cst1/infrastructure
1
0
Fork 0
forked from DGNum/infrastructure
Code Pull requests Activity

Compare commits

base: cst1:main
Branches Tags
cst1:main
cst1:add_cst1_ssh
cst1:init-dgnum-page
cst1:takumi-can-do-ollama
cst1:declarative-buckets
cst1:move-ollama
cst1:prepare-for-terranix
cst1:ollama-api
cst1:npins-update
cst1:internal-lib
cst1:ds-update
cst1:ds-fr
cst1:colmena-liminix
cst1:tvix-store
cst1:nixpkgs
cst1:liminix-v1
DGNum:npins-update
DGNum:main
DGNum:web01
DGNum:declarative-buckets
DGNum:victoria-metrics
DGNum:mattermost
DGNum:init-dgnum-page
DGNum:takumi-can-do-ollama
DGNum:ds-fr
DGNum:colmena-liminix
..
compare: cst1:ds-update
Branches Tags
cst1:add_cst1_ssh
cst1:init-dgnum-page
cst1:takumi-can-do-ollama
cst1:declarative-buckets
cst1:main
cst1:move-ollama
cst1:prepare-for-terranix
cst1:ollama-api
cst1:npins-update
cst1:internal-lib
cst1:ds-update
cst1:ds-fr
cst1:colmena-liminix
cst1:tvix-store
cst1:nixpkgs
cst1:liminix-v1
DGNum:npins-update
DGNum:main
DGNum:web01
DGNum:declarative-buckets
DGNum:victoria-metrics
DGNum:mattermost
DGNum:init-dgnum-page
DGNum:takumi-can-do-ollama
DGNum:ds-fr
DGNum:colmena-liminix

1 commit
main ... ds-update

Author SHA1 Message Date
DGNum Chores
a0f14ad58d chore(ds-fr): Update 2024-10-02 16:28:20 +00:00
93 changed files with 928 additions and 2297 deletions
Show stats Expand all files Collapse all files

207
.forgejo/workflows/eval.yaml
View file

@ -9,192 +9,281 @@ on:
- main - main
jobs: jobs:
build_and_cache_krz01: build_compute01:
runs-on: nix runs-on: nix
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v3
- name: Build and cache the node - name: Build compute01
run: nix-shell --run cache-node run: |
env: # Enter the shell
STORE_ENDPOINT: "https://tvix-store.dgnum.eu/infra-signing/" nix-shell --run 'colmena build --on compute01'
STORE_USER: "admin"
STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }}
BUILD_NODE: "krz01"
- uses: actions/upload-artifact@v3 build_storage01:
if: always()
with:
name: outputs_krz01
path: paths.txt
build_and_cache_compute01:
runs-on: nix runs-on: nix
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v3
- name: Build and cache the node - name: Build storage01
run: nix-shell --run cache-node run: |
# Enter the shell
nix-shell --run 'colmena build --on storage01'
build_vault01:
runs-on: nix
steps:
- uses: actions/checkout@v3
- name: Build vault01
run: |
# Enter the shell
nix-shell --run 'colmena build --on vault01'
build_web01:
runs-on: nix
steps:
- uses: actions/checkout@v3
- name: Build web01
run: |
# Enter the shell
nix-shell --run 'colmena build --on web01'
build_web02:
runs-on: nix
steps:
- uses: actions/checkout@v3
- name: Build web02
run: |
# Enter the shell
nix-shell --run 'colmena build --on web02'
build_rescue01:
runs-on: nix
steps:
- uses: actions/checkout@v3
- name: Build rescue01
run: |
# Enter the shell
nix-shell --run 'colmena build --on rescue01'
build_geo01:
runs-on: nix
steps:
- uses: actions/checkout@v3
- name: Build geo01
run: |
# Enter the shell
nix-shell --run 'colmena build --on geo01'
build_geo02:
runs-on: nix
steps:
- uses: actions/checkout@v3
- name: Build geo02
run: |
# Enter the shell
nix-shell --run 'colmena build --on geo02'
build_bridge01:
runs-on: nix
steps:
- uses: actions/checkout@v3
- name: Build bridge01
run: |
# Enter the shell
nix-shell --run 'colmena build --on bridge01'
push_to_cache_compute01:
runs-on: nix
needs:
- build_compute01
steps:
- uses: actions/checkout@v3
- name: Push to cache
run: nix-shell --run push-to-nix-cache
env: env:
STORE_ENDPOINT: "https://tvix-store.dgnum.eu/infra-signing/" STORE_ENDPOINT: "https://tvix-store.dgnum.eu/infra-signing/"
STORE_USER: "admin" STORE_USER: "admin"
STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }} STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }}
BUILD_NODE: "compute01" NODES: '[ "compute01" ]'
- uses: actions/upload-artifact@v3 - uses: actions/upload-artifact@v3
if: always() if: always()
with: with:
name: outputs_compute01 name: outputs_compute01
path: paths.txt path: uploaded.txt
build_and_cache_storage01: push_to_cache_storage01:
runs-on: nix runs-on: nix
needs:
- build_storage01
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v3
- name: Build and cache the node - name: Push to cache
run: nix-shell --run cache-node run: nix-shell --run push-to-nix-cache
env: env:
STORE_ENDPOINT: "https://tvix-store.dgnum.eu/infra-signing/" STORE_ENDPOINT: "https://tvix-store.dgnum.eu/infra-signing/"
STORE_USER: "admin" STORE_USER: "admin"
STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }} STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }}
BUILD_NODE: "storage01" NODES: '[ "storage01" ]'
- uses: actions/upload-artifact@v3 - uses: actions/upload-artifact@v3
if: always() if: always()
with: with:
name: outputs_storage01 name: outputs_storage01
path: paths.txt path: uploaded.txt
build_and_cache_rescue01: push_to_cache_rescue01:
runs-on: nix runs-on: nix
needs:
- build_rescue01
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v3
- name: Build and cache the node - name: Push to cache
run: nix-shell --run cache-node run: nix-shell --run push-to-nix-cache
env: env:
STORE_ENDPOINT: "https://tvix-store.dgnum.eu/infra-signing/" STORE_ENDPOINT: "https://tvix-store.dgnum.eu/infra-signing/"
STORE_USER: "admin" STORE_USER: "admin"
STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }} STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }}
BUILD_NODE: "rescue01" NODES: '[ "rescue01" ]'
- uses: actions/upload-artifact@v3 - uses: actions/upload-artifact@v3
if: always() if: always()
with: with:
name: outputs_rescue01 name: outputs_rescue01
path: paths.txt path: uploaded.txt
build_and_cache_geo01: push_to_cache_geo01:
runs-on: nix runs-on: nix
needs:
- build_geo01
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v3
- name: Build and cache the node - name: Push to cache
run: nix-shell --run cache-node run: nix-shell --run push-to-nix-cache
env: env:
STORE_ENDPOINT: "https://tvix-store.dgnum.eu/infra-signing/" STORE_ENDPOINT: "https://tvix-store.dgnum.eu/infra-signing/"
STORE_USER: "admin" STORE_USER: "admin"
STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }} STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }}
BUILD_NODE: "geo01" NODES: '[ "geo01" ]'
- uses: actions/upload-artifact@v3 - uses: actions/upload-artifact@v3
if: always() if: always()
with: with:
name: outputs_geo01 name: outputs_geo01
path: paths.txt path: uploaded.txt
build_and_cache_geo02: push_to_cache_geo02:
runs-on: nix runs-on: nix
needs:
- build_geo02
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v3
- name: Build and cache the node - name: Push to cache
run: nix-shell --run cache-node run: nix-shell --run push-to-nix-cache
env: env:
STORE_ENDPOINT: "https://tvix-store.dgnum.eu/infra-signing/" STORE_ENDPOINT: "https://tvix-store.dgnum.eu/infra-signing/"
STORE_USER: "admin" STORE_USER: "admin"
STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }} STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }}
BUILD_NODE: "geo02" NODES: '[ "geo02" ]'
- uses: actions/upload-artifact@v3 - uses: actions/upload-artifact@v3
if: always() if: always()
with: with:
name: outputs_geo02 name: outputs_geo02
path: paths.txt path: uploaded.txt
build_and_cache_vault01: push_to_cache_vault01:
runs-on: nix runs-on: nix
needs:
- build_vault01
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v3
- name: Build and cache the node - name: Push to cache
run: nix-shell --run cache-node run: nix-shell --run push-to-nix-cache
env: env:
STORE_ENDPOINT: "https://tvix-store.dgnum.eu/infra-signing/" STORE_ENDPOINT: "https://tvix-store.dgnum.eu/infra-signing/"
STORE_USER: "admin" STORE_USER: "admin"
STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }} STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }}
BUILD_NODE: "vault01" NODES: '[ "vault01" ]'
- uses: actions/upload-artifact@v3 - uses: actions/upload-artifact@v3
if: always() if: always()
with: with:
name: outputs_vault01 name: outputs_vault01
path: paths.txt path: uploaded.txt
build_and_cache_web01: push_to_cache_web01:
runs-on: nix runs-on: nix
needs:
- build_web01
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v3
- name: Build and cache the node - name: Push to cache
run: nix-shell --run cache-node run: nix-shell --run push-to-nix-cache
env: env:
STORE_ENDPOINT: "https://tvix-store.dgnum.eu/infra-signing/" STORE_ENDPOINT: "https://tvix-store.dgnum.eu/infra-signing/"
STORE_USER: "admin" STORE_USER: "admin"
STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }} STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }}
BUILD_NODE: "web01" NODES: '[ "web01" ]'
- uses: actions/upload-artifact@v3 - uses: actions/upload-artifact@v3
if: always() if: always()
with: with:
name: outputs_web01 name: outputs_web01
path: paths.txt path: uploaded.txt
build_and_cache_web02: push_to_cache_web02:
runs-on: nix runs-on: nix
needs:
- build_web02
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v3
- name: Build and cache the node - name: Push to cache
run: nix-shell --run cache-node run: nix-shell --run push-to-nix-cache
env: env:
STORE_ENDPOINT: "https://tvix-store.dgnum.eu/infra-signing/" STORE_ENDPOINT: "https://tvix-store.dgnum.eu/infra-signing/"
STORE_USER: "admin" STORE_USER: "admin"
STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }} STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }}
BUILD_NODE: "web02" NODES: '[ "web02" ]'
- uses: actions/upload-artifact@v3 - uses: actions/upload-artifact@v3
if: always() if: always()
with: with:
name: outputs_web02 name: outputs_web02
path: paths.txt path: uploaded.txt
build_and_cache_bridge01: push_to_cache_bridge01:
runs-on: nix runs-on: nix
needs:
- build_bridge01
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v3
- name: Build and cache the node - name: Push to cache
run: nix-shell --run cache-node run: nix-shell --run push-to-nix-cache
env: env:
STORE_ENDPOINT: "https://tvix-store.dgnum.eu/infra-signing/" STORE_ENDPOINT: "https://tvix-store.dgnum.eu/infra-signing/"
STORE_USER: "admin" STORE_USER: "admin"
STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }} STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }}
BUILD_NODE: "bridge01" NODES: '[ "bridge01" ]'
- uses: actions/upload-artifact@v3 - uses: actions/upload-artifact@v3
if: always() if: always()
with: with:
name: outputs_web02 name: outputs_web02
path: paths.txt path: uploaded.txt

25
README.md
View file

@ -9,21 +9,6 @@ You're expected to read this document before commiting to the repo.
Some documentation for the development tools are provided in the aforementioned file. Some documentation for the development tools are provided in the aforementioned file.
# Using the binary cache
Add the following module to your configuration (and pin this repo using your favorite tool: npins, lon, etc...):
```
{ lib, ... }:
let
dgnum-infra = PINNED_PATH_TO_INFRA;
in {
nix.settings = (import dgnum-infra { }).mkCacheSettings {
caches = [ "infra" ];
};
}
```
# Adding a new machine # Adding a new machine
The first step is to create a minimal viable NixOS host, using tha means necessary. The first step is to create a minimal viable NixOS host, using tha means necessary.
@ -34,7 +19,7 @@ The second step is to find a name for this host, it must be unique from the othe
## Download the keys ## Download the keys
The public SSH keys of `host02` have to be saved to `keys`, preferably only the `ssh-ed25519` one. The public SSH keys of `host02` have to be saved to `keys/machines/host02.keys`, preferably only the `ssh-ed25519` one.
It can be retreived with : It can be retreived with :
@ -91,9 +76,11 @@ The general metadata is declared in `meta/nodes.nix`, the main values to declare
Create the directory `secrets` in the configuration folder, and add a `secrets.nix` file containing : Create the directory `secrets` in the configuration folder, and add a `secrets.nix` file containing :
```nix ```nix
(import ../../../keys).mkSecrets [ "host02" ] [ let
# List of secrets for host02 lib = import ../../../lib { };
] in
lib.setDefault { publicKeys = lib.getNodeKeys "host02"; } [ ]
``` ```
This will be used for future secret management. This will be used for future secret management.

3
default.nix
View file

@ -76,8 +76,6 @@ in
dns = import ./meta/dns.nix; dns = import ./meta/dns.nix;
mkCacheSettings = import ./machines/storage01/tvix-cache/cache-settings.nix;
shells = { shells = {
default = pkgs.mkShell { default = pkgs.mkShell {
name = "dgnum-infra"; name = "dgnum-infra";
@ -87,6 +85,7 @@ in
version = "1.8.0-unstable"; version = "1.8.0-unstable";
src = builtins.storePath sources.nixos-generators; src = builtins.storePath sources.nixos-generators;
})) }))
pkgs.attic-client
pkgs.npins pkgs.npins
(pkgs.callPackage ./lib/colmena { inherit (nix-pkgs) colmena; }) (pkgs.callPackage ./lib/colmena { inherit (nix-pkgs) colmena; })

40
hive.nix
View file

@ -1,25 +1,24 @@
let let
sources' = import ./npins; sources = import ./npins;
# Patch sources directly lib = import (sources.nix-lib + "/src/trivial.nix");
sources = builtins.mapAttrs (patch.base { pkgs = import sources'.nixos-unstable { }; })
.applyPatches' sources';
nix-lib = import ./lib/nix-lib; patch = import sources.nix-patches { patchFile = ./patches; };
patch = import ./lib/nix-patches { patchFile = ./patches; };
nodes' = import ./meta/nodes.nix; nodes' = import ./meta/nodes.nix;
nodes = builtins.attrNames nodes'; nodes = builtins.attrNames nodes';
mkNode = node: { mkNode = node: {
# Import the base configuration for each node # Import the base configuration for each node
imports = [ ./machines/${node}/_configuration.nix ]; imports = builtins.map (lib.mkRel (./machines/${node})) [
"_configuration.nix"
"_hardware-configuration.nix"
];
}; };
nixpkgs' = import ./meta/nixpkgs.nix; nixpkgs' = import ./meta/nixpkgs.nix;
# All supported nixpkgs versions, instanciated # All supported nixpkgs versions, instanciated
nixpkgs = nix-lib.mapSingleFuse mkNixpkgs nixpkgs'.supported; nixpkgs = lib.mapSingleFuse mkNixpkgs nixpkgs'.supported;
# Get the configured nixos version for the node, # Get the configured nixos version for the node,
# defaulting to the one defined in meta/nixpkgs # defaulting to the one defined in meta/nixpkgs
@ -28,9 +27,12 @@ let
# Builds a patched version of nixpkgs, only as the source # Builds a patched version of nixpkgs, only as the source
mkNixpkgs' = mkNixpkgs' =
v: v:
patch.mkNixpkgsSrc rec { let
src = sources'.${name}; version = "nixos-${v}";
name = "nixos-${v}"; in
patch.mkNixpkgsSrc {
src = sources.${version};
inherit version;
}; };
# Instanciates the required nixpkgs version # Instanciates the required nixpkgs version
@ -40,8 +42,10 @@ let
# Function to create arguments based on the node # Function to create arguments based on the node
# #
mkArgs = node: rec { mkArgs = node: rec {
lib = nixpkgs.${version node}.lib // { lib = import sources.nix-lib {
extra = nix-lib; inherit (nixpkgs.${version node}) lib;
keysRoot = ./keys;
}; };
meta = (import ./meta) lib; meta = (import ./meta) lib;
@ -52,15 +56,13 @@ in
{ {
meta = { meta = {
nodeNixpkgs = nix-lib.mapSingleFuse (n: nixpkgs.${version n}) nodes; nodeNixpkgs = lib.mapSingleFuse (n: nixpkgs.${version n}) nodes;
specialArgs = { specialArgs = {
inherit nixpkgs sources; inherit nixpkgs sources;
dgn-keys = import ./keys;
}; };
nodeSpecialArgs = nix-lib.mapSingleFuse mkArgs nodes; nodeSpecialArgs = lib.mapSingleFuse mkArgs nodes;
}; };
defaults = defaults =
@ -110,4 +112,4 @@ in
}; };
}; };
} }
// (nix-lib.mapSingleFuse mkNode nodes) // (lib.mapSingleFuse mkNode nodes)

6
iso/configuration.nix
View file

@ -1,7 +1,7 @@
{ lib, pkgs, ... }: { lib, pkgs, ... }:
let let
dgn-keys = import ../keys; dgn-lib = import ../lib { };
dgn-members = (import ../meta lib).organization.groups.root; dgn-members = (import ../meta lib).organization.groups.root;
in in
@ -34,5 +34,7 @@ in
openssh.enable = true; openssh.enable = true;
}; };
users.users.root.openssh.authorizedKeys.keys = dgn-keys.getKeys dgn-members; users.users.root.openssh.authorizedKeys.keyFiles = builtins.map (
m: dgn-lib.mkRel ../keys "${m}.keys"
) dgn-members;
} }

1
keys/catvayor.keys Normal file
View file

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAA16foz+XzwKwyIR4wFgNIAE3Y7AfXyEsUZFVVz8Rie catvayor@katvayor

80
keys/default.nix
View file

@ -1,80 +0,0 @@
let
_sources = import ../npins;
meta = import ../meta (import _sources.nixpkgs { }).lib;
getAttr = flip builtins.getAttr;
inherit (import ../lib/nix-lib) flip setDefault unique;
in
rec {
# WARNING: When updating this list, make sure that the nodes and members are alphabetically sorted
# If not, you will face an angry maintainer
_keys = {
# SSH keys of the nodes
bridge01 = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP5bS3iBXz8wycBnTvI5Qi79WLu0h4IVv/EOdKYbP5y7" ];
compute01 = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE/YluSVS+4h3oV8CIUj0OmquyJXju8aEQy0Jz210vTu" ];
geo01 = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEl6Pubbau+usQkemymoSKrTBbrX8JU5m5qpZbhNx8p4" ];
geo02 = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFNXaCS0/Nsu5npqQk1TP6wMHCVIOaj4pblp2tIg6Ket" ];
krz01 = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP4o65gWOgNrxbSd3kiQIGZUM+YD6kuZOQtblvzUGsfB" ];
rescue01 = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEJa02Annu8o7ggPjTH/9ttotdNGyghlWfU9E8pnuLUf" ];
storage01 = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA0s+rPcEcfWCqZ4B2oJiWT/60awOI8ijL1rtDM2glXZ" ];
vault01 = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAJA6VA7LENvTRlKdcrqt8DxDOPvX3bg3Gjy9mNkdFEW" ];
web01 = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPR+lewuJ/zhCyizJGJOH1UaAB699ItNKEaeuoK57LY5" ];
web02 = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID+QDE+GgZs6zONHvzRW15BzGJNW69k2BFZgB/Zh/tLX" ];
# SSH keys of the DGNum members
catvayor = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAA16foz+XzwKwyIR4wFgNIAE3Y7AfXyEsUZFVVz8Rie catvayor@katvayor"
];
ecoppens = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIGmU7yEOCGuGNt4PlQbzd0Cms1RePpo8yEA7Ij/+TdA" ];
gdd = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICE7TN5NQKGojNGIeTFiHjLHTDQGT8i05JFqX/zLW2zc"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIFbkPWWZzOBaRdx4+7xQUgxDwuncSl2fxAeVuYfVUPZ"
];
jemagius = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOoxmou5OU74GgpIUkhVt6GiB+O9Jy4ge0TwK5MDFJ2F"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCxQX0JLRah3GfIOkua4ZhEJhp5Ykv55RO0SPrSUwCBs5arnALg8gq12YLr09t4bzW/NA9/jn7flhh4S54l4RwBUhmV4JSQhGu71KGhfOj5ZBkDoSyYqzbu206DfZP5eQonSmjfP6XghcWOr/jlBzw9YAAQkFxsQgXEkr4kdn0ZXfZGz6b0t3YUjYIuDNbptFsGz2V9iQVy1vnxrjnLSfc25j4et8z729Vpy4M7oCaE6a6hgon4V1jhVbg43NAE5gu2eYFAPIzO3E7ZI8WjyLu1wtOBClk1f+HMen3Tr+SX2PXmpPGb+I2fAkbzu/C4X/M3+2bL1dYjxuvQhvvpAjxFwmdoXW4gWJ3J/FRiFrKsiAY0rYC+yi8SfacJWCv4EEcV/yQ4gYwpmU9xImLaro6w5cOHGCqrzYqjZc4Wi6AWFGeBSNzNs9PXLgMRWeUyiIDOFnSep2ebZeVjTB16m+o/YDEhE10uX9kCCx3Dy/41iJ1ps7V4JWGFsr0Fqaz8mu8="
];
luj = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDMBW7rTtfZL9wtrpCVgariKdpN60/VeAzXkh9w3MwbO julien@enigma"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGa+7n7kNzb86pTqaMn554KiPrkHRGeTJ0asY1NjSbpr julien@tower"
];
mdebray = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEpwF+XD3HgX64kqD42pcEZRNYAWoO4YNiOm5KO4tH6o maurice@polaris"
];
raito = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDcEkYM1r8QVNM/G5CxJInEdoBCWjEHHDdHlzDYNSUIdHHsn04QY+XI67AdMCm8w30GZnLUIj5RiJEWXREUApby0GrfxGGcy8otforygfgtmuUKAUEHdU2MMwrQI7RtTZ8oQ0USRGuqvmegxz3l5caVU7qGvBllJ4NUHXrkZSja2/51vq80RF4MKkDGiz7xUTixI2UcBwQBCA/kQedKV9G28EH+1XfvePqmMivZjl+7VyHsgUVj9eRGA1XWFw59UPZG8a7VkxO/Eb3K9NF297HUAcFMcbY6cPFi9AaBgu3VC4eetDnoN/+xT1owiHi7BReQhGAy/6cdf7C/my5ehZwD"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE0xMwWedkKosax9+7D2OlnMxFL/eV4CvFZLsbLptpXr"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKiXXYkhRh+s7ixZ8rvG8ntIqd6FELQ9hh7HoaHQJRPU"
];
thubrecht = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL+EZXYziiaynJX99EW8KesnmRTZMof3BoIs3mdEl8L3"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHL4M4HKjs4cjRAYRk9pmmI8U0R4+T/jQh6Fxp/i1Eoy"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPM1jpXR7BWQa7Sed7ii3SbvIPRRlKb3G91qC0vOwfJn"
];
};
getKeys = ls: builtins.concatLists (builtins.map (getAttr _keys) ls);
mkSecrets =
nodes: setDefault { publicKeys = unique (rootKeys ++ (builtins.concatMap getNodeKeys' nodes)); };
getNodeKeys' =
node:
let
names = builtins.foldl' (names: group: names ++ meta.organization.groups.${group}) (
meta.nodes.${node}.admins ++ [ node ]
) meta.nodes.${node}.adminGroups;
in
unique (getKeys names);
getNodeKeys = node: rootKeys ++ getNodeKeys' node;
# List of keys for the root group
rootKeys = getKeys meta.organization.groups.root;
# List of 'machine' keys
machineKeys = rootKeys ++ (getKeys (builtins.attrNames meta.nodes));
}

1
keys/ecoppens.keys Normal file
View file

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIGmU7yEOCGuGNt4PlQbzd0Cms1RePpo8yEA7Ij/+TdA

2
keys/gdd.keys Normal file
View file

@ -0,0 +1,2 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICE7TN5NQKGojNGIeTFiHjLHTDQGT8i05JFqX/zLW2zc
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIFbkPWWZzOBaRdx4+7xQUgxDwuncSl2fxAeVuYfVUPZ

2
keys/jemagius.keys Normal file
View file

@ -0,0 +1,2 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOoxmou5OU74GgpIUkhVt6GiB+O9Jy4ge0TwK5MDFJ2F
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCxQX0JLRah3GfIOkua4ZhEJhp5Ykv55RO0SPrSUwCBs5arnALg8gq12YLr09t4bzW/NA9/jn7flhh4S54l4RwBUhmV4JSQhGu71KGhfOj5ZBkDoSyYqzbu206DfZP5eQonSmjfP6XghcWOr/jlBzw9YAAQkFxsQgXEkr4kdn0ZXfZGz6b0t3YUjYIuDNbptFsGz2V9iQVy1vnxrjnLSfc25j4et8z729Vpy4M7oCaE6a6hgon4V1jhVbg43NAE5gu2eYFAPIzO3E7ZI8WjyLu1wtOBClk1f+HMen3Tr+SX2PXmpPGb+I2fAkbzu/C4X/M3+2bL1dYjxuvQhvvpAjxFwmdoXW4gWJ3J/FRiFrKsiAY0rYC+yi8SfacJWCv4EEcV/yQ4gYwpmU9xImLaro6w5cOHGCqrzYqjZc4Wi6AWFGeBSNzNs9PXLgMRWeUyiIDOFnSep2ebZeVjTB16m+o/YDEhE10uX9kCCx3Dy/41iJ1ps7V4JWGFsr0Fqaz8mu8=

2
keys/luj.keys Normal file
View file

@ -0,0 +1,2 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDMBW7rTtfZL9wtrpCVgariKdpN60/VeAzXkh9w3MwbO julien@enigma
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGa+7n7kNzb86pTqaMn554KiPrkHRGeTJ0asY1NjSbpr julien@tower

1
keys/machines/bridge01.keys Normal file
View file

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP5bS3iBXz8wycBnTvI5Qi79WLu0h4IVv/EOdKYbP5y7

1
keys/machines/compute01.keys Normal file
View file

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE/YluSVS+4h3oV8CIUj0OmquyJXju8aEQy0Jz210vTu

1
keys/machines/geo01.keys Normal file
View file

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEl6Pubbau+usQkemymoSKrTBbrX8JU5m5qpZbhNx8p4

1
keys/machines/geo02.keys Normal file
View file

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFNXaCS0/Nsu5npqQk1TP6wMHCVIOaj4pblp2tIg6Ket

1
keys/machines/rescue01.keys Normal file
View file

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEJa02Annu8o7ggPjTH/9ttotdNGyghlWfU9E8pnuLUf

1
keys/machines/storage01.keys Normal file
View file

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA0s+rPcEcfWCqZ4B2oJiWT/60awOI8ijL1rtDM2glXZ

1
keys/machines/vault01.keys Normal file
View file

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAJA6VA7LENvTRlKdcrqt8DxDOPvX3bg3Gjy9mNkdFEW

1
keys/machines/web01.keys Normal file
View file

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPR+lewuJ/zhCyizJGJOH1UaAB699ItNKEaeuoK57LY5

1
keys/machines/web02.keys Normal file
View file

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID+QDE+GgZs6zONHvzRW15BzGJNW69k2BFZgB/Zh/tLX

1
keys/mdebray.keys Normal file
View file

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEpwF+XD3HgX64kqD42pcEZRNYAWoO4YNiOm5KO4tH6o maurice@polaris

3
keys/raito.keys Normal file
View file

@ -0,0 +1,3 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDcEkYM1r8QVNM/G5CxJInEdoBCWjEHHDdHlzDYNSUIdHHsn04QY+XI67AdMCm8w30GZnLUIj5RiJEWXREUApby0GrfxGGcy8otforygfgtmuUKAUEHdU2MMwrQI7RtTZ8oQ0USRGuqvmegxz3l5caVU7qGvBllJ4NUHXrkZSja2/51vq80RF4MKkDGiz7xUTixI2UcBwQBCA/kQedKV9G28EH+1XfvePqmMivZjl+7VyHsgUVj9eRGA1XWFw59UPZG8a7VkxO/Eb3K9NF297HUAcFMcbY6cPFi9AaBgu3VC4eetDnoN/+xT1owiHi7BReQhGAy/6cdf7C/my5ehZwD
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE0xMwWedkKosax9+7D2OlnMxFL/eV4CvFZLsbLptpXr
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKiXXYkhRh+s7ixZ8rvG8ntIqd6FELQ9hh7HoaHQJRPU

3
keys/thubrecht.keys Normal file
View file

@ -0,0 +1,3 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL+EZXYziiaynJX99EW8KesnmRTZMof3BoIs3mdEl8L3
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHL4M4HKjs4cjRAYRk9pmmI8U0R4+T/jQh6Fxp/i1Eoy
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPM1jpXR7BWQa7Sed7ii3SbvIPRRlKb3G91qC0vOwfJn

33
lib/default.nix Normal file
View file

@ -0,0 +1,33 @@
_:
let
sources = import ../npins;
lib = import sources.nix-lib {
inherit ((import sources.nixpkgs { })) lib;
keysRoot = ../keys;
};
meta = import ../meta lib;
inherit (lib.extra) getAllKeys;
in
lib.extra
// rec {
# Get publickeys associated to a node
getNodeKeys =
node:
let
names = builtins.foldl' (names: group: names ++ meta.organization.groups.${group}) (
meta.nodes.${node}.admins ++ [ "/machines/${node}" ]
) meta.nodes.${node}.adminGroups;
in
rootKeys ++ (getAllKeys names);
rootKeys = getAllKeys meta.organization.groups.root;
machineKeys =
rootKeys ++ (getAllKeys (builtins.map (n: "machines/${n}") (builtins.attrNames meta.nodes)));
}

197
lib/nix-lib/default.nix
View file

@ -1,197 +0,0 @@
# Copyright Tom Hubrecht, (2023)
#
# Tom Hubrecht <tom@hubrecht.ovh>
#
# This software is governed by the CeCILL license under French law and
# abiding by the rules of distribution of free software. You can use,
# modify and/ or redistribute the software under the terms of the CeCILL
# license as circulated by CEA, CNRS and INRIA at the following URL
# "http://www.cecill.info".
#
# As a counterpart to the access to the source code and rights to copy,
# modify and redistribute granted by the license, users are provided only
# with a limited warranty and the software's author, the holder of the
# economic rights, and the successive licensors have only limited
# liability.
#
# In this respect, the user's attention is drawn to the risks associated
# with loading, using, modifying and/or developing or reproducing the
# software by the user in light of its specific status of free software,
# that may mean that it is complicated to manipulate, and that also
# therefore means that it is reserved for developers and experienced
# professionals having in-depth computer knowledge. Users are therefore
# encouraged to load and test the software's suitability as regards their
# requirements in conditions enabling the security of their systems and/or
# data to be ensured and, more generally, to use and operate it in the
# same conditions as regards security.
#
# The fact that you are presently reading this means that you have had
# knowledge of the CeCILL license and that you accept its terms.
let
# Reimplement optional functions
_optional =
default: b: value:
if b then value else default;
in
rec {
inherit (import ./nixpkgs.nix)
flip
hasPrefix
recursiveUpdate
splitString
unique
;
/*
Fuses a list of attribute sets into a single attribute set.
Type: [attrs] -> attrs
Example:
x = [ { a = 1; } { b = 2; } ]
fuseAttrs x
=> { a = 1; b = 2; }
*/
fuseAttrs = builtins.foldl' (attrs: x: attrs // x) { };
fuseValueAttrs = attrs: fuseAttrs (builtins.attrValues attrs);
/*
Applies a function to `attrsList` before fusing the resulting list
of attribute sets.
Type: ('a -> attrs) -> ['a] -> attrs
Example:
x = [ "to" "ta" "ti" ]
f = s: { ${s} = s + s; }
mapFuse f x
=> { to = "toto"; ta = "tata"; ti = "titi"; }
*/
mapFuse =
# 'a -> attrs
f:
# ['a]
attrsList:
fuseAttrs (builtins.map f attrsList);
/*
Equivalent of lib.singleton but for an attribute set.
Type: str -> 'a -> attrs
Example:
singleAttr "a" 1
=> { a = 1; }
*/
singleAttr = name: value: { ${name} = value; };
# Enables a list of modules.
enableAttrs' =
enable:
mapFuse (m: {
${m}.${enable} = true;
});
enableModules = enableAttrs' "enable";
/*
Create an attribute set from a list of values, mapping those
values through the function `f`.
Example:
mapSingleFuse (x: "val-${x}") [ "a" "b" ]
=> { a = "val-a"; b = "val-b" }
*/
mapSingleFuse = f: mapFuse (x: singleAttr x (f x));
/*
Creates a relative path as a string
Type: path -> str -> path
Example:
mkRel /home/test/ "file.txt"
=> "/home/test/file.txt"
*/
mkRel = path: file: path + "/${file}";
setDefault =
default:
mapFuse (name: {
${name} = default;
});
mkBaseSecrets =
root:
mapFuse (secret: {
${secret}.file = mkRel root secret;
});
getSecrets = dir: builtins.attrNames (import (mkRel dir "secrets.nix"));
subAttr = attrs: name: attrs.${name};
subAttrs = attrs: builtins.map (subAttr attrs);
optionalList = _optional [ ];
optionalAttrs = _optional { };
optionalString = _optional "";
/*
Same as fuseAttrs but using `lib.recursiveUpdate` to merge attribute
sets together.
Type: [attrs] -> attrs
*/
recursiveFuse = builtins.foldl' recursiveUpdate { };
mkImport =
root: file:
let
path = mkRel root file;
in
path + (optionalString (!(builtins.pathExists path)) ".nix");
mkImports = root: builtins.map (mkImport root);
/*
Creates a confugiration by merging enabled modules,
services and extraConfig.
Example:
mkConfig {
enabledModules = [ "ht-defaults" ];
enabledServices = [ "toto" ];
extraConfig = { services.nginx.enable = true; };
root = ./.;
}
=>
{
imports = [ ./toto ];
ht-defaults.enable = true;
services.nginx.enable = true;
}
*/
mkConfig =
{
# List of modules to enable with `enableModules`
enabledModules,
# List of services to import
enabledServices,
# Extra configuration, defaults to `{ }`
extraConfig ? { },
# Path relative to which the enabled services will be imported
root,
}:
recursiveFuse [
(enableModules enabledModules)
{ imports = mkImports root ([ "_hardware-configuration" ] ++ enabledServices); }
extraConfig
];
}

416
lib/nix-lib/nixpkgs.nix
View file

@ -1,416 +0,0 @@
###
# Collection of nixpkgs library functions, those are necessary for defining our own lib
#
# They have been simplified and builtins are used in some places, instead of lib shims.
rec {
/**
Does the same as the update operator '//' except that attributes are
merged until the given predicate is verified. The predicate should
accept 3 arguments which are the path to reach the attribute, a part of
the first attribute set and a part of the second attribute set. When
the predicate is satisfied, the value of the first attribute set is
replaced by the value of the second attribute set.
# Inputs
`pred`
: Predicate, taking the path to the current attribute as a list of strings for attribute names, and the two values at that path from the original arguments.
`lhs`
: Left attribute set of the merge.
`rhs`
: Right attribute set of the merge.
# Type
```
recursiveUpdateUntil :: ( [ String ] -> AttrSet -> AttrSet -> Bool ) -> AttrSet -> AttrSet -> AttrSet
```
# Examples
:::{.example}
## `lib.attrsets.recursiveUpdateUntil` usage example
```nix
recursiveUpdateUntil (path: l: r: path == ["foo"]) {
# first attribute set
foo.bar = 1;
foo.baz = 2;
bar = 3;
} {
#second attribute set
foo.bar = 1;
foo.quz = 2;
baz = 4;
}
=> {
foo.bar = 1; # 'foo.*' from the second set
foo.quz = 2; #
bar = 3; # 'bar' from the first set
baz = 4; # 'baz' from the second set
}
```
:::
*/
recursiveUpdateUntil =
pred: lhs: rhs:
let
f =
attrPath:
builtins.zipAttrsWith (
n: values:
let
here = attrPath ++ [ n ];
in
if builtins.length values == 1 || pred here (builtins.elemAt values 1) (builtins.head values) then
builtins.head values
else
f here values
);
in
f [ ] [
rhs
lhs
];
/**
A recursive variant of the update operator //. The recursion
stops when one of the attribute values is not an attribute set,
in which case the right hand side value takes precedence over the
left hand side value.
# Inputs
`lhs`
: Left attribute set of the merge.
`rhs`
: Right attribute set of the merge.
# Type
```
recursiveUpdate :: AttrSet -> AttrSet -> AttrSet
```
# Examples
:::{.example}
## `lib.attrsets.recursiveUpdate` usage example
```nix
recursiveUpdate {
boot.loader.grub.enable = true;
boot.loader.grub.device = "/dev/hda";
} {
boot.loader.grub.device = "";
}
returns: {
boot.loader.grub.enable = true;
boot.loader.grub.device = "";
}
```
:::
*/
recursiveUpdate =
lhs: rhs:
recursiveUpdateUntil (
_: lhs: rhs:
!(builtins.isAttrs lhs && builtins.isAttrs rhs)
) lhs rhs;
/**
Determine whether a string has given prefix.
# Inputs
`pref`
: Prefix to check for
`str`
: Input string
# Type
```
hasPrefix :: string -> string -> bool
```
# Examples
:::{.example}
## `lib.strings.hasPrefix` usage example
```nix
hasPrefix "foo" "foobar"
=> true
hasPrefix "foo" "barfoo"
=> false
```
:::
*/
hasPrefix = pref: str: (builtins.substring 0 (builtins.stringLength pref) str == pref);
/**
Escape occurrence of the elements of `list` in `string` by
prefixing it with a backslash.
# Inputs
`list`
: 1\. Function argument
`string`
: 2\. Function argument
# Type
```
escape :: [string] -> string -> string
```
# Examples
:::{.example}
## `lib.strings.escape` usage example
```nix
escape ["(" ")"] "(foo)"
=> "\\(foo\\)"
```
:::
*/
escape = list: builtins.replaceStrings list (builtins.map (c: "\\${c}") list);
/**
Convert a string `s` to a list of characters (i.e. singleton strings).
This allows you to, e.g., map a function over each character. However,
note that this will likely be horribly inefficient; Nix is not a
general purpose programming language. Complex string manipulations
should, if appropriate, be done in a derivation.
Also note that Nix treats strings as a list of bytes and thus doesn't
handle unicode.
# Inputs
`s`
: 1\. Function argument
# Type
```
stringToCharacters :: string -> [string]
```
# Examples
:::{.example}
## `lib.strings.stringToCharacters` usage example
```nix
stringToCharacters ""
=> [ ]
stringToCharacters "abc"
=> [ "a" "b" "c" ]
stringToCharacters "🦄"
=> [ "<EFBFBD>" "<EFBFBD>" "<EFBFBD>" "<EFBFBD>" ]
```
:::
*/
stringToCharacters = s: builtins.genList (p: builtins.substring p 1 s) (builtins.stringLength s);
/**
Turn a string `s` into an exact regular expression
# Inputs
`s`
: 1\. Function argument
# Type
```
escapeRegex :: string -> string
```
# Examples
:::{.example}
## `lib.strings.escapeRegex` usage example
```nix
escapeRegex "[^a-z]*"
=> "\\[\\^a-z]\\*"
```
:::
*/
escapeRegex = escape (stringToCharacters "\\[{()^$?*+|.");
/**
Appends string context from string like object `src` to `target`.
:::{.warning}
This is an implementation
detail of Nix and should be used carefully.
:::
Strings in Nix carry an invisible `context` which is a list of strings
representing store paths. If the string is later used in a derivation
attribute, the derivation will properly populate the inputDrvs and
inputSrcs.
# Inputs
`src`
: The string to take the context from. If the argument is not a string,
it will be implicitly converted to a string.
`target`
: The string to append the context to. If the argument is not a string,
it will be implicitly converted to a string.
# Type
```
addContextFrom :: string -> string -> string
```
# Examples
:::{.example}
## `lib.strings.addContextFrom` usage example
```nix
pkgs = import <nixpkgs> { };
addContextFrom pkgs.coreutils "bar"
=> "bar"
```
The context can be displayed using the `toString` function:
```nix
nix-repl> builtins.getContext (lib.strings.addContextFrom pkgs.coreutils "bar")
{
"/nix/store/m1s1d2dk2dqqlw3j90jl3cjy2cykbdxz-coreutils-9.5.drv" = { ... };
}
```
:::
*/
addContextFrom = src: target: builtins.substring 0 0 src + target;
/**
Cut a string with a separator and produces a list of strings which
were separated by this separator.
# Inputs
`sep`
: 1\. Function argument
`s`
: 2\. Function argument
# Type
```
splitString :: string -> string -> [string]
```
# Examples
:::{.example}
## `lib.strings.splitString` usage example
```nix
splitString "." "foo.bar.baz"
=> [ "foo" "bar" "baz" ]
splitString "/" "/usr/local/bin"
=> [ "" "usr" "local" "bin" ]
```
:::
*/
splitString =
sep: s:
let
splits = builtins.filter builtins.isString (
builtins.split (escapeRegex (builtins.toString sep)) (builtins.toString s)
);
in
builtins.map (addContextFrom s) splits;
/**
Remove duplicate elements from the `list`. O(n^2) complexity.
# Inputs
`list`
: Input list
# Type
```
unique :: [a] -> [a]
```
# Examples
:::{.example}
## `lib.lists.unique` usage example
```nix
unique [ 3 2 3 4 ]
=> [ 3 2 4 ]
```
:::
*/
unique = builtins.foldl' (acc: e: if builtins.elem e acc then acc else acc ++ [ e ]) [ ];
/**
Flip the order of the arguments of a binary function.
# Inputs
`f`
: 1\. Function argument
`a`
: 2\. Function argument
`b`
: 3\. Function argument
# Type
```
flip :: (a -> b -> c) -> (b -> a -> c)
```
# Examples
:::{.example}
## `lib.trivial.flip` usage example
```nix
flip concat [1] [2]
=> [ 2 1 ]
```
:::
*/
flip =
f: a: b:
f b a;
}

110
lib/nix-patches/default.nix
View file

@ -1,110 +0,0 @@
# Copyright Tom Hubrecht, (2023-2024)
#
# Tom Hubrecht <tom@hubrecht.ovh>
#
# This software is governed by the CeCILL license under French law and
# abiding by the rules of distribution of free software. You can use,
# modify and/ or redistribute the software under the terms of the CeCILL
# license as circulated by CEA, CNRS and INRIA at the following URL
# "http://www.cecill.info".
#
# As a counterpart to the access to the source code and rights to copy,
# modify and redistribute granted by the license, users are provided only
# with a limited warranty and the software's author, the holder of the
# economic rights, and the successive licensors have only limited
# liability.
#
# In this respect, the user's attention is drawn to the risks associated
# with loading, using, modifying and/or developing or reproducing the
# software by the user in light of its specific status of free software,
# that may mean that it is complicated to manipulate, and that also
# therefore means that it is reserved for developers and experienced
# professionals having in-depth computer knowledge. Users are therefore
# encouraged to load and test the software's suitability as regards their
# requirements in conditions enabling the security of their systems and/or
# data to be ensured and, more generally, to use and operate it in the
# same conditions as regards security.
#
# The fact that you are presently reading this means that you have had
# knowledge of the CeCILL license and that you accept its terms.
{
patchFile,
excludeGitHubManual ? true,
fetchers ? { },
}:
rec {
base =
{ pkgs }:
rec {
mkUrlPatch =
attrs:
pkgs.fetchpatch (
{
hash = pkgs.lib.fakeHash;
}
// attrs
// (pkgs.lib.optionalAttrs (excludeGitHubManual && !(builtins.hasAttr "includes" attrs)) {
excludes = (attrs.excludes or [ ]) ++ [ "nixos/doc/manual/*" ];
})
);
mkGitHubPatch =
{ id, ... }@attrs:
mkUrlPatch (
(builtins.removeAttrs attrs [ "id" ])
// {
url = "https://github.com/NixOS/nixpkgs/pull/${builtins.toString id}.diff";
}
);
mkCommitPatch =
{ sha, ... }@attrs:
mkUrlPatch (
(builtins.removeAttrs attrs [ "sha" ])
// {
url = "https://github.com/NixOS/nixpkgs/commit/${builtins.toString sha}.diff";
}
);
patchFunctions = {
commit = mkCommitPatch;
github = mkGitHubPatch;
remote = pkgs.fetchpatch;
static = attrs: attrs.path;
url = mkUrlPatch;
} // fetchers;
mkPatch =
{
_type ? "github",
...
}@attrs:
if builtins.hasAttr _type patchFunctions then
patchFunctions.${_type} (builtins.removeAttrs attrs [ "_type" ])
else
throw "Unknown patch type: ${builtins.toString _type}.";
mkPatches = v: builtins.map mkPatch ((import patchFile).${v} or [ ]);
applyPatches =
{
src,
name,
patches ? mkPatches name,
}:
if patches == [ ] then
src
else
pkgs.applyPatches {
inherit patches src;
name = "${name}-patched";
};
applyPatches' = name: src: applyPatches { inherit name src; };
};
mkNixpkgsSrc = { src, name }: (base { pkgs = import src { }; }).applyPatches { inherit src name; };
}

8
machines/bridge01/secrets/secrets.nix
View file

@ -1,3 +1,5 @@
(import ../../../keys).mkSecrets [ "bridg01" ] [ let
# List of secrets for bridge01 lib = import ../../../lib { };
] in
lib.setDefault { publicKeys = lib.getNodeKeys "bridge01"; } [ ]

1
machines/compute01/_configuration.nix
View file

@ -21,7 +21,6 @@ lib.extra.mkConfig {
"librenms" "librenms"
"mastodon" "mastodon"
"nextcloud" "nextcloud"
"ollama-proxy"
"outline" "outline"
"plausible" "plausible"
"postgresql" "postgresql"

62
machines/compute01/dgsi/default.nix
View file

@ -8,7 +8,7 @@
}: }:
let let
inherit (lib) toLower; inherit (lib) mapAttrsToList;
python = python =
let let
@ -33,29 +33,25 @@ let
}; };
}; };
pythonEnv = python.withPackages ( pythonEnv = python.withPackages (ps: [
ps: ps.django
[ ps.gunicorn
ps.django ps.psycopg
ps.gunicorn ps.django-compressor
ps.psycopg ps.django-import-export
ps.django-compressor
ps.django-import-export
# Local packages # Local packages
ps.django-allauth ps.django-allauth
ps.django-allauth-cas ps.django-allauth-cas
ps.django-browser-reload ps.django-browser-reload
ps.django-bulma-forms ps.django-bulma-forms
ps.django-sass-processor ps.django-sass-processor
ps.django-sass-processor-dart-sass ps.django-sass-processor-dart-sass
ps.django-unfold ps.django-unfold
ps.loadcredential ps.loadcredential
ps.pykanidm ps.pykanidm
ps.python-cas ps.python-cas
] ]);
++ ps.django-allauth.optional-dependencies.saml
);
staticDrv = pkgs.stdenv.mkDerivation { staticDrv = pkgs.stdenv.mkDerivation {
name = "dgsi-static"; name = "dgsi-static";
@ -71,10 +67,8 @@ let
configurePhase = '' configurePhase = ''
export DGSI_STATIC_ROOT=$out/static export DGSI_STATIC_ROOT=$out/static
export CREDENTIALS_DIRECTORY=$(pwd)/../.credentials export CREDENTIALS_DIRECTORY=$(pwd)/../.credentials
export DGSI_KANIDM_CLIENT="dgsi_test" export DGSI_KANIDM_CLIENT="dgsi_test";
export DGSI_KANIDM_AUTH_TOKEN="fake.token" export DGSI_KANIDM_AUTH_TOKEN="fake.token";
export DGSI_X509_KEY=""
export DGSI_X509_CERT=""
''; '';
doBuild = false; doBuild = false;
@ -107,14 +101,12 @@ in
serviceConfig = { serviceConfig = {
DynamicUser = true; DynamicUser = true;
LoadCredential = map (name: "${name}:${config.age.secrets."dgsi-${toLower name}_file".path}") [ LoadCredential = mapAttrsToList (name: value: "${name}:${value}") {
"EMAIL_HOST_PASSWORD" SECRET_KEY = config.age.secrets."dgsi-secret_key_file".path;
"KANIDM_AUTH_TOKEN" KANIDM_AUTH_TOKEN = config.age.secrets."dgsi-kanidm_auth_token_file".path;
"KANIDM_SECRET" KANIDM_SECRET = config.age.secrets."dgsi-kanidm_secret_file".path;
"SECRET_KEY" EMAIL_HOST_PASSWORD = config.age.secrets."dgsi-email_host_password_file".path;
"X509_CERT" };
"X509_KEY"
];
RuntimeDirectory = "django-apps/dgsi"; RuntimeDirectory = "django-apps/dgsi";
StateDirectory = "django-apps/dgsi"; StateDirectory = "django-apps/dgsi";
UMask = "0027"; UMask = "0027";

6
machines/compute01/ds-fr/package/meta.nix
View file

@ -1,5 +1,5 @@
{ {
version = "2024-04-24-01"; version = "2024-09-30-02";
src-hash = "sha256-+FjthJZb1KqqFttFmXr/FN5qaFcY9RGTKAqhdLGVFSg="; src-hash = "sha256-WnrU2vH/ElKjpRLgDsxjo33hAIPGIRQR/o9RcAde4Pc=";
deps-hash = "sha256-Vj8WCB+LSHJM67qbsZ5CPc+jK1KWO1MXnSFp/LH0Ow8="; deps-hash = "sha256-i0qNvr2wDLdGbFp5wcqDi3aFTvA9P7aS+BaOvU5cnUM=";
} }

11
machines/compute01/ds-fr/package/rubyEnv/Gemfile
View file

@ -1,3 +1,5 @@
# frozen_string_literal: true
source 'https://rubygems.org' source 'https://rubygems.org'
gem 'rails', '~> 7.0.8' # allows update to security fixes at any time gem 'rails', '~> 7.0.8' # allows update to security fixes at any time
@ -17,6 +19,7 @@ gem 'anchored'
gem 'bcrypt' gem 'bcrypt'
gem 'bootsnap', '>= 1.4.4', require: false # Reduces boot times through caching; required in config/boot.rb gem 'bootsnap', '>= 1.4.4', require: false # Reduces boot times through caching; required in config/boot.rb
gem 'browser' gem 'browser'
gem 'capybara-playwright-driver'
gem 'charlock_holmes' gem 'charlock_holmes'
gem 'chartkick' gem 'chartkick'
gem 'chunky_png' gem 'chunky_png'
@ -37,6 +40,7 @@ gem 'flipper'
gem 'flipper-active_record' gem 'flipper-active_record'
gem 'flipper-active_support_cache_store' gem 'flipper-active_support_cache_store'
gem 'flipper-ui' gem 'flipper-ui'
gem 'front_matter_parser'
gem 'fugit' gem 'fugit'
gem 'geocoder' gem 'geocoder'
gem 'geo_coord', require: "geo/coord" gem 'geo_coord', require: "geo/coord"
@ -94,6 +98,7 @@ gem 'sidekiq'
gem 'sidekiq-cron' gem 'sidekiq-cron'
gem 'skylight' gem 'skylight'
gem 'spreadsheet_architect' gem 'spreadsheet_architect'
gem 'string-similarity'
gem 'strong_migrations' # lint database migrations gem 'strong_migrations' # lint database migrations
gem 'sys-proctable' gem 'sys-proctable'
gem 'turbo-rails' gem 'turbo-rails'
@ -103,13 +108,10 @@ gem 'view_component'
gem 'vite_rails' gem 'vite_rails'
gem 'warden' gem 'warden'
gem 'webrick', require: false gem 'webrick', require: false
gem 'yabeda-graphql'
gem 'yabeda-prometheus' gem 'yabeda-prometheus'
gem 'yabeda-puma-plugin'
gem 'yabeda-rails'
gem 'yabeda-sidekiq' gem 'yabeda-sidekiq'
gem 'zipline' gem 'zipline'
gem 'zxcvbn-ruby', require: 'zxcvbn' gem 'zxcvbn'
group :test do group :test do
gem 'axe-core-rspec' # accessibility rspec matchers gem 'axe-core-rspec' # accessibility rspec matchers
@ -127,6 +129,7 @@ group :test do
gem 'shoulda-matchers', require: false gem 'shoulda-matchers', require: false
gem 'simplecov', require: false gem 'simplecov', require: false
gem 'simplecov-cobertura', require: false gem 'simplecov-cobertura', require: false
gem "test-prof"
gem 'timecop' gem 'timecop'
gem 'vcr' gem 'vcr'
gem 'webmock' gem 'webmock'

210
machines/compute01/ds-fr/package/rubyEnv/Gemfile.lock
View file

@ -12,47 +12,47 @@ GEM
aasm (5.5.0) aasm (5.5.0)
concurrent-ruby (~> 1.0) concurrent-ruby (~> 1.0)
acsv (0.0.1) acsv (0.0.1)
actioncable (7.0.8.1) actioncable (7.0.8.4)
actionpack (= 7.0.8.1) actionpack (= 7.0.8.4)
activesupport (= 7.0.8.1) activesupport (= 7.0.8.4)
nio4r (~> 2.0) nio4r (~> 2.0)
websocket-driver (>= 0.6.1) websocket-driver (>= 0.6.1)
actionmailbox (7.0.8.1) actionmailbox (7.0.8.4)
actionpack (= 7.0.8.1) actionpack (= 7.0.8.4)
activejob (= 7.0.8.1) activejob (= 7.0.8.4)
activerecord (= 7.0.8.1) activerecord (= 7.0.8.4)
activestorage (= 7.0.8.1) activestorage (= 7.0.8.4)
activesupport (= 7.0.8.1) activesupport (= 7.0.8.4)
mail (>= 2.7.1) mail (>= 2.7.1)
net-imap net-imap
net-pop net-pop
net-smtp net-smtp
actionmailer (7.0.8.1) actionmailer (7.0.8.4)
actionpack (= 7.0.8.1) actionpack (= 7.0.8.4)
actionview (= 7.0.8.1) actionview (= 7.0.8.4)
activejob (= 7.0.8.1) activejob (= 7.0.8.4)
activesupport (= 7.0.8.1) activesupport (= 7.0.8.4)
mail (~> 2.5, >= 2.5.4) mail (~> 2.5, >= 2.5.4)
net-imap net-imap
net-pop net-pop
net-smtp net-smtp
rails-dom-testing (~> 2.0) rails-dom-testing (~> 2.0)
actionpack (7.0.8.1) actionpack (7.0.8.4)
actionview (= 7.0.8.1) actionview (= 7.0.8.4)
activesupport (= 7.0.8.1) activesupport (= 7.0.8.4)
rack (~> 2.0, >= 2.2.4) rack (~> 2.0, >= 2.2.4)
rack-test (>= 0.6.3) rack-test (>= 0.6.3)
rails-dom-testing (~> 2.0) rails-dom-testing (~> 2.0)
rails-html-sanitizer (~> 1.0, >= 1.2.0) rails-html-sanitizer (~> 1.0, >= 1.2.0)
actiontext (7.0.8.1) actiontext (7.0.8.4)
actionpack (= 7.0.8.1) actionpack (= 7.0.8.4)
activerecord (= 7.0.8.1) activerecord (= 7.0.8.4)
activestorage (= 7.0.8.1) activestorage (= 7.0.8.4)
activesupport (= 7.0.8.1) activesupport (= 7.0.8.4)
globalid (>= 0.6.0) globalid (>= 0.6.0)
nokogiri (>= 1.8.5) nokogiri (>= 1.8.5)
actionview (7.0.8.1) actionview (7.0.8.4)
activesupport (= 7.0.8.1) activesupport (= 7.0.8.4)
builder (~> 3.1) builder (~> 3.1)
erubi (~> 1.4) erubi (~> 1.4)
rails-dom-testing (~> 2.0) rails-dom-testing (~> 2.0)
@ -67,26 +67,26 @@ GEM
activemodel (>= 5.2.0) activemodel (>= 5.2.0)
activestorage (>= 5.2.0) activestorage (>= 5.2.0)
activesupport (>= 5.2.0) activesupport (>= 5.2.0)
activejob (7.0.8.1) activejob (7.0.8.4)
activesupport (= 7.0.8.1) activesupport (= 7.0.8.4)
globalid (>= 0.3.6) globalid (>= 0.3.6)
activemodel (7.0.8.1) activemodel (7.0.8.4)
activesupport (= 7.0.8.1) activesupport (= 7.0.8.4)
activerecord (7.0.8.1) activerecord (7.0.8.4)
activemodel (= 7.0.8.1) activemodel (= 7.0.8.4)
activesupport (= 7.0.8.1) activesupport (= 7.0.8.4)
activestorage (7.0.8.1) activestorage (7.0.8.4)
actionpack (= 7.0.8.1) actionpack (= 7.0.8.4)
activejob (= 7.0.8.1) activejob (= 7.0.8.4)
activerecord (= 7.0.8.1) activerecord (= 7.0.8.4)
activesupport (= 7.0.8.1) activesupport (= 7.0.8.4)
marcel (~> 1.0) marcel (~> 1.0)
mini_mime (>= 1.1.0) mini_mime (>= 1.1.0)
activestorage-openstack (1.6.0) activestorage-openstack (1.6.0)
fog-openstack (>= 1.0.9) fog-openstack (>= 1.0.9)
marcel marcel
rails (>= 5.2.2) rails (>= 5.2.2)
activesupport (7.0.8.1) activesupport (7.0.8.4)
concurrent-ruby (~> 1.0, >= 1.0.2) concurrent-ruby (~> 1.0, >= 1.0.2)
i18n (>= 1.6, < 2) i18n (>= 1.6, < 2)
minitest (>= 5.1) minitest (>= 5.1)
@ -144,7 +144,7 @@ GEM
brakeman (6.1.2) brakeman (6.1.2)
racc racc
browser (5.3.1) browser (5.3.1)
builder (3.2.4) builder (3.3.0)
capybara (3.40.0) capybara (3.40.0)
addressable addressable
matrix matrix
@ -157,6 +157,10 @@ GEM
capybara-email (3.0.2) capybara-email (3.0.2)
capybara (>= 2.4, < 4.0) capybara (>= 2.4, < 4.0)
mail mail
capybara-playwright-driver (0.5.2)
addressable
capybara
playwright-ruby-client (>= 1.16.0)
capybara-screenshot (1.0.26) capybara-screenshot (1.0.26)
capybara (>= 1.0, < 4) capybara (>= 1.0, < 4)
launchy launchy
@ -174,7 +178,7 @@ GEM
clamav-client (3.2.0) clamav-client (3.2.0)
coercible (1.0.0) coercible (1.0.0)
descendants_tracker (~> 0.0.1) descendants_tracker (~> 0.0.1)
concurrent-ruby (1.2.3) concurrent-ruby (1.3.4)
connection_pool (2.4.1) connection_pool (2.4.1)
content_disposition (1.0.0) content_disposition (1.0.0)
crack (1.0.0) crack (1.0.0)
@ -209,7 +213,7 @@ GEM
warden (~> 1.2.3) warden (~> 1.2.3)
devise-i18n (1.12.0) devise-i18n (1.12.0)
devise (>= 4.9.0) devise (>= 4.9.0)
devise-two-factor (5.0.0) devise-two-factor (6.0.0)
activesupport (~> 7.0) activesupport (~> 7.0)
devise (~> 4.0) devise (~> 4.0)
railties (~> 7.0) railties (~> 7.0)
@ -234,7 +238,7 @@ GEM
dumb_delegator (1.0.0) dumb_delegator (1.0.0)
email_validator (2.2.4) email_validator (2.2.4)
activemodel activemodel
erubi (1.12.0) erubi (1.13.0)
et-orbi (1.2.11) et-orbi (1.2.11)
tzinfo tzinfo
ethon (0.16.0) ethon (0.16.0)
@ -252,19 +256,20 @@ GEM
faraday-net_http (3.1.0) faraday-net_http (3.1.0)
net-http net-http
ffi (1.16.3) ffi (1.16.3)
flipper (1.2.2) flipper (1.3.0)
concurrent-ruby (< 2) concurrent-ruby (< 2)
flipper-active_record (1.2.2) flipper-active_record (1.3.0)
activerecord (>= 4.2, < 8) activerecord (>= 4.2, < 8)
flipper (~> 1.2.2) flipper (~> 1.3.0)
flipper-active_support_cache_store (1.2.2) flipper-active_support_cache_store (1.3.0)
activesupport (>= 4.2, < 8) activesupport (>= 4.2, < 8)
flipper (~> 1.2.2) flipper (~> 1.3.0)
flipper-ui (1.2.2) flipper-ui (1.3.0)
erubi (>= 1.0.0, < 2.0.0) erubi (>= 1.0.0, < 2.0.0)
flipper (~> 1.2.2) flipper (~> 1.3.0)
rack (>= 1.4, < 4) rack (>= 1.4, < 4)
rack-protection (>= 1.5.3, <= 4.0.0) rack-protection (>= 1.5.3, < 5.0.0)
rack-session (>= 1.0.2, < 3.0.0)
sanitize (< 7) sanitize (< 7)
fog-core (2.4.0) fog-core (2.4.0)
builder builder
@ -278,8 +283,9 @@ GEM
fog-core (~> 2.1) fog-core (~> 2.1)
fog-json (>= 1.0) fog-json (>= 1.0)
formatador (1.1.0) formatador (1.1.0)
fugit (1.10.1) front_matter_parser (1.0.1)
et-orbi (~> 1, >= 1.2.7) fugit (1.11.1)
et-orbi (~> 1, >= 1.2.11)
raabro (~> 1.4) raabro (~> 1.4)
geo_coord (0.2.0) geo_coord (0.2.0)
geocoder (1.8.2) geocoder (1.8.2)
@ -328,7 +334,7 @@ GEM
highline (3.0.1) highline (3.0.1)
htmlentities (4.3.4) htmlentities (4.3.4)
http_accept_language (2.1.1) http_accept_language (2.1.1)
i18n (1.14.4) i18n (1.14.6)
concurrent-ruby (~> 1.0) concurrent-ruby (~> 1.0)
i18n-tasks (1.0.13) i18n-tasks (1.0.13)
activesupport (>= 4.0.2) activesupport (>= 4.0.2)
@ -405,6 +411,7 @@ GEM
listen (3.9.0) listen (3.9.0)
rb-fsevent (~> 0.10, >= 0.10.3) rb-fsevent (~> 0.10, >= 0.10.3)
rb-inotify (~> 0.9, >= 0.9.10) rb-inotify (~> 0.9, >= 0.9.10)
logger (1.6.0)
lograge (0.14.0) lograge (0.14.0)
actionpack (>= 4) actionpack (>= 4)
activesupport (>= 4) activesupport (>= 4)
@ -426,7 +433,7 @@ GEM
job-iteration (>= 1.3.6) job-iteration (>= 1.3.6)
railties (>= 6.0) railties (>= 6.0)
zeitwerk (>= 2.6.2) zeitwerk (>= 2.6.2)
marcel (1.0.2) marcel (1.0.4)
matrix (0.4.2) matrix (0.4.2)
memory_profiler (1.0.1) memory_profiler (1.0.1)
method_source (1.1.0) method_source (1.1.0)
@ -437,25 +444,25 @@ GEM
rake rake
mini_magick (4.12.0) mini_magick (4.12.0)
mini_mime (1.1.5) mini_mime (1.1.5)
mini_portile2 (2.8.6) mini_portile2 (2.8.7)
minitest (5.22.3) minitest (5.25.1)
msgpack (1.7.2) msgpack (1.7.2)
multi_json (1.15.0) multi_json (1.15.0)
mustermann (3.0.0) mustermann (3.0.0)
ruby2_keywords (~> 0.0.1) ruby2_keywords (~> 0.0.1)
net-http (0.4.1) net-http (0.4.1)
uri uri
net-imap (0.4.10) net-imap (0.4.12)
date date
net-protocol net-protocol
net-pop (0.1.2) net-pop (0.1.2)
net-protocol net-protocol
net-protocol (0.2.2) net-protocol (0.2.2)
timeout timeout
net-smtp (0.4.0.1) net-smtp (0.5.0)
net-protocol net-protocol
nio4r (2.7.1) nio4r (2.7.3)
nokogiri (1.16.4) nokogiri (1.16.7)
mini_portile2 (~> 2.8.2) mini_portile2 (~> 2.8.2)
racc (~> 1.4) racc (~> 1.4)
openid_connect (2.3.0) openid_connect (2.3.0)
@ -480,6 +487,9 @@ GEM
pdf-core (0.9.0) pdf-core (0.9.0)
pg (1.5.6) pg (1.5.6)
phonelib (0.8.8) phonelib (0.8.8)
playwright-ruby-client (1.46.0)
concurrent-ruby (>= 1.1.6)
mime-types (>= 3.0)
prawn (2.4.0) prawn (2.4.0)
pdf-core (~> 0.9.0) pdf-core (~> 0.9.0)
ttfunk (~> 1.7) ttfunk (~> 1.7)
@ -502,12 +512,12 @@ GEM
psych (5.1.2) psych (5.1.2)
stringio stringio
public_suffix (5.0.5) public_suffix (5.0.5)
puma (6.4.2) puma (6.4.3)
nio4r (~> 2.0) nio4r (~> 2.0)
pundit (2.3.1) pundit (2.3.1)
activesupport (>= 3.0.0) activesupport (>= 3.0.0)
raabro (1.4.0) raabro (1.4.0)
racc (1.7.3) racc (1.8.1)
rack (2.2.9) rack (2.2.9)
rack-attack (6.7.0) rack-attack (6.7.0)
rack (>= 1.0, < 4) rack (>= 1.0, < 4)
@ -525,25 +535,27 @@ GEM
rack (~> 2.2, >= 2.2.4) rack (~> 2.2, >= 2.2.4)
rack-proxy (0.7.7) rack-proxy (0.7.7)
rack rack
rack-session (1.0.2)
rack (< 3)
rack-test (2.1.0) rack-test (2.1.0)
rack (>= 1.3) rack (>= 1.3)
rack_session_access (0.2.0) rack_session_access (0.2.0)
builder (>= 2.0.0) builder (>= 2.0.0)
rack (>= 1.0.0) rack (>= 1.0.0)
rails (7.0.8.1) rails (7.0.8.4)
actioncable (= 7.0.8.1) actioncable (= 7.0.8.4)
actionmailbox (= 7.0.8.1) actionmailbox (= 7.0.8.4)
actionmailer (= 7.0.8.1) actionmailer (= 7.0.8.4)
actionpack (= 7.0.8.1) actionpack (= 7.0.8.4)
actiontext (= 7.0.8.1) actiontext (= 7.0.8.4)
actionview (= 7.0.8.1) actionview (= 7.0.8.4)
activejob (= 7.0.8.1) activejob (= 7.0.8.4)
activemodel (= 7.0.8.1) activemodel (= 7.0.8.4)
activerecord (= 7.0.8.1) activerecord (= 7.0.8.4)
activestorage (= 7.0.8.1) activestorage (= 7.0.8.4)
activesupport (= 7.0.8.1) activesupport (= 7.0.8.4)
bundler (>= 1.15.0) bundler (>= 1.15.0)
railties (= 7.0.8.1) railties (= 7.0.8.4)
rails-controller-testing (1.0.5) rails-controller-testing (1.0.5)
actionpack (>= 5.0.1.rc1) actionpack (>= 5.0.1.rc1)
actionview (>= 5.0.1.rc1) actionview (>= 5.0.1.rc1)
@ -566,9 +578,9 @@ GEM
rails-pg-extras (5.3.1) rails-pg-extras (5.3.1)
rails rails
ruby-pg-extras (= 5.3.1) ruby-pg-extras (= 5.3.1)
railties (7.0.8.1) railties (7.0.8.4)
actionpack (= 7.0.8.1) actionpack (= 7.0.8.4)
activesupport (= 7.0.8.1) activesupport (= 7.0.8.4)
method_source method_source
rake (>= 12.2) rake (>= 12.2)
thor (~> 1.0) thor (~> 1.0)
@ -594,7 +606,8 @@ GEM
responders (3.1.1) responders (3.1.1)
actionpack (>= 5.2) actionpack (>= 5.2)
railties (>= 5.2) railties (>= 5.2)
rexml (3.2.6) rexml (3.3.6)
strscan
rodf (1.2.0) rodf (1.2.0)
builder (>= 3.0) builder (>= 3.0)
rubyzip (>= 1.0) rubyzip (>= 1.0)
@ -674,7 +687,7 @@ GEM
nokogiri (>= 1.6.2) nokogiri (>= 1.6.2)
rexml rexml
xmlenc (>= 0.7.1) xmlenc (>= 0.7.1)
sanitize (6.1.0) sanitize (6.1.2)
crass (~> 1.0.2) crass (~> 1.0.2)
nokogiri (>= 1.12.0) nokogiri (>= 1.12.0)
sass (3.7.4) sass (3.7.4)
@ -693,10 +706,11 @@ GEM
scss_lint (0.60.0) scss_lint (0.60.0)
sass (~> 3.5, >= 3.5.5) sass (~> 3.5, >= 3.5.5)
selectize-rails (0.12.6) selectize-rails (0.12.6)
selenium-devtools (0.123.0) selenium-devtools (0.126.0)
selenium-webdriver (~> 4.2) selenium-webdriver (~> 4.2)
selenium-webdriver (4.19.0) selenium-webdriver (4.22.0)
base64 (~> 0.2) base64 (~> 0.2)
logger (~> 1.4)
rexml (~> 3.2, >= 3.2.5) rexml (~> 3.2, >= 3.2.5)
rubyzip (>= 1.2.2, < 3.0) rubyzip (>= 1.2.2, < 3.0)
websocket (~> 1.0) websocket (~> 1.0)
@ -718,7 +732,7 @@ GEM
addressable (~> 2.3, >= 2.3.0) addressable (~> 2.3, >= 2.3.0)
json (~> 2.1, >= 2.1.0) json (~> 2.1, >= 2.1.0)
typhoeus (~> 1.0, >= 1.0.1) typhoeus (~> 1.0, >= 1.0.1)
sidekiq (7.2.2) sidekiq (7.2.4)
concurrent-ruby (< 2) concurrent-ruby (< 2)
connection_pool (>= 2.3.0) connection_pool (>= 2.3.0)
rack (>= 2.2.4) rack (>= 2.2.4)
@ -763,9 +777,11 @@ GEM
activesupport (>= 5.2) activesupport (>= 5.2)
sprockets (>= 3.0.0) sprockets (>= 3.0.0)
stackprof (0.2.26) stackprof (0.2.26)
string-similarity (2.1.0)
stringio (3.1.0) stringio (3.1.0)
strong_migrations (1.8.0) strong_migrations (1.8.0)
activerecord (>= 5.2) activerecord (>= 5.2)
strscan (3.1.0)
swd (2.0.3) swd (2.0.3)
activesupport (>= 3) activesupport (>= 3)
attr_required (>= 0.0.5) attr_required (>= 0.0.5)
@ -777,7 +793,8 @@ GEM
temple (0.8.2) temple (0.8.2)
terminal-table (3.0.2) terminal-table (3.0.2)
unicode-display_width (>= 1.1.1, < 3) unicode-display_width (>= 1.1.1, < 3)
thor (1.3.1) test-prof (1.3.3)
thor (1.3.2)
thread_safe (0.3.6) thread_safe (0.3.6)
tilt (2.3.0) tilt (2.3.0)
timecop (0.9.8) timecop (0.9.8)
@ -831,7 +848,7 @@ GEM
addressable (>= 2.8.0) addressable (>= 2.8.0)
crack (>= 0.3.2) crack (>= 0.3.2)
hashdiff (>= 0.4.0, < 2.0.0) hashdiff (>= 0.4.0, < 2.0.0)
webrick (1.8.1) webrick (1.8.2)
websocket (1.2.10) websocket (1.2.10)
websocket-driver (0.7.6) websocket-driver (0.7.6)
websocket-extensions (>= 0.1.0) websocket-extensions (>= 0.1.0)
@ -849,33 +866,21 @@ GEM
anyway_config (>= 1.0, < 3) anyway_config (>= 1.0, < 3)
concurrent-ruby concurrent-ruby
dry-initializer dry-initializer
yabeda-graphql (0.2.3)
graphql (>= 1.9, < 3)
yabeda (~> 0.2)
yabeda-prometheus (0.9.1) yabeda-prometheus (0.9.1)
prometheus-client (>= 3.0, < 5.0) prometheus-client (>= 3.0, < 5.0)
rack rack
yabeda (~> 0.10) yabeda (~> 0.10)
yabeda-puma-plugin (0.7.1)
json
puma
yabeda (~> 0.5)
yabeda-rails (0.9.0)
activesupport
anyway_config (>= 1.3, < 3)
railties
yabeda (~> 0.8)
yabeda-sidekiq (0.12.0) yabeda-sidekiq (0.12.0)
anyway_config (>= 1.3, < 3) anyway_config (>= 1.3, < 3)
sidekiq sidekiq
yabeda (~> 0.6) yabeda (~> 0.6)
zeitwerk (2.6.13) zeitwerk (2.6.18)
zip_tricks (5.6.0) zip_tricks (5.6.0)
zipline (1.5.0) zipline (1.5.0)
actionpack (>= 6.0, < 8.0) actionpack (>= 6.0, < 8.0)
content_disposition (~> 1.0) content_disposition (~> 1.0)
zip_tricks (>= 4.2.1, < 6.0) zip_tricks (>= 4.2.1, < 6.0)
zxcvbn-ruby (1.2.0) zxcvbn (0.1.11)
PLATFORMS PLATFORMS
ruby ruby
@ -901,6 +906,7 @@ DEPENDENCIES
browser browser
capybara capybara
capybara-email capybara-email
capybara-playwright-driver
capybara-screenshot capybara-screenshot
charlock_holmes charlock_holmes
chartkick chartkick
@ -923,6 +929,7 @@ DEPENDENCIES
flipper-active_record flipper-active_record
flipper-active_support_cache_store flipper-active_support_cache_store
flipper-ui flipper-ui
front_matter_parser
fugit fugit
geo_coord geo_coord
geocoder geocoder
@ -1009,8 +1016,10 @@ DEPENDENCIES
spring spring
spring-commands-rspec spring-commands-rspec
stackprof stackprof
string-similarity
strong_migrations strong_migrations
sys-proctable sys-proctable
test-prof
timecop timecop
turbo-rails turbo-rails
typhoeus typhoeus
@ -1022,13 +1031,10 @@ DEPENDENCIES
web-console web-console
webmock webmock
webrick webrick
yabeda-graphql
yabeda-prometheus yabeda-prometheus
yabeda-puma-plugin
yabeda-rails
yabeda-sidekiq yabeda-sidekiq
zipline zipline
zxcvbn-ruby zxcvbn
BUNDLED WITH BUNDLED WITH
2.5.9 2.5.9

311
machines/compute01/ds-fr/package/rubyEnv/gemset.nix
View file

@ -31,10 +31,10 @@
platforms = [ ]; platforms = [ ];
source = { source = {
remotes = [ "https://rubygems.org" ]; remotes = [ "https://rubygems.org" ];
sha256 = "0j86qjs1zw34p0p7d5napa1vvwqlvm9nmv7ckxxhcba1qv4dspmw"; sha256 = "1c46q4ykf8cqcpzad7zhkrxjhvf92sil0185zvxwzhj95p1zp5vr";
type = "gem"; type = "gem";
}; };
version = "7.0.8.1"; version = "7.0.8.4";
}; };
actionmailbox = { actionmailbox = {
dependencies = [ dependencies = [
@ -52,10 +52,10 @@
platforms = [ ]; platforms = [ ];
source = { source = {
remotes = [ "https://rubygems.org" ]; remotes = [ "https://rubygems.org" ];
sha256 = "1f68h8cl6dqbz7mq3x43s0s82291nani3bz1hrxkk2qpgda23mw9"; sha256 = "0x100vq4rf2c5ndz8ai00hb5gsb9ax2xqc89dsfzzhxbpa9gs9ik";
type = "gem"; type = "gem";
}; };
version = "7.0.8.1"; version = "7.0.8.4";
}; };
actionmailer = { actionmailer = {
dependencies = [ dependencies = [
@ -76,10 +76,10 @@
platforms = [ ]; platforms = [ ];
source = { source = {
remotes = [ "https://rubygems.org" ]; remotes = [ "https://rubygems.org" ];
sha256 = "077j47jsg0wqwx5b13n4h0g3g409b6kfrlazpzgjpa3pal74f7sc"; sha256 = "1hds7b6n7vsa64fmma7wl7x9mxscr89myfb13vxni5fcns1agwzr";
type = "gem"; type = "gem";
}; };
version = "7.0.8.1"; version = "7.0.8.4";
}; };
actionpack = { actionpack = {
dependencies = [ dependencies = [
@ -98,10 +98,10 @@
platforms = [ ]; platforms = [ ];
source = { source = {
remotes = [ "https://rubygems.org" ]; remotes = [ "https://rubygems.org" ];
sha256 = "0jh83rqd6glys1b2wsihzsln8yk6zdwgiyn9xncyiav9rcwjpkax"; sha256 = "18k05a55i0xgyv60lx0m1psnyncn935j76ivbp9hssqpij00jj1f";
type = "gem"; type = "gem";
}; };
version = "7.0.8.1"; version = "7.0.8.4";
}; };
actiontext = { actiontext = {
dependencies = [ dependencies = [
@ -116,10 +116,10 @@
platforms = [ ]; platforms = [ ];
source = { source = {
remotes = [ "https://rubygems.org" ]; remotes = [ "https://rubygems.org" ];
sha256 = "044qi3zhzxlfq7slc2pb9ky9mdivp1m1sjyhjvnsi64ggq7cvr22"; sha256 = "1g54g1kjyrwv9g592gxfz7z6ksmj916l1cgkxk54zhywxf6gpn0y";
type = "gem"; type = "gem";
}; };
version = "7.0.8.1"; version = "7.0.8.4";
}; };
actionview = { actionview = {
dependencies = [ dependencies = [
@ -137,10 +137,10 @@
platforms = [ ]; platforms = [ ];
source = { source = {
remotes = [ "https://rubygems.org" ]; remotes = [ "https://rubygems.org" ];
sha256 = "1ygpg75f3ffdcbxvf7s14xw3hcjin1nnx1nk3mg9mj2xc1nb60aa"; sha256 = "03rfynhj40270dqhkm4cyaphzb37b4fdiaqh9grvcfq760vx7ha5";
type = "gem"; type = "gem";
}; };
version = "7.0.8.1"; version = "7.0.8.4";
}; };
active_model_serializers = { active_model_serializers = {
dependencies = [ dependencies = [
@ -186,10 +186,10 @@
platforms = [ ]; platforms = [ ];
source = { source = {
remotes = [ "https://rubygems.org" ]; remotes = [ "https://rubygems.org" ];
sha256 = "0yql9v4cd1xbqgnzlf3cv4a6sm26v2y4gsgcbbfgvfc0hhlfjklg"; sha256 = "1b54didwsg5p8wn30qjwspzh97w7g07hrsdzr7wdrdly4zii7sr1";
type = "gem"; type = "gem";
}; };
version = "7.0.8.1"; version = "7.0.8.4";
}; };
activemodel = { activemodel = {
dependencies = [ "activesupport" ]; dependencies = [ "activesupport" ];
@ -200,10 +200,10 @@
platforms = [ ]; platforms = [ ];
source = { source = {
remotes = [ "https://rubygems.org" ]; remotes = [ "https://rubygems.org" ];
sha256 = "0grdpvglh0cj96qhlxjj9bcfqkh13c1pfpcwc9ld3aw0yzvsw5a1"; sha256 = "1mi5cppdmkzgr2z135ibs0bq71qndbnip0vfflz1n4j4hqnhjkpg";
type = "gem"; type = "gem";
}; };
version = "7.0.8.1"; version = "7.0.8.4";
}; };
activerecord = { activerecord = {
dependencies = [ dependencies = [
@ -217,10 +217,10 @@
platforms = [ ]; platforms = [ ];
source = { source = {
remotes = [ "https://rubygems.org" ]; remotes = [ "https://rubygems.org" ];
sha256 = "0rlky1cr5kcdl0jad3nk5jpim6vjzbgkfhxnk7y492b3j2nznpcf"; sha256 = "1pkv0jvvjc3grr0rvxni9b3j3hb22jaj0h70g476h9w54p0aljcb";
type = "gem"; type = "gem";
}; };
version = "7.0.8.1"; version = "7.0.8.4";
}; };
activestorage = { activestorage = {
dependencies = [ dependencies = [
@ -235,10 +235,10 @@
platforms = [ ]; platforms = [ ];
source = { source = {
remotes = [ "https://rubygems.org" ]; remotes = [ "https://rubygems.org" ];
sha256 = "0f4g3589i5ii4gdfazv6d9rjinr16aarh6g12v8378ck7jll3mhz"; sha256 = "1qdqx20dqkg7iwzb8q5148x5sl9mr2063hxzy4i7i94af2d2vz6b";
type = "gem"; type = "gem";
}; };
version = "7.0.8.1"; version = "7.0.8.4";
}; };
activestorage-openstack = { activestorage-openstack = {
dependencies = [ dependencies = [
@ -270,10 +270,10 @@
platforms = [ ]; platforms = [ ];
source = { source = {
remotes = [ "https://rubygems.org" ]; remotes = [ "https://rubygems.org" ];
sha256 = "0ff3x7q400flzhml131ix8zfwmh13h70rs6yzbzf513g781gbbxh"; sha256 = "15z11983ws5svibg6rky9k2mgd4d4chnvddyxfpgn81b81q70139";
type = "gem"; type = "gem";
}; };
version = "7.0.8.1"; version = "7.0.8.4";
}; };
addressable = { addressable = {
dependencies = [ "public_suffix" ]; dependencies = [ "public_suffix" ];
@ -587,10 +587,10 @@
platforms = [ ]; platforms = [ ];
source = { source = {
remotes = [ "https://rubygems.org" ]; remotes = [ "https://rubygems.org" ];
sha256 = "045wzckxpwcqzrjr353cxnyaxgf0qg22jh00dcx7z38cys5g1jlr"; sha256 = "0pw3r2lyagsxkm71bf44v5b74f7l9r7di22brbyji9fwz791hya9";
type = "gem"; type = "gem";
}; };
version = "3.2.4"; version = "3.3.0";
}; };
capybara = { capybara = {
dependencies = [ dependencies = [
@ -626,6 +626,21 @@
}; };
version = "3.0.2"; version = "3.0.2";
}; };
capybara-playwright-driver = {
dependencies = [
"addressable"
"capybara"
"playwright-ruby-client"
];
groups = [ "default" ];
platforms = [ ];
source = {
remotes = [ "https://rubygems.org" ];
sha256 = "0a0pzvajqhzhi8nmj5w7s5izndd52vbc55ml26p2wk9ddjd8zlb5";
type = "gem";
};
version = "0.5.2";
};
capybara-screenshot = { capybara-screenshot = {
dependencies = [ dependencies = [
"capybara" "capybara"
@ -743,10 +758,10 @@
platforms = [ ]; platforms = [ ];
source = { source = {
remotes = [ "https://rubygems.org" ]; remotes = [ "https://rubygems.org" ];
sha256 = "1qh1b14jwbbj242klkyz5fc7npd4j0mvndz62gajhvl1l3wd7zc2"; sha256 = "0chwfdq2a6kbj6xz9l6zrdfnyghnh32si82la1dnpa5h75ir5anl";
type = "gem"; type = "gem";
}; };
version = "1.2.3"; version = "1.3.4";
}; };
connection_pool = { connection_pool = {
groups = [ "default" ]; groups = [ "default" ];
@ -950,10 +965,10 @@
platforms = [ ]; platforms = [ ];
source = { source = {
remotes = [ "https://rubygems.org" ]; remotes = [ "https://rubygems.org" ];
sha256 = "1hh0yc85ixnan90hibz3nba6pamhscxfr1zaymxgv3vw5icv50ya"; sha256 = "1yx6ym8a9szwnq9yziljidqjn6gf99blvz1yib9qdd0qcg5x5hp8";
type = "gem"; type = "gem";
}; };
version = "5.0.0"; version = "6.0.0";
}; };
diff-lcs = { diff-lcs = {
groups = [ groups = [
@ -1099,10 +1114,10 @@
platforms = [ ]; platforms = [ ];
source = { source = {
remotes = [ "https://rubygems.org" ]; remotes = [ "https://rubygems.org" ];
sha256 = "08s75vs9cxlc4r1q2bjg4br8g9wc5lc5x5vl0vv4zq5ivxsdpgi7"; sha256 = "0qnd6ff4az22ysnmni3730c41b979xinilahzg86bn7gv93ip9pw";
type = "gem"; type = "gem";
}; };
version = "1.12.0"; version = "1.13.0";
}; };
et-orbi = { et-orbi = {
dependencies = [ "tzinfo" ]; dependencies = [ "tzinfo" ];
@ -1213,10 +1228,10 @@
platforms = [ ]; platforms = [ ];
source = { source = {
remotes = [ "https://rubygems.org" ]; remotes = [ "https://rubygems.org" ];
sha256 = "1rf5jgb6wv1zqf79arj94z67z7l7nw4xb9rlwm3cwvizs33gq0p0"; sha256 = "12vj0ilxykfc2hwi9b5hz441qni1wx7agvkys5v8avkp4dgzlfww";
type = "gem"; type = "gem";
}; };
version = "1.2.2"; version = "1.3.0";
}; };
flipper-active_record = { flipper-active_record = {
dependencies = [ dependencies = [
@ -1227,10 +1242,10 @@
platforms = [ ]; platforms = [ ];
source = { source = {
remotes = [ "https://rubygems.org" ]; remotes = [ "https://rubygems.org" ];
sha256 = "1qb6vwdjppivba0dbqyfkfhbvg3d5klx5zparz5n14gchmmk9k2k"; sha256 = "0zslli5da0x0nw4xs1h6fbnjahhs84nb2pn1wq6pgmq3c50wjlcr";
type = "gem"; type = "gem";
}; };
version = "1.2.2"; version = "1.3.0";
}; };
flipper-active_support_cache_store = { flipper-active_support_cache_store = {
dependencies = [ dependencies = [
@ -1241,10 +1256,10 @@
platforms = [ ]; platforms = [ ];
source = { source = {
remotes = [ "https://rubygems.org" ]; remotes = [ "https://rubygems.org" ];
sha256 = "1brm8q793ywcchp4wa7mmkmmy5903z212kr9ck4v0fz502kc64xl"; sha256 = "1zra7lh8yzc45d4p6wyvfv4m53pnb6vna2gc3xisss10ldgh1abr";
type = "gem"; type = "gem";
}; };
version = "1.2.2"; version = "1.3.0";
}; };
flipper-ui = { flipper-ui = {
dependencies = [ dependencies = [
@ -1252,16 +1267,17 @@
"flipper" "flipper"
"rack" "rack"
"rack-protection" "rack-protection"
"rack-session"
"sanitize" "sanitize"
]; ];
groups = [ "default" ]; groups = [ "default" ];
platforms = [ ]; platforms = [ ];
source = { source = {
remotes = [ "https://rubygems.org" ]; remotes = [ "https://rubygems.org" ];
sha256 = "15c1j07661rgmmv61kviis5y997hmq8b0w5829x2gchvha6hdmlv"; sha256 = "1khq1fmixahizhiysqdnm3zlyfy84na0g2vyncd2xyskqp7l3szs";
type = "gem"; type = "gem";
}; };
version = "1.2.2"; version = "1.3.0";
}; };
fog-core = { fog-core = {
dependencies = [ dependencies = [
@ -1317,6 +1333,16 @@
}; };
version = "1.1.0"; version = "1.1.0";
}; };
front_matter_parser = {
groups = [ "default" ];
platforms = [ ];
source = {
remotes = [ "https://rubygems.org" ];
sha256 = "0yvvxcym75csvckkg3bcf739ild3f0b2yifnlj45gf8xl2yriqms";
type = "gem";
};
version = "1.0.1";
};
fugit = { fugit = {
dependencies = [ dependencies = [
"et-orbi" "et-orbi"
@ -1326,10 +1352,10 @@
platforms = [ ]; platforms = [ ];
source = { source = {
remotes = [ "https://rubygems.org" ]; remotes = [ "https://rubygems.org" ];
sha256 = "10m9b2gvwfvmm61000mq7n8q7pk2xkxmizgfydpis66n2ybrhwh5"; sha256 = "0s4qhq3mjl0gak5wl20w9d5jhq069mk1393dkj76s8i2pvkqb578";
type = "gem"; type = "gem";
}; };
version = "1.10.1"; version = "1.11.1";
}; };
geo_coord = { geo_coord = {
groups = [ "default" ]; groups = [ "default" ];
@ -1607,10 +1633,10 @@
platforms = [ ]; platforms = [ ];
source = { source = {
remotes = [ "https://rubygems.org" ]; remotes = [ "https://rubygems.org" ];
sha256 = "0lbm33fpb3w06wd2231sg58dwlwgjsvym93m548ajvl6s3mfvpn7"; sha256 = "0k31wcgnvcvd14snz0pfqj976zv6drfsnq6x8acz10fiyms9l8nw";
type = "gem"; type = "gem";
}; };
version = "1.14.4"; version = "1.14.6";
}; };
i18n-tasks = { i18n-tasks = {
dependencies = [ dependencies = [
@ -1959,6 +1985,19 @@
}; };
version = "3.9.0"; version = "3.9.0";
}; };
logger = {
groups = [
"default"
"test"
];
platforms = [ ];
source = {
remotes = [ "https://rubygems.org" ];
sha256 = "0gpg8gzi0xwymw4aaq2iafcbx31i3xzkg3fb30mdxn1d4qhc3dqa";
type = "gem";
};
version = "1.6.0";
};
lograge = { lograge = {
dependencies = [ dependencies = [
"actionpack" "actionpack"
@ -2046,10 +2085,10 @@
platforms = [ ]; platforms = [ ];
source = { source = {
remotes = [ "https://rubygems.org" ]; remotes = [ "https://rubygems.org" ];
sha256 = "0kky3yiwagsk8gfbzn3mvl2fxlh3b39v6nawzm4wpjs6xxvvc4x0"; sha256 = "190n2mk8m1l708kr88fh6mip9sdsh339d2s6sgrik3sbnvz4jmhd";
type = "gem"; type = "gem";
}; };
version = "1.0.2"; version = "1.0.4";
}; };
matrix = { matrix = {
groups = [ groups = [
@ -2156,10 +2195,10 @@
platforms = [ ]; platforms = [ ];
source = { source = {
remotes = [ "https://rubygems.org" ]; remotes = [ "https://rubygems.org" ];
sha256 = "149r94xi6b3jbp6bv72f8383b95ndn0p5sxnq11gs1j9jadv0ajf"; sha256 = "1q1f2sdw3y3y9mnym9dhjgsjr72sq975cfg5c4yx7gwv8nmzbvhk";
type = "gem"; type = "gem";
}; };
version = "2.8.6"; version = "2.8.7";
}; };
minitest = { minitest = {
groups = [ groups = [
@ -2170,10 +2209,10 @@
platforms = [ ]; platforms = [ ];
source = { source = {
remotes = [ "https://rubygems.org" ]; remotes = [ "https://rubygems.org" ];
sha256 = "07lq26b86giy3ha3fhrywk9r1ajhc2pm2mzj657jnpnbj1i6g17a"; sha256 = "1n1akmc6bibkbxkzm1p1wmfb4n9vv397knkgz0ffykb3h1d7kdix";
type = "gem"; type = "gem";
}; };
version = "5.22.3"; version = "5.25.1";
}; };
msgpack = { msgpack = {
groups = [ "default" ]; groups = [ "default" ];
@ -2230,10 +2269,10 @@
platforms = [ ]; platforms = [ ];
source = { source = {
remotes = [ "https://rubygems.org" ]; remotes = [ "https://rubygems.org" ];
sha256 = "0zn7j2w0hc622ig0rslk4iy6yp3937dy9ibhyr1mwwx39n7paxaj"; sha256 = "18yclv06n0cy8jqmi11sd1dl8nasc5n5r1mhan2v51j7jd3z58v3";
type = "gem"; type = "gem";
}; };
version = "0.4.10"; version = "0.4.12";
}; };
net-pop = { net-pop = {
dependencies = [ "net-protocol" ]; dependencies = [ "net-protocol" ];
@ -2275,20 +2314,20 @@
platforms = [ ]; platforms = [ ];
source = { source = {
remotes = [ "https://rubygems.org" ]; remotes = [ "https://rubygems.org" ];
sha256 = "0csspzqrg7s2v2wdp6vqqs1rra6w5ilpgnps5h52ig6rp7x2i389"; sha256 = "0amlhz8fhnjfmsiqcjajip57ici2xhw089x7zqyhpk51drg43h2z";
type = "gem"; type = "gem";
}; };
version = "0.4.0.1"; version = "0.5.0";
}; };
nio4r = { nio4r = {
groups = [ "default" ]; groups = [ "default" ];
platforms = [ ]; platforms = [ ];
source = { source = {
remotes = [ "https://rubygems.org" ]; remotes = [ "https://rubygems.org" ];
sha256 = "15iwbiij52x6jhdbl0rkcldnhfndmsy0sbnsygkr9vhskfqrp72m"; sha256 = "017nbw87dpr4wyk81cgj8kxkxqgsgblrkxnmmadc77cg9gflrfal";
type = "gem"; type = "gem";
}; };
version = "2.7.1"; version = "2.7.3";
}; };
nokogiri = { nokogiri = {
dependencies = [ dependencies = [
@ -2303,10 +2342,10 @@
platforms = [ ]; platforms = [ ];
source = { source = {
remotes = [ "https://rubygems.org" ]; remotes = [ "https://rubygems.org" ];
sha256 = "0i8g0i370jhn2sclml0bg9qlrgf4csi6sy7czbhx8kjbl71idhb2"; sha256 = "15gysw8rassqgdq3kwgl4mhqmrgh7nk2qvrcqp4ijyqazgywn6gq";
type = "gem"; type = "gem";
}; };
version = "1.16.4"; version = "1.16.7";
}; };
openid_connect = { openid_connect = {
dependencies = [ dependencies = [
@ -2412,6 +2451,20 @@
}; };
version = "0.8.8"; version = "0.8.8";
}; };
playwright-ruby-client = {
dependencies = [
"concurrent-ruby"
"mime-types"
];
groups = [ "default" ];
platforms = [ ];
source = {
remotes = [ "https://rubygems.org" ];
sha256 = "1ak52v8nih2n7jhgi4j74ybs7kp3yp2fkcxppgxa59n5hibxvfcz";
type = "gem";
};
version = "1.46.0";
};
prawn = { prawn = {
dependencies = [ dependencies = [
"pdf-core" "pdf-core"
@ -2537,10 +2590,10 @@
platforms = [ ]; platforms = [ ];
source = { source = {
remotes = [ "https://rubygems.org" ]; remotes = [ "https://rubygems.org" ];
sha256 = "0i2vaww6qcazj0ywva1plmjnj6rk23b01szswc5jhcq7s2cikd1y"; sha256 = "0gml1rixrfb0naciq3mrnqkpcvm9ahgps1c04hzxh4b801f69914";
type = "gem"; type = "gem";
}; };
version = "6.4.2"; version = "6.4.3";
}; };
pundit = { pundit = {
dependencies = [ "activesupport" ]; dependencies = [ "activesupport" ];
@ -2572,10 +2625,10 @@
platforms = [ ]; platforms = [ ];
source = { source = {
remotes = [ "https://rubygems.org" ]; remotes = [ "https://rubygems.org" ];
sha256 = "01b9662zd2x9bp4rdjfid07h09zxj7kvn7f5fghbqhzc625ap1dp"; sha256 = "0byn0c9nkahsl93y9ln5bysq4j31q8xkf2ws42swighxd4lnjzsa";
type = "gem"; type = "gem";
}; };
version = "1.7.3"; version = "1.8.1";
}; };
rack = { rack = {
groups = [ groups = [
@ -2656,6 +2709,17 @@
}; };
version = "0.7.7"; version = "0.7.7";
}; };
rack-session = {
dependencies = [ "rack" ];
groups = [ "default" ];
platforms = [ ];
source = {
remotes = [ "https://rubygems.org" ];
sha256 = "0xhxhlsz6shh8nm44jsmd9276zcnyzii364vhcvf0k8b8bjia8d0";
type = "gem";
};
version = "1.0.2";
};
rack-test = { rack-test = {
dependencies = [ "rack" ]; dependencies = [ "rack" ];
groups = [ groups = [
@ -2704,10 +2768,10 @@
platforms = [ ]; platforms = [ ];
source = { source = {
remotes = [ "https://rubygems.org" ]; remotes = [ "https://rubygems.org" ];
sha256 = "1v9dp9sgh8kk32r23mj66zjni7w1dv2h7mbaxgmazsf59a43gsvx"; sha256 = "1sv5jzd3varqzcqm8zxllwiqzgbgcymszw12ci3f9zbzlliq8hby";
type = "gem"; type = "gem";
}; };
version = "7.0.8.1"; version = "7.0.8.4";
}; };
rails-controller-testing = { rails-controller-testing = {
dependencies = [ dependencies = [
@ -2822,10 +2886,10 @@
platforms = [ ]; platforms = [ ];
source = { source = {
remotes = [ "https://rubygems.org" ]; remotes = [ "https://rubygems.org" ];
sha256 = "08ga56kz6a37dnlmi7y45r19fcc7jzb62mrc3ifavbzggmhy7r62"; sha256 = "02z7lqx0y60bzpkd4v67i9sbdh7djs0mm89h343kidx0gmq0kbh0";
type = "gem"; type = "gem";
}; };
version = "7.0.8.1"; version = "7.0.8.4";
}; };
rainbow = { rainbow = {
groups = [ groups = [
@ -2993,6 +3057,7 @@
version = "3.1.1"; version = "3.1.1";
}; };
rexml = { rexml = {
dependencies = [ "strscan" ];
groups = [ groups = [
"default" "default"
"development" "development"
@ -3001,10 +3066,10 @@
platforms = [ ]; platforms = [ ];
source = { source = {
remotes = [ "https://rubygems.org" ]; remotes = [ "https://rubygems.org" ];
sha256 = "05i8518ay14kjbma550mv0jm8a6di8yp5phzrd8rj44z9qnrlrp0"; sha256 = "1ik3in0957l9s6iwdm3nsk4za072cj27riiqgpx6zzcd22flbw3s";
type = "gem"; type = "gem";
}; };
version = "3.2.6"; version = "3.3.6";
}; };
rodf = { rodf = {
dependencies = [ dependencies = [
@ -3409,10 +3474,10 @@
platforms = [ ]; platforms = [ ];
source = { source = {
remotes = [ "https://rubygems.org" ]; remotes = [ "https://rubygems.org" ];
sha256 = "0wsw05y0h1ln3x2kvcw26fs9ivryb4xbjrb4hsk2pishkhydkz4j"; sha256 = "1c9j1rwdp87k7b7mawf8agpdycdr2dsl2wvjipmcy1c55kllp2qp";
type = "gem"; type = "gem";
}; };
version = "6.1.0"; version = "6.1.2";
}; };
sass = { sass = {
dependencies = [ "sass-listen" ]; dependencies = [ "sass-listen" ];
@ -3500,14 +3565,15 @@
platforms = [ ]; platforms = [ ];
source = { source = {
remotes = [ "https://rubygems.org" ]; remotes = [ "https://rubygems.org" ];
sha256 = "0fxhkxpczqg4f7gxdyvc6ccxy9hppnwl3ih03p42f6hbfy5q1x64"; sha256 = "0ph7b947h5cgqyhb5a4jk467bggx48xy619ggh6p38ys8bjszp1l";
type = "gem"; type = "gem";
}; };
version = "0.123.0"; version = "0.126.0";
}; };
selenium-webdriver = { selenium-webdriver = {
dependencies = [ dependencies = [
"base64" "base64"
"logger"
"rexml" "rexml"
"rubyzip" "rubyzip"
"websocket" "websocket"
@ -3516,10 +3582,10 @@
platforms = [ ]; platforms = [ ];
source = { source = {
remotes = [ "https://rubygems.org" ]; remotes = [ "https://rubygems.org" ];
sha256 = "0rjh9s5x7jqaxjfcz2m3hphhlajk9nxs6wdsnia62iba07bd32sc"; sha256 = "0rjxlivsh32xvjq78p1m1sr366aa04wms4hwb2r187ygrnmp0hv4";
type = "gem"; type = "gem";
}; };
version = "4.19.0"; version = "4.22.0";
}; };
sentry-delayed_job = { sentry-delayed_job = {
dependencies = [ dependencies = [
@ -3614,10 +3680,10 @@
platforms = [ ]; platforms = [ ];
source = { source = {
remotes = [ "https://rubygems.org" ]; remotes = [ "https://rubygems.org" ];
sha256 = "18ykb35ab3fsg6jj8h7kb3kbba41sls4nvwn6vxb731iyh10v4h9"; sha256 = "0y079baadqgm73n44jdp24g7jfgq9fds2wbbpqni0pnfhvs043l1";
type = "gem"; type = "gem";
}; };
version = "7.2.2"; version = "7.2.4";
}; };
sidekiq-cron = { sidekiq-cron = {
dependencies = [ dependencies = [
@ -3834,6 +3900,16 @@
}; };
version = "0.2.26"; version = "0.2.26";
}; };
string-similarity = {
groups = [ "default" ];
platforms = [ ];
source = {
remotes = [ "https://rubygems.org" ];
sha256 = "1gx30368nj7wpcnhydyvdg9sj6b4aishm9669zvfvvpx77frp55b";
type = "gem";
};
version = "2.1.0";
};
stringio = { stringio = {
groups = [ groups = [
"default" "default"
@ -3859,6 +3935,20 @@
}; };
version = "1.8.0"; version = "1.8.0";
}; };
strscan = {
groups = [
"default"
"development"
"test"
];
platforms = [ ];
source = {
remotes = [ "https://rubygems.org" ];
sha256 = "0mamrl7pxacbc79ny5hzmakc9grbjysm3yy6119ppgsg44fsif01";
type = "gem";
};
version = "3.1.0";
};
swd = { swd = {
dependencies = [ dependencies = [
"activesupport" "activesupport"
@ -3923,6 +4013,16 @@
}; };
version = "3.0.2"; version = "3.0.2";
}; };
test-prof = {
groups = [ "test" ];
platforms = [ ];
source = {
remotes = [ "https://rubygems.org" ];
sha256 = "0rwnq67qm2ngz066sncvg0dv65bsk29qz3xarbv8qan2hi7yw0qg";
type = "gem";
};
version = "1.3.3";
};
thor = { thor = {
groups = [ groups = [
"default" "default"
@ -3932,10 +4032,10 @@
platforms = [ ]; platforms = [ ];
source = { source = {
remotes = [ "https://rubygems.org" ]; remotes = [ "https://rubygems.org" ];
sha256 = "1vq1fjp45az9hfp6fxljhdrkv75cvbab1jfrwcw738pnsiqk8zps"; sha256 = "1nmymd86a0vb39pzj2cwv57avdrl6pl3lf5bsz58q594kqxjkw7f";
type = "gem"; type = "gem";
}; };
version = "1.3.1"; version = "1.3.2";
}; };
thread_safe = { thread_safe = {
groups = [ groups = [
@ -4240,10 +4340,10 @@
platforms = [ ]; platforms = [ ];
source = { source = {
remotes = [ "https://rubygems.org" ]; remotes = [ "https://rubygems.org" ];
sha256 = "13qm7s0gr2pmfcl7dxrmq38asaza4w0i2n9my4yzs499j731wh8r"; sha256 = "089gy5494j560b242vi173wnbj2913hwlwnjkpzld58r96ilc5s3";
type = "gem"; type = "gem";
}; };
version = "1.8.1"; version = "1.8.2";
}; };
websocket = { websocket = {
groups = [ groups = [
@ -4335,20 +4435,6 @@
}; };
version = "0.12.0"; version = "0.12.0";
}; };
yabeda-graphql = {
dependencies = [
"graphql"
"yabeda"
];
groups = [ "default" ];
platforms = [ ];
source = {
remotes = [ "https://rubygems.org" ];
sha256 = "0y422499vbs4m1555yvqrdjyk7bdg16rnj224zaw1b77d8irmrks";
type = "gem";
};
version = "0.2.3";
};
yabeda-prometheus = { yabeda-prometheus = {
dependencies = [ dependencies = [
"prometheus-client" "prometheus-client"
@ -4364,37 +4450,6 @@
}; };
version = "0.9.1"; version = "0.9.1";
}; };
yabeda-puma-plugin = {
dependencies = [
"json"
"puma"
"yabeda"
];
groups = [ "default" ];
platforms = [ ];
source = {
remotes = [ "https://rubygems.org" ];
sha256 = "0yxifgq9m11n73qz9jgxsapqp67ijm5gp6y5jbdvkdcf7c2p47d4";
type = "gem";
};
version = "0.7.1";
};
yabeda-rails = {
dependencies = [
"activesupport"
"anyway_config"
"railties"
"yabeda"
];
groups = [ "default" ];
platforms = [ ];
source = {
remotes = [ "https://rubygems.org" ];
sha256 = "1nl2jpx561mpwdxf63db9yshhwfmg8k72r8d9yxnsic2wahvy4b0";
type = "gem";
};
version = "0.9.0";
};
yabeda-sidekiq = { yabeda-sidekiq = {
dependencies = [ dependencies = [
"anyway_config" "anyway_config"
@ -4419,10 +4474,10 @@
platforms = [ ]; platforms = [ ];
source = { source = {
remotes = [ "https://rubygems.org" ]; remotes = [ "https://rubygems.org" ];
sha256 = "1m67qmsak3x8ixs8rb971azl3l7wapri65pmbf5z886h46q63f1d"; sha256 = "10cpfdswql21vildiin0q7drg5zfzf2sahnk9hv3nyzzjqwj2bdx";
type = "gem"; type = "gem";
}; };
version = "2.6.13"; version = "2.6.18";
}; };
zip_tricks = { zip_tricks = {
groups = [ "default" ]; groups = [ "default" ];
@ -4449,14 +4504,14 @@
}; };
version = "1.5.0"; version = "1.5.0";
}; };
zxcvbn-ruby = { zxcvbn = {
groups = [ "default" ]; groups = [ "default" ];
platforms = [ ]; platforms = [ ];
source = { source = {
remotes = [ "https://rubygems.org" ]; remotes = [ "https://rubygems.org" ];
sha256 = "0afxvi4hy49civms434l6ndm5wcfq0gf5pkgmw7bjxhwfl5jg0c1"; sha256 = "10pf2nkinn3n2kyyfjck5bzjxayp8rp6dffi17kybaz381gqrbwg";
type = "gem"; type = "gem";
}; };
version = "1.2.0"; version = "0.1.11";
}; };
} }

7
machines/compute01/kanidm/secrets/secrets.nix
View file

@ -1,4 +1,9 @@
(import ../../../../keys).mkSecrets [ "compute01" ] [ let
lib = import ../../../../lib { };
publicKeys = lib.getNodeKeys "compute01";
in
lib.setDefault { inherit publicKeys; } [
"kanidm-password_admin" "kanidm-password_admin"
"kanidm-password_idm_admin" "kanidm-password_idm_admin"
] ]

27
machines/compute01/ollama-proxy.nix
View file

@ -1,27 +0,0 @@
{
pkgs,
nodes,
meta,
...
}:
{
services.nginx = {
enable = true;
recommendedProxySettings = true;
virtualHosts."ollama01.beta.dgnum.eu" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://${meta.network.krz01.netbirdIp}:${toString nodes.krz01.config.services.ollama.port}";
basicAuthFile = pkgs.writeText "ollama-htpasswd" ''
raito:$y$j9T$UDEHpLtM52hRGK0I4qT6M0$N75AhENLqgtJnTGaPzq51imhjZvuPr.ow81Co1ZTcX2
'';
};
};
};
networking.firewall.allowedTCPPorts = [
80
443
];
}

BIN
machines/compute01/secrets/dgsi-x509_cert_file
View file

Binary file not shown.

BIN
machines/compute01/secrets/dgsi-x509_key_file
View file

Binary file not shown.

10
machines/compute01/secrets/secrets.nix
View file

@ -1,13 +1,15 @@
(import ../../../keys).mkSecrets [ "compute01" ] [ let
# List of secrets for compute01 lib = import ../../../lib { };
publicKeys = lib.getNodeKeys "compute01";
in
lib.setDefault { inherit publicKeys; } [
"arkheon-env_file" "arkheon-env_file"
"bupstash-put_key" "bupstash-put_key"
"dgsi-email_host_password_file" "dgsi-email_host_password_file"
"dgsi-kanidm_auth_token_file" "dgsi-kanidm_auth_token_file"
"dgsi-kanidm_secret_file" "dgsi-kanidm_secret_file"
"dgsi-secret_key_file" "dgsi-secret_key_file"
"dgsi-x509_cert_file"
"dgsi-x509_key_file"
"ds-fr-secret_file" "ds-fr-secret_file"
"grafana-oauth_client_secret_file" "grafana-oauth_client_secret_file"
"grafana-smtp_password_file" "grafana-smtp_password_file"

11
machines/compute01/stirling-pdf/default.nix
View file

@ -1,16 +1,7 @@
{ nixpkgs, ... }: { nixpkgs, ... }:
let let
### dgn-id = "f756a0f47e704db815a7af6786f6eb0aec628d6b";
# How to update:
# - clone https://git.dgnum.eu/DGNum/Stirling-PDF
# - switch to the branch dgn-v0.X.Y where X.Y is the version in production
# - fetch upstream changes up to the tagged release in nixos-unstable
# - rebase onto the upstream branch, so that the last commit is "feat: Add DGNum customization"
# - push to a new branch dgn-v0.A.B where A.B is the new version
# - finally, update the commit hash of the customization patch
dgn-id = "8f19cb1c9623f8da71f6512c1528d83acc35db57";
in in
{ {

8
machines/geo01/secrets/secrets.nix
View file

@ -1,3 +1,5 @@
(import ../../../keys).mkSecrets [ "geo01" ] [ let
# List of secrets for geo01 lib = import ../../../lib { };
] publicKeys = lib.getNodeKeys "geo01";
in
lib.setDefault { inherit publicKeys; } [ ]

8
machines/geo02/secrets/secrets.nix
View file

@ -1,3 +1,5 @@
(import ../../../keys).mkSecrets [ "geo02" ] [ let
# List of secrets for geo02 lib = import ../../../lib { };
] publicKeys = lib.getNodeKeys "geo02";
in
lib.setDefault { inherit publicKeys; } [ ]

179
machines/krz01/K80-support.patch
View file

@ -1,179 +0,0 @@
From 2abd226ff3093c5a9e18a618fba466853e7ebaf7 Mon Sep 17 00:00:00 2001
From: Raito Bezarius <masterancpp@gmail.com>
Date: Tue, 8 Oct 2024 18:27:41 +0200
Subject: [PATCH] K80 support
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
---
docs/development.md | 6 +++-
docs/gpu.md | 1 +
gpu/amd_linux.go | 6 +++-
gpu/gpu.go | 63 ++++++++++++++++++++++++++++++++++++-----
scripts/build_docker.sh | 2 +-
scripts/build_linux.sh | 2 +-
6 files changed, 69 insertions(+), 11 deletions(-)
diff --git a/docs/development.md b/docs/development.md
index 2f7b9ecf..9da35931 100644
--- a/docs/development.md
+++ b/docs/development.md
@@ -51,7 +51,11 @@ Typically the build scripts will auto-detect CUDA, however, if your Linux distro
or installation approach uses unusual paths, you can specify the location by
specifying an environment variable `CUDA_LIB_DIR` to the location of the shared
libraries, and `CUDACXX` to the location of the nvcc compiler. You can customize
-a set of target CUDA architectures by setting `CMAKE_CUDA_ARCHITECTURES` (e.g. "50;60;70")
+a set of target CUDA architectures by setting `CMAKE_CUDA_ARCHITECTURES` (e.g. "35;37;50;60;70")
+
+To support GPUs older than Compute Capability 5.0, you will need to use an older version of
+the Driver from [Unix Driver Archive](https://www.nvidia.com/en-us/drivers/unix/) (tested with 470) and [CUDA Toolkit Archive](https://developer.nvidia.com/cuda-toolkit-archive) (tested with cuda V11). When you build Ollama, you will need to set two environment variable to adjust the minimum compute capability Ollama supports via `export GOFLAGS="'-ldflags=-w -s \"-X=github.com/ollama/ollama/gpu.CudaComputeMajorMin=3\" \"-X=github.com/ollama/ollama/gpu.CudaComputeMinorMin=5\"'"` and the `CMAKE_CUDA_ARCHITECTURES`. To find the Compute Capability of your older GPU, refer to [GPU Compute Capability](https://developer.nvidia.com/cuda-gpus).
+
Then generate dependencies:
diff --git a/docs/gpu.md b/docs/gpu.md
index a6b559f0..66627611 100644
--- a/docs/gpu.md
+++ b/docs/gpu.md
@@ -28,6 +28,7 @@ Check your compute compatibility to see if your card is supported:
| 5.0 | GeForce GTX | `GTX 750 Ti` `GTX 750` `NVS 810` |
| | Quadro | `K2200` `K1200` `K620` `M1200` `M520` `M5000M` `M4000M` `M3000M` `M2000M` `M1000M` `K620M` `M600M` `M500M` |
+For building locally to support older GPUs, see [developer.md](./development.md#linux-cuda-nvidia)
### GPU Selection
diff --git a/gpu/amd_linux.go b/gpu/amd_linux.go
index 6b08ac2e..768fb97a 100644
--- a/gpu/amd_linux.go
+++ b/gpu/amd_linux.go
@@ -159,7 +159,11 @@ func AMDGetGPUInfo() []GpuInfo {
return []GpuInfo{}
}
- if int(major) < RocmComputeMin {
+ minVer, err := strconv.Atoi(RocmComputeMajorMin)
+ if err != nil {
+ slog.Error("invalid RocmComputeMajorMin setting", "value", RocmComputeMajorMin, "error", err)
+ }
+ if int(major) < minVer {
slog.Warn(fmt.Sprintf("amdgpu too old gfx%d%x%x", major, minor, patch), "gpu", gpuID)
continue
}
diff --git a/gpu/gpu.go b/gpu/gpu.go
index 781e23df..60d68c33 100644
--- a/gpu/gpu.go
+++ b/gpu/gpu.go
@@ -16,6 +16,7 @@ import (
"os"
"path/filepath"
"runtime"
+ "strconv"
"strings"
"sync"
"unsafe"
@@ -38,9 +39,11 @@ const (
var gpuMutex sync.Mutex
// With our current CUDA compile flags, older than 5.0 will not work properly
-var CudaComputeMin = [2]C.int{5, 0}
+// (string values used to allow ldflags overrides at build time)
+var CudaComputeMajorMin = "5"
+var CudaComputeMinorMin = "0"
-var RocmComputeMin = 9
+var RocmComputeMajorMin = "9"
// TODO find a better way to detect iGPU instead of minimum memory
const IGPUMemLimit = 1 * format.GibiByte // 512G is what they typically report, so anything less than 1G must be iGPU
@@ -175,11 +178,57 @@ func GetGPUInfo() GpuInfoList {
var memInfo C.mem_info_t
resp := []GpuInfo{}
- // NVIDIA first
- for i := 0; i < gpuHandles.deviceCount; i++ {
- // TODO once we support CPU compilation variants of GPU libraries refine this...
- if cpuVariant == "" && runtime.GOARCH == "amd64" {
- continue
+ // Load ALL libraries
+ cHandles = initCudaHandles()
+ minMajorVer, err := strconv.Atoi(CudaComputeMajorMin)
+ if err != nil {
+ slog.Error("invalid CudaComputeMajorMin setting", "value", CudaComputeMajorMin, "error", err)
+ }
+ minMinorVer, err := strconv.Atoi(CudaComputeMinorMin)
+ if err != nil {
+ slog.Error("invalid CudaComputeMinorMin setting", "value", CudaComputeMinorMin, "error", err)
+ }
+
+ // NVIDIA
+ for i := range cHandles.deviceCount {
+ if cHandles.cudart != nil || cHandles.nvcuda != nil {
+ gpuInfo := CudaGPUInfo{
+ GpuInfo: GpuInfo{
+ Library: "cuda",
+ },
+ index: i,
+ }
+ var driverMajor int
+ var driverMinor int
+ if cHandles.cudart != nil {
+ C.cudart_bootstrap(*cHandles.cudart, C.int(i), &memInfo)
+ } else {
+ C.nvcuda_bootstrap(*cHandles.nvcuda, C.int(i), &memInfo)
+ driverMajor = int(cHandles.nvcuda.driver_major)
+ driverMinor = int(cHandles.nvcuda.driver_minor)
+ }
+ if memInfo.err != nil {
+ slog.Info("error looking up nvidia GPU memory", "error", C.GoString(memInfo.err))
+ C.free(unsafe.Pointer(memInfo.err))
+ continue
+ }
+
+ if int(memInfo.major) < minMajorVer || (int(memInfo.major) == minMajorVer && int(memInfo.minor) < minMinorVer) {
+ slog.Info(fmt.Sprintf("[%d] CUDA GPU is too old. Compute Capability detected: %d.%d", i, memInfo.major, memInfo.minor))
+ continue
+ }
+ gpuInfo.TotalMemory = uint64(memInfo.total)
+ gpuInfo.FreeMemory = uint64(memInfo.free)
+ gpuInfo.ID = C.GoString(&memInfo.gpu_id[0])
+ gpuInfo.Compute = fmt.Sprintf("%d.%d", memInfo.major, memInfo.minor)
+ gpuInfo.MinimumMemory = cudaMinimumMemory
+ gpuInfo.DependencyPath = depPath
+ gpuInfo.Name = C.GoString(&memInfo.gpu_name[0])
+ gpuInfo.DriverMajor = driverMajor
+ gpuInfo.DriverMinor = driverMinor
+
+ // TODO potentially sort on our own algorithm instead of what the underlying GPU library does...
+ cudaGPUs = append(cudaGPUs, gpuInfo)
}
gpuInfo := GpuInfo{
Library: "cuda",
diff --git a/scripts/build_docker.sh b/scripts/build_docker.sh
index e91c56ed..c03bc25f 100755
--- a/scripts/build_docker.sh
+++ b/scripts/build_docker.sh
@@ -3,7 +3,7 @@
set -eu
export VERSION=${VERSION:-$(git describe --tags --first-parent --abbrev=7 --long --dirty --always | sed -e "s/^v//g")}
-export GOFLAGS="'-ldflags=-w -s \"-X=github.com/ollama/ollama/version.Version=$VERSION\" \"-X=github.com/ollama/ollama/server.mode=release\"'"
+export GOFLAGS=${GOFLAGS:-"'-ldflags=-w -s \"-X=github.com/ollama/ollama/version.Version=$VERSION\" \"-X=github.com/ollama/ollama/server.mode=release\"'"}
# We use 2 different image repositories to handle combining architecture images into multiarch manifest
# (The ROCm image is x86 only and is not a multiarch manifest)
diff --git a/scripts/build_linux.sh b/scripts/build_linux.sh
index 27c4ff1f..e7e6d0dd 100755
--- a/scripts/build_linux.sh
+++ b/scripts/build_linux.sh
@@ -3,7 +3,7 @@
set -eu
export VERSION=${VERSION:-$(git describe --tags --first-parent --abbrev=7 --long --dirty --always | sed -e "s/^v//g")}
-export GOFLAGS="'-ldflags=-w -s \"-X=github.com/ollama/ollama/version.Version=$VERSION\" \"-X=github.com/ollama/ollama/server.mode=release\"'"
+export GOFLAGS=${GOFLAGS:-"'-ldflags=-w -s \"-X=github.com/ollama/ollama/version.Version=$VERSION\" \"-X=github.com/ollama/ollama/server.mode=release\"'"}
BUILD_ARCH=${BUILD_ARCH:-"amd64 arm64"}
export AMDGPU_TARGETS=${AMDGPU_TARGETS:=""}
--
2.46.0

79
machines/krz01/_configuration.nix
View file

@ -1,79 +0,0 @@
{
config,
lib,
pkgs,
meta,
name,
...
}:
lib.extra.mkConfig {
enabledModules = [
# INFO: This list needs to stay sorted alphabetically
];
enabledServices = [
# INFO: This list needs to stay sorted alphabetically
# Machine learning API machine
"microvm-ml01"
"microvm-router01"
"nvidia-tesla-k80"
"proxmox"
];
extraConfig = {
microvm = {
host.enable = true;
};
dgn-hardware = {
useZfs = true;
zfsPools = [
"dpool"
"ppool0"
];
};
services.netbird.enable = true;
# We are going to use CUDA here.
nixpkgs.config.cudaSupport = true;
hardware.graphics.enable = true;
environment.systemPackages = [
((pkgs.openai-whisper-cpp.override { cudaPackages = pkgs.cudaPackages_11; }).overrideAttrs (old: {
src = pkgs.fetchFromGitHub {
owner = "ggerganov";
repo = "whisper.cpp";
rev = "v1.7.1";
hash = "sha256-EDFUVjud79ZRCzGbOh9L9NcXfN3ikvsqkVSOME9F9oo=";
};
env = {
WHISPER_CUBLAS = "";
GGML_CUDA = "1";
};
# We only need Compute Capability 3.7.
CUDA_ARCH_FLAGS = [ "sm_37" ];
# We are GPU-only anyway.
patches = (old.patches or [ ]) ++ [
./no-weird-microarch.patch
./all-nvcc-arch.patch
];
}))
];
services = {
ollama = {
enable = true;
host = meta.network.${name}.netbirdIp;
package = pkgs.callPackage ./ollama.nix {
cudaPackages = pkgs.cudaPackages_11;
# We need to thread our nvidia x11 driver for CUDA.
extraLibraries = [ config.hardware.nvidia.package ];
};
};
};
networking.firewall.interfaces.wt0.allowedTCPPorts = [ config.services.ollama.port ];
};
root = ./.;
}

50
machines/krz01/_hardware-configuration.nix
View file

@ -1,50 +0,0 @@
{
config,
lib,
modulesPath,
...
}:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot = {
initrd = {
availableKernelModules = [
"ehci_pci"
"ahci"
"mpt3sas"
"usbhid"
"sd_mod"
];
kernelModules = [ ];
};
kernelModules = [ "kvm-intel" ];
extraModulePackages = [ ];
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/92bf4d66-2693-4eca-9b26-f86ae09d468d";
fsType = "ext4";
};
boot.initrd.luks.devices."mainfs" = {
device = "/dev/disk/by-uuid/26f9737b-28aa-4c3f-bd3b-b028283cef88";
keyFileSize = 1;
keyFile = "/dev/zero";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/280C-8844";
fsType = "vfat";
options = [
"fmask=0022"
"dmask=0022"
];
};
swapDevices = [ ];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

26
machines/krz01/all-nvcc-arch.patch
View file

@ -1,26 +0,0 @@
From 2278389ef9ac9231349440aa68f9544ddc69cdc7 Mon Sep 17 00:00:00 2001
From: Raito Bezarius <masterancpp@gmail.com>
Date: Wed, 9 Oct 2024 13:37:08 +0200
Subject: [PATCH] fix: sm_37 for nvcc
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
---
Makefile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Makefile b/Makefile
index 2ccb750..70dfd9b 100644
--- a/Makefile
+++ b/Makefile
@@ -537,7 +537,7 @@ endif #GGML_CUDA_NVCC
ifdef CUDA_DOCKER_ARCH
MK_NVCCFLAGS += -Wno-deprecated-gpu-targets -arch=$(CUDA_DOCKER_ARCH)
else ifndef CUDA_POWER_ARCH
- MK_NVCCFLAGS += -arch=native
+ MK_NVCCFLAGS += -arch=sm_37
endif # CUDA_DOCKER_ARCH
ifdef GGML_CUDA_FORCE_DMMV
--
2.46.0

20
machines/krz01/disable-git.patch
View file

@ -1,20 +0,0 @@
diff --git c/llm/generate/gen_common.sh i/llm/generate/gen_common.sh
index 3825c155..238a74a7 100644
--- c/llm/generate/gen_common.sh
+++ i/llm/generate/gen_common.sh
@@ -69,6 +69,7 @@ git_module_setup() {
}
apply_patches() {
+ return
# apply temporary patches until fix is upstream
for patch in ../patches/*.patch; do
git -c 'user.name=nobody' -c 'user.email=<>' -C ${LLAMACPP_DIR} am ${patch}
@@ -133,6 +134,7 @@ install() {
# Keep the local tree clean after we're done with the build
cleanup() {
+ return
(cd ${LLAMACPP_DIR}/ && git checkout CMakeLists.txt)
if [ -n "$(ls -A ../patches/*.diff)" ]; then

22
machines/krz01/microvm-ml01.nix
View file

@ -1,22 +0,0 @@
_: {
microvm.autostart = [ "ml01" ];
microvm.vms.ml01 = {
config = {
networking.hostName = "ml01";
microvm = {
hypervisor = "cloud-hypervisor";
vcpu = 4;
mem = 4096;
balloonMem = 2048;
shares = [
{
source = "/nix/store";
mountPoint = "/nix/.ro-store";
tag = "ro-store";
proto = "virtiofs";
}
];
};
};
};
}

16
machines/krz01/microvm-router01.nix
View file

@ -1,16 +0,0 @@
_: {
microvm.autostart = [ "router01" ];
microvm.vms.router01 = {
config = {
networking.hostName = "router01";
microvm.shares = [
{
source = "/nix/store";
mountPoint = "/nix/.ro-store";
tag = "ro-store";
proto = "virtiofs";
}
];
};
};
}

34
machines/krz01/no-weird-microarch.patch
View file

@ -1,34 +0,0 @@
From 51568b61ef63ecd97867562571411082c32751d3 Mon Sep 17 00:00:00 2001
From: Raito Bezarius <masterancpp@gmail.com>
Date: Wed, 9 Oct 2024 13:36:51 +0200
Subject: [PATCH] fix: avx & f16c in Makefile
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
---
Makefile | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/Makefile b/Makefile
index 32b7cbb..2ccb750 100644
--- a/Makefile
+++ b/Makefile
@@ -361,12 +361,12 @@ ifndef RISCV
ifeq ($(UNAME_M),$(filter $(UNAME_M),x86_64 i686 amd64))
# Use all CPU extensions that are available:
- MK_CFLAGS += -march=native -mtune=native
- HOST_CXXFLAGS += -march=native -mtune=native
+ # MK_CFLAGS += -march=native -mtune=native
+ # HOST_CXXFLAGS += -march=native -mtune=native
# Usage AVX-only
- #MK_CFLAGS += -mfma -mf16c -mavx
- #MK_CXXFLAGS += -mfma -mf16c -mavx
+ MK_CFLAGS += -mf16c -mavx
+ MK_CXXFLAGS += -mf16c -mavx
# Usage SSSE3-only (Not is SSE3!)
#MK_CFLAGS += -mssse3
--
2.46.0

8
machines/krz01/nvidia-tesla-k80.nix
View file

@ -1,8 +0,0 @@
{ config, ... }:
{
nixpkgs.config.nvidia.acceptLicense = true;
# Tesla K80 is not supported by the latest driver.
hardware.nvidia.package = config.boot.kernelPackages.nvidia_x11_legacy470;
# Don't ask.
services.xserver.videoDrivers = [ "nvidia" ];
}

243
machines/krz01/ollama.nix
View file

@ -1,243 +0,0 @@
{
lib,
buildGoModule,
fetchFromGitHub,
buildEnv,
linkFarm,
overrideCC,
makeWrapper,
stdenv,
addDriverRunpath,
nix-update-script,
cmake,
gcc11,
clblast,
libdrm,
rocmPackages,
cudaPackages,
darwin,
autoAddDriverRunpath,
extraLibraries ? [ ],
nixosTests,
testers,
ollama,
ollama-rocm,
ollama-cuda,
config,
# one of `[ null false "rocm" "cuda" ]`
acceleration ? null,
}:
assert builtins.elem acceleration [
null
false
"rocm"
"cuda"
];
let
pname = "ollama";
version = "2024-09-10-cc35";
src = fetchFromGitHub {
owner = "aliotard";
repo = "ollama";
rev = "34827c01f7723c7f5f9f5e392fe85f5a4a5d5fc0";
hash = "sha256-xFNuqcW7YWeyCyw5QLBnCHHTSMITR6LJkJT0CXZC+Y8=";
fetchSubmodules = true;
};
vendorHash = "sha256-hSxcREAujhvzHVNwnRTfhi0MKI3s8HNavER2VLz6SYk=";
validateFallback = lib.warnIf (config.rocmSupport && config.cudaSupport) (lib.concatStrings [
"both `nixpkgs.config.rocmSupport` and `nixpkgs.config.cudaSupport` are enabled, "
"but they are mutually exclusive; falling back to cpu"
]) (!(config.rocmSupport && config.cudaSupport));
shouldEnable =
mode: fallback: (acceleration == mode) || (fallback && acceleration == null && validateFallback);
rocmRequested = shouldEnable "rocm" config.rocmSupport;
cudaRequested = shouldEnable "cuda" config.cudaSupport;
enableRocm = rocmRequested && stdenv.isLinux;
enableCuda = cudaRequested && stdenv.isLinux;
rocmLibs = [
rocmPackages.clr
rocmPackages.hipblas
rocmPackages.rocblas
rocmPackages.rocsolver
rocmPackages.rocsparse
rocmPackages.rocm-device-libs
rocmPackages.rocm-smi
];
rocmClang = linkFarm "rocm-clang" { llvm = rocmPackages.llvm.clang; };
rocmPath = buildEnv {
name = "rocm-path";
paths = rocmLibs ++ [ rocmClang ];
};
cudaLibs = [
cudaPackages.cuda_cudart
cudaPackages.libcublas
cudaPackages.cuda_cccl
];
cudaToolkit = buildEnv {
name = "cuda-merged";
paths = map lib.getLib cudaLibs ++ [
(lib.getOutput "static" cudaPackages.cuda_cudart)
(lib.getBin (cudaPackages.cuda_nvcc.__spliced.buildHost or cudaPackages.cuda_nvcc))
];
};
metalFrameworks = with darwin.apple_sdk_11_0.frameworks; [
Accelerate
Metal
MetalKit
MetalPerformanceShaders
];
wrapperOptions =
[
# ollama embeds llama-cpp binaries which actually run the ai models
# these llama-cpp binaries are unaffected by the ollama binary's DT_RUNPATH
# LD_LIBRARY_PATH is temporarily required to use the gpu
# until these llama-cpp binaries can have their runpath patched
"--suffix LD_LIBRARY_PATH : '${addDriverRunpath.driverLink}/lib'"
"--suffix LD_LIBRARY_PATH : '${lib.makeLibraryPath (map lib.getLib extraLibraries)}'"
]
++ lib.optionals enableRocm [
"--suffix LD_LIBRARY_PATH : '${rocmPath}/lib'"
"--set-default HIP_PATH '${rocmPath}'"
]
++ lib.optionals enableCuda [
"--suffix LD_LIBRARY_PATH : '${lib.makeLibraryPath (map lib.getLib cudaLibs)}'"
];
wrapperArgs = builtins.concatStringsSep " " wrapperOptions;
goBuild =
if enableCuda then buildGoModule.override { stdenv = overrideCC stdenv gcc11; } else buildGoModule;
inherit (lib) licenses platforms maintainers;
in
goBuild {
inherit
pname
version
src
vendorHash
;
env =
lib.optionalAttrs enableRocm {
ROCM_PATH = rocmPath;
CLBlast_DIR = "${clblast}/lib/cmake/CLBlast";
}
// lib.optionalAttrs enableCuda { CUDA_LIB_DIR = "${cudaToolkit}/lib"; }
// {
CMAKE_CUDA_ARCHITECTURES = "35;37";
};
nativeBuildInputs =
[ cmake ]
++ lib.optionals enableRocm [ rocmPackages.llvm.bintools ]
++ lib.optionals enableCuda [ cudaPackages.cuda_nvcc ]
++ lib.optionals (enableRocm || enableCuda) [
makeWrapper
autoAddDriverRunpath
]
++ lib.optionals stdenv.isDarwin metalFrameworks;
buildInputs =
lib.optionals enableRocm (rocmLibs ++ [ libdrm ])
++ lib.optionals enableCuda cudaLibs
++ lib.optionals stdenv.isDarwin metalFrameworks;
patches = [
# disable uses of `git` in the `go generate` script
# ollama's build script assumes the source is a git repo, but nix removes the git directory
# this also disables necessary patches contained in `ollama/llm/patches/`
# those patches are applied in `postPatch`
./disable-git.patch
];
postPatch = ''
# replace inaccurate version number with actual release version
substituteInPlace version/version.go --replace-fail 0.0.0 '${version}'
# apply ollama's patches to `llama.cpp` submodule
for diff in llm/patches/*; do
patch -p1 -d llm/llama.cpp < $diff
done
'';
overrideModAttrs = _: _: {
# don't run llama.cpp build in the module fetch phase
preBuild = "";
};
preBuild = ''
# disable uses of `git`, since nix removes the git directory
export OLLAMA_SKIP_PATCHING=true
# build llama.cpp libraries for ollama
go generate ./...
'';
postFixup =
''
# the app doesn't appear functional at the moment, so hide it
mv "$out/bin/app" "$out/bin/.ollama-app"
''
+ lib.optionalString (enableRocm || enableCuda) ''
# expose runtime libraries necessary to use the gpu
wrapProgram "$out/bin/ollama" ${wrapperArgs}
'';
ldflags = [
"-s"
"-w"
"-X=github.com/ollama/ollama/version.Version=${version}"
"-X=github.com/ollama/ollama/server.mode=release"
"-X=github.com/ollama/ollama/gpu.CudaComputeMajorMin=3"
"-X=github.com/ollama/ollama/gpu.CudaComputeMinorMin=5"
];
passthru = {
tests =
{
inherit ollama;
version = testers.testVersion {
inherit version;
package = ollama;
};
}
// lib.optionalAttrs stdenv.isLinux {
inherit ollama-rocm ollama-cuda;
service = nixosTests.ollama;
service-cuda = nixosTests.ollama-cuda;
service-rocm = nixosTests.ollama-rocm;
};
updateScript = nix-update-script { };
};
meta = {
description =
"Get up and running with large language models locally"
+ lib.optionalString rocmRequested ", using ROCm for AMD GPU acceleration"
+ lib.optionalString cudaRequested ", using CUDA for NVIDIA GPU acceleration";
homepage = "https://github.com/ollama/ollama";
changelog = "https://github.com/ollama/ollama/releases/tag/v${version}";
license = licenses.mit;
platforms = if (rocmRequested || cudaRequested) then platforms.linux else platforms.unix;
mainProgram = "ollama";
maintainers = with maintainers; [
abysssol
dit7ya
elohmeier
roydubnium
];
};
}

14
machines/krz01/proxmox/default.nix
View file

@ -1,14 +0,0 @@
{ sources, lib, ... }:
let
proxmox-nixos = import sources.proxmox-nixos;
in
{
imports = [ proxmox-nixos.nixosModules.proxmox-ve ];
services.proxmox-ve.enable = true;
nixpkgs.overlays = [ proxmox-nixos.overlays.x86_64-linux ];
networking.firewall = {
trustedInterfaces = [ "wt0" ];
allowedTCPPorts = lib.mkForce [ 22 ];
};
}

3
machines/krz01/secrets/secrets.nix
View file

@ -1,3 +0,0 @@
(import ../../../keys).mkSecrets [ "krz01" ] [
# List of secrets for krz01
]

9
machines/rescue01/secrets/secrets.nix
View file

@ -1,4 +1,5 @@
(import ../../../keys).mkSecrets [ "rescue01" ] [ let
# List of secrets for rescue01 lib = import ../../../lib { };
"stateless-uptime-kuma-password" publicKeys = lib.getNodeKeys "rescue01";
] in
lib.setDefault { inherit publicKeys; } [ "stateless-uptime-kuma-password" ]

1
machines/storage01/_configuration.nix
View file

@ -9,6 +9,7 @@ lib.extra.mkConfig {
enabledServices = [ enabledServices = [
# List of services to enable # List of services to enable
"atticd"
"tvix-cache" "tvix-cache"
"forgejo" "forgejo"
"forgejo-runners" "forgejo-runners"

82
machines/storage01/atticd.nix Normal file
View file

@ -0,0 +1,82 @@
{ config, nixpkgs, ... }:
let
host = "cachix.dgnum.eu";
in
{
services = {
atticd = {
enable = true;
credentialsFile = config.age.secrets."atticd-credentials_file".path;
settings = {
listen = "127.0.0.1:9099";
api-endpoint = "https://${host}/";
allowed-hosts = [ host ];
chunking = {
# The minimum NAR size to trigger chunking
#
# If 0, chunking is disabled entirely for newly-uploaded NARs.
# If 1, all NARs are chunked.
nar-size-threshold = 0; # 64 KiB
# The preferred minimum size of a chunk, in bytes
min-size = 16 * 1024; # 16 KiB
# The preferred average size of a chunk, in bytes
avg-size = 64 * 1024; # 64 KiB
# The preferred maximum size of a chunk, in bytes
max-size = 256 * 1024; # 256 KiB
};
database.url = "postgresql://atticd?host=/run/postgresql";
storage = {
type = "s3";
region = "garage";
bucket = "attic-dgnum";
endpoint = "https://s3.dgnum.eu";
};
};
useFlakeCompatOverlay = false;
package = nixpkgs.unstable.attic-server;
};
nginx = {
enable = true;
virtualHosts.${host} = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:9099";
extraConfig = ''
client_max_body_size 10G;
'';
};
};
};
postgresql = {
enable = true;
ensureDatabases = [ "atticd" ];
ensureUsers = [
{
name = "atticd";
ensureDBOwnership = true;
}
];
};
};
systemd.services.atticd.environment.RUST_LOG = "warn";
}

19
machines/storage01/garage.nix
View file

@ -15,8 +15,6 @@ let
]; ];
buckets = [ buckets = [
"monorepo-terraform-state"
"banda-website" "banda-website"
"castopod-dgnum" "castopod-dgnum"
"hackens-website" "hackens-website"
@ -30,14 +28,14 @@ in
services.garage = { services.garage = {
enable = true; enable = true;
package = pkgs.garage_1_0_1; package = pkgs.garage_0_9;
settings = { settings = {
inherit data_dir metadata_dir; inherit data_dir metadata_dir;
db_engine = "lmdb"; db_engine = "lmdb";
replication_mode = "none"; # TODO: deprecated replication_mode = "none";
compression_level = 7; compression_level = 7;
rpc_bind_addr = "[::]:3901"; rpc_bind_addr = "[::]:3901";
@ -69,7 +67,7 @@ in
data_dir data_dir
metadata_dir metadata_dir
]; ];
TimeoutSec = 600; TimeoutSec = 3000;
}; };
users.users.garage = { users.users.garage = {
@ -79,17 +77,6 @@ in
users.groups.garage = { }; users.groups.garage = { };
services.nginx.virtualHosts = { services.nginx.virtualHosts = {
"s3-admin.dgnum.eu" = {
enableACME = true;
forceSSL = true;
locations."/".extraConfig = ''
proxy_pass http://127.0.0.1:3903;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
'';
};
${host} = { ${host} = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;

30
machines/storage01/secrets/atticd-credentials_file Normal file
View file

@ -0,0 +1,30 @@
age-encryption.org/v1
-> ssh-ed25519 jIXfPA HECtxDO0OV6To/Qs3A+2N8+3xqsHp6pz6d4ArgsgXS4
mnmDwWZ6d1aW5Qejzv2Jo112ee78wKVx90R7r5wQbYo
-> ssh-ed25519 QlRB9Q Rx3bV/DkoCCvQCMwJGOfibG8Rif5Ap+W6EqWlFOhUQc
jxEFUWqxedwIK3mNyOG+5dyFFZbJZ3XNFXnk0fe0vyw
-> ssh-ed25519 r+nK/Q J591Cg/4oP26LT7Tl/wrdDipR/gpg1WMsiKJN0ygbjw
WToE5xtuF2FOqtvRgz1SZStYGjTsKRxguIioan+vluU
-> ssh-rsa krWCLQ
hhp33AzK6wYWM6k7ZroV0J5i8C5MQXjQY9sksPQdABRQUd6XTmYOIOdA0ste0EA9
hqbbHQwbFy0oE/QKfnUZWbgJo5Us1DWKxip55L875CPfVcmxvC2ADRO5JKKNkQa/
P4zBALPqf+BXrafcGN4hT8D9gywIWdQ2zPSpKbJE+OdPcUrBVH/ndMUVoLfTEKL9
B3XgqRvLNkgsdu7FMEPnelWT3WrxkBME7AathdXcEYXSxiTmaKqxDzRtcNLdh+y2
6XfQU6lLMT+WWPD/Ro7UzLrWUnFJMYK0SinkOuX+PKxMq95lCc5kI3tZ7JL7bC5E
vBGnX9w0unyR//LLqrOPWA
-> ssh-ed25519 /vwQcQ eYSTWAYs/L+cYt/16TrKaIqoc9TFJQncM02Vd8hOg3A
lWalXa1ZBtrjXOB+sznWCjStFHF4ulLaBilEc3b7qWc
-> ssh-ed25519 0R97PA 78K7uF/mXT4pgTbnmfpyxY2czgs+DNueusuatUx7MCQ
C/pWPdVCWZuHFuM5fzJHdGZomM3Wbt22iwfLbLSznh0
-> ssh-ed25519 JGx7Ng xFzEGNVIiC0cXCbcSKUfmVLAdRBH7xu6/2E7nVoRwjI
+TgvIl03KGm5N55+jGc7UcyRHjMvAFm3Kbvx5Ma4HQ4
-> ssh-ed25519 5SY7Kg 7YO/crKVWSsr3Hy5HPr0/R3oPdCA2kWduZYeSlcxGnI
N0IpdylU+3ybInseGSKPONxeNr8mh/ZlBGCvY2c0WTA
-> ssh-ed25519 p/Mg4Q y1ekwzz3sSHGrLmb0NqF6VWfalARy+PykE77hVqD7Xc
0s9QrDsLH6XdzetyIXJEB2MrwwUi8CDpu7SEemm8zJ4
-> ssh-ed25519 rHotTw 7SMzV/pEmDISPL/fMjafXM3URZpbUPTg+9AngZ0GZTc
eIi1+i9JVBLvfQMkmMv5S0N8qgwVtyklX/J+6MdtlSc
--- Gjl7lNWG9gyMlg256Oa5i5bFLm1Cup1upjsEDVurgDo
uÂ;.ÿñË>pÔïÑ<C391>òh¸<68>2ÎŒ}£PJ4èú‘©‰Ñ×íè==#¯¾Úÿ¹8e¤UÊÉŠÇ$ 1»!z<E28093>jlA‡[@;òs®<>ŒÉáAB±á-§Rå=È0Ò·d“ðµú†Ê¢þ{«ÒF¹—hòà ù@%ˆŠä´›|×{ ¢åeÚÝÛ¯âøsbë«]Óèå¨ø.m8 8Bn"(Ûæ¤âïW½í!zxn\Ã(5:ïíÒÞ-ZDËÇÃ)}HŠü˜¦×ál}Sƒ˜ëFrn
øL¦-wÉÑ—¼j)ê â¶èÐ&:¥îÓCÞÆ2ÝÒÅÀÏB»ÛzïàŽŸt•WÍ!£8|lïí0
¾¸y8óÃkñbÔy×ËäÏ臃¹·k¤¨ÉÍ™ê°n/-'ÃZ<C383>ÅŸ ¾îƾ\Ûâê‰ù†uŸÍeu®"E ±/d

8
machines/storage01/secrets/secrets.nix
View file

@ -1,5 +1,9 @@
(import ../../../keys).mkSecrets [ "storage01" ] [ let
# List of secrets for storage01 lib = import ../../../lib { };
publicKeys = lib.getNodeKeys "storage01";
in
lib.setDefault { inherit publicKeys; } [
"atticd-credentials_file"
"bupstash-put_key" "bupstash-put_key"
"forgejo-mailer_password_file" "forgejo-mailer_password_file"
"forgejo_runners-token_file" "forgejo_runners-token_file"

14
machines/storage01/tvix-cache/cache-settings.nix
View file

@ -1,14 +0,0 @@
let
cache-info = {
infra = {
public-key = "infra.tvix-store.dgnum.eu-1:8CAY64o3rKjyw2uA5mzr/aTzstnc+Uj4g8OC6ClG1m8=";
url = "https://tvix-store.dgnum.eu/infra";
};
};
in
{ caches }:
{
trusted-substituters = builtins.map (cache: cache-info.${cache}.url) caches;
trusted-public-keys = builtins.map (cache: cache-info.${cache}.public-key) caches;
}

27
machines/storage01/tvix-cache/default.nix
View file

@ -1,13 +1,9 @@
{ pkgs, config, ... }: { pkgs, config, ... }:
let let
settingsFormat = pkgs.formats.toml { };
dataDir = "/data/slow/tvix-store";
# How to add a cache:
# - Add the relevant services (likely only a pathinfoservice) to the
# composition config (store-config.composition).
# - Add an endpoint (store-config.endpoints).
# - Append a proxy configuration to nginx in order to make the store
# accessible.
# - Update cache-info.nix so users can add the cache to their configuration
store-config = { store-config = {
composition = { composition = {
blobservices.default = { blobservices.default = {
@ -58,13 +54,6 @@ let
}; };
}; };
}; };
settingsFormat = pkgs.formats.toml { };
webHost = "tvix-store.dgnum.eu";
dataDir = "/data/slow/tvix-store";
systemdHardening = { systemdHardening = {
PrivateDevices = true; PrivateDevices = true;
PrivateTmp = true; PrivateTmp = true;
@ -81,12 +70,10 @@ let
RuntimeDirectoryMode = "0750"; RuntimeDirectoryMode = "0750";
StateDirectoryMode = "0750"; StateDirectoryMode = "0750";
}; };
toml = { toml = {
composition = settingsFormat.generate "composition.toml" store-config.composition; composition = settingsFormat.generate "composition.toml" store-config.composition;
endpoints = settingsFormat.generate "endpoints.toml" store-config.endpoints; endpoints = settingsFormat.generate "endpoints.toml" store-config.endpoints;
}; };
package = pkgs.callPackage ./package { }; package = pkgs.callPackage ./package { };
in in
{ {
@ -96,7 +83,7 @@ in
"nginx" "nginx"
]; ];
services.nginx.virtualHosts.${webHost} = { services.nginx.virtualHosts."tvix-store.dgnum.eu" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
locations = { locations = {
@ -118,12 +105,14 @@ in
auth_basic_user_file ${config.age.secrets."nginx-tvix-store-password-ci".path}; auth_basic_user_file ${config.age.secrets."nginx-tvix-store-password-ci".path};
''; '';
}; };
"/.well-known/nix-signing-keys/" = {
alias = "${./pubkeys}/";
extraConfig = "autoindex on;";
};
}; };
}; };
# TODO add tvix-store cli here # TODO add tvix-store cli here
# environment.systemPackages = [ ]; # environment.systemPackages = [ ];
users.users.tvix-store = { users.users.tvix-store = {
isSystemUser = true; isSystemUser = true;
group = "tvix-store"; group = "tvix-store";

1
machines/storage01/tvix-cache/pubkeys/infra Normal file
View file

@ -0,0 +1 @@
infra.tvix-store.dgnum.eu-1:8CAY64o3rKjyw2uA5mzr/aTzstnc+Uj4g8OC6ClG1m8=

6
machines/vault01/networking.nix
View file

@ -238,11 +238,7 @@ in
content = '' content = ''
chain postrouting { chain postrouting {
type nat hook postrouting priority 100; type nat hook postrouting priority 100;
ip saddr 10.0.0.0/16 ip saddr != 10.0.255.0/24 snat ip to 129.199.195.130-129.199.195.158 ip saddr 10.0.0.0/16 ether saddr 5c:64:8e:f4:09:06 snat ip to 129.199.195.130-129.199.195.158
ether saddr e0:2b:e9:b5:b4:cc snat to 129.199.195.130 comment "Elias"
ether saddr { 1c:1b:b5:14:9c:e5, e6:ce:e2:b6:e3:82 } snat to 129.199.195.131 comment "Lubin"
ether saddr d0:49:7c:46:f6:39 snat to 129.199.195.132 comment "Jean-Marc"
ether saddr { 5c:64:8e:f4:09:06 } snat to 129.199.195.158 comment "APs"
} }
''; '';
}; };

7
machines/vault01/secrets/secrets.nix
View file

@ -1,5 +1,8 @@
(import ../../../keys).mkSecrets [ "vault01" ] [ let
# List of secrets for vault01 lib = import ../../../lib { };
publicKeys = lib.getNodeKeys "vault01";
in
lib.setDefault { inherit publicKeys; } [
"radius-auth_token_file" "radius-auth_token_file"
"radius-ca_pem_file" "radius-ca_pem_file"
"radius-cert_pem_file" "radius-cert_pem_file"

7
machines/web01/secrets/secrets.nix
View file

@ -1,5 +1,8 @@
(import ../../../keys).mkSecrets [ "web01" ] [ let
# List of secrets for web01 lib = import ../../../lib { };
publicKeys = lib.getNodeKeys "web01";
in
lib.setDefault { inherit publicKeys; } [
"acme-certs_secret" "acme-certs_secret"
"bupstash-put_key" "bupstash-put_key"
"matterbridge-config_file" "matterbridge-config_file"

12
machines/web02/cas-eleves/01-pytest-cas.patch
View file

@ -1,14 +1,4 @@
diff --git a/setup.py b/setup.py diff --git a/cas_server/tests/test_federate.py b/cas_server/tests/test_federate.py
index 7c7b02d..3f677ff 100644
--- a/setup.py
+++ b/setup.py
@@ -67,6 +67,4 @@ if __name__ == '__main__':
url="https://github.com/nitmir/django-cas-server",
download_url="https://github.com/nitmir/django-cas-server/releases/latest",
zip_safe=False,
- setup_requires=['pytest-runner'],
- tests_require=['pytest', 'pytest-django', 'pytest-pythonpath', 'pytest-warnings', 'mock>=1'],
)
index 2b389d3..dcdfafd 100644 index 2b389d3..dcdfafd 100644
--- a/cas_server/tests/test_federate.py --- a/cas_server/tests/test_federate.py
+++ b/cas_server/tests/test_federate.py +++ b/cas_server/tests/test_federate.py

6
machines/web02/secrets/secrets.nix
View file

@ -1,5 +1,7 @@
(import ../../../keys).mkSecrets [ "web02" ] [ let
# List of secrets for web02 lib = import ../../../lib { };
in
lib.setDefault { publicKeys = lib.getNodeKeys "web02"; } [
"cas_eleves-secret_key_file" "cas_eleves-secret_key_file"
"kadenios-secret_key_file" "kadenios-secret_key_file"
"kadenios-email_password_file" "kadenios-email_password_file"

8
meta/dns.nix
View file

@ -68,12 +68,6 @@ let
"support" # Zammad support "support" # Zammad support
"telegraf" # Telegraf "telegraf" # Telegraf
# Beta-grade machine learning API servers
"ollama01.beta"
"openui.beta"
"whisper.beta"
"stable-diffusion.beta"
# DGSI # DGSI
"dgsi" "dgsi"
"profil" "profil"
@ -93,8 +87,6 @@ let
"*.s3" "*.s3"
"cdn" "cdn"
"s3" "s3"
# The administration endpoint for Garage.
"s3-admin"
]; ];
rescue01.dual = [ rescue01.dual = [

23
meta/network.nix
View file

@ -29,29 +29,6 @@
netbirdIp = "100.80.75.197"; netbirdIp = "100.80.75.197";
}; };
krz01 = {
interfaces = {
eno1 = {
ipv4 = [
{
address = "129.199.146.21";
prefixLength = 24;
}
{
address = "192.168.1.145";
prefixLength = 24;
}
];
gateways = [ "129.199.146.254" ];
enableDefaultDNS = true;
};
};
hostId = "bd11e8fc";
netbirdIp = "100.80.103.206";
};
geo01 = { geo01 = {
interfaces = { interfaces = {
eno1 = { eno1 = {

32
meta/nodes.nix
View file

@ -22,8 +22,6 @@
bridge01 = { bridge01 = {
site = "hyp01"; site = "hyp01";
hashedPassword = "$y$j9T$EPJdz70kselouXAVUmAH01$8nYbUBY9NPTMfYigegY0qFSdxJwhqzW8sFacDqEYCP5";
stateVersion = "24.05"; stateVersion = "24.05";
adminGroups = [ "fai" ]; adminGroups = [ "fai" ];
@ -32,7 +30,7 @@
targetHost = "fd26:baf9:d250:8000::ffff"; targetHost = "fd26:baf9:d250:8000::ffff";
sshOptions = [ sshOptions = [
"-J" "-J"
"root@vault01.hyp01.infra.dgnum.eu" "vault01.hyp01.infra.dgnum.eu"
]; ];
}; };
}; };
@ -42,8 +40,6 @@
deployment.tags = [ "web" ]; deployment.tags = [ "web" ];
hashedPassword = "$y$j9T$9YqXO93VJE/GP3z8Sh4h51$hrBsEPL2O1eP/wBZTrNT8XV906V4JKbQ0g04IWBcyd2";
stateVersion = "23.05"; stateVersion = "23.05";
vm-cluster = "Hyperviseur NPS"; vm-cluster = "Hyperviseur NPS";
@ -53,8 +49,6 @@
compute01 = { compute01 = {
site = "pav01"; site = "pav01";
hashedPassword = "$y$j9T$2nxZHq84G7fWvWMEaGavE/$0ADnmD9qMpXJJ.rWWH9086EakvZ3wAg0mSxZYugOf3C";
stateVersion = "23.05"; stateVersion = "23.05";
nix-modules = [ "services/stirling-pdf" ]; nix-modules = [ "services/stirling-pdf" ];
nixpkgs = "24.05"; nixpkgs = "24.05";
@ -64,8 +58,6 @@
site = "oik01"; site = "oik01";
deployment.tags = [ "geo" ]; deployment.tags = [ "geo" ];
hashedPassword = "$y$j9T$2XmDpJu.QLhV57yYCh5Lf1$LK.X0HKB02Q0Ujvhj5nIofW2IRrIAL/Uxnvl9AXM1L8";
stateVersion = "24.05"; stateVersion = "24.05";
nixpkgs = "24.05"; nixpkgs = "24.05";
}; };
@ -74,28 +66,12 @@
site = "oik01"; site = "oik01";
deployment.tags = [ "geo" ]; deployment.tags = [ "geo" ];
hashedPassword = "$y$j9T$Q4fbMpSm9beWu4DPNAR9t0$dx/1pH4GPY72LpS5ZiECXAZFDdxwmIywztsX.qo2VVA";
stateVersion = "24.05"; stateVersion = "24.05";
nixpkgs = "24.05"; nixpkgs = "24.05";
}; };
krz01 = {
site = "pav01";
hashedPassword = "$y$j9T$eNZQgDN.J5y7KTG2hXgat1$J1i5tjx5dnSZu.C9B7swXi5zMFIkUnmRrnmyLHFAt8/";
stateVersion = "24.05";
nixpkgs = "unstable";
adminGroups = [ "lab" ];
};
storage01 = { storage01 = {
site = "pav01"; site = "pav01";
hashedPassword = "$y$j9T$tvRu1EJ9MwDSvEm0ogwe70$bKSw6nNteN0L3NOy2Yix7KlIvO/oROQmQ.Ynq002Fg8";
stateVersion = "23.11"; stateVersion = "23.11";
nixpkgs = "24.05"; nixpkgs = "24.05";
@ -106,8 +82,6 @@
site = "hyp01"; site = "hyp01";
deployment.targetHost = "vault01.hyp01.infra.dgnum.eu"; deployment.targetHost = "vault01.hyp01.infra.dgnum.eu";
hashedPassword = "$y$j9T$5osXVNxCDxu3jIndcyh7G.$UrjiDRpMu3W59tKHLGNdLWllZh.4p8IM4sBS5SrNrN1";
stateVersion = "23.11"; stateVersion = "23.11";
nixpkgs = "24.05"; nixpkgs = "24.05";
@ -117,8 +91,6 @@
web02 = { web02 = {
site = "rat01"; site = "rat01";
hashedPassword = "$y$j9T$p42UVNy78PykkQOjPwXNJ/$B/zCUOrHXVSFGUY63wnViMiSmU2vCWsiX0y62qqgNQ5";
stateVersion = "24.05"; stateVersion = "24.05";
nixpkgs = "24.05"; nixpkgs = "24.05";
vm-cluster = "Hyperviseur NPS"; vm-cluster = "Hyperviseur NPS";
@ -129,8 +101,6 @@
deployment.targetHost = "v6.rescue01.luj01.infra.dgnum.eu"; deployment.targetHost = "v6.rescue01.luj01.infra.dgnum.eu";
hashedPassword = "$y$j9T$nqoMMu/axrD0m8AlUFdbs.$UFVmIdPAOHBe2jJv5HJJTcDgINC7LTnSGRQNs9zS1mC";
stateVersion = "23.11"; stateVersion = "23.11";
vm-cluster = "Hyperviseur Luj"; vm-cluster = "Hyperviseur Luj";
}; };

13
meta/options.nix
View file

@ -139,13 +139,6 @@ in
''; '';
}; };
hashedPassword = mkOption {
type = str;
description = ''
The hashed password for the root account.
'';
};
admins = mkOption { admins = mkOption {
type = listOf str; type = listOf str;
default = [ ]; default = [ ];
@ -375,10 +368,10 @@ in
name: "A member of the external service ${name} admins was not found in the members list." name: "A member of the external service ${name} admins was not found in the members list."
) org.external) ) org.external)
# Check that all members have ssh keys # Check that all members have a keyFile
(builtins.map (name: { (builtins.map (name: {
assertion = ((import ../keys)._keys.${name} or [ ]) != [ ]; assertion = builtins.pathExists "${builtins.toString ../keys}/${name}.keys";
message = "No ssh keys found for ${name}."; message = "No ssh keys file found for ${name}.";
}) members) }) members)
]; ];
}; };

6
meta/organization.nix
View file

@ -55,12 +55,6 @@
"catvayor" "catvayor"
"ecoppens" "ecoppens"
]; ];
lab = [
"catvayor"
"ecoppens"
];
}; };
external = { external = {

16
meta/verify.nix
View file

@ -5,6 +5,12 @@ let
pkgs = import sources.nixpkgs { }; pkgs = import sources.nixpkgs { };
dns = import sources."dns.nix" { inherit pkgs; }; dns = import sources."dns.nix" { inherit pkgs; };
lib = import sources.nix-lib {
inherit (pkgs) lib;
keysRoot = ../keys;
};
in in
{ {
@ -23,14 +29,6 @@ in
pkgs.writers.writeJSON "meta.json" config; pkgs.writers.writeJSON "meta.json" config;
dns = dns.util.writeZone "dgnum.eu" ( dns = dns.util.writeZone "dgnum.eu" (
pkgs.lib.recursiveUpdate { SOA.serial = 0; } ( pkgs.lib.recursiveUpdate { SOA.serial = 0; } (import ./dns.nix { inherit dns lib; })
import ./dns.nix {
inherit dns;
lib = pkgs.lib // {
extra = import ../lib/nix-lib;
};
}
)
); );
} }

2
modules/default.nix
View file

@ -61,8 +61,8 @@
]) ])
++ [ ++ [
"${sources.agenix}/modules/age.nix" "${sources.agenix}/modules/age.nix"
"${sources.attic}/nixos/atticd.nix"
"${sources.arkheon}/module.nix" "${sources.arkheon}/module.nix"
"${sources."microvm.nix"}/nixos-modules/host"
] ]
++ ((import sources.nix-modules { inherit lib; }).importModules ( ++ ((import sources.nix-modules { inherit lib; }).importModules (
[ [

26
modules/dgn-access-control.nix
View file

@ -34,7 +34,6 @@
{ {
config, config,
lib, lib,
dgn-keys,
meta, meta,
nodeMeta, nodeMeta,
... ...
@ -45,7 +44,6 @@ let
mkDefault mkDefault
mkEnableOption mkEnableOption
mkIf mkIf
mkMerge
mkOption mkOption
types types
@ -80,22 +78,12 @@ in
}; };
}; };
config = mkIf cfg.enable (mkMerge [ config = mkIf cfg.enable {
{ # Admins have root access to the node
# Admins have root access to the node dgn-access-control.users.root = mkDefault admins;
dgn-access-control.users.root = mkDefault admins;
users.users = builtins.mapAttrs (_: members: { users.users = builtins.mapAttrs (_: members: {
openssh.authorizedKeys.keys = dgn-keys.getKeys members; openssh.authorizedKeys.keys = lib.extra.getAllKeys members;
}) cfg.users; }) cfg.users;
} };
{
users = {
mutableUsers = false;
users.root = {
inherit (nodeMeta) hashedPassword;
};
};
}
]);
} }

19
modules/dgn-backups/default.nix
View file

@ -1,7 +1,6 @@
{ {
config, config,
lib, lib,
dgn-keys,
name, name,
... ...
}: }:
@ -104,12 +103,15 @@ in
access = [ access = [
{ {
repo = "default"; repo = "default";
keys = dgn-keys.getKeys [ keys = lib.extra.getAllKeys (
"compute01" # Nodes allowed to create backups
"storage01" builtins.map (host: "machines/${host}") [
"vault01" "compute01"
"web01" "storage01"
]; "vault01"
"web01"
]
);
allowed = [ "put" ]; allowed = [ "put" ];
} }
]; ];
@ -119,7 +121,8 @@ in
}; };
programs.ssh.knownHosts = programs.ssh.knownHosts =
lib.extra.mapFuse (host: { "${host}.dgnum".publicKey = builtins.head dgn-keys._keys.${host}; }) lib.extra.mapFuse
(host: { "${host}.dgnum".publicKey = builtins.head (lib.extra.getKeys "machines/${host}"); })
[ [
"compute01" "compute01"
"geo01" "geo01"

6
modules/dgn-backups/keys/secrets.nix
View file

@ -1,4 +1,8 @@
(import ../../../keys).mkSecrets [ ] [ let
lib = import ../../../lib { };
in
lib.setDefault { publicKeys = lib.rootKeys; } [
"compute01.key" "compute01.key"
"storage01.key" "storage01.key"
"web01.key" "web01.key"

1
modules/dgn-hardware.nix
View file

@ -43,7 +43,6 @@ in
config = mkIf cfg.enable (mkMerge [ config = mkIf cfg.enable (mkMerge [
{ {
microvm.host.enable = lib.mkDefault false;
hardware.enableRedistributableFirmware = true; hardware.enableRedistributableFirmware = true;
hardware.cpu.intel.updateMicrocode = true; hardware.cpu.intel.updateMicrocode = true;

BIN
modules/dgn-netbox-agent/netbox-agent
View file

Binary file not shown.

2
modules/dgn-netbox-agent/secrets.nix
View file

@ -1 +1 @@
{ netbox-agent.publicKeys = (import ../../keys).machineKeys; } { netbox-agent.publicKeys = (import ../../lib { }).machineKeys; }

BIN
modules/dgn-notify/mail
View file

Binary file not shown.

2
modules/dgn-notify/secrets.nix
View file

@ -1 +1 @@
{ mail.publicKeys = (import ../../keys).machineKeys; } { mail.publicKeys = (import ../../lib { }).machineKeys; }

86
modules/dgn-records/__arkheon-token_file
View file

@ -1,46 +1,44 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 jIXfPA sHMGZvBA3KQ+vgyPRvthm7RrZv+cpA8rVaLMG11tWzc -> ssh-ed25519 jIXfPA FhSZKBAccqBqfeayNqY3fhYSi+0NMxsxS3WsdvuVu2M
wb74jb8YFbu4hTaKECNpaCV5besptdBoXXstKd+eLTI xT37RUaShiHdPBUnjWntSY43LqXsR8Pgz5kUZ/mgz2w
-> ssh-ed25519 QlRB9Q RILFFiLngUvfSPOmw6ZLmFLVyIIQqzib7LTV8hZP/w4 -> ssh-ed25519 QlRB9Q xwok3cJ6SlGxlGi/UesKHVf+O4q9mn7btLweXJzeknI
na6S3iWEs3cxff30X59wD0SUNEP0/9LcuCyCUi7wgxg LrigakDhwhHCHEaJ0eQx6TIke9vYLqXwwaUjusWOvSk
-> ssh-ed25519 r+nK/Q Mtrr3NKJG1MBw150IZK1ZTKCglktIK8mV2M7FiLz9EQ -> ssh-ed25519 r+nK/Q DS8/iUfczVGxB/Hl6EkweNAGSM0ZhWqrFy4xn82QNH8
zEEJwKeucMsZePFTZF/Cxfcuqn7KiSoBmBnNVKX1jAY 0Z8KOLZtxh2c0JTeiPbz3ZDF3CYrDs7bmwKjjemTs0o
-> ssh-rsa krWCLQ -> ssh-rsa krWCLQ
r3OX+AaSGO0zLoEAvAo3UrtWwU/Vjyfdp+qy4haB3tpl305I6Y6O6n2iHnc1PFgw CDqVAHHD/1keQdgJZX5/hkiYMpZae1MocI5LjtWWg+QDkw1Bp6bNZLou8Uc2RG0H
qQ7Sa0GekbxNcwD7MzAmKbsm9wmnrF2hX03gFDI5isEPxaLC6ha207Ykauc2q1JC xZIB+z1XSXf7iMla5l7RWbW+g61T38QKWoAwvAGFz+XOstBTDY4bWgSv1g6vm+6x
/SOZ/OUiizBUuO5OjywYz2AJUfEabmd+X1fw5QxAPSfp57KBZDJCGSpEDeJigU7M XuQLxCkj4cmy3dUsvaiiQXsstuMGOWSUbp2OQWfErzoVegHVCr/XKSAI1vMwQOWN
1n1XsT6eCyNDIIozRzIIyxLZU+tDDswjvjCaDJ/t2BE76LienwMRZK4P4tSn8DQP 9tJUJCKEo2DTr5OmIL7kSWguVZYy77ta7JxmGbPrNQ7LJuRoZkUgX4V37SFgDKN4
Jbm7bb5T2P1VAK4qIMP04DXQ861Kr2DvpLA/aPtHd9yMcZn5wQWMCVDgsL3ko0fU QgpupxXP/3oDhDSzZYbS6Fw+b7U01BwPyziY1kOYztv2qSoBJFMVtZS3oJEu4ChU
VThQwBW4qe59CCxA68TUcQ 7MRHaN15cGZRsC5zIQAg9w
-> ssh-ed25519 /vwQcQ KYM+4CPxNwxwh3liBBJYIqlWzpDO3h/dl54rEKQXGHU -> ssh-ed25519 /vwQcQ ZPWBCoQ7imVFfTkUYrp4NGRnz3vskNtMgbV41F1s8BE
uteNJEqwLKUC3Gjm0BiRmb3uLb3bzRfpf3c1Da3vGjY oTrgDNisd8Sqmxo0ZDpVSO5iURWNLrIlKABjys+gHhw
-> ssh-ed25519 0R97PA Sc9QAI4UNY6x0fZAoQOpUjzFzwev196x+7fjeIry3AU -> ssh-ed25519 0R97PA CgUUW9m8+M1rpsCPAPyRC8VKvilDKMA8VkDqqDfbpAs
puUi8W0jCbMW3cN7PjoDM+vXnHjdQ2RLfX0kdpsaWhI qJ/pa3VLh6650lDN5YPyYtxsDYMiRyTtK1yu+JeF3ww
-> ssh-ed25519 JGx7Ng LzO5qvnVWhF3+cR4J3nJv9IB55/FYKillkJ2jKadfQA -> ssh-ed25519 JGx7Ng r8OMU9Grvd8yxzzUzeEH4iCPp8NBHVcQKQe13AJOKjE
r3F+FKdpoKTB0/e5Vz5JFh9u8BKBOjn9XXE4dJEriuw eYC+/VMsoetiVFTGdlAL3xDDe6WziBYU4Fr6XN/HlJI
-> ssh-ed25519 5SY7Kg Uz/EgMgi0ACJStIvz06efUQpeU6VAuXVj+Veki0LkXA -> ssh-ed25519 5SY7Kg 4T4xlrNW8yqI23A3GH7dRDyhbUA62ldS2/R7YCsHz0U
ukCkNIQMYbZBCBfd5R5dKWJwOcIKHzS9HN9CNk5iSF4 ukewT84UtQcAQNNSNogi3WOjoNeA7p50D1JHJ+39lYs
-> ssh-ed25519 p/Mg4Q 9+IsF8fUNcQhRxRddI6WQyKP8Ky0HV4jAUvS0ySDDwM -> ssh-ed25519 p/Mg4Q EBlu4oYIa4hX5mGExy2xwyHbnDli9xY7MebUOr+hTzw
7WamT/OA2Os6uE/hKzWkfjlwOKQpZ6j+fcgkvsk6wCY TqmNgHL1xxyI+i4h3KgskVsWrlYUnuT5MJWcYj2crps
-> ssh-ed25519 DqHxWQ WndaDm+ApRfFj+KL5cJgJqwaZXUYrXHpQ6AxDtGb5FY -> ssh-ed25519 DqHxWQ KiCWC6eJOUScSlPNpC2G2FbfD/fQ2b14KHhuw+QKNTI
u5RHgWaY28QfA3jsD54PLR50Jl5KQyVpPv4CFhLPiYI Un89T6OXiXWTBZqwdXPvyckxcBIhp2wmC4A5723b/5g
-> ssh-ed25519 tDqJRg Wgx7QpoPeendwBsWB+jAN5K+1uhxPsEHMugOPeC+Ono -> ssh-ed25519 tDqJRg k5YZwwURv21NC/0tt2r3CBuUPDhfO/Y7c3ISVhMGQkA
CRWVWTQB2eCVSKAwIzNNaWefAmniVtF5hu8xYeTGF0Q sdm+SpychoEekD6JK6Wz2CCcfDpwPD6rlLyB3RJES08
-> ssh-ed25519 9pVK7Q kB5gWwwNNcCnjN5+1j7alWzqEgYMDQ3IvA8/0ltfLwo -> ssh-ed25519 9pVK7Q 2kUnZCmNsAu90KA+st/ZFnez8rg4zqIZ3AZQsqHW0y8
Tp7n6v/s4swKjOqEDKEKhM8agghKEvaz+zymG+b72f8 YlCXQ5g8vnNboPVHdSKyrdwRNvjwp9VHP+RV2WP7z00
-> ssh-ed25519 /BRpBQ 6B5ODsRsRx8EIOrzBnAAw1bYsAQMvssSC1xxbAh+bGE -> ssh-ed25519 /BRpBQ w+kqiukijvXdlvKdTfVvNYv6pLTifaZeagzU1VWQLwE
Xmhe74XTMwfcGvk620XixhR/6GtOt2fynSMdJ7riZxs RKNPvu971viqMHBXpgE9D8L9ievWxIS5ANU8QADqwRY
-> ssh-ed25519 /x+F2Q /idVQW3v18G3e++zLmmcpZTvSW6YTfYKYX0xalx3DTU -> ssh-ed25519 +MNHsw m+K/VIApzxBfYxc4/dPod+9TwBBTrtGa/B28QhawAD8
ybNKGMgW5ChQU2HXHfM0Od6GWC+HRKDemibhzi+NCA4 gwJLtE5zIiNtKZ/YdroneSLLuZzvoAXaJYsqPzPkyLc
-> ssh-ed25519 +MNHsw +5EkjYR0CD0tF3jazvyz6WtzIG+84czuEsGzPmucOVI -> ssh-ed25519 rHotTw NSgFCgFQxKc7DSrNq/77PAnAKxSG055gutF2aUUDLzA
AqBXlugxP84nJ9jK1dPWWRJAAAzZjKl0RKd1+aXeIJg uL3QhQHmtQrrUPllFtVf7QiLIMWkT0EYIokxUVkLMrc
-> ssh-ed25519 rHotTw IzGcfj5jNooeVt7+iJwnxUfka95NVEtE9dStQUt+gCE -> ssh-ed25519 +mFdtQ otE9brZku3sOSb9IvvTW/eioWDFvMJlsxSUvOcPNwiU
+lrjFHAgNOxI4JS6tGXcDSnbdn6/qwt2tI2WdVX2tO4 7vV6u7zLv2EfSz3qmY9Sboj2Z5LBwSTxrl4FWm3mYAs
-> ssh-ed25519 +mFdtQ AieFjWmv27LvUbZXCBEqmvfTQM7SLXL12qIOzZLxdi8 -> ssh-ed25519 0IVRbA kwQNIVhpFtgIlJAAoqk1fqUP9OHN9YGWcYXbT+/bHE0
s0qzhUO2FDqr/w8B4cbnX8NuXfZM+nv4gj6SF0DreCY gDOPJMeDI2eDx+emxUNSb/MW7IRPj8ni3mOLgZV9F0Y
-> ssh-ed25519 0IVRbA +S10pCaLByp+UrfbZXIIhMvUW79NPSSr5qHbm8Q8nxY -> ssh-ed25519 IY5FSQ gtGe4X/Vx4oWn0IIUwv6qpWZ250slvT/QMdwVQQrsAQ
fLU4Shu/luX9gLrJDM8rY+HRpHuuLKJAz0BSiLfXkj8 yeJ8+BibBiwq2944ruZdek/4tpAqyMnG0RsyzkXQpRg
-> ssh-ed25519 IY5FSQ FJGXPcN7XjZTl3zc8iLSmc2IfhHx/xqIqnNz7j0dXGg --- QhDkZSHLpgsvAUk5YhkhD8MNNX6Vlj7CWeQfJ6oEmk0
D99jvNKh7yzafKB9qzOX6xNjhf3WS4bYBcc91dVX6Ow |`ŸP!ùá+ôÃg&ói¤;¶šªâlÔNn„Äõ¬¸ç¤ °ü4´kWó§#èƒ<C3A8><C692>±€w
--- USWnD/9XEj6tW0aHMZiVK1Guf43b/8wWcsafnVT0+h4
RqÏHª,XHs8ÌÛÔtAbAGI<47>áΤÂ,åÖÝ¥¿è:<G=bFb†ÀTGSGäÊÙ _ ˜

2
modules/dgn-records/secrets.nix
View file

@ -1 +1 @@
{ __arkheon-token_file.publicKeys = (import ../../keys).machineKeys; } { __arkheon-token_file.publicKeys = (import ../../lib { }).machineKeys; }

106
npins/sources.json
View file

@ -27,6 +27,18 @@
"url": "https://github.com/RaitoBezarius/arkheon/archive/113724a1a206905e68319676f73d095fcc043a42.tar.gz", "url": "https://github.com/RaitoBezarius/arkheon/archive/113724a1a206905e68319676f73d095fcc043a42.tar.gz",
"hash": "0yh8g020d7z67iqpg7xywk4dxxa64dxa1igd45nb8w653c82w6gq" "hash": "0yh8g020d7z67iqpg7xywk4dxxa64dxa1igd45nb8w653c82w6gq"
}, },
"attic": {
"type": "Git",
"repository": {
"type": "GitHub",
"owner": "zhaofengli",
"repo": "attic"
},
"branch": "main",
"revision": "aec90814a4ecbc40171d57eeef97c5cab4aaa7b4",
"url": "https://github.com/zhaofengli/attic/archive/aec90814a4ecbc40171d57eeef97c5cab4aaa7b4.tar.gz",
"hash": "0dmcy9r9vks4xnfa4y68vjf3fgc4dz1ix4df9rykq3lprr3q4mcx"
},
"cas-eleves": { "cas-eleves": {
"type": "Git", "type": "Git",
"repository": { "repository": {
@ -45,9 +57,9 @@
"url": "https://git.dgnum.eu/DGNum/dgsi.git" "url": "https://git.dgnum.eu/DGNum/dgsi.git"
}, },
"branch": "main", "branch": "main",
"revision": "f6fcd90622151e116adedb41f53da0445f1ee387", "revision": "a88d31541cfd836ba2bd4bb3c8ec8142e4cd8aa2",
"url": null, "url": null,
"hash": "1rrm4j142h2dkphya34hg341xhklrdvqim35jy6g0152a7y1nkk4" "hash": "0z31ib1xjdyzpwdnbj4j7r9nb5baiab3nbx0wg55dh2ifkxp2vqb"
}, },
"disko": { "disko": {
"type": "GitRelease", "type": "GitRelease",
@ -59,10 +71,10 @@
"pre_releases": false, "pre_releases": false,
"version_upper_bound": null, "version_upper_bound": null,
"release_prefix": null, "release_prefix": null,
"version": "v1.8.0", "version": "v1.7.0",
"revision": "624fd86460e482017ed9c3c3c55a3758c06a4e7f", "revision": "e55f9a8678adc02024a4877c2a403e3f6daf24fe",
"url": "https://api.github.com/repos/nix-community/disko/tarball/v1.8.0", "url": "https://api.github.com/repos/nix-community/disko/tarball/v1.7.0",
"hash": "06ifryv6rw25cz8zda4isczajdgrvcl3aqr145p8njxx5jya2d77" "hash": "16zjxysjhk3sgd8b4x5mvx9ilnq35z3zfpkv1la33sqkr8xh1amn"
}, },
"dns.nix": { "dns.nix": {
"type": "GitRelease", "type": "GitRelease",
@ -87,9 +99,9 @@
"repo": "git-hooks.nix" "repo": "git-hooks.nix"
}, },
"branch": "master", "branch": "master",
"revision": "1211305a5b237771e13fcca0c51e60ad47326a9a", "revision": "7570de7b9b504cfe92025dd1be797bf546f66528",
"url": "https://github.com/cachix/git-hooks.nix/archive/1211305a5b237771e13fcca0c51e60ad47326a9a.tar.gz", "url": "https://github.com/cachix/git-hooks.nix/archive/7570de7b9b504cfe92025dd1be797bf546f66528.tar.gz",
"hash": "1qz8d9g7rhwjk4p2x0rx59alsf0dpjrb6kpzs681gi3rjr685ivq" "hash": "1snjia7d5x7nqz8j6zgj45fb9kvza86yrhgc8bpjn9b0lc1i88xp"
}, },
"kadenios": { "kadenios": {
"type": "Git", "type": "Git",
@ -144,9 +156,9 @@
"url": "https://git.lix.systems/lix-project/lix.git" "url": "https://git.lix.systems/lix-project/lix.git"
}, },
"branch": "main", "branch": "main",
"revision": "ed9b7f4f84fd60ad8618645cc1bae2d686ff0db6", "revision": "cc183fdbc14ce105a5661d646983f791978b9d5c",
"url": null, "url": null,
"hash": "05kxga8fs9h4qm0yvp5l7jvsda7hzqs7rvxcn8r52dqg3c80hva9" "hash": "1bgh8z445yhv0b46yimr2ic33hplm33xj50ivgsbykdf30xks95n"
}, },
"lix-module": { "lix-module": {
"type": "Git", "type": "Git",
@ -155,9 +167,9 @@
"url": "https://git.lix.systems/lix-project/nixos-module.git" "url": "https://git.lix.systems/lix-project/nixos-module.git"
}, },
"branch": "main", "branch": "main",
"revision": "fd186f535a4ac7ae35d98c1dd5d79f0a81b7976d", "revision": "353b25f0b6da5ede15206d416345a2ec4195b5c8",
"url": null, "url": null,
"hash": "0jxpqaz12lqibg03iv36sa0shfvamn2yhg937llv3kl4csijd34f" "hash": "0aq9l1qhz01wm232gskq2mywik98zv2r8qn42bjw3kdb185wf9kl"
}, },
"lon": { "lon": {
"type": "Git", "type": "Git",
@ -182,17 +194,19 @@
"url": null, "url": null,
"hash": "0m9il1lllw59a6l9vwfi1bika7g4pxs20clc48kklpflnk0scb1f" "hash": "0m9il1lllw59a6l9vwfi1bika7g4pxs20clc48kklpflnk0scb1f"
}, },
"microvm.nix": { "nix-lib": {
"type": "Git", "type": "GitRelease",
"repository": { "repository": {
"type": "GitHub", "type": "Git",
"owner": "RaitoBezarius", "url": "https://git.hubrecht.ovh/hubrecht/nix-lib"
"repo": "microvm.nix"
}, },
"branch": "main", "pre_releases": false,
"revision": "49899c9a4fdf75320785e79709bf1608c34caeb8", "version_upper_bound": null,
"url": "https://github.com/RaitoBezarius/microvm.nix/archive/49899c9a4fdf75320785e79709bf1608c34caeb8.tar.gz", "release_prefix": null,
"hash": "0sz6azdpiz4bd36x23bcdhx6mwyqj8zl5cczjgv48xqfmysy8zwy" "version": "0.1.6",
"revision": "ffb3dfa4c146d48300bd4fa625acfe48e091a734",
"url": null,
"hash": "1frsja071qqx6p7rjnijzhidqfylx0ipzqpmjdvj4jl89h34vrhr"
}, },
"nix-modules": { "nix-modules": {
"type": "Git", "type": "Git",
@ -201,9 +215,9 @@
"url": "https://git.hubrecht.ovh/hubrecht/nix-modules.git" "url": "https://git.hubrecht.ovh/hubrecht/nix-modules.git"
}, },
"branch": "main", "branch": "main",
"revision": "2fd7c7810b2a901020ddd2d0cc82810b83a313fc", "revision": "32e76ee64352587663766e1a3945a6fe0917e35d",
"url": null, "url": null,
"hash": "0rag870ll745r5isnk6hlxv0b0sbgriba5k6nihahcwsal2f4830" "hash": "16vnpnby6s174y4nzb26z2pc49ba7lw7vpf6r7p4dqci92b0yg5j"
}, },
"nix-patches": { "nix-patches": {
"type": "GitRelease", "type": "GitRelease",
@ -226,9 +240,9 @@
"url": "https://git.hubrecht.ovh/hubrecht/nix-pkgs" "url": "https://git.hubrecht.ovh/hubrecht/nix-pkgs"
}, },
"branch": "main", "branch": "main",
"revision": "3e731378f3984313ef902c5e5a49e002e6e2c27e", "revision": "f3a79c8038b8847a0c93381db2b744b3153a0201",
"url": null, "url": null,
"hash": "1vy2dj9fyy653w6idvi1r73s0nd2a332a1xkppddjip6rk0i030p" "hash": "1l7xd5s7ycwnnmb3kn12ysc4kqnvg1p4g60sfndqc8q944wxmpab"
}, },
"nixos-23.11": { "nixos-23.11": {
"type": "Channel", "type": "Channel",
@ -239,8 +253,8 @@
"nixos-24.05": { "nixos-24.05": {
"type": "Channel", "type": "Channel",
"name": "nixos-24.05", "name": "nixos-24.05",
"url": "https://releases.nixos.org/nixos/24.05/nixos-24.05.5518.ecbc1ca8ffd6/nixexprs.tar.xz", "url": "https://releases.nixos.org/nixos/24.05/nixos-24.05.4798.f4c846aee8e1/nixexprs.tar.xz",
"hash": "1yr2v17d8jg9567rvadv62bpr6i47fp73by2454yjxh1m9ric2cm" "hash": "0i08jxfa55ifpdmcwg2isgszprxaikjalinmcqjfzk336hzvh7if"
}, },
"nixos-generators": { "nixos-generators": {
"type": "Git", "type": "Git",
@ -250,33 +264,21 @@
"repo": "nixos-generators" "repo": "nixos-generators"
}, },
"branch": "master", "branch": "master",
"revision": "9ae128172f823956e54947fe471bc6dfa670ecb4", "revision": "214efbd73241d72a8f48b8b9a73bb54895cd51a7",
"url": "https://github.com/nix-community/nixos-generators/archive/9ae128172f823956e54947fe471bc6dfa670ecb4.tar.gz", "url": "https://github.com/nix-community/nixos-generators/archive/214efbd73241d72a8f48b8b9a73bb54895cd51a7.tar.gz",
"hash": "1zn3lykymimzh21q4fixw6ql42n8j82dqwm5axifhcnl8dsdgrvr" "hash": "00cavr7wlaa6mc16245gn5d5bq7y67fg7l4bgkx3q5109jay1837"
}, },
"nixos-unstable": { "nixos-unstable": {
"type": "Channel", "type": "Channel",
"name": "nixos-unstable", "name": "nixos-unstable",
"url": "https://releases.nixos.org/nixos/unstable/nixos-24.11pre688563.bc947f541ae5/nixexprs.tar.xz", "url": "https://releases.nixos.org/nixos/unstable/nixos-24.11pre677397.574d1eac1c20/nixexprs.tar.xz",
"hash": "1jsaxwi128fiach3dj8rdj5agqivsr4sidb8lmdnl7g07fl9x0kj" "hash": "0j66kv4xq4csa5hwizlab5a7j47hd44182xvz541ll3cdfd5a7gx"
}, },
"nixpkgs": { "nixpkgs": {
"type": "Channel", "type": "Channel",
"name": "nixpkgs-unstable", "name": "nixpkgs-unstable",
"url": "https://releases.nixos.org/nixpkgs/nixpkgs-24.11pre689466.7d49afd36b55/nixexprs.tar.xz", "url": "https://releases.nixos.org/nixpkgs/nixpkgs-24.11pre678893.5775c2583f18/nixexprs.tar.xz",
"hash": "0r4zb6j8in4dk7gxciapfm49dqbdd0c7ajjzj9iy2xrrj5aj32qp" "hash": "09r3fc2xk4nxzhmkn7wvk99i8qibrhh6lhd3mz6iz64imj1k5r9r"
},
"proxmox-nixos": {
"type": "Git",
"repository": {
"type": "GitHub",
"owner": "SaumonNet",
"repo": "proxmox-nixos"
},
"branch": "main",
"revision": "7869ffc2e0db36f314fb60f1ab0087b760700b00",
"url": "https://github.com/SaumonNet/proxmox-nixos/archive/7869ffc2e0db36f314fb60f1ab0087b760700b00.tar.gz",
"hash": "0cam36s3ar366y41rvihjqghkdjl9a1n1wzym8p2mkar1r9x7haj"
}, },
"signal-irc-bridge": { "signal-irc-bridge": {
"type": "Git", "type": "Git",
@ -285,9 +287,9 @@
"url": "https://git.dgnum.eu/mdebray/signal-irc-bridge" "url": "https://git.dgnum.eu/mdebray/signal-irc-bridge"
}, },
"branch": "master", "branch": "master",
"revision": "9123e6fbe5cdc2d2ae16579d989d45398232f74c", "revision": "688a5c324e032f7716aa69fb7097971fa26bed1d",
"url": null, "url": null,
"hash": "15p61k0ylri7bbqz4vsy8rmhy62va4yd8cjiwm4lb0gvgbcbkdr2" "hash": "153mb2m3ap3v3y1inygqic551vawz1i08pbx2v1viaind3nd2l6m"
}, },
"stateless-uptime-kuma": { "stateless-uptime-kuma": {
"type": "Git", "type": "Git",
@ -308,9 +310,9 @@
"server": "https://git.helsinki.tools/" "server": "https://git.helsinki.tools/"
}, },
"branch": "master", "branch": "master",
"revision": "4c47608f349dd45e4895e1f61f19ad9e8dfcc0bf", "revision": "a1c485d16f0df1f55634787b63961846288b3d31",
"url": "https://git.helsinki.tools/api/v4/projects/helsinki-systems%2Fwp4nix/repository/archive.tar.gz?sha=4c47608f349dd45e4895e1f61f19ad9e8dfcc0bf", "url": "https://git.helsinki.tools/api/v4/projects/helsinki-systems%2Fwp4nix/repository/archive.tar.gz?sha=a1c485d16f0df1f55634787b63961846288b3d31",
"hash": "1pnjhbljihf2ras9lbp1f6izzxghccfygkkf2ikkahjr1vbicdbq" "hash": "09xmhv821x2w704lbg43ayr83ycb0rvqfh6fq0c9l4x9v23wv9cw"
} }
}, },
"version": 3 "version": 3

54
patches/05-pmnos-correctness-build-directory.patch
View file

@ -1,54 +0,0 @@
From 4d6e57d2d577cc105c9e0cd397408e9e3ce85cd0 Mon Sep 17 00:00:00 2001
From: Raito Bezarius <masterancpp@gmail.com>
Date: Tue, 8 Oct 2024 16:33:14 +0200
Subject: [PATCH] fix(packaging): correctness of the build top directory
It was using /build which is an implementation detail and not
guaranteed.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
---
pkgs/pve-container/default.nix | 6 +++---
pkgs/pve-rs/default.nix | 2 +-
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/pkgs/pve-container/default.nix b/pkgs/pve-container/default.nix
index 445c271..5633c0f 100644
--- a/pkgs/pve-container/default.nix
+++ b/pkgs/pve-container/default.nix
@@ -30,7 +30,7 @@ perl536.pkgs.toPerlModule (
postPatch = ''
sed -i Makefile \
-e "s/pct.1 pct.conf.5 pct.bash-completion pct.zsh-completion //" \
- -e "s,/usr/share/lxc,/build/lxc," \
+ -e "s,/usr/share/lxc,$NIX_BUILD_TOP/lxc," \
-e "/pve-doc-generator/d" \
-e "/PVE_GENERATING_DOCS/d" \
-e "/SERVICEDIR/d" \
@@ -45,8 +45,8 @@ perl536.pkgs.toPerlModule (
dontPatchShebangs = true;
postConfigure = ''
- cp -r ${lxc}/share/lxc /build
- chmod -R +w /build/lxc
+ cp -r ${lxc}/share/lxc $NIX_BUILD_TOP/
+ chmod -R +w $NIX_BUILD_TOP/lxc
'';
makeFlags = [
diff --git a/pkgs/pve-rs/default.nix b/pkgs/pve-rs/default.nix
index c024287..881beab 100644
--- a/pkgs/pve-rs/default.nix
+++ b/pkgs/pve-rs/default.nix
@@ -57,7 +57,7 @@ perl536.pkgs.toPerlModule (
];
makeFlags = [
- "BUILDIR=/build"
+ "BUILDIR=$NIX_BUILD_TOP"
"BUILD_MODE=release"
"DESTDIR=$(out)"
"GITVERSION:=${src.rev}"
--
2.46.0

7
patches/default.nix
View file

@ -126,11 +126,4 @@ in
hash = "sha256-SgHhW9HCkDQsxT3eG4P9q68c43e3sbDHRY9qs7oSt8o="; hash = "sha256-SgHhW9HCkDQsxT3eG4P9q68c43e3sbDHRY9qs7oSt8o=";
} }
]; ];
"proxmox-nixos" = [
{
_type = "static";
path = ./05-pmnos-correctness-build-directory.patch;
}
];
} }

20
scripts/cache-node.sh
View file

@ -1,20 +0,0 @@
set -eu -o pipefail
cat <<EOF >.netrc
default
login $STORE_USER
password $STORE_PASSWORD
EOF
drv=$("@colmena@/bin/colmena" eval --instantiate -E "{ nodes, ... }: nodes.${BUILD_NODE}.config.system.build.toplevel")
# Build the derivation and send it to the great beyond
nix-store --query --requisites --force-realise --include-outputs "$drv" | grep -v '.*\.drv' >paths.txt
nix copy \
--extra-experimental-features nix-command \
--to "$STORE_ENDPOINT?compression=none" \
--netrc-file .netrc \
"$(nix-store --realise "$drv")"
rm .netrc

12
scripts/cache.sh Executable file
View file

@ -0,0 +1,12 @@
ENDPOINT=${ATTIC_ENDPOINT:-https://cachix.dgnum.eu}
if [ "$1" == "off" ]; then
echo "Please edit $XDG_CONFIG_HOME/nix/nix.conf to remove the cache"
elif [ "$1" == "on" ]; then
@attic@/bin/attic login dgnum "$ENDPOINT"
@attic@/bin/attic use dgnum:infra
else
echo "Help:"
echo " cache {on|off}"
fi

5
scripts/default.nix
View file

@ -10,6 +10,7 @@ let
git git
jq jq
; ;
attic = pkgs.attic-client;
}; };
mkShellScript = mkShellScript =
@ -29,10 +30,12 @@ let
)); ));
scripts = [ scripts = [
"cache-node"
"check-deployment" "check-deployment"
"launch-vm" "launch-vm"
"list-nodes" "list-nodes"
"push-to-cache"
"push-to-nix-cache"
"cache"
]; ];
in in

13
scripts/push-to-cache.sh Executable file
View file

@ -0,0 +1,13 @@
set -e
set -u
set -o pipefail
ENDPOINT=${ATTIC_ENDPOINT:-https://cachix.dgnum.eu}
@attic@/bin/attic login dgnum "$ENDPOINT" "$ATTIC_TOKEN"
@colmena@/bin/colmena eval -E '{ nodes, lib, ... }: lib.mapAttrsToList (_: v: v.config.system.build.toplevel.drvPath) nodes' |\
@jq@/bin/jq -r '.[]' |\
xargs -n 10 nix-store -q -R --include-outputs |\
sed '/\.drv$/d' |\
xargs @attic@/bin/attic push dgnum:infra

20
scripts/push-to-nix-cache.sh Executable file
View file

@ -0,0 +1,20 @@
set -e
set -u
set -o pipefail
ENDPOINT=${STORE_ENDPOINT:-https://tvix-cache.dgnum.eu/infra-singing/}
cat > .netrc << EOF
default
login $STORE_USER
password $STORE_PASSWORD
EOF
@colmena@/bin/colmena eval -E "{ nodes, lib, ... }: builtins.map (v: nodes.\${v}.config.system.build.toplevel.drvPath) ${NODES:-(builtins.attrNames nodes)}" |\
@jq@/bin/jq -r '.[]' |\
xargs nix-store -q -R --include-outputs |\
sed '/\.drv$/d' |\
tee uploaded.txt |\
xargs nix copy --to "$ENDPOINT?compression=none" --extra-experimental-features nix-command --netrc-file ./.netrc
rm .netrc