Compare commits
No commits in common. "cfc8962db507bae3100b6659b7bd3236c4f33430" and "20db0080e27acddb885ab4e5bc3430114dea9723" have entirely different histories.
cfc8962db5
...
20db0080e2
11 changed files with 29 additions and 217 deletions
54
flake.lock
54
flake.lock
|
@ -59,11 +59,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1731927242,
|
"lastModified": 1731922168,
|
||||||
"narHash": "sha256-VqNdt5MuVwuWCmwgqWuuj9tDHFtRKMhSsV4ABLNYCaM=",
|
"narHash": "sha256-kDHZXas6YvkNWq5Ab038/MMPfobB6rSuJhJTp7V5K1Y=",
|
||||||
"owner": "darkkirb",
|
"owner": "darkkirb",
|
||||||
"repo": "element-web",
|
"repo": "element-web",
|
||||||
"rev": "d5c12e1ef1497a2c1f905e4e6f2616c76a63ee72",
|
"rev": "c2e3d1415eb376f7c09d0f48c69779936e2e26d6",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -170,11 +170,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1731968878,
|
"lastModified": 1731887066,
|
||||||
"narHash": "sha256-+hTCwETOE9N8voTAaF+IzdUZz28Ws3LDpH90FWADrEE=",
|
"narHash": "sha256-uw7K/RsYioJicV79Nl39yjtfhdfTDU2aRxnBgvFhkZ8=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "home-manager",
|
"repo": "home-manager",
|
||||||
"rev": "a42fa14b53ceab66274a21da480c9f8e06204173",
|
"rev": "f3a2ff69586f3a54b461526e5702b1a2f81e740a",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -237,11 +237,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1731992627,
|
"lastModified": 1731683711,
|
||||||
"narHash": "sha256-OjrXEVD8LtZB5X7LtPCdNx4n5iZOQ2nJmpDlM/foEkI=",
|
"narHash": "sha256-bq21I1EjXJa/s5Rra9J9ot2NkPCnI0F5uNPurwYLdpE=",
|
||||||
"ref": "refs/heads/main",
|
"ref": "refs/heads/main",
|
||||||
"rev": "f116608a20430b8484814300cdf22eebeb75a59f",
|
"rev": "c859d03013712b349d82ee6223948d6d03e63a8d",
|
||||||
"revCount": 16504,
|
"revCount": 16489,
|
||||||
"type": "git",
|
"type": "git",
|
||||||
"url": "https://git.lix.systems/lix-project/lix"
|
"url": "https://git.lix.systems/lix-project/lix"
|
||||||
},
|
},
|
||||||
|
@ -266,11 +266,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1731967274,
|
"lastModified": 1731185731,
|
||||||
"narHash": "sha256-n6dPGRlMGdL8X5gviA6ZuRfUdbdD5KiNN/BpABA5YT0=",
|
"narHash": "sha256-RNaIu43b9PoXEhW4OqXUNZKY/jezQyCYWwdv1M0VjsA=",
|
||||||
"ref": "refs/heads/main",
|
"ref": "refs/heads/main",
|
||||||
"rev": "aa2846680fa9a2032939d720487942567fd9eb63",
|
"rev": "691193879d96bdfd1e6ab5ebcca2fadc7604cf34",
|
||||||
"revCount": 119,
|
"revCount": 117,
|
||||||
"type": "git",
|
"type": "git",
|
||||||
"url": "https://git.lix.systems/lix-project/nixos-module"
|
"url": "https://git.lix.systems/lix-project/nixos-module"
|
||||||
},
|
},
|
||||||
|
@ -321,11 +321,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1731981189,
|
"lastModified": 1731894894,
|
||||||
"narHash": "sha256-EnDFNJq3CuPLZ+3BxGDAqIckbK5pBkUFt3nqLafni4o=",
|
"narHash": "sha256-HB7VHbDE+05HqreoLp9QG4sntsqV0IHo2yB1bpD1tVw=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "nix-vscode-extensions",
|
"repo": "nix-vscode-extensions",
|
||||||
"rev": "6f1845dd71ddeb7463856750c5e0cb6c122bb87a",
|
"rev": "0982ffd1c37d8ef1a202d920e33b27b59ff30ca7",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -374,11 +374,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs": {
|
"nixpkgs": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1731996196,
|
"lastModified": 1731912056,
|
||||||
"narHash": "sha256-fNF6oEGzg7vclYmALW3b9oWA64aFaE2ot7Tp2wkUx3c=",
|
"narHash": "sha256-1icSuV0/AtuA3CSFKs3PE2Q/BOMUgITRjQGcZzan3sI=",
|
||||||
"owner": "nixos",
|
"owner": "nixos",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "5c65b89442e723670aca4eae632a275b765a90b1",
|
"rev": "fbc12b07e2ca85b424d6d7877ac711254d2d160b",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -509,11 +509,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1731983527,
|
"lastModified": 1731897198,
|
||||||
"narHash": "sha256-JECaBgC0pQ91Hq3W4unH6K9to8s2Zl2sPNu7bLOv4ek=",
|
"narHash": "sha256-Ou7vLETSKwmE/HRQz4cImXXJBr/k9gp4J4z/PF8LzTE=",
|
||||||
"owner": "oxalica",
|
"owner": "oxalica",
|
||||||
"repo": "rust-overlay",
|
"repo": "rust-overlay",
|
||||||
"rev": "71287228d96e9568e1e70c6bbfa3f992d145947b",
|
"rev": "0be641045af6d8666c11c2c40e45ffc9667839b5",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -525,11 +525,11 @@
|
||||||
"rycee-nur-expressions": {
|
"rycee-nur-expressions": {
|
||||||
"flake": false,
|
"flake": false,
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1731989000,
|
"lastModified": 1731902594,
|
||||||
"narHash": "sha256-jOXdFK0+BHuS/B8w0VDGEy2wxsKZlfLyML5sIugc56U=",
|
"narHash": "sha256-uSkuDGR4nPtA2ObotrF2G2fmHDEHVG7bKVb0ZLr4Cew=",
|
||||||
"ref": "refs/heads/master",
|
"ref": "refs/heads/master",
|
||||||
"rev": "23c5920be219c5e14b32bdb9987314be13941adf",
|
"rev": "41a1d21207361f9369670da9d01c88fcdbfb25c3",
|
||||||
"revCount": 3916,
|
"revCount": 3913,
|
||||||
"type": "git",
|
"type": "git",
|
||||||
"url": "https://gitlab.com/rycee/nur-expressions"
|
"url": "https://gitlab.com/rycee/nur-expressions"
|
||||||
},
|
},
|
||||||
|
|
|
@ -184,10 +184,6 @@
|
||||||
config = ./machine/not522/installer;
|
config = ./machine/not522/installer;
|
||||||
system = "riscv64-linux";
|
system = "riscv64-linux";
|
||||||
};
|
};
|
||||||
oracle-installer = {
|
|
||||||
config = ./machine/oracle-installer;
|
|
||||||
system = "aarch64-linux";
|
|
||||||
};
|
|
||||||
pc-installer = {
|
pc-installer = {
|
||||||
config = ./machine/pc-installer;
|
config = ./machine/pc-installer;
|
||||||
system = "x86_64-linux";
|
system = "x86_64-linux";
|
||||||
|
|
|
@ -1 +0,0 @@
|
||||||
Taken from https://github.com/cleverca22/nix-tests/tree/master/kexec, released under the apache 2.0 license
|
|
|
@ -1,21 +0,0 @@
|
||||||
{ config, lib, ... }:
|
|
||||||
|
|
||||||
{
|
|
||||||
options = {
|
|
||||||
kexec.autoReboot = lib.mkOption {
|
|
||||||
default = true;
|
|
||||||
description = "auto-reboot at the end of the hour";
|
|
||||||
type = lib.types.bool;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
config = lib.mkIf config.kexec.autoReboot {
|
|
||||||
systemd.timers.autoreboot = {
|
|
||||||
partOf = [ "autoreboot.service" ];
|
|
||||||
wantedBy = [ "timers.target" ];
|
|
||||||
timerConfig.OnCalendar = "hourly";
|
|
||||||
};
|
|
||||||
systemd.services.autoreboot = {
|
|
||||||
script = "shutdown -r +5";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,32 +0,0 @@
|
||||||
# new cmd: nix-build '<nixpkgs/nixos>' -A config.system.build.kexec_tarball -I nixos-config=./configuration.nix -Q -j 4
|
|
||||||
|
|
||||||
{
|
|
||||||
lib,
|
|
||||||
nixpkgs,
|
|
||||||
...
|
|
||||||
}:
|
|
||||||
|
|
||||||
with lib;
|
|
||||||
|
|
||||||
{
|
|
||||||
imports = [
|
|
||||||
"${nixpkgs}/nixos/modules/installer/netboot/netboot-minimal.nix"
|
|
||||||
./autoreboot.nix
|
|
||||||
./kexec.nix
|
|
||||||
];
|
|
||||||
|
|
||||||
boot.supportedFilesystems = lib.mkForce [
|
|
||||||
"btrfs"
|
|
||||||
"vfat"
|
|
||||||
];
|
|
||||||
boot.loader.grub.enable = false;
|
|
||||||
boot.kernelParams = [
|
|
||||||
"console=ttyS0,115200" # allows certain forms of remote access, if the hardware is setup right
|
|
||||||
"panic=30"
|
|
||||||
"boot.panic_on_fail" # reboot the machine upon fatal boot issues
|
|
||||||
];
|
|
||||||
systemd.services.sshd.wantedBy = mkForce [ "multi-user.target" ];
|
|
||||||
networking.hostName = "kexec";
|
|
||||||
# example way to embed an ssh pubkey into the tar
|
|
||||||
# users.users.root.openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC34wZQFEOGkA5b0Z6maE3aKy/ix1MiK1D0Qmg4E9skAA57yKtWYzjA23r5OCF4Nhlj1CuYd6P1sEI/fMnxf+KkqqgW3ZoZ0+pQu4Bd8Ymi3OkkQX9kiq2coD3AFI6JytC6uBi6FaZQT5fG59DbXhxO5YpZlym8ps1obyCBX0hyKntD18RgHNaNM+jkQOhQ5OoxKsBEobxQOEdjIowl2QeEHb99n45sFr53NFqk3UCz0Y7ZMf1hSFQPuuEC/wExzBBJ1Wl7E1LlNA4p9O3qJUSadGZS4e5nSLqMnbQWv2icQS/7J8IwY0M8r1MsL8mdnlXHUofPlG1r4mtovQ2myzOx clever@nixos" ];
|
|
||||||
}
|
|
|
@ -1,33 +0,0 @@
|
||||||
{
|
|
||||||
nixos-config,
|
|
||||||
pkgs,
|
|
||||||
lib,
|
|
||||||
...
|
|
||||||
}:
|
|
||||||
{
|
|
||||||
imports = [
|
|
||||||
./configuration.nix
|
|
||||||
"${nixos-config}/config"
|
|
||||||
];
|
|
||||||
|
|
||||||
# Make it use predictable interface names starting with eth0
|
|
||||||
boot.kernelParams = [ "net.ifnames=0" ];
|
|
||||||
|
|
||||||
networking.useDHCP = true;
|
|
||||||
isInstaller = true;
|
|
||||||
|
|
||||||
environment.impermanence.enable = false;
|
|
||||||
boot.initrd.systemd.enable = lib.mkForce false;
|
|
||||||
home-manager.sharedModules = [ { home.persistence = lib.mkForce { }; } ];
|
|
||||||
|
|
||||||
environment.systemPackages = [
|
|
||||||
(pkgs.writeShellScriptBin "install-oracle-unattended" ''
|
|
||||||
set -eux
|
|
||||||
exec ${pkgs.disko}/bin/disko-install --flake "${nixos-config}#oracle" --disk main "${nixos-config.nixosConfigurations.thinkrac.config.disko.devices.disk.main.device}"
|
|
||||||
'')
|
|
||||||
];
|
|
||||||
|
|
||||||
users.users.root.openssh.authorizedKeys.keys = [
|
|
||||||
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIDXQlfvRUm/z6eP1EjsajIbMibkq9n+ymlbBi7NFiOuaAAAABHNzaDo= ssh:"
|
|
||||||
];
|
|
||||||
}
|
|
|
@ -1,51 +0,0 @@
|
||||||
{ pkgs, config, ... }:
|
|
||||||
|
|
||||||
{
|
|
||||||
system.build = rec {
|
|
||||||
image = pkgs.runCommand "image" { buildInputs = [ pkgs.nukeReferences ]; } ''
|
|
||||||
mkdir $out
|
|
||||||
cp ${config.system.build.kernel}/${config.system.boot.loader.kernelFile} $out/kernel
|
|
||||||
cp ${config.system.build.netbootRamdisk}/initrd $out/initrd
|
|
||||||
echo "init=${builtins.unsafeDiscardStringContext config.system.build.toplevel}/init ${toString config.boot.kernelParams}" > $out/cmdline
|
|
||||||
nuke-refs $out/kernel
|
|
||||||
'';
|
|
||||||
kexec_script = pkgs.writeTextFile {
|
|
||||||
executable = true;
|
|
||||||
name = "kexec-nixos";
|
|
||||||
text = ''
|
|
||||||
#!${pkgs.stdenv.shell}
|
|
||||||
export PATH=${pkgs.kexectools}/bin:${pkgs.cpio}/bin:$PATH
|
|
||||||
set -x
|
|
||||||
set -e
|
|
||||||
cd $(mktemp -d)
|
|
||||||
pwd
|
|
||||||
mkdir initrd
|
|
||||||
pushd initrd
|
|
||||||
if [ -e /ssh_pubkey ]; then
|
|
||||||
cat /ssh_pubkey >> authorized_keys
|
|
||||||
fi
|
|
||||||
find -type f | cpio -o -H newc | gzip -9 > ../extra.gz
|
|
||||||
popd
|
|
||||||
cat ${image}/initrd extra.gz > final.gz
|
|
||||||
|
|
||||||
kexec -l ${image}/kernel --initrd=final.gz --append="init=${builtins.unsafeDiscardStringContext config.system.build.toplevel}/init ${toString config.boot.kernelParams}"
|
|
||||||
sync
|
|
||||||
echo "executing kernel, filesystems will be improperly umounted"
|
|
||||||
kexec -e
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
};
|
|
||||||
boot.initrd.postMountCommands = ''
|
|
||||||
mkdir -p /mnt-root/root/.ssh/
|
|
||||||
cp /authorized_keys /mnt-root/root/.ssh/
|
|
||||||
'';
|
|
||||||
system.build.kexec_tarball = pkgs.callPackage (pkgs.path + "/nixos/lib/make-system-tarball.nix") {
|
|
||||||
storeContents = [
|
|
||||||
{
|
|
||||||
object = config.system.build.kexec_script;
|
|
||||||
symlink = "/kexec_nixos";
|
|
||||||
}
|
|
||||||
];
|
|
||||||
contents = [ ];
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -47,6 +47,7 @@
|
||||||
options usbcore autosuspend=2
|
options usbcore autosuspend=2
|
||||||
# Fan control for thinkpads
|
# Fan control for thinkpads
|
||||||
options thinkpad_acpi fan_control=1
|
options thinkpad_acpi fan_control=1
|
||||||
|
options zfs zfs_arc_max=4294967296
|
||||||
'';
|
'';
|
||||||
boot.kernel.sysctl = {
|
boot.kernel.sysctl = {
|
||||||
# Probably unnecessary
|
# Probably unnecessary
|
||||||
|
|
|
@ -1,7 +1,4 @@
|
||||||
{ ... }:
|
{ ... }:
|
||||||
{
|
{
|
||||||
networking.firewall.allowedTCPPorts = [
|
networking.firewall.enable = false;
|
||||||
8080
|
|
||||||
9090
|
|
||||||
];
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,30 +0,0 @@
|
||||||
{
|
|
||||||
config,
|
|
||||||
pkgs,
|
|
||||||
lib,
|
|
||||||
...
|
|
||||||
}:
|
|
||||||
{
|
|
||||||
imports = [
|
|
||||||
./pgbouncer.nix
|
|
||||||
];
|
|
||||||
services.postgresql = {
|
|
||||||
enable = true;
|
|
||||||
enableJIT = true;
|
|
||||||
enableTCPIP = true;
|
|
||||||
package = pkgs.postgresql_17_jit;
|
|
||||||
authentication = lib.mkForce ''
|
|
||||||
local all all trust
|
|
||||||
host all all 127.0.0.1 scram-sha-256
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
services.postgresqlBackup = {
|
|
||||||
compression = "zstd";
|
|
||||||
compressionLevel = 19;
|
|
||||||
enable = true;
|
|
||||||
};
|
|
||||||
environment.persistence."/persistent".directories = [
|
|
||||||
"${config.postgresql.dataDir}"
|
|
||||||
"${config.postgresqlLocation.location}"
|
|
||||||
];
|
|
||||||
}
|
|
|
@ -1,14 +0,0 @@
|
||||||
{ config, ... }:
|
|
||||||
{
|
|
||||||
services.pgbouncer = {
|
|
||||||
enable = true;
|
|
||||||
settings = {
|
|
||||||
pgbouncer = {
|
|
||||||
listen_addr = "localhost";
|
|
||||||
auth_type = "scram-sha-256";
|
|
||||||
auth_file = config.sops.secrets."services/pgbouncer/settings/pgbouncer/auth".path;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
sops.secrets."services/pgbouncer/settings/pgbouncer/auth".sopsFile = ./${config.networking.hostName}.yaml;
|
|
||||||
}
|
|
Loading…
Reference in a new issue