Compare commits

..

No commits in common. "cfc8962db507bae3100b6659b7bd3236c4f33430" and "20db0080e27acddb885ab4e5bc3430114dea9723" have entirely different histories.

11 changed files with 29 additions and 217 deletions

View file

@ -59,11 +59,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1731927242, "lastModified": 1731922168,
"narHash": "sha256-VqNdt5MuVwuWCmwgqWuuj9tDHFtRKMhSsV4ABLNYCaM=", "narHash": "sha256-kDHZXas6YvkNWq5Ab038/MMPfobB6rSuJhJTp7V5K1Y=",
"owner": "darkkirb", "owner": "darkkirb",
"repo": "element-web", "repo": "element-web",
"rev": "d5c12e1ef1497a2c1f905e4e6f2616c76a63ee72", "rev": "c2e3d1415eb376f7c09d0f48c69779936e2e26d6",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -170,11 +170,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1731968878, "lastModified": 1731887066,
"narHash": "sha256-+hTCwETOE9N8voTAaF+IzdUZz28Ws3LDpH90FWADrEE=", "narHash": "sha256-uw7K/RsYioJicV79Nl39yjtfhdfTDU2aRxnBgvFhkZ8=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "a42fa14b53ceab66274a21da480c9f8e06204173", "rev": "f3a2ff69586f3a54b461526e5702b1a2f81e740a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -237,11 +237,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1731992627, "lastModified": 1731683711,
"narHash": "sha256-OjrXEVD8LtZB5X7LtPCdNx4n5iZOQ2nJmpDlM/foEkI=", "narHash": "sha256-bq21I1EjXJa/s5Rra9J9ot2NkPCnI0F5uNPurwYLdpE=",
"ref": "refs/heads/main", "ref": "refs/heads/main",
"rev": "f116608a20430b8484814300cdf22eebeb75a59f", "rev": "c859d03013712b349d82ee6223948d6d03e63a8d",
"revCount": 16504, "revCount": 16489,
"type": "git", "type": "git",
"url": "https://git.lix.systems/lix-project/lix" "url": "https://git.lix.systems/lix-project/lix"
}, },
@ -266,11 +266,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1731967274, "lastModified": 1731185731,
"narHash": "sha256-n6dPGRlMGdL8X5gviA6ZuRfUdbdD5KiNN/BpABA5YT0=", "narHash": "sha256-RNaIu43b9PoXEhW4OqXUNZKY/jezQyCYWwdv1M0VjsA=",
"ref": "refs/heads/main", "ref": "refs/heads/main",
"rev": "aa2846680fa9a2032939d720487942567fd9eb63", "rev": "691193879d96bdfd1e6ab5ebcca2fadc7604cf34",
"revCount": 119, "revCount": 117,
"type": "git", "type": "git",
"url": "https://git.lix.systems/lix-project/nixos-module" "url": "https://git.lix.systems/lix-project/nixos-module"
}, },
@ -321,11 +321,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1731981189, "lastModified": 1731894894,
"narHash": "sha256-EnDFNJq3CuPLZ+3BxGDAqIckbK5pBkUFt3nqLafni4o=", "narHash": "sha256-HB7VHbDE+05HqreoLp9QG4sntsqV0IHo2yB1bpD1tVw=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nix-vscode-extensions", "repo": "nix-vscode-extensions",
"rev": "6f1845dd71ddeb7463856750c5e0cb6c122bb87a", "rev": "0982ffd1c37d8ef1a202d920e33b27b59ff30ca7",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -374,11 +374,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1731996196, "lastModified": 1731912056,
"narHash": "sha256-fNF6oEGzg7vclYmALW3b9oWA64aFaE2ot7Tp2wkUx3c=", "narHash": "sha256-1icSuV0/AtuA3CSFKs3PE2Q/BOMUgITRjQGcZzan3sI=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "5c65b89442e723670aca4eae632a275b765a90b1", "rev": "fbc12b07e2ca85b424d6d7877ac711254d2d160b",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -509,11 +509,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1731983527, "lastModified": 1731897198,
"narHash": "sha256-JECaBgC0pQ91Hq3W4unH6K9to8s2Zl2sPNu7bLOv4ek=", "narHash": "sha256-Ou7vLETSKwmE/HRQz4cImXXJBr/k9gp4J4z/PF8LzTE=",
"owner": "oxalica", "owner": "oxalica",
"repo": "rust-overlay", "repo": "rust-overlay",
"rev": "71287228d96e9568e1e70c6bbfa3f992d145947b", "rev": "0be641045af6d8666c11c2c40e45ffc9667839b5",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -525,11 +525,11 @@
"rycee-nur-expressions": { "rycee-nur-expressions": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1731989000, "lastModified": 1731902594,
"narHash": "sha256-jOXdFK0+BHuS/B8w0VDGEy2wxsKZlfLyML5sIugc56U=", "narHash": "sha256-uSkuDGR4nPtA2ObotrF2G2fmHDEHVG7bKVb0ZLr4Cew=",
"ref": "refs/heads/master", "ref": "refs/heads/master",
"rev": "23c5920be219c5e14b32bdb9987314be13941adf", "rev": "41a1d21207361f9369670da9d01c88fcdbfb25c3",
"revCount": 3916, "revCount": 3913,
"type": "git", "type": "git",
"url": "https://gitlab.com/rycee/nur-expressions" "url": "https://gitlab.com/rycee/nur-expressions"
}, },

View file

@ -184,10 +184,6 @@
config = ./machine/not522/installer; config = ./machine/not522/installer;
system = "riscv64-linux"; system = "riscv64-linux";
}; };
oracle-installer = {
config = ./machine/oracle-installer;
system = "aarch64-linux";
};
pc-installer = { pc-installer = {
config = ./machine/pc-installer; config = ./machine/pc-installer;
system = "x86_64-linux"; system = "x86_64-linux";

View file

@ -1 +0,0 @@
Taken from https://github.com/cleverca22/nix-tests/tree/master/kexec, released under the apache 2.0 license

View file

@ -1,21 +0,0 @@
{ config, lib, ... }:
{
options = {
kexec.autoReboot = lib.mkOption {
default = true;
description = "auto-reboot at the end of the hour";
type = lib.types.bool;
};
};
config = lib.mkIf config.kexec.autoReboot {
systemd.timers.autoreboot = {
partOf = [ "autoreboot.service" ];
wantedBy = [ "timers.target" ];
timerConfig.OnCalendar = "hourly";
};
systemd.services.autoreboot = {
script = "shutdown -r +5";
};
};
}

View file

@ -1,32 +0,0 @@
# new cmd: nix-build '<nixpkgs/nixos>' -A config.system.build.kexec_tarball -I nixos-config=./configuration.nix -Q -j 4
{
lib,
nixpkgs,
...
}:
with lib;
{
imports = [
"${nixpkgs}/nixos/modules/installer/netboot/netboot-minimal.nix"
./autoreboot.nix
./kexec.nix
];
boot.supportedFilesystems = lib.mkForce [
"btrfs"
"vfat"
];
boot.loader.grub.enable = false;
boot.kernelParams = [
"console=ttyS0,115200" # allows certain forms of remote access, if the hardware is setup right
"panic=30"
"boot.panic_on_fail" # reboot the machine upon fatal boot issues
];
systemd.services.sshd.wantedBy = mkForce [ "multi-user.target" ];
networking.hostName = "kexec";
# example way to embed an ssh pubkey into the tar
# users.users.root.openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC34wZQFEOGkA5b0Z6maE3aKy/ix1MiK1D0Qmg4E9skAA57yKtWYzjA23r5OCF4Nhlj1CuYd6P1sEI/fMnxf+KkqqgW3ZoZ0+pQu4Bd8Ymi3OkkQX9kiq2coD3AFI6JytC6uBi6FaZQT5fG59DbXhxO5YpZlym8ps1obyCBX0hyKntD18RgHNaNM+jkQOhQ5OoxKsBEobxQOEdjIowl2QeEHb99n45sFr53NFqk3UCz0Y7ZMf1hSFQPuuEC/wExzBBJ1Wl7E1LlNA4p9O3qJUSadGZS4e5nSLqMnbQWv2icQS/7J8IwY0M8r1MsL8mdnlXHUofPlG1r4mtovQ2myzOx clever@nixos" ];
}

View file

@ -1,33 +0,0 @@
{
nixos-config,
pkgs,
lib,
...
}:
{
imports = [
./configuration.nix
"${nixos-config}/config"
];
# Make it use predictable interface names starting with eth0
boot.kernelParams = [ "net.ifnames=0" ];
networking.useDHCP = true;
isInstaller = true;
environment.impermanence.enable = false;
boot.initrd.systemd.enable = lib.mkForce false;
home-manager.sharedModules = [ { home.persistence = lib.mkForce { }; } ];
environment.systemPackages = [
(pkgs.writeShellScriptBin "install-oracle-unattended" ''
set -eux
exec ${pkgs.disko}/bin/disko-install --flake "${nixos-config}#oracle" --disk main "${nixos-config.nixosConfigurations.thinkrac.config.disko.devices.disk.main.device}"
'')
];
users.users.root.openssh.authorizedKeys.keys = [
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIDXQlfvRUm/z6eP1EjsajIbMibkq9n+ymlbBi7NFiOuaAAAABHNzaDo= ssh:"
];
}

View file

@ -1,51 +0,0 @@
{ pkgs, config, ... }:
{
system.build = rec {
image = pkgs.runCommand "image" { buildInputs = [ pkgs.nukeReferences ]; } ''
mkdir $out
cp ${config.system.build.kernel}/${config.system.boot.loader.kernelFile} $out/kernel
cp ${config.system.build.netbootRamdisk}/initrd $out/initrd
echo "init=${builtins.unsafeDiscardStringContext config.system.build.toplevel}/init ${toString config.boot.kernelParams}" > $out/cmdline
nuke-refs $out/kernel
'';
kexec_script = pkgs.writeTextFile {
executable = true;
name = "kexec-nixos";
text = ''
#!${pkgs.stdenv.shell}
export PATH=${pkgs.kexectools}/bin:${pkgs.cpio}/bin:$PATH
set -x
set -e
cd $(mktemp -d)
pwd
mkdir initrd
pushd initrd
if [ -e /ssh_pubkey ]; then
cat /ssh_pubkey >> authorized_keys
fi
find -type f | cpio -o -H newc | gzip -9 > ../extra.gz
popd
cat ${image}/initrd extra.gz > final.gz
kexec -l ${image}/kernel --initrd=final.gz --append="init=${builtins.unsafeDiscardStringContext config.system.build.toplevel}/init ${toString config.boot.kernelParams}"
sync
echo "executing kernel, filesystems will be improperly umounted"
kexec -e
'';
};
};
boot.initrd.postMountCommands = ''
mkdir -p /mnt-root/root/.ssh/
cp /authorized_keys /mnt-root/root/.ssh/
'';
system.build.kexec_tarball = pkgs.callPackage (pkgs.path + "/nixos/lib/make-system-tarball.nix") {
storeContents = [
{
object = config.system.build.kexec_script;
symlink = "/kexec_nixos";
}
];
contents = [ ];
};
}

View file

@ -47,6 +47,7 @@
options usbcore autosuspend=2 options usbcore autosuspend=2
# Fan control for thinkpads # Fan control for thinkpads
options thinkpad_acpi fan_control=1 options thinkpad_acpi fan_control=1
options zfs zfs_arc_max=4294967296
''; '';
boot.kernel.sysctl = { boot.kernel.sysctl = {
# Probably unnecessary # Probably unnecessary

View file

@ -1,7 +1,4 @@
{ ... }: { ... }:
{ {
networking.firewall.allowedTCPPorts = [ networking.firewall.enable = false;
8080
9090
];
} }

View file

@ -1,30 +0,0 @@
{
config,
pkgs,
lib,
...
}:
{
imports = [
./pgbouncer.nix
];
services.postgresql = {
enable = true;
enableJIT = true;
enableTCPIP = true;
package = pkgs.postgresql_17_jit;
authentication = lib.mkForce ''
local all all trust
host all all 127.0.0.1 scram-sha-256
'';
};
services.postgresqlBackup = {
compression = "zstd";
compressionLevel = 19;
enable = true;
};
environment.persistence."/persistent".directories = [
"${config.postgresql.dataDir}"
"${config.postgresqlLocation.location}"
];
}

View file

@ -1,14 +0,0 @@
{ config, ... }:
{
services.pgbouncer = {
enable = true;
settings = {
pgbouncer = {
listen_addr = "localhost";
auth_type = "scram-sha-256";
auth_file = config.sops.secrets."services/pgbouncer/settings/pgbouncer/auth".path;
};
};
};
sops.secrets."services/pgbouncer/settings/pgbouncer/auth".sopsFile = ./${config.networking.hostName}.yaml;
}