diff --git a/nix/configuration/flake.nix b/nix/configuration/flake.nix index d37f3d8c..32a272b6 100644 --- a/nix/configuration/flake.nix +++ b/nix/configuration/flake.nix @@ -57,6 +57,9 @@ i_only_boot_zfs = { system = "x86_64-linux"; }; + hydra = { + system = "x86_64-linux"; + }; }; nixosConfigs = builtins.mapAttrs ( hostname: nodeConfig: format: diff --git a/nix/configuration/hosts/hydra/DEPLOY_BOOT b/nix/configuration/hosts/hydra/DEPLOY_BOOT index f0b005e5..a3caee06 100755 --- a/nix/configuration/hosts/hydra/DEPLOY_BOOT +++ b/nix/configuration/hosts/hydra/DEPLOY_BOOT @@ -6,12 +6,8 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" : "${JOBS:="1"}" -#TARGET=10.216.1.14 -# TARGET=192.168.211.250 TARGET=hydra for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done nixos-rebuild boot --flake "$DIR/../../#hydra" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json - -# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild boot --flake /persist/manual/configuration#hydra' diff --git a/nix/configuration/hosts/hydra/DEPLOY_SWITCH b/nix/configuration/hosts/hydra/DEPLOY_SWITCH index b6b9eddf..ae7312dd 100755 --- a/nix/configuration/hosts/hydra/DEPLOY_SWITCH +++ b/nix/configuration/hosts/hydra/DEPLOY_SWITCH @@ -6,12 +6,8 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" : "${JOBS:="1"}" -#TARGET=10.216.1.14 -# TARGET=192.168.211.250 TARGET=hydra for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done nixos-rebuild switch --flake "$DIR/../../#hydra" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json - -# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild switch --flake /persist/manual/configuration#hydra' diff --git a/nix/configuration/hosts/hydra/ISO b/nix/configuration/hosts/hydra/ISO index e438611d..b9afe0ab 100755 --- a/nix/configuration/hosts/hydra/ISO +++ b/nix/configuration/hosts/hydra/ISO @@ -7,4 +7,4 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" : "${JOBS:="1"}" for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done -nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#iso.hydra" --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json +nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#hydra.iso" --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json diff --git a/nix/configuration/hosts/hydra/SELF_BOOT b/nix/configuration/hosts/hydra/SELF_BOOT new file mode 100755 index 00000000..b095e35a --- /dev/null +++ b/nix/configuration/hosts/hydra/SELF_BOOT @@ -0,0 +1,10 @@ +#!/usr/bin/env bash +# +set -euo pipefail +IFS=$'\n\t' +DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" + +: "${JOBS:="1"}" + +for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done +nixos-rebuild boot --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#hydra" --log-format internal-json -v "${@}" |& nom --json diff --git a/nix/configuration/hosts/hydra/SELF_BUILD b/nix/configuration/hosts/hydra/SELF_BUILD new file mode 100755 index 00000000..1a0007b3 --- /dev/null +++ b/nix/configuration/hosts/hydra/SELF_BUILD @@ -0,0 +1,10 @@ +#!/usr/bin/env bash +# +set -euo pipefail +IFS=$'\n\t' +DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" + +: "${JOBS:="1"}" + +for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done +nixos-rebuild build --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#hydra" --log-format internal-json -v "${@}" |& nom --json diff --git a/nix/configuration/hosts/hydra/SELF_SWITCH b/nix/configuration/hosts/hydra/SELF_SWITCH new file mode 100755 index 00000000..f0e2f7fd --- /dev/null +++ b/nix/configuration/hosts/hydra/SELF_SWITCH @@ -0,0 +1,10 @@ +#!/usr/bin/env bash +# +set -euo pipefail +IFS=$'\n\t' +DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" + +: "${JOBS:="1"}" + +for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done +nixos-rebuild switch --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#hydra" --log-format internal-json -v "${@}" |& nom --json diff --git a/nix/configuration/hosts/hydra/VM_ISO b/nix/configuration/hosts/hydra/VM_ISO index db043f3e..17175ffc 100755 --- a/nix/configuration/hosts/hydra/VM_ISO +++ b/nix/configuration/hosts/hydra/VM_ISO @@ -7,7 +7,4 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" : "${JOBS:="1"}" for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done -nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#vm_iso.hydra" --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json - -install -m 0644 result/iso/nixos-*-x86_64-linux.iso ~/hydra.iso -unlink ./result +nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#hydra.vm_iso" --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json diff --git a/nix/configuration/hosts/hydra/default.nix b/nix/configuration/hosts/hydra/default.nix index c94d0d0e..e9c7dbfe 100644 --- a/nix/configuration/hosts/hydra/default.nix +++ b/nix/configuration/hosts/hydra/default.nix @@ -1,41 +1,40 @@ +# MANUAL: On client machines generate signing keys: +# nix-store --generate-binary-cache-key some-name /persist/manual/nix/nix-cache-key.sec /persist/manual/nix/nix-cache-key.pub # -# Testing: -# doas "$(nix-build '' --no-out-link -A 'qemu')/bin/qemu-system-x86_64" \ -# -accel kvm \ -# -cpu host \ -# -smp cores=8 \ -# -m 32768 \ -# -drive "file=$(nix-build '' --no-out-link -A 'OVMF.fd')/FV/OVMF.fd,if=pflash,format=raw,readonly=on" \ -# -drive file=/tmp/localdisk.img,if=none,id=nvm,format=raw \ -# -device nvme,serial=deadbeef,drive=nvm \ -# -nic user,hostfwd=tcp::60022-:22 \ -# -boot order=d \ -# -cdrom "$(readlink -f /persist/machine_setup/nix/configuration/result/iso/nixos*.iso)" \ -# -display vnc=127.0.0.1:0 -# +# Trust other machines and add the substituters: +# nix.binaryCachePublicKeys = [ "some-name:AzNW1MOlkNEsUAXS1jIFZ1QCFKXjV+Y/LrF37quAZ1A=" ]; +# nix.binaryCaches = [ "https://test.example/nix-cache" ]; +{ + config, + lib, + pkgs, + ... +}: { imports = [ - ./disk-config.nix ./hardware-configuration.nix ./vm_disk.nix ]; config = { # Generate with `head -c4 /dev/urandom | od -A none -t x4` - networking.hostId = "fbd233d8"; + networking.hostId = "6fbf418b"; networking.hostName = "hydra"; # Define your hostname. time.timeZone = "America/New_York"; i18n.defaultLocale = "en_US.UTF-8"; + me.boot.enable = true; me.boot.secure = false; me.mountPersistence = true; + boot.loader.timeout = lib.mkForce 0; # We can always generate a new ISO if we need to access other boot options. me.optimizations = { enable = true; arch = "znver4"; + # build_arch = "x86-64-v3"; system_features = [ "gccarch-znver4" "gccarch-skylake" @@ -53,26 +52,18 @@ # Mount tmpfs at /tmp boot.tmp.useTmpfs = true; - me.base.enable = true; - me.boot.enable = true; - me.doas.enable = true; - me.emacs_flavor = "plainmacs"; - me.firewall.enable = true; - me.font.enable = true; - me.git.enable = true; - me.graphical = false; - me.hydra.enable = false; - me.memtest.enable = true; - me.network.enable = true; + # Enable TRIM + # services.fstrim.enable = lib.mkDefault true; + + # nix.optimise.automatic = true; + # nix.optimise.dates = [ "03:45" ]; + # nix.optimise.persistent = true; + + me.image_based_appliance.enable = lib.mkForce false; + + me.build_in_ram.enable = true; + me.dont_use_substituters.enable = true; + me.minimal_base.enable = true; me.nix_worker.enable = true; - me.nvme.enable = true; - me.ssh.enable = true; - me.sshd.enable = true; - me.user.enable = true; - me.vm_disk.enable = true; - me.wireguard.activated = [ ]; - me.wireguard.deactivated = [ ]; - me.zfs.enable = true; - me.zsh.enable = true; }; } diff --git a/nix/configuration/hosts/hydra/disk-config.nix b/nix/configuration/hosts/hydra/disk-config.nix deleted file mode 100644 index 3bf6a0d3..00000000 --- a/nix/configuration/hosts/hydra/disk-config.nix +++ /dev/null @@ -1,139 +0,0 @@ -# Manual Step: -# Check if drive supports 4kn: nvme id-ns -H /dev/nvme0n1 -# Format the drive to 4kn: nvme format --lbaf=1 /dev/nvme0n1 -{ - config, - lib, - ... -}: - -lib.mkIf (!config.me.buildingIso) { - disko.devices = { - disk = { - main = { - type = "disk"; - device = "/dev/nvme0n1"; - content = { - type = "gpt"; - partitions = { - ESP = { - size = "1G"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - mountOptions = [ - "umask=0077" - "noatime" - "discard" - ]; - }; - }; - zfs = { - size = "100%"; - content = { - type = "zfs"; - pool = "zroot"; - }; - }; - }; - }; - }; - }; - zpool = { - zroot = { - type = "zpool"; - # mode = "mirror"; - # Workaround: cannot import 'zroot': I/O error in disko tests - options.cachefile = "none"; - options = { - ashift = "12"; - compatibility = "openzfs-2.2-freebsd"; - autotrim = "on"; - }; - rootFsOptions = { - acltype = "posixacl"; - atime = "off"; - relatime = "off"; - xattr = "sa"; - mountpoint = "none"; - compression = "lz4"; - canmount = "off"; - utf8only = "on"; - dnodesize = "auto"; - normalization = "formD"; - }; - - datasets = { - "linux/nix" = { - type = "zfs_fs"; - options.mountpoint = "none"; - }; - "linux/nix/root" = { - type = "zfs_fs"; - options.mountpoint = "legacy"; - mountpoint = "/"; - postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/root@blank$' || zfs snapshot zroot/linux/nix/root@blank"; - }; - "linux/nix/nix" = { - type = "zfs_fs"; - options.mountpoint = "legacy"; - mountpoint = "/nix"; - postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/nix@blank$' || zfs snapshot zroot/linux/nix/nix@blank"; - options = { - recordsize = "1MiB"; - compression = "lz4"; - }; - }; - "linux/nix/home" = { - type = "zfs_fs"; - options.mountpoint = "legacy"; - mountpoint = "/home"; - postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/home@blank$' || zfs snapshot zroot/linux/nix/home@blank"; - }; - "linux/nix/persist" = { - type = "zfs_fs"; - options.mountpoint = "legacy"; - mountpoint = "/persist"; - postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/persist@blank$' || zfs snapshot zroot/linux/nix/persist@blank"; - }; - "linux/nix/state" = { - type = "zfs_fs"; - options.mountpoint = "legacy"; - mountpoint = "/state"; - postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/state@blank$' || zfs snapshot zroot/linux/nix/state@blank"; - }; - }; - }; - }; - }; - - # Make sure all persistent volumes are marked as neededForBoot - # - # Also mounts /home so it is mounted before the user home directories are created. - fileSystems."/persist".neededForBoot = true; - fileSystems."/state".neededForBoot = true; - fileSystems."/home".neededForBoot = true; - - fileSystems."/".options = [ - "noatime" - "norelatime" - ]; - fileSystems."/nix".options = [ - "noatime" - "norelatime" - ]; - fileSystems."/persist".options = [ - "noatime" - "norelatime" - ]; - fileSystems."/state".options = [ - "noatime" - "norelatime" - ]; - fileSystems."/home".options = [ - "noatime" - "norelatime" - ]; -} diff --git a/nix/configuration/hosts/hydra/hardware-configuration.nix b/nix/configuration/hosts/hydra/hardware-configuration.nix index 15020cbf..6029e088 100644 --- a/nix/configuration/hosts/hydra/hardware-configuration.nix +++ b/nix/configuration/hosts/hydra/hardware-configuration.nix @@ -1,4 +1,5 @@ { + config, lib, modulesPath, ... @@ -11,12 +12,9 @@ config = { boot.initrd.availableKernelModules = [ - "xhci_pci" "nvme" - "usbhid" - "usb_storage" - "sd_mod" - "sdhci_pci" + "xhci_pci" + "thunderbolt" ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ ]; @@ -26,10 +24,8 @@ # (the default) this is the recommended approach. When using systemd-networkd it's # still possible to use this option, but it's recommended to use it in conjunction # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.dhcpcd.enable = lib.mkForce true; - networking.useDHCP = lib.mkForce true; - networking.interfaces.enp0s2.useDHCP = lib.mkForce true; - # systemd.network.enable = true; - + # networking.useDHCP = lib.mkDefault true; + # networking.interfaces.eno1.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp58s0.useDHCP = lib.mkDefault true; }; } diff --git a/nix/configuration/hosts/hydra/vm_disk.nix b/nix/configuration/hosts/hydra/vm_disk.nix index dd32a79d..f67d28fa 100644 --- a/nix/configuration/hosts/hydra/vm_disk.nix +++ b/nix/configuration/hosts/hydra/vm_disk.nix @@ -1,24 +1,21 @@ { config, lib, + pkgs, ... }: { imports = [ ]; - options.me = { - vm_disk.enable = lib.mkOption { - type = lib.types.bool; - default = false; - example = true; - description = "Whether we want to mount the local disk for persistent storage."; - }; - }; + config = { + # environment.systemPackages = with pkgs; [ + # e2fsprogs # mkfs.ext4 + # gptfdisk # cgdisk + # ]; - config = lib.mkIf config.me.vm_disk.enable { # Mount the local disk - fileSystems = { + fileSystems = lib.mkIf config.me.mountPersistence { "/.disk" = lib.mkForce { device = "/dev/nvme0n1p1"; fsType = "ext4"; @@ -29,6 +26,21 @@ neededForBoot = true; }; + # "/.disk" = lib.mkForce { + # device = "bind9p"; + # fsType = "9p"; + # options = [ + # "noatime" + # "trans=virtio" + # "version=9p2000.L" + # "cache=mmap" + # "msize=512000" + # # "noauto" + # # "x-systemd.automount" + # ]; + # neededForBoot = true; + # }; + "/persist" = { fsType = "none"; device = "/.disk/persist"; @@ -39,6 +51,7 @@ depends = [ "/.disk/persist" ]; + neededForBoot = true; }; "/state" = { @@ -51,16 +64,22 @@ depends = [ "/.disk/state" ]; + neededForBoot = true; }; "/nix/store" = lib.mkForce { - fsType = "overlay"; - device = "overlay"; - options = [ - "lowerdir=/nix/.ro-store" - "upperdir=/.disk/persist/store" - "workdir=/.disk/state/work" - ]; + overlay = { + lowerdir = [ "/nix/.ro-store" ]; + upperdir = "/.disk/persist/store"; + workdir = "/.disk/state/work"; + }; + # fsType = "overlay"; + # device = "overlay"; + # options = [ + # "lowerdir=/nix/.ro-store" + # "upperdir=/.disk/persist/store" + # "workdir=/.disk/state/work" + # ]; depends = [ "/nix/.ro-store" "/.disk/persist/store" diff --git a/nix/configuration/roles/distributed_build/default.nix b/nix/configuration/roles/distributed_build/default.nix index eb78f465..487eec20 100644 --- a/nix/configuration/roles/distributed_build/default.nix +++ b/nix/configuration/roles/distributed_build/default.nix @@ -2,6 +2,7 @@ config, lib, all_nixos_configs, + pkgs, ... }: @@ -56,6 +57,21 @@ in lib.mkMerge [ { nix.distributedBuilds = true; + + nix.settings.substituters = lib.mkForce [ "ssh://hydra" ]; + nix.settings.substitute = lib.mkForce true; + nix.settings.post-build-hook = pkgs.writeShellScript "post-build-hook" '' + set -euo pipefail + IFS=$'\n\t' + set -f # disable globbing + echo "Signing and uploading paths" $OUT_PATHS + #exec nix copy --to 'ssh://hydra?secret-key=/persist/manual/nix/nix-cache-key.sec' $OUT_PATHS + exec nix copy --to 'ssh://hydra' $OUT_PATHS + ''; + nix.settings.secret-key-files = [ "/persist/manual/nix/nix-cache-key.sec" ]; + nix.settings.trusted-public-keys = lib.mkForce [ + "odo:0S/XKSFjjIrihQ7lbHEIebXk/c/xuoodhm0Gz26YhjA=" + ]; } { nix.buildMachines = ( diff --git a/nix/configuration/roles/qemu/files/qemurc.bash b/nix/configuration/roles/qemu/files/qemurc.bash index b4232f9c..a5a865ba 100644 --- a/nix/configuration/roles/qemu/files/qemurc.bash +++ b/nix/configuration/roles/qemu/files/qemurc.bash @@ -307,7 +307,7 @@ function start_body { local additional_args=() if [ -n "$BIND9P" ]; then - additional_args+=(-device "virtio-9p-type,fsdev=${BIND9P},mount_tag=bind9p") + additional_args+=(-device "virtio-9p-pci,fsdev=${BIND9P},mount_tag=bind9p") fi if [ -n "$mount_cd" ]; then