Unfinished attempt at packaging pia client

2023-02-08 01:38:54 -05:00
15 changed files with 464 additions and 118 deletions
--- a/common/default.nix
+++ b/common/default.nix
@@ -20,7 +20,7 @@
  networking.firewall.enable = true;
  networking.firewall.allowPing = true;
-  time.timeZone = "America/Denver";
+  time.timeZone = "America/New_York";
  i18n.defaultLocale = "en_US.UTF-8";
  services.openssh.enable = true;
--- a/common/pc/pia/default.nix
+++ b/common/pc/pia/default.nix
@@ -0,0 +1,76 @@
 { lib, config, pkgs, ... }:
 with lib;
 let
  cfg = config.services.pia;
 in {
  imports = [
    ./pia.nix
  ];
  options.services.pia = {
    enable = lib.mkEnableOption "Enable PIA Client";
    dataDir = lib.mkOption {
      type = lib.types.str;
      default = "/var/lib/pia";
      description = ''
        Path to the pia data directory
      '';
    };
    user = lib.mkOption {
      type = lib.types.str;
      default = "root";
      description = ''
        The user pia should run as
      '';
    };
    group = lib.mkOption {
      type = lib.types.str;
      default = "piagrp";
      description = ''
        The group pia should run as
      '';
    };
    users = mkOption {
      type = with types; listOf str;
      default = [];
      description = ''
        Usernames to be added to the "spotifyd" group, so that they
        can start and interact with the userspace daemon.
      '';
    };
  };
  config = mkIf cfg.enable {
    # users.users.${cfg.user} =
    # if cfg.user == "pia" then {
    #   isSystemUser = true;
    #   group = cfg.group;
    #   home = cfg.dataDir;
    #   createHome = true;
    # }
    # else {};
    users.groups.${cfg.group}.members = cfg.users;
    systemd.services.pia-daemon = {
      enable = true;
      after = [ "network.target" ];
      wantedBy = [ "multi-user.target" ];
      serviceConfig.ExecStart = "${pkgs.pia-daemon}/bin/pia-daemon";
      serviceConfig.PrivateTmp="yes";
      serviceConfig.User = cfg.user;
      serviceConfig.Group = cfg.group;
      preStart = ''
        mkdir -p ${cfg.dataDir}
        chown ${cfg.user}:${cfg.group} ${cfg.dataDir}
      '';
    };
  };
 }
--- a/common/pc/pia/fix-pia.patch
+++ b/common/pc/pia/fix-pia.patch
@@ -0,0 +1,147 @@
 diff --git a/Rakefile b/Rakefile
 index fa6d771..bcd6fb1 100644
 --- a/Rakefile
 +++ b/Rakefile
@@ -151,41 +151,6 @@ end
 # Install LICENSE.txt
 stage.install('LICENSE.txt', :res)
 -# Download server lists to ship preloaded copies with the app.  These tasks
 -# depend on version.txt so they're refreshed periodically (whenver a new commit
 -# is made), but not for every build.
 -#
 -# SERVER_DATA_DIR can be set to use existing files instead of downloading them;
 -# this is primarily intended for reproducing a build.
 -#
 -# Create a probe for SERVER_DATA_DIR so these are updated if it changes.
 -serverDataProbe = Probe.new('serverdata')
 -serverDataProbe.file('serverdata.txt', "#{ENV['SERVER_DATA_DIR']}")
 -# JSON resource build directory
 -jsonFetched = Build.new('json-fetched')
 -# These are the assets we need to fetch and the URIs we get them from
 -{
 -    'modern_shadowsocks.json': 'https://serverlist.piaservers.net/shadow_socks',
 -    'modern_servers.json': 'https://serverlist.piaservers.net/vpninfo/servers/v6',
 -    'modern_region_meta.json': 'https://serverlist.piaservers.net/vpninfo/regions/v2'
 -}.each do |k, v|
 -    fetchedFile = jsonFetched.artifact(k.to_s)
 -    serverDataDir = ENV['SERVER_DATA_DIR']
 -    file fetchedFile => [version.artifact('version.txt'),
 -                         serverDataProbe.artifact('serverdata.txt'),
 -                         jsonFetched.componentDir] do |t|
 -        if(serverDataDir)
 -            # Use the copy provided instead of fetching (for reproducing a build)
 -            File.copy(File.join(serverDataDir, k), fetchedFile)
 -        else
 -            # Fetch from the web API (write with "binary" mode so LF is not
 -            # converted to CRLF on Windows)
 -            File.binwrite(t.name, Net::HTTP.get(URI(v)))
 -        end
 -    end
 -    stage.install(fetchedFile, :res)
 -end
 -
 # Install version/brand/arch info in case an upgrade needs to know what is
 # currently installed
 stage.install(version.artifact('version.txt'), :res)
 diff --git a/common/src/posix/unixsignalhandler.cpp b/common/src/posix/unixsignalhandler.cpp
 index f820a6d..e1b6c33 100644
 --- a/common/src/posix/unixsignalhandler.cpp
 +++ b/common/src/posix/unixsignalhandler.cpp
@@ -132,7 +132,7 @@ void UnixSignalHandler::_signalHandler(int, siginfo_t *info, void *)
     // we checked it, we can't even log because the logger is not reentrant.
     auto pThis = instance();
     if(pThis)
 -        ::write(pThis->_sigFd[0], info, sizeof(siginfo_t));
 +        auto _ = ::write(pThis->_sigFd[0], info, sizeof(siginfo_t));
 }
 template<int Signal>
 void UnixSignalHandler::setAbortAction()
 diff --git a/daemon/src/linux/linux_nl.cpp b/daemon/src/linux/linux_nl.cpp
 index fd3aced..2367a5e 100644
 --- a/daemon/src/linux/linux_nl.cpp
 +++ b/daemon/src/linux/linux_nl.cpp
@@ -642,6 +642,6 @@ LinuxNl::~LinuxNl()
     unsigned char term = 0;
     PosixFd killSocket = _workerKillSocket.get();
     if(killSocket)
 -        ::write(killSocket.get(), &term, sizeof(term));
 +        auto _ = ::write(killSocket.get(), &term, sizeof(term));
     _workerThread.join();
 }
 diff --git a/extras/support-tool/launcher/linux-launcher.cpp b/extras/support-tool/launcher/linux-launcher.cpp
 index 3f63ac2..420d54d 100644
 --- a/extras/support-tool/launcher/linux-launcher.cpp
 +++ b/extras/support-tool/launcher/linux-launcher.cpp
@@ -48,7 +48,7 @@ int fork_execv(gid_t gid, char *filename, char *const argv[])
     if(forkResult == 0)
     {
         // Apply gid as both real and effective
 -        setregid(gid, gid);
 +        auto _ = setregid(gid, gid);
         int execErr = execv(filename, argv);
         std::cerr << "exec err: " << execErr << " / " << errno << " - "
 diff --git a/rake/model/qt.rb b/rake/model/qt.rb
 index c8cd362..a6abe59 100644
 --- a/rake/model/qt.rb
 +++ b/rake/model/qt.rb
@@ -171,12 +171,7 @@ class Qt
     end
     def getQtRoot(qtVersion, arch)
 -        qtToolchainPtns = getQtToolchainPatterns(arch)
 -        qtRoots = FileList[*Util.joinPaths([[qtVersion], qtToolchainPtns])]
 -        # Explicitly filter for existing paths - if the pattern has wildcards
 -        # we only get existing directories, but if the patterns are just
 -        # alternates with no wildcards, we can get directories that don't exist
 -        qtRoots.find_all { |r| File.exist?(r) }.max
 +        ENV['QTROOT']
     end
     def getQtVersionScore(minor, patch)
@@ -192,12 +187,7 @@ class Qt
     end
     def getQtPathVersion(path)
 -        verMatch = path.match('^.*/Qt[^/]*/5\.(\d+)\.?(\d*)$')
 -        if(verMatch == nil)
 -            nil
 -        else
 -            [verMatch[1].to_i, verMatch[2].to_i]
 -        end
 +        [ENV['QT_MAJOR'].to_i, ENV['QT_MINOR'].to_i]
     end
     # Build a component definition with the defaults.  The "Core" component will
 diff --git a/rake/product/linux.rb b/rake/product/linux.rb
 index f43fb3e..83505af 100644
 --- a/rake/product/linux.rb
 +++ b/rake/product/linux.rb
@@ -18,8 +18,7 @@ module PiaLinux
     QT_BINARIES = %w(pia-client pia-daemon piactl pia-support-tool)
     # Version of libicu (needed to determine lib*.so.## file names in deployment)
 -    ICU_VERSION = FileList[File.join(Executable::Qt.targetQtRoot, 'lib', 'libicudata.so.*')]
 -        .first.match(/libicudata\.so\.(\d+)(\..*|)/)[1]
 +    ICU_VERSION = ENV['ICU_MAJOR'].to_i;
     # Copy a directory recursively, excluding *.debug files (debugging symbols)
     def self.copyWithoutDebug(sourceDir, destDir)
@@ -220,16 +219,5 @@ module PiaLinux
     # Since these are just development workflow tools, they can be skipped if
     # specific dependencies are not available.
     def self.defineTools(toolsStage)
 -        # Test if we have libthai-dev, for the Thai word breaking utility
 -        if(Executable::Tc.sysHeaderAvailable?('thai/thwbrk.h'))
 -            Executable.new('thaibreak')
 -                .source('tools/thaibreak')
 -                .lib('thai')
 -                .install(toolsStage, :bin)
 -            toolsStage.install('tools/thaibreak/thai_ts.sh', :bin)
 -            toolsStage.install('tools/onesky_import/import_translations.sh', :bin)
 -        else
 -            puts "skipping thaibreak utility, install libthai-dev to build thaibreak"
 -        end
     end
 end
--- a/common/pc/pia/pia.nix
+++ b/common/pc/pia/pia.nix
@@ -0,0 +1,139 @@
 { pkgs, lib, config, ... }:
 {
  nixpkgs.overlays = [
    (self: super:
    with self;
    let
      # arch = builtins.elemAt (lib.strings.splitString "-" builtins.currentSystem) 0;
      arch = "x86_64";
      pia-desktop = clangStdenv.mkDerivation rec {
        pname = "pia-desktop";
        version = "3.3.0";
        src = fetchgit {
          url = "https://github.com/pia-foss/desktop";
          rev = version;
          fetchLFS = true;
          sha256 = "D9txL5MUWyRYTnsnhlQdYT4dGVpj8PFsVa5hkrb36cw=";
        };
        patches = [
          ./fix-pia.patch
        ];
        nativeBuildInputs = [
          cmake
          rake
        ];
        prePatch = ''
          sed -i 's|/usr/include/libnl3|${libnl.dev}/include/libnl3|' Rakefile
        '';
        installPhase = ''
          mkdir -p $out/bin $out/lib $out/share
          cp -r ../out/pia_release_${arch}/stage/bin $out
          cp -r ../out/pia_release_${arch}/stage/lib $out
          cp -r ../out/pia_release_${arch}/stage/share $out
        '';
        cmakeFlags = [
          "-DCMAKE_BUILD_TYPE=Release"
        ];
        QTROOT = "${qt5.full}";
        QT_MAJOR = lib.versions.minor (lib.strings.parseDrvName qt5.full.name).version;
        QT_MINOR = lib.versions.patch (lib.strings.parseDrvName qt5.full.name).version;
        ICU_MAJOR = lib.versions.major (lib.strings.parseDrvName icu.name).version;
        buildInputs = [
          mesa
          libsForQt5.qt5.qtquickcontrols
          libsForQt5.qt5.qtquickcontrols2
          icu
          libnl
        ];
        dontWrapQtApps = true;
      };
    in rec {
      openvpn-updown = buildFHSUserEnv {
        name = "openvpn-updown";
        targetPkgs = pkgs: (with pkgs; [ pia-desktop ]);
        runScript = "openvpn-updown.sh";
      };
      pia-client = buildFHSUserEnv {
        name = "pia-client";
        targetPkgs = pkgs: (with pkgs; [
          pia-desktop
          xorg.libXau
          xorg.libXdmcp
        ]);
        runScript = "pia-client";
      };
      piactl = buildFHSUserEnv {
        name = "piactl";
        targetPkgs = pkgs: (with pkgs; [ pia-desktop ]);
        runScript = "piactl";
      };
      pia-daemon = buildFHSUserEnv {
        name = "pia-daemon";
        targetPkgs = pkgs: (with pkgs; [ pia-desktop ]);
        runScript = "pia-daemon";
      };
      pia-hnsd = buildFHSUserEnv {
        name = "pia-hnsd";
        targetPkgs = pkgs: (with pkgs; [ pia-desktop ]);
        runScript = "pia-hnsd";
      };
      pia-openvpn = buildFHSUserEnv {
        name = "pia-openvpn";
        targetPkgs = pkgs: (with pkgs; [ pia-desktop ]);
        runScript = "pia-openvpn";
      };
      pia-ss-local = buildFHSUserEnv {
        name = "pia-ss-local";
        targetPkgs = pkgs: (with pkgs; [ pia-desktop ]);
        runScript = "pia-ss-local";
      };
      pia-support-tool = buildFHSUserEnv {
        name = "pia-support-tool";
        targetPkgs = pkgs: (with pkgs; [
          pia-desktop
          xorg.libXau
          xorg.libXdmcp
        ]);
        runScript = "pia-support-tool";
      };
      pia-unbound = buildFHSUserEnv {
        name = "pia-unbound";
        targetPkgs = pkgs: (with pkgs; [ pia-desktop ]);
        runScript = "pia-unbound";
      };
      pia-wireguard-go = buildFHSUserEnv {
        name = "pia-wireguard-go";
        targetPkgs = pkgs: (with pkgs; [ pia-desktop ]);
        runScript = "pia-wireguard-go";
      };
      support-tool-launcher = buildFHSUserEnv {
        name = "support-tool-launcher";
        targetPkgs = pkgs: (with pkgs; [ pia-desktop ]);
        runScript = "support-tool-launcher";
      };
    })
  ];
 }
--- a/flake.nix
+++ b/flake.nix
@@ -68,11 +68,11 @@
        };
    in
    {
      "reg" = mkSystem "x86_64-linux" nixpkgs ./machines/reg/configuration.nix;
      "ray" = mkSystem "x86_64-linux" nixpkgs-unstable ./machines/ray/configuration.nix;
      "nat" = mkSystem "aarch64-linux" nixpkgs ./machines/nat/configuration.nix;
      "liza" = mkSystem "x86_64-linux" nixpkgs ./machines/liza/configuration.nix;
      "ponyo" = mkSystem "x86_64-linux" nixpkgs ./machines/ponyo/configuration.nix;
      "router" = mkSystem "x86_64-linux" nixpkgs-unstable ./machines/router/configuration.nix;
      "s0" = mkSystem "aarch64-linux" nixpkgs-unstable ./machines/storage/s0/configuration.nix;
      "n1" = mkSystem "aarch64-linux" nixpkgs ./machines/compute/n1/configuration.nix;
      "n2" = mkSystem "aarch64-linux" nixpkgs ./machines/compute/n2/configuration.nix;
@@ -85,12 +85,12 @@
    packages = let
      mkKexec = system:
-        (nixpkgs-unstable.lib.nixosSystem {
+        (nixpkgs.lib.nixosSystem {
          inherit system;
          modules = [ ./machines/ephemeral/kexec.nix ];
        }).config.system.build.kexec_tarball;
      mkIso = system:
-        (nixpkgs-unstable.lib.nixosSystem {
+        (nixpkgs.lib.nixosSystem {
          inherit system;
          modules = [ ./machines/ephemeral/iso.nix ];
        }).config.system.build.isoImage;
--- a/machines/ephemeral/minimal.nix
+++ b/machines/ephemeral/minimal.nix
@@ -1,35 +1,18 @@
-{ pkgs, modulesPath, ... }:
+{ pkgs, ... }:
 {
  imports = [
    (modulesPath + "/installer/cd-dvd/channel.nix")
  ];
  boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "e1000" "e1000e" "virtio_pci" "r8169" ];
  boot.kernelParams = [
    "panic=30" "boot.panic_on_fail" # reboot the machine upon fatal boot issues
-    "console=ttyS0,115200" # enable serial console
+    "console=ttyS0" # enable serial console
    "console=tty1"
  ];
  boot.kernel.sysctl."vm.overcommit_memory" = "1";
  boot.kernelPackages = pkgs.linuxPackages_latest;
  # hardware.enableAllFirmware = true;
  # nixpkgs.config.allowUnfree = true;
  environment.systemPackages = with pkgs; [
    cryptsetup
    btrfs-progs
    git git-lfs
    wget
    htop
    dnsutils
    pciutils
    usbutils
    lm_sensors
  ];
  environment.variables.GC_INITIAL_HEAP_SIZE = "1M";
  networking.useDHCP = true;
@@ -41,5 +24,5 @@
  };
  services.getty.autologinUser = "root";
-  users.users.root.openssh.authorizedKeys.keys = (import ../../common/ssh.nix).users;
+  users.users.root.openssh.authorizedKeys.keys = (import ../common/ssh.nix).users;
 }
--- a/machines/liza/configuration.nix
+++ b/machines/liza/configuration.nix
@@ -7,6 +7,17 @@
  # 5synsrjgvfzywruomjsfvfwhhlgxqhyofkzeqt2eisyijvjvebnu2xyd.onion
  firmware.x86_64.enable = true;
  bios = {
    enable = true;
    device = "/dev/sda";
  };
  luks = {
    enable = true;
    device.path = "/dev/disk/by-uuid/2f736fba-8a0c-4fb5-8041-c849fb5e1297";
  };
  system.autoUpgrade.enable = true;
  networking.hostName = "liza";
--- a/machines/liza/hardware-configuration.nix
+++ b/machines/liza/hardware-configuration.nix
@@ -13,18 +13,6 @@
  boot.kernelModules = [ ];
  boot.extraModulePackages = [ ];
  firmware.x86_64.enable = true;
  bios = {
    enable = true;
    device = "/dev/sda";
  };
  luks = {
    enable = true;
    device.path = "/dev/disk/by-uuid/2f736fba-8a0c-4fb5-8041-c849fb5e1297";
  };
  fileSystems."/" =
    { device = "/dev/disk/by-uuid/b90eaf3c-2f91-499a-a066-861e0f4478df";
      fsType = "btrfs";
--- a/machines/ponyo/configuration.nix
+++ b/machines/ponyo/configuration.nix
@@ -7,6 +7,17 @@
  networking.hostName = "ponyo";
  firmware.x86_64.enable = true;
  bios = {
    enable = true;
    device = "/dev/sda";
  };
  luks = {
    enable = true;
    device.path = "/dev/disk/by-uuid/4cc36be4-dbff-4afe-927d-69bf4637bae2";
  };
  system.autoUpgrade.enable = true;
  services.zerotierone.enable = true;
--- a/machines/ponyo/hardware-configuration.nix
+++ b/machines/ponyo/hardware-configuration.nix
@@ -10,18 +10,6 @@
  boot.kernelModules = [ "kvm-intel" "nvme" ];
  boot.extraModulePackages = [ ];
  firmware.x86_64.enable = true;
  bios = {
    enable = true;
    device = "/dev/sda";
  };
  luks = {
    enable = true;
    device.path = "/dev/disk/by-uuid/4cc36be4-dbff-4afe-927d-69bf4637bae2";
  };
  fileSystems."/" =
    { device = "/dev/mapper/enc-pv";
      fsType = "btrfs";
--- a/machines/ray/configuration.nix
+++ b/machines/ray/configuration.nix
@@ -19,10 +19,6 @@
  hardware.enableAllFirmware = true;
  hardware.openrazer.enable = true;
  hardware.openrazer.users = [ "googlebot" ];
  users.users.googlebot.packages = [ pkgs.polychromatic ];
  # depthai
  services.udev.extraRules = ''
    SUBSYSTEM=="usb", ATTRS{idVendor}=="03e7", MODE="0666"
@@ -47,8 +43,6 @@
  environment.systemPackages = with pkgs; [ virt-manager ];
  users.users.googlebot.extraGroups = [ "libvirtd" ];
  services.spotifyd.enable = true;
  # vpn-container.enable = true;
  # containers.vpn.interfaces = [ "piaw" ];
--- a/machines/reg/configuration.nix
+++ b/machines/reg/configuration.nix
@@ -0,0 +1,35 @@
 { config, pkgs, fetchurl, ... }:
 {
  imports = [
    ./hardware-configuration.nix
  ];
  # smcxui7kwoyxpswwage4fkcppxnqzpw33xcmxmlhxvk5gcp5s6lrtfad.onion
  boot.kernelPackages = pkgs.linuxPackages_5_12;
  firmware.x86_64.enable = true;
  efi.enable = true;
  luks = {
    enable = true;
    device = {
      path = "/dev/disk/by-uuid/975d8427-2c6a-440d-a1d2-18dd15ba5bc2";
      allowDiscards = true;
    };
  };
  networking.hostName = "reg";
  de.enable = true;
  de.touchpad.enable = true;
  services.zerotierone.enable = true;
  # VNC
  networking.firewall.allowedTCPPorts = [ 5900 ];
  networking.interfaces.enp57s0f1.useDHCP = true;
 }
--- a/machines/reg/hardware-configuration.nix
+++ b/machines/reg/hardware-configuration.nix
@@ -0,0 +1,38 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 { config, lib, pkgs, modulesPath, ... }:
 {
  imports =
    [ (modulesPath + "/installer/scan/not-detected.nix")
    ];
  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
  boot.initrd.kernelModules = [ "dm-snapshot" ];
  boot.kernelModules = [ "kvm-intel" ];
  boot.extraModulePackages = [ ];
  fileSystems."/" =
    { device = "/dev/disk/by-uuid/b3a2906b-e9a5-45bd-aac5-960297437fe9";
      fsType = "btrfs";
      options = [ "subvol=root" "noatime" "nodiratime" "discard" ];
    };
  fileSystems."/home" =
    { device = "/dev/disk/by-uuid/b3a2906b-e9a5-45bd-aac5-960297437fe9";
      fsType = "btrfs";
      options = [ "subvol=home" "noatime" "nodiratime" "discard" ];
    };
  fileSystems."/boot" =
    { device = "/dev/disk/by-uuid/6C41-24A0";
      fsType = "vfat";
    };
  swapDevices =
    [ { device = "/dev/disk/by-uuid/34ec322f-79c3-4993-a073-ef1da3c6ef51"; }
    ];
  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
 }
--- a/machines/router/configuration.nix
+++ b/machines/router/configuration.nix
@@ -1,17 +0,0 @@
 { config, lib, pkgs, ... }:
 {
  imports = [
    ./hardware-configuration.nix
  ];
  # jxx2exuihlls2t6ncs7rvrjh2dssubjmjtclwr2ysvxtr4t7jv55xmqd.onion
  networking.hostName = "router";
  services.zerotierone.enable = true;
  system.autoUpgrade.enable = true;
  networking.useDHCP = lib.mkForce true;
 }
--- a/machines/router/hardware-configuration.nix
+++ b/machines/router/hardware-configuration.nix
@@ -1,47 +0,0 @@
 { config, pkgs, ... }:
 {
  # kernel
  boot.kernelPackages = pkgs.linuxPackages_latest;
  boot.initrd.availableKernelModules = [ "igb" "mt7915e" "xhci_pci" "ahci" "ehci_pci" "usb_storage" "sd_mod" "sdhci_pci" ];
  boot.initrd.kernelModules = [ "dm-snapshot" ];
  boot.kernelModules = [ "kvm-amd" ];
  boot.extraModulePackages = [ ];
  # Enable serial output
  boot.kernelParams = [
    "panic=30" "boot.panic_on_fail" # reboot the machine upon fatal boot issues
    "console=ttyS0,115200" # enable serial console
    "console=tty1"
  ];
  # firmware
  firmware.x86_64.enable = true;
  hardware.enableAllFirmware = true;
  nixpkgs.config.allowUnfree = true;
  # boot
  bios = {
    enable = true;
    device = "/dev/sda";
  };
  # disks
  luks = {
    enable = true;
    device.path = "/dev/disk/by-uuid/9b090551-f78e-45ca-8570-196ed6a4af0c";
  };
  fileSystems."/" =
    { device = "/dev/disk/by-uuid/421c82b9-d67c-4811-8824-8bb57cb10fce";
      fsType = "btrfs";
    };
  fileSystems."/boot" =
    { device = "/dev/disk/by-uuid/d97f324f-3a2e-4b84-ae2a-4b3d1209c689";
      fsType = "ext3";
    };
  swapDevices =
    [ { device = "/dev/disk/by-uuid/45bf58dd-67eb-45e4-9a98-246e23fa7abd"; }
    ];
  nixpkgs.hostPlatform = "x86_64-linux";
 }