bicep: start revival

2026-05-02 04:33:15 +02:00 · 2026-04-18 22:51:57 +02:00
9 changed files with 111 additions and 95 deletions
--- a/.gitea/workflows/build-topology-graph.yml
+++ b/.gitea/workflows/build-topology-graph.yml
@@ -7,19 +7,15 @@ jobs:
  evals:
    runs-on: debian-latest
    steps:
-    - name: Install sudo
-      run: apt-get install --update --assume-yes sudo
-
    - uses: actions/checkout@v6

+    - name: Install sudo
+      run: apt-get update && apt-get -y install sudo
+
    - uses: https://github.com/cachix/install-nix-action@v31
-      with:
-        extra_nix_config: |
-          show-trace = true
-          max-jobs = auto
-          trusted-users = root
-          experimental-features = nix-command flakes
-          build-users-group =
+
+    - name: Configure Nix
+      run: echo -e "show-trace = true\nmax-jobs = auto\ntrusted-users = root\nexperimental-features = nix-command flakes\nbuild-users-group =" > /etc/nix/nix.conf

    - name: Build topology graph
      run: nix build .#topology -L
--- a/.gitea/workflows/eval.yml
+++ b/.gitea/workflows/eval.yml
@@ -6,18 +6,8 @@ jobs:
  evals:
    runs-on: debian-latest
    steps:
-    - name: Install sudo
-      run: apt-get install --update --assume-yes sudo
-
    - uses: actions/checkout@v6
-
+    - run: apt-get update && apt-get -y install sudo
    - uses: https://github.com/cachix/install-nix-action@v31
-      with:
-        extra_nix_config: |
-          show-trace = true
-          max-jobs = auto
-          trusted-users = root
-          experimental-features = nix-command flakes
-          build-users-group =
-
+    - run: echo -e "show-trace = true\nmax-jobs = auto\ntrusted-users = root\nexperimental-features = nix-command flakes\nbuild-users-group =" > /etc/nix/nix.conf
    - run: nix flake check
--- a/flake.lock
+++ b/flake.lock
@@ -2,11 +2,11 @@
  "nodes": {
    "crane": {
      "locked": {
-        "lastModified": 1776635034,
-        "narHash": "sha256-OEOJrT3ZfwbChzODfIH4GzlNTtOFuZFWPtW7jIeR8xU=",
+        "lastModified": 1770419512,
+        "narHash": "sha256-o8Vcdz6B6bkiGUYkZqFwH3Pv1JwZyXht3dMtS7RchIo=",
        "owner": "ipetkov",
        "repo": "crane",
-        "rev": "dc7496d8ea6e526b1254b55d09b966e94673750f",
+        "rev": "2510f2cbc3ccd237f700bb213756a8f35c32d8d7",
        "type": "github"
      },
      "original": {
@@ -78,15 +78,15 @@
    "gergle": {
      "inputs": {
        "nixpkgs": [
-          "nixpkgs-unstable"
+          "nixpkgs"
        ]
      },
      "locked": {
-        "lastModified": 1777067150,
-        "narHash": "sha256-vqPz8jCS1zTQlvmgctUFpvnr6f9ISR5h7CPG/HgQvf0=",
+        "lastModified": 1770617355,
+        "narHash": "sha256-lauV1yKA67WxnlbiJiwhOT9xI8nTiUqqrrRlgA+rMis=",
        "ref": "main",
-        "rev": "b452a854fb78d6df9fe062b45e23a968657d115d",
-        "revCount": 35,
+        "rev": "36af0316a7370d19db05ef7c0a87e826f4a222d5",
+        "revCount": 24,
        "type": "git",
        "url": "https://git.pvv.ntnu.no/Grzegorz/gergle.git"
      },
@@ -99,16 +99,16 @@
    "greg-ng": {
      "inputs": {
        "nixpkgs": [
-          "nixpkgs-unstable"
+          "nixpkgs"
        ],
        "rust-overlay": "rust-overlay"
      },
      "locked": {
-        "lastModified": 1777019032,
-        "narHash": "sha256-29lw7THThWb5DW01rVRj1b816Apwz/P4m2wVWaSIadU=",
+        "lastModified": 1770617867,
+        "narHash": "sha256-xPLm4C13KUl0zmm1OA+A8UwDSixwtNQ/caRx/WjN+WY=",
        "ref": "main",
-        "rev": "55262afca46c96f75a834d4e00e30d5fb20affb6",
-        "revCount": 61,
+        "rev": "155752914d81a3a3c02fcfc5d840cfdfda07216d",
+        "revCount": 62,
        "type": "git",
        "url": "https://git.pvv.ntnu.no/Grzegorz/greg-ng.git"
      },
@@ -276,11 +276,11 @@
    },
    "nixpkgs-unstable": {
      "locked": {
-        "lastModified": 1777014002,
-        "narHash": "sha256-urhq48kYlNYbkGXQ/f3NjzJTGfMdG8GmJQbgFLcrcV0=",
-        "rev": "15ebe06759175c2e98dba23c0b125913589094e7",
+        "lastModified": 1775064351,
+        "narHash": "sha256-KHkwW/A1+H23YBMQGDmPb8cw5LwZFnszVKg5eZ4JWhg=",
+        "rev": "1e6f1bb5bb05d14aea16063ab587c599a68241c2",
        "type": "tarball",
-        "url": "https://releases.nixos.org/nixos/unstable-small/nixos-26.05pre986338.15ebe0675917/nixexprs.tar.xz"
+        "url": "https://releases.nixos.org/nixos/unstable-small/nixos-26.05pre973082.1e6f1bb5bb05/nixexprs.tar.xz"
      },
      "original": {
        "type": "tarball",
@@ -380,11 +380,11 @@
        "rust-overlay": "rust-overlay_3"
      },
      "locked": {
-        "lastModified": 1777418851,
-        "narHash": "sha256-M6LntO3jkxwgcKkaa9de1Vqu+LsV12Yz8Bv3/9/k018=",
+        "lastModified": 1770912859,
+        "narHash": "sha256-wtf7YgthGVDY7dhWe8cO42+CD7Y2Pkngvzirwjwvfzg=",
        "ref": "main",
-        "rev": "16b2bc5c2759e20ecb952374509f1e1f9d6c06e7",
-        "revCount": 83,
+        "rev": "9361dcf941fabb14e94f472754b0e0a26cc56e13",
+        "revCount": 59,
        "type": "git",
        "url": "https://git.pvv.ntnu.no/Projects/roowho2.git"
      },
@@ -402,11 +402,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1777000482,
-        "narHash": "sha256-CZ5FKUSA8FCJf0h9GWdPJXoVVDL9H5yC74GkVc5ubIM=",
+        "lastModified": 1770606655,
+        "narHash": "sha256-rpJf+kxvLWv32ivcgu8d+JeJooog3boJCT8J3joJvvM=",
        "owner": "oxalica",
        "repo": "rust-overlay",
-        "rev": "403c09094a877e6c4816462d00b1a56ff8198e06",
+        "rev": "11a396520bf911e4ed01e78e11633d3fc63b350e",
        "type": "github"
      },
      "original": {
@@ -444,11 +444,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1776914043,
-        "narHash": "sha256-qug5r56yW1qOsjSI99l3Jm15JNT9CvS2otkXNRNtrPI=",
+        "lastModified": 1769309768,
+        "narHash": "sha256-AbOIlNO+JoqRJkK1VrnDXhxuX6CrdtIu2hSuy4pxi3g=",
        "owner": "oxalica",
        "repo": "rust-overlay",
-        "rev": "2d35c4358d7de3a0e606a6e8b27925d981c01cc3",
+        "rev": "140c9dc582cb73ada2d63a2180524fcaa744fad5",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@@ -36,9 +36,9 @@
    roowho2.inputs.nixpkgs.follows = "nixpkgs";

    greg-ng.url = "git+https://git.pvv.ntnu.no/Grzegorz/greg-ng.git?ref=main";
-    greg-ng.inputs.nixpkgs.follows = "nixpkgs-unstable";
+    greg-ng.inputs.nixpkgs.follows = "nixpkgs";
    gergle.url = "git+https://git.pvv.ntnu.no/Grzegorz/gergle.git?ref=main";
-    gergle.inputs.nixpkgs.follows = "nixpkgs-unstable";
+    gergle.inputs.nixpkgs.follows = "nixpkgs";
    grzegorz-clients.url = "git+https://git.pvv.ntnu.no/Grzegorz/grzegorz-clients.git?ref=master";
    grzegorz-clients.inputs.nixpkgs.follows = "nixpkgs";

--- a/hosts/bicep/configuration.nix
+++ b/hosts/bicep/configuration.nix
@@ -1,32 +1,56 @@
-{ fp, pkgs, values, ... }:
+{ fp, pkgs, values, lib, ... }:
 {
  imports = [
    ./hardware-configuration.nix

    (fp /base)
-    ./services/nginx
+    #./services/nginx

-    ./services/calendar-bot.nix
+    #./services/calendar-bot.nix
    #./services/git-mirrors
-    ./services/minecraft-heatmap.nix
-    ./services/mysql
-    ./services/postgresql
+    #./services/minecraft-heatmap.nix
+    #./services/mysql
+    #./services/postgresql

-    ./services/matrix
+    #./services/matrix
  ];

-  #systemd.network.networks."30-enp6s0f0" = values.defaultNetworkConfig // {
-  systemd.network.networks."30-ens18" = values.defaultNetworkConfig // {
-    #matchConfig.Name = "enp6s0f0";
-    matchConfig.Name = "ens18";
-    address = with values.hosts.bicep; [ (ipv4 + "/25") (ipv6 + "/64") ]
-      ++ (with values.services.turn; [ (ipv4 + "/25") (ipv6 + "/64") ]);
+  boot.loader = {
+    systemd-boot.enable = false; # no uefi support on this device
+    grub.device = "/dev/disk/by-id/scsi-3600508b1001ca9cf1c96afea40d5451d";
+    grub.enable = true;
+  };
+
+  boot = {
+    zfs = {
+      extraPools = [ "bicepdata" ];
+      requestEncryptionCredentials = false;
+    };
+    supportedFilesystems.zfs = true;
+
+    kernelPackages = pkgs.linuxPackages;
+  };
+
+  services.zfs.autoScrub = {
+    enable = true;
+    interval = "Wed *-*-8..14 00:00:00";
+  };
+
+  networking.hostId = "3b4bf6a5";
+  systemd.network.networks."30-ens10f3" = values.defaultNetworkConfig // {
+    matchConfig.Name = "ens10f3";
+    # IPs belong to guest1.pvv.ntnu.no
+    address = [ "129.241.210.248/25" "2001:700:300:1900::248/63" ];
  };
  systemd.network.wait-online = {
    anyInterface = true;
  };

-  services.qemuGuest.enable = true;
+  # local overrides
+  services.smartd.enable = lib.mkForce false;
+  system.autoUpgrade.enable = lib.mkForce false;
+  #services.userborn.enable = lib.mkForce false;
+  #services.userdbd.enable = lib.mkForce false;

  # Don't change (even during upgrades) unless you know what you are doing.
  # See https://search.nixos.org/options?show=system.stateVersion
--- a/hosts/bicep/hardware-configuration.nix
+++ b/hosts/bicep/hardware-configuration.nix
@@ -5,39 +5,26 @@

 {
  imports =
-    [ (modulesPath + "/profiles/qemu-guest.nix")
+    [ (modulesPath + "/installer/scan/not-detected.nix")
    ];

-  boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "ahci" "sd_mod" "sr_mod" ];
+  boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "hpsa" "ohci_pci" "usbhid" "sd_mod" ];
  boot.initrd.kernelModules = [ ];
-  boot.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
  boot.extraModulePackages = [ ];

  fileSystems."/" =
-    { device = "/dev/disk/by-uuid/20e06202-7a09-47cc-8ef6-5e7afe19453a";
-      fsType = "ext4";
+    { device = "/dev/disk/by-uuid/ec4ab82a-f31e-4f02-a988-99c18160d04a";
+      fsType = "btrfs";
    };

-  # temp data disk, only 128gb not enough until we can add another disk to the system.
-  fileSystems."/data" =
-    { device = "/dev/disk/by-uuid/c81af266-0781-4084-b8eb-c2587cbcf1ba";
-      fsType = "ext4";
-    };
-
-  fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/198B-E363";
-      fsType = "vfat";
-      options = [ "fmask=0022" "dmask=0022" ];
-    };
-
-  swapDevices = [ ];
-
-  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
-  # (the default) this is the recommended approach. When using systemd-networkd it's
-  # still possible to use this option, but it's recommended to use it in conjunction
-  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
-  networking.useDHCP = lib.mkDefault true;
-  # networking.interfaces.ens18.useDHCP = lib.mkDefault true;
+  swapDevices = [
+    {
+      device = "/var/lib/swapfile";
+      size = 8 * 1024;
+    }
+  ];

  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 }
--- a/hosts/lupine/services/gitea-runner.nix
+++ b/hosts/lupine/services/gitea-runner.nix
@@ -39,22 +39,17 @@
        "debian-bullseye-slim:docker://node:current-bullseye-slim"

        "alpine-latest:docker://node:current-alpine"
-        "alpine-3.23:docker://node:current-alpine3.23"
        "alpine-3.22:docker://node:current-alpine3.22"
        "alpine-3.21:docker://node:current-alpine3.21"

        # See https://gitea.com/gitea/runner-images
        "ubuntu-latest:docker://docker.gitea.com/runner-images:ubuntu-latest"
-        "ubuntu-26.04:docker://docker.gitea.com/runner-images:ubuntu-26.04"
-        "ubuntu-resolute:docker://docker.gitea.com/runner-images:ubuntu-26.04"
        "ubuntu-24.04:docker://docker.gitea.com/runner-images:ubuntu-24.04"
        "ubuntu-noble:docker://docker.gitea.com/runner-images:ubuntu-24.04"
        "ubuntu-22.04:docker://docker.gitea.com/runner-images:ubuntu-22.04"
        "ubuntu-jammy:docker://docker.gitea.com/runner-images:ubuntu-22.04"

        "ubuntu-latest-slim:docker://docker.gitea.com/runner-images:ubuntu-latest-slim"
-        "ubuntu-26.04-slim:docker://docker.gitea.com/runner-images:ubuntu-26.04-slim"
-        "ubuntu-resolute-slim:docker://docker.gitea.com/runner-images:ubuntu-26.04-slim"
        "ubuntu-24.04-slim:docker://docker.gitea.com/runner-images:ubuntu-24.04-slim"
        "ubuntu-noble-slim:docker://docker.gitea.com/runner-images:ubuntu-24.04-slim"
        "ubuntu-22.04-slim:docker://docker.gitea.com/runner-images:ubuntu-22.04-slim"
--- a/users/alfhj.nix
+++ b/users/alfhj.nix
@@ -0,0 +1,12 @@
+{ config, pkgs, ... }:
+
+{
+  users.users.alfhj = {
+    isNormalUser = true;
+    extraGroups = [ "wheel" ];
+    shell = if config.programs.zsh.enable then pkgs.zsh else pkgs.bash;
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMCAYE0U3sFizm/NSbKCs0jEhZ1mpAWPcijFevejiFL1 alfhj"
+    ];
+  };
+}
--- a/users/amalieem.nix
+++ b/users/amalieem.nix
@@ -0,0 +1,12 @@
+{ config, pkgs, ... }:
+
+{
+  users.users.amalieem = {
+    isNormalUser = true;
+    extraGroups = [ "wheel" ];
+    shell = if config.programs.zsh.enable then pkgs.zsh else pkgs.bash;
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPsMtFIj4Dem/onwMoWYbosOcU4y7A5nTjVwqWaU33E1 amalieem@matey-aug22"
+    ];
+  };
+}