intermediate commit

Reviewed-on: https://git.pvv.ntnu.no/Drift/pvv-nixos-config/pulls/94
Reviewed-by: Oystein Kristoffer Tveit <oysteikt@pvv.ntnu.no>

base/default.nix

@@ -50,6 +50,18 @@
     kitty.terminfo
   ];
 
+  # .bash_profile already works, but lets also use .bashrc like literally every other distro
+  # https://man.archlinux.org/man/core/bash/bash.1.en#INVOCATION
+  # home-manager usually handles this for you: https://github.com/nix-community/home-manager/blob/22a36aa709de7dd42b562a433b9cefecf104a6ee/modules/programs/bash.nix#L203-L209
+  # btw, programs.bash.shellInit just goes into environment.shellInit which in turn goes into /etc/profile, spooky shit
+  programs.bash.shellInit = ''
+   if [ -n "''${BASH_VERSION:-}" ]; then
+     if [[ ! -f ~/.bash_profile && ! -f ~/.bash_login ]]; then
+      [[ -f ~/.bashrc ]] && . ~/.bashrc
+     fi
+   fi
+  '';
+
   programs.zsh.enable = true;
 
   security.lockKernelModules = true;

flake.lock

@@ -130,11 +130,11 @@
         "rev": "e4dafd06b3d7e9e6e07617766e9c3743134571b7",
         "revCount": 7,
         "type": "git",
-        "url": "https://git.pvv.ntnu.no/oysteikt/nix-gitea-themes.git"
+        "url": "https://git.pvv.ntnu.no/Drift/nix-gitea-themes.git"
       },
       "original": {
         "type": "git",
-        "url": "https://git.pvv.ntnu.no/oysteikt/nix-gitea-themes.git"
+        "url": "https://git.pvv.ntnu.no/Drift/nix-gitea-themes.git"
       }
     },
     "nixpkgs": {

flake.nix

@@ -20,7 +20,7 @@
     matrix-next.url = "github:dali99/nixos-matrix-modules/0.7.0";
     matrix-next.inputs.nixpkgs.follows = "nixpkgs";
 
-    nix-gitea-themes.url = "git+https://git.pvv.ntnu.no/oysteikt/nix-gitea-themes.git";
+    nix-gitea-themes.url = "git+https://git.pvv.ntnu.no/Drift/nix-gitea-themes.git";
     nix-gitea-themes.inputs.nixpkgs.follows = "nixpkgs";
 
     greg-ng.url = "git+https://git.pvv.ntnu.no/Grzegorz/greg-ng.git";
@@ -55,7 +55,7 @@
 
     nixosConfigurations = let
       unstablePkgs = nixpkgs-unstable.legacyPackages.x86_64-linux;
-      nixosConfig = nixpkgs: name: config: lib.nixosSystem (lib.recursiveUpdate
+      nixosConfig = nixpkgs: name: configurationPath: config: lib.nixosSystem (lib.recursiveUpdate
         rec {
           system = "x86_64-linux";
           specialArgs = {
@@ -65,12 +65,17 @@
           };
 
           modules = [
-            ./hosts/${name}/configuration.nix
+            configurationPath
             sops-nix.nixosModules.sops
           ] ++ config.modules or [];
 
           pkgs = import nixpkgs {
             inherit system;
+            config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg)
+              [
+                "nvidia-x11"
+                "nvidia-settings"
+              ];
             overlays = [
               # Global overlays go here
             ] ++ config.overlays or [ ];
@@ -79,8 +84,8 @@
         (removeAttrs config [ "modules" "overlays" ])
       );
 
-      stableNixosConfig = nixosConfig nixpkgs;
+      stableNixosConfig = name: config:
-      unstableNixosConfig = nixosConfig nixpkgs-unstable;
+          nixosConfig nixpkgs name ./hosts/${name}/configuration.nix config;
     in {
       bicep = stableNixosConfig "bicep" {
         modules = [
@@ -114,6 +119,7 @@
       ildkule = stableNixosConfig "ildkule" { };
       #ildkule-unstable = unstableNixosConfig "ildkule" { };
       shark = stableNixosConfig "shark" { };
+      wenche = stableNixosConfig "wenche" { };
 
       kommode = stableNixosConfig "kommode" {
         overlays = [
@@ -152,7 +158,16 @@
           inputs.gergle.overlays.default
         ];
       };
-    };
+    } //
+    (let
+      machineNames = map (i: "lupine-${toString i}") (lib.range 1 5);
+      stableLupineNixosConfig = name: config:
+          nixosConfig nixpkgs name ./hosts/lupine/configuration.nix config;
+    in lib.genAttrs machineNames (name: stableLupineNixosConfig name {
+      modules = [
+        { networking.hostname = name; }
+      ];
+    }));
 
     nixosModules = {
       snakeoil-certs = ./modules/snakeoil-certs.nix;
@@ -162,6 +177,15 @@
 
     devShells = forAllSystems (system: {
       default = nixpkgs.legacyPackages.${system}.callPackage ./shell.nix { };
+      cuda = let
+        cuda-pkgs = import nixpkgs {
+          inherit system;
+          config = {
+            allowUnfree = true;
+            cudaSupport = true;
+          };
+        };
+      in cuda-pkgs.callPackage ./shells/cuda.nix { };
     });
 
     packages = {

hosts/bekkalokk/services/website/default.nix

@@ -67,7 +67,12 @@ in {
         ADMIN_NAME = "PVV Drift";
         ADMIN_EMAIL = "drift@pvv.ntnu.no";
         ADMIN_PASSWORD = includeFromSops "simplesamlphp/admin_password";
-        TRUSTED_DOMAINS = [ cfg.domainName ];
+        TRUSTED_DOMAINS = [
+          "www.pvv.ntnu.no"
+          "pvv.ntnu.no"
+          "www.pvv.org"
+          "pvv.org"
+        ];
       };
     };
   };

hosts/bicep/configuration.nix

@@ -7,10 +7,9 @@
     (fp /misc/metrics-exporters.nix)
     ./services/nginx
 
+    ./services/calendar-bot.nix
     ./services/mysql.nix
     ./services/postgres.nix
-    ./services/mysql.nix
-    ./services/calendar-bot.nix
 
     ./services/matrix
   ];

hosts/kommode/services/gitea/customization/default.nix

@@ -38,10 +38,6 @@ in
         # Bigger icons
         install -Dm444 "${cfg.package.src}/templates/repo/icon.tmpl" "$out/repo/icon.tmpl"
         sed -i -e 's/24/48/g' "$out/repo/icon.tmpl"
-
-        # Show license in list view
-        patch -i ${./licenses-in-repo-list.diff} "${cfg.package.src}/templates/explore/repo_list.tmpl" -o repo_list.tmpl
-        install -Dm444 repo_list.tmpl "$out/explore/repo_list.tmpl"
       '';
     in ''
       install -Dm444 ${logo-svg} ${cfg.customDir}/public/assets/img/logo.svg

hosts/kommode/services/gitea/customization/licenses-in-repo-list.diff

@@ -1,6 +0,0 @@
-33a34,38
-> 						{{if .DetectedRepoLicenses}}
-> 							<a class="flex-text-inline" href="{{.RepoLink}}/src/{{.Repository.DefaultBranch}}/{{PathEscapeSegments .LicenseFileName}}" title="{{StringUtils.Join .DetectedRepoLicenses ", "}}">
-> 								{{svg "octicon-law"}} {{if eq (len .DetectedRepoLicenses) 1}}{{index .DetectedRepoLicenses 0}}{{else}}{{ctx.Locale.Tr "repo.multiple_licenses"}}{{end}}
-> 							</a>
-> 						{{end}}

hosts/kommode/services/gitea/default.nix

@@ -49,6 +49,10 @@ in {
         START_LFS_SERVER = true;
         LANDING_PAGE = "explore";
       };
+      "git.timeout" = {
+        MIGRATE = 3600;
+        MIRROR = 1800;
+      };
       mailer = {
         ENABLED = true;
         FROM = "gitea@pvv.ntnu.no";
@@ -136,6 +140,7 @@ in {
 
     dump = {
       enable = true;
+      interval = "weekly";
       type = "tar.gz";
     };
   };

hosts/lupine/configuration.nix

@@ -0,0 +1,33 @@
+{ config, fp, pkgs, values, ... }:
+{
+  imports = [
+    ./hardware/${config.networking.hostname}.nix
+
+    (fp /base)
+    (fp /misc/metrics-exporters.nix)
+  ];
+
+  sops.defaultSopsFile = fp /secrets/lupine/lupine.yaml;
+  sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
+  sops.age.keyFile = "/var/lib/sops-nix/key.txt";
+  sops.age.generateKey = true;
+
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  systemd.network.networks."30-enp6s0f0" = values.defaultNetworkConfig // {
+    matchConfig.Name = "enp6s0f0";
+    address = with values.hosts.lupine; [ (ipv4 + "/25") (ipv6 + "/64") ]
+      ++ (with values.services.turn; [ (ipv4 + "/25") (ipv6 + "/64") ]);
+  };
+  systemd.network.wait-online = {
+    anyInterface = true;
+  };
+
+  # There are no smart devices
+  services.smartd.enable = false;
+
+  # Do not change, even during upgrades.
+  # See https://search.nixos.org/options?show=system.stateVersion
+  system.stateVersion = "24.11";
+}

hosts/lupine/hardware/lupine_1.nix

@@ -0,0 +1,40 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/a949e2e8-d973-4925-83e4-bcd815e65af7";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/81D6-38D3";
+      fsType = "vfat";
+      options = [ "fmask=0077" "dmask=0077" ];
+    };
+
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/82c2d7fa-7cd0-4398-8cf6-c892bc56264b"; }
+    ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

hosts/lupine/hardware/lupine_2.nix

@@ -0,0 +1,41 @@
+# IKKE EKTE BARE EN TEST
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/a949e2e8-d973-4925-83e4-bcd815e65af7";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/81D6-38D3";
+      fsType = "vfat";
+      options = [ "fmask=0077" "dmask=0077" ];
+    };
+
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/82c2d7fa-7cd0-4398-8cf6-c892bc56264b"; }
+    ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

hosts/lupine/services/gitea-runners.nix

@@ -0,0 +1,4 @@
+{ config, lib, values, ... }:
+{
+  nameList = builtins.attrNames (builtins.readDir ../hardware);
+}

hosts/wenche/configuration.nix

@@ -0,0 +1,39 @@
+{ config, fp, pkgs, values, lib, ... }:
+{
+  imports = [
+      # Include the results of the hardware scan.
+      ./hardware-configuration.nix
+      (fp /base)
+      (fp /misc/metrics-exporters.nix)
+
+      (fp /misc/builder.nix)
+    ];
+
+  sops.defaultSopsFile = fp /secrets/wenche/wenche.yaml;
+  sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
+  sops.age.keyFile = "/var/lib/sops-nix/key.txt";
+  sops.age.generateKey = true;
+
+  boot.loader.grub.device = "/dev/sda";
+
+  networking.hostName = "wenche"; # Define your hostname.
+
+  systemd.network.networks."30-ens18" = values.defaultNetworkConfig // {
+    matchConfig.Name = "ens18";
+    address = with values.hosts.wenche; [ (ipv4 + "/25") (ipv6 + "/64") ];
+  };
+
+  hardware.graphics.enable = true;
+  services.xserver.videoDrivers = [ "nvidia" ];
+  hardware.nvidia = {
+    modesetting.enable = true;
+    open = false;
+    package = config.boot.kernelPackages.nvidiaPackages.production;
+  };
+
+  # List packages installed in system profile
+  environment.systemPackages = with pkgs; [
+  ];
+
+  system.stateVersion = "24.11"; # Did you read the comment?
+}

hosts/wenche/hardware-configuration.nix

@@ -0,0 +1,27 @@
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/profiles/qemu-guest.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "nvidia"  ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/4e8ecdd2-d453-4fff-b952-f06da00f3b85";
+      fsType = "ext4";
+    };
+
+  swapDevices = [ {
+    device = "/var/lib/swapfile";
+    size = 16*1024;
+  } ];
+
+  networking.useDHCP = lib.mkDefault false;
+  # networking.interfaces.ens18.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+}

shells/cuda.nix

@@ -0,0 +1,45 @@
+# nix develop .#cuda
+# Copied from https://nixos.wiki/wiki/CUDA
+{ pkgs }:
+
+pkgs.mkShell {
+  name = "cuda-env-shell";
+  buildInputs = with pkgs; [
+    autoconf
+    binutils
+    curl
+    freeglut
+    git
+    gitRepo
+    gnumake
+    gnupg
+    gperf
+    libGL
+    libGLU
+    m4
+    ncurses5
+    procps
+    stdenv.cc
+    unzip
+    util-linux
+    xorg.libX11
+    xorg.libXext
+    xorg.libXi
+    xorg.libXmu
+    xorg.libXrandr
+    xorg.libXv
+    zlib
+
+    cudatoolkit
+    linuxPackages.nvidia_x11
+
+    # Other applications, like
+    hashcat
+  ];
+
+  env = {
+    CUDA_PATH = pkgs.cudatoolkit;
+    EXTRA_LDFLAGS = "-L/lib -L${pkgs.linuxPackages.nvidia_x11}/lib";
+    EXTRA_CCFLAGS = "-I/usr/include";
+  };
+}

values.nix

@@ -68,6 +68,10 @@ in rec {
       ipv4 = pvv-ipv4 234;
       ipv6 = pvv-ipv6 234;
     };
+    wenche = {
+      ipv4 = pvv-ipv4 240;
+      ipv6 = pvv-ipv6 240;
+    };
   };
 
   defaultNetworkConfig = {