forked from rarias/jungle
		
	Compare commits
	
		
			16 Commits
		
	
	
		
			7d1e824064
			...
			0aa846c31c
		
	
	| Author | SHA1 | Date | |
|---|---|---|---|
| 0aa846c31c | |||
| f8a53b368d | |||
| d95d4962aa | |||
| 41d0b157c8 | |||
| f30682ff1b | |||
| 8d45192a7f | |||
| e74ec52fd9 | |||
| 6a6929fa39 | |||
| cdebb58971 | |||
| 8ee391ed42 | |||
| 13330eb537 | |||
| ea4cc89d17 | |||
| 366615774f | |||
| 23ec609737 | |||
| 00456a86b7 | |||
| e42058f08b | 
| @ -11,11 +11,13 @@ | |||||||
|     ./base/hw.nix |     ./base/hw.nix | ||||||
|     ./base/net.nix |     ./base/net.nix | ||||||
|     ./base/nix.nix |     ./base/nix.nix | ||||||
|  |     ./base/sys-devices.nix | ||||||
|     ./base/ntp.nix |     ./base/ntp.nix | ||||||
|     ./base/rev.nix |     ./base/rev.nix | ||||||
|     ./base/ssh.nix |     ./base/ssh.nix | ||||||
|     ./base/users.nix |     ./base/users.nix | ||||||
|     ./base/watchdog.nix |     ./base/watchdog.nix | ||||||
|     ./base/zsh.nix |     ./base/zsh.nix | ||||||
|  |     ./base/fish.nix | ||||||
|   ]; |   ]; | ||||||
| } | } | ||||||
|  | |||||||
| @ -5,6 +5,8 @@ | |||||||
|     vim wget git htop tmux pciutils tcpdump ripgrep nix-index nixos-option |     vim wget git htop tmux pciutils tcpdump ripgrep nix-index nixos-option | ||||||
|     nix-diff ipmitool freeipmi ethtool lm_sensors cmake gnumake file tree |     nix-diff ipmitool freeipmi ethtool lm_sensors cmake gnumake file tree | ||||||
|     ncdu config.boot.kernelPackages.perf ldns pv |     ncdu config.boot.kernelPackages.perf ldns pv | ||||||
|  |     nix-output-monitor | ||||||
|  |     nixfmt-rfc-style | ||||||
|     # From bsckgs overlay |     # From bsckgs overlay | ||||||
|     osumb |     osumb | ||||||
|   ]; |   ]; | ||||||
|  | |||||||
							
								
								
									
										4
									
								
								m/common/base/fish.nix
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										4
									
								
								m/common/base/fish.nix
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,4 @@ | |||||||
|  | { ... }: | ||||||
|  | { | ||||||
|  |   programs.fish.enable = true; | ||||||
|  | } | ||||||
							
								
								
									
										9
									
								
								m/common/base/sys-devices.nix
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										9
									
								
								m/common/base/sys-devices.nix
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,9 @@ | |||||||
|  | { | ||||||
|  |   nix.settings.system-features = [ "sys-devices" ]; | ||||||
|  | 
 | ||||||
|  |   programs.nix-required-mounts.enable = true; | ||||||
|  |   programs.nix-required-mounts.allowedPatterns.sys-devices.paths = [ | ||||||
|  |     "/sys/devices/system/cpu" | ||||||
|  |     "/sys/devices/system/node" | ||||||
|  |   ]; | ||||||
|  | } | ||||||
| @ -87,6 +87,12 @@ | |||||||
|         openssh.authorizedKeys.keys = [ |         openssh.authorizedKeys.keys = [ | ||||||
|           "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIIFiqXqt88VuUfyANkZyLJNiuroIITaGlOOTMhVDKjf abonerib@bsc" |           "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIIFiqXqt88VuUfyANkZyLJNiuroIITaGlOOTMhVDKjf abonerib@bsc" | ||||||
|         ]; |         ]; | ||||||
|  |         shell = pkgs.fish; | ||||||
|  |         packages = with pkgs; [ | ||||||
|  |           starship | ||||||
|  |           jujutsu | ||||||
|  |           neovim | ||||||
|  |         ]; | ||||||
|       }; |       }; | ||||||
| 
 | 
 | ||||||
|       vlopez = { |       vlopez = { | ||||||
|  | |||||||
| @ -27,7 +27,7 @@ | |||||||
|           name = "apex"; |           name = "apex"; | ||||||
|           publicKey = "VwhcN8vSOzdJEotQTpmPHBC52x3Hbv1lkFIyKubrnUA="; |           publicKey = "VwhcN8vSOzdJEotQTpmPHBC52x3Hbv1lkFIyKubrnUA="; | ||||||
|           # List of IPs assigned to this peer within the tunnel subnet. Used to configure routing. |           # List of IPs assigned to this peer within the tunnel subnet. Used to configure routing. | ||||||
|           allowedIPs = [ "10.106.0.30/32" ]; |           allowedIPs = [ "10.106.0.30/32" "10.0.40.7/32" ]; | ||||||
|         } |         } | ||||||
|         { |         { | ||||||
|           name = "raccoon"; |           name = "raccoon"; | ||||||
| @ -40,6 +40,7 @@ | |||||||
| 
 | 
 | ||||||
|   networking.hosts = { |   networking.hosts = { | ||||||
|     "10.106.0.30" = [ "apex" ]; |     "10.106.0.30" = [ "apex" ]; | ||||||
|  |     "10.0.40.7" = [ "hut" ]; | ||||||
|     "10.106.0.236" = [ "raccoon" ]; |     "10.106.0.236" = [ "raccoon" ]; | ||||||
|     "10.0.44.4" = [ "tent" ]; |     "10.0.44.4" = [ "tent" ]; | ||||||
|   }; |   }; | ||||||
|  | |||||||
| @ -1,9 +1,11 @@ | |||||||
| { lib, ... }: | { lib, pkgs, ... }: | ||||||
| 
 | 
 | ||||||
| { | { | ||||||
|   imports = [ |   imports = [ | ||||||
|     ../common/ssf.nix |     ../common/ssf.nix | ||||||
|     ../module/hut-substituter.nix |     ../module/hut-substituter.nix | ||||||
|  |     ./virtualization.nix | ||||||
|  |     ./hydra.nix | ||||||
|   ]; |   ]; | ||||||
| 
 | 
 | ||||||
|   # Select this using the ID to avoid mismatches |   # Select this using the ID to avoid mismatches | ||||||
| @ -30,4 +32,22 @@ | |||||||
|       prefixLength = 24; |       prefixLength = 24; | ||||||
|     } ]; |     } ]; | ||||||
|   }; |   }; | ||||||
|  | 
 | ||||||
|  |   services.nix-serve = { | ||||||
|  |     enable = true; | ||||||
|  |     # Only listen locally, as we serve it via ssh | ||||||
|  |     bindAddress = "127.0.0.1"; | ||||||
|  |     port = 5000; | ||||||
|  |     package = pkgs.nix-serve-ng.overrideAttrs (oldAttrs: { | ||||||
|  |       src = pkgs.fetchgit { | ||||||
|  |         url = "https://jungle.bsc.es/git/abonerib/nix-serve-ng.git"; | ||||||
|  |         hash = ""; | ||||||
|  |       }; | ||||||
|  |     }); | ||||||
|  | 
 | ||||||
|  |     # secretKeyFile = config.age.secrets.nixServe.path; | ||||||
|  |     # Public key: | ||||||
|  |     # jungle.bsc.es:pEc7MlAT0HEwLQYPtpkPLwRsGf80ZI26aj29zMw/HH0= | ||||||
|  |   }; | ||||||
|  | 
 | ||||||
| } | } | ||||||
|  | |||||||
							
								
								
									
										52
									
								
								m/weasel/hydra.nix
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										52
									
								
								m/weasel/hydra.nix
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,52 @@ | |||||||
|  | { config, pkgs, lib, ... }: | ||||||
|  | { | ||||||
|  |   services.hydra = { | ||||||
|  |     enable = true; | ||||||
|  | 
 | ||||||
|  |     # Wrap hydra so it puts quiet flag every time... This is dumb and annoying, | ||||||
|  |     # but i can't override the systemd ExecStart without running into infinite | ||||||
|  |     # recursion. | ||||||
|  |     package = pkgs.symlinkJoin { | ||||||
|  |       name = "hydra-quiet"; | ||||||
|  |       paths = [ pkgs.hydra ]; | ||||||
|  |       postBuild = '' | ||||||
|  |         for prog in hydra-queue-runner hydra-evaluator ; do | ||||||
|  |           prev=$(realpath $out/bin/$prog) | ||||||
|  |           rm $out/bin/$prog | ||||||
|  |           cat >$out/bin/$prog <<EOF | ||||||
|  |         #!/bin/sh | ||||||
|  |         args=() | ||||||
|  |         for arg in "\$@"; do | ||||||
|  |           if [ "\$arg" != "-v" ]; then | ||||||
|  |             args+=("\$arg") | ||||||
|  |           fi | ||||||
|  |         done | ||||||
|  |         exec $prev --quiet "\''${args[@]}" | ||||||
|  |         EOF | ||||||
|  | 
 | ||||||
|  |           chmod +x $out/bin/$prog | ||||||
|  |         done | ||||||
|  |       ''; | ||||||
|  |     }; | ||||||
|  | 
 | ||||||
|  |     hydraURL = "http://localhost:3001"; # externally visible URL | ||||||
|  |     notificationSender = "hydra@jungle.bsc.es"; # e-mail of Hydra service | ||||||
|  |     port = 3001; | ||||||
|  |     # a standalone Hydra will require you to unset the buildMachinesFiles list to avoid using a nonexistant /etc/nix/machines | ||||||
|  |     buildMachinesFiles = [ ]; | ||||||
|  |     # you will probably also want, otherwise *everything* will be built from scratch | ||||||
|  |     useSubstitutes = true; | ||||||
|  |     listenHost = "0.0.0.0"; # Force IPv4 | ||||||
|  |   }; | ||||||
|  | 
 | ||||||
|  |   systemd.services.hydra-send-stats.enable = lib.mkForce false; | ||||||
|  | 
 | ||||||
|  |   networking.firewall.allowedTCPPorts = [ config.services.hydra.port ]; | ||||||
|  | 
 | ||||||
|  |   nix.settings.extra-allowed-uris = [ | ||||||
|  |     "git+ssh://git@bscpm04.bsc.es" | ||||||
|  |     "git+ssh://git@gitlab-internal.bsc.es" | ||||||
|  |     "https://github.com" | ||||||
|  |     "git+ssh://github.com" | ||||||
|  |   ]; | ||||||
|  | } | ||||||
							
								
								
									
										40
									
								
								m/weasel/virtualization.nix
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										40
									
								
								m/weasel/virtualization.nix
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,40 @@ | |||||||
|  | { | ||||||
|  |   lib, | ||||||
|  |   pkgs, | ||||||
|  |   config, | ||||||
|  |   ... | ||||||
|  | }: | ||||||
|  | 
 | ||||||
|  | { | ||||||
|  |   # Enable common container config files in /etc/containers | ||||||
|  |   virtualisation.containers.enable = true; | ||||||
|  |   virtualisation = { | ||||||
|  |     podman = { | ||||||
|  |       enable = true; | ||||||
|  | 
 | ||||||
|  |       # Required for containers under podman-compose to be able to talk to each other. | ||||||
|  |       defaultNetwork.settings.dns_enabled = true; | ||||||
|  |     }; | ||||||
|  |   }; | ||||||
|  | 
 | ||||||
|  |   # We cannot use /home since nfs does not support fileattrs needed by podman | ||||||
|  |   systemd.tmpfiles.settings = { | ||||||
|  |     "podman-users" = lib.mapAttrs' ( | ||||||
|  |       name: value: | ||||||
|  |       lib.nameValuePair ("/var/lib/podman-users/" + name) { | ||||||
|  |         d = { | ||||||
|  |           group = value.group; | ||||||
|  |           mode = value.homeMode; | ||||||
|  |           user = name; | ||||||
|  |         }; | ||||||
|  |       } | ||||||
|  |     ) (lib.filterAttrs (_: x: x.isNormalUser) config.users.users); | ||||||
|  |   }; | ||||||
|  | 
 | ||||||
|  |   # Useful other development tools | ||||||
|  |   environment.systemPackages = with pkgs; [ | ||||||
|  |     dive # look into docker image layers | ||||||
|  |     podman-tui # status of containers in the terminal | ||||||
|  |     podman-compose # start group of containers for dev | ||||||
|  |   ]; | ||||||
|  | } | ||||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user