RSB filling, PBRSB-eIBRS: Not affected
+ Type: srbds status: Not affected
+ Type: tsx_async_abort status: Not affected
+Graphics: Device-1: vendor: Red Hat driver: bochs-drm v: N/A alternate: bochs bus-ID: 00:02.0
+ chip-ID: 1234:1111 class-ID: 0300
+ Display: server: No display server data found. Headless machine? tty: N/A
+ Message: Advanced graphics data unavailable in console for root.
+Audio: Message: No device data found.
+Network: Device-1: Intel 82371AB/EB/MB PIIX4 ACPI vendor: Red Hat Qemu virtual machine
+ type: network bridge driver: piix4_smbus v: N/A modules: i2c_piix4 port: 10c0
+ bus-ID: 00:01.3 chip-ID: 8086:7113 class-ID: 0680
+ Device-2: Red Hat Virtio network driver: virtio-pci v: 1 modules: virtio_pci port: 10e0
+ bus-ID: 00:12.0 chip-ID: 1af4:1000 class-ID: 0200
+ IF: ens18 state: up speed: -1 duplex: unknown mac: da:3e:b0:11:ae:0a
+ IP v4: 169.254.129.42/16 type: noprefixroute scope: global broadcast: 169.254.255.255
+ IP v6: 2a01:e0a:5f9:9681:33ba:55f5:6e55:beef/64 type: temporary dynamic scope: global
+ IP v6: 2a01:e0a:5f9:9681:d83e:b0ff:fe11:ae0a/64 type: dynamic mngtmpaddr scope: global
+ IP v6: 2a01:e0a:5f9:9681:a498:fffb:e48d:299/64 scope: global
+ IP v6: fe80::d83e:b0ff:fe11:ae0a/64 scope: link
+ Device-3: Red Hat Virtio network driver: virtio-pci v: 1 modules: virtio_pci port: 1400
+ bus-ID: 00:13.0 chip-ID: 1af4:1000 class-ID: 0200
+ IF: ens19 state: up speed: -1 duplex: unknown mac: 72:38:5f:a6:82:5a
+ IP v4: 10.32.64.196/20 type: dynamic noprefixroute scope: global
+ broadcast: 10.32.79.255
+ IP v6: fe80::7038:5fff:fea6:825a/64 scope: link
+ Device-4: Red Hat Virtio network driver: virtio-pci v: 1 modules: virtio_pci port: 1420
+ bus-ID: 00:14.0 chip-ID: 1af4:1000 class-ID: 0200
+ IF: ens20 state: up speed: -1 duplex: unknown mac: 8e:38:09:a2:8c:9e
+ IP v4: 10.32.64.224/20 type: dynamic noprefixroute scope: global
+ broadcast: 10.32.79.255
+ IP v6: fe80::8c38:9ff:fea2:8c9e/64 scope: link
+ IF-ID-1: tailscale0 state: unknown speed: -1 duplex: full mac: N/A
+ IP v6: fe80::7d4f:3369:71cc:66d5/64 virtual: stable-privacy scope: link
+ WAN IP: 82.65.118.1
+Drives: Local Storage: total: 40 GiB used: 10.33 GiB (25.8%)
+ ID-1: /dev/sda maj-min: 8:0 vendor: QEMU model: HARDDISK size: 40 GiB block-size:
+ physical: 512 B logical: 512 B speed: serial: drive-scsi0 rev: 2.5+
+ scheme: GPT
+ SMART: no
+Partition: ID-1: / raw-size: 11.5 GiB size: 11.22 GiB (97.55%) used: 10.27 GiB (91.6%) fs: ext4
+ block-size: 4096 B dev: /dev/sda1 maj-min: 8:1
+ ID-2: /boot raw-size: 511 MiB size: 510 MiB (99.80%) used: 54.9 MiB (10.8%) fs: vfat
+ block-size: 512 B dev: /dev/sda3 maj-min: 8:3
+Swap: Kernel: swappiness: 60 (default) cache-pressure: 100 (default)
+ ID-1: swap-1 type: partition size: 8 GiB used: 0 KiB (0.0%) priority: -2 dev: /dev/sda2
+ maj-min: 8:2
+Sensors: Message: No sensor data found. Is lm-sensors configured?
+Info: Processes: 107 Uptime: N/A wakeups: 1 Init: systemd v: 253 target: multi-user.target
+ tool: systemctl Compilers: gcc: 12.2.0 Packages: 899 nix-default: 9 nix-sys: 881
+ lib: 155 nix-usr: 9 lib: 3 Client: Sudo v: 1.9.13p3 inxi: 3.3.04
+```
+
diff --git a/hosts/epyc.nix b/hosts/epyc.nix
index 029b051..efbf696 100644
--- a/hosts/epyc.nix
+++ b/hosts/epyc.nix
@@ -2,6 +2,7 @@
imports = [
../modules/ipmi-supermicro.nix
../modules/hardware/supermicro-H12SSL-i.nix
+ ../modules/iperf-server.nix
];
networking.hostName = "epyc";
diff --git a/hosts/vieuxtype.nix b/hosts/vieuxtype.nix
new file mode 100644
index 0000000..41bd6e5
--- /dev/null
+++ b/hosts/vieuxtype.nix
@@ -0,0 +1,28 @@
+{
+ imports = [
+ ../modules/hardware/vm.nix
+ ../modules/gitea.nix
+ ../modules/tailscale.nix
+ ../modules/users/yvan.nix
+ ];
+
+ fileSystems."/" = {
+ device = "/dev/disk/by-uuid/fe1d2e0d-9210-4a2d-b584-d1e131747ea3";
+ fsType = "ext4";
+ };
+
+ fileSystems."/boot" = {
+ device = "/dev/disk/by-uuid/8782-7801";
+ fsType = "vfat";
+ };
+
+ swapDevices =
+ [{ device = "/dev/disk/by-uuid/c9511ddb-e41f-436c-ad1f-9b587ed0ba11"; }];
+
+ networking.hostName = "vieuxtype";
+ boot.loader.systemd-boot.enable = true;
+ boot.loader.efi.canTouchEfiVariables = true;
+
+ # simd.arch = "znver3";
+ system.stateVersion = "23.05";
+}
diff --git a/modules/builder.nix b/modules/builder.nix
index 89833b5..5dc80c8 100644
--- a/modules/builder.nix
+++ b/modules/builder.nix
@@ -4,6 +4,7 @@
home = "/home/nix";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAZpEtSfB0GDwcELc5/AKNiBZJV9OVfQ0BMFzBlF+8Yd raito@everywhere"
+ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA3hCOyFwuoCLt5W9e9yQSwj9I+VspB0kNNHsoFngbgZ raito@thors"
];
uid = 5001;
};
diff --git a/modules/gitea.nix b/modules/gitea.nix
new file mode 100644
index 0000000..1fd9dc7
--- /dev/null
+++ b/modules/gitea.nix
@@ -0,0 +1,34 @@
+{ ... }: {
+ services.gitea = {
+ enable = true;
+ appName = "Newtype's Git";
+ mailerPasswordFile = "/var/lib/secrets/gitea/mailpw";
+ settings = {
+ server = {
+ ROOT_URL = "https://git.newtype.fr";
+ DOMAIN = "git.newtype.fr";
+ };
+ service.DISABLE_REGISTRATION = true;
+ session.COOKIE_SECURE = true;
+ mailer = {
+ ENABLED = true;
+ HOST = "mail.gandi.net:465";
+ USER = "git@newtype.fr";
+ FROM = "Newtype's Git ";
+ IS_TLS_ENABLED = true;
+ };
+ };
+ };
+
+ services.nginx = {
+ enable = true;
+ virtualHosts."git.newtype.fr" = {
+ enableACME = true;
+ forceSSL = true;
+ locations."/" = { proxyPass = "http://127.0.0.1:3000"; };
+ };
+ };
+
+ security.acme.certs = { "git.newtype.fr".email = "contact@newtype.fr"; };
+ security.acme.acceptTerms = true;
+}
diff --git a/modules/hardware/vm.nix b/modules/hardware/vm.nix
new file mode 100644
index 0000000..9d457ec
--- /dev/null
+++ b/modules/hardware/vm.nix
@@ -0,0 +1,14 @@
+{ lib, modulesPath, ... }: {
+ imports = [ "${modulesPath}/profiles/qemu-guest.nix" ];
+
+ boot.initrd.availableKernelModules =
+ [ "ata_piix" "uhci_hcd" "virtio_pci" "sd_mod" "sr_mod" ];
+ boot.initrd.kernelModules = [ ];
+ boot.kernelModules = [ ];
+ boot.extraModulePackages = [ ];
+
+ services.qemuGuest.enable = true;
+
+ # VMs are noisy for this type of thing usually.
+ nix.settings.max-jobs = lib.mkDefault 1;
+}
diff --git a/modules/hosts.nix b/modules/hosts.nix
index 9a5bc26..794b6d8 100644
--- a/modules/hosts.nix
+++ b/modules/hosts.nix
@@ -37,11 +37,14 @@ in
)
"Please add network configuration for ${config.networking.hostName}. None found in ${./hosts.nix}";
- # usually, for each host there is a hostname.dse.in.tum.de and hostname.r domain
+ # usually, for each host there is a hostname.infra.newtype.fr
networking.newtype.hosts = {
epyc = {
ipv6 = "2001:470:ca5e:dee:587c:7a50:f36c:cae8";
};
+ vieuxtype = {
+ ipv6 = "2a01:e0a:5f9:9681:a498:fffb:e48d:299";
+ };
};
};
}
diff --git a/modules/iperf-server.nix b/modules/iperf-server.nix
new file mode 100644
index 0000000..2b2a4b5
--- /dev/null
+++ b/modules/iperf-server.nix
@@ -0,0 +1,6 @@
+{ ... }: {
+ services.iperf3 = {
+ enable = true;
+ openFirewall = true;
+ };
+}
diff --git a/modules/nix-daemon.nix b/modules/nix-daemon.nix
index ffda29f..b45d3a8 100644
--- a/modules/nix-daemon.nix
+++ b/modules/nix-daemon.nix
@@ -24,11 +24,19 @@ in
config = {
warnings = lib.optionals (config.simd.arch == null) [ "Please set simd.arch for ${config.networking.hostName}" ];
+ # Allow more open files for non-root users to run NixOS VM tests.
+ security.pam.loginLimits = [
+ { domain = "*"; item = "nofile"; type = "-"; value = "20480"; }
+ ];
nix = {
+ # Garbage-collect often
gc.automatic = true;
- gc.dates = "03:15";
- gc.options = "--delete-older-than 30d";
+ gc.dates = "*:45";
+ gc.options = ''--max-freed "$((128 * 1024**3 - 1024 * $(df -P -k /nix/store | tail -n 1 | ${pkgs.gawk}/bin/awk '{ print $4 }')))"'';
+
+ # Randomize GC to avoid thundering herd effects.
+ gc.randomizedDelaySec = "1800";
# 2.11, 2.12 suffers from a bug with remote builders…
package = pkgs.nixVersions.nix_2_13;
diff --git a/modules/packages.nix b/modules/packages.nix
index c396d63..1086d5f 100644
--- a/modules/packages.nix
+++ b/modules/packages.nix
@@ -1,4 +1,7 @@
{ pkgs, ... }: {
+ # documentation.dev.enable = true;
+ # environment.extraOutputsToInstall = [ "info" "man" "devman" ];
+
# this extends the list from:
# https://github.com/numtide/srvos/blob/master/server.nix#L10
environment.systemPackages = with pkgs; [
@@ -34,6 +37,23 @@
usbutils
ipmitool
+
+ (neovim.override {
+ viAlias = true;
+ vimAlias = true;
+ configure = {
+ packages.myPlugins = with pkgs.vimPlugins; {
+ start = [ vim-lastplace vim-nix ];
+ opt = [ ];
+ };
+ };
+ })
+
# tries to default to soft-float due to out-dated cc-rs
] ++ lib.optional (!stdenv.hostPlatform.isRiscV) bandwhich;
+
+ programs.vim.defaultEditor = true;
+ environment.variables = { EDITOR = "nvim"; };
+ programs.mosh.enable = true;
+ programs.tmux.enable = true;
}
diff --git a/modules/tailscale.nix b/modules/tailscale.nix
new file mode 100644
index 0000000..14ffc74
--- /dev/null
+++ b/modules/tailscale.nix
@@ -0,0 +1,5 @@
+{ config, ... }: {
+ services.tailscale.enable = true;
+ networking.firewall.checkReversePath = "loose";
+ networking.firewall.allowedUDPPorts = [ config.services.tailscale.port ];
+}
diff --git a/modules/users/admins.nix b/modules/users/admins.nix
index 2101ef7..f7c44d1 100644
--- a/modules/users/admins.nix
+++ b/modules/users/admins.nix
@@ -13,7 +13,6 @@ in
isNormalUser = true;
home = "/home/raito";
inherit extraGroups;
- shell = "/run/current-system/sw/bin/zsh";
uid = 1000;
openssh.authorizedKeys.keyFiles = [ ./keys/raito.keys ];
};
@@ -23,7 +22,6 @@ in
isNormalUser = true;
home = "/home/luj";
inherit (config.users.users.raito) extraGroups;
- shell = "/run/current-system/sw/bin/zsh";
uid = 1001;
openssh.authorizedKeys.keyFiles = [ ./keys/luj.keys ];
};
@@ -33,7 +31,6 @@ in
isNormalUser = true;
home = "/home/gdd";
inherit (config.users.users.raito) extraGroups;
- shell = "/run/current-system/sw/bin/zsh";
uid = 1002;
openssh.authorizedKeys.keyFiles = [ ./keys/gdd.keys ];
};
@@ -43,7 +40,6 @@ in
isNormalUser = true;
home = "/home/akechi";
inherit (config.users.users.raito) extraGroups;
- shell = "/run/current-system/sw/bin/zsh";
uid = 1003;
openssh.authorizedKeys.keyFiles = [ ./keys/akechi.keys ];
};
@@ -53,7 +49,6 @@ in
isNormalUser = true;
home = "/home/tomate";
inherit (config.users.users.raito) extraGroups;
- shell = "/run/current-system/sw/bin/zsh";
uid = 1004;
openssh.authorizedKeys.keyFiles = [ ./keys/tomate.keys ];
};
diff --git a/modules/users/yvan.nix b/modules/users/yvan.nix
new file mode 100644
index 0000000..e9f11a9
--- /dev/null
+++ b/modules/users/yvan.nix
@@ -0,0 +1,17 @@
+{ ... }: {
+ users.users.yvan = {
+ isNormalUser = true;
+ home = "/home/yvan";
+ description = "Yvan's account";
+ extraGroups = [ "wheel" "www-data" ];
+ openssh.authorizedKeys.keys = [
+ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCdMWQ1D9VJNrIzvgU8QMQwhy7Q/OFI9JNLpo/Kr0uXCeZBtSn9eMzZa88Q8gDaHnlc/BlTnlSomWP/S9u8+j21d+rXgDyPgJUqMjGBxFo4lZue3DlACXKQcwWXiNlGQKFPzSNBN62N3cRwm1R7Won9xVwedS4UnxsXbOGHkBnajQx40Ej3WRVBVbSjKKGaZKKCNO5hfistRP7RtqhwxYK7D/CyOfwnIUuBAnC3QYDYDph7SD2E5OX3rKwPDPnei0zaIMMXyFrMtv/czYOsisOud2H/VX0vipQh59qji/ZNSE31LemF4VcvC1307JX3uEwSfVWiBsWGPGfc/epQ4ixl yvan@X230" # Yvan's X230
+ ];
+ };
+
+ services.mastodon = {
+ enable = true;
+ smtp = { host = "mail.gandi.net"; fromAddress = "yvan@sraka.xyz"; };
+ localDomain = "sraka.xyz";
+ };
+}
diff --git a/modules/zsh.nix b/modules/zsh.nix
index bba3962..df628fb 100644
--- a/modules/zsh.nix
+++ b/modules/zsh.nix
@@ -5,4 +5,13 @@
programs.zsh.interactiveShellInit = ''
source ${pkgs.zsh-nix-shell}/share/zsh-nix-shell/nix-shell.plugin.zsh
'';
+
+ programs.zsh = {
+ autosuggestions.enable = true;
+ promptInit = ''
+ source ${pkgs.grml-zsh-config}/etc/zsh/zshrc
+ '';
+ };
+
+ users.defaultUserShell = pkgs.zsh;
}