emily/nixfiles
emily/nixfiles
1
0
Fork 0
Code Issues Pull requests Activity

Update from update-inputs-2024-08-22-04-20

Browse source
This commit is contained in:
Update Bot 2024-08-22 04:20:28 +02:00
parent 0b49ee4a5a b4693e11fd
commit 525170c166
No known key found for this signature in database
13 changed files with 633 additions and 74 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
config/common/default.nix
View file

@ -9,6 +9,7 @@ with lib; {
../../modules
];
environment.systemPackages = with pkgs; [
kitty.terminfo
bat
dig
htop
@ -22,8 +23,6 @@ with lib; {
unzip
zip
figlet
] ++ lib.optionals (!config.kyouma.machine-type.container) [
kitty.terminfo
];
programs = {
mtr.enable = true;
@ -58,7 +57,7 @@ with lib; {
nix.gc.automatic = true;
nix.gc.options = "--delete-older-than 7d";
nix.optimise.automatic = true;
nix.registry.nixpkgs.to = lib.mkIf (!config.kyouma.machine-type.container) {
nix.registry.nixpkgs.to = {
type = "path";
path = pkgs.path;
};

15
config/hosts/build-worker-oci/configuration.nix
View file

@ -1,15 +0,0 @@
{ lib, modulesPath, ... }: {
imports = [
"${modulesPath}/virtualisation/docker-image.nix"
../../common
../../profiles/builder.nix
../../profiles/headless.nix
];
networking.hostName = "build-worker-oci";
services.resolved.enable = lib.mkForce false;
kyouma = {
machine-type.container = true;
deployment.auto-upgrade.enable = lib.mkForce false;
};
}

7
config/services/hydra/default.nix
View file

@ -1,6 +1,7 @@
{ config, ... }: {
{ config, inputs, lib, ... }: {
imports = [
./nix-config.nix
inputs.lix-module.nixosModules.default
];
sops.secrets."services/hydra/signKey" = {
owner = "hydra-queue-runner";
@ -18,8 +19,12 @@
};
kyouma.deployment.auto-upgrade.cache = "daemon";
nix.package = lib.mkForce inputs.lix-module.packages.${config.nixpkgs.hostPlatform.system}.default;
nix.settings.experimental-features = lib.mkForce [ "nix-command" "flakes" "pipe-operator" ];
services.hydra = {
enable = true;
package = inputs.hydra.packages.${config.nixpkgs.hostPlatform.system}.hydra;
hydraURL = "https://hydra.kyouma.net";
listenHost = "localhost";
notificationSender = "hydra@hydra.kyouma.net";

56
config/services/hydra/nix-config.nix
View file

@ -1,13 +1,12 @@
{ config, ... }: {
{ config, lib, ... }: {
nix.buildMachines = [
{
hostName = "localhost";
sshUser = "hydra-queue-runner";
maxJobs = 20;
speedFactor = 17;
protocol = null;
maxJobs = 0;
speedFactor = 0;
systems = [ "x86_64-linux" ];
supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
sshKey = config.sops.secrets."services/hydra/id_ed25519_hydra".path;
}
{
hostName = "integra.kyouma.net";
@ -18,8 +17,8 @@
supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
sshKey = config.sops.secrets."services/hydra/id_ed25519_hydra".path;
}
{
hostName = "build-worker-03.nyantec.com";
] ++ lib.forEach [ "03" "04" ] (num: {
hostName = "build-worker-${num}.nyantec.com";
sshUser = "nix-ssh";
maxJobs = 4;
speedFactor = 18;
@ -27,16 +26,15 @@
supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" "gccarch-x86-64" "gccarch-x86-64-v2" "gccarch-x86-64-v3" ];
sshKey = config.sops.secrets."services/hydra/id_ed25519_hydra".path;
}
{
hostName = "build-worker-04.nyantec.com";
sshUser = "nix-ssh";
maxJobs = 4;
speedFactor = 18;
systems = [ "x86_64-linux" "riscv64-linux" ];
) ++ lib.forEach [ "01" "02" "03" "04" ] (num: {
hostName = "build-worker-${num}";
sshUser = "root";
maxJobs = 6;
speedFactor = 20;
systems = [ "x86_64-linux" ];
supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" "gccarch-x86-64" "gccarch-x86-64-v2" "gccarch-x86-64-v3" ];
sshKey = config.sops.secrets."services/hydra/id_ed25519_hydra".path;
}
];
});
nix.settings = {
allowed-uris = [
"github:"
@ -49,9 +47,29 @@
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE/vCXM3IaxJP9v2Y+xcQrQD2IcffgdzqtWhpMjj9Xl5 hydra@seras"
];
programs.ssh = {
knownHosts."build-worker-03.nyantec.com".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEGqTY74c5g15DSNPNM2Wdr5jAwS7BFgX1XRnhtGOnJc";
knownHosts."build-worker-04.nyantec.com".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICOq+5I+nlAN2lJoOtoXrYEDuZ/TMPMa43pIlablYigK";
knownHosts."integra.kyouma.net".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIBwEQiSfaDrUAwgul4mktusBPcIVxI4pLNDh9DPopVU";
knownHosts."localhost".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPNVavo3YHVsrYwXRVISu7kDoknn+5inFGySn4azlB8P";
knownHosts = {
"build-worker-03.nyantec.com".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEGqTY74c5g15DSNPNM2Wdr5jAwS7BFgX1XRnhtGOnJc";
"build-worker-04.nyantec.com".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICOq+5I+nlAN2lJoOtoXrYEDuZ/TMPMa43pIlablYigK";
"integra.kyouma.net".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIBwEQiSfaDrUAwgul4mktusBPcIVxI4pLNDh9DPopVU";
"localhost".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPNVavo3YHVsrYwXRVISu7kDoknn+5inFGySn4azlB8P";
"[build-worker-kyoumanet.fly.dev]:2201".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDL2M97UBHg9aUfjDUxzmzg1r0ga0m3/stummBVwuEAB";
"[build-worker-kyoumanet.fly.dev]:2202".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOTwVKL0P0chPM2Gz23rbT94844+w1CGJdCaZdzfjThz";
"[build-worker-kyoumanet.fly.dev]:2203".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAjy2eZGJQeAYy0+fLgW9jiS0jVY2LInY0NDMnzCvvKp";
"[build-worker-kyoumanet.fly.dev]:2204".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN72OyD9LYy4hq0WZ7ie5RPV+G54UreEJiA/RubjGoe9";
};
extraConfig = ''
Host build-worker-01
Hostname build-worker-kyoumanet.fly.dev
Port 2201
Host build-worker-02
Hostname build-worker-kyoumanet.fly.dev
Port 2202
Host build-worker-03
Hostname build-worker-kyoumanet.fly.dev
Port 2203
Host build-worker-04
Hostname build-worker-kyoumanet.fly.dev
Port 2204
'';
};
}

356
flake.lock
View file

@ -13,11 +13,11 @@
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1724086414,
"narHash": "sha256-jcY81r8PdMQ9dCGhT0YLZzxPj3kQJXyWCmvQLXbR1EI=",
"lastModified": 1724226964,
"narHash": "sha256-cltFh4su2vcFidxKp7LuEgX3ZGLfPy0DCdrQZ/QTe68=",
"owner": "zhaofengli",
"repo": "attic",
"rev": "acf3c351f8de47c6857f31948ab253f9c7ce2a6f",
"rev": "6d9aeaef0a067d664cb11bb7704f7ec373d47fb2",
"type": "github"
},
"original": {
@ -205,11 +205,11 @@
]
},
"locked": {
"lastModified": 1724163524,
"narHash": "sha256-3A06DYw47oSLYMalkWDLzTMHC0MKgm1mNfaca9sqUnI=",
"lastModified": 1724290508,
"narHash": "sha256-dtL4vielmrko/0XpZ3Wfd7czVvv3NC5oiwh8PKJN9hw=",
"owner": "nix-community",
"repo": "disko",
"rev": "c7b14da22e302e0f9d7aa4df26b61016bcedf738",
"rev": "4b866c9942d0f771ae934f04ca9859936f9bfbcf",
"type": "github"
},
"original": {
@ -280,6 +280,22 @@
}
},
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_3": {
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
@ -293,7 +309,7 @@
"url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"
}
},
"flake-compat_3": {
"flake-compat_4": {
"flake": false,
"locked": {
"lastModified": 1673956053,
@ -310,6 +326,28 @@
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": [
"hydra",
"nix-eval-jobs",
"nixpkgs"
]
},
"locked": {
"lastModified": 1722555600,
"narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "8471fe90ad337a8074e957b69ca4d0089218391d",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_2": {
"inputs": {
"nixpkgs-lib": [
"nixvim",
@ -366,6 +404,39 @@
"type": "github"
}
},
"flake-utils_3": {
"inputs": {
"systems": "systems_3"
},
"locked": {
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flakey-profile": {
"locked": {
"lastModified": 1712898590,
"narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=",
"owner": "lf-",
"repo": "flakey-profile",
"rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d",
"type": "github"
},
"original": {
"owner": "lf-",
"repo": "flakey-profile",
"type": "github"
}
},
"fromYaml": {
"flake": false,
"locked": {
@ -471,6 +542,28 @@
"type": "github"
}
},
"hydra": {
"inputs": {
"lix": [
"lix"
],
"nix-eval-jobs": "nix-eval-jobs",
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1724017314,
"narHash": "sha256-FFv/JT+A7xG6H1FN6aEHWzhrHXtw16BkSmBx0wgmC9U=",
"ref": "refs/heads/main",
"rev": "3ee51dbe589458cc54ff753317bbc6db530bddc0",
"revCount": 4201,
"type": "git",
"url": "https://git.lix.systems/lix-project/hydra.git"
},
"original": {
"type": "git",
"url": "https://git.lix.systems/lix-project/hydra.git"
}
},
"iceshrimp": {
"inputs": {
"nixpkgs": [
@ -514,6 +607,61 @@
"url": "https://woof.rip/emily/kyouma-net.git"
}
},
"lix": {
"inputs": {
"flake-compat": "flake-compat_2",
"nix2container": "nix2container",
"nixpkgs": "nixpkgs_3",
"nixpkgs-regression": "nixpkgs-regression",
"pre-commit-hooks": "pre-commit-hooks"
},
"locked": {
"lastModified": 1723503926,
"narHash": "sha256-Rosl9iA9MybF5Bud4BTAQ9adbY81aGmPfV8dDBGl34s=",
"rev": "bcaeb6388b8916ac6d1736e3aa2b13313e6a6bd2",
"type": "tarball",
"url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/bcaeb6388b8916ac6d1736e3aa2b13313e6a6bd2.tar.gz?rev=bcaeb6388b8916ac6d1736e3aa2b13313e6a6bd2"
},
"original": {
"type": "tarball",
"url": "https://git.lix.systems/lix-project/lix/archive/2.91.0.tar.gz"
}
},
"lix-module": {
"inputs": {
"flake-utils": "flake-utils_2",
"flakey-profile": "flakey-profile",
"lix": "lix_2",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1723510904,
"narHash": "sha256-zNW/rqNJwhq2lYmQf19wJerRuNimjhxHKmzrWWFJYts=",
"rev": "622a2253a071a1fb97a4d3c8103a91114acc1140",
"type": "tarball",
"url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/622a2253a071a1fb97a4d3c8103a91114acc1140.tar.gz?rev=622a2253a071a1fb97a4d3c8103a91114acc1140"
},
"original": {
"type": "tarball",
"url": "https://git.lix.systems/lix-project/nixos-module/archive/2.91.0.tar.gz"
}
},
"lix_2": {
"flake": false,
"locked": {
"lastModified": 1723503926,
"narHash": "sha256-Rosl9iA9MybF5Bud4BTAQ9adbY81aGmPfV8dDBGl34s=",
"rev": "bcaeb6388b8916ac6d1736e3aa2b13313e6a6bd2",
"type": "tarball",
"url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/bcaeb6388b8916ac6d1736e3aa2b13313e6a6bd2.tar.gz?rev=bcaeb6388b8916ac6d1736e3aa2b13313e6a6bd2"
},
"original": {
"type": "tarball",
"url": "https://git.lix.systems/lix-project/lix/archive/2.91.0.tar.gz"
}
},
"nix-darwin": {
"inputs": {
"nixpkgs": [
@ -535,6 +683,72 @@
"type": "github"
}
},
"nix-eval-jobs": {
"inputs": {
"flake-parts": "flake-parts",
"lix": [
"hydra",
"lix"
],
"nix-github-actions": "nix-github-actions",
"nixpkgs": [
"hydra",
"nixpkgs"
],
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1723579251,
"narHash": "sha256-xnHtfw0gRhV+2S9U7hQwvp2klTy1Iv7FlMMO0/WiMVc=",
"ref": "refs/heads/main",
"rev": "42a160bce2fd9ffebc3809746bc80cc7208f9b08",
"revCount": 609,
"type": "git",
"url": "https://git.lix.systems/lix-project/nix-eval-jobs"
},
"original": {
"type": "git",
"url": "https://git.lix.systems/lix-project/nix-eval-jobs"
}
},
"nix-github-actions": {
"inputs": {
"nixpkgs": [
"hydra",
"nix-eval-jobs",
"nixpkgs"
]
},
"locked": {
"lastModified": 1720066371,
"narHash": "sha256-uPlLYH2S0ACj0IcgaK9Lsf4spmJoGejR9DotXiXSBZQ=",
"owner": "nix-community",
"repo": "nix-github-actions",
"rev": "622f829f5fe69310a866c8a6cd07e747c44ef820",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nix-github-actions",
"type": "github"
}
},
"nix2container": {
"flake": false,
"locked": {
"lastModified": 1720642556,
"narHash": "sha256-qsnqk13UmREKmRT7c8hEnz26X3GFFyIQrqx4EaRc1Is=",
"owner": "nlewo",
"repo": "nix2container",
"rev": "3853e5caf9ad24103b13aa6e0e8bcebb47649fe4",
"type": "github"
},
"original": {
"owner": "nlewo",
"repo": "nix2container",
"type": "github"
}
},
"nixos-hardware": {
"locked": {
"lastModified": 1724067415,
@ -586,6 +800,22 @@
"type": "github"
}
},
"nixpkgs-regression": {
"locked": {
"lastModified": 1643052045,
"narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
"type": "github"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1720535198,
@ -619,6 +849,38 @@
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1723688146,
"narHash": "sha256-sqLwJcHYeWLOeP/XoLwAtYjr01TISlkOfz+NG82pbdg=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "c3d4ac725177c030b1e289015989da2ad9d56af0",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1721931987,
"narHash": "sha256-1Zg8LY0T5EfXtv0Kf4M6SFnjH7Eto4VV+EKJ/YSnhiI=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "e21630230c77140bc6478a21cd71e8bb73706fce",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.05-small",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_4": {
"locked": {
"lastModified": 1723991338,
"narHash": "sha256-Grh5PF0+gootJfOJFenTTxDTYPidA3V28dqJ/WV7iis=",
@ -637,8 +899,8 @@
"nixvim": {
"inputs": {
"devshell": "devshell",
"flake-compat": "flake-compat_2",
"flake-parts": "flake-parts",
"flake-compat": "flake-compat_3",
"flake-parts": "flake-parts_2",
"git-hooks": "git-hooks",
"home-manager": [
"home-manager"
@ -648,14 +910,14 @@
"nixpkgs"
],
"nuschtosSearch": "nuschtosSearch",
"treefmt-nix": "treefmt-nix"
"treefmt-nix": "treefmt-nix_2"
},
"locked": {
"lastModified": 1724188973,
"narHash": "sha256-JaP6B9kjXccjRp/7CY2QPSSMarjPJMB0vytfqBdJU7E=",
"lastModified": 1724222231,
"narHash": "sha256-IFlMn1lgVsZQZC9WklY9YKcCdI0mUxSYZ7EfkaKCsQU=",
"owner": "nix-community",
"repo": "nixvim",
"rev": "851edc8df1347aef556a646c80d469a3137331ba",
"rev": "b7f419a759f70126e220533b724cc17e8528b184",
"type": "github"
},
"original": {
@ -666,7 +928,7 @@
},
"nuschtosSearch": {
"inputs": {
"flake-utils": "flake-utils_2",
"flake-utils": "flake-utils_3",
"nixpkgs": [
"nixvim",
"nixpkgs"
@ -686,6 +948,22 @@
"type": "github"
}
},
"pre-commit-hooks": {
"flake": false,
"locked": {
"lastModified": 1721042469,
"narHash": "sha256-6FPUl7HVtvRHCCBQne7Ylp4p+dpP3P/OYuzjztZ4s70=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "f451c19376071a90d8c58ab1a953c6e9840527fd",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "git-hooks.nix",
"type": "github"
}
},
"root": {
"inputs": {
"attic": "attic",
@ -694,11 +972,14 @@
"fernglas": "fernglas",
"flake-utils": "flake-utils",
"home-manager": "home-manager",
"hydra": "hydra",
"iceshrimp": "iceshrimp",
"kyouma-www": "kyouma-www",
"lix": "lix",
"lix-module": "lix-module",
"nixos-hardware": "nixos-hardware",
"nixos-needsreboot": "nixos-needsreboot",
"nixpkgs": "nixpkgs_2",
"nixpkgs": "nixpkgs_4",
"nixvim": "nixvim",
"sops-nix": "sops-nix",
"stylix": "stylix"
@ -734,7 +1015,7 @@
"base16-kitty": "base16-kitty",
"base16-tmux": "base16-tmux",
"base16-vim": "base16-vim",
"flake-compat": "flake-compat_3",
"flake-compat": "flake-compat_4",
"gnome-shell": "gnome-shell",
"home-manager": [
"home-manager"
@ -744,11 +1025,11 @@
]
},
"locked": {
"lastModified": 1724091143,
"narHash": "sha256-55CrA0BNqmnS4qB812D7JY9hNBB0r36sJlErepkfeTo=",
"lastModified": 1724260414,
"narHash": "sha256-EP1yFDEm/f7+j+fE3TI7KZb5xJH6KNMtmlZciktC71c=",
"owner": "danth",
"repo": "stylix",
"rev": "94d70292d0c687ebacb65d00bd516cbefa18d3ca",
"rev": "c5f8f06543b70248a076f888177c7362a24d5dcc",
"type": "github"
},
"original": {
@ -787,7 +1068,44 @@
"type": "github"
}
},
"systems_3": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"treefmt-nix": {
"inputs": {
"nixpkgs": [
"hydra",
"nix-eval-jobs",
"nixpkgs"
]
},
"locked": {
"lastModified": 1723454642,
"narHash": "sha256-S0Gvsenh0II7EAaoc9158ZB4vYyuycvMGKGxIbERNAM=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "349de7bc435bdff37785c2466f054ed1766173be",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
},
"treefmt-nix_2": {
"inputs": {
"nixpkgs": [
"nixvim",

31
flake.nix
View file

@ -20,13 +20,16 @@
};
fernglas = {
url = "github:wobcom/fernglas";
#inputs.nixpkgs.follows = "nixpkgs";
inputs.flake-utils.follows = "flake-utils";
};
home-manager = {
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs";
};
hydra = {
url = "git+https://git.lix.systems/lix-project/hydra.git";
inputs.lix.follows = "lix";
};
iceshrimp = {
url = "git+https://iceshrimp.dev/iceshrimp/packaging";
inputs.nixpkgs.follows = "nixpkgs";
@ -36,6 +39,11 @@
inputs.nixpkgs.follows = "nixpkgs";
inputs.flake-utils.follows = "flake-utils";
};
lix.url = "https://git.lix.systems/lix-project/lix/archive/2.91.0.tar.gz";
lix-module = {
url = "https://git.lix.systems/lix-project/nixos-module/archive/2.91.0.tar.gz";
inputs.nixpkgs.follows = "nixpkgs";
};
nixos-needsreboot = {
url = "github:thefossguy/nixos-needsreboot";
inputs.nixpkgs.follows = "nixpkgs";
@ -64,10 +72,6 @@
"cache.kyouma.net:Frjwu4q1rnwE/MnSTmX9yx86GNA/z3p/oElGvucLiZg="
];
builders-use-substitutes = true;
builders = ''
ssh://build@seras.kyouma.net x86_64-linux - 40 40 nixos-test,benchmark,big-parallel,kvm
ssh://build@integra.kyouma.net aarch64-linux - 4 8 nixos-test,benchmark,big-parallel,kvm
'';
};
outputs = { self, nixpkgs, flake-utils, ... }@inputs: let
@ -109,7 +113,6 @@
};
images = {
lain = self.nixosConfigurations.lain-minimal.config.system.build.sdImage;
build-worker-oci = self.nixosConfigurations.build-worker-oci.config.system.build.tarball;
};
overlays = {
@ -133,14 +136,18 @@
};
in {
packages = shinyflakes.mapPackages (pkgs) {
# newhost = pkgs.stdenv.mkDerivation {
# name = "newhost";
# newHost = pkgs.writeShellApplication {
# name = "update-flyio";
# text = ''
# '';
# };
};
# apps = rec {
# newhost = self.packages.${system}.newhost;
# default = newhost;
# };
apps = {
update-build-worker = {
type = "app";
program = ./pkgs/build-worker-oci/update.sh;
};
};
devShells.default = pkgs.mkShell {
packages = [ pkgs.colmena pkgs.sops ];
};

77
fly.toml Normal file
View file

@ -0,0 +1,77 @@
app = 'build-worker-kyoumanet'
primary_region = 'ams'
[build]
image = 'registry.fly.io/build-worker-kyoumanet:latest'
[processes]
bw-01 = '/entrypoint.sh'
bw-02 = '/entrypoint.sh'
bw-03 = '/entrypoint.sh'
bw-04 = '/entrypoint.sh'
[[mounts]]
source = 'bw01'
destination = '/mnt/data'
initial_size = '128GB'
processes = ['bw-01']
[[mounts]]
source = 'bw02'
destination = '/mnt/data'
initial_size = '128GB'
processes = ['bw-02']
[[mounts]]
source = 'bw03'
destination = '/mnt/data'
initial_size = '128GB'
processes = ['bw-03']
[[mounts]]
source = 'bw04'
destination = '/mnt/data'
initial_size = '128GB'
processes = ['bw-04']
[[services]]
protocol = 'tcp'
internal_port = 2222
auto_stop_machines = 'off'
processes = ['bw-01']
[[services.ports]]
port = 2201
[[services]]
protocol = 'tcp'
internal_port = 2222
auto_stop_machines = 'off'
processes = ['bw-02']
[[services.ports]]
port = 2202
[[services]]
protocol = 'tcp'
internal_port = 2222
auto_stop_machines = 'off'
processes = ['bw-03']
[[services.ports]]
port = 2203
[[services]]
protocol = 'tcp'
internal_port = 2222
auto_stop_machines = 'off'
processes = ['bw-04']
[[services.ports]]
port = 2204
[[restart]]
policy = 'never'
[[vm]]
size = 'performance-16x'

5
modules/machine-type/default.nix
View file

@ -38,11 +38,6 @@ in {
default = false;
description = mdDoc "Mark machine as portable.";
};
container = mkOption {
type = types.bool;
default = false;
description = mdDoc "Mark machine as container image.";
};
};
config = {
assertions = [

91
pkgs/build-worker-oci/default.nix Normal file
View file

@ -0,0 +1,91 @@
# I hate this so much aaa
{
callPackage,
dockerTools,
openssh,
bash,
gnused,
util-linux,
}:
dockerTools.buildLayeredImage {
name = "build-worker-oci";
tag = "latest";
fromImage = callPackage ./source.nix {};
maxLayers = 110;
passthru.updateScript = ./update.sh;
enableFakechroot = true;
contents = [ openssh util-linux bash gnused ];
config.Cmd = [ "/entrypoint.sh" ];
fakeRootCommands = ''
mkdir -p /root
cat <<EOF > /root/nix.conf
build-users-group = nixbld
experimental-features = nix-command flakes
sandbox = true
substituters = https://cache.kyouma.net https://cache.nixos.org
trusted-public-keys = cache.kyouma.net:Frjwu4q1rnwE/MnSTmX9yx86GNA/z3p/oElGvucLiZg= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=
max-substitution-jobs = 20
max-silent-time = 14400
min-free = 17179869184
max-free = 34359738368
system-features = benchmark big-parallel kvm nixos-test uid-range gccarch-x86-64 gccarch-x86-64-v2 gccarch-x86-64-v3
EOF
mkdir -p /root/.ssh
cat <<EOF > /root/.ssh/authorized_keys
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA/+iN407+HsfHbbC3tfdA8Yf4TZ08qXQMb4tb/SDAs+ emily@card
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE/vCXM3IaxJP9v2Y+xcQrQD2IcffgdzqtWhpMjj9Xl5 hydra@seras
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICT0dGyLUjxFnvqUmex+5xUGQ7D4yGHKo267JgApcq0k root@ryuuko
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIDTwCSWYODyvTJxwB6Rahuy0j6s/YYwtQta8bjzG/We root@ryuuko-arch
EOF
cat <<EOF > /root/.ssh/environment
PATH=/root/.nix-profile/bin:/nix/var/nix/profiles/default/bin:/nix/var/nix/profiles/default/sbin
EOF
cat <<EOF > /root/sshd_config
AcceptEnv GIT_PROTOCOL
AuthenticationMethods publickey
AuthorizedPrincipalsFile none
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com
GatewayPorts no
HostKeyAlgorithms ssh-ed25519-cert-v01@openssh.com,ssh-ed25519,sk-ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com
KbdInteractiveAuthentication no
KexAlgorithms sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org
LogLevel INFO
Macs umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com
PasswordAuthentication no
PermitRootLogin prohibit-password
PermitUserEnvironment yes
PrintMotd no
PubkeyAcceptedAlgorithms ssh-ed25519-cert-v01@openssh.com,ssh-ed25519,sk-ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com
StreamLocalBindUnlink yes
StrictModes yes
UseDns no
UsePAM no
X11Forwarding no
Banner none
AddressFamily any
Port 2222
Subsystem sftp ${openssh}/libexec/sftp-server
AuthorizedKeysFile %h/.ssh/authorized_keys /etc/ssh/authorized_keys.d/%u
HostKey /mnt/data/ssh/ssh_host_ed25519_key
EOF
mkdir -p /etc/keys
mkdir -p /var/empty
mkdir -p /var/log
cp ${./entrypoint.sh} /entrypoint.sh
chmod +x /entrypoint.sh
'';
}

29
pkgs/build-worker-oci/entrypoint.sh Normal file
View file

@ -0,0 +1,29 @@
#!/usr/bin/env bash
cat /etc/passwd > /root/passwd
rm -f /etc/passwd
cp /root/passwd /etc/passwd
echo "sshd:x:498:65534::/var/empty:/run/current-system/sw/bin/nologin" >> /etc/passwd
cat /etc/shadow > /root/shadow
rm -f /etc/shadow
cp /root/shadow /etc/shadow
/bin/sed -i "s/root:!/root:*/g" /etc/shadow
[[ ! -d "/mnt/data/ssh" ]] && mkdir -p /mnt/data/ssh
if [[ "$(ls /mnt/data/ssh/*_key)" = "" ]]; then
ssh-keygen -t "ed25519" -f "/mnt/data/ssh/ssh_host_ed25519_key" -N ""
fi
[[ ! -d "/mnt/data/nix-store" ]] && mkdir -p /mnt/data/nix-store
[[ ! -d "/mnt/data/workdir" ]] && mkdir -p /mnt/data/workdir
[[ ! -d "/mnt/data/tmp" ]] && mkdir -p /mnt/data/tmp
rm -rf /mnt/data/nix-store/*
rm -f /etc/nix/nix.conf
cp /root/nix.conf /etc/nix/nix.conf
/bin/mount -t overlay overlay -o lowerdir=/nix,upperdir=/mnt/data/nix-store,workdir=/mnt/data/workdir /nix
/bin/mount --bind /mnt/data/tmp /tmp
/root/.nix-profile/bin/sshd -D -f /root/sshd_config

11
pkgs/build-worker-oci/source.nix Normal file
View file

@ -0,0 +1,11 @@
{
dockerTools,
}:
dockerTools.pullImage {
imageName = "nixos/nix";
imageDigest = "sha256:552b0a2f097ac72a148c28a4ed40760bbc4054760881fdd7709f5f7c5c88e48f";
sha256 = "0ballvgln13rc1n14grqbzgmi5vn2hn2x7c9bb781g79cq1k2n4p";
finalImageName = "nixos/nix";
finalImageTag = "latest";
}

23
pkgs/build-worker-oci/update.sh Executable file
View file

@ -0,0 +1,23 @@
#!/usr/bin/env nix-shell
#! nix-shell -i bash -p skopeo nix-prefetch-docker
set -euo pipefail
while [[ $# -gt 0 ]]; do
case $1 in
*)
echo "Unknown option $1"
exit 1
;;
esac
done
IMAGE=$(nix-prefetch-docker --image-name nixos/nix --image-tag latest --arch amd64 --os linux)
cat > ./pkgs/build-worker-oci/source.nix << EOF
{
dockerTools,
}:
dockerTools.pullImage ${IMAGE}
EOF

1
pkgs/overlay.nix
View file

@ -2,4 +2,5 @@ final: prev: {
nyastodon = final.callPackage ./nyastodon/default.nix {};
upgrade-system = final.callPackage ./upgrade-system/default.nix {};
update-nixfiles = final.callPackage ./update-nixfiles/default.nix {};
build-worker-oci = final.callPackage ./build-worker-oci/default.nix {};
}