feat(patches): Use stable version of zfs

chore(npins): Update
feat: Update compute01, storage01 to 23.11
2023-11-29 19:56:51 +01:00 · 2023-11-29 16:12:31 +01:00 · 2023-11-29 16:12:24 +01:00 · 2023-11-29 16:11:35 +01:00
17 changed files with 107 additions and 122 deletions
--- a/machines/compute01/_configuration.nix
+++ b/machines/compute01/_configuration.nix
@ -28,6 +28,8 @@ lib.extra.mkConfig {
      "sshd-bruteforce"
      "sshd-timeout"
    ];
    dgn-hardware.useZfs = true;
  };
  root = ./.;
--- a/machines/compute01/_hardware-configuration.nix
+++ b/machines/compute01/_hardware-configuration.nix
@ -1,42 +1,21 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
+{ modulesPath, ... }:
 {
-  imports =
+  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
    [
      (modulesPath + "/installer/scan/not-detected.nix")
    ];
-  boot.initrd.availableKernelModules = [ "ahci" "ehci_pci" "megaraid_sas" "usb_storage" "usbhid" "sd_mod" "sr_mod" ];
+  fileSystems."/" = {
-  boot.initrd.kernelModules = [ ];
+    device = "/dev/disk/by-uuid/c83f6978-fd26-44a8-a86a-b0e971bb0c8c";
-  boot.kernelModules = [ "kvm-intel" ];
+    fsType = "ext4";
-  boot.supportedFilesystems = [ "zfs" ];
+  };
  boot.zfs.forceImportRoot = false;
  boot.zfs.extraPools = [ "fast01" "work01" ];
  boot.extraModulePackages = [ ];
-  fileSystems."/" =
+  fileSystems."/boot" = {
-    {
+    device = "/dev/disk/by-uuid/55DB-056F";
-      device = "/dev/disk/by-uuid/c83f6978-fd26-44a8-a86a-b0e971bb0c8c";
+    fsType = "vfat";
-      fsType = "ext4";
+  };
    };
  fileSystems."/boot" =
    {
      device = "/dev/disk/by-uuid/55DB-056F";
      fsType = "vfat";
    };
  swapDevices =
    [{ device = "/dev/disk/by-uuid/30547280-00e9-4ee1-8a07-d116590d9fbf"; }];
  # networking.interfaces.eno2.useDHCP = lib.mkDefault true;
  # networking.interfaces.eno3.useDHCP = lib.mkDefault true;
  # networking.interfaces.eno4.useDHCP = lib.mkDefault true;
  # networking.interfaces.idrac.useDHCP = lib.mkDefault true;
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 }
--- a/machines/compute01/ds-fr/module.nix
+++ b/machines/compute01/ds-fr/module.nix
@ -364,7 +364,7 @@ in {
        ensureUsers = optional (cfg.user == "ds-fr") {
          name = "ds-fr";
-          ensurePermissions = { "DATABASE \"ds-fr\"" = "ALL PRIVILEGES"; };
+          ensureDBOwnership = true;
        };
        extraPlugins = with config.services.postgresql.package.pkgs;
--- a/machines/compute01/hedgedoc.nix
+++ b/machines/compute01/hedgedoc.nix
@ -41,7 +41,7 @@ in {
      ensureUsers = [{
        name = "hedgedoc";
-        ensurePermissions = { "DATABASE hedgedoc" = "ALL PRIVILEGES"; };
+        ensureDBOwnership = true;
      }];
    };
  };
--- a/machines/compute01/mastodon.nix
+++ b/machines/compute01/mastodon.nix
@ -12,6 +12,8 @@ in {
    };
    streamingProcesses = 4;
    configureNginx = true;
    extraConfig = {
--- a/machines/compute01/nextcloud.nix
+++ b/machines/compute01/nextcloud.nix
@ -68,8 +68,6 @@ in {
    autoUpdateApps.enable = true;
    enableBrokenCiphersForSSE = false;
    extraOptions = {
      overwritehost = host;
      "overwrite.cli.url" = "https://${host}";
--- a/machines/compute01/vaultwarden.nix
+++ b/machines/compute01/vaultwarden.nix
@ -64,7 +64,7 @@ in {
      ensureUsers = [{
        name = "vaultwarden";
-        ensurePermissions = { "DATABASE vaultwarden" = "ALL PRIVILEGES"; };
+        ensureDBOwnership = true;
      }];
    };
  };
--- a/machines/storage01/_configuration.nix
+++ b/machines/storage01/_configuration.nix
@ -14,5 +14,9 @@ lib.extra.mkConfig {
    "peertube"
  ];
  extraConfig = {
    dgn-hardware.useZfs = true;
  };
  root = ./.;
 }
--- a/machines/storage01/_hardware-configuration.nix
+++ b/machines/storage01/_hardware-configuration.nix
@ -1,58 +1,21 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
-{ config, lib, modulesPath, ... }:
+{ modulesPath, ... }:
 {
-  imports =
+  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
    [
      (modulesPath + "/installer/scan/not-detected.nix")
    ];
-  boot.initrd.availableKernelModules = [ "ahci" "ehci_pci" "megaraid_sas" "usb_storage" "usbhid" "sd_mod" "sr_mod" ];
+  fileSystems."/" = {
-  boot.initrd.kernelModules = [ ];
+    device = "/dev/disk/by-uuid/278cb2a2-47b9-4ec5-8b68-a5a6d037d59e";
-  boot.kernelModules = [ "kvm-intel" ];
+    fsType = "ext4";
-  boot.supportedFilesystems = [ "zfs" ];
+  };
  boot.zfs.forceImportRoot = false;
  boot.zfs.extraPools = [ "fast01" "work01" ];
  boot.extraModulePackages = [ ];
-  fileSystems."/" =
+  fileSystems."/boot" = {
-    {
+    device = "/dev/disk/by-uuid/8BD2-C908";
-      device = "/dev/disk/by-uuid/278cb2a2-47b9-4ec5-8b68-a5a6d037d59e";
+    fsType = "vfat";
-      fsType = "ext4";
+  };
    };
  fileSystems."/boot" =
    {
      device = "/dev/disk/by-uuid/8BD2-C908";
      fsType = "vfat";
    };
  swapDevices =
    [{ device = "/dev/disk/by-uuid/65a6f6e4-e996-4718-a4d0-cd0c78dcb15b"; }];
  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
  # (the default) this is the recommended approach. When using systemd-networkd it's
  # still possible to use this option, but it's recommended to use it in conjunction
  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
  # networking.interfaces.eno1 = {
  #   useDHCP = true;
  #   ipv4 = {
  #     addresses = [
  #       { address = "129.199.146.148"; prefixLength = 24; }
  #       { address = "192.168.1.148"; prefixLength = 24; }
  #     ];
  #
  #     routes = [
  #       { address = "192.168.1.0"; prefixLength = 24; }
  #     ];
  #   };
  # };
  # networking.interfaces.eno2.useDHCP = lib.mkDefault true;
  # networking.interfaces.eno3.useDHCP = lib.mkDefault true;
  # networking.interfaces.eno4.useDHCP = lib.mkDefault true;
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 }
--- a/machines/storage01/atticd.nix
+++ b/machines/storage01/atticd.nix
@ -61,7 +61,7 @@ in {
      ensureUsers = [{
        name = "atticd";
-        ensurePermissions = { "DATABASE \"atticd\"" = "ALL PRIVILEGES"; };
+        ensureDBOwnership = true;
      }];
    };
  };
--- a/machines/storage01/forgejo.nix
+++ b/machines/storage01/forgejo.nix
@ -16,6 +16,7 @@ in {
      user = "git";
      name = "gitea";
      passwordFile = config.age.secrets."forgejo-database_password_file".path;
      createDatabase = false;
    };
    settings = {
--- a/machines/storage01/garage.nix
+++ b/machines/storage01/garage.nix
@ -1,4 +1,4 @@
-{ config, ... }:
+{ config, pkgs, ... }:
 let
  host = "s3.dgnum.eu";
@ -13,9 +13,13 @@ in {
  services.garage = {
    enable = true;
    package = pkgs.garage_0_8;
    settings = {
      inherit data_dir metadata_dir;
      db_engine = "sled";
      replication_mode = "none";
      compression_level = 7;
--- a/machines/web01/_hardware-configuration.nix
+++ b/machines/web01/_hardware-configuration.nix
@ -1,21 +1,12 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
+{ modulesPath, ... }:
 {
  imports = [
-      (modulesPath + "/profiles/qemu-guest.nix")
+    (modulesPath + "/profiles/qemu-guest.nix")
-      (let sources = import ../../npins; in sources.disko + "/module.nix")
+    (let sources = import ../../npins; in sources.disko + "/module.nix")
-      ./disko.nix
+    ./disko.nix
-    ];
+  ];
  boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "ehci_pci" "virtio_pci" "ahci" "virtio_blk" ];
  boot.initrd.kernelModules = [ ];
  boot.kernelModules = [ "kvm-intel" ];
  boot.extraModulePackages = [ ];
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 }
--- a/meta/nodes.nix
+++ b/meta/nodes.nix
@ -17,7 +17,7 @@ let
    deployment = { };
-    nixpkgs = "23.05";
+    nixpkgs = "23.11";
  } // attrs;
 in
@ -27,6 +27,7 @@ builtins.mapAttrs mkNode {
      tags = [ "web" ];
    };
    nixpkgs = "23.05";
    stateVersion = "23.05";
  };
--- a/modules/dgn-hardware.nix
+++ b/modules/dgn-hardware.nix
@ -1,23 +1,36 @@
-{ config, lib, ... }:
+{ config, lib, pkgs, ... }:
 let
-  inherit (lib)
+  inherit (lib) mkEnableOption mkIf mkMerge;
    mkEnableOption
    mkIf
    mkMerge;
  cfg = config.dgn-hardware;
 in
-{
+in {
  options.dgn-hardware = {
-    enable = mkEnableOption "default hardware configuration." // { default = true; };
+    enable = mkEnableOption "default hardware configuration." // {
      default = true;
    };
-    useSystemd = mkEnableOption "sytemd boot and configuration." // { default = true; };
+    useSystemd = mkEnableOption "sytemd boot and configuration." // {
      default = true;
    };
    useZfs = mkEnableOption "zfs configuration.";
  };
  config = mkIf cfg.enable (mkMerge [
-    { hardware.enableRedistributableFirmware = true; }
+    {
      hardware.enableRedistributableFirmware = true;
      hardware.cpu.intel.updateMicrocode = true;
      nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
      boot = {
        initrd.availableKernelModules =
          [ "ata_piix" "uhci_hcd" "ehci_pci" "virtio_pci" "ahci" "virtio_blk" ];
        kernelModules = [ "kvm-intel" ];
      };
    }
    (mkIf cfg.useSystemd {
      boot.loader = {
@ -25,5 +38,27 @@ in
        efi.canTouchEfiVariables = true;
      };
    })
    (mkIf cfg.useZfs {
      boot = {
        initrd.availableKernelModules = [
          "ahci"
          "ehci_pci"
          "megaraid_sas"
          "usb_storage"
          "usbhid"
          "sd_mod"
          "sr_mod"
        ];
        kernelModules = [ "kvm-intel" ];
        supportedFilesystems = [ "zfs" ];
        zfs = {
          forceImportRoot = false;
          extraPools = [ "fast01" "work01" ];
          package = pkgs.zfs_2_1;
        };
      };
    })
  ]);
 }
--- a/npins/sources.json
+++ b/npins/sources.json
@ -22,9 +22,9 @@
        "repo": "attic"
      },
      "branch": "main",
-      "revision": "b43d12082e34bceb26038bdad0438fd68804cfcd",
+      "revision": "e9918bc6be268da6fa97af6ced15193d8a0421c0",
-      "url": "https://github.com/zhaofengli/attic/archive/b43d12082e34bceb26038bdad0438fd68804cfcd.tar.gz",
+      "url": "https://github.com/zhaofengli/attic/archive/e9918bc6be268da6fa97af6ced15193d8a0421c0.tar.gz",
-      "hash": "0dfc4i32hl4qkcpm23kzrarswznaapbgbdx41ci2l6hn92z0vd4d"
+      "hash": "13h7gqai2lbsp0qqp1spv76fjjsha2lygpvzxk7vzl09h9hnhy5a"
    },
    "disko": {
      "type": "GitRelease",
@ -61,9 +61,9 @@
        "repo": "Linkal"
      },
      "branch": "main",
-      "revision": "c4c6f0f858870f3713af351b1783faf628de4f44",
+      "revision": "d1455d4fbea752bdf3717f97d92b662e678e31b3",
-      "url": "https://github.com/JulienMalka/Linkal/archive/c4c6f0f858870f3713af351b1783faf628de4f44.tar.gz",
+      "url": "https://github.com/JulienMalka/Linkal/archive/d1455d4fbea752bdf3717f97d92b662e678e31b3.tar.gz",
-      "hash": "1qgn1k3bgx8w50az302bv6id62ly0x78276ak56qb91q9vmpmml7"
+      "hash": "0xi2zz7chc8jhrbfsyn491hg7mlhggk2qhyiyq22rh9mnmwjgpy0"
    },
    "metis": {
      "type": "Git",
@ -105,8 +105,8 @@
    "nixos-23.05": {
      "type": "Channel",
      "name": "nixos-23.05",
-      "url": "https://releases.nixos.org/nixos/23.05/nixos-23.05.4420.679cadfdfed2/nixexprs.tar.xz",
+      "url": "https://releases.nixos.org/nixos/23.05/nixos-23.05.4981.5b528f99f73c/nixexprs.tar.xz",
-      "hash": "0ln8vcrszdbkpzf7vcws0h6y4r9n5y05y9qfs6x0z8sl16dsncpp"
+      "hash": "1psdfcl5rjid66dhc8c0dfdrgqk5x76drwcads149pa45vbnri8k"
    },
    "nixos-23.11": {
      "type": "Channel",
@ -117,14 +117,14 @@
    "nixos-unstable": {
      "type": "Channel",
      "name": "nixos-unstable",
-      "url": "https://releases.nixos.org/nixos/unstable/nixos-23.11pre537656.7c9cc5a6e5d3/nixexprs.tar.xz",
+      "url": "https://releases.nixos.org/nixos/unstable/nixos-24.05pre553283.8cfef6986adf/nixexprs.tar.xz",
-      "hash": "1lmwllj7gwxk9172i2in5pjnzj90vjh9b79pisn3b90g24d3lspw"
+      "hash": "0wj0nxz9ymz6jglvszvlnwgdahiyvkp7yggr12j9cpxbai72h4dn"
    },
    "nixpkgs": {
      "type": "Channel",
      "name": "nixpkgs-unstable",
-      "url": "https://releases.nixos.org/nixpkgs/nixpkgs-23.11pre538368.51d906d2341c/nixexprs.tar.xz",
+      "url": "https://releases.nixos.org/nixpkgs/nixpkgs-24.05pre553710.010c7296f3b1/nixexprs.tar.xz",
-      "hash": "19z6w8a70xallbg37c07i35z7n2isx4w7bq3q3gbabfw3s1rxymm"
+      "hash": "1h6q7vpy8rwcxfc7l34kvix1rhirgxysn7n0r7ivmwhd9s9rbbw7"
    }
  },
  "version": 3
--- a/patches/default.nix
+++ b/patches/default.nix
@ -1,4 +1,9 @@
 {
  "nixos-23.11" = [
    # [Backport release-23.11] zfs_2_1: init at 2.1.13
    { id = 270117; hash = "sha256-ot80XDtxDvPM0kW2gEeAs/z22jjkGOHog4Ue/JQEnZ8="; }
  ];
  "nixos-23.05" = [
    # plausible: fix admin user password seed and SMTP passwords
    {
Author	SHA1	Message	Date
Tom Hubrecht	3e34fbebe1	feat(patches): Use stable version of zfs	2023-11-29 19:56:51 +01:00
Tom Hubrecht	f1eafd33b2	chore(npins): Update	2023-11-29 16:12:31 +01:00
Tom Hubrecht	0dc3dfd82d	feat: Update compute01, storage01 to 23.11	2023-11-29 16:12:24 +01:00
Tom Hubrecht	18b6b0f605	feat(modules/dgn-harware): Refactor hardware config	2023-11-29 16:11:35 +01:00