talexander/machine_setup
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Add a host for hydra.

Browse Source
This commit is contained in:
Tom Alexander 2025-11-27 17:51:08 -05:00
parent 8eb3c459bd
commit 4ca486d7f8
Signed by: talexander
GPG Key ID: 36C99E8B3C39D85F
14 changed files with 121 additions and 216 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
nix/configuration/flake.nix
View File

@ -57,6 +57,9 @@
i_only_boot_zfs = {
system = "x86_64-linux";
};
hydra = {
system = "x86_64-linux";
};
};
nixosConfigs = builtins.mapAttrs (
hostname: nodeConfig: format:

4
nix/configuration/hosts/hydra/DEPLOY_BOOT
View File

@ -6,12 +6,8 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
#TARGET=10.216.1.14
# TARGET=192.168.211.250
TARGET=hydra
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --flake "$DIR/../../#hydra" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild boot --flake /persist/manual/configuration#hydra'

4
nix/configuration/hosts/hydra/DEPLOY_SWITCH
View File

@ -6,12 +6,8 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
#TARGET=10.216.1.14
# TARGET=192.168.211.250
TARGET=hydra
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --flake "$DIR/../../#hydra" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild switch --flake /persist/manual/configuration#hydra'

2
nix/configuration/hosts/hydra/ISO
View File

@ -7,4 +7,4 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#iso.hydra" --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#hydra.iso" --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json

10
nix/configuration/hosts/hydra/SELF_BOOT Executable file
View File

@ -0,0 +1,10 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#hydra" --log-format internal-json -v "${@}" |& nom --json

10
nix/configuration/hosts/hydra/SELF_BUILD Executable file
View File

@ -0,0 +1,10 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild build --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#hydra" --log-format internal-json -v "${@}" |& nom --json

10
nix/configuration/hosts/hydra/SELF_SWITCH Executable file
View File

@ -0,0 +1,10 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#hydra" --log-format internal-json -v "${@}" |& nom --json

5
nix/configuration/hosts/hydra/VM_ISO
View File

@ -7,7 +7,4 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#vm_iso.hydra" --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
install -m 0644 result/iso/nixos-*-x86_64-linux.iso ~/hydra.iso
unlink ./result
nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#hydra.vm_iso" --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json

63
nix/configuration/hosts/hydra/default.nix
View File

@ -1,41 +1,40 @@
# MANUAL: On client machines generate signing keys:
# nix-store --generate-binary-cache-key some-name /persist/manual/nix/nix-cache-key.sec /persist/manual/nix/nix-cache-key.pub
#
# Testing:
# doas "$(nix-build '<nixpkgs>' --no-out-link -A 'qemu')/bin/qemu-system-x86_64" \
# -accel kvm \
# -cpu host \
# -smp cores=8 \
# -m 32768 \
# -drive "file=$(nix-build '<nixpkgs>' --no-out-link -A 'OVMF.fd')/FV/OVMF.fd,if=pflash,format=raw,readonly=on" \
# -drive file=/tmp/localdisk.img,if=none,id=nvm,format=raw \
# -device nvme,serial=deadbeef,drive=nvm \
# -nic user,hostfwd=tcp::60022-:22 \
# -boot order=d \
# -cdrom "$(readlink -f /persist/machine_setup/nix/configuration/result/iso/nixos*.iso)" \
# -display vnc=127.0.0.1:0
#
# Trust other machines and add the substituters:
# nix.binaryCachePublicKeys = [ "some-name:AzNW1MOlkNEsUAXS1jIFZ1QCFKXjV+Y/LrF37quAZ1A=" ];
# nix.binaryCaches = [ "https://test.example/nix-cache" ];
{
config,
lib,
pkgs,
...
}:
{
imports = [
./disk-config.nix
./hardware-configuration.nix
./vm_disk.nix
];
config = {
# Generate with `head -c4 /dev/urandom | od -A none -t x4`
networking.hostId = "fbd233d8";
networking.hostId = "6fbf418b";
networking.hostName = "hydra"; # Define your hostname.
time.timeZone = "America/New_York";
i18n.defaultLocale = "en_US.UTF-8";
me.boot.enable = true;
me.boot.secure = false;
me.mountPersistence = true;
boot.loader.timeout = lib.mkForce 0; # We can always generate a new ISO if we need to access other boot options.
me.optimizations = {
enable = true;
arch = "znver4";
# build_arch = "x86-64-v3";
system_features = [
"gccarch-znver4"
"gccarch-skylake"
@ -53,26 +52,18 @@
# Mount tmpfs at /tmp
boot.tmp.useTmpfs = true;
me.base.enable = true;
me.boot.enable = true;
me.doas.enable = true;
me.emacs_flavor = "plainmacs";
me.firewall.enable = true;
me.font.enable = true;
me.git.enable = true;
me.graphical = false;
me.hydra.enable = false;
me.memtest.enable = true;
me.network.enable = true;
# Enable TRIM
# services.fstrim.enable = lib.mkDefault true;
# nix.optimise.automatic = true;
# nix.optimise.dates = [ "03:45" ];
# nix.optimise.persistent = true;
me.image_based_appliance.enable = lib.mkForce false;
me.build_in_ram.enable = true;
me.dont_use_substituters.enable = true;
me.minimal_base.enable = true;
me.nix_worker.enable = true;
me.nvme.enable = true;
me.ssh.enable = true;
me.sshd.enable = true;
me.user.enable = true;
me.vm_disk.enable = true;
me.wireguard.activated = [ ];
me.wireguard.deactivated = [ ];
me.zfs.enable = true;
me.zsh.enable = true;
};
}

139
nix/configuration/hosts/hydra/disk-config.nix
View File

@ -1,139 +0,0 @@
# Manual Step:
# Check if drive supports 4kn: nvme id-ns -H /dev/nvme0n1
# Format the drive to 4kn: nvme format --lbaf=1 /dev/nvme0n1
{
config,
lib,
...
}:
lib.mkIf (!config.me.buildingIso) {
disko.devices = {
disk = {
main = {
type = "disk";
device = "/dev/nvme0n1";
content = {
type = "gpt";
partitions = {
ESP = {
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [
"umask=0077"
"noatime"
"discard"
];
};
};
zfs = {
size = "100%";
content = {
type = "zfs";
pool = "zroot";
};
};
};
};
};
};
zpool = {
zroot = {
type = "zpool";
# mode = "mirror";
# Workaround: cannot import 'zroot': I/O error in disko tests
options.cachefile = "none";
options = {
ashift = "12";
compatibility = "openzfs-2.2-freebsd";
autotrim = "on";
};
rootFsOptions = {
acltype = "posixacl";
atime = "off";
relatime = "off";
xattr = "sa";
mountpoint = "none";
compression = "lz4";
canmount = "off";
utf8only = "on";
dnodesize = "auto";
normalization = "formD";
};
datasets = {
"linux/nix" = {
type = "zfs_fs";
options.mountpoint = "none";
};
"linux/nix/root" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/root@blank$' || zfs snapshot zroot/linux/nix/root@blank";
};
"linux/nix/nix" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/nix";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/nix@blank$' || zfs snapshot zroot/linux/nix/nix@blank";
options = {
recordsize = "1MiB";
compression = "lz4";
};
};
"linux/nix/home" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/home";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/home@blank$' || zfs snapshot zroot/linux/nix/home@blank";
};
"linux/nix/persist" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/persist";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/persist@blank$' || zfs snapshot zroot/linux/nix/persist@blank";
};
"linux/nix/state" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/state";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/state@blank$' || zfs snapshot zroot/linux/nix/state@blank";
};
};
};
};
};
# Make sure all persistent volumes are marked as neededForBoot
#
# Also mounts /home so it is mounted before the user home directories are created.
fileSystems."/persist".neededForBoot = true;
fileSystems."/state".neededForBoot = true;
fileSystems."/home".neededForBoot = true;
fileSystems."/".options = [
"noatime"
"norelatime"
];
fileSystems."/nix".options = [
"noatime"
"norelatime"
];
fileSystems."/persist".options = [
"noatime"
"norelatime"
];
fileSystems."/state".options = [
"noatime"
"norelatime"
];
fileSystems."/home".options = [
"noatime"
"norelatime"
];
}

16
nix/configuration/hosts/hydra/hardware-configuration.nix
View File

@ -1,4 +1,5 @@
{
config,
lib,
modulesPath,
...
@ -11,12 +12,9 @@
config = {
boot.initrd.availableKernelModules = [
"xhci_pci"
"nvme"
"usbhid"
"usb_storage"
"sd_mod"
"sdhci_pci"
"xhci_pci"
"thunderbolt"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
@ -26,10 +24,8 @@
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.dhcpcd.enable = lib.mkForce true;
networking.useDHCP = lib.mkForce true;
networking.interfaces.enp0s2.useDHCP = lib.mkForce true;
# systemd.network.enable = true;
# networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp58s0.useDHCP = lib.mkDefault true;
};
}

53
nix/configuration/hosts/hydra/vm_disk.nix
View File

@ -1,24 +1,21 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
vm_disk.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to mount the local disk for persistent storage.";
};
};
config = {
# environment.systemPackages = with pkgs; [
# e2fsprogs # mkfs.ext4
# gptfdisk # cgdisk
# ];
config = lib.mkIf config.me.vm_disk.enable {
# Mount the local disk
fileSystems = {
fileSystems = lib.mkIf config.me.mountPersistence {
"/.disk" = lib.mkForce {
device = "/dev/nvme0n1p1";
fsType = "ext4";
@ -29,6 +26,21 @@
neededForBoot = true;
};
# "/.disk" = lib.mkForce {
# device = "bind9p";
# fsType = "9p";
# options = [
# "noatime"
# "trans=virtio"
# "version=9p2000.L"
# "cache=mmap"
# "msize=512000"
# # "noauto"
# # "x-systemd.automount"
# ];
# neededForBoot = true;
# };
"/persist" = {
fsType = "none";
device = "/.disk/persist";
@ -39,6 +51,7 @@
depends = [
"/.disk/persist"
];
neededForBoot = true;
};
"/state" = {
@ -51,16 +64,22 @@
depends = [
"/.disk/state"
];
neededForBoot = true;
};
"/nix/store" = lib.mkForce {
fsType = "overlay";
device = "overlay";
options = [
"lowerdir=/nix/.ro-store"
"upperdir=/.disk/persist/store"
"workdir=/.disk/state/work"
];
overlay = {
lowerdir = [ "/nix/.ro-store" ];
upperdir = "/.disk/persist/store";
workdir = "/.disk/state/work";
};
# fsType = "overlay";
# device = "overlay";
# options = [
# "lowerdir=/nix/.ro-store"
# "upperdir=/.disk/persist/store"
# "workdir=/.disk/state/work"
# ];
depends = [
"/nix/.ro-store"
"/.disk/persist/store"

16
nix/configuration/roles/distributed_build/default.nix
View File

@ -2,6 +2,7 @@
config,
lib,
all_nixos_configs,
pkgs,
...
}:
@ -56,6 +57,21 @@ in
lib.mkMerge [
{
nix.distributedBuilds = true;
nix.settings.substituters = lib.mkForce [ "ssh://hydra" ];
nix.settings.substitute = lib.mkForce true;
nix.settings.post-build-hook = pkgs.writeShellScript "post-build-hook" ''
set -euo pipefail
IFS=$'\n\t'
set -f # disable globbing
echo "Signing and uploading paths" $OUT_PATHS
#exec nix copy --to 'ssh://hydra?secret-key=/persist/manual/nix/nix-cache-key.sec' $OUT_PATHS
exec nix copy --to 'ssh://hydra' $OUT_PATHS
'';
nix.settings.secret-key-files = [ "/persist/manual/nix/nix-cache-key.sec" ];
nix.settings.trusted-public-keys = lib.mkForce [
"odo:0S/XKSFjjIrihQ7lbHEIebXk/c/xuoodhm0Gz26YhjA="
];
}
{
nix.buildMachines = (

2
nix/configuration/roles/qemu/files/qemurc.bash
View File

@ -307,7 +307,7 @@ function start_body {
local additional_args=()
if [ -n "$BIND9P" ]; then
additional_args+=(-device "virtio-9p-type,fsdev=${BIND9P},mount_tag=bind9p")
additional_args+=(-device "virtio-9p-pci,fsdev=${BIND9P},mount_tag=bind9p")
fi
if [ -n "$mount_cd" ]; then