From 446ee2a38517d99fbe570b34edcc45f68d8b802f Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Mon, 7 Oct 2024 13:23:45 +0200 Subject: [PATCH 1/6] feat(flake): bump nixos-anywhere and disko to use the new `--copy-host-keys` CLi flag --- flake.lock | 56 +++++++++++++++++++++++++++--------------------------- 1 file changed, 28 insertions(+), 28 deletions(-) diff --git a/flake.lock b/flake.lock index 60c6c9b..0fcf35a 100644 --- a/flake.lock +++ b/flake.lock @@ -314,11 +314,11 @@ ] }, "locked": { - "lastModified": 1710724748, - "narHash": "sha256-aXlifKr6Brg0SBUBgRNEBaZf3JLUeGhM9BX2gam+vvo=", + "lastModified": 1728109432, + "narHash": "sha256-wmbErh8FG7dRKOtMMpHUqDtFjeqt9Zjx4zssSeTalwU=", "owner": "nix-community", "repo": "disko", - "rev": "c09c3a9639690f94ddff44c3dd25c85602e5aeb2", + "rev": "48ebb577855fb2398653f033b3b2208a9249203d", "type": "github" }, "original": { @@ -1043,22 +1043,6 @@ "type": "github" } }, - "nixos-2305": { - "locked": { - "lastModified": 1686478675, - "narHash": "sha256-EBm0oKY+B+BF/wQzegHCLPZQ2BxfgRSfEJhAd9N2XyA=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "207e4680b5ffe797038955949ab20ddc4a31c835", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "release-23.05", - "repo": "nixpkgs", - "type": "github" - } - }, "nixos-anywhere": { "inputs": { "disko": [ @@ -1067,8 +1051,8 @@ "flake-parts": [ "flake-parts" ], - "nixos-2305": "nixos-2305", "nixos-images": "nixos-images", + "nixos-stable": "nixos-stable", "nixpkgs": [ "nixpkgs" ], @@ -1077,11 +1061,11 @@ ] }, "locked": { - "lastModified": 1686482719, - "narHash": "sha256-1GdZdNru73F5K+xHkfC6qDidtHYySeGP+OmWUMyS2Os=", + "lastModified": 1727531568, + "narHash": "sha256-lt8fmizvl6iRDNz7/Yqor1MmU5fcUyv3oajtUsUmthA=", "owner": "numtide", "repo": "nixos-anywhere", - "rev": "bca7792e794a6b1864d7641063a5aebc0c9268ec", + "rev": "b6168ba67a8fad0636b5111a906dfbdf3abe2dee", "type": "github" }, "original": { @@ -1113,9 +1097,9 @@ }, "nixos-images": { "inputs": { - "nixos-2305": [ + "nixos-stable": [ "nixos-anywhere", - "nixos-2305" + "nixos-stable" ], "nixos-unstable": [ "nixos-anywhere", @@ -1123,11 +1107,11 @@ ] }, "locked": { - "lastModified": 1686466496, - "narHash": "sha256-HYSUVZ85+POkLOo1Om7yw1870xqwJp3ABu+Fz7hBJY8=", + "lastModified": 1727367213, + "narHash": "sha256-7O4pi8MmcJpA0nYUQkdolvKGyu6zNjf2gFYD1Q0xppc=", "owner": "nix-community", "repo": "nixos-images", - "rev": "13e5db35e8b5a646d0efa81ff1dd003336ffe65f", + "rev": "3e7978bab153f39f3fc329ad346d35a8871420f7", "type": "github" }, "original": { @@ -1136,6 +1120,22 @@ "type": "github" } }, + "nixos-stable": { + "locked": { + "lastModified": 1727264057, + "narHash": "sha256-KQPI8CTTnB9CrJ7LrmLC4VWbKZfljEPBXOFGZFRpxao=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "759537f06e6999e141588ff1c9be7f3a5c060106", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.05", + "repo": "nixpkgs", + "type": "github" + } + }, "nixos-vscode-server": { "inputs": { "flake-utils": [ From e979a21e751cae95d4ee9018581309951128876e Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Fri, 4 Oct 2024 20:55:20 +0200 Subject: [PATCH 2/6] feat(github-runner-multi-arch): support custom url --- modules/nixos/github-runner-multi-arch.nix | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/modules/nixos/github-runner-multi-arch.nix b/modules/nixos/github-runner-multi-arch.nix index 515445c..61166c4 100644 --- a/modules/nixos/github-runner-multi-arch.nix +++ b/modules/nixos/github-runner-multi-arch.nix @@ -36,6 +36,12 @@ in default = "multi-arch"; type = lib.types.str; }; + + url = lib.mkOption { + description = "github repository URL"; + default = "https://github.com/holochain/holochain"; + type = lib.types.str; + }; }; config = lib.mkIf cfg.enable { @@ -48,7 +54,7 @@ in config.networking.hostName ]; tokenFile = config.sops.secrets.github-runners-token.path; - url = "https://github.com/holochain/holochain"; + url = cfg.url; extraPackages = config.environment.systemPackages; }); From f79269af1c1e82ea9e6f9c0c189f6da62d8018bf Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Fri, 4 Oct 2024 20:55:37 +0200 Subject: [PATCH 3/6] feat: introduce linux-builder-2 and migrate buildbot-nix-0 --- .sops.yaml | 11 +- .../configuration.nix | 251 ++++++++++++++---- .../configuration.nix | 3 + .../configuration.nix | 131 +++++++++ .../default.nix | 16 ++ secrets/buildbot-nix-0/secrets.yaml | 42 +-- secrets/linux-builder-2/secrets.yaml | 39 +++ secrets/monitoring-clients/secrets.yaml | 141 +++++----- 8 files changed, 497 insertions(+), 137 deletions(-) create mode 100644 modules/flake-parts/nixosConfigurations.linux-builder-2/configuration.nix create mode 100644 modules/flake-parts/nixosConfigurations.linux-builder-2/default.nix create mode 100644 secrets/linux-builder-2/secrets.yaml diff --git a/.sops.yaml b/.sops.yaml index 3ba4be1..31edb8e 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -12,8 +12,10 @@ keys: - &dweb-reverse-proxy age1ygzy9clj0xavlmau0ham7j5nw8yy4z0q8hvkfpdgwc4fcr8nufpqrdxgvx - &linux-builder-01 age1kxkr407jz77ljrhgsfwfmv2yvqjprc6unvx389xp2f48xj8r0vqq2wew5r - &x64-linux-dev-01 age1vlxerq9j9jd00qvxj2gxds9re4dz2djqmllkhzsf44gz9a5y4ghs7807h9 + # TODO: replace this during the machine's setup + - &linux-builder-2 age1kxwxjpk0d8uepglyk63vdht4ct5vhf6n3mml86596a3ut9wfhassfjgh5w - &tfgrid-shared age194xfar0gfdauu2dcxwqk9lh9d0vjfrzzs2ke0ppanpwv9eqxzs2qp7q7cn - - &buildbot-nix-0 age1w99tzxl88z7ct3ekpatl62wvhrx29pg450qmn822dpmz0evhxqxqy3scux + - &buildbot-nix-0 age1eel2m3jsanly3np5anytwyjze70v509mje2yu562e2k70ctdsvrqj23x20 - &monitoring-0 age1cpcwv2wlszwase38zpngk6ld3vx8ev8jsv38m9pp74jvlutvxpsqt49yrr - &turn-0 age1yl2l760zjsxvrct97gtwfkfjlvhg3vkkwpud2usc35ktqnzhuurq3an2ns - &turn-1 age16thgapywna9zu3r87hfgvw097lq8r9z5rxunfjqmttcnpgxxcflqxkjycn @@ -53,6 +55,7 @@ creation_rules: - *x64-linux-dev-01 - *dweb-reverse-proxy - *linux-builder-01 + - *linux-builder-2 - *turn-0 - *turn-1 - *turn-2 @@ -64,6 +67,12 @@ creation_rules: - *linux-builder-01 - *age_steveej - *age_r-vdp + - path_regex: ^secrets/linux-builder-2/[^/]+$ + key_groups: + - age: + - *linux-builder-2 + - *age_steveej + - *age_r-vdp - path_regex: ^secrets/x64-linux-dev-01/[^/]+$ key_groups: - pgp: diff --git a/modules/flake-parts/nixosConfigurations.buildbot-nix-0/configuration.nix b/modules/flake-parts/nixosConfigurations.buildbot-nix-0/configuration.nix index 821640d..61cbe0b 100644 --- a/modules/flake-parts/nixosConfigurations.buildbot-nix-0/configuration.nix +++ b/modules/flake-parts/nixosConfigurations.buildbot-nix-0/configuration.nix @@ -6,18 +6,10 @@ lib, ... }: -let - domainSuffix = - (builtins.elemAt - (builtins.attrValues self.nixosConfigurations.dweb-reverse-tls-proxy.config.services.bind.zones) - 0 - ).name; - appFqdn = "buildbot-nix-0.${domainSuffix}"; - appId = 1008744; - - oauthId = "Iv23liqmAiBw8ab9EF61"; - topic = "holo-chain-buildbot-nix-0"; -in +# Hetzner AX162-R #2497582 + +# NOTE(steveej): i manually switched it to legacy via the KVM console because i did not want to spend more time on getting EFI to work with software RAID +# Legacy/BIOS { imports = [ inputs.disko.nixosModules.disko @@ -48,8 +40,15 @@ in domain = self.specialArgs.infraDomain; hostName = "buildbot-nix-0"; - primaryIpv4 = "135.181.114.173"; - primaryIpv6 = "2a01:4f9:4b:1a93::1/64"; + primaryIpv4 = "65.109.100.254"; + primaryIpv6 = "2a01:4f9:3080:25e7::1/64"; + + buildbot-nix = { + appFqdn = "buildbot-nix-0.${config.passthru.domain}"; + appId = 1008744; + oauthId = "Iv23liqmAiBw8ab9EF61"; + topic = "holo-chain-buildbot-nix-0"; + }; }; networking = { @@ -57,34 +56,167 @@ in }; hostName = config.passthru.primaryIpv4; - nix.settings.max-jobs = 12; + nix.settings.max-jobs = 48; boot.loader.grub = { - efiSupport = false; + enable = true; + efiSupport = true; + efiInstallAsRemovable = true; + devices = [ "nodev" ]; + # mirroredBoots = [ + # { + # devices = [ + # # "nodev" + # # "/dev/nvme0n1" + # # "/dev/nvme1n1" + # ]; + # path = "/boot"; + # } + # ]; }; - # boot.loader.systemd-boot.enable = true; - # boot.loader.efi.canTouchEfiVariables = true; + boot.loader.efi.canTouchEfiVariables = false; boot.kernelPackages = pkgs.linuxPackages_latest; systemd.network.networks."10-uplink".networkConfig.Address = config.passthru.primaryIpv6; + /* + # not working NixOS + + root@rescue ~ # sgdisk --print /dev/nvme0n1 + Disk /dev/nvme0n1: 3750748848 sectors, 1.7 TiB + Model: SAMSUNG MZQL21T9HCJR-00A07 + Sector size (logical/physical): 512/4096 bytes + Disk identifier (GUID): 04AC4FB8-8843-4508-B894-A42F91218231 + Partition table holds up to 128 entries + Main partition table begins at sector 2 and ends at sector 33 + First usable sector is 34, last usable sector is 3750748814 + Partitions will be aligned on 2048-sector boundaries + Total free space is 4717 sectors (2.3 MiB) + + Number Start (sector) End (sector) Size Code Name + 1 4096 2052095 1000.0 MiB EF00 disk-sdb-ESP + 2 2052096 3750748159 1.7 TiB 8300 disk-sdb-rootfs + root@rescue ~ # sgdisk --print /dev/nvme1n1 + Disk /dev/nvme1n1: 3750748848 sectors, 1.7 TiB + Model: SAMSUNG MZQL21T9HCJR-00A07 + Sector size (logical/physical): 512/4096 bytes + Disk identifier (GUID): C6FD320F-FEB3-4E49-822A-BC690ADF0559 + Partition table holds up to 128 entries + Main partition table begins at sector 2 and ends at sector 33 + First usable sector is 34, last usable sector is 3750748814 + Partitions will be aligned on 2048-sector boundaries + Total free space is 4717 sectors (2.3 MiB) + + Number Start (sector) End (sector) Size Code Name + 1 4096 2052095 1000.0 MiB EF00 disk-sda-ESP + 2 2052096 3750748159 1.7 TiB 8300 disk-sda-rootfs + + root@rescue ~ # blkid + /dev/nvme0n1p1: UUID="38a0e387-1c9b-2095-cfc3-de9ef33f9f4d" UUID_SUB="75be7ee9-61c8-a320-f373-16a4ad55dab4" LABEL="any:esp" TYPE="linux_raid_member" PARTLABEL="disk-sdb-ESP" PARTUUID="925655a3-0b33-42d9-8c33-a39470f90209" + /dev/nvme0n1p2: UUID="e5d82e40-9461-6e2a-43dc-209e555ea44d" UUID_SUB="e70e3b91-672d-cb3f-9caa-6653089ef3b8" LABEL="any:rootfs" TYPE="linux_raid_member" PARTLABEL="disk-sdb-rootfs" PARTUUID="92685db5-e967-4d07-a767-f3fc8998f875" + /dev/md127: UUID="EBF0-E600" BLOCK_SIZE="512" TYPE="vfat" + /dev/loop0: UUID="da55567a-52c0-4ad7-b417-9d6f531d1273" BLOCK_SIZE="4096" TYPE="ext2" + /dev/md126: UUID="78beb252-b84f-4014-8d04-468cb714346b" UUID_SUB="3f598054-4252-453e-8c2a-93fe2cf9529d" BLOCK_SIZE="4096" TYPE="btrfs" + /dev/nvme1n1p2: UUID="e5d82e40-9461-6e2a-43dc-209e555ea44d" UUID_SUB="5d3bd916-094a-a48b-490e-c378923c7a66" LABEL="any:rootfs" TYPE="linux_raid_member" PARTLABEL="disk-sda-rootfs" PARTUUID="4842c898-6320-41af-b564-e3a24ee05d11" + /dev/nvme1n1p1: UUID="38a0e387-1c9b-2095-cfc3-de9ef33f9f4d" UUID_SUB="8c48e626-6807-4d0f-e708-f24cce7d364c" LABEL="any:esp" TYPE="linux_raid_member" PARTLABEL="disk-sda-ESP" PARTUUID="31d25776-1596-4278-8e01-008add39a42d" + + root@rescue ~ # parted /dev/nvme0n1 + GNU Parted 3.5 + Using /dev/nvme0n1 + Welcome to GNU Parted! Type 'help' to view a list of commands. + (parted) print + Model: SAMSUNG MZQL21T9HCJR-00A07 (nvme) + Disk /dev/nvme0n1: 1920GB + Sector size (logical/physical): 512B/4096B + Partition Table: gpt + Disk Flags: + + Number Start End Size File system Name Flags + 1 2097kB 1051MB 1049MB disk-sdb-ESP boot, esp + 2 1051MB 1920GB 1919GB disk-sdb-rootfs + + # mount + /dev/md126 on /mnt/boot type vfat (rw,relatime,fmask=0077,dmask=0077,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro) + */ + + /* + working hetzner + + root@Debian-bookworm-latest-amd64-base ~ # parted /dev/nvme0n1 + GNU Parted 3.5 + Using /dev/nvme0n1 + Welcome to GNU Parted! Type 'help' to view a list of commands. + (parted) print + Model: SAMSUNG MZQL21T9HCJR-00A07 (nvme) + Disk /dev/nvme0n1: 1920GB + Sector size (logical/physical): 512B/4096B + Partition Table: gpt + Disk Flags: + + Number Start End Size File system Name Flags + 1 2097kB 271MB 268MB fat16 boot, esp + 2 271MB 4565MB 4295MB raid + 3 4565MB 5639MB 1074MB raid + 4 5639MB 1920GB 1915GB raid + + root@Debian-bookworm-latest-amd64-base ~ # lsblk + NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS + nvme0n1 259:0 0 1.7T 0 disk + ├─nvme0n1p1 259:1 0 256M 0 part + │ └─md0 9:0 0 255.9M 0 raid1 /boot/efi + ├─nvme0n1p2 259:2 0 4G 0 part + │ └─md1 9:1 0 4G 0 raid1 [SWAP] + ├─nvme0n1p3 259:3 0 1G 0 part + │ └─md2 9:2 0 1022M 0 raid1 /boot + └─nvme0n1p4 259:4 0 1.7T 0 part + └─md3 9:3 0 1.7T 0 raid1 / + nvme1n1 259:5 0 1.7T 0 disk + ├─nvme1n1p1 259:6 0 256M 0 part + │ └─md0 9:0 0 255.9M 0 raid1 /boot/efi + ├─nvme1n1p2 259:7 0 4G 0 part + │ └─md1 9:1 0 4G 0 raid1 [SWAP] + ├─nvme1n1p3 259:8 0 1G 0 part + │ └─md2 9:2 0 1022M 0 raid1 /boot + └─nvme1n1p4 259:9 0 1.7T 0 part + └─md3 9:3 0 1.7T 0 raid1 / + */ + disko.devices = let disk = id: { type = "disk"; - device = "/dev/${id}"; + device = "/dev/nvme${id}n1"; content = { type = "gpt"; partitions = { - boot = { - size = "1M"; - type = "EF02"; # for grub MBR + ESP = { + priority = 100; + # Hetzner + start = "2M"; + size = "500M"; + # Hetzner's Debian installation was using "EFI System" as the partition code for the ESP mdadm raid1 members. + # so far _this_ is not working, however it did for Hetzner. + type = "EF00"; + content = { + type = "mdraid"; + name = "esp"; + }; }; - mdadm = { + + # boot = { + # priority = 101; + # size = "100%"; + # content = { + # type = "mdraid"; + # name = "boot"; + # }; + # }; + + rootfs = { size = "100%"; content = { type = "mdraid"; - name = "raid0"; + name = "rootfs"; }; }; }; @@ -93,32 +225,53 @@ in in { disk = { - sda = disk "nvme0n1"; - sdb = disk "nvme1n1"; + sda = disk "0"; + sdb = disk "1"; }; + mdadm = { - raid0 = { + esp = { + type = "mdadm"; + level = 1; + metadata = "1.0"; + content = { + type = "filesystem"; + # hetzner + format = "vfat"; + extraArgs = [ + "-F" + "16" + ]; + # FIXME: it should be possible to use /boot/efi here and leave /boot on the btrfs + mountpoint = "/boot"; + mountOptions = [ "umask=0077" ]; + }; + }; + + # boot = { + # type = "mdadm"; + # level = 1; + # content = { + # type = "filesystem"; + # format = "ext3"; + # mountpoint = "/boot"; + # }; + # }; + + rootfs = { type = "mdadm"; level = 0; content = { - type = "gpt"; - partitions = { - primary = { - size = "100%"; - content = { - type = "btrfs"; - extraArgs = [ "-f" ]; # Override existing partition - subvolumes = { - # Subvolume name is different from mountpoint - "/rootfs" = { - mountpoint = "/"; - }; - "/nix" = { - mountOptions = [ "noatime" ]; - mountpoint = "/nix"; - }; - }; - }; + type = "btrfs"; + extraArgs = [ "-f" ]; # Override existing partition + subvolumes = { + # Subvolume name is different from mountpoint + "/rootfs" = { + mountpoint = "/"; + }; + "/nix" = { + mountOptions = [ "noatime" ]; + mountpoint = "/nix"; }; }; }; @@ -142,7 +295,7 @@ in 443 ]; - services.nginx.virtualHosts."${appFqdn}" = { + services.nginx.virtualHosts."${config.passthru.buildbot-nix.appFqdn}" = { enableACME = true; forceSSL = true; }; @@ -168,7 +321,7 @@ in # "x86_64-darwin" # "aarch64-darwin" ]; - domain = appFqdn; + domain = config.passthru.buildbot-nix.appFqdn; outputsPath = "/var/www/buildbot/nix-outputs/"; evalMaxMemorySize = 6 * 1024; evalWorkerCount = 8; @@ -181,14 +334,14 @@ in # }; github = { authType.app = { - id = appId; + id = config.passthru.buildbot-nix.appId; secretKeyFile = config.sops.secrets.buildbot-github-app-secret-key.path; }; webhookSecretFile = config.sops.secrets.buildbot-github-webhook-secret.path; # this is a client secret oauthSecretFile = config.sops.secrets.buildbot-github-oauth-secret.path; # this is displayed in the app as "Client ID" - inherit oauthId topic; + inherit (config.passthru.buildbot-nix) oauthId topic; }; postBuildSteps = [ diff --git a/modules/flake-parts/nixosConfigurations.dweb-reverse-tls-proxy/configuration.nix b/modules/flake-parts/nixosConfigurations.dweb-reverse-tls-proxy/configuration.nix index 3771c14..b2dfbb1 100644 --- a/modules/flake-parts/nixosConfigurations.dweb-reverse-tls-proxy/configuration.nix +++ b/modules/flake-parts/nixosConfigurations.dweb-reverse-tls-proxy/configuration.nix @@ -214,6 +214,9 @@ monitoring.${config.passthru.infraDomain}. CNAME monitoring-0.${config.passthru.infraDomain}. buildbot-nix-0.${config.passthru.infraDomain}. A ${self.nixosConfigurations.buildbot-nix-0.config.passthru.primaryIpv4} + + linux-builder-01.${config.passthru.infraDomain}. A ${self.nixosConfigurations.linux-builder-01.config.passthru.primaryIpv4} + linux-builder-2.${config.passthru.infraDomain}. A ${self.nixosConfigurations.linux-builder-2.config.passthru.primaryIpv4} ''; }; diff --git a/modules/flake-parts/nixosConfigurations.linux-builder-2/configuration.nix b/modules/flake-parts/nixosConfigurations.linux-builder-2/configuration.nix new file mode 100644 index 0000000..2d273f4 --- /dev/null +++ b/modules/flake-parts/nixosConfigurations.linux-builder-2/configuration.nix @@ -0,0 +1,131 @@ +{ + config, + inputs, + self, + pkgs, + lib, + ... +}: +# Hetzner AX41-NVMe #2491007 +{ + imports = [ + inputs.disko.nixosModules.disko + inputs.srvos.nixosModules.server + inputs.srvos.nixosModules.hardware-hetzner-online-amd + inputs.srvos.nixosModules.roles-nix-remote-builder + self.nixosModules.holo-users + self.nixosModules.github-runner-multi-arch + { + config.services.github-runner-multi-arch = { + enable = true; + countOffset = 0; + count = 1; + url = "https://github.com/holochain/wind-tunnel"; + }; + } + self.nixosModules.nix-build-distributor + + inputs.sops-nix.nixosModules.sops + + ../../nixos/shared.nix + ../../nixos/shared-nix-settings.nix + ../../nixos/shared-linux.nix + + (self + "/modules/nixos/shared-monitoring-clients.nix") + ]; + + passthru = { + fqdn = "${config.passthru.hostName}.${config.passthru.domain}"; + + domain = self.specialArgs.infraDomain; + hostName = "linux-builder-2"; # Define your hostname. + + primaryIpv4 = "135.181.114.173"; + primaryIpv6 = "2a01:4f9:4b:1a93::1/64"; + }; + + networking = { + inherit (config.passthru) hostName domain; + }; + hostName = config.passthru.primaryIpv4; + + nix.settings.max-jobs = 16; + + roles.nix-remote-builder.schedulerPublicKeys = [ + # TODO: is this needed? + ]; + + boot.loader.grub = { + efiSupport = false; + }; + # boot.loader.systemd-boot.enable = true; + # boot.loader.efi.canTouchEfiVariables = true; + boot.kernelPackages = pkgs.linuxPackages_latest; + + systemd.network.networks."10-uplink".networkConfig.Address = config.passthru.primaryIpv6; + + disko.devices = + let + disk = id: { + type = "disk"; + device = "/dev/${id}"; + content = { + type = "gpt"; + partitions = { + boot = { + size = "1M"; + type = "EF02"; # for grub MBR + }; + mdadm = { + size = "100%"; + content = { + type = "mdraid"; + name = "raid0"; + }; + }; + }; + }; + }; + in + { + disk = { + sda = disk "nvme0n1"; + sdb = disk "nvme1n1"; + }; + mdadm = { + raid0 = { + type = "mdadm"; + level = 0; + content = { + type = "gpt"; + partitions = { + primary = { + size = "100%"; + content = { + type = "btrfs"; + extraArgs = [ "-f" ]; # Override existing partition + subvolumes = { + # Subvolume name is different from mountpoint + "/rootfs" = { + mountpoint = "/"; + }; + "/nix" = { + mountOptions = [ "noatime" ]; + mountpoint = "/nix"; + }; + }; + }; + }; + }; + }; + }; + }; + }; + + sops.secrets.github-runners-token = { + key = "gh_hra2_pat5"; + sopsFile = ../../../secrets/${config.networking.hostName}/secrets.yaml; + }; + + system.stateVersion = "24.05"; +} diff --git a/modules/flake-parts/nixosConfigurations.linux-builder-2/default.nix b/modules/flake-parts/nixosConfigurations.linux-builder-2/default.nix new file mode 100644 index 0000000..5581957 --- /dev/null +++ b/modules/flake-parts/nixosConfigurations.linux-builder-2/default.nix @@ -0,0 +1,16 @@ +{ + self, + lib, + inputs, + ... +}: +let + evaluatedSystem = inputs.nixpkgsUnstable.lib.nixosSystem { + modules = [ ./configuration.nix ]; + system = "x86_64-linux"; + specialArgs = self.specialArgs; + }; +in +{ + flake.nixosConfigurations."${evaluatedSystem.config.passthru.hostName}" = evaluatedSystem; +} diff --git a/secrets/buildbot-nix-0/secrets.yaml b/secrets/buildbot-nix-0/secrets.yaml index fb2b7b1..247769d 100644 --- a/secrets/buildbot-nix-0/secrets.yaml +++ b/secrets/buildbot-nix-0/secrets.yaml @@ -26,40 +26,40 @@ sops: azure_kv: [] hc_vault: [] age: - - recipient: age1w99tzxl88z7ct3ekpatl62wvhrx29pg450qmn822dpmz0evhxqxqy3scux + - recipient: age1eel2m3jsanly3np5anytwyjze70v509mje2yu562e2k70ctdsvrqj23x20 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGZ1ZMMDNLOXplenV5RU9J - UGFla0ZrOUY2VWZTaXA2eVJZOU9ESytUVVE4CkxKb3dnMUtncDNmYm1zc3M5cEhy - YndxT1MwSDRoZDNVdHY0eGcwUGw0Q3MKLS0tIGZXbUQzT09sVWxadC8yb0xlOVU0 - c1owRGxYTVhuWmdHblpHUzl3aUE1a00KRzk3GJAj0vw1J4pmhhh0VFKlhN+B9Mym - bmmsQYYgolWrt2EOSbifw8B8AjVKPeufLtQ9BdUemWXMwOyIAM5kfA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqQVYyMyttQkVEYnlONGtz + OWVGN0E0OFNUVzdwZ21aM1JIMFRjSWZ4SzM0ClpKTURSbmdoNEtZWXRPMit4RnVi + N3FmMmt5WkhDd1M3WExSakIvbk1EYkkKLS0tIC9FNlNuc1AyaDJ4WU1RNzhMNlpH + cHZkdVc2YVFKQlZ5VXBzVDM4M09hTnMKxe86vgxqEjU4ClfEGlh0ploXir2tRXMK + ifu1u6S2+iHqEHwgAVhuKlBxBh88OVTiKQnN9lRd9ObUaK6qO7395Q== -----END AGE ENCRYPTED FILE----- - recipient: age1wm7aec0vd5trqqvk6n97kh8r3x0jpue9gne9enr92kdjk63f5e8s9gjy0x enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwTFVzT2t4OXppbkRXaVh1 - MGVTa1Y2YWZRcUNPODVYWFZncGlOamcwQ2hvClVXNFEyQTczTGJTUnkwZS9DNDZL - cnYrMndkdzk2b0I4b1dzdUlNeW43ZjQKLS0tIHZ1TmJFQmg2c1N1VGcvdzI2YXFY - dGs4UHhrSnJmUjNiYzVKczdLRVYvKzQKDlU5u8aNvts2c4H7iWAiou24wrvuF/sS - RnSnHCli2zywmLEYwBwVAzCynYrCcV+COFEYdOcUigjuji7O6GZA5Q== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuMzl4VU51QTRmUGdiS3pL + bURUNFR0UGpXSkZIeFFGeEt5RmpZUGJ2UVhJClVlMmpVOGJWb0QzSHR2YWl6S1Yz + MG12MmxxVkdDcGhRdlJJRnE0ZjlGM0EKLS0tIG1tcU0xMkwrVzJXVmlEUU9sbGpM + RU8yUUhwcmFpTmlRQzVHcmJRUVhNZWcKDNgiTWktwmVLKvrYhm7OUNgTQa1y+Bdc + N4N+lnkn657Ji21zr1X9kDsvJoXASZXj2qkwuHzIpJgz3SMri0F2Ow== -----END AGE ENCRYPTED FILE----- lastmodified: "2024-09-27T16:57:12Z" mac: ENC[AES256_GCM,data:Na0PsD2oaNWK/VhlpyYEoORm3j6/g8fVyPNeViDdpREctQwcJ2mw5dHVi4yGOzoQBW6FnClW/xnO1G3ugXiFErBqDOeLuDWHOfyquI8gMgeMchYRhNTR83WKygOEE8rM5QAcmjFrGS0qfJ9hjAa016iImWEeXqvYyZr5v41AjAA=,iv:ge/xyUO14F4KIgqW8dQqWXOpSNMyggbJxfvZFJd4qWI=,tag:ZlNaFn6lav4zFfgfShi7ag==,type:str] pgp: - - created_at: "2024-09-26T10:03:38Z" + - created_at: "2024-10-07T16:27:41Z" enc: |- -----BEGIN PGP MESSAGE----- - hQEMA0SHG/zF3227AQf/SKqgfcioV78UE9sguw+8ZD2mGjcttepCZrIpV5yb4yrP - q5fwY+arq0CXf8iAGxnVmhcGs8HeT8Ojrw42KCa3148EL1P4z7y6XF8EMDA6Dt/Q - 9FbwAO5HrAZ+rg76fzwqYDxF1KocbkC/lxCCh38urUZyORUS9rB0gPaX9gMpHlHi - uJQRZHghHA8eRz10DFWnH9D75k9xUaw912r4HEKXLVHno3/qlnEbHNGVoSqq+P+x - uhL3h0twkyF5537AGbCpsCjFsqudm8apXoXW8lh3s+bmb0yrHy8Cdh/EY+ynX6YO - Nl7qkQ1iGCt4ZjMoeNt/xo3FI4PezuF9axOhTKvqy9JeAQ7bXnT+78qwAWWwKrwV - FYWv7WpVQOnVbRMAqwUPJPJqIT8AZOGdbLEOk2hsE/kzxXfmAERjoER1mtznC4H4 - WBf45fgf6mia4DIi/Q6+f/Y/+KWQREAA7TpHhcBJmg== - =sp03 + hQEMA0SHG/zF3227AQgA2S4zFgSuNIcH8WnlIzcjcSUmLmUB88Kl6lTIJLE2ZuYO + mnvjwPQ9XsPAnEjpkDnNPwky9u1HXiLhmN9RpqNB8hMFvY+oQD+LTfwLz+sHS9Gy + Mp7/SxpQ1Gi8GYWBTx/xG0vjCwlHEedIcDnKIYsR7nKywKNqz8wBlUIbcnStF5R9 + LnxbUbQte28+ijX13rkefU5+YPuCG3DUuj2KWyUByBdNwJ9uhlvq7N9BCbTDJLfF + bptquErrYoC4CCVKkmtyN8WlO3ev821X4QCL2aKbsv+JWQHRMkO0B7p8JVOixZUp + g/aCyZYP5NZ0HaQfAQ11dlhEM9K37ePOeDoKzSwkIdJeAdW+0Qu8vqUGIAN420lb + xcMaa5S5pZZ9fqoFDmgPFalm5r6bJMDGnuKRfnZFlvtZTcSZMkzXlQxMzYH0Bwqw + vBEzh+PcBm04sLUvK7ae4u0lpqCVE/n2bQ7FJNVQ4A== + =it7U -----END PGP MESSAGE----- fp: 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B unencrypted_suffix: _unencrypted diff --git a/secrets/linux-builder-2/secrets.yaml b/secrets/linux-builder-2/secrets.yaml new file mode 100644 index 0000000..a4ef61b --- /dev/null +++ b/secrets/linux-builder-2/secrets.yaml @@ -0,0 +1,39 @@ +gh_hra2_pat5: ENC[AES256_GCM,data:upKBjPwjKKPXoFhraGUOKHjO10NbsViPUv5vRDrMpeVX73yTDJ0CpA==,iv:cqIGnlKfxJJUpHqZL/uf0ohYevMLX8yXLoREpth3sJo=,tag:haSTzohAWeQEqos4YPrKfw==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1kxwxjpk0d8uepglyk63vdht4ct5vhf6n3mml86596a3ut9wfhassfjgh5w + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArZzVxNWtEbTdKaUhoY2JD + MG5OS2ozakQzdGNONDhnYXNvWTI1QmhOSGdVClpXaG9mNmlUL29pbTBPVnRyR3lK + aXdyZnY4ampGbXJvNXcyM2FJaDZIVVEKLS0tIHUrRVlIL3NpcWoyOUVFbUlEajlF + bjVwMFVpNHJMRFdHM3ZzdkdVaGFhNE0KJr9x5jP83yIbG2uauuudpPTiyAPoDP0I + UTaE2cSHpI7iNDad3WY/bABjRiZ9GStvehFcVCFOhvFhYViLsSmVSQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age1tkvtkw62xy90xc5xdcq836wgyrwlwmdslh76cete5g98vvvhj34qvwdw0g + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvL05QdW5EUVRWbFF6YitK + Zll5UlA2QkhXdjBNQ2JjTi9ZNU0xYldEMnowCmZLWlUwd2xjZTJwNGpYQlBGcDZ2 + bGRZY1ZSUkJLamJjcGFxZVZONkRoZUEKLS0tIE5QNnI1YWtyRy85NlFFejBSVUxi + TVROdUkyRUVwQ2VQZGVrbjNhWmVldGsKKUnpLBenYTj97+rmO+Lm4paVNcTvHfXu + BG/AmWsC0pWcax7iAZBtai/emmmfwdkxa7zlOx/CBPYWVYlm+k2XLA== + -----END AGE ENCRYPTED FILE----- + - recipient: age1wm7aec0vd5trqqvk6n97kh8r3x0jpue9gne9enr92kdjk63f5e8s9gjy0x + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWVy9EVmF2WG1xVDlLaVJC + NDV5OWVCR05sR2VsLzFsaklMUTlHa1cxVXdRCmtaLzNwV2ZBVG42dTZIaWNYYnpl + RG81bUdtbjFxS29FRG9uV1Bvb3U5RFUKLS0tIFkzUGRRQkF6cm8wQzlSL0ZhdXNh + dWczRWVyM0UwMHY2MWpRelN5ejVLZUEKj/9rgmrgcHYxPyedulN8nsmSxWJr4IYt + PGMNd+CGNjCNPuo5eHvlMi8wdXq7j/OaWZKU+xmtcKhv6mjCcBTqAQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-08-02T16:17:59Z" + mac: ENC[AES256_GCM,data:hGtRfk//Me4iurPRmbSPLnPXjDmWur0YJ41Ln77wZQlvyjCpAeuVOIBX3vFbFMsjQ72Mcj0lLOK9YlrngF0wyGHoF3Xtjd4FStmNavvpVPBXpNlrTkuQHVH/huzzSMvQEPngPmSYXVf3WhN7FLGIsxqK78RRbfe8uwnd93bVkrI=,iv:JS3of5m8JL3kppirD1v3Oah1eCxxUgJv54NcUKZK31U=,tag:AcOYhVbTjWTdUXQndRqFBA==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/secrets/monitoring-clients/secrets.yaml b/secrets/monitoring-clients/secrets.yaml index d299072..2a2e3f8 100644 --- a/secrets/monitoring-clients/secrets.yaml +++ b/secrets/monitoring-clients/secrets.yaml @@ -8,118 +8,127 @@ sops: - recipient: age1wm7aec0vd5trqqvk6n97kh8r3x0jpue9gne9enr92kdjk63f5e8s9gjy0x enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDS05FOWp5UkVCRE5xWmNY - VSt6OFBIVXVsUG5sdmxZYmprblZPK0JLQ0IwCmNKb3RDK3NWeW9zbE9CRmwvRS9H - U1RKclgvQkI1d0o3ZHNQYjlUUmZ5Wm8KLS0tIFVnU09BU1Zoc3lnWW04bWlRN1VX - WENJaVFEalR0ZlRScmRsRG5VMXNoVUEKzw07IdyU+Zj2AeD9EXN21hmnjZKM+Xsh - 3eSJDFFMfTr/iEdixVJS5S6z4f4aNAROIrUQmIWH2Fc7n4xNhUZW/g== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJaTRBU3BpNy9lb1MwWVdT + eDAzek5oSmhzVENFNmQvRisvWTdmV1pJZFFjCldKcE1ZOHF6Q1pGR3lhaVdpM2tB + aVRRNnNTbUdhY1Rmb09kU0JiQU81QVUKLS0tIFk3SW14eHRxMWgxQ25oSU5hQitl + U0Y4OURNZmQ3emVqQ0JHQnV6Yy8yUE0Ku3xYPUM4vmpsybYfLFrKCMkF/vF0wkGc + cAHfgxHYZFjeun2q0RE+hwj3X+AFbgZAvfpqufA1PzBH1k+8cztgLQ== -----END AGE ENCRYPTED FILE----- - recipient: age1cpcwv2wlszwase38zpngk6ld3vx8ev8jsv38m9pp74jvlutvxpsqt49yrr enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPeUxHSWQ3YmRqVHpoZmpz - bmp0d1JzNGF4aXVHNFlVVjkyS3ZJc0dUbERNClp0SThER3QxRE42ckt1V0QwYXIv - aTFvYkRyWjJrNm5aTzJqRVhvcUkzVTgKLS0tIDZGQlQwNWVycGluODhZTUxUb3hv - TmxxMEJPRXY5TlFoS29xOGZFWDdKNTgKvmIdMC9QdffY8r25QYvia9nRQplJ53hk - y+e2xRfUX6Trwzpmv9ZdPMjDoQNdbYmLJOkXJfNp11W7S2PUe5/qBA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlWTVETVhiZmlocUs3S2ZJ + UHh0bjVGeG0wc3R5alV6MVcva2p2UmlJZDBrCnJsZENGVFNDZjlRRU13TTllNWl1 + SGViNnM4eXhXcjk4dFR1bU5WQ1FtUk0KLS0tIEgvNFlLWWp2L0NZZ1ZPeGU5bFZS + N2Rjc3J5a01WTWIwNkFqZERySkhzSzQKADuJPEFjOPXDUcIXLdut0QCuB5PHf/Dt + rdn5reXRKsK0BLDPbVJiGp0euLfFHWAPskTlEL0f6zqEC1ATDQ9mcQ== -----END AGE ENCRYPTED FILE----- - - recipient: age1w99tzxl88z7ct3ekpatl62wvhrx29pg450qmn822dpmz0evhxqxqy3scux + - recipient: age1eel2m3jsanly3np5anytwyjze70v509mje2yu562e2k70ctdsvrqj23x20 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQMUowWlR3U0JFWC9pOEZ5 - TEVjZHlvYVQ5QUtsQ1dkNkdMZzRZS1c4TWxvCit1L3hwd2ZCOEZpZ2U2cnI3VG55 - MS8rWiswK0hTZXlTblBOZk5HRFlPK3MKLS0tIERmRmc1SFZsenExOTJzNG5YMHhn - aEZpS3FKV1d4c3JpU05aaGpEbnJ0STQKVEfbpp2hrA4c+1R9WqRrmqygKJIXlegx - VryBtDDeGMuttbR21Lx/uJYx3LPdIjN//btZbLNyIj6AxrPdLhUirg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArTUdnbSt3bFlDZ3B4YUlO + ODdGZmxReDkrQllmTjBZYjdCMlFNZys5UEd3CkxNeXZaRDJ3K2xkWHRmVGYydDNo + dkJiMW94Z2IwbnlKblZCeEhJSmFqUTAKLS0tIDBESHZiWjIwRStJRVhoUlc2YytX + WWtqNmYvSkF0ZWd3T3hBdklFRWlPUEkK0Eu7GEVUzrUEYQzNgWPmctXxqGgq5938 + el5U0I5KzaRzAp5wnhdS/y4dXlbwkkvGYlGyYBZN3X1/sjtY3vdiyQ== -----END AGE ENCRYPTED FILE----- - recipient: age1vlxerq9j9jd00qvxj2gxds9re4dz2djqmllkhzsf44gz9a5y4ghs7807h9 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwblowVXpTZjZ0c0kvdUNC - M1pQZGpUbS9PSWhhblh3UHZoNy9RNFBwVzJzCjN6OHFtTUJEQ0JOMm9JenhWRnk2 - V1JHYklEaUFEeCt0K3VUOGtRcWFhaW8KLS0tIC9renYyMEZDWWlIdjRIcUlFZndI - Q2hGbmRWOTB2dGo3aFUwalBGbUplUGsKBUouJ7zIZmAaxOjSrGYQnuKA4UlZcr+U - 3p3ntXncaFElcdiz3G0gVdE3v2TKEy3EjaRt+NJfQ+/7Turya41e9w== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxVkZjTGZKZUhGZUdPanQ2 + MDYxODlqQ3VXNVF4eHE4SDJTWDMzZkxpVkhZCnB3ZjIwZUI5OVR5NWpmYUkyeEZ2 + cXF2eENGcFV2WGl4ZlF3UDduMVN4Z3cKLS0tIFM3WERrQjhhNERDV3ZlZFJSc0pE + TWZTai9wQmFCT2hpN1B2aGhJZHd3cW8KX6UXtoqIfaPvbtBvdudfpYTCGJcezy57 + vzIVLtYNcVH6T1jhi6XbDiE3DO3SuhFrJ48RPV41b8hWYHhLWWonKQ== -----END AGE ENCRYPTED FILE----- - recipient: age1ygzy9clj0xavlmau0ham7j5nw8yy4z0q8hvkfpdgwc4fcr8nufpqrdxgvx enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBucmN0Z0lQemFaVExqRWY4 - TEI3V25qOExWSXBDV3VkRE56WURLenpRRTJNCnQzN1NDdllNelJQZkhjWWlBcE05 - RFp5MlR5ZTVBVTYya2tMT01tVUpLa28KLS0tIEdWYkNPdmJkeHNBdFNpZGVwL3hZ - dllscktrR2c3YXZhUXhJc0lEb3AyWFEK+AquM4aCC1LXM9fm35yU0Jd7u/W/io7H - 0eN69Qv5XZkPislRF1fKFVDoWswFvvyxb2ebbweejuM1CI/hpjEqYg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzQXNPQkZqaEZXSWpURko1 + azVpVGl4bHJuOWxhN1h6anBTdE1IOG9SdFVzCk5aWC9pY1ZqYzJSV2ZvaGdVb2Z4 + aVNnM3NnSWRhVU9jaDNmSlJwYWhvTWcKLS0tIFVHUWxqUU41OVFaU1BEMGI4WVVw + U1g5Yi9RR3VjZFQ4V0xWUnVwR0VUemcKsMNhbFtYlEvd2q6lmkTVdx9hW6ztvWLc + cNlZ5wMul5HJWZ0n30rtXnKL8ge74/Z+nuv0EKNkcjBWy+7D+c86vw== -----END AGE ENCRYPTED FILE----- - recipient: age1kxkr407jz77ljrhgsfwfmv2yvqjprc6unvx389xp2f48xj8r0vqq2wew5r enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6cUZBbUcvcnNXbXFTNkhw - ZEZBUGkwVFljMmFOYm9GVjNubjVJOUFtbzJnClhGMEM5VWdjZE1vK3pIVlQ3aEdw - Yys1THVtRVUvM1lNdWtjN3Zvc0V3VjQKLS0tIFJaWS9VR3BmNXNGWVE1RmJXYnM2 - V1FvczRZeTVVbWFmd2EvTkNsNHFzVW8Kf/PaXIUe6QDimtZYxGPIZB7T2iQvQ97s - j/h6oVi/usVRTAkz2CJYBYZbG7/MF+Qf1MneiQS6c4QcpHR2TtAFWw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIM1hMUW9NbC92L3JlYXpV + K1BGUnJsMzVjeWlNL1F6TWQ0UVF6Wjc0K3dNCm5uRjZ0enI5UGdZMTFIaFJPQlh2 + dytJVXN6NWl4Ly9tOTZHSFp2VVE1TlkKLS0tIEg0TERyRm1BWENQQzZsdjJmY3h3 + cTFUYzQ2Z01mdytvWXFSUlVzWGVtVmMKAtxsl3SzFHUF+A+tiBr8lwmQyV7c0Vgh + kbgALYYMqpWsy3qdvWzhifyPW1eMdd0jNKUi1/asRcgrlp5rk3jLpw== + -----END AGE ENCRYPTED FILE----- + - recipient: age1kxwxjpk0d8uepglyk63vdht4ct5vhf6n3mml86596a3ut9wfhassfjgh5w + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4Tjh0ZUdOcnRTVDlxWGNz + Yk5mdnRTK3FKNVpOS25HRDE1UW52L01TY3kwCkRhUnlUQmxPaG1ibmtPcHZMd2pF + YkNhNDZnVjhJVG9SM1NUSG1UNkdTWjAKLS0tIGRncHpwckxtYnJ0dGR6LzlRd2FR + SjBnMURGR0ZadDIxdHQxYndZdVhiMDgK1YNUbZzxAfyrLH9+5GAME21Itu5vQ7r8 + quA2IcCfQj/tSIRzT3znyCFY6YXmjHzxr/ybOWs7xJMGAaWAM0lP4A== -----END AGE ENCRYPTED FILE----- - recipient: age1yl2l760zjsxvrct97gtwfkfjlvhg3vkkwpud2usc35ktqnzhuurq3an2ns enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWeWVCWWNYSVovNUxGYTZj - K0JLQnBCTDBEcUlyVWYvRDhHWkhXNlk4OHhzCjQ0bStubFdQaVRJT1pRQVo1QUNN - T3Q2SUJGRC81aGFBZUlHSGRrYWZDNUUKLS0tIC9XODN0TmY4dWprTjREUElOWlBK - Y09jdXBmK2RxajkyUVBBZU45cG8yKzQKe2ny7PWaEinPEcbIa9T/1QaLNFmYA+9d - jlRsO3M4QajJfOMz/FkhM6dPn3qEhGM/avdp4W56XgbV5E7mSVrl2A== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGR2tVSW9rTlh1dTVaWVAy + REI5dk5tK29GakdHemxHNXM2aXY1bWR1V1RNCkZESlQ2STNJdFVJZG10WTBSWkU4 + QWtNcStEelFUUEhaZGFFemNhNTBNR2sKLS0tIDJRZjE2TU1nMmdDSnl3Zk1VR01T + a1A1MkVYYXArbG8rNE9QTG8wUzNjRXMK8v6gQYj+IJfagEERnBfaTQUn5xRT7bRB + LyV38GOC1frw6umUp5Szu2Zr2PMGHGbZTCRmOOISdrDEH6w6SwwlIA== -----END AGE ENCRYPTED FILE----- - recipient: age16thgapywna9zu3r87hfgvw097lq8r9z5rxunfjqmttcnpgxxcflqxkjycn enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXMDdDaFR4d2pSWnRPRVI1 - TUZXZ1hJZllWWmdnR0xRNVRNU2MwUlFkK2lRCmY5Z0dNTnlRanVpTlJtNUZlbElR - UXhvckVQMTNHQU5lQXJueUl1VWxmVEUKLS0tIGE5MmxZdCsrRjgxV3paWDFNaS9E - bHpFd0s3QTRnUTVwbTdCREJkZWtONnMK4tGI+qRio3THaZY+i0SQdLJ061aJMJo9 - FKo90zwHpFKjrhRF2KKtZ4EIbYuAYEj6ZPv2qWBSj3td45xMKCp5Eg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaUGtVdm8rVy8rUERWOFRv + STFHM2JrOTY2eVJZOWdYUzFvb2k5T2ZmTHkwCjh4SFU2WmVuL1l6M3dmNTNJRkRj + YitRMmVBc0k2T2VDRUFDR1hVRUpvMjQKLS0tIDRiYVVhSHNGUnBuWGxmTHlINGsx + ZnV2eG1FU0FvRStxV0JzeVBOaXNlSGMK6MnVi2p4oTVuY9i4llDvnBF4Oz2WyArc + JIKF2v9FRdnbqvYnCf0vl2tlYcL1ZriKa+BUUceD9jHLhdTp7Kpgqw== -----END AGE ENCRYPTED FILE----- - recipient: age1zxmut50nxveptmfyjw5rd9jfdva54p92fj02zekjneq57k626unqysq707 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkR0lGOXhTN3h3VEFzNFpn - a3duYTBpUmM5YmU3aURlUllkbXlqZnljWUZvCi83VkFtM2tTK0s0T2lFK0ZHUlI2 - WDRmL0p2ek5BN2t5ekY4V01GdkpnTlkKLS0tIGZkQjNYa0owSzRxaDhNVXVSaHRz - OFpObFVqV0tkd0doYnFqQ1locHJrbGMKGHDqIHNGzwjwpzS/mbgPG1/u1oPUOGaU - S/1GnKLlY/s32TSk9emKLFQqagMw1GFSRIEIEkvoux1M/RstqAk/HA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYZEJNbmlDMmhDNjdwZk1v + c0ZVek5RWVF1akltQXlaYnNuTlFMZ08zcjBZCkp4Z1U5a3o3blhVTHBLb09SZnU4 + enluaVEwc0dIa0F2UnhZaGZ2c1k0MDgKLS0tIGluc2JKaW9HS0NFNjhJUE5vclND + RVpJakNwV1NwenNEU3JDSkpEeU05Ym8KuIfMuTkswIWrlF2jbu3HzEJqhaPW+VAw + clzSjdtrwSa0sXS1+D5Cr15aeyALB4hVDp7W6m2/tf4uuk5M5soUTw== -----END AGE ENCRYPTED FILE----- - recipient: age1lxmwwjmvfzl6uvfe2xs9m8ppdf604acph0u88pqwhuy7wvuep4sq3cjgw0 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUT3pjbzZpaVgvdFpCa1pI - T3pxZTdUZTFYdXlaOEYvS2pCbUhULzAxVWxNCnlVeHR6aFVFYWR1STlDN1YrY1Yz - VkxtUmM4dnZMc2lIQzBEOUowcGkzSEEKLS0tIEtreUIzZENNaXZtUHgvWGdac0wr - Mit1YmFXa2xqUldySlphWk9GakQwZDgK72VsM1TKW7FX5UtjQuRQAuzsVke3sLiz - a9hr8oqQGIFDSh8kFhtg7cUYPmtCgg9Cahh4OEE9DOsXC5enHWItDg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4aTh5UytEQ0EyUjE2NE9r + Tmh3UWlpY3FObEdDNGg3bzNES3NkbFdtRHlzClljNVlmQ3lGU2g1YWxVMGh4bWdO + M2FkVi9xT3picjBQOU1IbjZBV3dRM1UKLS0tIFJWV2duK1ltbE5PaFhqb1RvbVBi + TkVXbFgvTHovU1BlRmJoSlY5VkZuSVEKND0ktTU1S73HMMd1k8HedrzAQYc1c0Wn + uCfJrs5cX5Bg4ziZDwdi/hLF1oLqP9GokVXo9U1k7N28Ky3HXWcNFQ== -----END AGE ENCRYPTED FILE----- - recipient: age162clfdx3zc7qr5au7gyxmhs44lfezt8qzpf3a2ppqh5r628enf0q70prc0 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0cGZKaFdLUVUrMWFWaGtV - V2JvcXZZWkFRbllDa2o3R0JFVDVIVW9QakZZCjFZemw4L3pDSFNud1QrbDE1dzNY - U0NqZFFtM1ZFM2V3QTZrR2xmd3p6RnMKLS0tIFQxODB1RFhaZklZUkNJMUd5Nkp5 - WHprUHZsbGtnMjR4aG9nNXI2eW9WWFEK6wiufzeHF80P8e5lB/mFkXLvQSryuA3e - oJmtjac4BebqbUSPUv8Kqvpz9zggwJvrGbFitDuxjYkxgv2Hu1pRiA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHSVBUNEFiNU1vU1dKRmJ6 + VzVoL21yY2pycEdUdEJ4REMzd1d0aW1qZkcwCkg3WXh0VzUrWThNUlE5alc4VWN6 + eXNkWm5iWlRkdnRxaVczWENkeFRFWUUKLS0tIGtlWHR4U2UyM2s1WHl5ZUtvdVNj + RlJzRTJEOXp3VXg5TThDSVRUOWpqbHMKDA0aeJQj4JH9xJaFfX59SlyDQ7UpQIRf + E+/hJsRWjy8Dljn5w4E5Jeq3QEQdUduoVgtuj2DVvM+hq4ADzn/NrQ== -----END AGE ENCRYPTED FILE----- lastmodified: "2024-10-03T08:53:40Z" mac: ENC[AES256_GCM,data:CihIkFA7Mmov7Aun4iaJ0ueUrD4bcPz524YKTNkqotAqtLKLnlkKXfrtit5WgF78Hr70m8BA4qAJeYS7FcY+Oc42sySj1ikKUQNienyKpdNsZ2ELFEI6a4EmCtmyhgbv3/GR1AR3c5K1xU4RPQO+G3VNF4XvpBqspOpkOUb251o=,iv:4QtxWum9ck4ShmhYpfqL1JMwZLfE6Iy6pJ9GBdbv6aY=,tag:K4v+V+P5GpBfjz84ccmb5A==,type:str] pgp: - - created_at: "2024-10-04T14:00:44Z" + - created_at: "2024-10-07T16:27:41Z" enc: |- -----BEGIN PGP MESSAGE----- - hQEMA0SHG/zF3227AQf/e+EyccC0Kibsztt6J5OfvNE5SFa3RN17krTSt1EfGxUz - mnUnPMWkrp9RiZpdedIjs0Oia0t7HeULqnRm2utewDLlJk5OeP+xbEkmJcgAoZzW - evblV6MplnDM/QQ6TCwb94V5bAqge2yiHIPdzzrtZsZQ6OVQKAr2LO1ert7ZHw8z - oadJHUe6zntv6Bevm4LvRZC1JgrLu50LlwpaX7COeiGBPXUW1A8HTlttl1JRH4Zh - jlwauE6JT/YFkO3Ezc6sQSVNPxdA3jB5VVVWH1XZFmgBgk4azEBPj4ra0pAJucXu - /6PSk42Fm5MkPYO3KBwwXLLA2zT1MAYIS3EkzkAiJtJeAaVAMkvcKRLinEOcX/xA - H4vTGjmJlhkdUEq8lpR4i4rXMd8y0ElrueNZx2FmmgfTvirGhcIlsIdh0+TachE4 - WOz3tn+i+hHl6lGPkYasJHsyPoAcllDrARftll306g== - =gLQT + hQEMA0SHG/zF3227AQf+NeElzAq8pNwQocz/fQhxC7EIbiUYaMU86IawKjZ2X4Tb + grs+hXgdnHuyEv9GYEhsqlNG9YPrQ62riVzbK0TBmg8J/ePl4BCgHdoTIQAX+TKe + 9hC1wP+CkYjazMvE1dO73nXx+iaPGRZKV8kI9XmtKCrPcZdeUfAVQM+FUZasVOp+ + nctZyEqzRkOSMAfzdDK5EO9INKQkL35RJEqFeUiAaHCRTik2i/cCcLCqrZQindae + W9VByiaGHN0/8Q0/Uh0Ppg/9Gj4Arlii9fXnqGM6uxAf9r7+A2BNZPyrJEbDZpTQ + W65u9gpLOe1WZ1DGg6UFsdHlYvuZVxi0xse1gA28MNJcAaN/FK64IL5zJyDnu9C4 + v26FWFKTdug0Wtrw/a4rvIWc2XhjkT2Uzj6VISrQ+Z1sU9Vy9SZQ/KQtVGjD/VMp + dZ5g0fLJ9XSaE9sDtrSRyHwHyO9v92pIqwrYm3E= + =j/JY -----END PGP MESSAGE----- fp: 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B unencrypted_suffix: _unencrypted From 06931180713602221e70d68ef85ceaf95ba65ff3 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Mon, 7 Oct 2024 19:31:22 +0200 Subject: [PATCH 4/6] linux-builder-2: cleanup adjust config use-case --- .sops.yaml | 3 +- .../configuration.nix | 5 +- secrets/linux-builder-2/secrets.yaml | 32 ++-- secrets/monitoring-clients/secrets.yaml | 142 +++++++++--------- 4 files changed, 90 insertions(+), 92 deletions(-) diff --git a/.sops.yaml b/.sops.yaml index 31edb8e..e03e5f0 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -12,8 +12,7 @@ keys: - &dweb-reverse-proxy age1ygzy9clj0xavlmau0ham7j5nw8yy4z0q8hvkfpdgwc4fcr8nufpqrdxgvx - &linux-builder-01 age1kxkr407jz77ljrhgsfwfmv2yvqjprc6unvx389xp2f48xj8r0vqq2wew5r - &x64-linux-dev-01 age1vlxerq9j9jd00qvxj2gxds9re4dz2djqmllkhzsf44gz9a5y4ghs7807h9 - # TODO: replace this during the machine's setup - - &linux-builder-2 age1kxwxjpk0d8uepglyk63vdht4ct5vhf6n3mml86596a3ut9wfhassfjgh5w + - &linux-builder-2 age1w99tzxl88z7ct3ekpatl62wvhrx29pg450qmn822dpmz0evhxqxqy3scux - &tfgrid-shared age194xfar0gfdauu2dcxwqk9lh9d0vjfrzzs2ke0ppanpwv9eqxzs2qp7q7cn - &buildbot-nix-0 age1eel2m3jsanly3np5anytwyjze70v509mje2yu562e2k70ctdsvrqj23x20 - &monitoring-0 age1cpcwv2wlszwase38zpngk6ld3vx8ev8jsv38m9pp74jvlutvxpsqt49yrr diff --git a/modules/flake-parts/nixosConfigurations.linux-builder-2/configuration.nix b/modules/flake-parts/nixosConfigurations.linux-builder-2/configuration.nix index 2d273f4..55a20f2 100644 --- a/modules/flake-parts/nixosConfigurations.linux-builder-2/configuration.nix +++ b/modules/flake-parts/nixosConfigurations.linux-builder-2/configuration.nix @@ -7,6 +7,7 @@ ... }: # Hetzner AX41-NVMe #2491007 +# BIOS/Legacy - came with this setting from the factory { imports = [ inputs.disko.nixosModules.disko @@ -52,14 +53,12 @@ nix.settings.max-jobs = 16; roles.nix-remote-builder.schedulerPublicKeys = [ - # TODO: is this needed? + # we shouldn't allow anything non-test related here because the benchmark workloads on this builder expect to have exclusive hardware access ]; boot.loader.grub = { efiSupport = false; }; - # boot.loader.systemd-boot.enable = true; - # boot.loader.efi.canTouchEfiVariables = true; boot.kernelPackages = pkgs.linuxPackages_latest; systemd.network.networks."10-uplink".networkConfig.Address = config.passthru.primaryIpv6; diff --git a/secrets/linux-builder-2/secrets.yaml b/secrets/linux-builder-2/secrets.yaml index a4ef61b..068c979 100644 --- a/secrets/linux-builder-2/secrets.yaml +++ b/secrets/linux-builder-2/secrets.yaml @@ -5,32 +5,32 @@ sops: azure_kv: [] hc_vault: [] age: - - recipient: age1kxwxjpk0d8uepglyk63vdht4ct5vhf6n3mml86596a3ut9wfhassfjgh5w + - recipient: age1w99tzxl88z7ct3ekpatl62wvhrx29pg450qmn822dpmz0evhxqxqy3scux enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArZzVxNWtEbTdKaUhoY2JD - MG5OS2ozakQzdGNONDhnYXNvWTI1QmhOSGdVClpXaG9mNmlUL29pbTBPVnRyR3lK - aXdyZnY4ampGbXJvNXcyM2FJaDZIVVEKLS0tIHUrRVlIL3NpcWoyOUVFbUlEajlF - bjVwMFVpNHJMRFdHM3ZzdkdVaGFhNE0KJr9x5jP83yIbG2uauuudpPTiyAPoDP0I - UTaE2cSHpI7iNDad3WY/bABjRiZ9GStvehFcVCFOhvFhYViLsSmVSQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZdCthTnJ1cTNGakFET09n + V1pzUXVyN0VrL3M5QWZyR2c3OXVTMmgyRnlzCllUV3ZmaVhRWXJkOEN4OHBDbWJF + b2VYYVRBU29UV3E5Zy9vdktmZy8rd0EKLS0tIEJpZ0NDcjFOU29mdk53THBqNGRa + TThrc2RPVE52STM2ZEFyYkdmclRCaEUKFM3XthvjqY01Xrigef8wyUsfSXO0qzpD + GamtU/bOeI9HmInHwlTb52e3Nm0XEpkz8KcdcsILyH6wrf53iB0Vhw== -----END AGE ENCRYPTED FILE----- - recipient: age1tkvtkw62xy90xc5xdcq836wgyrwlwmdslh76cete5g98vvvhj34qvwdw0g enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvL05QdW5EUVRWbFF6YitK - Zll5UlA2QkhXdjBNQ2JjTi9ZNU0xYldEMnowCmZLWlUwd2xjZTJwNGpYQlBGcDZ2 - bGRZY1ZSUkJLamJjcGFxZVZONkRoZUEKLS0tIE5QNnI1YWtyRy85NlFFejBSVUxi - TVROdUkyRUVwQ2VQZGVrbjNhWmVldGsKKUnpLBenYTj97+rmO+Lm4paVNcTvHfXu - BG/AmWsC0pWcax7iAZBtai/emmmfwdkxa7zlOx/CBPYWVYlm+k2XLA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwZXdrbXcyRFR4UEowRkpp + Z2NQRHRXZytVNEpGTFNXMTlYa2FvUHg3d0RrCkNtTHFQenFLZ3RSRlBIRjA3aGtr + TWl6OU5lbFIvcEhIbmczZDU0MWlvaGsKLS0tIDhJWWxiRWJqVnBEYzVLV1dNbktz + SUJDQmRWcVh2KzV1TEthOGRySkpUY1UKduU+2PjYaF0QrodfeuYXHcNu6iri3Qmr + z5/fgTxvZPuFCs2na9qar7NcmBlqmuxg+Ad+XoJFqCRU7mE6JAvsVw== -----END AGE ENCRYPTED FILE----- - recipient: age1wm7aec0vd5trqqvk6n97kh8r3x0jpue9gne9enr92kdjk63f5e8s9gjy0x enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWVy9EVmF2WG1xVDlLaVJC - NDV5OWVCR05sR2VsLzFsaklMUTlHa1cxVXdRCmtaLzNwV2ZBVG42dTZIaWNYYnpl - RG81bUdtbjFxS29FRG9uV1Bvb3U5RFUKLS0tIFkzUGRRQkF6cm8wQzlSL0ZhdXNh - dWczRWVyM0UwMHY2MWpRelN5ejVLZUEKj/9rgmrgcHYxPyedulN8nsmSxWJr4IYt - PGMNd+CGNjCNPuo5eHvlMi8wdXq7j/OaWZKU+xmtcKhv6mjCcBTqAQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxelBRZXRteURaZ3VIQVNk + Tk9FQXRZcjdRSVViVUIxaW0vSWw3K3BBeGhzCjJGV2sxeldoSi9HZVBCOXFENDJG + VmRmMktSNWpVbmdsVmV6RkFPZ3BCOWcKLS0tIERUWVRjTWZUSTlGN1RNcWlOaEg2 + ZXYzQ203RmtXL3I0WVNJN1hEZ1dmNlUKWpCzZQRBO5Tgy0h+qYYtfdjMb6MqbubE + ApkbcykAba5CrqTvKIuJ5f87E2bF2q8eZstRLLu6yiD7WGOn8mRndA== -----END AGE ENCRYPTED FILE----- lastmodified: "2024-08-02T16:17:59Z" mac: ENC[AES256_GCM,data:hGtRfk//Me4iurPRmbSPLnPXjDmWur0YJ41Ln77wZQlvyjCpAeuVOIBX3vFbFMsjQ72Mcj0lLOK9YlrngF0wyGHoF3Xtjd4FStmNavvpVPBXpNlrTkuQHVH/huzzSMvQEPngPmSYXVf3WhN7FLGIsxqK78RRbfe8uwnd93bVkrI=,iv:JS3of5m8JL3kppirD1v3Oah1eCxxUgJv54NcUKZK31U=,tag:AcOYhVbTjWTdUXQndRqFBA==,type:str] diff --git a/secrets/monitoring-clients/secrets.yaml b/secrets/monitoring-clients/secrets.yaml index 2a2e3f8..11c1ca7 100644 --- a/secrets/monitoring-clients/secrets.yaml +++ b/secrets/monitoring-clients/secrets.yaml @@ -8,127 +8,127 @@ sops: - recipient: age1wm7aec0vd5trqqvk6n97kh8r3x0jpue9gne9enr92kdjk63f5e8s9gjy0x enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJaTRBU3BpNy9lb1MwWVdT - eDAzek5oSmhzVENFNmQvRisvWTdmV1pJZFFjCldKcE1ZOHF6Q1pGR3lhaVdpM2tB - aVRRNnNTbUdhY1Rmb09kU0JiQU81QVUKLS0tIFk3SW14eHRxMWgxQ25oSU5hQitl - U0Y4OURNZmQ3emVqQ0JHQnV6Yy8yUE0Ku3xYPUM4vmpsybYfLFrKCMkF/vF0wkGc - cAHfgxHYZFjeun2q0RE+hwj3X+AFbgZAvfpqufA1PzBH1k+8cztgLQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBabk11MmRRaDJ1bnFtcElq + SGtKUnQxV0MwMHI1ZHdTcmRFRVFIajFKWlJ3Ck9NOFBCOFFtWWswcVZYV1FxTHJN + WHVzL1NBRjJNZTFNVGdXNzlVQ09MNGMKLS0tIG9PcDZjbkYxVWxuc3FvSFlkVHRU + Z3BiRU5hQmk1cmNTMHZxMURpQVZlUncKb5UP4eeWn+WtwbQbPgBt8E8oCtXeUnWY + 17nYAYFd0Bc5RRLwpiGwIbfgudT9n4GHKo+lY/6mxx0wch7N5+YBEQ== -----END AGE ENCRYPTED FILE----- - recipient: age1cpcwv2wlszwase38zpngk6ld3vx8ev8jsv38m9pp74jvlutvxpsqt49yrr enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlWTVETVhiZmlocUs3S2ZJ - UHh0bjVGeG0wc3R5alV6MVcva2p2UmlJZDBrCnJsZENGVFNDZjlRRU13TTllNWl1 - SGViNnM4eXhXcjk4dFR1bU5WQ1FtUk0KLS0tIEgvNFlLWWp2L0NZZ1ZPeGU5bFZS - N2Rjc3J5a01WTWIwNkFqZERySkhzSzQKADuJPEFjOPXDUcIXLdut0QCuB5PHf/Dt - rdn5reXRKsK0BLDPbVJiGp0euLfFHWAPskTlEL0f6zqEC1ATDQ9mcQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEKzdDUDR6NmZ1YkxyZmFV + TzFkOGpHS3IvenpiNmUwR0FPS25yNDRveVI4CmVtOCt3d0RkbFFUQ3g3L1ZWVllD + YjR6OEVEV3hHYXJDWUxxRjRXYVRNSW8KLS0tIG9aQlJkZFBLeG5TT3NVK25KRnRF + Yy9MQ3RjQnhhMkpkeVpYcWhjZmoxSlkKDf1BhTqXEviNTqJM/vbyp/H14NxUn+FU + 8STERa2bTL6NEAOhvGczARKUduBEHWcaoX73l320JNaqSz3hcP3hXQ== -----END AGE ENCRYPTED FILE----- - recipient: age1eel2m3jsanly3np5anytwyjze70v509mje2yu562e2k70ctdsvrqj23x20 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArTUdnbSt3bFlDZ3B4YUlO - ODdGZmxReDkrQllmTjBZYjdCMlFNZys5UEd3CkxNeXZaRDJ3K2xkWHRmVGYydDNo - dkJiMW94Z2IwbnlKblZCeEhJSmFqUTAKLS0tIDBESHZiWjIwRStJRVhoUlc2YytX - WWtqNmYvSkF0ZWd3T3hBdklFRWlPUEkK0Eu7GEVUzrUEYQzNgWPmctXxqGgq5938 - el5U0I5KzaRzAp5wnhdS/y4dXlbwkkvGYlGyYBZN3X1/sjtY3vdiyQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTQVI3dFp0TitKSkpnYkZa + cDE2VFZXd1AxNm81Ukd4c0ZKeFd2Qk1IOFFNClJ6YWxCY0hKTXQwcU9EcmxBWjEr + dDhKN1hYRjBvbFpFcWp3ZkxPdmxsQ3cKLS0tIHhseEcyUExOKytyMDJoSkxiRFhT + V05wcmRVYVcrd1Y1RWZmTmdJYjBiTlEKWwhtwmyFMhD14RQq/yNriw/5it8QnhLG + E1TtXs4GP1faE4dqMX/xMmVSij8ttM6OYQEUtKyMv6mR0zgAl3fx1Q== -----END AGE ENCRYPTED FILE----- - recipient: age1vlxerq9j9jd00qvxj2gxds9re4dz2djqmllkhzsf44gz9a5y4ghs7807h9 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxVkZjTGZKZUhGZUdPanQ2 - MDYxODlqQ3VXNVF4eHE4SDJTWDMzZkxpVkhZCnB3ZjIwZUI5OVR5NWpmYUkyeEZ2 - cXF2eENGcFV2WGl4ZlF3UDduMVN4Z3cKLS0tIFM3WERrQjhhNERDV3ZlZFJSc0pE - TWZTai9wQmFCT2hpN1B2aGhJZHd3cW8KX6UXtoqIfaPvbtBvdudfpYTCGJcezy57 - vzIVLtYNcVH6T1jhi6XbDiE3DO3SuhFrJ48RPV41b8hWYHhLWWonKQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3UlZKSTdGWDVUbDVmRVVj + TVI4RkhHdVFIK01nbENjWCthNm0xSjlqL3o4CnJsbHIxa08yY0N3WjQ3NjlRTTZo + TnhkbG5tSVcrMmJ1WElmWEd6Y3c2SDAKLS0tIHRUYmN6TW5aSFBxd0g4K1BNN0Ro + WUJYYmg1VGFKSDRkNkVGVWlYbEFOK0kKd0jcnS1RMcPLozyYfkVoE07Cc95jJa3J + IzC3YJ/NtFC0f6MVjrL7wol8Vugp+YgXQXBIhGUg9efR8/55+tuUZg== -----END AGE ENCRYPTED FILE----- - recipient: age1ygzy9clj0xavlmau0ham7j5nw8yy4z0q8hvkfpdgwc4fcr8nufpqrdxgvx enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzQXNPQkZqaEZXSWpURko1 - azVpVGl4bHJuOWxhN1h6anBTdE1IOG9SdFVzCk5aWC9pY1ZqYzJSV2ZvaGdVb2Z4 - aVNnM3NnSWRhVU9jaDNmSlJwYWhvTWcKLS0tIFVHUWxqUU41OVFaU1BEMGI4WVVw - U1g5Yi9RR3VjZFQ4V0xWUnVwR0VUemcKsMNhbFtYlEvd2q6lmkTVdx9hW6ztvWLc - cNlZ5wMul5HJWZ0n30rtXnKL8ge74/Z+nuv0EKNkcjBWy+7D+c86vw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWUnUrdWdqQ3RSR0hjNEVm + SGJUNHM5cy9wd3ZKTUYzNEtqZGNlRmdzSFY0CmcxbnNlcE5IckxIVHJwU0tvcytw + WlFPTU1OWlJ2WW92MFZjOWdNa0d0NnMKLS0tIDJ2L3BpUm1iK1lDNGVDbmIxVlZs + bWJYUitwam14Rms5Qkx3V3JVc3p4eEUK3nfbo+/QCVl38khfVPHC8T8Hjacuht0e + NGZuQSlWtp+0Va1/9exP+Ph/IyAQJTkITXjOITMKk5/WZ5fRD2McNw== -----END AGE ENCRYPTED FILE----- - recipient: age1kxkr407jz77ljrhgsfwfmv2yvqjprc6unvx389xp2f48xj8r0vqq2wew5r enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIM1hMUW9NbC92L3JlYXpV - K1BGUnJsMzVjeWlNL1F6TWQ0UVF6Wjc0K3dNCm5uRjZ0enI5UGdZMTFIaFJPQlh2 - dytJVXN6NWl4Ly9tOTZHSFp2VVE1TlkKLS0tIEg0TERyRm1BWENQQzZsdjJmY3h3 - cTFUYzQ2Z01mdytvWXFSUlVzWGVtVmMKAtxsl3SzFHUF+A+tiBr8lwmQyV7c0Vgh - kbgALYYMqpWsy3qdvWzhifyPW1eMdd0jNKUi1/asRcgrlp5rk3jLpw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLY1pscmxLZFM1THdwbzl2 + c01yaUZHR01FUlROR2VRbkFIbkRqV1RaNFQwClJKZmFVaytTWHFCQnkvaTk0eWRK + dCt2M3Jrb0I5SVpRUFQ5aGQ0MGw5Zk0KLS0tIG5NZWhZSXB1OHJlalpJS2pPOHRN + ZGl0KzZSdjZob1loZjhnR2lYOENNa1UKUqrPthHY52xhtLxT1lYjwkbOQdv+X6xw + 7rQ5oFhKhnAXGxjD6PtB1+B/BEJPmsONl3apSC2lSEw4WpmYFQCyNQ== -----END AGE ENCRYPTED FILE----- - - recipient: age1kxwxjpk0d8uepglyk63vdht4ct5vhf6n3mml86596a3ut9wfhassfjgh5w + - recipient: age1w99tzxl88z7ct3ekpatl62wvhrx29pg450qmn822dpmz0evhxqxqy3scux enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4Tjh0ZUdOcnRTVDlxWGNz - Yk5mdnRTK3FKNVpOS25HRDE1UW52L01TY3kwCkRhUnlUQmxPaG1ibmtPcHZMd2pF - YkNhNDZnVjhJVG9SM1NUSG1UNkdTWjAKLS0tIGRncHpwckxtYnJ0dGR6LzlRd2FR - SjBnMURGR0ZadDIxdHQxYndZdVhiMDgK1YNUbZzxAfyrLH9+5GAME21Itu5vQ7r8 - quA2IcCfQj/tSIRzT3znyCFY6YXmjHzxr/ybOWs7xJMGAaWAM0lP4A== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzN1l2Tk9NeWcxNGJ6amVo + QVFjaHJCN3dudkVVbHhWWDRJck5KNURMdkRrCmhBcmliQlVtazI0bDJ0QWlJT05t + SzBkazZsaCswb0RDV0lmanNSOFRYWDQKLS0tIGpWeEtVS05EcjdwVC9tV3VWNlRp + L2dlUVlCa1U3a3BwUHA4MVNPWi84UVkK9M74XoiDnFeFJ262KgMgoasmBEX2TraH + ZxxtZEZDVTjnMA0D8zDNw5IEj6Ze2qoc/1ScUeBzsEMRVY0lk2mlFg== -----END AGE ENCRYPTED FILE----- - recipient: age1yl2l760zjsxvrct97gtwfkfjlvhg3vkkwpud2usc35ktqnzhuurq3an2ns enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGR2tVSW9rTlh1dTVaWVAy - REI5dk5tK29GakdHemxHNXM2aXY1bWR1V1RNCkZESlQ2STNJdFVJZG10WTBSWkU4 - QWtNcStEelFUUEhaZGFFemNhNTBNR2sKLS0tIDJRZjE2TU1nMmdDSnl3Zk1VR01T - a1A1MkVYYXArbG8rNE9QTG8wUzNjRXMK8v6gQYj+IJfagEERnBfaTQUn5xRT7bRB - LyV38GOC1frw6umUp5Szu2Zr2PMGHGbZTCRmOOISdrDEH6w6SwwlIA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3ampYbDY3eUdIeE54Z2gy + VXI4Wk51NEx0UWdmY1RnQUVzNTZldWJGZ1VRCnlDbEVBNWN0OVNQSUptcUhKSmxR + djJiSHNiWUhnYjNVNXdOYVFISlVvcGMKLS0tIHdob0dHL0FGTWcxTWlJZ2pHT2dn + VFh3TlplWUc0Um9ZK1RrTXEyUXl2c1kKSHNxpvghLobjaJd/0Ug3jJgTjfqztqoM + uvt2RUN/7TCZ1DrXWYACRMKrwHPkazV5WsPsr4ZmBCiQMcR2gIgdKw== -----END AGE ENCRYPTED FILE----- - recipient: age16thgapywna9zu3r87hfgvw097lq8r9z5rxunfjqmttcnpgxxcflqxkjycn enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaUGtVdm8rVy8rUERWOFRv - STFHM2JrOTY2eVJZOWdYUzFvb2k5T2ZmTHkwCjh4SFU2WmVuL1l6M3dmNTNJRkRj - YitRMmVBc0k2T2VDRUFDR1hVRUpvMjQKLS0tIDRiYVVhSHNGUnBuWGxmTHlINGsx - ZnV2eG1FU0FvRStxV0JzeVBOaXNlSGMK6MnVi2p4oTVuY9i4llDvnBF4Oz2WyArc - JIKF2v9FRdnbqvYnCf0vl2tlYcL1ZriKa+BUUceD9jHLhdTp7Kpgqw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKV0JjTnJHeU9uOWtyMjhK + T3ViWVB0dEh0ejh6Z1RRcExyUm9MSUpQeFNZCjRITEFlWGR4VEZEOXk0RjlYQ0th + bmJKMXRoN2RBVTJ0MVlMTndSZENuL00KLS0tIGVCZHo2WHE3RktTdmV1NTNESjdS + Qzc0QldKYkpNdEc1Yk41YW5ndWl6TmcKXqvOVr3vtt2COrC8vYuBdLxJ02vR0EuY + jMrPgjLvUttgnBuy0PjBIn6v/dBkI5eaC6rD8jJIJ/i7ClkqN5HzxQ== -----END AGE ENCRYPTED FILE----- - recipient: age1zxmut50nxveptmfyjw5rd9jfdva54p92fj02zekjneq57k626unqysq707 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYZEJNbmlDMmhDNjdwZk1v - c0ZVek5RWVF1akltQXlaYnNuTlFMZ08zcjBZCkp4Z1U5a3o3blhVTHBLb09SZnU4 - enluaVEwc0dIa0F2UnhZaGZ2c1k0MDgKLS0tIGluc2JKaW9HS0NFNjhJUE5vclND - RVpJakNwV1NwenNEU3JDSkpEeU05Ym8KuIfMuTkswIWrlF2jbu3HzEJqhaPW+VAw - clzSjdtrwSa0sXS1+D5Cr15aeyALB4hVDp7W6m2/tf4uuk5M5soUTw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWNlZXaWpBaC9WbWtYakFn + UWE1dytSM09TR2lrSXBPQm8vSUZDYjc0bG04Cm02aUtpb2loeVhTa0RyTnpLU1dI + enlTd3JtNVUyVHFFYzNyMlFtc2k2T0EKLS0tIERCcC9sRGxlcnFMd3FKWHk1aldj + OFN6NG5rVUtYRWxKenZjQVFUN2NaRDgK343aFwHVlXS43hamkHUgwgCrwbC0zD9R + BeyWH3xh9e1lRBlp0JEcViWEs5s/jMjBeZlBZGUjKsD7cXocFh0VJQ== -----END AGE ENCRYPTED FILE----- - recipient: age1lxmwwjmvfzl6uvfe2xs9m8ppdf604acph0u88pqwhuy7wvuep4sq3cjgw0 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4aTh5UytEQ0EyUjE2NE9r - Tmh3UWlpY3FObEdDNGg3bzNES3NkbFdtRHlzClljNVlmQ3lGU2g1YWxVMGh4bWdO - M2FkVi9xT3picjBQOU1IbjZBV3dRM1UKLS0tIFJWV2duK1ltbE5PaFhqb1RvbVBi - TkVXbFgvTHovU1BlRmJoSlY5VkZuSVEKND0ktTU1S73HMMd1k8HedrzAQYc1c0Wn - uCfJrs5cX5Bg4ziZDwdi/hLF1oLqP9GokVXo9U1k7N28Ky3HXWcNFQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2YzBiNkpmS01JN1hhdkh3 + ckMvQVdVOGVCeFJJRW9XY2V6V0JVZkM4emt3CnFEZ0FHd1JpOWVZTWxXSktxWmJU + cEtzZWIrcjM1eGZ0S0V6VWdSa0dzMmMKLS0tIE1TUGNxUVlXZ3l4VDdhT0t3UWJm + R1BtVHdTQVlyanN3YmlpeUoxMGQrRHMK8kicg+HeTWDXGy50XUzwEYStZ/uYaEGn + QuTc4EufifzTvJVgu5bj5+o0XKEHMfmSG2vjitKl7AlAn6FjKvXEnw== -----END AGE ENCRYPTED FILE----- - recipient: age162clfdx3zc7qr5au7gyxmhs44lfezt8qzpf3a2ppqh5r628enf0q70prc0 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHSVBUNEFiNU1vU1dKRmJ6 - VzVoL21yY2pycEdUdEJ4REMzd1d0aW1qZkcwCkg3WXh0VzUrWThNUlE5alc4VWN6 - eXNkWm5iWlRkdnRxaVczWENkeFRFWUUKLS0tIGtlWHR4U2UyM2s1WHl5ZUtvdVNj - RlJzRTJEOXp3VXg5TThDSVRUOWpqbHMKDA0aeJQj4JH9xJaFfX59SlyDQ7UpQIRf - E+/hJsRWjy8Dljn5w4E5Jeq3QEQdUduoVgtuj2DVvM+hq4ADzn/NrQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCYnJXYjZvc3J0VldLVEtr + OWJGNHI0b3lRRUI3ZUhIUklTUlhjbC80WUI0CnBzUWV0dmdJNll6bm0vbHRKcGFE + bDJvQ1VadFk0TFN1d0czQ1hRWmdXdUkKLS0tIFNUaFJoQUgrZ1pPUndLU1RNOVR2 + WDNmcU9GTFZkdXJyUytRVHpDZkF6MlUKeg1/awyDxLFuilqZ2dAFuFNGy6CseYEj + Mve2lKDsOqW1aMc4CP1NBtiuhGZ8xH3AMmZ7HRH+hlxFZGtrL2Cqjw== -----END AGE ENCRYPTED FILE----- lastmodified: "2024-10-03T08:53:40Z" mac: ENC[AES256_GCM,data:CihIkFA7Mmov7Aun4iaJ0ueUrD4bcPz524YKTNkqotAqtLKLnlkKXfrtit5WgF78Hr70m8BA4qAJeYS7FcY+Oc42sySj1ikKUQNienyKpdNsZ2ELFEI6a4EmCtmyhgbv3/GR1AR3c5K1xU4RPQO+G3VNF4XvpBqspOpkOUb251o=,iv:4QtxWum9ck4ShmhYpfqL1JMwZLfE6Iy6pJ9GBdbv6aY=,tag:K4v+V+P5GpBfjz84ccmb5A==,type:str] pgp: - - created_at: "2024-10-07T16:27:41Z" + - created_at: "2024-10-07T17:57:16Z" enc: |- -----BEGIN PGP MESSAGE----- - hQEMA0SHG/zF3227AQf+NeElzAq8pNwQocz/fQhxC7EIbiUYaMU86IawKjZ2X4Tb - grs+hXgdnHuyEv9GYEhsqlNG9YPrQ62riVzbK0TBmg8J/ePl4BCgHdoTIQAX+TKe - 9hC1wP+CkYjazMvE1dO73nXx+iaPGRZKV8kI9XmtKCrPcZdeUfAVQM+FUZasVOp+ - nctZyEqzRkOSMAfzdDK5EO9INKQkL35RJEqFeUiAaHCRTik2i/cCcLCqrZQindae - W9VByiaGHN0/8Q0/Uh0Ppg/9Gj4Arlii9fXnqGM6uxAf9r7+A2BNZPyrJEbDZpTQ - W65u9gpLOe1WZ1DGg6UFsdHlYvuZVxi0xse1gA28MNJcAaN/FK64IL5zJyDnu9C4 - v26FWFKTdug0Wtrw/a4rvIWc2XhjkT2Uzj6VISrQ+Z1sU9Vy9SZQ/KQtVGjD/VMp - dZ5g0fLJ9XSaE9sDtrSRyHwHyO9v92pIqwrYm3E= - =j/JY + hQEMA0SHG/zF3227AQf/Yodz+8O8Wqua7kQ3VWEZvhG80xUhhD7bB9eKcjLT18Gq + EURP96XUpuonCXIKXqNgmGF1bqe92D7Ji0lLe3fKaT13Fq4jH45LcvL1xIUQ+1me + 7osjDZ2CIdOvh6ZvJU52vYgg/iT3ZWve9jHC8WPDyn2D119T4TkLc/cgfsrqCKOV + J/CYKmbl+191aTn7YGIUKxXekTbazxsVXgl5/fbnG5m5YmsmI/B7Tj3twUj038vL + XTqn5PDEVrNJEKzFQytDI5x252RlA4XH7Knshs/jFH39fRxCe1HQvdM8LXiiXa9g + 2xn0yxlnnKc3MGOJoeA09yMKLySJWlCT8HO8vZpfJNJcATbJ2MqNboM7zjt0O9d+ + Bg+WfTGeMpYcaEoNhFmOO0UpkdRzKT5vEzvwsr0TGXGUINHXarWr5Yi9sFLg4y0V + Wkb6nuFihnCGdZiiKCXuUbutwdhTB2R4r/CGNXg= + =wJY8 -----END PGP MESSAGE----- fp: 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B unencrypted_suffix: _unencrypted From d4a4b3d112b216204002728cbd9130de3f44505d Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Mon, 7 Oct 2024 20:24:59 +0200 Subject: [PATCH 5/6] chore(buildbot-nix-0): fix top comment about hardware state and remove noisy comments --- .../configuration.nix | 116 +----------------- 1 file changed, 1 insertion(+), 115 deletions(-) diff --git a/modules/flake-parts/nixosConfigurations.buildbot-nix-0/configuration.nix b/modules/flake-parts/nixosConfigurations.buildbot-nix-0/configuration.nix index 61cbe0b..51fee66 100644 --- a/modules/flake-parts/nixosConfigurations.buildbot-nix-0/configuration.nix +++ b/modules/flake-parts/nixosConfigurations.buildbot-nix-0/configuration.nix @@ -7,9 +7,7 @@ ... }: # Hetzner AX162-R #2497582 - -# NOTE(steveej): i manually switched it to legacy via the KVM console because i did not want to spend more time on getting EFI to work with software RAID -# Legacy/BIOS +# UEFI - factory { imports = [ inputs.disko.nixosModules.disko @@ -63,124 +61,12 @@ efiSupport = true; efiInstallAsRemovable = true; devices = [ "nodev" ]; - # mirroredBoots = [ - # { - # devices = [ - # # "nodev" - # # "/dev/nvme0n1" - # # "/dev/nvme1n1" - # ]; - # path = "/boot"; - # } - # ]; }; boot.loader.efi.canTouchEfiVariables = false; boot.kernelPackages = pkgs.linuxPackages_latest; systemd.network.networks."10-uplink".networkConfig.Address = config.passthru.primaryIpv6; - /* - # not working NixOS - - root@rescue ~ # sgdisk --print /dev/nvme0n1 - Disk /dev/nvme0n1: 3750748848 sectors, 1.7 TiB - Model: SAMSUNG MZQL21T9HCJR-00A07 - Sector size (logical/physical): 512/4096 bytes - Disk identifier (GUID): 04AC4FB8-8843-4508-B894-A42F91218231 - Partition table holds up to 128 entries - Main partition table begins at sector 2 and ends at sector 33 - First usable sector is 34, last usable sector is 3750748814 - Partitions will be aligned on 2048-sector boundaries - Total free space is 4717 sectors (2.3 MiB) - - Number Start (sector) End (sector) Size Code Name - 1 4096 2052095 1000.0 MiB EF00 disk-sdb-ESP - 2 2052096 3750748159 1.7 TiB 8300 disk-sdb-rootfs - root@rescue ~ # sgdisk --print /dev/nvme1n1 - Disk /dev/nvme1n1: 3750748848 sectors, 1.7 TiB - Model: SAMSUNG MZQL21T9HCJR-00A07 - Sector size (logical/physical): 512/4096 bytes - Disk identifier (GUID): C6FD320F-FEB3-4E49-822A-BC690ADF0559 - Partition table holds up to 128 entries - Main partition table begins at sector 2 and ends at sector 33 - First usable sector is 34, last usable sector is 3750748814 - Partitions will be aligned on 2048-sector boundaries - Total free space is 4717 sectors (2.3 MiB) - - Number Start (sector) End (sector) Size Code Name - 1 4096 2052095 1000.0 MiB EF00 disk-sda-ESP - 2 2052096 3750748159 1.7 TiB 8300 disk-sda-rootfs - - root@rescue ~ # blkid - /dev/nvme0n1p1: UUID="38a0e387-1c9b-2095-cfc3-de9ef33f9f4d" UUID_SUB="75be7ee9-61c8-a320-f373-16a4ad55dab4" LABEL="any:esp" TYPE="linux_raid_member" PARTLABEL="disk-sdb-ESP" PARTUUID="925655a3-0b33-42d9-8c33-a39470f90209" - /dev/nvme0n1p2: UUID="e5d82e40-9461-6e2a-43dc-209e555ea44d" UUID_SUB="e70e3b91-672d-cb3f-9caa-6653089ef3b8" LABEL="any:rootfs" TYPE="linux_raid_member" PARTLABEL="disk-sdb-rootfs" PARTUUID="92685db5-e967-4d07-a767-f3fc8998f875" - /dev/md127: UUID="EBF0-E600" BLOCK_SIZE="512" TYPE="vfat" - /dev/loop0: UUID="da55567a-52c0-4ad7-b417-9d6f531d1273" BLOCK_SIZE="4096" TYPE="ext2" - /dev/md126: UUID="78beb252-b84f-4014-8d04-468cb714346b" UUID_SUB="3f598054-4252-453e-8c2a-93fe2cf9529d" BLOCK_SIZE="4096" TYPE="btrfs" - /dev/nvme1n1p2: UUID="e5d82e40-9461-6e2a-43dc-209e555ea44d" UUID_SUB="5d3bd916-094a-a48b-490e-c378923c7a66" LABEL="any:rootfs" TYPE="linux_raid_member" PARTLABEL="disk-sda-rootfs" PARTUUID="4842c898-6320-41af-b564-e3a24ee05d11" - /dev/nvme1n1p1: UUID="38a0e387-1c9b-2095-cfc3-de9ef33f9f4d" UUID_SUB="8c48e626-6807-4d0f-e708-f24cce7d364c" LABEL="any:esp" TYPE="linux_raid_member" PARTLABEL="disk-sda-ESP" PARTUUID="31d25776-1596-4278-8e01-008add39a42d" - - root@rescue ~ # parted /dev/nvme0n1 - GNU Parted 3.5 - Using /dev/nvme0n1 - Welcome to GNU Parted! Type 'help' to view a list of commands. - (parted) print - Model: SAMSUNG MZQL21T9HCJR-00A07 (nvme) - Disk /dev/nvme0n1: 1920GB - Sector size (logical/physical): 512B/4096B - Partition Table: gpt - Disk Flags: - - Number Start End Size File system Name Flags - 1 2097kB 1051MB 1049MB disk-sdb-ESP boot, esp - 2 1051MB 1920GB 1919GB disk-sdb-rootfs - - # mount - /dev/md126 on /mnt/boot type vfat (rw,relatime,fmask=0077,dmask=0077,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro) - */ - - /* - working hetzner - - root@Debian-bookworm-latest-amd64-base ~ # parted /dev/nvme0n1 - GNU Parted 3.5 - Using /dev/nvme0n1 - Welcome to GNU Parted! Type 'help' to view a list of commands. - (parted) print - Model: SAMSUNG MZQL21T9HCJR-00A07 (nvme) - Disk /dev/nvme0n1: 1920GB - Sector size (logical/physical): 512B/4096B - Partition Table: gpt - Disk Flags: - - Number Start End Size File system Name Flags - 1 2097kB 271MB 268MB fat16 boot, esp - 2 271MB 4565MB 4295MB raid - 3 4565MB 5639MB 1074MB raid - 4 5639MB 1920GB 1915GB raid - - root@Debian-bookworm-latest-amd64-base ~ # lsblk - NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS - nvme0n1 259:0 0 1.7T 0 disk - ├─nvme0n1p1 259:1 0 256M 0 part - │ └─md0 9:0 0 255.9M 0 raid1 /boot/efi - ├─nvme0n1p2 259:2 0 4G 0 part - │ └─md1 9:1 0 4G 0 raid1 [SWAP] - ├─nvme0n1p3 259:3 0 1G 0 part - │ └─md2 9:2 0 1022M 0 raid1 /boot - └─nvme0n1p4 259:4 0 1.7T 0 part - └─md3 9:3 0 1.7T 0 raid1 / - nvme1n1 259:5 0 1.7T 0 disk - ├─nvme1n1p1 259:6 0 256M 0 part - │ └─md0 9:0 0 255.9M 0 raid1 /boot/efi - ├─nvme1n1p2 259:7 0 4G 0 part - │ └─md1 9:1 0 4G 0 raid1 [SWAP] - ├─nvme1n1p3 259:8 0 1G 0 part - │ └─md2 9:2 0 1022M 0 raid1 /boot - └─nvme1n1p4 259:9 0 1.7T 0 part - └─md3 9:3 0 1.7T 0 raid1 / - */ - disko.devices = let disk = id: { From 8d3356b63dfb396d2902c16839fc4e57312ba2e6 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Mon, 7 Oct 2024 20:58:38 +0200 Subject: [PATCH 6/6] feat(linux-builder-2): don't distribute to other builders --- .../nixosConfigurations.linux-builder-2/configuration.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/modules/flake-parts/nixosConfigurations.linux-builder-2/configuration.nix b/modules/flake-parts/nixosConfigurations.linux-builder-2/configuration.nix index 55a20f2..6de98e0 100644 --- a/modules/flake-parts/nixosConfigurations.linux-builder-2/configuration.nix +++ b/modules/flake-parts/nixosConfigurations.linux-builder-2/configuration.nix @@ -24,7 +24,6 @@ url = "https://github.com/holochain/wind-tunnel"; }; } - self.nixosModules.nix-build-distributor inputs.sops-nix.nixosModules.sops