bluemap on bekkalokk 💀

base: enable rebuilding nixos-config without updating the channels used
Bekkalokk/Nettsiden: deploy #78
2024-09-01 22:07:51 +02:00 · 2024-09-01 21:46:33 +02:00 · 2024-09-01 20:13:56 +02:00 · 2024-09-01 03:29:46 +02:00 · 2024-09-01 03:21:13 +02:00 · 2024-09-01 03:17:15 +02:00
8 changed files with 86 additions and 19 deletions
--- a/README.MD
+++ b/README.MD
@ -26,10 +26,14 @@ Det er sikkert lurt å lage en PR først om du ikke er vandt til nix enda.
 Innen 24h skal alle systemene hente ned den nye konfigurasjonen og deploye den.
 Du kan tvinge en maskin til å oppdatere seg før dette ved å kjøre:
-`nixos-rebuild switch --update-input nixpkgs --update-input nixpkgs-unstable --no-write-lock-file --refresh --flake git+https://git.pvv.ntnu.no/Drift/pvv-nixos-config.git --upgrade`
+`nixos-rebuild switch --update-input nixpkgs --update-input nixpkgs-unstable --no-write-lock-file --refresh --upgrade --flake git+https://git.pvv.ntnu.no/Drift/pvv-nixos-config.git`
 som root på maskinen.
 Hvis du ikke har lyst til å oppdatere alle pakkene (og kanskje måtte vente en stund!) kan du kjøre
 `nixos-rebuild switch --override-input nixpkgs nixpkgs --override-input nixpkgs-unstable nixpkgs-unstable --flake git+https://git.pvv.ntnu.no/Drift/pvv-nixos-config.git`
 ## Seksjonen for hemmeligheter
 For at hemmeligheter ikke skal deles med hele verden i git - eller å være world
--- a/base/default.nix
+++ b/base/default.nix
@ -1,4 +1,4 @@
-{ pkgs, ... }:
+{ pkgs, lib, ... }:
 {
  imports = [
@ -10,12 +10,17 @@
    ./services/acme.nix
    ./services/auto-upgrade.nix
    ./services/irqbalance.nix
    ./services/logrotate.nix
    ./services/nginx.nix
    ./services/openssh.nix
    ./services/postfix.nix
    ./services/smartd.nix
    ./services/thermald.nix
  ];
  boot.tmp.cleanOnBoot = lib.mkDefault true;
  time.timeZone = "Europe/Oslo";
  i18n.defaultLocale = "en_US.UTF-8";
@ -42,6 +47,11 @@
  programs.zsh.enable = true;
  security.sudo.execWheelOnly = true;
  security.sudo.extraConfig = ''
    Defaults lecture = never
  '';
  users.groups."drift".name = "drift";
  # Trusted users on the nix builder machines
--- a/base/nix.nix
+++ b/base/nix.nix
@ -1,17 +1,34 @@
 { inputs, ... }:
 {
-  nix.gc.automatic = true;
+  nix = {
-  nix.gc.options = "--delete-older-than 2d";
+    gc = {
-  nix.settings.experimental-features = [ "nix-command" "flakes" ];
+      automatic = true;
      options = "--delete-older-than 2d";
    };
-  /* This makes commandline tools like
+    settings = {
-  ** nix run nixpkgs#hello
+      allow-dirty = true;
-  ** and nix-shell -p hello
+      auto-optimise-store = true;
-  ** use the same channel the system
+      builders-use-substitutes = true;
-  ** was built with
+      experimental-features = [ "nix-command" "flakes" ];
-  */
+      log-lines = 50;
-  nix.registry = {
+      use-xdg-base-directories = true;
-    nixpkgs.flake = inputs.nixpkgs;
+    };
    /* This makes commandline tools like
    ** nix run nixpkgs#hello
    ** and nix-shell -p hello
    ** use the same channel the system
    ** was built with
    */
    registry = {
      "nixpkgs".flake = inputs.nixpkgs;
      "nixpkgs-unstable".flake = inputs.nixpkgs-unstable;
      "pvv-nix".flake = inputs.self;
    };
    nixPath = [
      "nixpkgs=${inputs.nixpkgs}"
      "unstable=${inputs.unstable}"
    ];
  };
-  nix.nixPath = [ "nixpkgs=${inputs.nixpkgs}" ];
+}
 }
--- a/base/services/irqbalance.nix
+++ b/base/services/irqbalance.nix
@ -0,0 +1,4 @@
 { ... }:
 {
  services.irqbalance.enable = true;
 }
--- a/base/services/openssh.nix
+++ b/base/services/openssh.nix
@ -2,6 +2,7 @@
 {
  services.openssh = {
    enable = true;
    startWhenNeeded = true;
    extraConfig = ''
      PubkeyAcceptedAlgorithms=+ssh-rsa
      Match Group wheel
--- a/base/services/postfix.nix
+++ b/base/services/postfix.nix
@ -0,0 +1,23 @@
 { config, pkgs, lib, ... }:
 let
  cfg = config.services.postfix;
 in
 {
  services.postfix = {
    enable = true;
    hostname = "${config.networking.hostName}.pvv.ntnu.no";
    domain = "pvv.ntnu.no";
    relayHost = "smtp.pvv.ntnu.no";
    relayPort = 465;
    config = {
      smtp_tls_wrappermode = "yes";
      smtp_tls_security_level = "encrypt";
    };
    # Nothing should be delivered to this machine
    destination = [ ];
  };
 }
--- a/base/services/smartd.nix
+++ b/base/services/smartd.nix
@ -0,0 +1,8 @@
 { config, pkgs, lib, ... }:
 {
  services.smartd.enable = lib.mkDefault true;
  environment.systemPackages = lib.optionals config.services.smartd.enable (with pkgs; [
    smartmontools
  ]);
 }
--- a/flake.lock
+++ b/flake.lock
@ -214,11 +214,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1722722932,
+        "lastModified": 1725212759,
-        "narHash": "sha256-K81a2GQpY2kRX+C9ek9r91THlZB674CqRTSMMb5IO7E=",
+        "narHash": "sha256-yZBsefIarFUEhFRj+rCGMp9Zvag3MCafqV/JfGVRVwc=",
        "ref": "refs/heads/master",
-        "rev": "6580cfe546c902cdf11e17b0b8aa30b3c412bb34",
+        "rev": "e7b66b4bc6a89bab74bac45b87e9434f5165355f",
-        "revCount": 465,
+        "revCount": 473,
        "type": "git",
        "url": "https://git.pvv.ntnu.no/Projects/nettsiden.git"
      },
Author	SHA1	Message	Date
Daniel Olsen	083d64876d	bluemap on bekkalokk 💀	2024-09-01 22:07:51 +02:00
Daniel Olsen	8b973df884	base: enable rebuilding nixos-config without updating the channels used	2024-09-01 21:46:33 +02:00
Felix Albrigtsen	161265d346	Bekkalokk/Nettsiden: deploy #78	2024-09-01 20:13:56 +02:00
h7x4	f85d18769f	common: clean `/tmp` on boot by default	2024-09-01 03:29:46 +02:00
h7x4	b47a626427	common/openssh: socket activate	2024-09-01 03:21:13 +02:00
h7x4	4d65b9fd1d	common/sudo: misc config	2024-09-01 03:17:15 +02:00
h7x4	f3e094520e	common/postfix: init	2024-09-01 03:13:18 +02:00
h7x4	69f98933a4	common/smartd: add `smartctl` to environment packages	2024-09-01 01:55:38 +02:00
h7x4	bf2959c68d	common/nix: flesh out	2024-09-01 01:44:59 +02:00
h7x4	17f0268d12	common/irqbalance: init	2024-09-01 01:39:35 +02:00
h7x4	ebce0eb67a	common/smartd: init	2024-09-01 01:23:15 +02:00