diff --git a/infra/forgejo-ci/configuration.nix b/infra/forgejo-ci/configuration.nix index bfe55d24..c65c5617 100644 --- a/infra/forgejo-ci/configuration.nix +++ b/infra/forgejo-ci/configuration.nix @@ -1,90 +1,75 @@ -{ pkgs, ... }: +{ config, lib, ... }: +let + inherit (lib) mkDefault mkForce; + +in { imports = [ - ./hardware-configuration.nix + ../common/options.nix + ../common/nixos ]; - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; + procolixVm = { + name = "forgejo-ci"; + domain = "procolix.com"; + + ipv4 = { + interface = "enp1s0f0"; + address = "192.168.201.65"; + prefixLength = 24; + gateway = "192.168.201.1"; + }; + ipv6.enable = false; + + # Most Procolix machines are QEMU VMs so the options are tailored to them by + # default. `forgejo-ci` is not, so we need to explicitly disable them. + isQemuVm = false; + }; networking = { - hostName = "forgejo-ci"; - domain = "procolix.com"; - interfaces = { - enp1s0f0 = { - ipv4 = { - addresses = [ - { - address = "192.168.201.65"; - prefixLength = 24; - } - ]; - }; - }; + nftables.enable = mkForce false; + hostId = "1d6ea552"; + }; + + hardware.cpu.intel.updateMicrocode = mkDefault config.hardware.enableRedistributableFirmware; + + boot = { + ## In an initial version, we used `mkForce` to remove QEMU VM-specific + ## kernel modules. This is a terrible idea as it will also remove other + ## kernel modules, for instance the ones added for ZFS. + initrd = { + availableKernelModules = [ + "ahci" + "xhci_pci" + "ehci_pci" + "nvme" + "megaraid_sas" + "usbhid" + "usb_storage" + "sd_mod" + ]; + kernelModules = [ ]; }; - defaultGateway = { - address = "192.168.201.1"; - interface = "enp1s0f0"; - }; - nameservers = [ - "95.215.185.6" - "95.215.185.7" - ]; - firewall.enable = false; + kernelModules = [ "kvm-intel" ]; }; - time.timeZone = "Europe/Amsterdam"; - - i18n.defaultLocale = "en_US.UTF-8"; - - users.users.root = { - hashedPassword = "$y$j9T$WXvLAUqArJJusuC017FCW0$.rfMOeyx/BsClkJFi5hLcynrSk.njWmfiB6Uy.9th3A"; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEElREJN0AC7lbp+5X204pQ5r030IbgCllsIxyU3iiKY niols@wallace" - ]; + fileSystems."/" = { + device = "rpool/root"; + fsType = "zfs"; }; - users.users.procolix = { - isNormalUser = true; - extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. - hashedPassword = "$y$j9T$UH8Dh/poTCCZ3PXk43au6/$iYen8VUEVvv7SIPqteNtTPKktLxny3TbqvjUwhvi.6B"; - openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAotfCIjLoDlHOe+++kVS1xiBPaS8mC5FypgrxDrDVst6SHxMTca2+IScMajzUZajenvNAoZOwIsyAPacT8OHeyFvV5Y7G874Qa+cZVqJxLht9gdXxr1GNabU3RfhhCh272dUeIKIqfgsRsM2HzdnZCMDavS1Yo+f+RhhHhnJIua+NdVFo21vPrpsz+Cd0M1NhojARLajrTHvEXW0KskUnkbfgxT0vL9jeRZxdgMS+a9ZoR5dbzOxQHWfbP8N04Xc+7CweMlvKwlWuAE/xDb5XLNHorfGWFvZuVhptJN8jPaaVS25wsmsF5IbaAuSZfzCtBdFQhIloUhy0L6ZisubHjQ== procolix@sshnode1" - "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAuT3C0f3nyQ7SwUvXcFmEYEgwL+crY6iK0Bhoi9yfn4soz3fhfMKyKSwc/0RIlRnrz3xnkyJiV0vFeU7AC1ixbGCS3T9uc0G1x0Yedd9n2yR8ZJmkdyfjZ5KE4YvqZ3f6UZn5Mtj+7tGmyp+ee+clLSHzsqeyDiX0FIgFmqiiAVJD6qeKPFAHeWz9b2MOXIBIw+fSLOpx0rosCgesOmPc8lgFvo+dMKpSlPkCuGLBPj2ObT4sLjc98NC5z8sNJMu3o5bMbiCDR9JWgx9nKj+NlALwk3Y/nzHSL/DNcnP5vz2zbX2CBKjx6ju0IXh6YKlJJVyMsH9QjwYkgDQVmy8amQ== procolix@sshnode2" - ]; - packages = with pkgs; [ - ]; + fileSystems."/home" = { + device = "rpool/home"; + fsType = "zfs"; }; - users.users.niols = { - isNormalUser = true; - extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. - hashedPassword = "$y$j9T$zZZ/XQ68cGr6GTIQqSnsh/$I9UEl9JLxq8kWZbVOp.WqUxfcNmrSVMBGSwGalIJ/Z/"; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEElREJN0AC7lbp+5X204pQ5r030IbgCllsIxyU3iiKY niols@wallace" + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/50B2-DD3F"; + fsType = "vfat"; + options = [ + "fmask=0077" + "dmask=0077" ]; }; - - environment.systemPackages = with pkgs; [ - (pkgs.vim_configurable.customize { - name = "vim"; - vimrcConfig.packages.myplugins = with pkgs.vimPlugins; { - start = [ vim-nix ]; # load plugin on startup - }; - vimrcConfig.customRC = '' - " your custom vimrc - set nocompatible - set backspace=indent,eol,start - " Turn on syntax highlighting by default - syntax on - " ... - ''; - }) - wget - ]; - - services.openssh.enable = true; - - system.stateVersion = "24.11"; # don't change } diff --git a/infra/forgejo-ci/hardware-configuration.nix b/infra/forgejo-ci/hardware-configuration.nix deleted file mode 100644 index f76d009d..00000000 --- a/infra/forgejo-ci/hardware-configuration.nix +++ /dev/null @@ -1,52 +0,0 @@ -{ - config, - lib, - modulesPath, - ... -}: - -{ - imports = [ - (modulesPath + "/installer/scan/not-detected.nix") - ]; - - boot.initrd.availableKernelModules = [ - "ahci" - "xhci_pci" - "ehci_pci" - "nvme" - "megaraid_sas" - "usbhid" - "usb_storage" - "sd_mod" - ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = { - device = "rpool/root"; - fsType = "zfs"; - }; - - fileSystems."/home" = { - device = "rpool/home"; - fsType = "zfs"; - }; - - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/50B2-DD3F"; - fsType = "vfat"; - options = [ - "fmask=0077" - "dmask=0077" - ]; - }; - - swapDevices = [ ]; - - networking.hostId = "1d6ea552"; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -}