Merge pull request 'update' (#117) from update-flake into main

Reviewed-on: #117
This commit is contained in:
Charlotte 🦝 Delenk 2023-06-27 01:24:29 +00:00
commit 22bd754134
Signed by: gitea-bot
GPG key ID: C9974EDF9932B558
9 changed files with 172 additions and 136 deletions

View file

@ -20,6 +20,7 @@
./services/postgres.nix
./services/woodpecker-agent.nix
./users/remote-build.nix
../modules/bcachefs.nix
];
hardware.cpu.amd.updateMicrocode = true;
boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" "sr_mod" "k10temp"];
@ -29,7 +30,7 @@
config.boot.kernelPackages.zenpower
];
boot.kernelPackages = lib.mkForce pkgs.linuxPackages_testing_bcachefs;
boot.kernelPackages = lib.mkForce (pkgs.linuxPackagesFor pkgs.linux-bcachefs);
boot.supportedFilesystems = lib.mkForce ["bcachefs" "vfat"];
fileSystems."/" = {

View file

@ -81,14 +81,13 @@
fileSystems = {
"/boot" = {
device = "/dev/disk/by-label/FIRMWARE";
device = "/dev/disk/by-uuid/1234-ABCD";
fsType = "vfat";
options = ["nofail"];
};
"/" = {
device = "192.168.2.1:/export/vf2";
fsType = "nfs";
options = ["nofail" "local_lock=all" "nfsvers=4.2"];
device = "/dev/disk/by-uuid/b4e8cbe8-a233-444f-920b-c253339a44d6";
fsType = "ext4";
};
};
hardware.deviceTree.name = "starfive/jh7110-starfive-visionfive-2-v1.3b.dtb";
@ -135,4 +134,5 @@
boot.binfmt.emulatedSystems = [
"x86_64-linux"
];
boot.loader.efi.canTouchEfiVariables = lib.mkForce false;
}

View file

@ -496,11 +496,11 @@
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1685727810,
"narHash": "sha256-Xms7zCEH7HkrOeyQI/puQx3wviz1GwIUcsUHR5kWTcA=",
"lastModified": 1687282304,
"narHash": "sha256-69exHcIjkYmJtXmHiJEgma0jhg90DpH2PXNGkQgxnM0=",
"owner": "EmaApps",
"repo": "emanote",
"rev": "5b24bd04f94e03afe66ee01da723e4a05d854953",
"rev": "fec2dc9b8336a2ab5c4218af4c10b4ebc88a4540",
"type": "github"
},
"original": {
@ -830,11 +830,11 @@
},
"haskell-flake": {
"locked": {
"lastModified": 1686848176,
"narHash": "sha256-JUQ/Oqmp7yOhGiXCWzHqK05F6HEQu3Fyb/AxtSYGkSQ=",
"lastModified": 1687547380,
"narHash": "sha256-AHetxX1xCf87UcyExP3oJF5MDD7uVTsKD0SPGr9KEo8=",
"owner": "srid",
"repo": "haskell-flake",
"rev": "c5e908e1c959100416c2df35411bd363fac71406",
"rev": "57cd5068787de5571cc6dd60431a0fa255d12a1f",
"type": "github"
},
"original": {
@ -865,11 +865,11 @@
]
},
"locked": {
"lastModified": 1687041769,
"narHash": "sha256-lPDVNMrDF/hOVy+P8pEtKzvSN/Akk9RbDcyNuvW1T+M=",
"lastModified": 1687647343,
"narHash": "sha256-1/o/i9KEFOBdlF9Cs04kBcqDFbYMt6W4SMqGa+QnnaI=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "edf9cf65238609db16680be74fe28d4d4858476e",
"rev": "0ee5ab611dc1fbb5180bd7d88d2aeb7841a4d179",
"type": "github"
},
"original": {
@ -902,11 +902,11 @@
"hosts-list": {
"flake": false,
"locked": {
"lastModified": 1687024865,
"narHash": "sha256-4KEIC4buY2L2NFdIQVpkZPc26QRfVerQRsY2XqKTjNI=",
"lastModified": 1687530518,
"narHash": "sha256-ufJ2LfZprKQl4mG3/RdJHd4b08QeH1yUDvXjTqB/xnc=",
"owner": "StevenBlack",
"repo": "hosts",
"rev": "6b64d2e573869b88c5c688a776b84f0062bfb7ab",
"rev": "570fb4302a02a7bba80973c4a5d80b41f34cc852",
"type": "github"
},
"original": {
@ -1226,11 +1226,11 @@
]
},
"locked": {
"lastModified": 1687068046,
"narHash": "sha256-Snh69PYUR8E56W6QtB210mhd9WiWs9umuQzpMOOOXN0=",
"lastModified": 1687708750,
"narHash": "sha256-3kOrSanzNn+BFqV+AmpQoxSlZXolnCt9GL6P5mBlE/E=",
"ref": "main",
"rev": "a9d8644c34f0b9821a4db5703a360824c1ca29be",
"revCount": 914,
"rev": "b15e4ae106af506fec5a1549c7250ce7f6d8d7d5",
"revCount": 922,
"type": "git",
"url": "https://git.chir.rs/darkkirb/nix-packages.git"
},
@ -1553,11 +1553,11 @@
},
"nixpkgs_5": {
"locked": {
"lastModified": 1687067358,
"narHash": "sha256-72Q/fToYtFauPR4+cjzrn1QsAfvwBktXKmGarBQnBrE=",
"lastModified": 1687708260,
"narHash": "sha256-yDKHrL1nRIwe7d81WZoUKpjCsqk0/mJwjlq+InarGZo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "d7bc334a6cb316952aa0187590e15ea589743cd9",
"rev": "06429924a77c374940b0ac0c87d669ccda48cdc5",
"type": "github"
},
"original": {
@ -1583,11 +1583,11 @@
},
"nur_2": {
"locked": {
"lastModified": 1687061392,
"narHash": "sha256-NYwmbCnNfxkEI8kkDFjvIfA+yWqe4ief4J9CVTGbC18=",
"lastModified": 1687703991,
"narHash": "sha256-qobiIdBXPNWHEembddq5EIwg8MFYtl5JVZY4yR4pD5c=",
"owner": "nix-community",
"repo": "NUR",
"rev": "dc059a33ffca01b284fb75a37f1f3445c348147a",
"rev": "ff6e6849d68109e7feefe1346def311bb4d8c3a7",
"type": "github"
},
"original": {
@ -1658,11 +1658,11 @@
]
},
"locked": {
"lastModified": 1687055571,
"narHash": "sha256-UvLoO6u5n9TzY80BpM4DaacxvyJl7u9mm9CA72d309g=",
"lastModified": 1687660699,
"narHash": "sha256-crI/CA/OJc778I5qJhwhhl8/PKKzc0D7vvVxOtjfvSo=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "2de557c780dcb127128ae987fca9d6c2b0d7dc0f",
"rev": "b3bd1d49f1ae609c1d68a66bba7a95a9a4256031",
"type": "github"
},
"original": {
@ -1706,11 +1706,11 @@
]
},
"locked": {
"lastModified": 1687058111,
"narHash": "sha256-xDSn/APfAdJinHV4reTfplX5XnLsJSGdVwHpmdgP9Mo=",
"lastModified": 1687398569,
"narHash": "sha256-e/umuIKFcFtZtWeX369Hbdt9r+GQ48moDmlTcyHWL28=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "1634d2da53f079e7f5924efa7a96511cd9596f81",
"rev": "2ff6973350682f8d16371f8c071a304b8067f192",
"type": "github"
},
"original": {

82
modules/bcachefs.nix Normal file
View file

@ -0,0 +1,82 @@
{
config,
lib,
pkgs,
utils,
...
}:
with lib; let
bootFs = filterAttrs (n: fs: (fs.fsType == "bcachefs") && (utils.fsNeededForBoot fs)) config.fileSystems;
mountCommand = pkgs.runCommand "mount.bcachefs" {} ''
mkdir -p $out/bin
cat > $out/bin/mount.bcachefs <<EOF
#!/bin/sh
exec "/bin/bcachefs" mount "\$@"
EOF
chmod +x $out/bin/mount.bcachefs
'';
commonFunctions = ''
prompt() {
local name="$1"
printf "enter passphrase for $name: "
}
tryUnlock() {
local name="$1"
local path="$2"
if bcachefs unlock -c $path > /dev/null 2> /dev/null; then # test for encryption
prompt $name
until bcachefs unlock $path 2> /dev/null; do # repeat until successfully unlocked
printf "unlocking failed!\n"
prompt $name
done
printf "unlocking successful.\n"
fi
}
'';
openCommand = name: fs: let
# we need only unlock one device manually, and cannot pass multiple at once
# remove this adaptation when bcachefs implements mounting by filesystem uuid
# also, implement automatic waiting for the constituent devices when that happens
# bcachefs does not support mounting devices with colons in the path, ergo we don't (see #49671)
firstDevice = head (splitString ":" fs.device);
in ''
tryUnlock ${name} ${firstDevice}
'';
in {
config = mkIf (elem "bcachefs" config.boot.supportedFilesystems) (mkMerge [
{
# We do not want to include bachefs in the fsPackages for systemd-initrd
# because we provide the unwrapped version of mount.bcachefs
# through the extraBin option, which will make it available for use.
system.fsPackages = lib.optional (!config.boot.initrd.systemd.enable) pkgs.bcachefs-tools;
environment.systemPackages = lib.optional (config.boot.initrd.systemd.enable) pkgs.bcachefs-tools;
# use kernel package with bcachefs support until it's in mainline
boot.kernelPackages = pkgs.linuxPackages_testing_bcachefs;
}
(mkIf ((elem "bcachefs" config.boot.initrd.supportedFilesystems) || (bootFs != {})) {
# chacha20 and poly1305 are required only for decryption attempts
boot.initrd.availableKernelModules = ["bcachefs" "sha256" "chacha20" "poly1305"];
boot.initrd.systemd.extraBin = {
"bcachefs" = "${pkgs.bcachefs-tools}/bin/bcachefs";
"mount.bcachefs" = "${mountCommand}/bin/mount.bcachefs";
};
boot.initrd.extraUtilsCommands = lib.mkIf (!config.boot.initrd.systemd.enable) ''
copy_bin_and_libs ${pkgs.bcachefs-tools}/bin/bcachefs
copy_bin_and_libs ${mountCommand}/bin/mount.bcachefs
'';
boot.initrd.extraUtilsCommandsTest = ''
$out/bin/bcachefs version
'';
boot.initrd.postDeviceCommands = commonFunctions + concatStrings (mapAttrsToList openCommand bootFs);
})
]);
disabledModules = ["tasks/filesystems/bcachefs.nix"];
}

View file

@ -1,7 +1,7 @@
{fetchurl}: {
core = fetchurl {
url = "https://dev.bukkit.org/projects/dynmap/files/4371728/download";
sha256 = "12n0s4qhc5gbsw649jpjyn7x4g4ilkbqq188l2r4wpwp38l134a0";
url = "https://dev.bukkit.org/projects/dynmap/files/4600162/download";
sha256 = "a49b03ea1fd6ad4fbd94fdb1b8ec25a1d8b989744740ef82cc4145222fb326bd";
name = "Dynmap.jar";
};
}

View file

@ -90,15 +90,15 @@ in rec {
'';
};
essentialsx = fetchurl {
url = "https://github.com/EssentialsX/Essentials/releases/download/2.19.7/EssentialsX-2.19.7.jar";
sha256 = "1pnlgnb61psdhc4zb2y5p577ryk4c5kdyk3v0p3nnr0nnsabqldm";
url = "https://github.com/EssentialsX/Essentials/releases/download/2.20.0/EssentialsX-2.20.0.jar";
sha256 = "2c55dafb9350bebec21b530aba18a51f770d95356b218427ba9b5840e4aabbc8";
};
essentialsx-chat = fetchurl {
url = "https://github.com/EssentialsX/Essentials/releases/download/2.19.7/EssentialsXChat-2.19.7.jar";
sha256 = "1w86yrld44l0zlkvvykkypygp818h9l5wfn3v6q9z19q9zhsirm1";
url = "https://github.com/EssentialsX/Essentials/releases/download/2.20.0/EssentialsXChat-2.20.0.jar";
sha256 = "095a6c95183ecf900efd7007554a2caea00eb7851cf8965893dab1483f00fd81";
};
essentialsx-spawn = fetchurl {
url = "https://github.com/EssentialsX/Essentials/releases/download/2.19.7/EssentialsXSpawn-2.19.7.jar";
sha256 = "08vlvhw9wmg6bfc2rq4df3ahf7n54vwf9nx7bw3qz27zka0rv3w7";
url = "https://github.com/EssentialsX/Essentials/releases/download/2.20.0/EssentialsXSpawn-2.20.0.jar";
sha256 = "df3203cf052cdaf15554d5cbebec889b049b1e5b4d33bf497ea8b4a91e37e10c";
};
}

View file

@ -110,6 +110,6 @@ in
}
*/
fetchurl {
url = "https://ci.lucko.me/job/LuckPerms/lastSuccessfulBuild/artifact/bukkit/loader/build/libs/LuckPerms-Bukkit-5.4.61.jar";
sha256 = "0av151zqddjrs5nf2z5smfd836kk0alc5mj4ci7xswl369b2whwb";
url = "https://ci.lucko.me/job/LuckPerms/lastSuccessfulBuild/artifact/bukkit/loader/build/libs/LuckPerms-Bukkit-5.4.94.jar";
sha256 = "b8c3e38bb5738ca5678b4e8b14c5fef3484eba3da6455fa3ac6a67c923ff539d";
}

View file

@ -10,9 +10,9 @@
name = "Multiverse-NetherPortals-4.2.2.jar";
};
sign-portals = fetchurl {
url = "https://dev.bukkit.org/projects/multiverse-signportals/files/3074605/download";
sha256 = "f4eb45039884a9cad891cef6f7b0a27f36f8bf62b2cb64dd2eb43837146c2dd9";
name = "Multiverse-SignPortals-4.2.0.jar";
url = "https://dev.bukkit.org/projects/multiverse-signportals/files/4414231/download";
sha256 = "5170c1d0265a6a9e1da70fb331957e0c55e38eb8846e57b1ed272791bf5eb332";
name = "Multiverse-SignPortals-4.2.1.jar";
};
inventories = fetchurl {
url = "https://dev.bukkit.org/projects/multiverse-inventories/files/3687469/download";

View file

@ -1,53 +1,6 @@
{
fetchFromGitHub,
findutils,
maven,
openjdk8_headless,
stdenv,
}: let
pname = "Vault";
version = "1.7.3";
src = fetchFromGitHub {
owner = "MilkBowl";
repo = "Vault";
rev = version;
sha256 = "05g24xzi7ksncz9rjmwqva2cm7mm88i6qy49a9ad6wa0cgsf660h";
};
deps = stdenv.mkDerivation {
name = "${pname}-deps";
inherit version src;
buildPhase = ''
export JAVA_HOME=${openjdk8_headless}
${maven}/bin/mvn package -Dmaven.repo.local=$out/.m2
'';
installPhase = ''
${findutils}/bin/find $out -type f \
-name \*.lastUpdated -or \
-name resolver-status.properties -or \
-name _remote.repositories \
-delete
'';
dontFixup = true;
outputHashAlgo = "sha256";
outputHashMode = "recursive";
outputHash = "sha256-KKw9bJ7CefWM2SbnAVy1IhBZ5PU0cgaqVdNH2ooQkSc=";
};
in
stdenv.mkDerivation {
inherit pname version src;
name = "${pname}-${version}.jar";
buildPhase = ''
export JAVA_HOME=${openjdk8_headless}
cp -dpR ${deps}/.m2 ./
chmod +w -R .m2
${maven}/bin/mvn package --offline -Dmaven.repo.local=$(pwd)/.m2
'';
installPhase = ''
cp target/${pname}-${version}.jar $out
'';
{fetchurl}:
fetchurl {
url = "https://github.com/MilkBowl/Vault/releases/download/1.7.3/Vault.jar";
sha256 = "a6b5ed97f43a5cf5bbaf00a7c8cd23c5afc9bd003f849875af8b36e6cf77d01d";
name = "Vault.jar";
}