stuff

wip commands
2024-06-28 14:29:14 -07:00 · 2024-06-22 17:03:25 -07:00 · 2024-06-22 17:00:44 -07:00 · 2024-06-22 16:50:31 -07:00 · 2024-06-22 16:49:44 -07:00 · 2024-06-22 01:59:49 -07:00
12 changed files with 382 additions and 167 deletions
--- a/common-packages.nix
+++ b/common-packages.nix
@@ -1,37 +0,0 @@
-{ pkgs, inputs }: (with pkgs; [
-  inputs.nix-search-cli.packages.${pkgs.system}.default
-  inputs.nix-inspect.packages.${pkgs.system}.default
-  nixos-rebuild
-  nano
-  vim
-  wget
-  screen
-  tmux
-  lsof
-  htop
-  mosh
-  dnsutils
-  iperf3
-  nmap
-  rsync
-  ethtool
-  sshfs
-  ddrescue
-  pciutils
-  ncdu
-  nix-index
-  git
-  pv
-  unzip
-  file
-  ripgrep
-  jq
-  units
-  tree
-  rclone
-  iputils
-  ssh-to-age
-  sops
-  inetutils
-  neovim
-])
--- a/common/commands.nix
+++ b/common/commands.nix
@@ -0,0 +1,29 @@
+{ config, lib, ... }: let
+  inherit (lib) mkOption types;
+in {
+  options = {
+    vacu.commands = mkOption {
+      default = {};
+      type = types.attrsOf (types.submodule ({ name, config, options, ... }: {
+        options = {
+          content = mkOption {
+	    type = types.str;
+	    default = "";
+	  };
+	  enable = mkOption {
+            type = types.bool;
+	    default = config.content != "";
+	    defaultText = ''${name}.content != ""'';
+	  };
+	  kind = mkOption {
+	    type = types.enum [ "alias" "function" ];
+	    default = "alias";
+	  };
+	};
+      }));
+    };
+  };
+  config = {
+    #todo
+  };
+}
--- a/common/generic.nix
+++ b/common/generic.nix
@@ -2,13 +2,8 @@
  inherit (lib) mkOption types flip concatMapStringsSep optionalString concatStringsSep readFile mapAttrsToList literalExpression;
  inherit (builtins) attrValues;
  cfg = config.vacu;
-  knownHosts = attrValues cfg.ssh.knownHosts;
-  knownHostsText = (flip (concatMapStringsSep "\n") knownHosts
-  (h: assert h.hostNames != [];
-    optionalString h.certAuthority "@cert-authority " + concatStringsSep "," h.hostNames + " "
-    + (if h.publicKey != null then h.publicKey else readFile h.publicKeyFile)
-  )) + "\n";
  packageNames = lib.splitString "\n" ''
+    ruby_3_3
    nixos-rebuild
    nano
    vim
@@ -57,6 +52,8 @@
    zip
    unzip
    openssh
+    dig
+    bash
    git'';
  plainPackageOpts = map (name: { name = name; value = { enable = lib.mkDefault true; }; }) packageNames;
  packageOpts = lib.recursiveUpdate (builtins.listToAttrs plainPackageOpts) {
@@ -66,100 +63,8 @@
    nix-inspect.enable = lib.mkDefault true;
  };
 in {
-  imports = [ ./package-set.nix ];
+  imports = [ ./package-set.nix ./ssh.nix ./commands.nix ];
  options = {
-    vacu.ssh.authorizedKeys = mkOption {
-      type = types.listOf types.str;
-    };
-    vacu.ssh.config = mkOption {
-      type = types.lines;
-    };
-    # Straight copied from nixpkgs 
-    # https://github.com/NixOS/nixpkgs/blob/46397778ef1f73414b03ed553a3368f0e7e33c2f/nixos/modules/programs/ssh.nix
-    vacu.ssh.knownHosts = mkOption {
-      default = {};
-      type = types.attrsOf (types.submodule ({ name, config, options, ... }: {
-        options = {
-          certAuthority = mkOption {
-            type = types.bool;
-            default = false;
-            description = ''
-              This public key is an SSH certificate authority, rather than an
-              individual host's key.
-            '';
-          };
-          hostNames = mkOption {
-            type = types.listOf types.str;
-            default = [ name ] ++ config.extraHostNames;
-            defaultText = literalExpression "[ ${name} ] ++ config.${options.extraHostNames}";
-            description = ''
-              A list of host names and/or IP numbers used for accessing
-              the host's ssh service. This list includes the name of the
-              containing `knownHosts` attribute by default
-              for convenience. If you wish to configure multiple host keys
-              for the same host use multiple `knownHosts`
-              entries with different attribute names and the same
-              `hostNames` list.
-            '';
-          };
-          extraHostNames = mkOption {
-            type = types.listOf types.str;
-            default = [];
-            description = ''
-              A list of additional host names and/or IP numbers used for
-              accessing the host's ssh service. This list is ignored if
-              `hostNames` is set explicitly.
-            '';
-          };
-          publicKey = mkOption {
-            default = null;
-            type = types.nullOr types.str;
-            example = "ecdsa-sha2-nistp521 AAAAE2VjZHN...UEPg==";
-            description = ''
-              The public key data for the host. You can fetch a public key
-              from a running SSH server with the {command}`ssh-keyscan`
-              command. The public key should not include any host names, only
-              the key type and the key itself.
-            '';
-          };
-          publicKeyFile = mkOption {
-            default = null;
-            type = types.nullOr types.path;
-            description = ''
-              The path to the public key file for the host. The public
-              key file is read at build time and saved in the Nix store.
-              You can fetch a public key file from a running SSH server
-              with the {command}`ssh-keyscan` command. The content
-              of the file should follow the same format as described for
-              the `publicKey` option. Only a single key
-              is supported. If a host has multiple keys, use
-              {option}`programs.ssh.knownHostsFiles` instead.
-            '';
-          };
-        };
-      }));
-      description = ''
-        The set of system-wide known SSH hosts. To make simple setups more
-        convenient the name of an attribute in this set is used as a host name
-        for the entry. This behaviour can be disabled by setting
-        `hostNames` explicitly. You can use
-        `extraHostNames` to add additional host names without
-        disabling this default.
-      '';
-      example = literalExpression ''
-        {
-          myhost = {
-            extraHostNames = [ "myhost.mydomain.com" "10.10.1.4" ];
-            publicKeyFile = ./pubkeys/myhost_ssh_host_dsa_key.pub;
-          };
-          "myhost2.net".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILIRuJ8p1Fi+m6WkHV0KWnRfpM1WxoW8XAS+XvsSKsTK";
-          "myhost2.net/dsa" = {
-            hostNames = [ "myhost2.net" ];
-            publicKeyFile = ./pubkeys/myhost2_ssh_host_dsa_key.pub;
-          };
-        }
-      '';
-    };
    vacu.nix.extraSubstituters = mkOption { type = types.listOf types.str; };
    vacu.nix.extraTrustedKeys = mkOption { type = types.listOf types.str; };
  };
@@ -173,11 +78,6 @@ in {
      "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
      "nixcache.shelvacu.com:73u5ZGBpPRoVZfgNJQKYYBt9K9Io/jPwgUfuOLsJbsM="
    ];
-    assertions = flip mapAttrsToList cfg.ssh.knownHosts (name: data: {
-      assertion = (data.publicKey == null && data.publicKeyFile != null) ||
-                  (data.publicKey != null && data.publicKeyFile == null);
-      message = "knownHost ${name} must contain either a publicKey or publicKeyFile";
-    });
    vacu.ssh.authorizedKeys = [
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC4LYvUe9dsQb9OaTDFI4QKPtMmOHOGLwWsXsEmcJW86" # Termux on pixel6pro
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHcYwYy9/0Gu/GsqS72Nkz6OkId+zevqXA/aTIcvqflp" # t460s windows
@@ -187,6 +87,9 @@ in {
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOtwtao/TXbiuQOYJbousRPVesVcb/2nP0PCFUec0Nv8" # triple-dezert (root)
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAxAFFxQMXAgi+0cmGaNE/eAkVfEl91wafUqFIuAkI5I" # compute-deck (root)
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDcRDekd8ZOYfQS5X95/yNof3wFYIbHqWeq4jY0+ywQX" # pro1x nix-on-droid
+	"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIExSObd1lZprdqAFLqFhtxDEckV0q/vZZIYqrYFKfkoC" # devver
+	"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGHLPOxRd68+DJ/bYmqn0wsgwwIcMSMyuU1Ya16hCb/m" # fw (root)
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINQ2c0GzlVMjV06CS7bWbCaAbzG2+7g5FCg/vClJPe0C" # fw
    ];
    vacu.ssh.config = ''
      Host deckvacu
@@ -270,6 +173,14 @@ in {
        extraHostNames = [ "liam.dis8.net" "178.128.79.152" ];
        publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHOqJYVHOIFmEA5uRbbirIupWvyBLAFwic/8EZQRdN/c";
      };
+      devver = {
+        extraHostNames = [ "devver.t2d.lan" "10.78.79.10" ];
+	publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFeFaH2tzWIiCPdKNmxl3NqCnPTdmVIOBinauUAEl+UU";
+      };
+      fw = {
+        extraHostNames = [ "fw.t2d.lan" ];
+        publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA6lX25mCy35tf1NpcHMAdeRgvT7l0Dw0FWBH3eX4TE2";
+      };
    };
  };
 }
--- a/common-nixos-config.nix
+++ b/common-nixos-config.nix
@@ -1,6 +1,6 @@
 { lib, pkgs, config, inputs, utils, ... }:
 {
-  imports = [ ./common-config.nix ];
+  imports = [ ./generic.nix ];
  options.vacu.acmeCertDependencies = lib.mkOption {
    default = {};
    example = ''
--- a/common/package-set.nix
+++ b/common/package-set.nix
--- a/common/ssh.nix
+++ b/common/ssh.nix
@@ -0,0 +1,113 @@
+{ config, pkgs, lib, inputs, ... }: let
+  inherit (lib) mkOption types flip concatMapStringsSep optionalString concatStringsSep readFile mapAttrsToList literalExpression;
+  inherit (builtins) attrValues;
+  cfg = config.vacu;
+  knownHosts = attrValues cfg.ssh.knownHosts;
+  knownHostsText = (flip (concatMapStringsSep "\n") knownHosts
+  (h: assert h.hostNames != [];
+    optionalString h.certAuthority "@cert-authority " + concatStringsSep "," h.hostNames + " "
+    + (if h.publicKey != null then h.publicKey else readFile h.publicKeyFile)
+  )) + "\n";
+in {
+  options = {
+    vacu.ssh.authorizedKeys = mkOption {
+      type = types.listOf types.str;
+    };
+    vacu.ssh.config = mkOption {
+      type = types.lines;
+    };
+    # Straight copied from nixpkgs 
+    # https://github.com/NixOS/nixpkgs/blob/46397778ef1f73414b03ed553a3368f0e7e33c2f/nixos/modules/programs/ssh.nix
+    vacu.ssh.knownHosts = mkOption {
+      default = {};
+      type = types.attrsOf (types.submodule ({ name, config, options, ... }: {
+        options = {
+          certAuthority = mkOption {
+            type = types.bool;
+            default = false;
+            description = ''
+              This public key is an SSH certificate authority, rather than an
+              individual host's key.
+            '';
+          };
+          hostNames = mkOption {
+            type = types.listOf types.str;
+            default = [ name ] ++ config.extraHostNames;
+            defaultText = literalExpression "[ ${name} ] ++ config.${options.extraHostNames}";
+            description = ''
+              A list of host names and/or IP numbers used for accessing
+              the host's ssh service. This list includes the name of the
+              containing `knownHosts` attribute by default
+              for convenience. If you wish to configure multiple host keys
+              for the same host use multiple `knownHosts`
+              entries with different attribute names and the same
+              `hostNames` list.
+            '';
+          };
+          extraHostNames = mkOption {
+            type = types.listOf types.str;
+            default = [];
+            description = ''
+              A list of additional host names and/or IP numbers used for
+              accessing the host's ssh service. This list is ignored if
+              `hostNames` is set explicitly.
+            '';
+          };
+          publicKey = mkOption {
+            default = null;
+            type = types.nullOr types.str;
+            example = "ecdsa-sha2-nistp521 AAAAE2VjZHN...UEPg==";
+            description = ''
+              The public key data for the host. You can fetch a public key
+              from a running SSH server with the {command}`ssh-keyscan`
+              command. The public key should not include any host names, only
+              the key type and the key itself.
+            '';
+          };
+          publicKeyFile = mkOption {
+            default = null;
+            type = types.nullOr types.path;
+            description = ''
+              The path to the public key file for the host. The public
+              key file is read at build time and saved in the Nix store.
+              You can fetch a public key file from a running SSH server
+              with the {command}`ssh-keyscan` command. The content
+              of the file should follow the same format as described for
+              the `publicKey` option. Only a single key
+              is supported. If a host has multiple keys, use
+              {option}`programs.ssh.knownHostsFiles` instead.
+            '';
+          };
+        };
+      }));
+      description = ''
+        The set of system-wide known SSH hosts. To make simple setups more
+        convenient the name of an attribute in this set is used as a host name
+        for the entry. This behaviour can be disabled by setting
+        `hostNames` explicitly. You can use
+        `extraHostNames` to add additional host names without
+        disabling this default.
+      '';
+      example = literalExpression ''
+        {
+          myhost = {
+            extraHostNames = [ "myhost.mydomain.com" "10.10.1.4" ];
+            publicKeyFile = ./pubkeys/myhost_ssh_host_dsa_key.pub;
+          };
+          "myhost2.net".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILIRuJ8p1Fi+m6WkHV0KWnRfpM1WxoW8XAS+XvsSKsTK";
+          "myhost2.net/dsa" = {
+            hostNames = [ "myhost2.net" ];
+            publicKeyFile = ./pubkeys/myhost2_ssh_host_dsa_key.pub;
+          };
+        }
+      '';
+    };
+  };
+  config = {
+    assertions = flip mapAttrsToList cfg.ssh.knownHosts (name: data: {
+      assertion = (data.publicKey == null && data.publicKeyFile != null) ||
+                  (data.publicKey != null && data.publicKeyFile == null);
+      message = "knownHost ${name} must contain either a publicKey or publicKeyFile";
+    });
+  };
+};
--- a/devver/default.nix
+++ b/devver/default.nix
@@ -1,36 +1,57 @@
-{ config, pkgs, lib, inputs, ... }:
+{ config, pkgs, lib, inputs, modulesPath, ... }:

 {
  imports = [
    inputs.homeManager.nixosModules.default
-    # inputs.microvm.nixosModules.microvm
    ../common-nixos-config.nix
+    (modulesPath + "/profiles/qemu-guest.nix")
  ];
+
+
+  boot.initrd.availableKernelModules = [ "virtio_pci" "usbhid" "virtio_blk" "9pnet_virtio" "9p" "autofs4" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" "9pnet_virtio" "9p" "autofs4" ];
+  boot.extraModulePackages = [ ];
+
  system.nixos.tags = [ "host-${config.networking.hostName}" ];
  networking.hostName = "devver";
  boot.loader.external.enable = true;
-  boot.loader.external.installHook = pkgs.writeScript "vacuDirectBootInstaller" ''
-    #TODO: probably copy kernel/initrd to root
-    (echo "vacuDirectBootInstaller"; for a in "$@";do echo "$a";done) 1>&2
-    exit 0
+  boot.loader.external.installHook = pkgs.writeShellScript "vacuDirectBootInstaller" ''
+    PATH="$PATH:${pkgs.coreutils}/bin:${pkgs.gnused}/bin"
+    set -xev
+    mkdir -p /boot
+    cp $1/kernel /boot/kernel
+    cp $1/initrd /boot/initrd
+    cp $1/kernel-params /boot/kernel-params
+    sed -i "1 s|$| init=$1/sw/bin/init|" /boot/kernel-params
  '';

-  fileSystems."/" = {
+  users.users.root.shell = pkgs.bashInteractive;
+
+  fileSystems."/boot" = {
    fsType = "9p";
-    device = "root";
+    device = "boot";
    options = [
      "trans=virtio"
-      "msize=104857600"
      "access=any"
      "version=9p2000.L"
      "posixacl"
      "cache=mmap"
+      "nofail"
+      "noauto"
    ];
  };

-  boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/a373835d-b942-4232-85fe-922cb1880af3";
+    fsType = "ext4";
+  };
+
+  #boot.binfmt.emulatedSystems = [ "aarch64-linux" ];

  services.openssh.enable = true;

+  vacu.packages.nix-inspect.enable = false; #its broken for some reason I don't understand
+
  system.stateVersion = "23.11";
 }
--- a/flake.lock
+++ b/flake.lock
@@ -458,6 +458,21 @@
        "type": "indirect"
      }
    },
+    "nixpkgs2405": {
+      "locked": {
+        "lastModified": 1718810994,
+        "narHash": "sha256-qrHSG34MeJdbK7WO3+NCehOf2p8ptW50UiMTAcs9wHU=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "79f152a46bd42ba3a9fe96513e0fd9ac88190079",
+        "type": "github"
+      },
+      "original": {
+        "id": "nixpkgs",
+        "ref": "nixos-24.05-small",
+        "type": "indirect"
+      }
+    },
    "nixpkgs_2": {
      "locked": {
        "lastModified": 1717861563,
@@ -636,6 +651,7 @@
        "nix-search-cli": "nix-search-cli",
        "nixpkgs": "nixpkgs_2",
        "nixpkgs-unstable": "nixpkgs-unstable",
+        "nixpkgs2405": "nixpkgs2405",
        "padtype": "padtype",
        "sops-nix": "sops-nix",
        "vscode-server": "vscode-server"
--- a/flake.nix
+++ b/flake.nix
@@ -4,6 +4,7 @@
  inputs = {
    nixpkgs-unstable.url = "nixpkgs/nixos-unstable"; #todo: put this back to -small once jovian-nixos is fixed
    nixpkgs.url = "nixpkgs/nixos-23.11-small";
+    nixpkgs2405.url = "nixpkgs/nixos-24.05-small";
    nix-inspect = {
      url = "github:bluskript/nix-inspect";
      #inputs.nixpkgs.follows = "nixpkgs";
@@ -84,6 +85,12 @@
      specialArgs = { inherit inputs; };
    };

+    nixosConfigurations.fw = inputs.nixpkgs2405.lib.nixosSystem {
+      system = "x86_64-linux";
+      modules = [ ./fw ];
+      specialArgs = { inherit inputs; };
+    };
+
    nixOnDroidConfigurations.default = nix-on-droid.lib.nixOnDroidConfiguration {
      modules = [ ./nix-on-droid.nix ];
      extraSpecialArgs = { inherit inputs; };
--- a/fw/default.nix
+++ b/fw/default.nix
@@ -0,0 +1,94 @@
+{ config, inputs, pkgs, lib, ... }: {
+  imports = [ 
+    ../common-nixos-config.nix
+  ];
+  system.nixos.tags = [ "host-${config.networking.hostName}" ];
+  boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
+  networking.networkmanager.enable = true;
+
+  vacu.packages.bitwarden-desktop.enable = true;
+  vacu.packages.nheko.enable = true;
+  vacu.packages.librewolf.enable = true;
+  vacu.packages.brave.enable = true;
+  vacu.packages.thunderbird.enable = true;
+  vacu.packages.wl-clipboard.enable = true;
+  vacu.packages.nextcloud-client.enable = true;
+  vacu.packages.signal-desktop.enable = true;
+  vacu.packages.fw-ectool.enable = true;
+  vacu.packages.framework-tool.enable = true;
+  vacu.packages.iio-sensor-proxy.enable = true;
+  vacu.packages.power-profiles-daemon.enable = true;
+  vacu.packages.acpi.enable = true;
+
+  services.xserver.enable = true;
+  services.displayManager.sddm.enable = true;
+  services.desktopManager.plasma6.enable = true;
+
+  boot.loader.grub.enable = true;
+  boot.loader.grub.efiSupport = true;
+  boot.loader.grub.efiInstallAsRemovable = true;
+  boot.loader.grub.memtest86.enable = true;
+
+  boot.loader.grub.mirroredBoots = [
+    {
+      devices = [ "nodev" ];
+      path = "/boot0";
+    }
+    {
+      devices = [ "nodev" ];
+      path = "/boot1";
+    }
+  ];
+
+  networking.hostName = "fw"; # Define your hostname.
+  networking.hostId = "c6e309d5";
+  boot.zfs.extraPools = [ "fw" ];
+  boot.kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
+  systemd.services.zfs-mount.enable = false;
+
+  services.openssh.enable = true;
+  system.stateVersion = "23.11"; # Did you read the comment?
+  boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usb_storage" "usbhid" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-amd" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "fw/root";
+      fsType = "zfs";
+    };
+
+  fileSystems."/boot0" =
+    { device = "/dev/disk/by-label/BOOT0";
+      fsType = "vfat";
+      options = [ "fmask=0022" "dmask=0022" ];
+    };
+
+  fileSystems."/boot1" =
+    { device = "/dev/disk/by-label/BOOT1";
+      fsType = "vfat";
+      options = [ "fmask=0022" "dmask=0022" ];
+    };
+
+  hardware.cpu.amd.updateMicrocode = true;
+  hardware.enableAllFirmware = true;
+  hardware.opengl = {
+    driSupport = true;
+    driSupport32Bit = true;
+  };
+  programs.nix-ld.enable = true;
+  programs.steam = {
+    enable = true;
+    remotePlay.openFirewall = true;
+  };
+  security.rtkit.enable = true;
+  services.pipewire = {
+    enable = true;
+    alsa.enable = true;
+    alsa.support32Bit = true;
+    pulse.enable = true;
+  };
+  hardware.bluetooth.enable = true;
+  hardware.bluetooth.powerOnBoot = true;
+  services.blueman.enable = true;
+}
--- a/triple-dezert/devver-host.nix
+++ b/triple-dezert/devver-host.nix
@@ -1,12 +1,14 @@
 { pkgs, lib, config, inputs, ... }: let
  qemu-pkg = pkgs.qemu_kvm;
-  rootPath = "/trip/devver-vm/root";
+  #rootPath = "/trip/devver-vm/root";
+  bootPath = "/trip/devver-vm/boot";
  installer = inputs.self.nixosConfigurations.shel-installer;
  installerIsoDeriv = installer.config.system.build.isoImage;
  installerIsoPath = "${installerIsoDeriv}/iso/${installerIsoDeriv.name}";
-  bootInstaller = true;
+  bootInstaller = false;
  tapdev = "qemu-devver";
-  runArgs = [
+  tapdev-int = "qemu-devver-int";
+  commonArgs = [
    "${qemu-pkg}/bin/qemu-kvm"
    "-name" "devver"
    # https://www.qemu.org/docs/master/system/i386/microvm.html
@@ -31,31 +33,45 @@
    "-object" "memory-backend-memfd,id=mem,size=8G,share=off"
    "-numa" "node,memdev=mem"

-    "-fsdev" "local,id=fs0,path=${rootPath},security_model=mapped"
-    "-device" "virtio-9p-pci,fsdev=fs0,mount_tag=root"
+    # I don't understand, the docs for "-drive" says it's a shortcut for -blockdev and -device, but all the real-world code has -drive and -device
+    #"-drive" "file=/trip/devver-vm/disk-image/root.img,discard=unmap,if=none,format=raw,cache=none,id=root-disk"
+    "-blockdev" "driver=raw,node-name=root-disk,file.driver=file,file.filename=/trip/devver-vm/disk-image/root.img,discard=unmap,cache.direct=on"
+    "-device" "virtio-blk-device,drive=root-disk,write-cache=off"
+    
+    "-fsdev" "local,id=fs0,path=${bootPath},security_model=mapped-xattr,fmode=0600,dmode=0700"
+    "-device" "virtio-9p-pci,fsdev=fs0,mount_tag=boot"

    "-netdev" "tap,id=vm-devver,ifname=${tapdev},script=no,downscript=no"
-    #"-netdev" "bridge,id=vm-devver,br=${config.vacu.network.lan_bridge},helper=/run/wrappers/bin/qemu-bridge-helper"
    #Why 34? No idea! Best hint I could find is in the mailing list about the serial driver: https://lists.nongnu.org/archive/html/qemu-devel/2013-01/msg05952.html
    "-device" "virtio-net-pci,netdev=vm-devver,mac=02:19:07:A2:15:72,romfile=,mq=on,vectors=34"
-
-  ] ++ (if bootInstaller then [
+    "-netdev" "tap,id=vm-devver2,ifname=${tapdev-int},script=no,downscript=no"
+    "-device" "virtio-net-pci,netdev=vm-devver2,romfile=,mq=on,vectors=34"
+  ];
+  installerArgs = [
    # "-boot" "once=d"
    # "-cdrom" "${installerIsoPath}"
    "-drive" "if=virtio,media=cdrom,driver=raw,node-name=disk,file.driver=file,file.filename=${installerIsoPath},file.locking=off,read-only=on"
    "-kernel" "${installer.config.system.build.kernel}/${installer.config.system.boot.loader.kernelFile}"
    "-initrd" "${installer.config.system.build.initialRamdisk}/${installer.config.system.boot.loader.initrdFile}"
    "-append" "${lib.concatStringsSep " " installer.config.boot.kernelParams} init=${installer.config.system.build.toplevel}/init earlyprintk=ttyS0 console=ttyS0 debug"
-  ] else [
-    "-kernel" "${rootPath}/boot/kernel"
-    "-initrd" "${rootPath}/boot/initrd"
-    "-append" "earlyprintk=ttyS0 console=ttyS0 init=/init"
-  ]);
+  ];
+  mainArgs = [
+    "-kernel" "${bootPath}/kernel"
+    "-initrd" "${bootPath}/initrd"
+    "-append" "earlyprintk=ttyS0 console=ttyS0"
+  ];

  runScript = ''
+    set -ev
+    declare -a args
+    if [ "x$1" == "x--installer" ]; then
+      args=(${lib.escapeShellArgs (commonArgs ++ installerArgs)})
+    else
+      args=(${lib.escapeShellArgs (commonArgs ++ mainArgs)}" $(cat ${bootPath}/kernel-params)")
+    fi
    d=`mktemp -d --tmpdir qemu-devver-XXXXXXXXX`
    cd $d
-    ${lib.escapeShellArgs runArgs} -D ./log.txt
+    "''${args[@]}"
  '';
 in {
  users.groups.devver = {};
@@ -76,6 +92,18 @@ in {
      # KeepCarrier = true;
    };
  };
+  systemd.network.netdevs.${tapdev-int} = {
+    netdevConfig = {
+      Kind = "tap";
+      Name = tapdev-int;
+    };
+    tapConfig = {
+      User = config.users.users.devver.name;
+      Group = config.users.groups.devver.name;
+      PacketInfo = true;
+      # KeepCarrier = true;
+    };
+  };
  systemd.network.networks."02-vm-devver".extraConfig = ''
    Bridge = ${config.vacu.network.lan_bridge}

@@ -85,4 +113,28 @@ in {
    [Link]
    RequiredForOnline = no
  '';
+  systemd.network.networks."02-vm-devver-int".extraConfig = ''
+    Address = 10.110.171.204/31
+    DHCP = no
+    DNS = no
+    LLDP = no
+
+    [Match]
+    Name = ${tapdev-int}
+
+    [Link]
+    RequiredForOnline = no
+  '';
+
+  # networking.firewall.extraCommands = ''
+  #   if ! (iptables -t nat -n --list devver-prerouting > /dev/null 2>&1); then
+  #     iptables -t nat -N devver-prerouting
+  #   fi
+  #   iptables -t nat -F devver-prerouting
+  #   iptables -t nat -A devver-prerouting -p tcp -m tcp --dport 5022 -j DNAT --to-destination 10.78.79.10
+  #   iptables -t nat -I PREROUTING 1 -j devver-prerouting
+  # '';
+  # networking.firewall.extraStopCommands = ''
+  #   iptables -t nat -D PREROUTING -j devver-prerouting || true
+  # '';
 }
--- a/triple-dezert/vacustore.nix
+++ b/triple-dezert/vacustore.nix
@@ -37,6 +37,8 @@
        client_body_timeout 5m;
      '';

+      environment.systemPackages = [ config.services.nextcloud.package ]; # make occ command available without having to dig for it
+
      services.nextcloud = {
        enable = true;
        package = pkgs.nextcloud28;
@@ -50,6 +52,13 @@

        extraApps = {
          inherit (config.services.nextcloud.package.packages.apps) calendar notes tasks contacts;
+	  appointments = pkgs.fetchNextcloudApp {
+            appName = "appointments";
+	    url = "https://github.com/SergeyMosin/Appointments/raw/v2.1.4/build/artifacts/appstore/appointments.tar.gz";
+	    sha256 = "sha256-LKxTF6yF7n6t34KzRRRqsf1doqS7DaKPmqscmNmtzAg=";
+	    appVersion = "2.1.4";
+	    license = "agpl3";
+	  };
          gpoddersync = pkgs.fetchNextcloudApp {
            appName = "gpoddersync";
            url = "https://github.com/thrillfall/nextcloud-gpodder/releases/download/3.8.2/gpoddersync.tar.gz";
Author	SHA1	Message	Date
Shelvacu	d03b383a30	stuff	2024-06-28 14:29:14 -07:00
Shelvacu	3d478c8d37	wip commands	2024-06-22 17:03:25 -07:00
Shelvacu	e052a165ec	wip commands	2024-06-22 17:00:44 -07:00
Shelvacu	5a9e975723	Merge branch 'master' of git.uninsane.org:shelvacu/nix-stuff	2024-06-22 16:50:31 -07:00
Shelvacu	91d9098ae2	remove (unnecssary) common-packages	2024-06-22 16:49:44 -07:00
Shelvacu	145b1ba0f5	stuff	2024-06-22 01:59:49 -07:00
Shelvacu	d4f7e9dc00	stuff	2024-06-22 01:58:59 -07:00
Shelvacu	fa9a91cee2	stuff	2024-06-22 01:55:28 -07:00
Shelvacu	a0057c13ee	stuff	2024-06-22 01:44:25 -07:00
Shelvacu	5bb417995d	stuff	2024-06-21 20:18:07 -07:00
Shelvacu	389fb7aeca	stuff	2024-06-21 20:17:49 -07:00
Shelvacu	98c33a2f52	stuff	2024-06-21 17:28:59 -07:00
Shelvacu	9f898bf886	stuff	2024-06-21 16:03:24 -07:00
Shelvacu	8a09be9e7f	stuff	2024-06-21 15:59:18 -07:00
Shelvacu	8c5964cbd3	stuff	2024-06-21 15:22:38 -07:00
Shelvacu	d17af0ba0b	stuff	2024-06-20 11:29:56 -07:00
Shelvacu	03ebe9ec0a	add fw laptop config (currently ugly)	2024-06-20 07:13:51 +00:00
Shelvacu	718cd0f302	add fw keys	2024-06-20 00:06:02 -07:00
root	3633ce86cb	Merge branch 'master' of git.uninsane.org:shelvacu/nix-stuff	2024-06-18 21:46:43 -07:00
root	b68b98868b	wip	2024-06-18 21:46:22 -07:00
Shelvacu	067df3624d	Merge branch 'wip-devver'	2024-06-15 01:01:13 -07:00
Shelvacu	ab3e699ca8	add devver pubkeys	2024-06-15 01:00:49 -07:00
root	6098922cec	wip	2024-06-14 22:08:18 -07:00
root	91fe6d7880	wip	2024-06-14 22:04:56 -07:00
root	f6e31daa13	wip	2024-06-14 21:58:28 -07:00
root	b64f745ccd	wip	2024-06-14 19:13:39 -07:00
root	f48cbda8b2	wip	2024-06-14 01:43:14 -07:00
root	e771571e01	wip	2024-06-14 01:41:10 -07:00
root	2e72e5c375	wip	2024-06-13 22:12:29 -07:00
root	0f30167136	wip	2024-06-13 22:08:36 -07:00
root	03cc4cd67f	wip	2024-06-13 21:42:29 -07:00
root	57d5997038	wip	2024-06-13 21:28:00 -07:00
root	c768ada7e7	wip	2024-06-13 21:18:40 -07:00
root	805ee94e0c	wip	2024-06-13 21:00:34 -07:00
root	de920e4efb	wip	2024-06-13 20:56:04 -07:00
root	75d99a4559	wip	2024-06-13 20:54:55 -07:00
root	fd1af925e0	wip	2024-06-13 20:50:15 -07:00
root	95a14a0097	wip	2024-06-13 20:45:31 -07:00
root	5610a416de	wip	2024-06-13 20:26:48 -07:00
root	c2ac8e8f6d	wip devver	2024-06-12 15:39:38 -07:00
root	9cfeab2dce	wip	2024-06-11 16:09:31 -07:00
root	f5c03ba5ad	wip	2024-06-11 15:25:28 -07:00
root	86bcf6def5	wip	2024-06-11 14:59:45 -07:00
root	1a4e6b4a46	wip	2024-06-11 14:26:52 -07:00