forked from rarias/jungle
		
	Compare commits
	
		
			16 Commits
		
	
	
		
			21d77d6190
			...
			44a2979581
		
	
	| Author | SHA1 | Date | |
|---|---|---|---|
| 44a2979581 | |||
| 66fe179a9d | |||
| 0a282d856d | |||
| 28d925e446 | |||
| 926de4d1d5 | |||
| ca854704e8 | |||
| c5b70bebe0 | |||
| fe06e38761 | |||
| 0f1e9d7ccb | |||
| 5a3184f2f7 | |||
| 3a8ed797c7 | |||
| ec79ed4d0e | |||
| 3ebb00d1c0 | |||
| 8f3b13ec3f | |||
| b7b9160d03 | |||
| 00456a86b7 | 
| @ -11,11 +11,13 @@ | ||||
|     ./base/hw.nix | ||||
|     ./base/net.nix | ||||
|     ./base/nix.nix | ||||
|     ./base/sys-devices.nix | ||||
|     ./base/ntp.nix | ||||
|     ./base/rev.nix | ||||
|     ./base/ssh.nix | ||||
|     ./base/users.nix | ||||
|     ./base/watchdog.nix | ||||
|     ./base/zsh.nix | ||||
|     ./base/fish.nix | ||||
|   ]; | ||||
| } | ||||
|  | ||||
| @ -5,6 +5,8 @@ | ||||
|     vim wget git htop tmux pciutils tcpdump ripgrep nix-index nixos-option | ||||
|     nix-diff ipmitool freeipmi ethtool lm_sensors cmake gnumake file tree | ||||
|     ncdu config.boot.kernelPackages.perf ldns pv | ||||
|     nix-output-monitor | ||||
|     nixfmt-rfc-style | ||||
|     # From bsckgs overlay | ||||
|     osumb | ||||
|   ]; | ||||
|  | ||||
							
								
								
									
										4
									
								
								m/common/base/fish.nix
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										4
									
								
								m/common/base/fish.nix
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,4 @@ | ||||
| { ... }: | ||||
| { | ||||
|   programs.fish.enable = true; | ||||
| } | ||||
							
								
								
									
										9
									
								
								m/common/base/sys-devices.nix
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										9
									
								
								m/common/base/sys-devices.nix
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,9 @@ | ||||
| { | ||||
|   nix.settings.system-features = [ "sys-devices" ]; | ||||
| 
 | ||||
|   programs.nix-required-mounts.enable = true; | ||||
|   programs.nix-required-mounts.allowedPatterns.sys-devices.paths = [ | ||||
|     "/sys/devices/system/cpu" | ||||
|     "/sys/devices/system/node" | ||||
|   ]; | ||||
| } | ||||
| @ -87,6 +87,12 @@ | ||||
|         openssh.authorizedKeys.keys = [ | ||||
|           "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIIFiqXqt88VuUfyANkZyLJNiuroIITaGlOOTMhVDKjf abonerib@bsc" | ||||
|         ]; | ||||
|         shell = pkgs.fish; | ||||
|         packages = with pkgs; [ | ||||
|           starship | ||||
|           jujutsu | ||||
|           neovim | ||||
|         ]; | ||||
|       }; | ||||
| 
 | ||||
|       vlopez = { | ||||
|  | ||||
| @ -1,9 +1,11 @@ | ||||
| { lib, ... }: | ||||
| { lib, pkgs, ... }: | ||||
| 
 | ||||
| { | ||||
|   imports = [ | ||||
|     ../common/ssf.nix | ||||
|     ../module/hut-substituter.nix | ||||
|     ./virtualization.nix | ||||
|     ./hydra.nix | ||||
|   ]; | ||||
| 
 | ||||
|   # Select this using the ID to avoid mismatches | ||||
| @ -30,4 +32,23 @@ | ||||
|       prefixLength = 24; | ||||
|     } ]; | ||||
|   }; | ||||
| 
 | ||||
|   services.nix-serve = { | ||||
|     enable = true; | ||||
|     bindAddress = "0.0.0.0"; | ||||
|     port = 5000; | ||||
|     package = pkgs.haskell.lib.overrideSrc (pkgs.haskell.packages.ghc96.nix-serve-ng.override { nix = pkgs.nixVersions.nix_2_28; }) { | ||||
|       src = pkgs.fetchgit { | ||||
|         url = "https://jungle.bsc.es/git/abonerib/nix-serve-ng.git"; | ||||
|         rev = "9c056641300a826db66b66d7e584b2541d38927a"; | ||||
|         hash = "sha256-y69ZchFiZOU71eyeljcQgLxkLk5JUzZfanq8Yzw4MkI="; | ||||
|       }; | ||||
|       version = "unstable"; | ||||
|     }; | ||||
| 
 | ||||
|     secretKeyFile = "/var/cache-priv-key.pem"; | ||||
|     # Public key: | ||||
|     # 10.0.40.6:8jBhIdXEBap+Qo+vc1/fnV9vj43A2oDk839EEheRr/U= | ||||
|   }; | ||||
| 
 | ||||
| } | ||||
|  | ||||
							
								
								
									
										52
									
								
								m/weasel/hydra.nix
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										52
									
								
								m/weasel/hydra.nix
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,52 @@ | ||||
| { config, pkgs, lib, ... }: | ||||
| { | ||||
|   services.hydra = { | ||||
|     enable = true; | ||||
| 
 | ||||
|     # Wrap hydra so it puts quiet flag every time... This is dumb and annoying, | ||||
|     # but i can't override the systemd ExecStart without running into infinite | ||||
|     # recursion. | ||||
|     package = pkgs.symlinkJoin { | ||||
|       name = "hydra-quiet"; | ||||
|       paths = [ pkgs.hydra ]; | ||||
|       postBuild = '' | ||||
|         for prog in hydra-queue-runner hydra-evaluator ; do | ||||
|           prev=$(realpath $out/bin/$prog) | ||||
|           rm $out/bin/$prog | ||||
|           cat >$out/bin/$prog <<EOF | ||||
|         #!/bin/sh | ||||
|         args=() | ||||
|         for arg in "\$@"; do | ||||
|           if [ "\$arg" != "-v" ]; then | ||||
|             args+=("\$arg") | ||||
|           fi | ||||
|         done | ||||
|         exec $prev --quiet "\''${args[@]}" | ||||
|         EOF | ||||
| 
 | ||||
|           chmod +x $out/bin/$prog | ||||
|         done | ||||
|       ''; | ||||
|     }; | ||||
| 
 | ||||
|     hydraURL = "http://localhost:3001"; # externally visible URL | ||||
|     notificationSender = "hydra@jungle.bsc.es"; # e-mail of Hydra service | ||||
|     port = 3001; | ||||
|     # a standalone Hydra will require you to unset the buildMachinesFiles list to avoid using a nonexistant /etc/nix/machines | ||||
|     buildMachinesFiles = [ ]; | ||||
|     # you will probably also want, otherwise *everything* will be built from scratch | ||||
|     useSubstitutes = true; | ||||
|     listenHost = "0.0.0.0"; # Force IPv4 | ||||
|   }; | ||||
| 
 | ||||
|   systemd.services.hydra-send-stats.enable = lib.mkForce false; | ||||
| 
 | ||||
|   networking.firewall.allowedTCPPorts = [ config.services.hydra.port ]; | ||||
| 
 | ||||
|   nix.settings.extra-allowed-uris = [ | ||||
|     "git+ssh://git@bscpm04.bsc.es" | ||||
|     "git+ssh://git@gitlab-internal.bsc.es" | ||||
|     "https://github.com" | ||||
|     "git+ssh://github.com" | ||||
|   ]; | ||||
| } | ||||
							
								
								
									
										40
									
								
								m/weasel/virtualization.nix
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										40
									
								
								m/weasel/virtualization.nix
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,40 @@ | ||||
| { | ||||
|   lib, | ||||
|   pkgs, | ||||
|   config, | ||||
|   ... | ||||
| }: | ||||
| 
 | ||||
| { | ||||
|   # Enable common container config files in /etc/containers | ||||
|   virtualisation.containers.enable = true; | ||||
|   virtualisation = { | ||||
|     podman = { | ||||
|       enable = true; | ||||
| 
 | ||||
|       # Required for containers under podman-compose to be able to talk to each other. | ||||
|       defaultNetwork.settings.dns_enabled = true; | ||||
|     }; | ||||
|   }; | ||||
| 
 | ||||
|   # We cannot use /home since nfs does not support fileattrs needed by podman | ||||
|   systemd.tmpfiles.settings = { | ||||
|     "podman-users" = lib.mapAttrs' ( | ||||
|       name: value: | ||||
|       lib.nameValuePair ("/var/lib/podman-users/" + name) { | ||||
|         d = { | ||||
|           group = value.group; | ||||
|           mode = value.homeMode; | ||||
|           user = name; | ||||
|         }; | ||||
|       } | ||||
|     ) (lib.filterAttrs (_: x: x.isNormalUser) config.users.users); | ||||
|   }; | ||||
| 
 | ||||
|   # Useful other development tools | ||||
|   environment.systemPackages = with pkgs; [ | ||||
|     dive # look into docker image layers | ||||
|     podman-tui # status of containers in the terminal | ||||
|     podman-compose # start group of containers for dev | ||||
|   ]; | ||||
| } | ||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user