zuckerberg/nix-config
zuckerberg/nix-config
1
0
Fork 0
Code Issues Pull Requests Actions Activity

Compare commits

base: zuckerberg:89c507bfaee75f90b97b59e153024a925d23f535
Branches Tags
zuckerberg:master
zuckerberg:stage
zuckerberg:rpi-hotspot
zuckerberg:attic
zuckerberg:kexec_luks2
zuckerberg:pia-client
..
compare: zuckerberg:0c58e62ed4d55ce234dafaab4267b319384b6c1b
Branches Tags
zuckerberg:stage
zuckerberg:master
zuckerberg:rpi-hotspot
zuckerberg:attic
zuckerberg:kexec_luks2
zuckerberg:pia-client

No commits in common. "89c507bfaee75f90b97b59e153024a925d23f535" and "0c58e62ed4d55ce234dafaab4267b319384b6c1b" have entirely different histories.
89c507bfae ... 0c58e62ed4

8 changed files with 16 additions and 94 deletions
Show Stats Expand all files Collapse all files

6
common/binary-cache.nix
View File

@ -4,13 +4,13 @@
nix = { nix = {
settings = { settings = {
substituters = [ substituters = [
"https://cache.nixos.org/"
"https://nix-community.cachix.org"
"http://s0.koi-bebop.ts.net:5000" "http://s0.koi-bebop.ts.net:5000"
"https://nix-community.cachix.org"
"https://cache.nixos.org/"
]; ];
trusted-public-keys = [ trusted-public-keys = [
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"s0.koi-bebop.ts.net:OjbzD86YjyJZpCp9RWaQKANaflcpKhtzBMNP8I2aPUU=" "s0.koi-bebop.ts.net:OjbzD86YjyJZpCp9RWaQKANaflcpKhtzBMNP8I2aPUU="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
]; ];
}; };
}; };

1
common/default.nix
View File

@ -12,7 +12,6 @@
./server ./server
./pc ./pc
./machine-info ./machine-info
./nix-builder.nix
./ssh.nix ./ssh.nix
]; ];

60
common/nix-builder.nix
View File

@ -1,60 +0,0 @@
{ config, lib, ... }:
let
builderRole = "nix-builder";
builderUserName = "nix-builder";
machinesByRole = role: lib.filterAttrs (hostname: cfg: builtins.elem role cfg.systemRoles) config.machines.hosts;
otherMachinesByRole = role: lib.filterAttrs (hostname: cfg: hostname != config.networking.hostName) (machinesByRole role);
thisMachineHasRole = role: builtins.hasAttr config.networking.hostName (machinesByRole role);
builders = machinesByRole builderRole;
thisMachineIsABuilder = thisMachineHasRole builderRole;
# builders don't include themselves as a remote builder
otherBuilders = lib.filterAttrs (hostname: cfg: hostname != config.networking.hostName) builders;
in
lib.mkMerge [
# configure builder
(lib.mkIf thisMachineIsABuilder {
users.users.${builderUserName} = {
description = "Distributed Nix Build User";
group = builderUserName;
isSystemUser = true;
createHome = true;
home = "/var/lib/nix-builder";
useDefaultShell = true;
openssh.authorizedKeys.keys = builtins.map
(builderCfg: builderCfg.hostKey)
(builtins.attrValues config.machines.hosts);
};
users.groups.${builderUserName} = { };
nix.settings.trusted-users = [
builderUserName
];
})
# use each builder
{
nix.distributedBuilds = true;
nix.buildMachines = builtins.map
(builderCfg: {
hostName = builtins.elemAt builderCfg.hostNames 0;
system = builderCfg.arch;
protocol = "ssh-ng";
sshUser = builderUserName;
sshKey = "/etc/ssh/ssh_host_ed25519_key";
maxJobs = 3;
speedFactor = 10;
supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
})
(builtins.attrValues otherBuilders);
# It is very likely that the builder's internet is faster or just as fast
nix.extraOptions = ''
builders-use-substitutes = true
'';
}
]

1
common/pc/default.nix
View File

@ -37,6 +37,7 @@ in
mumble mumble
tigervnc tigervnc
bluez-tools bluez-tools
vscodium
element-desktop element-desktop
mpv mpv
nextcloud-client nextcloud-client

15
common/pc/vscodium.nix
View File

@ -4,19 +4,8 @@ let
cfg = config.de; cfg = config.de;
extensions = with pkgs.vscode-extensions; [ extensions = with pkgs.vscode-extensions; [
bbenoist.nix # nix syntax support # bbenoist.Nix # nix syntax support
arrterian.nix-env-selector # nix dev envs # arrterian.nix-env-selector # nix dev envs
dart-code.dart-code
dart-code.flutter
golang.go
jnoortheen.nix-ide
] ++ pkgs.vscode-utils.extensionsFromVscodeMarketplace [
{
name = "platformio-ide";
publisher = "platformio";
version = "3.1.1";
sha256 = "fwEct7Tj8bfTOLRozSZJGWoLzWRSvYz/KxcnfpO8Usg=";
}
]; ];
vscodium-with-extensions = pkgs.vscode-with-extensions.override { vscodium-with-extensions = pkgs.vscode-with-extensions.override {

6
common/server/mailserver.nix
View File

@ -56,12 +56,6 @@ in
"damon@runyan.org" "damon@runyan.org"
"jonas@runyan.org" "jonas@runyan.org"
]; ];
forwards = {
"amazon@runyan.org" = [
"jeremy@runyan.org"
"cris@runyan.org"
];
};
certificateScheme = 3; # use let's encrypt for certs certificateScheme = 3; # use let's encrypt for certs
}; };
age.secrets.hashed-email-pw.file = ../../secrets/hashed-email-pw.age; age.secrets.hashed-email-pw.file = ../../secrets/hashed-email-pw.age;

20
flake.lock generated
View File

@ -117,11 +117,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1683515103, "lastModified": 1682063650,
"narHash": "sha256-vWlnZ0twW+ekOC6JuAHDfupv+u4QNvWawG7+DaQJ4VA=", "narHash": "sha256-VaDHh2z6xlnTHaONlNVHP7qEMcK5rZ8Js3sT6mKb2XY=",
"owner": "serokell", "owner": "serokell",
"repo": "deploy-rs", "repo": "deploy-rs",
"rev": "64160276cd6569694131ed8864d4d35470a84ec3", "rev": "c2ea4e642dc50fd44b537e9860ec95867af30d39",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -171,11 +171,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1683638468, "lastModified": 1682417654,
"narHash": "sha256-tQEaGZfZ2Hpw+XIVEHaJ8FaF1yNQyMDDhUyIQ7LTIEg=", "narHash": "sha256-XtUhq1GTRzV7QebHkxjd7Z58E6lVEk6Iv1/pF/GnBB4=",
"owner": "Mic92", "owner": "Mic92",
"repo": "nix-index-database", "repo": "nix-index-database",
"rev": "219067a5e3cf4b9581c8b4fcfc59ecd5af953d07", "rev": "e3e320b19c192f40a5b98e8776e3870df62dee8a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -186,11 +186,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1683741689, "lastModified": 1682818264,
"narHash": "sha256-VY6gjqAFQe0Xyz+olc979zbsW9dC4VG+mINGffFKVEw=", "narHash": "sha256-EPr900C3WaYulOdWRF3BMQrjF2Ao5Jf8xUOnFvZDTXE=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "f431ee4a85cb985075b4ed27596913e8087f4264", "rev": "297187b30a19f147ef260abb5abd93b0706af238",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -218,7 +218,7 @@
"nixpkgs-hostapd-pr": { "nixpkgs-hostapd-pr": {
"flake": false, "flake": false,
"locked": { "locked": {
"narHash": "sha256-35+g1EJMcDFhb3UP15fyR1aD4AX1ifz2EqaYItITZ7U=", "narHash": "sha256-1rGQKcB1jeRPc1n021ulyOVkA6L6xmNYKmeqQ94+iRc=",
"type": "file", "type": "file",
"url": "https://github.com/NixOS/nixpkgs/pull/222536.patch" "url": "https://github.com/NixOS/nixpkgs/pull/222536.patch"
}, },

1
machines/phil/properties.nix
View File

@ -9,7 +9,6 @@
systemRoles = [ systemRoles = [
"server" "server"
"gitea-runner" "gitea-runner"
"nix-builder"
]; ];
hostKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBlgRPpuUkZqe8/lHugRPm/m2vcN9psYhh5tENHZt9I2"; hostKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBlgRPpuUkZqe8/lHugRPm/m2vcN9psYhh5tENHZt9I2";