diff options
Diffstat (limited to 'users/grfn/system/system')
-rw-r--r-- | users/grfn/system/system/iso.nix | 3 | ||||
-rw-r--r-- | users/grfn/system/system/machines/mugwump.nix | 156 | ||||
-rw-r--r-- | users/grfn/system/system/modules/common.nix | 2 | ||||
-rw-r--r-- | users/grfn/system/system/modules/fonts.nix | 2 | ||||
-rw-r--r-- | users/grfn/system/system/modules/reusable/battery.nix | 14 | ||||
-rw-r--r-- | users/grfn/system/system/modules/tvl.nix | 4 | ||||
-rw-r--r-- | users/grfn/system/system/modules/work/kolide.nix | 10 |
7 files changed, 104 insertions, 87 deletions
diff --git a/users/grfn/system/system/iso.nix b/users/grfn/system/system/iso.nix index 4adccebfb8a2..92a13f655214 100644 --- a/users/grfn/system/system/iso.nix +++ b/users/grfn/system/system/iso.nix @@ -12,6 +12,7 @@ let networking.firewall.enable = false; networking.wireless.enable = lib.mkForce false; }; -in (depot.third_party.nixos { +in +(depot.third_party.nixos { inherit configuration; }).config.system.build.isoImage diff --git a/users/grfn/system/system/machines/mugwump.nix b/users/grfn/system/system/machines/mugwump.nix index 7de6555878d9..a8bf91caacc0 100644 --- a/users/grfn/system/system/machines/mugwump.nix +++ b/users/grfn/system/system/machines/mugwump.nix @@ -23,7 +23,12 @@ with lib; initrd = { availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ]; kernelModules = [ - "uas" "usbcore" "usb_storage" "vfat" "nls_cp437" "nls_iso8859_1" + "uas" + "usbcore" + "usb_storage" + "vfat" + "nls_cp437" + "nls_iso8859_1" ]; postDeviceCommands = pkgs.lib.mkBefore '' @@ -60,31 +65,33 @@ with lib; networking.firewall.allowedTCPPorts = [ 22 80 443 ]; security.sudo.extraRules = [{ - groups = ["wheel"]; - commands = [{ command = "ALL"; options = ["NOPASSWD"]; }]; + groups = [ "wheel" ]; + commands = [{ command = "ALL"; options = [ "NOPASSWD" ]; }]; }]; nix.gc.dates = "monthly"; - age.secrets = let - secret = name: depot.users.grfn.secrets."${name}.age"; - in { - bbbg.file = secret "bbbg"; - cloudflare.file = secret "cloudflare"; - ddclient-password.file = secret "ddclient-password"; - - buildkite-ssh-key = { - file = secret "buildkite-ssh-key"; - group = "keys"; - mode = "0440"; - }; + age.secrets = + let + secret = name: depot.users.grfn.secrets."${name}.age"; + in + { + bbbg.file = secret "bbbg"; + cloudflare.file = secret "cloudflare"; + ddclient-password.file = secret "ddclient-password"; + + buildkite-ssh-key = { + file = secret "buildkite-ssh-key"; + group = "keys"; + mode = "0440"; + }; - buildkite-token = { - file = secret "buildkite-token"; - group = "keys"; - mode = "0440"; + buildkite-token = { + file = secret "buildkite-token"; + group = "keys"; + mode = "0440"; + }; }; - }; services.depot.auto-deploy = { enable = true; @@ -207,44 +214,49 @@ with lib; job_name = "node"; scrape_interval = "5s"; static_configs = [{ - targets = ["localhost:${toString config.services.prometheus.exporters.node.port}"]; - }]; - } { - job_name = "nginx"; - scrape_interval = "5s"; - static_configs = [{ - targets = ["localhost:${toString config.services.prometheus.exporters.nginx.port}"]; + targets = [ "localhost:${toString config.services.prometheus.exporters.node.port}" ]; }]; - } { - job_name = "xanthous_server"; - scrape_interval = "1s"; - static_configs = [{ - targets = ["localhost:${toString config.services.xanthous-server.metricsPort}"]; + } + { + job_name = "nginx"; + scrape_interval = "5s"; + static_configs = [{ + targets = [ "localhost:${toString config.services.prometheus.exporters.nginx.port}" ]; + }]; + } + { + job_name = "xanthous_server"; + scrape_interval = "1s"; + static_configs = [{ + targets = [ "localhost:${toString config.services.xanthous-server.metricsPort}" ]; + }]; + } + { + job_name = "blackbox"; + metrics_path = "/probe"; + params.module = [ "https_2xx" ]; + scrape_interval = "5s"; + static_configs = [{ + targets = [ + "https://gws.fyi" + "https://windtunnel.ci" + "https://app.windtunnel.ci" + "https://metrics.gws.fyi" + ]; + }]; + relabel_configs = [{ + source_labels = [ "__address__" ]; + target_label = "__param_target"; + } + { + source_labels = [ "__param_target" ]; + target_label = "instance"; + } + { + target_label = "__address__"; + replacement = "localhost:${toString config.services.prometheus.exporters.blackbox.port}"; + }]; }]; - } { - job_name = "blackbox"; - metrics_path = "/probe"; - params.module = ["https_2xx"]; - scrape_interval = "5s"; - static_configs = [{ - targets = [ - "https://gws.fyi" - "https://windtunnel.ci" - "https://app.windtunnel.ci" - "https://metrics.gws.fyi" - ]; - }]; - relabel_configs = [{ - source_labels = ["__address__"]; - target_label = "__param_target"; - } { - source_labels = ["__param_target"]; - target_label = "instance"; - } { - target_label = "__address__"; - replacement = "localhost:${toString config.services.prometheus.exporters.blackbox.port}"; - }]; - }]; }; services.xanthous-server.enable = true; @@ -256,21 +268,23 @@ with lib; virtualisation.docker.enable = true; - services.buildkite-agents = listToAttrs (map (n: rec { - name = "mugwump-${toString n}"; - value = { - inherit name; - enable = true; - tokenPath = "/run/agenix/buildkite-agent-token"; - privateSshKeyPath = "/run/agenix/buildkite-ssh-key"; - runtimePackages = with pkgs; [ - docker - nix - gnutar - gzip - ]; - }; - }) (range 1 1)); + services.buildkite-agents = listToAttrs (map + (n: rec { + name = "mugwump-${toString n}"; + value = { + inherit name; + enable = true; + tokenPath = "/run/agenix/buildkite-agent-token"; + privateSshKeyPath = "/run/agenix/buildkite-ssh-key"; + runtimePackages = with pkgs; [ + docker + nix + gnutar + gzip + ]; + }; + }) + (range 1 1)); users.users."buildkite-agent-mugwump-1" = { isSystemUser = true; diff --git a/users/grfn/system/system/modules/common.nix b/users/grfn/system/system/modules/common.nix index 91723973f5cd..635747d118ff 100644 --- a/users/grfn/system/system/modules/common.nix +++ b/users/grfn/system/system/modules/common.nix @@ -2,7 +2,7 @@ let - depot = import ../../../../.. {}; + depot = import ../../../../.. { }; in diff --git a/users/grfn/system/system/modules/fonts.nix b/users/grfn/system/system/modules/fonts.nix index babe30d4271f..f30600b28b39 100644 --- a/users/grfn/system/system/modules/fonts.nix +++ b/users/grfn/system/system/modules/fonts.nix @@ -7,6 +7,6 @@ twitter-color-emoji ]; - fontconfig.defaultFonts.emoji = ["Twitter Color Emoji"]; + fontconfig.defaultFonts.emoji = [ "Twitter Color Emoji" ]; }; } diff --git a/users/grfn/system/system/modules/reusable/battery.nix b/users/grfn/system/system/modules/reusable/battery.nix index ca92e0c3f61c..151c2a246f32 100644 --- a/users/grfn/system/system/modules/reusable/battery.nix +++ b/users/grfn/system/system/modules/reusable/battery.nix @@ -22,11 +22,11 @@ with lib; config = let cfg = config.laptop.onLowBattery; in mkIf cfg.enable { - services.udev.extraRules = concatStrings [ - ''SUBSYSTEM=="power_supply", '' - ''ATTR{status}=="Discharging", '' - ''ATTR{capacity}=="[0-${toString cfg.thresholdPercentage}]", '' - ''RUN+="${pkgs.systemd}/bin/systemctl ${cfg.action}"'' - ]; - }; + services.udev.extraRules = concatStrings [ + ''SUBSYSTEM=="power_supply", '' + ''ATTR{status}=="Discharging", '' + ''ATTR{capacity}=="[0-${toString cfg.thresholdPercentage}]", '' + ''RUN+="${pkgs.systemd}/bin/systemctl ${cfg.action}"'' + ]; + }; } diff --git a/users/grfn/system/system/modules/tvl.nix b/users/grfn/system/system/modules/tvl.nix index 905ec8ced537..959f8449f659 100644 --- a/users/grfn/system/system/modules/tvl.nix +++ b/users/grfn/system/system/modules/tvl.nix @@ -8,7 +8,7 @@ sshKey = "/root/.ssh/id_rsa"; system = "x86_64-linux"; maxJobs = 64; - supportedFeatures = ["big-parallel" "kvm" "nixos-test" "benchmark"]; + supportedFeatures = [ "big-parallel" "kvm" "nixos-test" "benchmark" ]; }]; extraOptions = '' @@ -29,7 +29,7 @@ }; programs.ssh.knownHosts.whitby = { - hostNames = [ "whitby" "whitby.tvl.fyi" "49.12.129.211"]; + hostNames = [ "whitby" "whitby.tvl.fyi" "49.12.129.211" ]; publicKeyFile = pkgs.writeText "whitby.pub" '' ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILNh/w4BSKov0jdz3gKBc98tpoLta5bb87fQXWBhAl2I ''; diff --git a/users/grfn/system/system/modules/work/kolide.nix b/users/grfn/system/system/modules/work/kolide.nix index 29ee0a0d7ce4..e4ee786f0cbe 100644 --- a/users/grfn/system/system/modules/work/kolide.nix +++ b/users/grfn/system/system/modules/work/kolide.nix @@ -3,9 +3,10 @@ let deb = ./kolide.deb; - kolide = pkgs.runCommand "kolide-data" { - buildInputs = [ pkgs.binutils-unwrapped ]; - } '' + kolide = pkgs.runCommand "kolide-data" + { + buildInputs = [ pkgs.binutils-unwrapped ]; + } '' cp ${deb} ./kolide.deb ar x kolide.deb mkdir result @@ -19,7 +20,8 @@ let mv result $out ''; -in { +in +{ systemd.services."launcher.kolide-k2" = { wantedBy = [ "multi-user.target" ]; after = [ "network.target" "syslog.service" ]; |