weasel: add custom nix-serve

Add https github to allowed uris
Make hydra shut up
2025-10-06 14:45:07 +02:00 · 2025-10-02 17:54:50 +02:00 · 2025-10-02 17:54:49 +02:00 · 2025-10-02 17:54:49 +02:00 · 2025-10-02 17:54:49 +02:00 · 2025-10-02 17:54:49 +02:00
5 changed files with 31 additions and 13 deletions
--- a/m/common/base.nix
+++ b/m/common/base.nix
@ -11,7 +11,7 @@
    ./base/hw.nix
    ./base/net.nix
    ./base/nix.nix
-    ./base/nosv.nix
+    ./base/sys-devices.nix
    ./base/ntp.nix
    ./base/rev.nix
    ./base/ssh.nix
--- a/m/common/base/nosv.nix
+++ b/m/common/base/nosv.nix
@ -1,9 +0,0 @@
-{ ... }:
-{
-  nix.settings.system-features = [ "nosv" ];
-  programs.nix-required-mounts.enable = true;
-  programs.nix-required-mounts.allowedPatterns.nosv.paths = [
-    "/sys/devices/system/cpu"
-    "/sys/devices/system/node"
-  ];
-}
--- a/m/common/base/sys-devices.nix
+++ b/m/common/base/sys-devices.nix
@ -0,0 +1,9 @@
+{
+  nix.settings.system-features = [ "sys-devices" ];
+
+  programs.nix-required-mounts.enable = true;
+  programs.nix-required-mounts.allowedPatterns.sys-devices.paths = [
+    "/sys/devices/system/cpu"
+    "/sys/devices/system/node"
+  ];
+}
--- a/m/fox/wireguard.nix
+++ b/m/fox/wireguard.nix
@ -23,11 +23,11 @@

      peers = [
        # List of allowed peers.
-        { 
+        {
          name = "apex";
          publicKey = "VwhcN8vSOzdJEotQTpmPHBC52x3Hbv1lkFIyKubrnUA=";
          # List of IPs assigned to this peer within the tunnel subnet. Used to configure routing.
-          allowedIPs = [ "10.106.0.30/32" ];
+          allowedIPs = [ "10.106.0.30/32" "10.0.40.7/32" ];
        }
        {
          name = "raccoon";
@ -40,6 +40,7 @@

  networking.hosts = {
    "10.106.0.30" = [ "apex" ];
+    "10.0.40.7" = [ "hut" ];
    "10.106.0.236" = [ "raccoon" ];
    "10.0.44.4" = [ "tent" ];
  };
--- a/m/weasel/configuration.nix
+++ b/m/weasel/configuration.nix
@ -1,4 +1,4 @@
-{ lib, ... }:
+{ lib, pkgs, ... }:

 {
  imports = [
@ -33,4 +33,21 @@
    } ];
  };

+  services.nix-serve = {
+    enable = true;
+    # Only listen locally, as we serve it via ssh
+    bindAddress = "127.0.0.1";
+    port = 5000;
+    package = pkgs.nix-serve-ng.overrideAttrs (oldAttrs: {
+      src = pkgs.fetchgit {
+        url = "https://jungle.bsc.es/git/abonerib/nix-serve-ng.git";
+        hash = "";
+      };
+    });
+
+    # secretKeyFile = config.age.secrets.nixServe.path;
+    # Public key:
+    # jungle.bsc.es:pEc7MlAT0HEwLQYPtpkPLwRsGf80ZI26aj29zMw/HH0=
+  };
+
 }
Author	SHA1	Message	Date
Aleix Boné	0aa846c31c	weasel: add custom nix-serve	2025-10-06 14:45:07 +02:00
Aleix Boné	f8a53b368d	Add https github to allowed uris	2025-10-02 17:54:50 +02:00
Aleix Boné	d95d4962aa	Make hydra shut up	2025-10-02 17:54:49 +02:00
Aleix Boné	41d0b157c8	Add bscpm and gitlab-internal to allowed-uris	2025-10-02 17:54:49 +02:00
Aleix Boné	f30682ff1b	weasel: enable hydra tcp port in firewall	2025-10-02 17:54:49 +02:00
Aleix Boné	8d45192a7f	hydra: set listen host	2025-10-02 17:54:49 +02:00
Aleix Boné	e74ec52fd9	Enable hydra on weasel	2025-10-02 17:54:49 +02:00
Aleix Boné	6a6929fa39	weasel: use tent cache	2025-10-02 17:54:49 +02:00
Aleix Boné	cdebb58971	Add nixfmt-rfc-style to common packages	2025-10-02 17:54:49 +02:00
Aleix Boné	8ee391ed42	Add packages to user abonerib	2025-10-02 17:54:48 +02:00
Aleix Boné	13330eb537	Add nix-output-monitor to default packages	2025-10-02 17:54:48 +02:00
Aleix Boné	ea4cc89d17	Set fish shell for user abonerib	2025-10-02 17:54:48 +02:00
Aleix Boné	366615774f	weasel: create user folders in /var/lib/podman-users /home is a nfs mount, which does not support extra filesystem arguments needed to run podman. We need to have a local home.	2025-10-02 17:54:48 +02:00
Aleix Boné	23ec609737	weasel: add podman	2025-10-02 17:54:48 +02:00
Aleix Boné	00456a86b7	Enable custom sys-devices system feature	2025-10-02 17:54:48 +02:00
Aleix Boné	e42058f08b	Allow access to hut from fox Reviewed-by: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>	2025-10-02 17:03:21 +02:00