Compare commits
19 Commits
1c5f3a856f
...
4bd1648074
Author | SHA1 | Date | |
---|---|---|---|
4bd1648074 | |||
15b114ffd6 | |||
dd6d8c9735 | |||
e15a3867d4 | |||
5cad208de6 | |||
c8687f7e45 | |||
d988ef2eff | |||
b07929eab3 | |||
b3e397eb4c | |||
5ad2c683ed | |||
1f06f0fa0c | |||
8ca1d84844 | |||
998f599be3 | |||
fcfc6ac149 | |||
6e87130166 | |||
06f9e6ac6b | |||
da07aedce2 | |||
61427a8bf9 | |||
958ad1f025 |
@ -151,12 +151,26 @@ And update grub.
|
|||||||
# nix build .#nixosConfigurations.xeon02.config.system.build.kexecTree -v
|
# nix build .#nixosConfigurations.xeon02.config.system.build.kexecTree -v
|
||||||
```
|
```
|
||||||
|
|
||||||
## Chain NixOS in same disk
|
## Chain NixOS in same disk with other systems
|
||||||
|
|
||||||
|
To install NixOS on a partition along another system which controls the GRUB,
|
||||||
|
first disable the grub device, so the GRUB is not installed in the disk by
|
||||||
|
NixOS (only the /boot files will be generated):
|
||||||
|
|
||||||
|
```
|
||||||
|
boot.loader.grub.device = "nodev";
|
||||||
|
```
|
||||||
|
|
||||||
|
Then add the following entry to the old GRUB configuration:
|
||||||
|
|
||||||
```
|
```
|
||||||
menuentry 'NixOS' {
|
menuentry 'NixOS' {
|
||||||
insmod chain
|
insmod chain
|
||||||
set root=(hd3,1)
|
search --no-floppy --label nixos --set root
|
||||||
configfile /boot/grub/grub.cfg
|
configfile /boot/grub/grub.cfg
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
|
The partition with NixOS must have the label "nixos" for it to be found. New
|
||||||
|
system configuration entries will be stored in the GRUB configuration managed
|
||||||
|
by NixOS, so there is no need to change the old GRUB settings.
|
||||||
|
12
flake.lock
12
flake.lock
@ -10,11 +10,11 @@
|
|||||||
"systems": "systems"
|
"systems": "systems"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1712079060,
|
"lastModified": 1720546205,
|
||||||
"narHash": "sha256-/JdiT9t+zzjChc5qQiF+jhrVhRt8figYH29rZO7pFe4=",
|
"narHash": "sha256-boCXsjYVxDviyzoEyAk624600f3ZBo/DKtUdvMTpbGY=",
|
||||||
"owner": "ryantm",
|
"owner": "ryantm",
|
||||||
"repo": "agenix",
|
"repo": "agenix",
|
||||||
"rev": "1381a759b205dff7a6818733118d02253340fd5e",
|
"rev": "de96bd907d5fbc3b14fc33ad37d1b9a3cb15edc6",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
@ -88,11 +88,11 @@
|
|||||||
},
|
},
|
||||||
"nixpkgs": {
|
"nixpkgs": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1713714899,
|
"lastModified": 1720957393,
|
||||||
"narHash": "sha256-+z/XjO3QJs5rLE5UOf015gdVauVRQd2vZtsFkaXBq2Y=",
|
"narHash": "sha256-oedh2RwpjEa+TNxhg5Je9Ch6d3W1NKi7DbRO1ziHemA=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "6143fc5eeb9c4f00163267708e26191d1e918932",
|
"rev": "693bc46d169f5af9c992095736e82c3488bf7dbb",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -9,6 +9,10 @@
|
|||||||
# Select the this using the ID to avoid mismatches
|
# Select the this using the ID to avoid mismatches
|
||||||
boot.loader.grub.device = "/dev/disk/by-id/wwn-0x55cd2e414d53562d";
|
boot.loader.grub.device = "/dev/disk/by-id/wwn-0x55cd2e414d53562d";
|
||||||
|
|
||||||
|
boot.kernel.sysctl = {
|
||||||
|
"kernel.yama.ptrace_scope" = lib.mkForce "1";
|
||||||
|
};
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
ceph
|
ceph
|
||||||
];
|
];
|
||||||
|
@ -3,6 +3,7 @@
|
|||||||
# Includes the basic configuration for an Intel server.
|
# Includes the basic configuration for an Intel server.
|
||||||
imports = [
|
imports = [
|
||||||
./base/agenix.nix
|
./base/agenix.nix
|
||||||
|
./base/august-shutdown.nix
|
||||||
./base/boot.nix
|
./base/boot.nix
|
||||||
./base/env.nix
|
./base/env.nix
|
||||||
./base/fs.nix
|
./base/fs.nix
|
||||||
|
14
m/common/base/august-shutdown.nix
Normal file
14
m/common/base/august-shutdown.nix
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
{
|
||||||
|
# Shutdown all machines on August 2nd at 11:00 AM, so we can protect the
|
||||||
|
# hardware from spurious electrical peaks on the yearly electrical cut for
|
||||||
|
# manteinance that starts on August 4th.
|
||||||
|
systemd.timers.august-shutdown = {
|
||||||
|
description = "Shutdown on August 2nd for maintenance";
|
||||||
|
wantedBy = [ "timers.target" ];
|
||||||
|
timerConfig = {
|
||||||
|
OnCalendar = "*-08-02 11:00:00";
|
||||||
|
RandomizedDelaySec = "10min";
|
||||||
|
Unit = "systemd-poweroff.service";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
@ -11,14 +11,12 @@
|
|||||||
terminal_output --append serial
|
terminal_output --append serial
|
||||||
'';
|
'';
|
||||||
|
|
||||||
# Enable serial console
|
|
||||||
boot.kernelParams = [
|
|
||||||
"console=tty1"
|
|
||||||
"console=ttyS0,115200"
|
|
||||||
];
|
|
||||||
|
|
||||||
boot.kernel.sysctl = {
|
boot.kernel.sysctl = {
|
||||||
"kernel.perf_event_paranoid" = lib.mkDefault "-1";
|
"kernel.perf_event_paranoid" = lib.mkDefault "-1";
|
||||||
|
|
||||||
|
# Allow ptracing (i.e. attach with GDB) any process of the same user, see:
|
||||||
|
# https://www.kernel.org/doc/Documentation/security/Yama.txt
|
||||||
|
"kernel.yama.ptrace_scope" = "0";
|
||||||
};
|
};
|
||||||
|
|
||||||
boot.kernelPackages = pkgs.linuxPackages_latest;
|
boot.kernelPackages = pkgs.linuxPackages_latest;
|
||||||
|
@ -12,7 +12,7 @@ in
|
|||||||
programs.ssh.extraConfig = ''
|
programs.ssh.extraConfig = ''
|
||||||
Host bscpm02.bsc.es bscpm03.bsc.es gitlab-internal.bsc.es alya.gitlab.bsc.es
|
Host bscpm02.bsc.es bscpm03.bsc.es gitlab-internal.bsc.es alya.gitlab.bsc.es
|
||||||
User git
|
User git
|
||||||
ProxyCommand nc -X connect -x localhost:23080 %h %p
|
ProxyCommand nc -X connect -x hut:23080 %h %p
|
||||||
'';
|
'';
|
||||||
|
|
||||||
programs.ssh.knownHosts = hostsKeys // {
|
programs.ssh.knownHosts = hostsKeys // {
|
||||||
|
@ -55,7 +55,7 @@
|
|||||||
home = "/home/Computational/rpenacob";
|
home = "/home/Computational/rpenacob";
|
||||||
description = "Raúl Peñacoba";
|
description = "Raúl Peñacoba";
|
||||||
group = "Computational";
|
group = "Computational";
|
||||||
hosts = [ "hut" ];
|
hosts = [ "owl1" "owl2" "hut" ];
|
||||||
hashedPassword = "$6$TZm3bDIFyPrMhj1E$uEDXoYYd1z2Wd5mMPfh3DZAjP7ztVjJ4ezIcn82C0ImqafPA.AnTmcVftHEzLB3tbe2O4SxDyPSDEQgJ4GOtj/";
|
hashedPassword = "$6$TZm3bDIFyPrMhj1E$uEDXoYYd1z2Wd5mMPfh3DZAjP7ztVjJ4ezIcn82C0ImqafPA.AnTmcVftHEzLB3tbe2O4SxDyPSDEQgJ4GOtj/";
|
||||||
openssh.authorizedKeys.keys = [
|
openssh.authorizedKeys.keys = [
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFYfXg37mauGeurqsLpedgA2XQ9d4Nm0ZGo/hI1f7wwH rpenacob@bsc"
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFYfXg37mauGeurqsLpedgA2XQ9d4Nm0ZGo/hI1f7wwH rpenacob@bsc"
|
||||||
@ -75,6 +75,19 @@
|
|||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
abonerib = {
|
||||||
|
uid = 4541;
|
||||||
|
isNormalUser = true;
|
||||||
|
home = "/home/Computational/abonerib";
|
||||||
|
description = "Aleix Boné";
|
||||||
|
group = "Computational";
|
||||||
|
hosts = [ "owl1" "owl2" "hut" "raccoon" ];
|
||||||
|
hashedPassword = "$6$V1EQWJr474whv7XJ$OfJ0wueM2l.dgiJiiah0Tip9ITcJ7S7qDvtSycsiQ43QBFyP4lU0e0HaXWps85nqB4TypttYR4hNLoz3bz662/";
|
||||||
|
openssh.authorizedKeys.keys = [
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIIFiqXqt88VuUfyANkZyLJNiuroIITaGlOOTMhVDKjf abonerib@bsc"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
vlopez = {
|
vlopez = {
|
||||||
uid = 4334;
|
uid = 4334;
|
||||||
isNormalUser = true;
|
isNormalUser = true;
|
||||||
|
@ -3,7 +3,7 @@
|
|||||||
imports = [
|
imports = [
|
||||||
./base.nix
|
./base.nix
|
||||||
./xeon/fs.nix
|
./xeon/fs.nix
|
||||||
./xeon/getty.nix
|
./xeon/console.nix
|
||||||
./xeon/net.nix
|
./xeon/net.nix
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
@ -5,4 +5,10 @@
|
|||||||
wantedBy = [ "getty.target" ];
|
wantedBy = [ "getty.target" ];
|
||||||
serviceConfig.Restart = "always";
|
serviceConfig.Restart = "always";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# Enable serial console
|
||||||
|
boot.kernelParams = [
|
||||||
|
"console=tty1"
|
||||||
|
"console=ttyS0,115200"
|
||||||
|
];
|
||||||
}
|
}
|
@ -10,7 +10,7 @@
|
|||||||
nameservers = ["8.8.8.8"];
|
nameservers = ["8.8.8.8"];
|
||||||
|
|
||||||
proxy = {
|
proxy = {
|
||||||
default = "http://localhost:23080/";
|
default = "http://hut:23080/";
|
||||||
noProxy = "127.0.0.1,localhost,internal.domain,10.0.40.40";
|
noProxy = "127.0.0.1,localhost,internal.domain,10.0.40.40";
|
||||||
# Don't set all_proxy as go complains and breaks the gitlab runner, see:
|
# Don't set all_proxy as go complains and breaks the gitlab runner, see:
|
||||||
# https://github.com/golang/go/issues/16715
|
# https://github.com/golang/go/issues/16715
|
||||||
|
@ -6,6 +6,7 @@
|
|||||||
|
|
||||||
../module/ceph.nix
|
../module/ceph.nix
|
||||||
../module/debuginfod.nix
|
../module/debuginfod.nix
|
||||||
|
../module/emulation.nix
|
||||||
../module/slurm-client.nix
|
../module/slurm-client.nix
|
||||||
./gitlab-runner.nix
|
./gitlab-runner.nix
|
||||||
./monitoring.nix
|
./monitoring.nix
|
||||||
@ -19,8 +20,6 @@
|
|||||||
#./pxe.nix
|
#./pxe.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
boot.binfmt.emulatedSystems = [ "armv7l-linux" "aarch64-linux" "powerpc64le-linux" "riscv64-linux" ];
|
|
||||||
|
|
||||||
# Select the this using the ID to avoid mismatches
|
# Select the this using the ID to avoid mismatches
|
||||||
boot.loader.grub.device = "/dev/disk/by-id/ata-INTEL_SSDSC2BB240G7_PHDV6462004Y240AGN";
|
boot.loader.grub.device = "/dev/disk/by-id/ata-INTEL_SSDSC2BB240G7_PHDV6462004Y240AGN";
|
||||||
|
|
||||||
@ -34,5 +33,15 @@
|
|||||||
address = "10.0.42.7";
|
address = "10.0.42.7";
|
||||||
prefixLength = 24;
|
prefixLength = 24;
|
||||||
} ];
|
} ];
|
||||||
|
firewall = {
|
||||||
|
extraCommands = ''
|
||||||
|
# Accept all proxy traffic from compute nodes but not the login
|
||||||
|
iptables -A nixos-fw -p tcp -s 10.0.40.30 --dport 23080 -j nixos-fw-log-refuse
|
||||||
|
iptables -A nixos-fw -p tcp -s 10.0.40.0/24 --dport 23080 -j nixos-fw-accept
|
||||||
|
'';
|
||||||
};
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
# Allow proxy to bind to the ethernet interface
|
||||||
|
services.openssh.settings.GatewayPorts = "clientspecified";
|
||||||
}
|
}
|
||||||
|
@ -17,6 +17,7 @@
|
|||||||
REGISTER_MANUAL_CONFIRM = true;
|
REGISTER_MANUAL_CONFIRM = true;
|
||||||
ENABLE_NOTIFY_MAIL = true;
|
ENABLE_NOTIFY_MAIL = true;
|
||||||
};
|
};
|
||||||
|
log.LEVEL = "Warn";
|
||||||
|
|
||||||
mailer = {
|
mailer = {
|
||||||
ENABLED = true;
|
ENABLED = true;
|
||||||
|
@ -1,9 +1,8 @@
|
|||||||
{ pkgs, lib, config, ... }:
|
{ pkgs, lib, config, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
age.secrets.ovniToken.file = ../../secrets/ovni-token.age;
|
age.secrets.gitlabRunnerShellToken.file = ../../secrets/gitlab-runner-shell-token.age;
|
||||||
age.secrets.gitlabToken.file = ../../secrets/gitlab-bsc-es-token.age;
|
age.secrets.gitlabRunnerDockerToken.file = ../../secrets/gitlab-runner-docker-token.age;
|
||||||
age.secrets.nosvToken.file = ../../secrets/nosv-token.age;
|
|
||||||
|
|
||||||
services.gitlab-runner = {
|
services.gitlab-runner = {
|
||||||
enable = true;
|
enable = true;
|
||||||
@ -11,20 +10,14 @@
|
|||||||
services = let
|
services = let
|
||||||
common-shell = {
|
common-shell = {
|
||||||
executor = "shell";
|
executor = "shell";
|
||||||
tagList = [ "nix" "xeon" ];
|
|
||||||
registrationFlags = [
|
|
||||||
# Using space doesn't work, and causes it to misread the next flag
|
|
||||||
"--locked='false'"
|
|
||||||
];
|
|
||||||
environmentVariables = {
|
environmentVariables = {
|
||||||
SHELL = "${pkgs.bash}/bin/bash";
|
SHELL = "${pkgs.bash}/bin/bash";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
common-docker = {
|
common-docker = {
|
||||||
|
executor = "docker";
|
||||||
dockerImage = "debian:stable";
|
dockerImage = "debian:stable";
|
||||||
tagList = [ "docker" "xeon" ];
|
|
||||||
registrationFlags = [
|
registrationFlags = [
|
||||||
"--locked='false'"
|
|
||||||
"--docker-network-mode host"
|
"--docker-network-mode host"
|
||||||
];
|
];
|
||||||
environmentVariables = {
|
environmentVariables = {
|
||||||
@ -33,19 +26,12 @@
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
in {
|
in {
|
||||||
# For gitlab.bsc.es
|
|
||||||
gitlab-bsc-es-shell = common-shell // {
|
|
||||||
registrationConfigFile = config.age.secrets.gitlabToken.path;
|
|
||||||
};
|
|
||||||
gitlab-bsc-es-docker = common-docker // {
|
|
||||||
registrationConfigFile = config.age.secrets.gitlabToken.path;
|
|
||||||
};
|
|
||||||
# For pm.bsc.es/gitlab
|
# For pm.bsc.es/gitlab
|
||||||
gitlab-pm-shell = common-shell // {
|
gitlab-pm-shell = common-shell // {
|
||||||
registrationConfigFile = config.age.secrets.ovniToken.path;
|
authenticationTokenConfigFile = config.age.secrets.gitlabRunnerShellToken.path;
|
||||||
};
|
};
|
||||||
gitlab-pm-docker = common-docker // {
|
gitlab-pm-docker = common-docker // {
|
||||||
registrationConfigFile = config.age.secrets.ovniToken.path;
|
authenticationTokenConfigFile = config.age.secrets.gitlabRunnerDockerToken.path;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -31,6 +31,7 @@
|
|||||||
};
|
};
|
||||||
feature_toggles.publicDashboards = true;
|
feature_toggles.publicDashboards = true;
|
||||||
"auth.anonymous".enabled = true;
|
"auth.anonymous".enabled = true;
|
||||||
|
log.level = "warn";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -8,6 +8,10 @@
|
|||||||
|
|
||||||
boot.loader.grub.device = "/dev/disk/by-id/wwn-0x55cd2e414d53563a";
|
boot.loader.grub.device = "/dev/disk/by-id/wwn-0x55cd2e414d53563a";
|
||||||
|
|
||||||
|
boot.kernel.sysctl = {
|
||||||
|
"kernel.yama.ptrace_scope" = lib.mkForce "1";
|
||||||
|
};
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
ceph
|
ceph
|
||||||
];
|
];
|
||||||
|
3
m/module/emulation.nix
Normal file
3
m/module/emulation.nix
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
{
|
||||||
|
boot.binfmt.emulatedSystems = [ "armv7l-linux" "aarch64-linux" "powerpc64le-linux" "riscv64-linux" ];
|
||||||
|
}
|
@ -47,8 +47,8 @@ in {
|
|||||||
];
|
];
|
||||||
|
|
||||||
partitionName = [
|
partitionName = [
|
||||||
"owl Nodes=owl[1-2] Default=YES MaxTime=INFINITE State=UP"
|
"owl Nodes=owl[1-2] Default=YES DefaultTime=01:00:00 MaxTime=INFINITE State=UP"
|
||||||
"all Nodes=owl[1-2],hut Default=NO MaxTime=INFINITE State=UP"
|
"all Nodes=owl[1-2],hut Default=NO DefaultTime=01:00:00 MaxTime=INFINITE State=UP"
|
||||||
];
|
];
|
||||||
|
|
||||||
# See slurm.conf(5) for more details about these options.
|
# See slurm.conf(5) for more details about these options.
|
||||||
@ -83,6 +83,14 @@ in {
|
|||||||
|
|
||||||
# Reduce port range so we can allow only this range in the firewall
|
# Reduce port range so we can allow only this range in the firewall
|
||||||
SrunPortRange=60000-61000
|
SrunPortRange=60000-61000
|
||||||
|
|
||||||
|
# Use cores as consumable resources. In SLURM terms, a core may have
|
||||||
|
# multiple hardware threads (or CPUs).
|
||||||
|
SelectType=select/cons_tres
|
||||||
|
|
||||||
|
# Ignore memory constraints and only use unused cores to share a node with
|
||||||
|
# other jobs.
|
||||||
|
SelectTypeParameters=CR_Core
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -4,9 +4,10 @@
|
|||||||
imports = [
|
imports = [
|
||||||
../common/xeon.nix
|
../common/xeon.nix
|
||||||
../module/ceph.nix
|
../module/ceph.nix
|
||||||
|
../module/emulation.nix
|
||||||
../module/slurm-client.nix
|
../module/slurm-client.nix
|
||||||
../module/slurm-firewall.nix
|
../module/slurm-firewall.nix
|
||||||
../module/slurm-hut-nix-store.nix
|
../module/debuginfod.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
# Select the this using the ID to avoid mismatches
|
# Select the this using the ID to avoid mismatches
|
||||||
|
@ -4,9 +4,10 @@
|
|||||||
imports = [
|
imports = [
|
||||||
../common/xeon.nix
|
../common/xeon.nix
|
||||||
../module/ceph.nix
|
../module/ceph.nix
|
||||||
|
../module/emulation.nix
|
||||||
../module/slurm-client.nix
|
../module/slurm-client.nix
|
||||||
../module/slurm-firewall.nix
|
../module/slurm-firewall.nix
|
||||||
../module/slurm-hut-nix-store.nix
|
../module/debuginfod.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
# Select the this using the ID to avoid mismatches
|
# Select the this using the ID to avoid mismatches
|
||||||
|
@ -8,6 +8,12 @@
|
|||||||
# Don't install Grub on the disk yet
|
# Don't install Grub on the disk yet
|
||||||
boot.loader.grub.device = "nodev";
|
boot.loader.grub.device = "nodev";
|
||||||
|
|
||||||
|
# Enable serial console
|
||||||
|
boot.kernelParams = [
|
||||||
|
"console=tty1"
|
||||||
|
"console=ttyS1,115200"
|
||||||
|
];
|
||||||
|
|
||||||
networking = {
|
networking = {
|
||||||
hostName = "raccoon";
|
hostName = "raccoon";
|
||||||
# Only BSC DNSs seem to be reachable from the office VLAN
|
# Only BSC DNSs seem to be reachable from the office VLAN
|
||||||
@ -21,11 +27,7 @@
|
|||||||
|
|
||||||
# Configure Nvidia driver to use with CUDA
|
# Configure Nvidia driver to use with CUDA
|
||||||
hardware.nvidia.package = config.boot.kernelPackages.nvidiaPackages.production;
|
hardware.nvidia.package = config.boot.kernelPackages.nvidiaPackages.production;
|
||||||
hardware.opengl = {
|
hardware.graphics.enable = true;
|
||||||
enable = true;
|
|
||||||
driSupport = true;
|
|
||||||
setLdLibraryPath = true;
|
|
||||||
};
|
|
||||||
nixpkgs.config.allowUnfree = true;
|
nixpkgs.config.allowUnfree = true;
|
||||||
nixpkgs.config.nvidia.acceptLicense = true;
|
nixpkgs.config.nvidia.acceptLicense = true;
|
||||||
services.xserver.videoDrivers = [ "nvidia" ];
|
services.xserver.videoDrivers = [ "nvidia" ];
|
||||||
|
@ -1,11 +0,0 @@
|
|||||||
age-encryption.org/v1
|
|
||||||
-> ssh-ed25519 HY2yRg caTbx0NBmsTSmZH4HtBaxhsauWqWUDTesJqT08UsoEQ
|
|
||||||
8ND31xuco+H8d5SKg8xsCFRPVDhU4d8UKwV1BnmKVjQ
|
|
||||||
-> ssh-ed25519 CAWG4Q 4ETYuhCwHHECkut4DWDknMMgpAvFqtzLWVC2Wi2L8FM
|
|
||||||
BGMvRnAfd8qZG5hzLefmk32FkGvwzE9pqBUyx4JY0co
|
|
||||||
-> ssh-ed25519 MSF3dg hj5QL4ZfylN8/W/MXQHvVqtI7mRvlQOYr8HsaQEmPB0
|
|
||||||
kvB7sljmmkswSGZDQnrwdTbTsN78EAwH3pz1pPe0Hu0
|
|
||||||
-> )Q-grease vHF} [8p1> @7z;C"/
|
|
||||||
tgSUKFyyrf2jLXZp+pakigwB2fRO/WFj2Qnt1aPjtVPEK92JbJ4
|
|
||||||
--- xzM0AhV4gTQE0Q7inJNo9vFj+crJQxWeI7u9pl7bqAI
|
|
||||||
á6nGJÖ0Bˆ’7F° –bßÙ½2®L³äÇ]²2zl<7A>À&e†KÄx®àé9SWNàV"MfŽ€ëÙKHUC:1b;9St‰ëõ±Duѧç‹Ï¢žÌŸ¡<02>èÐéîÀ–<C380>ÔfÕ7¨î1§I(õdÓþô‡ïó
|
|
9
secrets/gitlab-runner-docker-token.age
Normal file
9
secrets/gitlab-runner-docker-token.age
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-ed25519 HY2yRg WvKK6U1wQtx2pbUDfuaUIXTQiCulDkz7hgUCSwMfMzQ
|
||||||
|
jLktUMqKuVxukqzz++pHOKvmucUQqeKYy5IwBma7KxY
|
||||||
|
-> ssh-ed25519 CAWG4Q XKGuNNoYFl9bdZzsqYYTY7GsEt5sypLW4R+1uk78NmU
|
||||||
|
8dIA2GzRAwTGM5CDHSM2BUBsbXzEAUssWUz2PY2PaTg
|
||||||
|
-> ssh-ed25519 MSF3dg T630RsKuZIF/bp+KITnIIWWHsg6M/VQGqbWQZxqT+AA
|
||||||
|
SraZcgZJVtmUzHF/XR9J7aK5t5EDNpkC/av/WJUT/G8
|
||||||
|
--- /12G8pj9sbs591OM/ryhoLnSWWmzYcoqprk9uN/3g18
|
||||||
|
ä·ù¼Â‡%å]yi"ô<>»LÓâùH`ªa$Æþ)¦9ve<76>.0úmÉK<EFBFBD>vƒÀïu"|1cÞ-%ÔÕ"åWFï¡ÞA«<41>hº$•ºj<eñ¶xÅLx«ç.?œÈâ:L…¬–ƒ,ëu»|³‹F|Õi²äÔ
|
BIN
secrets/gitlab-runner-shell-token.age
Normal file
BIN
secrets/gitlab-runner-shell-token.age
Normal file
Binary file not shown.
@ -1,11 +0,0 @@
|
|||||||
age-encryption.org/v1
|
|
||||||
-> ssh-ed25519 HY2yRg hrdS7Dl/j+u3XVfM79ZJpZSlre9TcD7DTQ+EEAT6kEE
|
|
||||||
avUO96P1h7w2BYWgrQ7GpUgdaCV9AZL7eOTTcF9gfro
|
|
||||||
-> ssh-ed25519 CAWG4Q A5raRY1CAgFYZgoQ92GMyNejYNdHx/7Y6uTS+EjLPWA
|
|
||||||
FRFqT2Jz7qRcybaxkQTKHGl797LVXoHpYG4RZSrX/70
|
|
||||||
-> ssh-ed25519 MSF3dg D+R80Bg7W9AuiOMAqtGFZQl994dRBIegYRLmmTaeZ3o
|
|
||||||
BHvZsugRiuZ91b4jk91h30o3eF3hadSnVCwxXge95T8
|
|
||||||
-> BT/El`a-grease W{nq|Vm )bld 2Nl}4 N$#JGB4t
|
|
||||||
oLG+0S1aGfO/ohCfgGmhDhwwLi4H
|
|
||||||
--- 2I5C+FvBG/K1ZHh7C5QD39feTSLoFGwcTeZAmeILNsI
|
|
||||||
¹õW©o÷ ÙÄd;ËÐC¾.¹¡_(“u
G¡€‰#ìvâœgÉ<67>†õõy¹Y‰žl9ŒÈ¡Ïµ.Œé0x<30>Þ½úN. /ü<>tB×b‡ü¼K¼ì:Q×—È\¹ÀÍT_´»Átxïm’——_JñÞž-š
|
|
Binary file not shown.
@ -6,10 +6,9 @@ let
|
|||||||
safe = keys.hostGroup.safe ++ adminsKeys;
|
safe = keys.hostGroup.safe ++ adminsKeys;
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
"gitlab-bsc-es-token.age".publicKeys = hut;
|
|
||||||
"gitea-runner-token.age".publicKeys = hut;
|
"gitea-runner-token.age".publicKeys = hut;
|
||||||
"ovni-token.age".publicKeys = hut;
|
"gitlab-runner-docker-token.age".publicKeys = hut;
|
||||||
"nosv-token.age".publicKeys = hut;
|
"gitlab-runner-shell-token.age".publicKeys = hut;
|
||||||
"nix-serve.age".publicKeys = hut;
|
"nix-serve.age".publicKeys = hut;
|
||||||
"jungle-robot-password.age".publicKeys = hut;
|
"jungle-robot-password.age".publicKeys = hut;
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user