pederbs/config
pederbs
/
config
1
1
Fork 0
Code Issues Pull Requests Releases Activity

laksdaladsdsalkjdsalkjdsalkj

This commit is contained in:
Peder Bergebakken Sundt 2023-03-03 21:42:29 +01:00
parent feb9d41ce1
commit 824e57739e
8 changed files with 61 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.envrc
View File

@ -1,3 +1,5 @@
#!/usr/bin/env bash
git config --local core.hooksPath "$PWD"/.githooks
if ! command -v nixos-rebuild >/dev/null; then
use nix
fi

35
README.md
View File

@ -15,6 +15,8 @@
* [x] Make a flake
* [x] merge hosted docs into a single subdomain
* [ ] pre-commit hook with 'nix eval ...outPath'
* [ ] use `nom` when deploying
* [ ] figure out how to reuse system flake lock while deplying, leave the night job to upgrade
* [ ] Setup some remote-development and deploy flow
* [ ] users/pbsds: Support multiple profiles, like headless, nixpkgs-dev, various desktops, hpc, pvv, etc
* [ ] nixos-generate-config instructions for new hosts
@ -38,8 +40,35 @@
# Cheatsheet
### How to deploy
Via git, build on remote:
ssh -t HOST sudo nixos-rebuild test --flake git+ssh://git@github.com/pbsds/nix-dotfiles.git --recreate-lock-file --no-write-lock-file
From local checkout to remote where you're not a trusted user, build on remote:
tar cf - --directory="$(nix eval --raw .#inputs.self.outPath)" . | ssh bolle.pbsds.net -- bash -xc '"cd $(mktemp -d); pwd; tar xf - && nixos-rebuild test . \"\$@\""' -- --recreate-lock-file --no-write-lock-file
.. wait doesn't that litter `/tmp` or `/run/user/.../tmp`?
¯\_(ツ)_/¯
From local checkout to remote if local nix daemon has ssh keys, then build on remote:
nix copy --from "$(nix eval .#inputs.self.outPath)" --to TODO
Build locally, copy to remote
TODO
* https://nixos.wiki/wiki/Nixos-rebuild
* https://www.haskellforall.com/2023/01/announcing-nixos-rebuild-new-deployment.html
### How to evaluate nixos flake/configuration.nix, checking if the drv hash is equal
nix eval .#nixosConfigurations.noximilien.config.system.build.toplevel.outPath
# or
nix-instantiate '<nixpkgs/nixos>' -A system -I nixos-config=./configuration.nix
nix eval .#nixosConfigurations.noximilien.config.system.build.toplevel.outPath
# old way:
nix-instantiate '<nixpkgs/nixos>' -A system -I nixos-config=./configuration.nix

2
base.nix
View File

@ -28,6 +28,8 @@
# { assertion = builtins.pathExists "/etc/nixos/flake.nix"; message = "You have yet to test systems without a flake in /etc/nixos"; }
#];
/**/
# TODO: make /etc/nixos a symlink to the in-store flake? - bad idea, horrible error recovery
# TODO: make /etc/nixos a checkout of repo?
system.autoUpgrade.flake = inputs.self.outPath; # a nix store path
#system.autoUpgrade.flake = "github:pbsds/nix-config"; # TODO: use this instead?
system.autoUpgrade.flags = [

1
flake.nix
View File

@ -67,6 +67,7 @@
})];
};
in {
inherit inputs;
nixosConfigurations.noximilien = mkConfig "noximilien" "x86_64-linux" (with nixos-hardware.nixosModules; [ common-pc common-pc-ssd common-cpu-intel ]);
nixosConfigurations.bolle = mkConfig "bolle" "x86_64-linux" (with nixos-hardware.nixosModules; [ common-pc common-pc-ssd common-cpu-intel ]);
homeConfigurations = forAllSystems (system: {

6
hardware/opengl-intel.nix
View File

@ -6,10 +6,10 @@
# https://github.com/NixOS/nixpkgs/blob/nixos-22.11/pkgs/development/libraries/jellyfin-ffmpeg/default.nix
nixpkgs.config.openglSupport = true; # why is this not set by hardware.opengl.enable ?
nixpkgs.config.vaapiSupport = true;
nixpkgs.config.libmfxSupport = true; # intel
nixpkgs.config.vaapiSupport = true;
nixpkgs.config.libaomSupport = true;
nixpkgs.config.vdpauSupport = true; # intel
nixpkgs.config.vdpauSupport = true; # intel
nixpkgs.config.libmfxSupport = true; # intel
hardware.opengl.enable = true;
#hardware.opengl.extraPackages = [ pkgs.mesa.drivers ];

2
hosts/noximilien/default.nix
View File

@ -14,6 +14,8 @@
../../hardware/opengl-intel.nix
../../profiles/tmate-server # opens port 442244
../../profiles/web
../../profiles/web/index
../../profiles/web/services/cinny

24
profiles/remote-builders/default.nix
View File

@ -6,10 +6,22 @@ let
# - "benchmark" - has "equal" performance
# - "big-parallel" - is beefy, for stuff like llvm
# TODO: get a binfmt-misc host for cross stuff
# add noximilien, filter (hostName != fqdn)
remotes = [
/** /
{
systems = [ "x86_64-linux" ];
hostName = "bolle.pbsds.net";
sshUser = "pbsds";
maxJobs = 16;
#maxJobs = 1; # at least for big-parallel
speedFactor = 2;
supportedFeatures = [ "kvm" "big-parallel" "nixos-test" ];
#mandatoryFeatures = [ ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBHdkKmRB0WjD3L+k8GNTVJDLpOUqLBMW17ld/Jzapo6";
proxy.user="pederbs";
proxy.host="isvegg.pvv.ntnu.no";
proxy.publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGurF7rdnrDP/VgIK2Tx38of+bX/QGCGL+alrWnZ1Ca5llGneMulUt1RB9xZzNLHiaWIE+HOP0i4spEaeZhilfU=";
}
/**/
{
systems = ["x86_64-linux"];
@ -18,9 +30,8 @@ let
maxJobs = 8;
#maxJobs = 4;
#maxJobs = 1; # at least for big-parallel
speedFactor = 2;
speedFactor = 3;
supportedFeatures = [ "kvm" "big-parallel" ];
#supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
#mandatoryFeatures = [ ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGDuWdqEQ5mmVjuKi6f/Q2PFxuqB3URpgTHid06Vw7we";
proxy.user="pederbs";
@ -32,7 +43,7 @@ let
systems = ["x86_64-linux"];
hostName = "isvegg.pvv.ntnu.no";
sshUser = "pederbs";
maxJobs = 1;
maxJobs = 2;
speedFactor = 0;
publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGurF7rdnrDP/VgIK2Tx38of+bX/QGCGL+alrWnZ1Ca5llGneMulUt1RB9xZzNLHiaWIE+HOP0i4spEaeZhilfU=";
}
@ -65,6 +76,7 @@ let
in {
nix.buildMachines = [ buildMachine ];
programs.ssh.knownHosts.${buildMachine.hostName}.publicKey = publicKey;
# the timeout is great to have when a remote is unresponsive, as nix currently does not give a shit
programs.ssh.extraConfig = ''
Host ${buildMachine.hostName}
ConnectTimeout 3

1
shell.nix
View File

@ -3,5 +3,6 @@ pkgs.mkShell {
packages = with pkgs; [
#buildInputs = with pkgs; [
nixos-rebuild
home-manager
];
}