From 6f366fbc1a2d71e1f7993859940bc7927311b028 Mon Sep 17 00:00:00 2001 From: Grigory Shipunov Date: Thu, 8 Jun 2023 14:46:27 +0200 Subject: [PATCH 01/63] monitor uranus for oopsies --- flake.nix | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/flake.nix b/flake.nix index 283ce4e..3ea6a38 100644 --- a/flake.nix +++ b/flake.nix @@ -249,7 +249,7 @@ }).optionsCommonMark; }; } - // (import ./pkgs/deployment.nix { inherit self pkgs lib;}) + // (import ./pkgs/deployment.nix { inherit self pkgs lib; }) // (lib.foldl (x: y: lib.mergeAttrs x { "${y.config.system.name}-vm" = y.config.system.build.vm; }) { } (lib.attrValues self.nixosConfigurations)); in @@ -319,6 +319,7 @@ ./modules/TLMS ./hosts/uranus + { deployment-TLMS.monitoring.enable = true; } ]; }; @@ -335,5 +336,5 @@ get-toplevel = (host: nixSystem: nixSystem.config.microvm.declaredRunner or nixSystem.config.system.build.toplevel); in nixpkgs.lib.mapAttrs get-toplevel self.nixosConfigurations; - }; + }; } From 70d0835083921eaace700a10f336a8e74b02ccc3 Mon Sep 17 00:00:00 2001 From: revol-xut Date: Thu, 8 Jun 2023 19:12:52 +0200 Subject: [PATCH 02/63] adding bitstring to jupyter --- hosts/uranus/stateful-jupyter.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/uranus/stateful-jupyter.nix b/hosts/uranus/stateful-jupyter.nix index 5882cf6..19dce65 100644 --- a/hosts/uranus/stateful-jupyter.nix +++ b/hosts/uranus/stateful-jupyter.nix @@ -31,6 +31,7 @@ "psycopg" "scipy" "seaborn" + "bitstring" ]; in (import ./jupyter-container.nix { From ddb7622ea9dc089daf3dbf0972e087d18fc66135 Mon Sep 17 00:00:00 2001 From: Grigory Shipunov Date: Thu, 8 Jun 2023 15:27:13 +0200 Subject: [PATCH 03/63] finish up deployment scripts --- pkgs/deployment.nix | 89 +++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 82 insertions(+), 7 deletions(-) diff --git a/pkgs/deployment.nix b/pkgs/deployment.nix index 5e9ee2b..3dd43dd 100644 --- a/pkgs/deployment.nix +++ b/pkgs/deployment.nix @@ -1,4 +1,8 @@ { self, pkgs, lib }: + +# This generates deployement scripts **ONLY** for non-microvm (e.g. bare-metal +# or conventional vm) hosts + let # filter out deployable (aka not microvm or container) systems filterHosts = k: v: !(builtins.hasAttr "microvm" v.config); @@ -27,17 +31,88 @@ let fi '')); + # garbage collect everything + garbageCollect = (system: + let + ip = system.config.deployment-TLMS.net.wg.addr4; + host = system.config.networking.hostName; + in + (pkgs.writeScriptBin "deploy" '' + #!${pkgs.runtimeShell} + set -e + + echo -e "\033[0;33mChecking if ${host} is up (ip: ${ip})\033[0m" + + if ping -c 1 ${ip} > /dev/null + then + echo -e "\033[0;32mCollecting garbage on ${host} with \"nix-collect-garbage -d\"\033[0m" + ssh root@${ip} -- nix-collect-garbage -d + else + echo -e "\033[0;31m${ip} seems to be down!\033[0m" + exit 1 + fi + '')); + + # reboot everything + reboot = (system: + let + ip = system.config.deployment-TLMS.net.wg.addr4; + host = system.config.networking.hostName; + in + (pkgs.writeScriptBin "deploy" '' + #!${pkgs.runtimeShell} + set -e + + echo -e "\033[0;33mChecking if ${host} is up (ip: ${ip})\033[0m" + + if ping -c 1 ${ip} > /dev/null + then + echo -e "\033[0;32mRebooting ${host}\033[0m" + ssh root@${ip} -- shutdown -r 1 + echo -e "\033[0;31m${host} IS SCHEDULED FOR REBOOT IN 1 MINUTE\033[0m" + else + echo -e "\033[0;31m${ip} seems to be down!\033[0m" + exit 1 + fi + '')); + + # individual script generation deployScriptWriter = (command: - pkgs.lib.mapAttrs' + lib.mapAttrs' (name: system: lib.nameValuePair ("rebuild-" + command + "-" + name) (deployScriptTemplate system command)) nonVmHosts); - supported_commands = [ - "switch" - "boot" - ]; + switchInstallScripts = deployScriptWriter "switch"; + bootInstallScripts = deployScriptWriter "boot"; + installScripts = bootInstallScripts // switchInstallScripts; + + garbageCollectScripts = lib.mapAttrs' (name: system: lib.nameValuePair ("collect-garbage-" + name) (garbageCollect system)) nonVmHosts; + + rebootScripts = lib.mapAttrs' (name: system: lib.nameValuePair ("reboot-" + name) (reboot system)) nonVmHosts; + + ## all at once + switchAll = lib.strings.concatMapStringsSep "\n" (path: "${path}/bin/deploy") (builtins.attrValues switchInstallScripts); + bootAll = lib.strings.concatMapStringsSep "\n" (path: "${path}/bin/deploy") (builtins.attrValues bootInstallScripts); + rebootAll = lib.strings.concatMapStringsSep "\n" (path: "${path}/bin/deploy") (builtins.attrValues rebootScripts); + garbageAll = lib.strings.concatMapStringsSep "\n" (path: "${path}/bin/deploy") (builtins.attrValues garbageCollectScripts); + + nukeAll = lib.mapAttrs' + (name: scripts: lib.nameValuePair (name) (pkgs.writeScriptBin "${name}" '' + #!${pkgs.runtimeShell} + set -ex + + ${scripts} + '')) + { + rebuild-boot-all = bootAll; + rebuild-switch-all = switchAll; + reboot-all = rebootAll; + garbage-collect-all = garbageAll; + }; - installScripts = lib.foldl (attr: cmd: lib.mergeAttrs attr (deployScriptWriter cmd)) { } supported_commands; in -installScripts +installScripts // +garbageCollectScripts // +rebootScripts // +nukeAll From 0a27001ca6a45520a58771fb77baff930b8d57ee Mon Sep 17 00:00:00 2001 From: Grigory Shipunov Date: Fri, 9 Jun 2023 19:47:15 +0200 Subject: [PATCH 04/63] test new jupyter config --- hosts/uranus/jupyter-container.nix | 61 ++++++++++++++++++++++++++---- hosts/uranus/stateful-jupyter.nix | 13 +++++-- 2 files changed, 63 insertions(+), 11 deletions(-) diff --git a/hosts/uranus/jupyter-container.nix b/hosts/uranus/jupyter-container.nix index 5a0b2ef..f3412a8 100644 --- a/hosts/uranus/jupyter-container.nix +++ b/hosts/uranus/jupyter-container.nix @@ -1,6 +1,14 @@ -{ pkgs, packages, bind-ip ? "0.0.0.0", bind-port ? 8080, ... }: +{ pkgs +, lib +, packages +, jupyterUsers +, jupyterAdminGroup ? "uranus-owner" +, bind-ip ? "0.0.0.0" +, bind-port ? 8080 +, ... +}: let - miniconda-alpine-dockerhub = pkgs.dockerTools.pullImage { + miniconda-dockerhub = pkgs.dockerTools.pullImage { imageName = "continuumio/miniconda3"; imageDigest = "sha256:a4b665d2075d9bf4b2c5aa896c059439a0baa5538ca67589a673121c31b4c35d"; sha256 = "sha256-boIAZ8PaPckWLzYYTqrqMEL7HGbyl9grCJrXOpsBMhg="; @@ -12,20 +20,57 @@ in pkgs.dockerTools.buildImage { name = "stateful-jupyterlab"; tag = "latest"; - fromImage = miniconda-alpine-dockerhub; + fromImage = miniconda-dockerhub; runAsRoot = let - entrypoint = pkgs.writeScriptBin "entrypoint.sh" '' - #!/bin/bash - conda install -c conda-forge ${packages} \ - jupyterlab + cont-interpreter = "/bin/bash"; + useradd-string = (user: hashed-pw: is-admin: ''useradd \ + ${if is-admin then "-aG ${jupyterAdminGroup}" else ""} \ + -p ${hashed-pw} \ + ${user}''); - jupyter-lab --ip=${bind-ip} --port=${toString bind-port} --no-browser --allow-root + create-all-users-script = pkgs.writeScriptBin "create-users" + (lib.strings.concatStringsSep "\n" (builtins.map (u: (useradd-string u.username u.hashedPassword u.isAdmin)) jupyterUsers)); + # (lib.foldl + # (script: u: lib.strings.concatStringsSep "\n" script (useradd-string u.username u.hashedPassword u.isAdmin)) '''' + # jupyterUsers); + + jupyterhub-config = pkgs.writeText "jupyterhub-config.py" '' + c = get_config() + + c.PAMAuthenticator.admin_groups = {'${jupyterAdminGroup}'} + + c.Spawner.notebook_dir='/workdir' + c.Spawner.default_url='/lab' + ''; + + entrypoint = pkgs.writeScriptBin "entrypoint.sh" '' + #!${cont-interpreter} + set -ex + + # Update the System + apt update -y + apt dist-upgrade -y + + # create jupyter group + groupadd ${jupyterAdminGroup} + + # create all the users + ${create-all-users-script}/bin/create-users + + # install the python environ + conda install -c conda-forge ${packages} \ + jupyterlab \ + jupyterhub + + # off to the races + jupyterhub --ip=${bind-ip} --port=${toString bind-port} -f /jupyterhub-config.py ''; in '' #!${pkgs.runtimeShell} mkdir -p /workdir + cp ${jupyterhub-config} /jupyterhub-config.py cp ${entrypoint}/bin/entrypoint.sh /entrypoint.sh ''; config = { diff --git a/hosts/uranus/stateful-jupyter.nix b/hosts/uranus/stateful-jupyter.nix index 19dce65..16744a1 100644 --- a/hosts/uranus/stateful-jupyter.nix +++ b/hosts/uranus/stateful-jupyter.nix @@ -18,10 +18,11 @@ volumes = [ "/var/lib/jupyter-volume:/workdir" "/var/lib/root-home:/root" + # "/var/lib/conda-persist:/opt/conda" ]; imageFile = let - package-string = lib.concatStringsSep " " [ + packages = lib.concatStringsSep " " [ # alphabetically `:sort`ed plz "geojson" "matplotlib" @@ -33,10 +34,16 @@ "seaborn" "bitstring" ]; + jupyterUsers = [ + { + username = "0xa"; + hashedPassword = "$y$j9T$vXyoscuYL2CUGnSXLBpw51$4TH60t.zpNwkb23jt/oEZSJDLxGaSni54sJxn1TXDfA"; # just a test, plz ignore + isAdmin = true; + } + ]; in (import ./jupyter-container.nix { - inherit pkgs; - packages = package-string; + inherit pkgs lib jupyterUsers packages; }); image = "stateful-jupyterlab"; }; From 5dec39fc363d932ffb0ea4cbd1ece298b2d2caef Mon Sep 17 00:00:00 2001 From: Grigory Shipunov Date: Fri, 9 Jun 2023 19:51:33 +0200 Subject: [PATCH 05/63] fix typo in useradd string --- hosts/uranus/jupyter-container.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/uranus/jupyter-container.nix b/hosts/uranus/jupyter-container.nix index f3412a8..cc9dbad 100644 --- a/hosts/uranus/jupyter-container.nix +++ b/hosts/uranus/jupyter-container.nix @@ -25,7 +25,7 @@ pkgs.dockerTools.buildImage { let cont-interpreter = "/bin/bash"; useradd-string = (user: hashed-pw: is-admin: ''useradd \ - ${if is-admin then "-aG ${jupyterAdminGroup}" else ""} \ + ${if is-admin then "-G ${jupyterAdminGroup}" else ""} \ -p ${hashed-pw} \ ${user}''); From 5904400a2be216546f095d06612ec8c760a017fb Mon Sep 17 00:00:00 2001 From: Grigory Shipunov Date: Fri, 9 Jun 2023 20:05:13 +0200 Subject: [PATCH 06/63] paste useradd strings directly to the entrypoint --- hosts/uranus/jupyter-container.nix | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/hosts/uranus/jupyter-container.nix b/hosts/uranus/jupyter-container.nix index cc9dbad..943b2ff 100644 --- a/hosts/uranus/jupyter-container.nix +++ b/hosts/uranus/jupyter-container.nix @@ -29,12 +29,7 @@ pkgs.dockerTools.buildImage { -p ${hashed-pw} \ ${user}''); - create-all-users-script = pkgs.writeScriptBin "create-users" - (lib.strings.concatStringsSep "\n" (builtins.map (u: (useradd-string u.username u.hashedPassword u.isAdmin)) jupyterUsers)); - # (lib.foldl - # (script: u: lib.strings.concatStringsSep "\n" script (useradd-string u.username u.hashedPassword u.isAdmin)) '''' - # jupyterUsers); - + create-all-users-script = (lib.strings.concatStringsSep "\n" (builtins.map (u: (useradd-string u.username u.hashedPassword u.isAdmin)) jupyterUsers)); jupyterhub-config = pkgs.writeText "jupyterhub-config.py" '' c = get_config() @@ -56,7 +51,7 @@ pkgs.dockerTools.buildImage { groupadd ${jupyterAdminGroup} # create all the users - ${create-all-users-script}/bin/create-users + ${create-all-users-script} # install the python environ conda install -c conda-forge ${packages} \ From 31bc46aec3d99a444eca7d4855102e0d1a26fd2a Mon Sep 17 00:00:00 2001 From: Grigory Shipunov Date: Fri, 9 Jun 2023 20:22:52 +0200 Subject: [PATCH 07/63] use mamba, cause conda's slow piece of shit --- hosts/uranus/jupyter-container.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/hosts/uranus/jupyter-container.nix b/hosts/uranus/jupyter-container.nix index 943b2ff..8e54483 100644 --- a/hosts/uranus/jupyter-container.nix +++ b/hosts/uranus/jupyter-container.nix @@ -54,7 +54,9 @@ pkgs.dockerTools.buildImage { ${create-all-users-script} # install the python environ - conda install -c conda-forge ${packages} \ + conda install -c conda-forge mamba + + mamba install -c conda-forge ${packages} \ jupyterlab \ jupyterhub From b9f640b20e1587c8a158ee86aec3c0adbb555cbc Mon Sep 17 00:00:00 2001 From: Grigory Shipunov Date: Fri, 9 Jun 2023 20:33:11 +0200 Subject: [PATCH 08/63] fix the pw --- hosts/uranus/stateful-jupyter.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/uranus/stateful-jupyter.nix b/hosts/uranus/stateful-jupyter.nix index 16744a1..027b3b8 100644 --- a/hosts/uranus/stateful-jupyter.nix +++ b/hosts/uranus/stateful-jupyter.nix @@ -37,7 +37,7 @@ jupyterUsers = [ { username = "0xa"; - hashedPassword = "$y$j9T$vXyoscuYL2CUGnSXLBpw51$4TH60t.zpNwkb23jt/oEZSJDLxGaSni54sJxn1TXDfA"; # just a test, plz ignore + hashedPassword = "$y$j9T$yYVuPTQIOi3H1v2j.LErS0$TdAMvAYVhUITt6x9Im3oi5A5Q3cwZxuLANAdPEsykg7"; # just a test, plz ignore isAdmin = true; } ]; From fdc09dabc186785d79129e2ae0c35f6f3b48de17 Mon Sep 17 00:00:00 2001 From: Grigory Shipunov Date: Fri, 9 Jun 2023 20:43:38 +0200 Subject: [PATCH 09/63] escape the password --- hosts/uranus/stateful-jupyter.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/uranus/stateful-jupyter.nix b/hosts/uranus/stateful-jupyter.nix index 027b3b8..5e9180c 100644 --- a/hosts/uranus/stateful-jupyter.nix +++ b/hosts/uranus/stateful-jupyter.nix @@ -37,7 +37,7 @@ jupyterUsers = [ { username = "0xa"; - hashedPassword = "$y$j9T$yYVuPTQIOi3H1v2j.LErS0$TdAMvAYVhUITt6x9Im3oi5A5Q3cwZxuLANAdPEsykg7"; # just a test, plz ignore + hashedPassword = (lib.strings.escapeShellArg "$y$j9T$yYVuPTQIOi3H1v2j.LErS0$TdAMvAYVhUITt6x9Im3oi5A5Q3cwZxuLANAdPEsykg7"); # just a test, plz ignore isAdmin = true; } ]; From c43a076a320a8b7be02151a49ec1b2714821aed9 Mon Sep 17 00:00:00 2001 From: Grigory Shipunov Date: Fri, 9 Jun 2023 21:18:26 +0200 Subject: [PATCH 10/63] create homedir for users --- hosts/uranus/jupyter-container.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/uranus/jupyter-container.nix b/hosts/uranus/jupyter-container.nix index 8e54483..ee824d7 100644 --- a/hosts/uranus/jupyter-container.nix +++ b/hosts/uranus/jupyter-container.nix @@ -25,6 +25,7 @@ pkgs.dockerTools.buildImage { let cont-interpreter = "/bin/bash"; useradd-string = (user: hashed-pw: is-admin: ''useradd \ + -m \ ${if is-admin then "-G ${jupyterAdminGroup}" else ""} \ -p ${hashed-pw} \ ${user}''); From 1be6a645868d2eefab18512b1af008a113489b3e Mon Sep 17 00:00:00 2001 From: Grigory Shipunov Date: Fri, 9 Jun 2023 21:44:26 +0200 Subject: [PATCH 11/63] link shared workdir to users' home --- hosts/uranus/jupyter-container.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/hosts/uranus/jupyter-container.nix b/hosts/uranus/jupyter-container.nix index ee824d7..6003670 100644 --- a/hosts/uranus/jupyter-container.nix +++ b/hosts/uranus/jupyter-container.nix @@ -28,7 +28,7 @@ pkgs.dockerTools.buildImage { -m \ ${if is-admin then "-G ${jupyterAdminGroup}" else ""} \ -p ${hashed-pw} \ - ${user}''); + ${user} && ln -s /workdir /home/${user}/shared-workdir''); create-all-users-script = (lib.strings.concatStringsSep "\n" (builtins.map (u: (useradd-string u.username u.hashedPassword u.isAdmin)) jupyterUsers)); jupyterhub-config = pkgs.writeText "jupyterhub-config.py" '' @@ -68,6 +68,8 @@ pkgs.dockerTools.buildImage { '' #!${pkgs.runtimeShell} mkdir -p /workdir + chown root:${jupyterAdminGroup} /workdir + chmod g+rwx /workdir cp ${jupyterhub-config} /jupyterhub-config.py cp ${entrypoint}/bin/entrypoint.sh /entrypoint.sh ''; From 8b630c78315f4c823d2f961eae247aaff9296f7b Mon Sep 17 00:00:00 2001 From: Grigory Shipunov Date: Fri, 9 Jun 2023 21:47:00 +0200 Subject: [PATCH 12/63] create jupyter group in entrypoint --- hosts/uranus/jupyter-container.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hosts/uranus/jupyter-container.nix b/hosts/uranus/jupyter-container.nix index 6003670..29a6095 100644 --- a/hosts/uranus/jupyter-container.nix +++ b/hosts/uranus/jupyter-container.nix @@ -50,6 +50,8 @@ pkgs.dockerTools.buildImage { # create jupyter group groupadd ${jupyterAdminGroup} + chown root:${jupyterAdminGroup} /workdir + chmod g+rwx /workdir # create all the users ${create-all-users-script} @@ -68,8 +70,6 @@ pkgs.dockerTools.buildImage { '' #!${pkgs.runtimeShell} mkdir -p /workdir - chown root:${jupyterAdminGroup} /workdir - chmod g+rwx /workdir cp ${jupyterhub-config} /jupyterhub-config.py cp ${entrypoint}/bin/entrypoint.sh /entrypoint.sh ''; From d3ee8a65259e1794dfd7246c33f800d9868db4bd Mon Sep 17 00:00:00 2001 From: Grigory Shipunov Date: Fri, 9 Jun 2023 22:32:39 +0200 Subject: [PATCH 13/63] proper secrets handling --- hosts/uranus/jupyter-container.nix | 24 ++++++++++++++++++++---- hosts/uranus/stateful-jupyter.nix | 20 ++++++++++++-------- secrets/uranus/secrets.yaml | 5 +++-- 3 files changed, 35 insertions(+), 14 deletions(-) diff --git a/hosts/uranus/jupyter-container.nix b/hosts/uranus/jupyter-container.nix index 29a6095..fa6bbc2 100644 --- a/hosts/uranus/jupyter-container.nix +++ b/hosts/uranus/jupyter-container.nix @@ -24,13 +24,15 @@ pkgs.dockerTools.buildImage { runAsRoot = let cont-interpreter = "/bin/bash"; - useradd-string = (user: hashed-pw: is-admin: ''useradd \ + useradd-string = (user: is-admin: ''useradd \ -m \ ${if is-admin then "-G ${jupyterAdminGroup}" else ""} \ - -p ${hashed-pw} \ - ${user} && ln -s /workdir /home/${user}/shared-workdir''); + ${user} \ + -p $(cat /pw/hashed-password-${user}) \ + && ln -s /workdir /home/${user}/shared-workdir \ + ''); - create-all-users-script = (lib.strings.concatStringsSep "\n" (builtins.map (u: (useradd-string u.username u.hashedPassword u.isAdmin)) jupyterUsers)); + create-all-users-script = (lib.strings.concatStringsSep "\n" (builtins.map (u: (useradd-string u.username u.isAdmin)) jupyterUsers)); jupyterhub-config = pkgs.writeText "jupyterhub-config.py" '' c = get_config() @@ -40,6 +42,8 @@ pkgs.dockerTools.buildImage { c.Spawner.default_url='/lab' ''; + copy-passwords = lib.concatStringsSep "\n" (builtins.map (u: "cp ${u.userPasswordFile} /pw/") jupyterUsers); + entrypoint = pkgs.writeScriptBin "entrypoint.sh" '' #!${cont-interpreter} set -ex @@ -56,6 +60,9 @@ pkgs.dockerTools.buildImage { # create all the users ${create-all-users-script} + # remove supplied passwords + rm -r /pw + # install the python environ conda install -c conda-forge mamba @@ -63,6 +70,7 @@ pkgs.dockerTools.buildImage { jupyterlab \ jupyterhub + # off to the races jupyterhub --ip=${bind-ip} --port=${toString bind-port} -f /jupyterhub-config.py ''; @@ -70,6 +78,14 @@ pkgs.dockerTools.buildImage { '' #!${pkgs.runtimeShell} mkdir -p /workdir + + # make temp store for pw hashes + mkdir -p /pw + + ${copy-passwords} + + # populate with temp pw's + cp ${jupyterhub-config} /jupyterhub-config.py cp ${entrypoint}/bin/entrypoint.sh /entrypoint.sh ''; diff --git a/hosts/uranus/stateful-jupyter.nix b/hosts/uranus/stateful-jupyter.nix index 5e9180c..37b925b 100644 --- a/hosts/uranus/stateful-jupyter.nix +++ b/hosts/uranus/stateful-jupyter.nix @@ -1,5 +1,16 @@ -{ pkgs, lib, ... }: +{ pkgs, config, lib, ... }: +let + jupyterUsers = [ + { + username = "0xa"; + userPasswordFile = config.sops.secrets.hashed-password-0xa.path; + isAdmin = true; + } + ]; +in { + sops.secrets.hashed-password-0xa = { }; + virtualisation.docker = { enable = true; # magic from marenz to make it work on ceph @@ -34,13 +45,6 @@ "seaborn" "bitstring" ]; - jupyterUsers = [ - { - username = "0xa"; - hashedPassword = (lib.strings.escapeShellArg "$y$j9T$yYVuPTQIOi3H1v2j.LErS0$TdAMvAYVhUITt6x9Im3oi5A5Q3cwZxuLANAdPEsykg7"); # just a test, plz ignore - isAdmin = true; - } - ]; in (import ./jupyter-container.nix { inherit pkgs lib jupyterUsers packages; diff --git a/secrets/uranus/secrets.yaml b/secrets/uranus/secrets.yaml index 132af14..d4f7953 100644 --- a/secrets/uranus/secrets.yaml +++ b/secrets/uranus/secrets.yaml @@ -1,4 +1,5 @@ wg-seckey: ENC[AES256_GCM,data:mUFBjQpHC0Flpyw82lXUInLVm0TJW1wB51evA7hXiit7JcK4z/HCyD5UGQU=,iv:O2/UP+WjCmasU6kP/58B1zXL0XAmzUOcM/1ONE31+/o=,tag:ObN6viKQm7ghuXKVeUydjg==,type:str] +hashed-password-0xa: ENC[AES256_GCM,data:Tofb7PL5/fZHSLx/nN0o+6w7f0lfITQXoAV4Pu7JGzADi+vY9rfuOLzDapHh82bz1d3vbzPGECzpvYN6Bp/UMHivou0JD5ozIQ==,iv:7bPTP84NcwPCsIZaxBNinIcmewf+pWW5U21OTO1WGeY=,tag:ohaDbKZuXDhq9YBg/8wu/A==,type:str] sops: kms: [] gcp_kms: [] @@ -14,8 +15,8 @@ sops: YVFMQ3pZYS9oM3RERDg4NHA1OHRoUEkKYIKvmU6cMiWqrDASPeDZAs3jHOn41onU YtnMpjNQncMbvzDjuijjsCusgxL1DOEWvkg5xn8u4yGhguV6hEW4mQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-05-30T13:44:49Z" - mac: ENC[AES256_GCM,data:iLT8KrlibgljBzhZAFEdlKs/+c0XjxFkCHchjuO9dQJb576HpFsQj6LD5opWPAizdhRG0IniP1g9lUTrpE9Wb/XmQWIuVAJGpCiIWaFM0ENZ5fEcZDoWkBNJVmELe4M7yffD1N1EYffd0uwjyzHoPgEnFC8GrNMeBZdCuu08tR8=,iv:clpxUJLj8o4FRTW9oBxxnU23MYBvRDhxW9df85n4/AM=,tag:abTl8mvDRRknDHbP+01ZKg==,type:str] + lastmodified: "2023-06-09T19:55:59Z" + mac: ENC[AES256_GCM,data:bfKlWBfls2ILfH3HH6LY1GhB6AqTkhiI+RJKk1ReKnDJrcneVzDLYiLfUX0HvMmIWPlxVj4RyGjD63sLD0cG6x5pU+EwPJjuNIsEfp/QVE4yCwpiqeprjwie/jH69Hb4L5rWLFmebZ4x9Lu1mB3YZqa0icdhmhc9U/+i3WFoKjA=,iv:xVSaTkBNbsL8Gn8RPZ1Zg6M6E4Hw6t0DZ+4XJHEOKf8=,tag:QqHPBKRQnZWjy6pst9YC7A==,type:str] pgp: - created_at: "2023-05-30T14:29:01Z" enc: |- From 86ecdf2a4f92c1daec5adfb6b3bed11144a37587 Mon Sep 17 00:00:00 2001 From: Grigory Shipunov Date: Fri, 9 Jun 2023 22:39:38 +0200 Subject: [PATCH 14/63] link sops secrets through the volume --- hosts/uranus/jupyter-container.nix | 9 --------- hosts/uranus/stateful-jupyter.nix | 6 ++++-- 2 files changed, 4 insertions(+), 11 deletions(-) diff --git a/hosts/uranus/jupyter-container.nix b/hosts/uranus/jupyter-container.nix index fa6bbc2..4def45f 100644 --- a/hosts/uranus/jupyter-container.nix +++ b/hosts/uranus/jupyter-container.nix @@ -42,8 +42,6 @@ pkgs.dockerTools.buildImage { c.Spawner.default_url='/lab' ''; - copy-passwords = lib.concatStringsSep "\n" (builtins.map (u: "cp ${u.userPasswordFile} /pw/") jupyterUsers); - entrypoint = pkgs.writeScriptBin "entrypoint.sh" '' #!${cont-interpreter} set -ex @@ -60,9 +58,6 @@ pkgs.dockerTools.buildImage { # create all the users ${create-all-users-script} - # remove supplied passwords - rm -r /pw - # install the python environ conda install -c conda-forge mamba @@ -82,10 +77,6 @@ pkgs.dockerTools.buildImage { # make temp store for pw hashes mkdir -p /pw - ${copy-passwords} - - # populate with temp pw's - cp ${jupyterhub-config} /jupyterhub-config.py cp ${entrypoint}/bin/entrypoint.sh /entrypoint.sh ''; diff --git a/hosts/uranus/stateful-jupyter.nix b/hosts/uranus/stateful-jupyter.nix index 37b925b..cb788d8 100644 --- a/hosts/uranus/stateful-jupyter.nix +++ b/hosts/uranus/stateful-jupyter.nix @@ -9,7 +9,9 @@ let ]; in { - sops.secrets.hashed-password-0xa = { }; + sops.secrets.hashed-password-0xa = { + path = "/var/lib/pw/hashed-password-0xa"; + }; virtualisation.docker = { enable = true; @@ -29,7 +31,7 @@ in volumes = [ "/var/lib/jupyter-volume:/workdir" "/var/lib/root-home:/root" - # "/var/lib/conda-persist:/opt/conda" + "/var/lib/pw:/pw" ]; imageFile = let From a848059fbc170986641f959ddb32874b8f884241 Mon Sep 17 00:00:00 2001 From: Grigory Shipunov Date: Fri, 9 Jun 2023 22:45:03 +0200 Subject: [PATCH 15/63] properly escape the password --- hosts/uranus/jupyter-container.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/uranus/jupyter-container.nix b/hosts/uranus/jupyter-container.nix index 4def45f..64b0efa 100644 --- a/hosts/uranus/jupyter-container.nix +++ b/hosts/uranus/jupyter-container.nix @@ -27,8 +27,8 @@ pkgs.dockerTools.buildImage { useradd-string = (user: is-admin: ''useradd \ -m \ ${if is-admin then "-G ${jupyterAdminGroup}" else ""} \ + -p $(printf "%q" $(cat /pw/hashed-password-${user})) \ ${user} \ - -p $(cat /pw/hashed-password-${user}) \ && ln -s /workdir /home/${user}/shared-workdir \ ''); From c4f727b4a8eec61767ecc6bb80b22bc6f1378068 Mon Sep 17 00:00:00 2001 From: Grigory Shipunov Date: Fri, 9 Jun 2023 23:37:18 +0200 Subject: [PATCH 16/63] copy passwords to the volume --- hosts/uranus/stateful-jupyter.nix | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/hosts/uranus/stateful-jupyter.nix b/hosts/uranus/stateful-jupyter.nix index cb788d8..0a7c3d3 100644 --- a/hosts/uranus/stateful-jupyter.nix +++ b/hosts/uranus/stateful-jupyter.nix @@ -7,11 +7,12 @@ let isAdmin = true; } ]; + + # move the secrets to the volume + secret-setup = (lib.strings.concatStringsSep "\n" (builtins.map (u: "cp ${u.userPasswordFile} /var/lib/pw/") jupyterUsers)); in { - sops.secrets.hashed-password-0xa = { - path = "/var/lib/pw/hashed-password-0xa"; - }; + sops.secrets.hashed-password-0xa = { }; virtualisation.docker = { enable = true; @@ -55,4 +56,11 @@ in }; }; + systemd.services.setup-docker-pws = { + description = "copy the user passwords to docker volume"; + wantedBy = [ "jupyterlab-stateful.service" ]; + serviceConfig.type = "oneshot"; + script = secret-setup; + }; + } From 7cc2ec4b33b328c8b6ac757af586cb0e7f12b0b4 Mon Sep 17 00:00:00 2001 From: Grigory Shipunov Date: Sat, 10 Jun 2023 13:22:10 +0200 Subject: [PATCH 17/63] dereference links to password hashes --- hosts/uranus/stateful-jupyter.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/uranus/stateful-jupyter.nix b/hosts/uranus/stateful-jupyter.nix index 0a7c3d3..70d4fd5 100644 --- a/hosts/uranus/stateful-jupyter.nix +++ b/hosts/uranus/stateful-jupyter.nix @@ -9,7 +9,7 @@ let ]; # move the secrets to the volume - secret-setup = (lib.strings.concatStringsSep "\n" (builtins.map (u: "cp ${u.userPasswordFile} /var/lib/pw/") jupyterUsers)); + secret-setup = (lib.strings.concatStringsSep "\n" (builtins.map (u: "cp --dereference ${u.userPasswordFile} /var/lib/pw/") jupyterUsers)); in { sops.secrets.hashed-password-0xa = { }; From 3c8f1352b9fa54bbdf294ca5581372a8ba361fff Mon Sep 17 00:00:00 2001 From: Grigory Shipunov Date: Sat, 10 Jun 2023 13:43:46 +0200 Subject: [PATCH 18/63] force pw update --- hosts/uranus/stateful-jupyter.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/uranus/stateful-jupyter.nix b/hosts/uranus/stateful-jupyter.nix index 70d4fd5..dcd25b6 100644 --- a/hosts/uranus/stateful-jupyter.nix +++ b/hosts/uranus/stateful-jupyter.nix @@ -9,7 +9,7 @@ let ]; # move the secrets to the volume - secret-setup = (lib.strings.concatStringsSep "\n" (builtins.map (u: "cp --dereference ${u.userPasswordFile} /var/lib/pw/") jupyterUsers)); + secret-setup = (lib.strings.concatStringsSep "\n" (builtins.map (u: "cp --force --dereference ${u.userPasswordFile} /var/lib/pw/") jupyterUsers)); in { sops.secrets.hashed-password-0xa = { }; From 82c8ac9551a68cbf6cbca926e6a990eb3d41bf94 Mon Sep 17 00:00:00 2001 From: Grigory Shipunov Date: Sat, 10 Jun 2023 13:48:29 +0200 Subject: [PATCH 19/63] fix typo --- hosts/uranus/stateful-jupyter.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/uranus/stateful-jupyter.nix b/hosts/uranus/stateful-jupyter.nix index dcd25b6..78a4dc9 100644 --- a/hosts/uranus/stateful-jupyter.nix +++ b/hosts/uranus/stateful-jupyter.nix @@ -59,7 +59,7 @@ in systemd.services.setup-docker-pws = { description = "copy the user passwords to docker volume"; wantedBy = [ "jupyterlab-stateful.service" ]; - serviceConfig.type = "oneshot"; + serviceConfig.Type = "oneshot"; script = secret-setup; }; From bd4f5fb87a6af02ab71977f717ec9347d55410ed Mon Sep 17 00:00:00 2001 From: Grigory Shipunov Date: Sat, 10 Jun 2023 18:07:06 +0200 Subject: [PATCH 20/63] don't escape the pw --- hosts/uranus/jupyter-container.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/uranus/jupyter-container.nix b/hosts/uranus/jupyter-container.nix index 64b0efa..14237c3 100644 --- a/hosts/uranus/jupyter-container.nix +++ b/hosts/uranus/jupyter-container.nix @@ -27,7 +27,7 @@ pkgs.dockerTools.buildImage { useradd-string = (user: is-admin: ''useradd \ -m \ ${if is-admin then "-G ${jupyterAdminGroup}" else ""} \ - -p $(printf "%q" $(cat /pw/hashed-password-${user})) \ + -p $(cat /pw/hashed-password-${user}) \ ${user} \ && ln -s /workdir /home/${user}/shared-workdir \ ''); From d119a7d93c7fdd2683e846051ce318c6df893818 Mon Sep 17 00:00:00 2001 From: Grigory Shipunov Date: Sat, 10 Jun 2023 19:09:06 +0200 Subject: [PATCH 21/63] nix flake update --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 191ccfa..f0208a7 100644 --- a/flake.lock +++ b/flake.lock @@ -412,11 +412,11 @@ ] }, "locked": { - "lastModified": 1683915762, - "narHash": "sha256-FNiZ2qRgkcqFVhNSREL7Y+PDat5R5EqVPqaJmnfIl1w=", + "lastModified": 1686382536, + "narHash": "sha256-2MDWrNByoeyV5xuiPcr4Mmij4pzv7cNh3akXvBBGnEs=", "owner": "tlm-solutions", "repo": "kindergarten", - "rev": "e9beec3024175db0a9526026e0d8b9f57e865d13", + "rev": "581f43034082deb82c2454bb490cf900625d0741", "type": "github" }, "original": { @@ -617,11 +617,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1686059680, - "narHash": "sha256-sp0WlCIeVczzB0G8f8iyRg3IYW7KG31mI66z7HIZwrI=", + "lastModified": 1686331006, + "narHash": "sha256-hElRDWUNG655aqF0awu+h5cmDN+I/dQcChRt2tGuGGU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a558f7ac29f50c4b937fb5c102f587678ae1c9fb", + "rev": "85bcb95aa83be667e562e781e9d186c57a07d757", "type": "github" }, "original": { From 57d182360bacf21e8874d9592d2bacfae5eac110 Mon Sep 17 00:00:00 2001 From: Grigory Shipunov Date: Sat, 10 Jun 2023 23:27:19 +0200 Subject: [PATCH 22/63] hard depend on passwords --- hosts/uranus/stateful-jupyter.nix | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/hosts/uranus/stateful-jupyter.nix b/hosts/uranus/stateful-jupyter.nix index 78a4dc9..f8e99f5 100644 --- a/hosts/uranus/stateful-jupyter.nix +++ b/hosts/uranus/stateful-jupyter.nix @@ -56,11 +56,20 @@ in }; }; - systemd.services.setup-docker-pws = { - description = "copy the user passwords to docker volume"; - wantedBy = [ "jupyterlab-stateful.service" ]; - serviceConfig.Type = "oneshot"; - script = secret-setup; + systemd.services = { + setup-docker-pws = { + description = "copy the user passwords to docker volume"; + wantedBy = [ "jupyterlab-stateful.service" ]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + }; + script = secret-setup; + }; + docker-jupyterlab-stateful = { + after = [ "setup-docker-pws" ]; + requires = [ "setup-docker-pws" ]; + }; }; } From 82d836e587921bc7a4d1cb9b7ef3b782d4e383fe Mon Sep 17 00:00:00 2001 From: Grigory Shipunov Date: Sat, 10 Jun 2023 23:28:49 +0200 Subject: [PATCH 23/63] forgot the ".service" --- hosts/uranus/stateful-jupyter.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hosts/uranus/stateful-jupyter.nix b/hosts/uranus/stateful-jupyter.nix index f8e99f5..c066a18 100644 --- a/hosts/uranus/stateful-jupyter.nix +++ b/hosts/uranus/stateful-jupyter.nix @@ -67,8 +67,8 @@ in script = secret-setup; }; docker-jupyterlab-stateful = { - after = [ "setup-docker-pws" ]; - requires = [ "setup-docker-pws" ]; + after = [ "setup-docker-pws.service" ]; + requires = [ "setup-docker-pws.service" ]; }; }; From c234646204134363fffe85106139e00ffdf42d0e Mon Sep 17 00:00:00 2001 From: Grigory Shipunov Date: Sat, 10 Jun 2023 23:35:13 +0200 Subject: [PATCH 24/63] add users --- hosts/uranus/stateful-jupyter.nix | 16 +++++++++++++++- secrets/uranus/secrets.yaml | 6 ++++-- 2 files changed, 19 insertions(+), 3 deletions(-) diff --git a/hosts/uranus/stateful-jupyter.nix b/hosts/uranus/stateful-jupyter.nix index c066a18..41440c3 100644 --- a/hosts/uranus/stateful-jupyter.nix +++ b/hosts/uranus/stateful-jupyter.nix @@ -6,13 +6,27 @@ let userPasswordFile = config.sops.secrets.hashed-password-0xa.path; isAdmin = true; } + { + username = "tassilo"; + userPasswordFile = config.sops.secrets.hashed-password-tassilo.path; + isAdmin = true; + } + { + username = "marenz"; + userPasswordFile = config.sops.secrets.hashed-password-marenz.path; + isAdmin = true; + } ]; # move the secrets to the volume secret-setup = (lib.strings.concatStringsSep "\n" (builtins.map (u: "cp --force --dereference ${u.userPasswordFile} /var/lib/pw/") jupyterUsers)); in { - sops.secrets.hashed-password-0xa = { }; + sops.secrets = { + hashed-password-0xa = { }; + hashed-password-tassilo = { }; + hashed-password-marenz = { }; + }; virtualisation.docker = { enable = true; diff --git a/secrets/uranus/secrets.yaml b/secrets/uranus/secrets.yaml index d4f7953..48bdab4 100644 --- a/secrets/uranus/secrets.yaml +++ b/secrets/uranus/secrets.yaml @@ -1,5 +1,7 @@ wg-seckey: ENC[AES256_GCM,data:mUFBjQpHC0Flpyw82lXUInLVm0TJW1wB51evA7hXiit7JcK4z/HCyD5UGQU=,iv:O2/UP+WjCmasU6kP/58B1zXL0XAmzUOcM/1ONE31+/o=,tag:ObN6viKQm7ghuXKVeUydjg==,type:str] hashed-password-0xa: ENC[AES256_GCM,data:Tofb7PL5/fZHSLx/nN0o+6w7f0lfITQXoAV4Pu7JGzADi+vY9rfuOLzDapHh82bz1d3vbzPGECzpvYN6Bp/UMHivou0JD5ozIQ==,iv:7bPTP84NcwPCsIZaxBNinIcmewf+pWW5U21OTO1WGeY=,tag:ohaDbKZuXDhq9YBg/8wu/A==,type:str] +hashed-password-tassilo: ENC[AES256_GCM,data:z3DD3ZMGjPdNPLRRY3mfdrJzEIizdSV0RnFAI2m+KjHPybtT3araf2bc/zt6iPMcFC1OvJhvm31jCTorZLKT6bknxnIAu2EKHw==,iv:9twbZWdVpQFKqop9dpnoNpZ7jOQp9LluSffZAQXMTd8=,tag:oVMBdTNZfgqbDdrNIFexmA==,type:str] +hashed-password-marenz: ENC[AES256_GCM,data:+7Exam93GwUmUkzYOta39d83+8FaQzIbfq4Z+PIoCEwomn6W5Qa7LHKATovKwq5sZVnPJ6jSQ0ruxjmbG9/FykaKxXKGeCv9xQ==,iv:aqibnzdlRkA7sruGIlENspEUQYlo+QVOdANRmAeMYWM=,tag:G1K14+1QmlkP0njB56seUw==,type:str] sops: kms: [] gcp_kms: [] @@ -15,8 +17,8 @@ sops: YVFMQ3pZYS9oM3RERDg4NHA1OHRoUEkKYIKvmU6cMiWqrDASPeDZAs3jHOn41onU YtnMpjNQncMbvzDjuijjsCusgxL1DOEWvkg5xn8u4yGhguV6hEW4mQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-06-09T19:55:59Z" - mac: ENC[AES256_GCM,data:bfKlWBfls2ILfH3HH6LY1GhB6AqTkhiI+RJKk1ReKnDJrcneVzDLYiLfUX0HvMmIWPlxVj4RyGjD63sLD0cG6x5pU+EwPJjuNIsEfp/QVE4yCwpiqeprjwie/jH69Hb4L5rWLFmebZ4x9Lu1mB3YZqa0icdhmhc9U/+i3WFoKjA=,iv:xVSaTkBNbsL8Gn8RPZ1Zg6M6E4Hw6t0DZ+4XJHEOKf8=,tag:QqHPBKRQnZWjy6pst9YC7A==,type:str] + lastmodified: "2023-06-10T21:35:03Z" + mac: ENC[AES256_GCM,data:ESL2J916TklAXe7Lpdh1sn3mhHuNiBZ7xq4KAwn2nV1nErRRPcaA/U3Qf+nY5x95DdIkrDBpGx+rC4LAgs5FBx/lZNYgiuFCJuF6U1ZfaOhIQEatZ/isZ8xa88ENL3rrAQuU17HGfAu3FxseGRGiJ44cR4RHLzjWz87//Sx9Xkk=,iv:erdyt4i5ndRC/QGi2RMl34WKojFEjAPGmKzd7o3dYrY=,tag:J/5A8lvrFvdqNtnYFB62EQ==,type:str] pgp: - created_at: "2023-05-30T14:29:01Z" enc: |- From 9a5ff36f178f665f4a0483e248d6c05527140929 Mon Sep 17 00:00:00 2001 From: Grigory Shipunov Date: Sat, 10 Jun 2023 23:46:51 +0200 Subject: [PATCH 25/63] persist user homes --- hosts/uranus/stateful-jupyter.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/uranus/stateful-jupyter.nix b/hosts/uranus/stateful-jupyter.nix index 41440c3..e87bd95 100644 --- a/hosts/uranus/stateful-jupyter.nix +++ b/hosts/uranus/stateful-jupyter.nix @@ -47,7 +47,7 @@ in "/var/lib/jupyter-volume:/workdir" "/var/lib/root-home:/root" "/var/lib/pw:/pw" - ]; + ] ++ builtins.map (u: "/var/lib/${u.username}-home:/home/${u.username}") jupyterUsers; imageFile = let packages = lib.concatStringsSep " " [ From ef0f6cc5e05c1e5949c38f916864a0cec1139639 Mon Sep 17 00:00:00 2001 From: Grigory Shipunov Date: Sat, 10 Jun 2023 23:58:16 +0200 Subject: [PATCH 26/63] preserve the whole home folder --- hosts/uranus/stateful-jupyter.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/hosts/uranus/stateful-jupyter.nix b/hosts/uranus/stateful-jupyter.nix index e87bd95..ca8bebe 100644 --- a/hosts/uranus/stateful-jupyter.nix +++ b/hosts/uranus/stateful-jupyter.nix @@ -47,7 +47,8 @@ in "/var/lib/jupyter-volume:/workdir" "/var/lib/root-home:/root" "/var/lib/pw:/pw" - ] ++ builtins.map (u: "/var/lib/${u.username}-home:/home/${u.username}") jupyterUsers; + "/var/lib/users-home:/home" + ]; imageFile = let packages = lib.concatStringsSep " " [ From 4b0d698140372e35041679c4a166b85b69d489d5 Mon Sep 17 00:00:00 2001 From: Grigory Shipunov Date: Sun, 11 Jun 2023 00:42:03 +0200 Subject: [PATCH 27/63] force the linking and insure the proper access to home folder --- hosts/uranus/jupyter-container.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/hosts/uranus/jupyter-container.nix b/hosts/uranus/jupyter-container.nix index 14237c3..4d7d8fd 100644 --- a/hosts/uranus/jupyter-container.nix +++ b/hosts/uranus/jupyter-container.nix @@ -29,7 +29,8 @@ pkgs.dockerTools.buildImage { ${if is-admin then "-G ${jupyterAdminGroup}" else ""} \ -p $(cat /pw/hashed-password-${user}) \ ${user} \ - && ln -s /workdir /home/${user}/shared-workdir \ + && chown -R ${user}:${jupyterAdminGroup} /home/${user} \ + && ln --force -s /workdir /home/${user}/shared-workdir ''); create-all-users-script = (lib.strings.concatStringsSep "\n" (builtins.map (u: (useradd-string u.username u.isAdmin)) jupyterUsers)); From bba9c4886c37072d433b138514d5750d1051be47 Mon Sep 17 00:00:00 2001 From: Grigory Shipunov Date: Mon, 12 Jun 2023 23:39:37 +0200 Subject: [PATCH 28/63] remove dead code --- flake.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/flake.nix b/flake.nix index 3ea6a38..fac7b64 100644 --- a/flake.nix +++ b/flake.nix @@ -329,8 +329,6 @@ program = "${self.packages."x86_64-linux".test-vm-wrapper}"; }; - nixosModules."x86_64-linux".watch-me-senpai = import ./modules/watch-me-senpai; - hydraJobs = let get-toplevel = (host: nixSystem: nixSystem.config.microvm.declaredRunner or nixSystem.config.system.build.toplevel); From 4e99573af4e6fdb10711f0245a2115787363c06f Mon Sep 17 00:00:00 2001 From: Grigory Shipunov Date: Mon, 12 Jun 2023 23:40:22 +0200 Subject: [PATCH 29/63] do not leak hashed password to the logs --- hosts/uranus/jupyter-container.nix | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/hosts/uranus/jupyter-container.nix b/hosts/uranus/jupyter-container.nix index 4d7d8fd..a7b43cd 100644 --- a/hosts/uranus/jupyter-container.nix +++ b/hosts/uranus/jupyter-container.nix @@ -24,14 +24,18 @@ pkgs.dockerTools.buildImage { runAsRoot = let cont-interpreter = "/bin/bash"; - useradd-string = (user: is-admin: ''useradd \ - -m \ - ${if is-admin then "-G ${jupyterAdminGroup}" else ""} \ - -p $(cat /pw/hashed-password-${user}) \ - ${user} \ - && chown -R ${user}:${jupyterAdminGroup} /home/${user} \ - && ln --force -s /workdir /home/${user}/shared-workdir - ''); + useradd-string = (user: is-admin: '' + set +x # don't leak the hashed password + echo "creating user ${user}" + useradd \ + -m \ + ${if is-admin then "-G ${jupyterAdminGroup}" else ""} \ + -p $(cat /pw/hashed-password-${user}) \ + ${user} \ + && chown -R ${user}:${jupyterAdminGroup} /home/${user} \ + && ln --force -s /workdir /home/${user}/shared-workdir + set -x + ''); create-all-users-script = (lib.strings.concatStringsSep "\n" (builtins.map (u: (useradd-string u.username u.isAdmin)) jupyterUsers)); jupyterhub-config = pkgs.writeText "jupyterhub-config.py" '' From c6904879417fa2ad3a68d469fa4eec373015d90c Mon Sep 17 00:00:00 2001 From: Grigory Shipunov Date: Mon, 12 Jun 2023 23:40:57 +0200 Subject: [PATCH 30/63] chown workdir recurcively --- hosts/uranus/jupyter-container.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/uranus/jupyter-container.nix b/hosts/uranus/jupyter-container.nix index a7b43cd..5c365cf 100644 --- a/hosts/uranus/jupyter-container.nix +++ b/hosts/uranus/jupyter-container.nix @@ -58,7 +58,7 @@ pkgs.dockerTools.buildImage { # create jupyter group groupadd ${jupyterAdminGroup} chown root:${jupyterAdminGroup} /workdir - chmod g+rwx /workdir + chmod -R g+rwx /workdir # create all the users ${create-all-users-script} From 7fdd9f673e4870079afae6189cd7d1e300d42f8a Mon Sep 17 00:00:00 2001 From: Grigory Shipunov Date: Mon, 12 Jun 2023 23:41:16 +0200 Subject: [PATCH 31/63] nixpkgs-fmt --- hosts/uranus/jupyter-container.nix | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/hosts/uranus/jupyter-container.nix b/hosts/uranus/jupyter-container.nix index 5c365cf..f0508da 100644 --- a/hosts/uranus/jupyter-container.nix +++ b/hosts/uranus/jupyter-container.nix @@ -38,14 +38,14 @@ pkgs.dockerTools.buildImage { ''); create-all-users-script = (lib.strings.concatStringsSep "\n" (builtins.map (u: (useradd-string u.username u.isAdmin)) jupyterUsers)); - jupyterhub-config = pkgs.writeText "jupyterhub-config.py" '' - c = get_config() + jupyterhub-config = pkgs.writeText "jupyterhub-config.py" '' + c = get_config() - c.PAMAuthenticator.admin_groups = {'${jupyterAdminGroup}'} + c.PAMAuthenticator.admin_groups = {'${jupyterAdminGroup}'} - c.Spawner.notebook_dir='/workdir' - c.Spawner.default_url='/lab' - ''; + c.Spawner.notebook_dir='/workdir' + c.Spawner.default_url='/lab' + ''; entrypoint = pkgs.writeScriptBin "entrypoint.sh" '' #!${cont-interpreter} From 579d6eef47cf77b7c2b396dc2c40aec4bd5a354e Mon Sep 17 00:00:00 2001 From: Grigory Shipunov Date: Mon, 12 Jun 2023 23:59:05 +0200 Subject: [PATCH 32/63] make jupyter-admin group primary for user --- hosts/uranus/jupyter-container.nix | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/hosts/uranus/jupyter-container.nix b/hosts/uranus/jupyter-container.nix index f0508da..c52bae9 100644 --- a/hosts/uranus/jupyter-container.nix +++ b/hosts/uranus/jupyter-container.nix @@ -29,7 +29,8 @@ pkgs.dockerTools.buildImage { echo "creating user ${user}" useradd \ -m \ - ${if is-admin then "-G ${jupyterAdminGroup}" else ""} \ + ${if is-admin then "-g ${jupyterAdminGroup}" else ""} \ + -G wheel \ -p $(cat /pw/hashed-password-${user}) \ ${user} \ && chown -R ${user}:${jupyterAdminGroup} /home/${user} \ @@ -57,7 +58,7 @@ pkgs.dockerTools.buildImage { # create jupyter group groupadd ${jupyterAdminGroup} - chown root:${jupyterAdminGroup} /workdir + chown -R root:${jupyterAdminGroup} /workdir chmod -R g+rwx /workdir # create all the users From 3c4ed516d6029b52be61a92872d04549e18dccc4 Mon Sep 17 00:00:00 2001 From: Grigory Shipunov Date: Tue, 13 Jun 2023 00:10:49 +0200 Subject: [PATCH 33/63] no wheel by default in container --- hosts/uranus/jupyter-container.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/hosts/uranus/jupyter-container.nix b/hosts/uranus/jupyter-container.nix index c52bae9..9b3b12d 100644 --- a/hosts/uranus/jupyter-container.nix +++ b/hosts/uranus/jupyter-container.nix @@ -30,7 +30,6 @@ pkgs.dockerTools.buildImage { useradd \ -m \ ${if is-admin then "-g ${jupyterAdminGroup}" else ""} \ - -G wheel \ -p $(cat /pw/hashed-password-${user}) \ ${user} \ && chown -R ${user}:${jupyterAdminGroup} /home/${user} \ From e0d4150fc99a3d2f1d44c76505d5a21e2e37eab6 Mon Sep 17 00:00:00 2001 From: Grigory Shipunov Date: Wed, 14 Jun 2023 18:19:12 +0200 Subject: [PATCH 34/63] bump lock --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index f0208a7..582b39c 100644 --- a/flake.lock +++ b/flake.lock @@ -522,11 +522,11 @@ ] }, "locked": { - "lastModified": 1679567394, - "narHash": "sha256-ZvLuzPeARDLiQUt6zSZFGOs+HZmE+3g4QURc8mkBsfM=", + "lastModified": 1686572087, + "narHash": "sha256-jXTut7ZSYqLEgm/nTk7TuVL2ExahTip605bLINklAnQ=", "owner": "nix-community", "repo": "naersk", - "rev": "88cd22380154a2c36799fe8098888f0f59861a15", + "rev": "8507af04eb40c5520bd35d9ce6f9d2342cea5ad1", "type": "github" }, "original": { @@ -553,11 +553,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1685758009, - "narHash": "sha256-IT4Z5WGhafrq+xbDTyuKrRPRQ1f+kVOtE+4JU1CHFeo=", + "lastModified": 1686392259, + "narHash": "sha256-hqSS9hKhWldIZr1bBp9xKhIznnGPICGKzuehd2LH0UA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "eaf03591711b46d21abc7082a8ebee4681f9dbeb", + "rev": "ef24b2fa0c5f290a35064b847bc211f25cb85c88", "type": "github" }, "original": { @@ -617,11 +617,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1686331006, - "narHash": "sha256-hElRDWUNG655aqF0awu+h5cmDN+I/dQcChRt2tGuGGU=", + "lastModified": 1686513595, + "narHash": "sha256-H3JNqj7TEiMx5rd8lRiONvgFZvmf3kmwHI2umDdqgFY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "85bcb95aa83be667e562e781e9d186c57a07d757", + "rev": "bb8b5735d6f7e06b9ddd27de115b0600c1ffbdb4", "type": "github" }, "original": { @@ -793,11 +793,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1685848844, - "narHash": "sha256-Iury+/SVbAwLES76QJSiKFiQDzmf/8Hsq8j54WF2qyw=", + "lastModified": 1686453485, + "narHash": "sha256-75iPAcS6xuw4SNfqLmFCi9wWG1JmDNKaC8l3WJUkmDk=", "owner": "Mic92", "repo": "sops-nix", - "rev": "a522e12ee35e50fa7d902a164a9796e420e6e75b", + "rev": "cb85e297937af1bd1434cf5f85a3f86a21dc8207", "type": "github" }, "original": { From c588f49dc5231f060593cf0f720625446da7a94d Mon Sep 17 00:00:00 2001 From: Grigory Shipunov Date: Wed, 14 Jun 2023 18:32:00 +0200 Subject: [PATCH 35/63] unpin microvm --- flake.lock | 7 +++---- flake.nix | 2 +- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/flake.lock b/flake.lock index 582b39c..809cc65 100644 --- a/flake.lock +++ b/flake.lock @@ -459,16 +459,15 @@ ] }, "locked": { - "lastModified": 1684960978, - "narHash": "sha256-OW++OrrpfvFrtUcsEes1QA3Iln1bv8MdXqN48XUfNsE=", + "lastModified": 1686757742, + "narHash": "sha256-QQx8AtjlXDiRSDXAGTD+3A5IER5nDZ/hIjTgfyT/iq8=", "owner": "astro", "repo": "microvm.nix", - "rev": "dc244039cb0d6fc4ed844d60624135250731e195", + "rev": "8560a69ca9da2da59f6e05995348b24abba121e5", "type": "github" }, "original": { "owner": "astro", - "ref": "v0.3.3", "repo": "microvm.nix", "type": "github" } diff --git a/flake.nix b/flake.nix index fac7b64..569da5d 100644 --- a/flake.nix +++ b/flake.nix @@ -13,7 +13,7 @@ flake-utils.url = "github:numtide/flake-utils"; microvm = { - url = "github:astro/microvm.nix?ref=v0.3.3"; + url = "github:astro/microvm.nix"; inputs.nixpkgs.follows = "nixpkgs"; inputs.flake-utils.follows = "flake-utils"; }; From 5d503c4f4f7fced481d1a239d910789143e582b5 Mon Sep 17 00:00:00 2001 From: Grigory Shipunov Date: Wed, 14 Jun 2023 23:36:06 +0200 Subject: [PATCH 36/63] don't hard fail on single failed deployment --- pkgs/deployment.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/deployment.nix b/pkgs/deployment.nix index 3dd43dd..a308901 100644 --- a/pkgs/deployment.nix +++ b/pkgs/deployment.nix @@ -100,7 +100,7 @@ let nukeAll = lib.mapAttrs' (name: scripts: lib.nameValuePair (name) (pkgs.writeScriptBin "${name}" '' #!${pkgs.runtimeShell} - set -ex + set -x ${scripts} '')) From 6ddbb5ed928e9defd60baee334abd57d762ee574 Mon Sep 17 00:00:00 2001 From: Grigory Shipunov Date: Sat, 17 Jun 2023 17:52:52 +0200 Subject: [PATCH 37/63] update external inputs --- flake.lock | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/flake.lock b/flake.lock index 809cc65..3db8e09 100644 --- a/flake.lock +++ b/flake.lock @@ -459,11 +459,11 @@ ] }, "locked": { - "lastModified": 1686757742, - "narHash": "sha256-QQx8AtjlXDiRSDXAGTD+3A5IER5nDZ/hIjTgfyT/iq8=", + "lastModified": 1686962046, + "narHash": "sha256-QE5I3/ONKubR2lvLwUbsS4OaOPc9gTburw9OBcYfgdw=", "owner": "astro", "repo": "microvm.nix", - "rev": "8560a69ca9da2da59f6e05995348b24abba121e5", + "rev": "484e6e2209a0ead8ea43a9a79b193026026becfc", "type": "github" }, "original": { @@ -552,16 +552,16 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1686392259, - "narHash": "sha256-hqSS9hKhWldIZr1bBp9xKhIznnGPICGKzuehd2LH0UA=", + "lastModified": 1686885751, + "narHash": "sha256-KcbYp2KuKbXgNaYVziwKUc6AKRhgJ1G8Qq5gjAbQ3uw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ef24b2fa0c5f290a35064b847bc211f25cb85c88", + "rev": "aa4b53f79d961a7cbba0b24f791401a34c18011a", "type": "github" }, "original": { "owner": "NixOS", - "ref": "release-22.11", + "ref": "release-23.05", "repo": "nixpkgs", "type": "github" } @@ -616,11 +616,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1686513595, - "narHash": "sha256-H3JNqj7TEiMx5rd8lRiONvgFZvmf3kmwHI2umDdqgFY=", + "lastModified": 1686921029, + "narHash": "sha256-J1bX9plPCFhTSh6E3TWn9XSxggBh/zDD4xigyaIQBy8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "bb8b5735d6f7e06b9ddd27de115b0600c1ffbdb4", + "rev": "c7ff1b9b95620ce8728c0d7bd501c458e6da9e04", "type": "github" }, "original": { @@ -792,11 +792,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1686453485, - "narHash": "sha256-75iPAcS6xuw4SNfqLmFCi9wWG1JmDNKaC8l3WJUkmDk=", + "lastModified": 1686902322, + "narHash": "sha256-Vogj2MsipA+Uzr0M3d8300JeKQDHhPy6NEuTQXVdWu0=", "owner": "Mic92", "repo": "sops-nix", - "rev": "cb85e297937af1bd1434cf5f85a3f86a21dc8207", + "rev": "1e2bae54870a06aa9364f8d33a5b9a0869d792fc", "type": "github" }, "original": { From 7f4d7dd62b67595b05c62e634916fb9bbccb5fec Mon Sep 17 00:00:00 2001 From: Markus Schmidl Date: Mon, 19 Jun 2023 09:33:58 +0200 Subject: [PATCH 38/63] traffic-stop-box: pin kernel to v5.15 --- modules/traffic-stop-box/configuration.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/modules/traffic-stop-box/configuration.nix b/modules/traffic-stop-box/configuration.nix index cc31a5f..39e72f8 100644 --- a/modules/traffic-stop-box/configuration.nix +++ b/modules/traffic-stop-box/configuration.nix @@ -1,10 +1,12 @@ -{ config, ... }: +{ pkgs, config, ... }: { boot.tmp.useTmpfs = true; networking.hostName = "traffic-stop-box-${toString config.deployment-TLMS.systemNumber}"; # Define your hostname. + boot.kernelPackages = pkgs.linuxKernel.packages.linux_5_15; + # Set your time zone. time.timeZone = "Europe/Berlin"; From f7ee31100dc58f6a74685726cf2fa338fbfb92b6 Mon Sep 17 00:00:00 2001 From: Markus Schmidl Date: Mon, 19 Jun 2023 17:03:58 +0200 Subject: [PATCH 39/63] reboot after kernel panic on traffic-stop-boxes --- modules/traffic-stop-box/configuration.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/modules/traffic-stop-box/configuration.nix b/modules/traffic-stop-box/configuration.nix index 39e72f8..4860ee6 100644 --- a/modules/traffic-stop-box/configuration.nix +++ b/modules/traffic-stop-box/configuration.nix @@ -5,8 +5,12 @@ networking.hostName = "traffic-stop-box-${toString config.deployment-TLMS.systemNumber}"; # Define your hostname. + # some whoopsie in kernel 6.1.x maybe? boot.kernelPackages = pkgs.linuxKernel.packages.linux_5_15; + # reboot 60 seconds after kernel panic + boot.kernel.sysctl."kernel.panic" = 60; + # Set your time zone. time.timeZone = "Europe/Berlin"; From 546e30101fa3b5526c26e36ffd62aef2c0fbaac0 Mon Sep 17 00:00:00 2001 From: revol-xut Date: Sat, 8 Jul 2023 22:21:10 +0200 Subject: [PATCH 40/63] updating flake lock --- flake.lock | 42 ++++++++++++++++----------------- modules/data-hoarder/socket.nix | 2 +- 2 files changed, 22 insertions(+), 22 deletions(-) diff --git a/flake.lock b/flake.lock index 3db8e09..07868cf 100644 --- a/flake.lock +++ b/flake.lock @@ -325,11 +325,11 @@ "systems": "systems_3" }, "locked": { - "lastModified": 1685518550, - "narHash": "sha256-o2d0KcvaXzTrPRIo0kOLV0/QXHhDQ5DTi+OxcjO8xqY=", + "lastModified": 1687709756, + "narHash": "sha256-Y5wKlQSkgEK2weWdOu4J3riRd+kV/VCgHsqLNTTWQ/0=", "owner": "numtide", "repo": "flake-utils", - "rev": "a1720a10a6cfe8234c0e93907ffe81be440f4cef", + "rev": "dbabf0ca0c0c4bce6ea5eaf65af5cb694d2082c7", "type": "github" }, "original": { @@ -412,11 +412,11 @@ ] }, "locked": { - "lastModified": 1686382536, - "narHash": "sha256-2MDWrNByoeyV5xuiPcr4Mmij4pzv7cNh3akXvBBGnEs=", + "lastModified": 1688736055, + "narHash": "sha256-1QD7JhK6UzhIcslIrx64KeXPacxz7l+xzFxpYkVvGWU=", "owner": "tlm-solutions", "repo": "kindergarten", - "rev": "581f43034082deb82c2454bb490cf900625d0741", + "rev": "716359b5d68bd914c2cc6f9a7b954d17b0608121", "type": "github" }, "original": { @@ -459,11 +459,11 @@ ] }, "locked": { - "lastModified": 1686962046, - "narHash": "sha256-QE5I3/ONKubR2lvLwUbsS4OaOPc9gTburw9OBcYfgdw=", + "lastModified": 1688594608, + "narHash": "sha256-rBgR3GS8AYBEjCFbBetz/kIp1aBQeZI1AmI+o+L2Aco=", "owner": "astro", "repo": "microvm.nix", - "rev": "484e6e2209a0ead8ea43a9a79b193026026becfc", + "rev": "d5b051c75680242b02f2d82df4c812578c47964e", "type": "github" }, "original": { @@ -521,11 +521,11 @@ ] }, "locked": { - "lastModified": 1686572087, - "narHash": "sha256-jXTut7ZSYqLEgm/nTk7TuVL2ExahTip605bLINklAnQ=", + "lastModified": 1688534083, + "narHash": "sha256-/bI5vsioXscQTsx+Hk9X5HfweeNZz/6kVKsbdqfwW7g=", "owner": "nix-community", "repo": "naersk", - "rev": "8507af04eb40c5520bd35d9ce6f9d2342cea5ad1", + "rev": "abca1fb7a6cfdd355231fc220c3d0302dbb4369a", "type": "github" }, "original": { @@ -552,11 +552,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1686885751, - "narHash": "sha256-KcbYp2KuKbXgNaYVziwKUc6AKRhgJ1G8Qq5gjAbQ3uw=", + "lastModified": 1688256355, + "narHash": "sha256-/E+OSabu4ii5+ccWff2k4vxDsXYhpc4hwnm0s6JOz7Y=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "aa4b53f79d961a7cbba0b24f791401a34c18011a", + "rev": "f553c016a31277246f8d3724d3b1eee5e8c0842c", "type": "github" }, "original": { @@ -616,11 +616,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1686921029, - "narHash": "sha256-J1bX9plPCFhTSh6E3TWn9XSxggBh/zDD4xigyaIQBy8=", + "lastModified": 1688764204, + "narHash": "sha256-FsvK+tIvelCI0tWwlMDKfiyb7P/KfxpGbXMrdCKiT8s=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c7ff1b9b95620ce8728c0d7bd501c458e6da9e04", + "rev": "d8bb6c681cf86265fdcf3cc3119f757bbb085835", "type": "github" }, "original": { @@ -792,11 +792,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1686902322, - "narHash": "sha256-Vogj2MsipA+Uzr0M3d8300JeKQDHhPy6NEuTQXVdWu0=", + "lastModified": 1688268466, + "narHash": "sha256-fArazqgYyEFiNcqa136zVYXihuqzRHNOOeVICayU2Yg=", "owner": "Mic92", "repo": "sops-nix", - "rev": "1e2bae54870a06aa9364f8d33a5b9a0869d792fc", + "rev": "5ed3c22c1fa0515e037e36956a67fe7e32c92957", "type": "github" }, "original": { diff --git a/modules/data-hoarder/socket.nix b/modules/data-hoarder/socket.nix index e120a2c..37e68c6 100644 --- a/modules/data-hoarder/socket.nix +++ b/modules/data-hoarder/socket.nix @@ -15,7 +15,7 @@ in }; metrics = { port = 9010; - host = "0.0.0.0"; + host = "10.13.37.1"; }; }; services = { From 87fafc6a11f1f082035e1b6539a32b1023056e93 Mon Sep 17 00:00:00 2001 From: revol-xut Date: Sat, 8 Jul 2023 22:27:50 +0200 Subject: [PATCH 41/63] updating flake lock --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 07868cf..6a7f7fb 100644 --- a/flake.lock +++ b/flake.lock @@ -412,11 +412,11 @@ ] }, "locked": { - "lastModified": 1688736055, - "narHash": "sha256-1QD7JhK6UzhIcslIrx64KeXPacxz7l+xzFxpYkVvGWU=", + "lastModified": 1688847819, + "narHash": "sha256-ob7FPjbprYO+r32FrCmxr3FFSwIiYQEmrnraysZEG+U=", "owner": "tlm-solutions", "repo": "kindergarten", - "rev": "716359b5d68bd914c2cc6f9a7b954d17b0608121", + "rev": "8cb99935d931795d1f138ccfd8d41fc92b0ea2b3", "type": "github" }, "original": { From 8f1706c8e62c1c32271693cfab55c5dc48e273a3 Mon Sep 17 00:00:00 2001 From: revol-xut Date: Fri, 21 Jul 2023 20:02:15 +0200 Subject: [PATCH 42/63] nix flake update --- flake.lock | 42 +++++++++++++++--------------- hosts/notice-me-senpai/grafana.nix | 9 ++++++- 2 files changed, 29 insertions(+), 22 deletions(-) diff --git a/flake.lock b/flake.lock index 6a7f7fb..86200f3 100644 --- a/flake.lock +++ b/flake.lock @@ -325,11 +325,11 @@ "systems": "systems_3" }, "locked": { - "lastModified": 1687709756, - "narHash": "sha256-Y5wKlQSkgEK2weWdOu4J3riRd+kV/VCgHsqLNTTWQ/0=", + "lastModified": 1689068808, + "narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=", "owner": "numtide", "repo": "flake-utils", - "rev": "dbabf0ca0c0c4bce6ea5eaf65af5cb694d2082c7", + "rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4", "type": "github" }, "original": { @@ -412,11 +412,11 @@ ] }, "locked": { - "lastModified": 1688847819, - "narHash": "sha256-ob7FPjbprYO+r32FrCmxr3FFSwIiYQEmrnraysZEG+U=", + "lastModified": 1689960206, + "narHash": "sha256-hCyxz5QwKYYCwnnD7PnpNnV4qfIZBu94FuSmtZ3O6+c=", "owner": "tlm-solutions", "repo": "kindergarten", - "rev": "8cb99935d931795d1f138ccfd8d41fc92b0ea2b3", + "rev": "916913603175c800d0b8e5aecfc19cbedea4fe09", "type": "github" }, "original": { @@ -459,11 +459,11 @@ ] }, "locked": { - "lastModified": 1688594608, - "narHash": "sha256-rBgR3GS8AYBEjCFbBetz/kIp1aBQeZI1AmI+o+L2Aco=", + "lastModified": 1689768420, + "narHash": "sha256-fW43dx0TqeGyjQ6bImWkhOICODQ4cLbkCjcri0c3bxQ=", "owner": "astro", "repo": "microvm.nix", - "rev": "d5b051c75680242b02f2d82df4c812578c47964e", + "rev": "4b0f24f26638937036dc0dc9e28d2bab4152ef3d", "type": "github" }, "original": { @@ -552,11 +552,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1688256355, - "narHash": "sha256-/E+OSabu4ii5+ccWff2k4vxDsXYhpc4hwnm0s6JOz7Y=", + "lastModified": 1689473667, + "narHash": "sha256-41ePf1ylHMTogSPAiufqvBbBos+gtB6zjQlYFSEKFMM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "f553c016a31277246f8d3724d3b1eee5e8c0842c", + "rev": "13231eccfa1da771afa5c0807fdd73e05a1ec4e6", "type": "github" }, "original": { @@ -616,11 +616,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1688764204, - "narHash": "sha256-FsvK+tIvelCI0tWwlMDKfiyb7P/KfxpGbXMrdCKiT8s=", + "lastModified": 1689885880, + "narHash": "sha256-2ikAcvHKkKh8J/eUrwMA+wy1poscC+oL1RkN1V3RmT8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d8bb6c681cf86265fdcf3cc3119f757bbb085835", + "rev": "fa793b06f56896b7d1909e4b69977c7bf842b2f0", "type": "github" }, "original": { @@ -792,11 +792,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1688268466, - "narHash": "sha256-fArazqgYyEFiNcqa136zVYXihuqzRHNOOeVICayU2Yg=", + "lastModified": 1689534977, + "narHash": "sha256-EB4hasmjKgetTR0My2bS5AwELZFIQ4zANLqHKi7aVXg=", "owner": "Mic92", "repo": "sops-nix", - "rev": "5ed3c22c1fa0515e037e36956a67fe7e32c92957", + "rev": "bd695cc4d0a5e1bead703cc1bec5fa3094820a81", "type": "github" }, "original": { @@ -949,11 +949,11 @@ ] }, "locked": { - "lastModified": 1684521319, - "narHash": "sha256-1XL1NOOXTv9sxTrpM2XJ8/JggirMhDITnQahohJmxxg=", + "lastModified": 1689950204, + "narHash": "sha256-L75e2u2AXmnYXHHE9f8JruhuMcR7sSXN/xOkaNaJDp4=", "owner": "tlm-solutions", "repo": "trekkie", - "rev": "248c71c8c46fce31805b0b673189d59f632b9268", + "rev": "0a6308a6594d99dbd8b58a1f78dc6ddc78b87d98", "type": "github" }, "original": { diff --git a/hosts/notice-me-senpai/grafana.nix b/hosts/notice-me-senpai/grafana.nix index eca6fe5..ab37680 100644 --- a/hosts/notice-me-senpai/grafana.nix +++ b/hosts/notice-me-senpai/grafana.nix @@ -63,7 +63,14 @@ in TLMSScrapeConfigs = lib.lists.flatten (map lib.attrValues (lib.attrValues ScrapeConfigByHost)); in TLMSScrapeConfigs; - }; + } ++ [ + { + job_name = "funnel-connections"; + static_configs = [{ + targets = [ "10.13.37.1:9010" ]; + }]; + } + ]; # log collector loki = { From 4b47a3915636c27146edfdf9fd562387a24742b7 Mon Sep 17 00:00:00 2001 From: revol-xut Date: Fri, 21 Jul 2023 21:09:01 +0200 Subject: [PATCH 43/63] fixing funnel config --- modules/data-hoarder/socket.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/data-hoarder/socket.nix b/modules/data-hoarder/socket.nix index 37e68c6..eaa27f0 100644 --- a/modules/data-hoarder/socket.nix +++ b/modules/data-hoarder/socket.nix @@ -7,7 +7,7 @@ in enable = true; GRPC = { host = "127.0.0.1"; - port = 50050 + serice_number; + port = config.TLMS.chemo.port; }; defaultWebsocket = { host = "127.0.0.1"; From 9d2960940d1c33e08096cd363e7b1a6fe0218257 Mon Sep 17 00:00:00 2001 From: revol-xut Date: Fri, 21 Jul 2023 21:20:07 +0200 Subject: [PATCH 44/63] fixing grafana --- hosts/notice-me-senpai/grafana.nix | 19 +++++++++---------- hosts/uranus/stateless-jupyter.nix | 2 +- 2 files changed, 10 insertions(+), 11 deletions(-) diff --git a/hosts/notice-me-senpai/grafana.nix b/hosts/notice-me-senpai/grafana.nix index ab37680..3a1ce91 100644 --- a/hosts/notice-me-senpai/grafana.nix +++ b/hosts/notice-me-senpai/grafana.nix @@ -54,7 +54,14 @@ in replacement = "${exporter}"; } ]; - }; + } ++ [ + { + job_name = "funnel-connections"; + static_configs = [{ + targets = [ "10.13.37.1:9010" ]; + }]; + } + ]; # generate scraper config makeScrapeConfigHost = name: exporters: lib.mapAttrs (makeScrapeConfig name) exporters; @@ -63,15 +70,7 @@ in TLMSScrapeConfigs = lib.lists.flatten (map lib.attrValues (lib.attrValues ScrapeConfigByHost)); in TLMSScrapeConfigs; - } ++ [ - { - job_name = "funnel-connections"; - static_configs = [{ - targets = [ "10.13.37.1:9010" ]; - }]; - } - ]; - + }; # log collector loki = { enable = true; diff --git a/hosts/uranus/stateless-jupyter.nix b/hosts/uranus/stateless-jupyter.nix index ae1502f..881aaba 100644 --- a/hosts/uranus/stateless-jupyter.nix +++ b/hosts/uranus/stateless-jupyter.nix @@ -1,2 +1,2 @@ # The plan is to try out how broken the stateless jupyter lab in nixos -{} +{ } From 2166c009abc6f12b82801da065079f77f5620d38 Mon Sep 17 00:00:00 2001 From: revol-xut Date: Fri, 21 Jul 2023 21:32:23 +0200 Subject: [PATCH 45/63] grafana metrics collector --- hosts/notice-me-senpai/grafana.nix | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/hosts/notice-me-senpai/grafana.nix b/hosts/notice-me-senpai/grafana.nix index 3a1ce91..2148959 100644 --- a/hosts/notice-me-senpai/grafana.nix +++ b/hosts/notice-me-senpai/grafana.nix @@ -54,14 +54,7 @@ in replacement = "${exporter}"; } ]; - } ++ [ - { - job_name = "funnel-connections"; - static_configs = [{ - targets = [ "10.13.37.1:9010" ]; - }]; - } - ]; + }; # generate scraper config makeScrapeConfigHost = name: exporters: lib.mapAttrs (makeScrapeConfig name) exporters; @@ -69,7 +62,14 @@ in TLMSScrapeConfigs = lib.lists.flatten (map lib.attrValues (lib.attrValues ScrapeConfigByHost)); in - TLMSScrapeConfigs; + TLMSScrapeConfigs ++ [ + { + job_name = "funnel-connections"; + static_configs = [{ + targets = [ "10.13.37.1:9010" ]; + }]; + } + ]; }; # log collector loki = { From 3abcdaffd2d89637f0022d118ceb51cf7ee23c85 Mon Sep 17 00:00:00 2001 From: revol-xut Date: Tue, 25 Jul 2023 21:51:08 +0200 Subject: [PATCH 46/63] testing metrics --- modules/data-hoarder/chemo.nix | 6 ++++-- modules/data-hoarder/socket.nix | 6 +++--- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/modules/data-hoarder/chemo.nix b/modules/data-hoarder/chemo.nix index 986b0d1..a3ddd43 100644 --- a/modules/data-hoarder/chemo.nix +++ b/modules/data-hoarder/chemo.nix @@ -1,9 +1,11 @@ { config, ... }: -{ +let + service_number = 3; +in { TLMS.chemo = { enable = true; host = "127.0.0.1"; - port = 50053; + port = 50050 + service_number; database = { host = "127.0.0.1"; port = config.services.postgresql.port; diff --git a/modules/data-hoarder/socket.nix b/modules/data-hoarder/socket.nix index eaa27f0..07d1697 100644 --- a/modules/data-hoarder/socket.nix +++ b/modules/data-hoarder/socket.nix @@ -7,15 +7,15 @@ in enable = true; GRPC = { host = "127.0.0.1"; - port = config.TLMS.chemo.port; + port = 50050 + service_number; }; defaultWebsocket = { host = "127.0.0.1"; port = 9000 + serice_number; }; metrics = { - port = 9010; - host = "10.13.37.1"; + port = 10010 + serice_number ; + host = "127.0.0.1"; }; }; services = { From ab44cf04949d342b226d102376da77b610fd1c07 Mon Sep 17 00:00:00 2001 From: revol-xut Date: Tue, 25 Jul 2023 21:57:24 +0200 Subject: [PATCH 47/63] using ip from network config --- modules/data-hoarder/socket.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/modules/data-hoarder/socket.nix b/modules/data-hoarder/socket.nix index 07d1697..d108a93 100644 --- a/modules/data-hoarder/socket.nix +++ b/modules/data-hoarder/socket.nix @@ -1,6 +1,6 @@ { config, ... }: let - serice_number = 2; + service_number = 2; in { TLMS.funnel = { @@ -11,11 +11,11 @@ in }; defaultWebsocket = { host = "127.0.0.1"; - port = 9000 + serice_number; + port = 9000 + service_number; }; metrics = { - port = 10010 + serice_number ; - host = "127.0.0.1"; + port = 10010 + service_number ; + host = config.deployment-TLMS.net.wg.addr4; }; }; services = { From ea9c3b9af5cfba22e14a31bf03c05e7378c51127 Mon Sep 17 00:00:00 2001 From: revol-xut Date: Fri, 28 Jul 2023 13:25:28 +0200 Subject: [PATCH 48/63] nix flake update --- flake.lock | 36 +++++++++++++++--------------- hosts/notice-me-senpai/grafana.nix | 14 +++++++++++- 2 files changed, 31 insertions(+), 19 deletions(-) diff --git a/flake.lock b/flake.lock index 86200f3..5d44c2a 100644 --- a/flake.lock +++ b/flake.lock @@ -412,11 +412,11 @@ ] }, "locked": { - "lastModified": 1689960206, - "narHash": "sha256-hCyxz5QwKYYCwnnD7PnpNnV4qfIZBu94FuSmtZ3O6+c=", + "lastModified": 1690543498, + "narHash": "sha256-VFTGqEPla1gTjkyjkTJL/BcracMO7xgF4Erv1x6Mtkw=", "owner": "tlm-solutions", "repo": "kindergarten", - "rev": "916913603175c800d0b8e5aecfc19cbedea4fe09", + "rev": "a6db71c7fdbbe4fb1b20cb329a9a8dbd0de7ea45", "type": "github" }, "original": { @@ -459,11 +459,11 @@ ] }, "locked": { - "lastModified": 1689768420, - "narHash": "sha256-fW43dx0TqeGyjQ6bImWkhOICODQ4cLbkCjcri0c3bxQ=", + "lastModified": 1690231039, + "narHash": "sha256-O5mIDXhe4FAEdRpoVxVtg003/UUNweUTu14cdNT8SLE=", "owner": "astro", "repo": "microvm.nix", - "rev": "4b0f24f26638937036dc0dc9e28d2bab4152ef3d", + "rev": "062fd71f2a8f25c5d80864eb99bdff98e1684efb", "type": "github" }, "original": { @@ -521,11 +521,11 @@ ] }, "locked": { - "lastModified": 1688534083, - "narHash": "sha256-/bI5vsioXscQTsx+Hk9X5HfweeNZz/6kVKsbdqfwW7g=", + "lastModified": 1690373729, + "narHash": "sha256-e136hTT7LqQ2QjOTZQMW+jnsevWwBpMj78u6FRUsH9I=", "owner": "nix-community", "repo": "naersk", - "rev": "abca1fb7a6cfdd355231fc220c3d0302dbb4369a", + "rev": "d9a33d69a9c421d64c8d925428864e93be895dcc", "type": "github" }, "original": { @@ -552,11 +552,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1689473667, - "narHash": "sha256-41ePf1ylHMTogSPAiufqvBbBos+gtB6zjQlYFSEKFMM=", + "lastModified": 1690066826, + "narHash": "sha256-6L2qb+Zc0BFkh72OS9uuX637gniOjzU6qCDBpjB2LGY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "13231eccfa1da771afa5c0807fdd73e05a1ec4e6", + "rev": "ce45b591975d070044ca24e3003c830d26fea1c8", "type": "github" }, "original": { @@ -616,11 +616,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1689885880, - "narHash": "sha256-2ikAcvHKkKh8J/eUrwMA+wy1poscC+oL1RkN1V3RmT8=", + "lastModified": 1690370995, + "narHash": "sha256-9z//23jGegLJrf3ITStLwVf715O39dq5u48Kr/XW14U=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "fa793b06f56896b7d1909e4b69977c7bf842b2f0", + "rev": "f3fbbc36b4e179a5985b9ab12624e9dfe7989341", "type": "github" }, "original": { @@ -792,11 +792,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1689534977, - "narHash": "sha256-EB4hasmjKgetTR0My2bS5AwELZFIQ4zANLqHKi7aVXg=", + "lastModified": 1690199016, + "narHash": "sha256-yTLL72q6aqGmzHq+C3rDp3rIjno7EJZkFLof6Ika7cE=", "owner": "Mic92", "repo": "sops-nix", - "rev": "bd695cc4d0a5e1bead703cc1bec5fa3094820a81", + "rev": "c36df4fe4bf4bb87759b1891cab21e7a05219500", "type": "github" }, "original": { diff --git a/hosts/notice-me-senpai/grafana.nix b/hosts/notice-me-senpai/grafana.nix index 2148959..3b9f13b 100644 --- a/hosts/notice-me-senpai/grafana.nix +++ b/hosts/notice-me-senpai/grafana.nix @@ -64,11 +64,23 @@ in in TLMSScrapeConfigs ++ [ { - job_name = "funnel-connections"; + job_name = "funnel-connections-prod"; static_configs = [{ targets = [ "10.13.37.1:9010" ]; }]; } + { + job_name = "funnel-connections-staging"; + static_configs = [{ + targets = [ "10.13.37.5:9010" ]; + }]; + } + { + job_name = "funnel-connections-borken"; + static_configs = [{ + targets = [ "10.13.37.7:9010" ]; + }]; + } ]; }; # log collector From 274a8b18c0eefd380efeba19f366718ba0ab0392 Mon Sep 17 00:00:00 2001 From: Grigory Shipunov Date: Sun, 30 Jul 2023 14:21:06 +0200 Subject: [PATCH 49/63] warpzone down for more then a month --- flake.nix | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/flake.nix b/flake.nix index 569da5d..8db0af2 100644 --- a/flake.nix +++ b/flake.nix @@ -215,24 +215,12 @@ arch = "x86_64-linux"; monitoring = true; } - # { - # # Chemnitz - # id = 2; - # arch = "x86_64-linux"; - # monitoring = false; - # } { # Wundstr. 9 id = 4; arch = "x86_64-linux"; monitoring = true; } - { - # Warpzone - id = 6; - arch = "x86_64-linux"; - monitoring = true; - } ]; # attribute set of all traffic stop boxes From 45e12e53420d4c5c0dfd471ee871f9ae45d90471 Mon Sep 17 00:00:00 2001 From: Grigory Shipunov Date: Sun, 30 Jul 2023 14:35:15 +0200 Subject: [PATCH 50/63] tweak loki rentention --- hosts/notice-me-senpai/grafana.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hosts/notice-me-senpai/grafana.nix b/hosts/notice-me-senpai/grafana.nix index 3b9f13b..9ddab68 100644 --- a/hosts/notice-me-senpai/grafana.nix +++ b/hosts/notice-me-senpai/grafana.nix @@ -142,8 +142,8 @@ in }; table_manager = { - retention_deletes_enabled = false; - retention_period = "0s"; + retention_deletes_enabled = true; + retention_period = "720h"; }; compactor = { From db9c08bf8dd715ad038d7cc730a8fb2d8542455c Mon Sep 17 00:00:00 2001 From: Grigory Shipunov Date: Sun, 30 Jul 2023 14:38:37 +0200 Subject: [PATCH 51/63] rotate oxa key --- keys/ssh/oxa | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/keys/ssh/oxa b/keys/ssh/oxa index eac07cf..d81afa7 100644 --- a/keys/ssh/oxa +++ b/keys/ssh/oxa @@ -1 +1 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCou/7YU2kbeWbZv/F3kjWJLyLeZ5SGGMNr03rWjqZcliJCqEZGO4gz7jdizg/h+j7YWTV3Gn+03LY+tlfhuI7Okxe1YLphuPb4qb38QUprpdg9QTdREGUUpKeaXUOXASoC5EHAkx5GYcQ9uZAx70ZHdggwNvQOVcOfbSIv+MPTaEq4MTwf/Y5MhFvCUrQecTvaoukAPS3PEOWptz5hDDH7jjiJmDwHeICMhHK9YvesFjIsc/iQHScCDWBg+WbQAeLYSbJkmnzFz/7jbdF34Wmz/7FlUiOqqzkZ5Ykr78ae4NgbSz09QjkZ/W0wVIH+UAVHn3OQ+7aRukkve9w48lEb1XJvMo3Y1sGRY6AUOHw0B4xa9ZgXQiuAH4ExjaDSArNkUWjQrKkUvyl30j7t6HRA2Y+W5BzodYKO/JBGqaGneTvlXV2e7lFP2kmnf17dnkJmwTi2p0CQJrpsnifuj5gNDA/qZkXPK5DOPe+asW2Vc2panSbXosZG9Gk20JeahZ54gVn2UvRVk41GhQdCAuVWeuXF9+rtSyjtx2NSrQLIyi/59n6STL/hS1135wrEifP+xTCoI+8yxTB8BSd5JSQ9GeUGkevZp9asmwKOA/WkTzsESECbCrbgOstTCSsKPfQITLu45zIrLHn9cLjrwby06mNhp2B28GlAmvcDBC95NQ== mail@oxapentane.com +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHv82n6F6kwJ3/EMYlOoCc1/NaYFW7QHC5F8jKVzdlio gshipunov@toaster \ No newline at end of file From 3cea08ef8b2a63adb599239e785cffa4b8892b46 Mon Sep 17 00:00:00 2001 From: Grigory Shipunov Date: Sun, 30 Jul 2023 15:03:05 +0200 Subject: [PATCH 52/63] set retention for loki compactor --- hosts/notice-me-senpai/grafana.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/hosts/notice-me-senpai/grafana.nix b/hosts/notice-me-senpai/grafana.nix index 9ddab68..dc0e5bb 100644 --- a/hosts/notice-me-senpai/grafana.nix +++ b/hosts/notice-me-senpai/grafana.nix @@ -148,6 +148,9 @@ in compactor = { working_directory = "/var/lib/loki"; + compaction_interval = "10m"; + retention_enabled = true; + retention_delete_delay = "1m"; shared_store = "filesystem"; compactor_ring = { kvstore = { From d016daab1008939376862a3014ba334e7e5cbc85 Mon Sep 17 00:00:00 2001 From: Grigory Shipunov Date: Sun, 30 Jul 2023 15:03:34 +0200 Subject: [PATCH 53/63] scrape less often --- hosts/notice-me-senpai/grafana.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/notice-me-senpai/grafana.nix b/hosts/notice-me-senpai/grafana.nix index dc0e5bb..e30b53c 100644 --- a/hosts/notice-me-senpai/grafana.nix +++ b/hosts/notice-me-senpai/grafana.nix @@ -20,7 +20,7 @@ in port = 9501; listenAddress = config.deployment-TLMS.net.wg.addr4; globalConfig = { - scrape_interval = "17s"; + scrape_interval = "131s"; }; scrapeConfigs = let From 5d2751654effab1c43fbcc3157df2dd1ea867cae Mon Sep 17 00:00:00 2001 From: Markus Schmidl Date: Tue, 8 Aug 2023 19:48:12 +0200 Subject: [PATCH 54/63] switch all hypervisors to qemu --- hosts/borken-data-hoarder/default.nix | 2 +- hosts/data-hoarder/configuration.nix | 2 +- hosts/staging-data-hoarder/default.nix | 2 +- hosts/tram-borzoi/default.nix | 2 +- hosts/uranus/default.nix | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/hosts/borken-data-hoarder/default.nix b/hosts/borken-data-hoarder/default.nix index 696175f..cd76f30 100644 --- a/hosts/borken-data-hoarder/default.nix +++ b/hosts/borken-data-hoarder/default.nix @@ -6,7 +6,7 @@ in microvm = { vcpu = 4; mem = 4096; - hypervisor = "cloud-hypervisor"; + hypervisor = "qemu"; socket = "${config.networking.hostName}.socket"; interfaces = [{ diff --git a/hosts/data-hoarder/configuration.nix b/hosts/data-hoarder/configuration.nix index 6740681..568bffe 100644 --- a/hosts/data-hoarder/configuration.nix +++ b/hosts/data-hoarder/configuration.nix @@ -4,7 +4,7 @@ let in { microvm = { - hypervisor = "cloud-hypervisor"; + hypervisor = "qemu"; mem = 6144; vcpu = 12; interfaces = [{ diff --git a/hosts/staging-data-hoarder/default.nix b/hosts/staging-data-hoarder/default.nix index 96d5d43..fe5630a 100644 --- a/hosts/staging-data-hoarder/default.nix +++ b/hosts/staging-data-hoarder/default.nix @@ -10,7 +10,7 @@ in microvm = { vcpu = 4; mem = 4096; - hypervisor = "cloud-hypervisor"; + hypervisor = "qemu"; socket = "${config.networking.hostName}.socket"; interfaces = [{ diff --git a/hosts/tram-borzoi/default.nix b/hosts/tram-borzoi/default.nix index 3a373d0..21367a0 100644 --- a/hosts/tram-borzoi/default.nix +++ b/hosts/tram-borzoi/default.nix @@ -14,7 +14,7 @@ in microvm = { vcpu = 2; mem = 1024 * 2; - hypervisor = "cloud-hypervisor"; + hypervisor = "qemu"; socket = "${config.networking.hostName}.socket"; interfaces = [{ diff --git a/hosts/uranus/default.nix b/hosts/uranus/default.nix index 6d8b456..cf68da9 100644 --- a/hosts/uranus/default.nix +++ b/hosts/uranus/default.nix @@ -15,7 +15,7 @@ in microvm = { vcpu = 16; mem = 1024 * 24; - hypervisor = "cloud-hypervisor"; + hypervisor = "qemu"; socket = "${config.networking.hostName}.socket"; interfaces = [{ From bda97a49839df0bba922af3d3200abf6f049bc65 Mon Sep 17 00:00:00 2001 From: revol-xut Date: Wed, 16 Aug 2023 21:29:20 +0200 Subject: [PATCH 55/63] nix flake update --- flake.lock | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/flake.lock b/flake.lock index 5d44c2a..109b473 100644 --- a/flake.lock +++ b/flake.lock @@ -412,11 +412,11 @@ ] }, "locked": { - "lastModified": 1690543498, - "narHash": "sha256-VFTGqEPla1gTjkyjkTJL/BcracMO7xgF4Erv1x6Mtkw=", + "lastModified": 1692205760, + "narHash": "sha256-QrCXiYR51BcjCulm8/U9RTkS33loGdyMdf0PMRdnaLU=", "owner": "tlm-solutions", "repo": "kindergarten", - "rev": "a6db71c7fdbbe4fb1b20cb329a9a8dbd0de7ea45", + "rev": "030ac0a4aeeca8f1198c22c50ab9a630716dfb27", "type": "github" }, "original": { @@ -459,11 +459,11 @@ ] }, "locked": { - "lastModified": 1690231039, - "narHash": "sha256-O5mIDXhe4FAEdRpoVxVtg003/UUNweUTu14cdNT8SLE=", + "lastModified": 1691325831, + "narHash": "sha256-/S1A8FpFE6yiIzFIAYTQCSn9uqOUziu92iRTokI0eiQ=", "owner": "astro", "repo": "microvm.nix", - "rev": "062fd71f2a8f25c5d80864eb99bdff98e1684efb", + "rev": "d5c5bb4cebbd9f59b7ab81a4b36fea10b6016d38", "type": "github" }, "original": { @@ -521,11 +521,11 @@ ] }, "locked": { - "lastModified": 1690373729, - "narHash": "sha256-e136hTT7LqQ2QjOTZQMW+jnsevWwBpMj78u6FRUsH9I=", + "lastModified": 1692194466, + "narHash": "sha256-vBbwY7Xb7rhcJm4xxQxCGFGe6nmisiYsywsUeweBFy4=", "owner": "nix-community", "repo": "naersk", - "rev": "d9a33d69a9c421d64c8d925428864e93be895dcc", + "rev": "275010712ce41dff66634f9910bc1f085239b370", "type": "github" }, "original": { @@ -552,11 +552,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1690066826, - "narHash": "sha256-6L2qb+Zc0BFkh72OS9uuX637gniOjzU6qCDBpjB2LGY=", + "lastModified": 1691874659, + "narHash": "sha256-qgmixg0c/CRNT2p9Ad35kaC7NzYVZ6GRooErYI7OGJM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ce45b591975d070044ca24e3003c830d26fea1c8", + "rev": "efeed708ece1a9f4ae0506ae4a4d7da264a74102", "type": "github" }, "original": { @@ -616,11 +616,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1690370995, - "narHash": "sha256-9z//23jGegLJrf3ITStLwVf715O39dq5u48Kr/XW14U=", + "lastModified": 1692134936, + "narHash": "sha256-Z68O969cioC6I3k/AFBxsuEwpJwt4l9fzwuAMUhCCs0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "f3fbbc36b4e179a5985b9ab12624e9dfe7989341", + "rev": "bfd953b2c6de4f550f75461bcc5768b6f966be10", "type": "github" }, "original": { @@ -792,11 +792,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1690199016, - "narHash": "sha256-yTLL72q6aqGmzHq+C3rDp3rIjno7EJZkFLof6Ika7cE=", + "lastModified": 1692127428, + "narHash": "sha256-+e9dD67mpGLBhhqdv7A7i1g/r2AT/PmqthWaYHyVZR4=", "owner": "Mic92", "repo": "sops-nix", - "rev": "c36df4fe4bf4bb87759b1891cab21e7a05219500", + "rev": "f81e73cf9a4ef4b949b9225be3daa1e586c096da", "type": "github" }, "original": { From 951af6ee117c753a75828146d1a69a301f161696 Mon Sep 17 00:00:00 2001 From: revol-xut Date: Sun, 20 Aug 2023 15:24:31 +0200 Subject: [PATCH 56/63] updating website --- flake.lock | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/flake.lock b/flake.lock index 109b473..8270ff4 100644 --- a/flake.lock +++ b/flake.lock @@ -412,11 +412,11 @@ ] }, "locked": { - "lastModified": 1692205760, - "narHash": "sha256-QrCXiYR51BcjCulm8/U9RTkS33loGdyMdf0PMRdnaLU=", + "lastModified": 1692537803, + "narHash": "sha256-2o7qF7rZePhFjDPR8eYV53O/grn1pGocFCuLT8QlbVE=", "owner": "tlm-solutions", "repo": "kindergarten", - "rev": "030ac0a4aeeca8f1198c22c50ab9a630716dfb27", + "rev": "ac7e0694635b4b4fc3df0ea6c8c732be3acc0ada", "type": "github" }, "original": { @@ -459,11 +459,11 @@ ] }, "locked": { - "lastModified": 1691325831, - "narHash": "sha256-/S1A8FpFE6yiIzFIAYTQCSn9uqOUziu92iRTokI0eiQ=", + "lastModified": 1692274616, + "narHash": "sha256-UttCk5/sl0lLrBVO9kpmtDlFXcI2UkyOaSp7+grLRRE=", "owner": "astro", "repo": "microvm.nix", - "rev": "d5c5bb4cebbd9f59b7ab81a4b36fea10b6016d38", + "rev": "a291d324915f26d1fd86443bd486089099e8b541", "type": "github" }, "original": { @@ -521,11 +521,11 @@ ] }, "locked": { - "lastModified": 1692194466, - "narHash": "sha256-vBbwY7Xb7rhcJm4xxQxCGFGe6nmisiYsywsUeweBFy4=", + "lastModified": 1692351612, + "narHash": "sha256-KTGonidcdaLadRnv9KFgwSMh1ZbXoR/OBmPjeNMhFwU=", "owner": "nix-community", "repo": "naersk", - "rev": "275010712ce41dff66634f9910bc1f085239b370", + "rev": "78789c30d64dea2396c9da516bbcc8db3a475207", "type": "github" }, "original": { @@ -552,11 +552,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1691874659, - "narHash": "sha256-qgmixg0c/CRNT2p9Ad35kaC7NzYVZ6GRooErYI7OGJM=", + "lastModified": 1692492726, + "narHash": "sha256-rld5qm2B4oRkDwcPD+yOSyTrZQdfCR6mzJGGkecjvTs=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "efeed708ece1a9f4ae0506ae4a4d7da264a74102", + "rev": "5e63e8bbc46bc4fc22254da1edaf42fc7549c18a", "type": "github" }, "original": { @@ -616,11 +616,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1692134936, - "narHash": "sha256-Z68O969cioC6I3k/AFBxsuEwpJwt4l9fzwuAMUhCCs0=", + "lastModified": 1692414505, + "narHash": "sha256-sSTuyR9JYSxmUcYcj0Jvw1hIq1tz/Canw9mK0hEJvnE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "bfd953b2c6de4f550f75461bcc5768b6f966be10", + "rev": "4cdad15f34e6321a2f789b99d42815b9142ac2ba", "type": "github" }, "original": { @@ -792,11 +792,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1692127428, - "narHash": "sha256-+e9dD67mpGLBhhqdv7A7i1g/r2AT/PmqthWaYHyVZR4=", + "lastModified": 1692500916, + "narHash": "sha256-iKADqEOHmyi+LCJ5LzWcM2zH0DP3WHFETjX98blH0tE=", "owner": "Mic92", "repo": "sops-nix", - "rev": "f81e73cf9a4ef4b949b9225be3daa1e586c096da", + "rev": "4f0f113b7dbcb92edb9c901515fcab0b91c6def7", "type": "github" }, "original": { From 4fbbde789afd4e6e8dbde4f5f7463b42f07e4520 Mon Sep 17 00:00:00 2001 From: Grigory Shipunov Date: Wed, 30 Aug 2023 19:25:56 +0200 Subject: [PATCH 57/63] aarch64 and hannover are back --- flake.nix | 5 +++++ hardware/dell-wyse-3040.nix | 4 +++- modules/traffic-stop-box/configuration.nix | 12 +----------- 3 files changed, 9 insertions(+), 12 deletions(-) diff --git a/flake.nix b/flake.nix index 8db0af2..b66166c 100644 --- a/flake.nix +++ b/flake.nix @@ -221,6 +221,11 @@ arch = "x86_64-linux"; monitoring = true; } + { + id = 8; + arch ="aarch64-linux"; + monitoring = false; + } ]; # attribute set of all traffic stop boxes diff --git a/hardware/dell-wyse-3040.nix b/hardware/dell-wyse-3040.nix index ba0f598..488de52 100644 --- a/hardware/dell-wyse-3040.nix +++ b/hardware/dell-wyse-3040.nix @@ -1,4 +1,4 @@ -{ config, lib, ... }: +{ config, lib, pkgs, ... }: { # The global useDHCP flag is deprecated, therefore explicitly set to false here. @@ -30,6 +30,8 @@ boot.initrd.availableKernelModules = [ "xhci_pci" "usbhid" "usb_storage" "sd_mod" "sdhci_pci" "sdhci_acpi" ]; boot.initrd.kernelModules = [ ]; boot.extraModulePackages = [ ]; + # some whoopsie in kernel 6.1.x maybe? + boot.kernelPackages = pkgs.linuxKernel.packages.linux_5_15; swapDevices = [ ]; fileSystems."/" = diff --git a/modules/traffic-stop-box/configuration.nix b/modules/traffic-stop-box/configuration.nix index 4860ee6..98223a1 100644 --- a/modules/traffic-stop-box/configuration.nix +++ b/modules/traffic-stop-box/configuration.nix @@ -1,13 +1,10 @@ -{ pkgs, config, ... }: +{ pkgs, config, self, ... }: { boot.tmp.useTmpfs = true; networking.hostName = "traffic-stop-box-${toString config.deployment-TLMS.systemNumber}"; # Define your hostname. - # some whoopsie in kernel 6.1.x maybe? - boot.kernelPackages = pkgs.linuxKernel.packages.linux_5_15; - # reboot 60 seconds after kernel panic boot.kernel.sysctl."kernel.panic" = 60; @@ -22,12 +19,5 @@ }; }; - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). system.stateVersion = "21.11"; # Did you read the comment? - } From 7021066c734b504d52356624dee9050451aa01cc Mon Sep 17 00:00:00 2001 From: Grigory Shipunov Date: Wed, 30 Aug 2023 19:27:04 +0200 Subject: [PATCH 58/63] bump lock --- flake.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index 8270ff4..b8e9480 100644 --- a/flake.lock +++ b/flake.lock @@ -202,11 +202,11 @@ "documentation-src": { "flake": false, "locked": { - "lastModified": 1669248915, - "narHash": "sha256-+pJzcS8jraCdvXwbxjMCdVqK2kyXih+61gaCCPX+txg=", + "lastModified": 1693223762, + "narHash": "sha256-ZZNR/zzAhfUcWPvJdoaVaz19XV+4hleJI4AF6JY2tqc=", "owner": "tlm-solutions", "repo": "documentation", - "rev": "c65ea26a7720e90fb54fc31fba5d0c048bd404be", + "rev": "22b1328f19a5201a47b8b82c4fb3c7db7c1ded47", "type": "github" }, "original": { @@ -325,11 +325,11 @@ "systems": "systems_3" }, "locked": { - "lastModified": 1689068808, - "narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=", + "lastModified": 1692799911, + "narHash": "sha256-3eihraek4qL744EvQXsK1Ha6C3CR7nnT8X2qWap4RNk=", "owner": "numtide", "repo": "flake-utils", - "rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4", + "rev": "f9e7cf818399d17d347f847525c5a5a8032e4e44", "type": "github" }, "original": { @@ -552,11 +552,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1692492726, - "narHash": "sha256-rld5qm2B4oRkDwcPD+yOSyTrZQdfCR6mzJGGkecjvTs=", + "lastModified": 1693097136, + "narHash": "sha256-fBZSMdBaoZ0INFbyZ5s0DOF7zDNcLsLxgkwdDh3l9Pc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5e63e8bbc46bc4fc22254da1edaf42fc7549c18a", + "rev": "9117c4e9dc117a6cd0319cca40f2349ed333669d", "type": "github" }, "original": { @@ -616,11 +616,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1692414505, - "narHash": "sha256-sSTuyR9JYSxmUcYcj0Jvw1hIq1tz/Canw9mK0hEJvnE=", + "lastModified": 1693341273, + "narHash": "sha256-wrsPjsIx2767909MPGhSIOmkpGELM9eufqLQOPxmZQg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "4cdad15f34e6321a2f789b99d42815b9142ac2ba", + "rev": "2ab91c8d65c00fd22a441c69bbf1bc9b420d5ea1", "type": "github" }, "original": { @@ -792,11 +792,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1692500916, - "narHash": "sha256-iKADqEOHmyi+LCJ5LzWcM2zH0DP3WHFETjX98blH0tE=", + "lastModified": 1693404499, + "narHash": "sha256-cx/7yvM/AP+o/3wPJmA9W9F+WHemJk5t+Xcr+Qwkqhg=", "owner": "Mic92", "repo": "sops-nix", - "rev": "4f0f113b7dbcb92edb9c901515fcab0b91c6def7", + "rev": "d9c5dc41c4b1f74c77f0dbffd0f3a4ebde447b7a", "type": "github" }, "original": { From 74f92b7f3b34691756e286ab098352eca5563a02 Mon Sep 17 00:00:00 2001 From: revol-xut Date: Wed, 13 Sep 2023 18:10:57 +0200 Subject: [PATCH 59/63] nix flake update --- flake.lock | 118 +++++++++++++++++++++++++++++++++++------------------ 1 file changed, 79 insertions(+), 39 deletions(-) diff --git a/flake.lock b/flake.lock index b8e9480..6ea9270 100644 --- a/flake.lock +++ b/flake.lock @@ -50,17 +50,18 @@ "chemo": { "inputs": { "crane": "crane_2", + "fenix": "fenix_2", "nixpkgs": [ "nixpkgs" ], "utils": "utils_2" }, "locked": { - "lastModified": 1682901220, - "narHash": "sha256-3qYCIxrv5woo34zw8kr3XoVj/z2UlRdsxiOO0E+Me7E=", + "lastModified": 1694621314, + "narHash": "sha256-4hrSVzo0Xajw6y/6P1yA6yEc1Rh7TlkABLRp17qK50U=", "owner": "tlm-solutions", "repo": "chemo", - "rev": "e83cbe9b521c6cb946d39bd57f2be514d209ebff", + "rev": "d0663874726f190fad71bfdfe0cf7f7d876d4a3c", "type": "github" }, "original": { @@ -110,11 +111,11 @@ "rust-overlay": "rust-overlay_2" }, "locked": { - "lastModified": 1682796879, - "narHash": "sha256-X0oDZylzDXBt7RBtYXBvFexARRFvousej15feeemAx0=", + "lastModified": 1693787605, + "narHash": "sha256-rwq5U8dy+a9JFny/73L0SJu1GfWwATMPMTp7D+mjHy8=", "owner": "ipetkov", "repo": "crane", - "rev": "db21a44eb056ef65a33d9d2648ecc964b4acaddc", + "rev": "8b4f7a4dab2120cf41e7957a28a853f45016bd9d", "type": "github" }, "original": { @@ -152,7 +153,7 @@ }, "data-accumulator": { "inputs": { - "fenix": "fenix_2", + "fenix": "fenix_3", "naersk": [ "naersk" ], @@ -179,7 +180,7 @@ }, "datacare": { "inputs": { - "fenix": "fenix_3", + "fenix": "fenix_4", "naersk": "naersk_2", "nixpkgs": "nixpkgs_4", "tlms-rs": "tlms-rs", @@ -236,9 +237,31 @@ }, "fenix_2": { "inputs": { - "nixpkgs": "nixpkgs_2", + "nixpkgs": [ + "chemo", + "nixpkgs" + ], "rust-analyzer-src": "rust-analyzer-src_2" }, + "locked": { + "lastModified": 1694586081, + "narHash": "sha256-DNAohcMcTJNiFJ2hTTS6R+yaqVU+QVzp1uRsz0Ctiac=", + "owner": "nix-community", + "repo": "fenix", + "rev": "b16b1f21654b9490c662f6fd0a8fe3774a4b1606", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "fenix", + "type": "github" + } + }, + "fenix_3": { + "inputs": { + "nixpkgs": "nixpkgs_2", + "rust-analyzer-src": "rust-analyzer-src_3" + }, "locked": { "lastModified": 1684650006, "narHash": "sha256-cIWPr9nCddVu3DITyHBNWy9tBbfc86u+BxPEnRWslMM=", @@ -253,10 +276,10 @@ "type": "github" } }, - "fenix_3": { + "fenix_4": { "inputs": { "nixpkgs": "nixpkgs_3", - "rust-analyzer-src": "rust-analyzer-src_3" + "rust-analyzer-src": "rust-analyzer-src_4" }, "locked": { "lastModified": 1684650006, @@ -325,11 +348,11 @@ "systems": "systems_3" }, "locked": { - "lastModified": 1692799911, - "narHash": "sha256-3eihraek4qL744EvQXsK1Ha6C3CR7nnT8X2qWap4RNk=", + "lastModified": 1694529238, + "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", "owner": "numtide", "repo": "flake-utils", - "rev": "f9e7cf818399d17d347f847525c5a5a8032e4e44", + "rev": "ff7b65b44d01cf9ba6a71320833626af21126384", "type": "github" }, "original": { @@ -412,11 +435,11 @@ ] }, "locked": { - "lastModified": 1692537803, - "narHash": "sha256-2o7qF7rZePhFjDPR8eYV53O/grn1pGocFCuLT8QlbVE=", + "lastModified": 1694460521, + "narHash": "sha256-yM7jZsWnEEFcMijQWcin0bvVlshxXPlnJF2UgL9zBNY=", "owner": "tlm-solutions", "repo": "kindergarten", - "rev": "ac7e0694635b4b4fc3df0ea6c8c732be3acc0ada", + "rev": "618e2544eb8f51aa719cc67695d40f82ca74b753", "type": "github" }, "original": { @@ -459,11 +482,11 @@ ] }, "locked": { - "lastModified": 1692274616, - "narHash": "sha256-UttCk5/sl0lLrBVO9kpmtDlFXcI2UkyOaSp7+grLRRE=", + "lastModified": 1694526290, + "narHash": "sha256-HiWr+tfJE/hcn8atRC0S5KweSUknQLEduPLTEiSr5J8=", "owner": "astro", "repo": "microvm.nix", - "rev": "a291d324915f26d1fd86443bd486089099e8b541", + "rev": "03e7f11cf915a911277c2cdea5d7da9717597aa2", "type": "github" }, "original": { @@ -521,11 +544,11 @@ ] }, "locked": { - "lastModified": 1692351612, - "narHash": "sha256-KTGonidcdaLadRnv9KFgwSMh1ZbXoR/OBmPjeNMhFwU=", + "lastModified": 1694081375, + "narHash": "sha256-vzJXOUnmkMCm3xw8yfPP5m8kypQ3BhAIRe4RRCWpzy8=", "owner": "nix-community", "repo": "naersk", - "rev": "78789c30d64dea2396c9da516bbcc8db3a475207", + "rev": "3f976d822b7b37fc6fb8e6f157c2dd05e7e94e89", "type": "github" }, "original": { @@ -552,11 +575,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1693097136, - "narHash": "sha256-fBZSMdBaoZ0INFbyZ5s0DOF7zDNcLsLxgkwdDh3l9Pc=", + "lastModified": 1693675694, + "narHash": "sha256-2pIOyQwGyy2FtFAUIb8YeKVmOCcPOTVphbAvmshudLE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9117c4e9dc117a6cd0319cca40f2349ed333669d", + "rev": "5601118d39ca9105f8e7b39d4c221d3388c0419d", "type": "github" }, "original": { @@ -616,11 +639,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1693341273, - "narHash": "sha256-wrsPjsIx2767909MPGhSIOmkpGELM9eufqLQOPxmZQg=", + "lastModified": 1694499547, + "narHash": "sha256-R7xMz1Iia6JthWRHDn36s/E248WB1/je62ovC/dUVKI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2ab91c8d65c00fd22a441c69bbf1bc9b420d5ea1", + "rev": "e5f018cf150e29aac26c61dac0790ea023c46b24", "type": "github" }, "original": { @@ -670,6 +693,23 @@ } }, "rust-analyzer-src_2": { + "flake": false, + "locked": { + "lastModified": 1694553088, + "narHash": "sha256-vnPa/OueHI+Dx7NKB34f5SI7Mmz/VSrP+IAoGNKueU0=", + "owner": "rust-lang", + "repo": "rust-analyzer", + "rev": "15e13561499dbe90ef07cf37a90c1cedafc53e28", + "type": "github" + }, + "original": { + "owner": "rust-lang", + "ref": "nightly", + "repo": "rust-analyzer", + "type": "github" + } + }, + "rust-analyzer-src_3": { "flake": false, "locked": { "lastModified": 1684616122, @@ -686,7 +726,7 @@ "type": "github" } }, - "rust-analyzer-src_3": { + "rust-analyzer-src_4": { "flake": false, "locked": { "lastModified": 1684616122, @@ -744,11 +784,11 @@ ] }, "locked": { - "lastModified": 1680488274, - "narHash": "sha256-0vYMrZDdokVmPQQXtFpnqA2wEgCCUXf5a3dDuDVshn0=", + "lastModified": 1693707092, + "narHash": "sha256-HR1EnynBSPqbt+04/yxxqsG1E3n6uXrOl7SPco/UnYo=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "7ec2ff598a172c6e8584457167575b3a1a5d80d8", + "rev": "98ccb73e6eefc481da6039ee57ad8818d1ca8d56", "type": "github" }, "original": { @@ -792,11 +832,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1693404499, - "narHash": "sha256-cx/7yvM/AP+o/3wPJmA9W9F+WHemJk5t+Xcr+Qwkqhg=", + "lastModified": 1694495315, + "narHash": "sha256-sZEYXs9T1NVHZSSbMqBEtEm2PGa7dEDcx0ttQkArORc=", "owner": "Mic92", "repo": "sops-nix", - "rev": "d9c5dc41c4b1f74c77f0dbffd0f3a4ebde447b7a", + "rev": "ea208e55f8742fdcc0986b256bdfa8986f5e4415", "type": "github" }, "original": { @@ -982,11 +1022,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1681202837, - "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=", + "lastModified": 1694529238, + "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", "owner": "numtide", "repo": "flake-utils", - "rev": "cfacdce06f30d2b68473a46042957675eebb3401", + "rev": "ff7b65b44d01cf9ba6a71320833626af21126384", "type": "github" }, "original": { From 2fca98c16774593a217b58b57d4cb19ad8ff1821 Mon Sep 17 00:00:00 2001 From: revol-xut Date: Thu, 14 Sep 2023 16:41:43 +0200 Subject: [PATCH 60/63] making kindergarden statefull --- flake.lock | 24 ------------------------ flake.nix | 8 -------- modules/data-hoarder/kindergarten.nix | 2 +- 3 files changed, 1 insertion(+), 33 deletions(-) diff --git a/flake.lock b/flake.lock index 6ea9270..3c94947 100644 --- a/flake.lock +++ b/flake.lock @@ -425,29 +425,6 @@ "type": "github" } }, - "kindergarten": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ], - "utils": [ - "flake-utils" - ] - }, - "locked": { - "lastModified": 1694460521, - "narHash": "sha256-yM7jZsWnEEFcMijQWcin0bvVlshxXPlnJF2UgL9zBNY=", - "owner": "tlm-solutions", - "repo": "kindergarten", - "rev": "618e2544eb8f51aa719cc67695d40f82ca74b753", - "type": "github" - }, - "original": { - "owner": "tlm-solutions", - "repo": "kindergarten", - "type": "github" - } - }, "lizard": { "inputs": { "crane": "crane_3", @@ -664,7 +641,6 @@ "flake-utils": "flake-utils", "funnel": "funnel", "gnuradio-decoder": "gnuradio-decoder", - "kindergarten": "kindergarten", "lizard": "lizard", "microvm": "microvm", "naersk": "naersk_3", diff --git a/flake.nix b/flake.nix index b66166c..0656809 100644 --- a/flake.nix +++ b/flake.nix @@ -43,12 +43,6 @@ url = "github:tlm-solutions/datacare"; }; - kindergarten = { - url = "github:tlm-solutions/kindergarten"; - inputs.nixpkgs.follows = "nixpkgs"; - inputs.utils.follows = "flake-utils"; - }; - telegram-decoder = { url = "github:tlm-solutions/telegram-decoder"; inputs = { @@ -112,7 +106,6 @@ , documentation-src , funnel , gnuradio-decoder - , kindergarten , microvm , nixpkgs , sops-nix @@ -142,7 +135,6 @@ { nixpkgs.overlays = [ datacare.overlays.default - kindergarten.overlays.default trekkie.overlays.default lizard.overlays.default bureaucrat.overlays.default diff --git a/modules/data-hoarder/kindergarten.nix b/modules/data-hoarder/kindergarten.nix index 673c8a0..cf787c6 100644 --- a/modules/data-hoarder/kindergarten.nix +++ b/modules/data-hoarder/kindergarten.nix @@ -13,7 +13,7 @@ enableACME = true; forceSSL = true; locations."~ ^/(de|en)" = { - root = if (config.deployment-TLMS.domain == "tlm.solutions") then "${pkgs.kindergarten}/bin/" else "${pkgs.kindergarten-staging}/bin/"; + root = "/var/lib/kindergarden/"; # index = "index.html"; tryFiles = "$uri /$1/index.html =404"; extraConfig = '' From 3b3eb3788674fdb5e07a31ccafd732915cba37eb Mon Sep 17 00:00:00 2001 From: revol-xut Date: Thu, 14 Sep 2023 17:05:34 +0200 Subject: [PATCH 61/63] fixed typo --- modules/data-hoarder/kindergarten.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/data-hoarder/kindergarten.nix b/modules/data-hoarder/kindergarten.nix index cf787c6..0393a2c 100644 --- a/modules/data-hoarder/kindergarten.nix +++ b/modules/data-hoarder/kindergarten.nix @@ -13,7 +13,7 @@ enableACME = true; forceSSL = true; locations."~ ^/(de|en)" = { - root = "/var/lib/kindergarden/"; + root = "/var/lib/kindergarten/"; # index = "index.html"; tryFiles = "$uri /$1/index.html =404"; extraConfig = '' From c05e884162f9a355bf5b512adbaa7b9119ada437 Mon Sep 17 00:00:00 2001 From: Grigory Shipunov Date: Thu, 14 Sep 2023 17:59:17 +0200 Subject: [PATCH 62/63] rotate hannover key --- .sops.yaml | 2 +- secrets/traffic-stop-box-8/secrets.yaml | 112 ++++++++++++------------ 2 files changed, 57 insertions(+), 57 deletions(-) diff --git a/.sops.yaml b/.sops.yaml index d611d94..1a3b933 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -28,7 +28,7 @@ keys: # aachen - &traffic-stop-box-7 age1z5n0seu0qpt3y86gmz92mnmts0x8jd0a646e9ld2x5dqvvu5kgzsu93um4 # C3H - - &traffic-stop-box-8 age1cchq3tzcl2jnvq4pc9y8yusak9a2552fnrhhll4q22agm8ncycuqesj3rg + - &traffic-stop-box-8 age1x0j3jpeqw3c5qd7wgqavfg3quse6phxdzze62zj8zl8ds9y46p3qecwgxm # dumpdvb_bugdorf - &traffic-stop-box-9 age1ger9j5fk5v7hcnnl688g9rcnt9uu7c6605ptgcl338l6xl3u9q8s5p7kys # CLT diff --git a/secrets/traffic-stop-box-8/secrets.yaml b/secrets/traffic-stop-box-8/secrets.yaml index 7684255..dd80767 100644 --- a/secrets/traffic-stop-box-8/secrets.yaml +++ b/secrets/traffic-stop-box-8/secrets.yaml @@ -6,86 +6,86 @@ sops: azure_kv: [] hc_vault: [] age: - - recipient: age1cchq3tzcl2jnvq4pc9y8yusak9a2552fnrhhll4q22agm8ncycuqesj3rg + - recipient: age1x0j3jpeqw3c5qd7wgqavfg3quse6phxdzze62zj8zl8ds9y46p3qecwgxm enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSSmV4VFBpTlFaK0hNZDRh - cy9tUFVPUmNoSlExRzN2NzZSam5vNjNYRm5BCmxQWGVOOWhnR2ZMMlQ3L3Vhc0xa - N2VIVk4xSElJeXV1N3RzNTE1OGQ2bWcKLS0tIHFsQ0NDWHZUbUdrZHoya0J2YWk4 - N3VTSlhtVmxTeXgvNHBKSHp4eFBSdm8Kl78noQp3OomAmK1t9C3wE93DGQS24c8Y - +P2Nqvm9hO/k6kYm+iT9dh2HIa16ntptOUW8wPUw4kSNgdlibssh7Q== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5OERnSXdmNlF2SHVtQW8x + ZG5LcEFzUHppdEJ3ejJyQW1YOWRKeCtob0JRCjRTeC9ZMk9OaXh5OUFLYVZhaGFY + SXBQL003Rzl4VTRqSGdKWnVYZjAyc1EKLS0tIEFHZFQ2bzU1ZkxCMWxlZ2ZNbS8x + UlMvdUhqWEFjWXh6RWxtK3gvMWYrR28KteyDX6snSaU4JRFfsd5yCYPvNPFH1MUV + AO1PgiAY19z3cI8vlEobuNB0t+O7lZaiU5dWTUb+bIKyMRUTHOD2Sw== -----END AGE ENCRYPTED FILE----- lastmodified: "2022-11-28T18:15:34Z" mac: ENC[AES256_GCM,data:DYYhTAdxOt7qwWNLsl2urAqAIez+359Z3r+ZMOcs6wuD6Q6OLuyV8E7zzWhpt+hrAcRICzkRSzVMRatHckKZz5/Ej7AkYeKUML3QfWJ2dQDhmijLayYXXXeH0HrZh4DqD8xOhIFVIWxNQtIRboUMvMkz0+ao7nvMqLGaRaqiIT8=,iv:S5zQE6YOTo+Tx65Z6q7xhb/niC0ZbxqWD6jji3Ody1A=,tag:n/MfLMBi1yeXeUY3riVYPA==,type:str] pgp: - - created_at: "2022-11-28T20:39:35Z" + - created_at: "2023-09-14T15:59:02Z" enc: |- -----BEGIN PGP MESSAGE----- - wcFMA7zUOKwzpAE7AQ//V9xaoQ9eEzy57iPTsNdjbNvE0eUkpMxqy2eZrkeYeNcG - mqpvgjQ52vuV4gT01w093aHxorurQOb8htokZfJD7aC+FMw8vWV6HxLWE5FjXiQc - OoJiHcIhE1U+STvVcynMut8Gz8bLIbD7ifX9TUT+RYNX63HRhwBjF7yrl+VXiwY7 - NeJNhgEWO90ajcbP4rbKq51TZZCS613eOsGrLtulry3WedKiV/UYxVXD4YT0ElXh - 34y3dvuh5pi7nEVyQHq58cHgPZcC82Jru90Y8G7Kq9EmARikmgJYRzsqpfhJCyge - qaJtjQ+jUe+WjzfDKEJO4MGfxT/gmeaAs5hZX7r+15MPBfoEL/I+ELjWHDdC790f - S0jLMWi87PSa9LGpgcOmbNIlbpyK5aK9JOoPx0rgtOnajq+wdstVj9qfLQmw7MFp - 1EtY+xY5AOYJPdsfPnKm4Rj1G0X1g1z35xo4lu+0Jbz0wPPhGBT+bzrWCO7EcxEw - COIf4EHLx/mayKJkWW9ksIppdrdES616weLDu5JxiOsHm8D6D/il+N/zk5+k1AMK - fzs/+jfTTrEWXPTTHLaGdvQs9TIud5KmV9C83rgy8N1VevAcGI5EvzNUqOXHNVLA - DVY8xtnJb/ZSN547XMCsmRGQ1T02F7fUP0DQHCS1coCja3RAMiabcACFw00UoX7S - UQFe8yaiVbhbiqBSGpp1t1tsX9z5szWeG17sO85r6Fmv61hzCYSdx7ZreGUZl+H+ - AX5yTZhQIbjpCY+lypiOcGsV4VDsxl0aAyTUhABUSGJBEw== - =Ss0B + wcFMA7zUOKwzpAE7ARAAhtspBDeP1NjkIVWgwaa/uIYg1ZeYymo6kFGuhQxn5ObB + gxcl/sgvCjqc6vcHjjnG7Qf0/ZSyCohYZlcFzcA4Qo2/K0EaLunDTd4/mYOhBfLZ + p1wnvayF7716DC9Dqxx5731rr5pdB/tPguKaKmccDRlA+ckboA5gjAI9QvnOJNV+ + RViP9tesLoD+muoiavh04wWACMl+1LAO7xZoFU4bFx1ElHvc7ZVaMFt6j87hDCHn + CcmBBm9zPFrfMq+993YQJEc9aE1LGkqEijxyekqhDB0ASrdjv8i4onWvOdwFhyfY + 0dSC6wtkRHFVF5eBhdeLO5fXfa2FKbag4JQj1F2Ae7eixUzmbU3z3VUwKeUWd8Y9 + GLwkQeVRLkgMFyaSjliRByPj156n4YvocZLsodcdaZ4JRUp5oINj7Klx4vpFQVGF + dpZ9aDThMyaDhxIFrCMf4fWgx5In/LPxRmbTprYqFYgzR85weF32XzsiUnjhDPXx + zE63liCxXT6d4r1oSBlB9tCMse4vmbmFG1AjMuO2Kn/vRINDdpZTEwiyeId1TUQG + RoYjte7JS85+jze/g3sH/CVKbxCBo8Q5hT1wwamNg91YF2L9+ahxgGnzFcvPcIL7 + uo9T5CRoi6fR/rGeANwinblz+TYXwhFBbpUlPlXhacQSUswPgCAmdV48Axk0D6nS + UQGxzsjgNouXriVX4KeF7LYKdQY6d1l2vwxbNEQ6QTQtsKGKBt7wyfI8CQmfzTkp + iPCRs15HSrUN2yRSKN2URndCWKUh2kXe9nVE2qw9RzlScQ== + =MdNQ -----END PGP MESSAGE----- fp: DD0998E6CDF294537FC604F991FA5E5BF9AA901C - - created_at: "2022-11-28T20:39:35Z" + - created_at: "2023-09-14T15:59:02Z" enc: | -----BEGIN PGP MESSAGE----- - hQIMA/YLzOYaRIJJARAAsM9sI4zDmFok0TaeLfTuhPM8Lzf5bSfoy1jrqdag1bMo - H1QOs9j+Md9GgGSUc92sy/3X0khmnCxjOhS0hpKuD2QbUkcpZ+hjaHno0e2QBjTd - Pj+JqNZUkfLcOnU0VlODChj63p9Mh/ha5XNH+6wKMeF2fVuPU3UMB0DQdTj4iCYL - bc43AxTkfMQg9qXr5eE95jaSF4SukhYmuPL/bhnaiYb03BF0bBDEDRenbnHz1T0B - Z/b2+62ppv44QCYp3Rqv47gnJH8bjtnLy04BRfrqv9oEXAk8fBarF6IkvnkCcSha - 9j2OnBfsgSWn7Fx8BN/IfMF3Z45qtP8iRjUBwMKFejujtf96EaaCOMtKvVhqBFuZ - BX7biPuT+Vx/qzN5k8YOCzfq8Jgf9EtRUZ006DaKOz+5Q4ObsuF7FnxnwdMmG2ci - dlME/V7ByULLxl+vs6zzBd29JXZkxRd4TRA7Ct1Q0H1HGTi61PaCMXBY0bnHX7cz - zFGfZX6bMTVroNcVWuQYin7yiR9RduA1KCVaxgS/k7VNXqB2RgQlV5LK6DdzncmS - HSG5l0ymBoZ4CtQgwdiQ1HTvJdzx5wdfAwXZCqe8Kbqal1AA/uO+3df/ab3smbFb - raOAkpFuSVWIO+9/5gV+Zy8CHtNSX4j+Qiu4NFiCtSStqR2mjkafTJ25LbQjvKTS - XAGJw4O5t+PRx+koybKAC4YU6+t6YzdzbQaPcHKZ96LU26FyCIpXEa2p98r2d5d6 - i0ZfHD5LchrATqGvfg0eypKzw9LR/yBq9nkcV9c79hjaNQYZ78yDEdym/JQ2 - =2dqd + hQIMA/YLzOYaRIJJAQ/6A1ExArKZHhuHxPmgCAvPZKNXEyPPCz+kUv6ZK5FBiMhD + 5Ftb3PqlKbTdKSO/ctl2854i3DVoHgwapMRN19/S2HC2hLCJ0r3KBNJHQ3SeiuX8 + /1chpjIPVR0Iqbk19Qu/1uFioSkHX8b6acjGJwYVkNUB5rQ+b+bjpnFE3CbPGMGG + XIrTonylB0+tHUBB4UP1fGNlFLDNi1uDPfeZu+DUYK+UfdstyqeVC07bqMYiqPGG + gGfLsbN9nyurcZKUfXJL4Wzf9OytSk3rdfGRSIYU2zKTz9HVFjICJz/rr5ZArCZ6 + j+/Mx2Qg/2zy8X1YqDBhOzeQmPAskbpo3H+J+mwChCRzUL4tViE4stwLv8A/V09n + J07eqU84WYmop291wYXeh23EBC1Tuk2AD6rPHWaMvZH+y2nK7zh16Id3wREqkkEc + r82NyJPzKuxaWjj5RVKJ6mt/ogc9t0kL15kxUqQUlrNsK2Xz3o75+08lmH6Udyhh + 1WtHb78rJWtbOJwdBxWc2w2j4HzbEnWwS+ld/C6fPDbMzTNomRuX5cMv2GMElzTv + DOCwVH6OeXMNq/K2d1zrvjsp7J+VOMA9lUdAF0unuqi2U9wNXGX0SCtMPFbiXEeO + C9QASY8XRjPf50f5cmolFZrIzc++3eVOg8s0PfC/+rXav0MSGGg4/lCxIsM6OlvS + XgGbMn0N/TYNhabdEPIPV/z+v4lza1XJSjfiLrsF7iXvGhvWJ4xD+wkujPWH8LsB + vWHlhlv7ue7mskVaKeDJCtqNbmT3PEQJRKi0V0UmNIiF1JB/hL6ZUM7fm5i1/+0= + =MYoI -----END PGP MESSAGE----- fp: 91EBE87016391323642A6803B966009D57E69CC6 - - created_at: "2022-11-28T20:39:35Z" + - created_at: "2023-09-14T15:59:02Z" enc: | -----BEGIN PGP MESSAGE----- - hQEMA1N/l9+zlMQzAQf9GZVOd3+70TOm4STX+gODqfhQKBsOMlE/t0i0sBp8f2V2 - XSwiYu/MvfgLwn3yRnmEwIJvQNcoLrNdLmhwhfA4wvyBGXco1EX2drlBzBF5YbyM - kq9TubrSRaps1zmmiuNnt3qT8Q+DEXMuKbBy2eWTDIqaD4pDkqEvzGzsfn7/L4wa - 57RAi3NPIzj3wkojIyjZePGYPa648faWK32TYc/wM2fs/e4bOfH4D52uE7FKghDg - 5bSR7SdbnZSQbCxkHqgtJP+1VBFusTlmAxXuSCDOqZSNHnk7NXhzJnN4D/aTrS+o - uNFVJCh1mNZuO+Pb2i7/SkcTmMKm0vqu9dyhZaGUMNJcAR32sJzU9wcdctdGl9S1 - RxIp3sybPf+BzELiEO6T3+F2wLJEOfMSqpzgam1UYCcn1m6EjMDH3vslqiiwaF6E - sVfmsSecVH2JvhTgkF6LyGenEvRqwj57WI4x1KQ= - =9+5E + hQEMA1N/l9+zlMQzAQf+OH908FtvIyfsJwdG0ff3Ji6s6Z2MJQ3JGzOQ4bB8LtBV + vfwe9w+WLF/iAa/cUoCP8YJs8JfVq1CxDtFwGDrbD3+L62nSNrwsR92BmxdUleZ/ + a0qz8BWU2awprugCL5Wpx3ISnwnsjE0cooUhED0e6iGHRHSQ9POs+bDw3h3G6w9U + gyNZwYQlUnlpWliEPaxfGM2XaDw2JnIH+WLziK7lsRrKoStTDwltZg9ZBkk18lCz + XB3bdwNKfeI+R0Nk8f/Pj7cWlXh/j6YbnVnf4P4HHkzs7DZXrKJUn9twrsqfYmqB + AM3AMh+OWbHp2lmjiRMuas7a83aD7bOr4CtvrKLcx9JeAX3k/dVuHgZg8cv08aA5 + Ypkp9xxvlxRkeEMxXzZBM9vZXLPzz/M2VhSAoTLqAZcta95eEr0ta7fXYz2iW7CQ + c17yaVewQO2Tu6mQtp/opqTigxhpwzR+Y6CZYE7rYA== + =AOiP -----END PGP MESSAGE----- fp: 069836A578F7939612DB4934F77D0F7E247A1EE4 - - created_at: "2022-11-28T20:39:35Z" + - created_at: "2023-09-14T15:59:02Z" enc: | -----BEGIN PGP MESSAGE----- - hQEMA1N/l9+zlMQzAQf/X7rsO49FKeclClSwhM9djME9Fs83FgDsNoIUydho/AHb - R1fqOVvRXA2Gn96zZSs2W8AcaJoH2uf7eTF/swt1J9nzuvr5PIoci76WxOeKVfNw - 54TIY5w9NytB3zhpkqbU/kVe8OwavOiD3esBDdeApi9bSeHaOpfJ8c8rtQG0g8Ny - oKMJmrDr4Di0ysCSOH5sJcXr86c6GBNwlQKIrQIkD8wfoqb90EH8rg2mZ6xaaafs - hzGYfP2B2bB62CBE7taeLkrdY163k1tNYyH4C8gegsBHXEGzOBbATvN467Bfmi+7 - 4S1cKO1X8E5T+t70gSaawlAoQ59pl2m9jQHq8Exf0dJcAWv6g9KAvWwWqBXZYENb - kq92xcmWHTLFuV83MgqE7kUytgWxUhklhREkwHG2qYgyYOHgrg//p+17XSoI8e+X - g+6WlKuO+Uyu+YNy3IzjMwn5LctFviPDl0F+BhA= - =lD9P + hQEMA1N/l9+zlMQzAQf+MRjWWewxGEE3/ABd4D7cZhNVAXAzh8I1YtwOFvZP8aWm + 9xp4Klo4qP5YOXtTKK7joslbKEonsxoxCI9Lij3bIuVem/4JrSnTPM0csVdrYdi9 + zSzR2iBLT9Dc5KF7u5z/Kwi8WTgFFywtljXljvJhkK/iSb+8Gn81L2r6Luz9pJtP + bK/vOK82iyr4wMlhD+/TZw9hMWfbwXaRfnJN2i76l2RE6eo6JWsWFFez8i6VVzjS + gs9etK9GDch+cnBQo6TqdMW5zoOTENsd3WgU4rzuugHOL44dS8cH6Wxi/c0Pv7gt + lehqdLThM01nhEB/bxbNVqqmTk3BJGxhA1Ulq/qKxtJeAR+KROqwef74beEmrCoJ + +zX2QkIITRU5Q9EhhGVcPYsuUAX8tpCwGX8uFbx8c9jetMlIAsim8+dQdArJYcyF + 3wBv6whQPjXr1VpzrNO2njqc5yCQNc0uPlE+EivuDQ== + =pT4X -----END PGP MESSAGE----- fp: ED06986DFAAE6A61B751DC2F537F97DFB394C433 unencrypted_suffix: _unencrypted From bd315f0e103863eb6d875b1970714a3f7caa191d Mon Sep 17 00:00:00 2001 From: revol-xut Date: Sat, 16 Sep 2023 19:42:50 +0200 Subject: [PATCH 63/63] updating nixpkgs --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 3c94947..ebd1a8c 100644 --- a/flake.lock +++ b/flake.lock @@ -616,11 +616,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1694499547, - "narHash": "sha256-R7xMz1Iia6JthWRHDn36s/E248WB1/je62ovC/dUVKI=", + "lastModified": 1694753796, + "narHash": "sha256-QPE7dqcicQH/nq9aywVXJWWtci4FvxHaM+BSIEbGBvA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e5f018cf150e29aac26c61dac0790ea023c46b24", + "rev": "360a7d31c30abefdc490d203f80e3221b7a24af2", "type": "github" }, "original": {