aciceri/nixfleet
1
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

WIP

Browse source
This commit is contained in:
Andrea Ciceri 2023-04-17 18:12:52 +02:00
parent 893480e3e3
commit 9771b35612
Signed by: aciceri
SSH key fingerprint: SHA256:/AagBweyV4Hlfg9u092n8hbHwD5fcB6A3qhDiDA65Rg
15 changed files with 388 additions and 42 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

295
flake.lock generated
View file

@ -54,21 +54,43 @@
},
"locked": {
"lastModified": 1680949081,
"narHash": "sha256-/1/cdqr44UBbTxZXd2T9T03DsVNQgOPXVb4iSUEPD0Q=",
"owner": "aciceri",
"repo": "emacs",
"rev": "facb4171791d5bd4ce83e75a70a229b57b50e8aa",
"narHash": "sha256-3XYuaEmNTK13QyoRdsK3NqggKXy++uDeCYi0NFiLReU=",
"type": "git",
"url": "file:///home/ccr/.config/emacs"
},
"original": {
"type": "git",
"url": "file:///home/ccr/.config/emacs"
}
},
"colmena": {
"inputs": {
"flake-compat": "flake-compat",
"flake-utils": "flake-utils_2",
"nixpkgs": [
"nixpkgsUnstable"
],
"stable": [
"nixpkgsStable"
]
},
"locked": {
"lastModified": 1675730932,
"narHash": "sha256-XcmirehPIcZGS7PzkS3WvAYQ9GBlBvCxYToIOIV2PVE=",
"owner": "zhaofengli",
"repo": "colmena",
"rev": "e034c15825c439131e4489de5a82cf8e5398fa61",
"type": "github"
},
"original": {
"owner": "aciceri",
"repo": "emacs",
"owner": "zhaofengli",
"repo": "colmena",
"type": "github"
}
},
"comma": {
"inputs": {
"flake-compat": "flake-compat",
"flake-compat": "flake-compat_2",
"naersk": "naersk",
"nixpkgs": "nixpkgs_3",
"utils": "utils"
@ -179,7 +201,7 @@
"nci"
],
"drv-parts": "drv-parts",
"flake-compat": "flake-compat_2",
"flake-compat": "flake-compat_3",
"flake-parts": [
"helix",
"nci",
@ -388,11 +410,11 @@
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1673956053,
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
"lastModified": 1650374568,
"narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"rev": "b4a34015c698c7793d592d66adbab377907a2be8",
"type": "github"
},
"original": {
@ -404,11 +426,11 @@
"flake-compat_3": {
"flake": false,
"locked": {
"lastModified": 1668681692,
"narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=",
"lastModified": 1673956053,
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "009399224d5e398d03b22badca40a37ac85412a1",
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"type": "github"
},
"original": {
@ -434,6 +456,22 @@
}
},
"flake-compat_5": {
"flake": false,
"locked": {
"lastModified": 1668681692,
"narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "009399224d5e398d03b22badca40a37ac85412a1",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_6": {
"flake": false,
"locked": {
"lastModified": 1673956053,
@ -516,6 +554,21 @@
}
},
"flake-utils_3": {
"locked": {
"lastModified": 1659877975,
"narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_4": {
"locked": {
"lastModified": 1678901627,
"narHash": "sha256-U02riOqrKKzwjsxc/400XnElV+UtPUQWpANPlyazjH0=",
@ -530,7 +583,7 @@
"type": "github"
}
},
"flake-utils_4": {
"flake-utils_5": {
"locked": {
"lastModified": 1667395993,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
@ -544,7 +597,7 @@
"type": "indirect"
}
},
"flake-utils_5": {
"flake-utils_6": {
"locked": {
"lastModified": 1667395993,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
@ -700,6 +753,73 @@
"type": "github"
}
},
"hydra": {
"inputs": {
"nix": "nix",
"nixpkgs": [
"hydra",
"nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1679916613,
"narHash": "sha256-Nj9U0V7Zv7XoRDdO7ECphTk6jHfOgeZe6G0x4FQLpJ0=",
"owner": "NixOS",
"repo": "hydra",
"rev": "082495e34e094cae1eb49dbfc5648938e23c6355",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "hydra",
"type": "github"
}
},
"hyprland": {
"inputs": {
"hyprland-protocols": "hyprland-protocols",
"nixpkgs": [
"nixpkgsUnstable"
],
"wlroots": "wlroots",
"xdph": "xdph"
},
"locked": {
"lastModified": 1681677208,
"narHash": "sha256-R9b2/SZfkxuv54YDo4FUp65wgLREQ4gfYxfJ9mSMTno=",
"owner": "hyprwm",
"repo": "hyprland",
"rev": "c62ab1bee72cc4bda16a0574a8c9de7d71da314a",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "hyprland",
"type": "github"
}
},
"hyprland-protocols": {
"inputs": {
"nixpkgs": [
"hyprland",
"nixpkgs"
]
},
"locked": {
"lastModified": 1681065697,
"narHash": "sha256-QPzwwlGKX95tl6ZEshboZbEwwAXww6lNLdVYd6T9Mrc=",
"owner": "hyprwm",
"repo": "hyprland-protocols",
"rev": "4d29e48433270a2af06b8bc711ca1fe5109746cd",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "hyprland-protocols",
"type": "github"
}
},
"kernel-src": {
"flake": false,
"locked": {
@ -717,6 +837,22 @@
"type": "github"
}
},
"lowdown-src": {
"flake": false,
"locked": {
"lastModified": 1633514407,
"narHash": "sha256-Dw32tiMjdK9t3ETl5fzGrutQTzh2rufgZV4A/BbxuD4=",
"owner": "kristapsdz",
"repo": "lowdown",
"rev": "d2c2b44ff6c27b936ec27358a2653caaef8f73b8",
"type": "github"
},
"original": {
"owner": "kristapsdz",
"repo": "lowdown",
"type": "github"
}
},
"mk-naked-shell": {
"flake": false,
"locked": {
@ -807,8 +943,8 @@
},
"nil": {
"inputs": {
"flake-utils": "flake-utils_3",
"nixpkgs": "nixpkgs_5",
"flake-utils": "flake-utils_4",
"nixpkgs": "nixpkgs_6",
"rust-overlay": "rust-overlay_2"
},
"locked": {
@ -825,9 +961,30 @@
"type": "github"
}
},
"nix": {
"inputs": {
"lowdown-src": "lowdown-src",
"nixpkgs": "nixpkgs_5",
"nixpkgs-regression": "nixpkgs-regression"
},
"locked": {
"lastModified": 1677045134,
"narHash": "sha256-jUc2ccTR8f6MGY2pUKgujm+lxSPNGm/ZAP+toX+nMNc=",
"owner": "nixos",
"repo": "nix",
"rev": "4acc684ef7b3117c6d6ac12837398a0008a53d85",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "2.13.3",
"repo": "nix",
"type": "github"
}
},
"nix-serve-ng": {
"inputs": {
"flake-compat": "flake-compat_3",
"flake-compat": "flake-compat_4",
"nixpkgs": [
"nixpkgsUnstable"
],
@ -885,7 +1042,7 @@
},
"nixos-vscode-server": {
"inputs": {
"nixpkgs": "nixpkgs_6"
"nixpkgs": "nixpkgs_7"
},
"locked": {
"lastModified": 1676501444,
@ -1020,6 +1177,22 @@
"type": "github"
}
},
"nixpkgs-regression": {
"locked": {
"lastModified": 1643052045,
"narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
"type": "github"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1671271954,
@ -1132,6 +1305,22 @@
}
},
"nixpkgs_5": {
"locked": {
"lastModified": 1670461440,
"narHash": "sha256-jy1LB8HOMKGJEGXgzFRLDU1CBGL0/LlkolgnqIsF0D8=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "04a75b2eecc0acf6239acf9dd04485ff8d14f425",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-22.11-small",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_6": {
"locked": {
"lastModified": 1680487167,
"narHash": "sha256-9FNIqrxDZgSliGGN2XJJSvcDYmQbgOANaZA4UWnTdg4=",
@ -1147,7 +1336,7 @@
"type": "github"
}
},
"nixpkgs_6": {
"nixpkgs_7": {
"locked": {
"lastModified": 1672441588,
"narHash": "sha256-jx5kxOyeObnVD44HRebKYL3cjWrcKhhcDmEYm0/naDY=",
@ -1161,7 +1350,7 @@
"type": "indirect"
}
},
"nixpkgs_7": {
"nixpkgs_8": {
"locked": {
"lastModified": 1675942811,
"narHash": "sha256-/v4Z9mJmADTpXrdIlAjFa1e+gkpIIROR670UVDQFwIw=",
@ -1176,7 +1365,7 @@
"type": "indirect"
}
},
"nixpkgs_8": {
"nixpkgs_9": {
"locked": {
"lastModified": 1678470307,
"narHash": "sha256-OEeMUr3ueLIXyW/OaFUX5jUdimyQwMg/7e+/Q0gC/QE=",
@ -1194,8 +1383,8 @@
},
"nom": {
"inputs": {
"flake-utils": "flake-utils_4",
"nixpkgs": "nixpkgs_7",
"flake-utils": "flake-utils_5",
"nixpkgs": "nixpkgs_8",
"pre-commit-hooks": "pre-commit-hooks"
},
"locked": {
@ -1285,7 +1474,7 @@
},
"pre-commit-hooks": {
"inputs": {
"flake-compat": "flake-compat_4",
"flake-compat": "flake-compat_5",
"flake-utils": [
"nom",
"flake-utils"
@ -1313,8 +1502,8 @@
},
"pre-commit-hooks_2": {
"inputs": {
"flake-compat": "flake-compat_5",
"flake-utils": "flake-utils_5",
"flake-compat": "flake-compat_6",
"flake-utils": "flake-utils_6",
"gitignore": "gitignore_2",
"nixpkgs": [
"nixpkgsUnstable"
@ -1342,7 +1531,7 @@
"fan-control": "fan-control",
"flake-parts": "flake-parts_2",
"kernel-src": "kernel-src",
"nixpkgs": "nixpkgs_8",
"nixpkgs": "nixpkgs_9",
"nixpkgs-kernel": "nixpkgs-kernel",
"panfork": "panfork",
"tow-boot": "tow-boot",
@ -1367,6 +1556,7 @@
"agenix": "agenix",
"alejandra": "alejandra",
"ccrEmacs": "ccrEmacs",
"colmena": "colmena",
"comma": "comma",
"deadnix": "deadnix",
"disko": "disko",
@ -1374,6 +1564,8 @@
"helix": "helix",
"homeManager": "homeManager",
"homeManagerGitWorkspace": "homeManagerGitWorkspace",
"hydra": "hydra",
"hyprland": "hyprland",
"nil": "nil",
"nix-serve-ng": "nix-serve-ng",
"nixos-generators": "nixos-generators",
@ -1425,7 +1617,7 @@
},
"rust-overlay": {
"inputs": {
"flake-utils": "flake-utils_2",
"flake-utils": "flake-utils_3",
"nixpkgs": [
"helix",
"nixpkgs"
@ -1623,6 +1815,49 @@
"repo": "flake-utils",
"type": "github"
}
},
"wlroots": {
"flake": false,
"locked": {
"host": "gitlab.freedesktop.org",
"lastModified": 1680810405,
"narHash": "sha256-LmI/4Yp/pOOoI4RxLRx9I90NBsiqdRLVOfbATKlgpkg=",
"owner": "wlroots",
"repo": "wlroots",
"rev": "7abda952d0000b72d240fe1d41457b9288f0b6e5",
"type": "gitlab"
},
"original": {
"host": "gitlab.freedesktop.org",
"owner": "wlroots",
"repo": "wlroots",
"type": "gitlab"
}
},
"xdph": {
"inputs": {
"hyprland-protocols": [
"hyprland",
"hyprland-protocols"
],
"nixpkgs": [
"hyprland",
"nixpkgs"
]
},
"locked": {
"lastModified": 1681127512,
"narHash": "sha256-vklOOhBj5W8fii6yN4L2WY5ZeifBmsq3+mJ2wC1Pk9U=",
"owner": "hyprwm",
"repo": "xdg-desktop-portal-hyprland",
"rev": "04f579377a32781ce57c9cf4ba2a5bcb7f53fa97",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "xdg-desktop-portal-hyprland",
"type": "github"
}
}
},
"root": "root",

15
flake.nix
View file

@ -30,7 +30,19 @@
agenix.url = "github:ryantm/agenix";
comma.url = "github:nix-community/comma";
rock5b.url = "github:aciceri/rock5b-nixos";
ccrEmacs.url = "github:aciceri/emacs";
# ccrEmacs.url = "github:aciceri/emacs";
ccrEmacs.url = "/home/ccr/.config/emacs";
hyprland = {
url = "github:hyprwm/hyprland";
inputs.nixpkgs.follows = "nixpkgsUnstable";
};
colmena = {
url = "github:zhaofengli/colmena";
inputs = {
nixpkgs.follows = "nixpkgsUnstable";
stable.follows = "nixpkgsStable";
};
};
nix-serve-ng = {
url = "github:aristanetworks/nix-serve-ng";
inputs.nixpkgs.follows = "nixpkgsUnstable";
@ -39,6 +51,7 @@
url = "github:nix-community/nixos-generators";
inputs.nixpkgs.follows = "nixpkgsUnstable";
};
hydra.url = "github:NixOS/hydra";
nixos-vscode-server.url = "github:msteen/nixos-vscode-server";
helix.url = "github:helix-editor/helix";
nil.url = "github:oxalica/nil";

5
hmModules/git/default.nix
View file

@ -28,7 +28,10 @@ in {
# };
extraConfig.url = {
"ssh://git@github.com/" = {insteadOf = "https://github.com/";};
"ssh://git@github.com/".insteadOf = "https://github.com/";
# Workaround: https://github.com/rust-lang/cargo/issues/3381#issuecomment-1193730972
"https://github.com/rust-lang/crates.io-index".insteadOf = "https://github.com/rust-lang/crates.io-index";
"https://github.com/RustSec/advisory-db".insteadOf = "https://github.com/RustSec/advisory-db";
};
delta = {

3
hmModules/hyprland/default.nix Normal file
View file

@ -0,0 +1,3 @@
{
wayland.windowManager.hyprland.enable = true;
}

25
hosts/default.nix
View file

@ -157,9 +157,13 @@
config = {
fleet.hosts = {
thinkpad = {
extraModules = [inputs.nixosHardware.nixosModules.lenovo-thinkpad-x1-7th-gen];
extraHmModules = [
inputs.ccrEmacs.hmModules.default
extraModules = with inputs; [
nixosHardware.nixosModules.lenovo-thinkpad-x1-7th-gen
hyprland.nixosModules.default
];
extraHmModules = with inputs; [
ccrEmacs.hmModules.default
hyprland.homeManagerModules.default
];
secrets = {
"thinkpad-wireguard-private-key" = {};
@ -191,6 +195,7 @@
extraModules = with inputs; [
disko.nixosModules.disko
nix-serve-ng.nixosModules.default
hydra.nixosModules.hydra
];
extraHmModules = [
inputs.ccrEmacs.hmModules.default
@ -220,5 +225,19 @@
lib.mapAttrs
config.fleet._mkNixosConfiguration
config.fleet.hosts;
flake.colmena =
{
meta = {
nixpkgs = inputs.nixpkgsUnstable.legacyPackages.x86_64-linux;
nodeNixpkgs = builtins.mapAttrs (name: value: value.pkgs) self.nixosConfigurations;
nodeSpecialArgs = builtins.mapAttrs (name: value: value._module.specialArgs) self.nixosConfigurations;
};
}
// builtins.mapAttrs (name: config: {
imports = config._module.args.modules;
deployment.targetHost = "${name}.fleet";
})
self.nixosConfigurations;
};
}

1
hosts/mothership/default.nix
View file

@ -14,6 +14,7 @@
"ccr"
"nix"
"vm-sala"
"vm-mara"
"hydra"
"nix-serve"
"cgit"

2
hosts/thinkpad/default.nix
View file

@ -23,6 +23,7 @@
"docker"
"fonts"
"fprintd"
"hyprland"
"printing"
"qmk-udev"
"ssh"
@ -56,6 +57,7 @@
"shell"
"slack"
"sway"
"hyprland"
"udiskie"
"vscode"
"xdg"

12
modules/cgit/config.nix
View file

@ -40,9 +40,6 @@ in {
};
forceSSL = true;
enableACME = true;
# locations."/" = {
# proxyPass = "http://127.0.0.1:${builtins.toString config.services.hydra.port}";
# };
};
systemd.services.cgit-setup-repos = {
@ -54,4 +51,13 @@ in {
wantedBy = ["multi-user.target"];
script = builtins.toString cgit-setup-repos;
};
systemd.timers.cgit-setup-repos = {
wantedBy = ["timers.target"];
partOf = ["cgit-setup-repos.service"];
timerConfig = {
OnCalendar = "*-*-* 4:00:00"; # daily at 4 AM
Unit = "cgit-setup-repos.service";
};
};
}

11
modules/hydra/default.nix
View file

@ -104,11 +104,10 @@ in {
allowed-uris = https://github.com/ git://git.savannah.gnu.org/ https://git.sr.ht
'';
services.hydra = {
services.hydra-dev = {
enable = true;
hydraURL = "https://${cfg.domain}";
notificationSender = "hydra@mothership.fleet";
buildMachinesFiles = [];
useSubstitutes = true;
extraConfig =
''
@ -148,6 +147,14 @@ in {
touch ~hydra/.setup-is-complete
fi
mkdir -p /var/lib/hydra/.ssh
cp /home/ccr/.ssh/id_rsa* /var/lib/hydra/.ssh/
chown -R hydra:hydra /var/lib/hydra/.ssh
mkdir -p /var/lib/hydra/queue-runner/.ssh
cp /home/ccr/.ssh/id_rsa* /var/lib/hydra/queue-runner/.ssh/
chown -R hydra-queue-runner:hydra /var/lib/hydra/queue-runner/.ssh
curl --head -X GET --retry 5 --retry-connrefused --retry-delay 1 http://localhost:3000
CURRENT_REPOS=$(curl -s -H "Accept: application/json" http://localhost:3000 | yq ".[].name")

3
modules/hyprland/default.nix Normal file
View file

@ -0,0 +1,3 @@
{
programs.hyprland.enable = true;
}

5
modules/nix/default.nix
View file

@ -44,10 +44,11 @@
hostName = "rock5b.fleet";
system = "aarch64-linux";
maxJobs = 6;
speedFactor = 2;
speedFactor = 1;
supportedFeatures = ["nixos-test" "benchmark" "big-parallel" "kvm"];
mandatoryFeatures = [];
sshKey = "/etc/ssh/ssh_host_ed25519_key";
sshKey = "/var/lib/hydra/queue-runner/.ssh/id_rsa";
sshUser = "root";
}
];
distributedBuilds = true;

49
modules/vm-mara/default.nix Normal file
View file

@ -0,0 +1,49 @@
{
pkgs,
lib,
fleetFlake,
...
}: {
security.polkit.enable = true;
virtualisation.libvirtd.enable = true;
networking.firewall.interfaces."wg0".allowedTCPPorts = [
5900 # vnc by QEMU
3389 # rdp installed in Windows itself
];
boot.kernelParams = [
"intel_iommu=on"
"iommu=pt"
];
systemd.services.vm-mara = let
start-vm = pkgs.writeShellApplication {
name = "start-vm";
runtimeInputs = with pkgs; [qemu];
text = ''
[ ! -f /var/lib/vm-mara/w10.qcow2 ] && \
qemu-img create -f qcow2 /var/lib/vm-mara/w10.qcow2 50G
qemu-system-x86_64 \
-enable-kvm \
-cpu host \
-smp 2 \
-m 4096 \
-nic user,model=virtio-net-pci,hostfwd=tcp::3389-:3389 \
-vnc :0 \
-cdrom /var/lib/vm-mara/virtio-win.iso \
-device nec-usb-xhci,id=usb,bus=pci.0,addr=0x4 \
-device usb-tablet \
-audiodev alsa,id=snd0,out.try-poll=off -device ich9-intel-hda -device hda-output,audiodev=snd0 \
-drive file=/var/lib/vm-mara/w10.qcow2
'';
};
in {
wantedBy = ["multi-user.target"];
after = ["network.target"];
serviceConfig = {
ExecStart = "${start-vm}/bin/start-vm";
};
};
}

1
packages/default.nix
View file

@ -24,6 +24,7 @@
statix.overlays.default
nil.overlays.default
alejandra.overlays.default
colmena.overlays.default
(final: _: {
inherit (disko.packages.${final.system}) disko;
inherit (self.packages.${final.system}) deploy;

2
packages/deploy/deploy.sh
View file

@ -3,5 +3,7 @@ host=${1-mothership}
nixos-rebuild switch \
--flake ".#${host}" \
--target-host "root@${host}.fleet" \
--build-host "root@${host}.fleet" \
--option warn-dirty false \
--fast \
"${@:2}"

1
shell/default.nix
View file

@ -14,6 +14,7 @@
alejandra
disko
deploy
colmena
];
shellHook = ''
export RULES="$(git rev-parse --show-toplevel)/secrets/default.nix";