From 111fa91dcd38aff0763c51fce2d334130cd47cbf Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Wed, 25 Nov 2020 21:50:56 +0100 Subject: [PATCH 1/7] programs/zsh: fix incorrect sha --- nix/home-manager/programs/zsh.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nix/home-manager/programs/zsh.nix b/nix/home-manager/programs/zsh.nix index ff72af2..112f336 100644 --- a/nix/home-manager/programs/zsh.nix +++ b/nix/home-manager/programs/zsh.nix @@ -86,7 +86,7 @@ in { owner = "zsh-users"; repo = "zsh-autosuggestions"; rev = "v0.6.3"; - sha256 = "1smskx9vkx78yhwspjq2c5r5swh9fc5xxa40ib4753f00wk4dwpp"; + sha256 = "1h8h2mz9wpjpymgl2p7pc146c1jgb3dggpvzwm9ln3in336wl95c"; }; } { -- 2.49.0 From 3656773163a5e3eb6b182e22a84a00ae102475ff Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Wed, 25 Nov 2020 21:51:27 +0100 Subject: [PATCH 2/7] Justfile: add convenient wrapper around nixos-install --- Justfile | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Justfile b/Justfile index f9625f5..2cce8b8 100755 --- a/Justfile +++ b/Justfile @@ -285,6 +285,9 @@ run-with-channels +cmds: source $(just -v _get_nix_path {{invocation_directory()}}/nix/variables/versions.nix) {{cmds}} +install-config config root: + sudo just run-with-channels nixos-install -I nixos-config={{invocation_directory()}}/{{config}} --root {{root}} --no-root-passwd + # Switch between gpg-card capable devices which have a copy of the same key switch-gpg-card: #!/usr/bin/env bash -- 2.49.0 From 3ccffcbcae62b61f6edf1598c7dac66e277afa60 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Wed, 25 Nov 2020 21:52:02 +0100 Subject: [PATCH 3/7] profiles/common: add du-dust --- nix/home-manager/profiles/common.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nix/home-manager/profiles/common.nix b/nix/home-manager/profiles/common.nix index d501d0d..b350058 100644 --- a/nix/home-manager/profiles/common.nix +++ b/nix/home-manager/profiles/common.nix @@ -49,5 +49,6 @@ in { just ripgrep + du-dust ]); } -- 2.49.0 From 9b8051f0a5438ac3cba18c8403d4e72262aee8ef Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Wed, 25 Nov 2020 21:52:20 +0100 Subject: [PATCH 4/7] profiles/common: don't use latest kernel --- nix/os/profiles/common/boot.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nix/os/profiles/common/boot.nix b/nix/os/profiles/common/boot.nix index 3d035cc..3d2d00c 100644 --- a/nix/os/profiles/common/boot.nix +++ b/nix/os/profiles/common/boot.nix @@ -3,7 +3,7 @@ }: { - boot.kernelPackages = pkgs.linuxPackages_latest; + boot.kernelPackages = pkgs.linuxPackages; boot.loader.grub = { efiSupport = true; efiInstallAsRemovable = false; -- 2.49.0 From 162aea6283b357abc7b21f9f205a4e2e44c03bf6 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Wed, 25 Nov 2020 21:52:48 +0100 Subject: [PATCH 5/7] profiles/common: use all cores for build jobs --- nix/os/profiles/common/system.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nix/os/profiles/common/system.nix b/nix/os/profiles/common/system.nix index 91b7ce7..6256dff 100644 --- a/nix/os/profiles/common/system.nix +++ b/nix/os/profiles/common/system.nix @@ -19,8 +19,8 @@ nix.daemonNiceLevel = lib.mkDefault 19; nix.daemonIONiceLevel = lib.mkDefault 7; - nix.maxJobs = lib.mkDefault 3; - nix.buildCores = lib.mkDefault 3; + nix.maxJobs = lib.mkDefault "auto"; + nix.buildCores = lib.mkDefault 0; nix.useSandbox = true; environment.etc."lvm/lvm.conf".text = '' -- 2.49.0 From 7cecd327f0be36b989a15b1297f7b648de4f1313 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Wed, 25 Nov 2020 21:53:07 +0100 Subject: [PATCH 6/7] shell: add git and lswh --- shell.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/shell.nix b/shell.nix index b6da42b..b8ce6da 100644 --- a/shell.nix +++ b/shell.nix @@ -14,6 +14,7 @@ stdenv.mkDerivation { git-crypt vcsh gnupg + git vncdo tesseract @@ -24,6 +25,7 @@ stdenv.mkDerivation { xorg.xwininfo nmap sysstat + lshw ]; # Set Environment Variables -- 2.49.0 From 619046f05ad117ff3d1ccebbaacd0e6ca2c28932 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Wed, 25 Nov 2020 21:53:26 +0100 Subject: [PATCH 7/7] nix/os/devices: add VM on pve-htz cluster --- nix/os/devices/167.233.1.14/boot.nix | 8 ++ nix/os/devices/167.233.1.14/configuration.nix | 14 +++ nix/os/devices/167.233.1.14/hw.nix | 56 ++++++++++ nix/os/devices/167.233.1.14/pkg.nix | 20 ++++ nix/os/devices/167.233.1.14/system.nix | 102 ++++++++++++++++++ nix/os/devices/167.233.1.14/versions.nix | 37 +++++++ nix/os/devices/167.233.1.14/versions.tmpl.nix | 37 +++++++ 7 files changed, 274 insertions(+) create mode 100644 nix/os/devices/167.233.1.14/boot.nix create mode 100644 nix/os/devices/167.233.1.14/configuration.nix create mode 100644 nix/os/devices/167.233.1.14/hw.nix create mode 100644 nix/os/devices/167.233.1.14/pkg.nix create mode 100644 nix/os/devices/167.233.1.14/system.nix create mode 100644 nix/os/devices/167.233.1.14/versions.nix create mode 100644 nix/os/devices/167.233.1.14/versions.tmpl.nix diff --git a/nix/os/devices/167.233.1.14/boot.nix b/nix/os/devices/167.233.1.14/boot.nix new file mode 100644 index 0000000..18fcc13 --- /dev/null +++ b/nix/os/devices/167.233.1.14/boot.nix @@ -0,0 +1,8 @@ +{ lib +, ... +}: + +{ + boot.loader.grub.efiSupport = lib.mkForce false; + boot.extraModulePackages = [ ]; +} diff --git a/nix/os/devices/167.233.1.14/configuration.nix b/nix/os/devices/167.233.1.14/configuration.nix new file mode 100644 index 0000000..626c5f1 --- /dev/null +++ b/nix/os/devices/167.233.1.14/configuration.nix @@ -0,0 +1,14 @@ +{ ... }: + +{ + disabledModules = [ + ]; + imports = [ + ../../profiles/common/configuration.nix + + ./system.nix + ./hw.nix + ./pkg.nix + ./boot.nix + ]; +} diff --git a/nix/os/devices/167.233.1.14/hw.nix b/nix/os/devices/167.233.1.14/hw.nix new file mode 100644 index 0000000..126fc35 --- /dev/null +++ b/nix/os/devices/167.233.1.14/hw.nix @@ -0,0 +1,56 @@ +{ ... }: + +let + stage1Modules = [ + # "aesni_intel" + # "kvm-intel" + "aes_x86_64" + + "virtio_balloon" + "virtio_scsi" + "virtio_net" + "virtio_pci" + "virtio_ring" + "virtio" + "scsi_mod" + + "virtio_blk" + "virtio_ring" + "bochs_drm" + "ata_piix" + "pata_acpi" + "ata_generic" + ]; + +in +{ + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/354fb107-2f4a-42ad-80dd-9dddb61bfd02"; + fsType = "ext4"; + }; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/993cce35-cc1f-40cc-b07a-5ea58b99fb5b"; + fsType = "btrfs"; + options = [ "subvol=root" ]; + neededForBoot = true; + }; + + fileSystems."/home" = { + device = "/dev/disk/by-uuid/993cce35-cc1f-40cc-b07a-5ea58b99fb5b"; + fsType = "btrfs"; + options = [ "subvol=home" ]; + neededForBoot = true; + }; + + swapDevices = [ { device = "/dev/disk/by-uuid/d16b5f4a-f38c-41c6-8aae-1625be815f9d"; } ]; + + boot.loader.grub = { + device = "/dev/vda"; + }; + + boot.initrd.availableKernelModules = stage1Modules; + boot.initrd.kernelModules = stage1Modules; + boot.extraModprobeConfig = '' + ''; +} diff --git a/nix/os/devices/167.233.1.14/pkg.nix b/nix/os/devices/167.233.1.14/pkg.nix new file mode 100644 index 0000000..91301be --- /dev/null +++ b/nix/os/devices/167.233.1.14/pkg.nix @@ -0,0 +1,20 @@ +{ config +, pkgs +, lib +, ... +}: + +{ + nixpkgs.config.packageOverrides = pkgs: with pkgs; { + nixPath = (import ../../../default.nix { versionsPath = ./versions.nix; }).nixPath; + }; + home-manager.users.steveej = import ../../../home-manager/configuration/text-minimal.nix { inherit pkgs; }; + + nix.buildMachines = [ + { hostName = "localhost"; + system = "x86_64-linux"; + supportedFeatures = ["kvm" "nixos-test" "big-parallel" "benchmark"]; + maxJobs = 4; + } + ]; +} diff --git a/nix/os/devices/167.233.1.14/system.nix b/nix/os/devices/167.233.1.14/system.nix new file mode 100644 index 0000000..a007429 --- /dev/null +++ b/nix/os/devices/167.233.1.14/system.nix @@ -0,0 +1,102 @@ +{ pkgs +, lib +, config +, ... }: + +let + keys = import ../../../variables/keys.nix; + +in { + # TASK: new device + networking.hostName = "sj-pvehtz-0"; # Define your hostname. + # networking.domain = ""; + + networking.firewall.enable = true; + networking.firewall.allowedTCPPorts = [ + # iperf3 + 5201 + ]; + networking.firewall.logRefusedConnections = false; + + networking.usePredictableInterfaceNames = false; + + networking.interfaces.eth0 = { + mtu = 1400; + useDHCP = false; + ipv4.addresses = [ + { "address" = "167.233.1.14"; "prefixLength" = 29; } + ]; + ipv6.addresses = [ + ]; + }; + + networking.defaultGateway = { + address = "167.233.1.9"; + interface = "eth0"; + }; + + networking.defaultGateway6 = { + address = "fe80::1"; + interface = "eth0"; + }; + + networking.nameservers = [ + "1.1.1.1" + ]; + + networking.nat = { + enable = true; + internalInterfaces = [ "ve-+" ]; + externalInterface = "eth0"; + }; + + # Kubernetes + # services.kubernetes.roles = ["master" "node"]; + + # virtualization + virtualisation = { + docker.enable = true; + }; + + services.spice-vdagentd.enable = true; + services.qemuGuest.enable = true; + + systemd.services."sshd-status" = { + enable = true; + description = "sshd-status service"; + path = [ pkgs.systemd ]; + script = '' + systemctl status sshd | grep -i tasks + ''; + }; + + systemd.services.sshd.serviceConfig = { + TasksMax = 32; + }; + + systemd.timers."sshd-status" = { + description = "Timer to trigger sshd-status periodically"; + enable = true; + wantedBy = [ "timer.target" "multi-user.target" ]; + timerConfig = { + OnActiveSec="360s"; + OnUnitActiveSec="360s"; + AccuracySec="1s"; + Unit = "sshd-status.service"; + }; + }; + + nix.gc = { + automatic = true; + }; + + networking.useHostResolvConf = true; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "20.09"; # Did you read the comment? +} diff --git a/nix/os/devices/167.233.1.14/versions.nix b/nix/os/devices/167.233.1.14/versions.nix new file mode 100644 index 0000000..519781a --- /dev/null +++ b/nix/os/devices/167.233.1.14/versions.nix @@ -0,0 +1,37 @@ +let + nixpkgs = { + url = "https://github.com/NixOS/nixpkgs/"; + ref = "nixos-20.09"; + rev = "51aaa3fa1b69559456f9bd4968bd5b179a784f67"; + }; +in + +{ + inherit nixpkgs; + "channels-nixos-stable" = nixpkgs; + "channels-nixos-20.03" = { + url = "https://github.com/NixOS/nixpkgs/"; + ref = "nixos-20.03"; + rev = "ff6fda61600cc60404bab5cb6b18b8636785b7bc"; + }; + "channels-nixos-19.09" = { + url = "https://github.com/NixOS/nixpkgs/"; + ref = "nixos-19.09"; + rev = "75f4ba05c63be3f147bcc2f7bd4ba1f029cedcb1"; + }; + "channels-nixos-unstable" = { + url = "https://github.com/NixOS/nixpkgs/"; + ref = "nixos-unstable"; + rev = "24c9b05ac53e422f1af81a156f1fd58499eb27fb"; + }; + "nixpkgs-master" = { + url = "https://github.com/NixOS/nixpkgs/"; + ref = "master"; + rev = "9b3e35d991ea6a43f256069dcb2e006006730d05"; + }; + "home-manager-module" = { + url = "https://github.com/nix-community/home-manager"; + ref = "release-20.09"; + rev = "7339784e07217ed0232e08d1ea33b610c94657d8"; + }; +} diff --git a/nix/os/devices/167.233.1.14/versions.tmpl.nix b/nix/os/devices/167.233.1.14/versions.tmpl.nix new file mode 100644 index 0000000..a19cc09 --- /dev/null +++ b/nix/os/devices/167.233.1.14/versions.tmpl.nix @@ -0,0 +1,37 @@ +let + nixpkgs = { + url = "https://github.com/NixOS/nixpkgs/"; + ref = "nixos-20.09"; + rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-20.09 | awk '{ print $1 }' | tr -d '\n' -%>"; + }; +in + +{ + inherit nixpkgs; + "channels-nixos-stable" = nixpkgs; + "channels-nixos-20.03" = { + url = "https://github.com/NixOS/nixpkgs/"; + ref = "nixos-20.03"; + rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-20.03 | awk '{ print $1 }' | tr -d '\n' -%>"; + }; + "channels-nixos-19.09" = { + url = "https://github.com/NixOS/nixpkgs/"; + ref = "nixos-19.09"; + rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-19.09 | awk '{ print $1 }' | tr -d '\n' -%>"; + }; + "channels-nixos-unstable" = { + url = "https://github.com/NixOS/nixpkgs/"; + ref = "nixos-unstable"; + rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-unstable | awk '{ print $1 }' | tr -d '\n' -%>"; + }; + "nixpkgs-master" = { + url = "https://github.com/NixOS/nixpkgs/"; + ref = "master"; + rev = "<% git ls-remote https://github.com/NixOS/nixpkgs.git master | head -n1 | awk '{ print $1 }' | tr -d '\n' -%>"; + }; + "home-manager-module" = { + url = "https://github.com/nix-community/home-manager"; + ref = "release-20.09"; + rev = "<% git ls-remote https://github.com/nix-community/home-manager.git release-20.09 | awk '{ print $1 }' | tr -d '\n' -%>"; + }; +} -- 2.49.0