| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The usage of DHCP is no longer global since a while[1] and we now have
to explicitly enable it for the interfaces in question.
This actually is a good thing and makes it far less problematic if we
use tunnel interfaces and other more complicated networking
configuration.
I added the definitions for all machines where I actually know which
interfaces are in use and disabled useNetworkd for shakti, because I
don't know the interface names for that machine and the machine
currently isn't in use anyway, so we can add it later if needed.
[1]: https://github.com/NixOS/nixpkgs/pull/69302
Signed-off-by: aszlig <aszlig@nix.build>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Since NixOS/nixpkgs@c814d72b517bb201c8bbbfc64e386c7023352886, a lot of
packages now no longer have a name attribute but instead use pname, so
when checking the package name within allowUnfreePredicate we need to
make sure that we fall back to a default if the name attribute is not
present.
This fixes evaluation of the machine, however I didn't check if it
actually builds.
Signed-off-by: aszlig <aszlig@nix.build>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I did have a major outage this week, because I was using bcache with
writeback mode on a RAID10 backing storage. Fortunately, I was able to
recover 99.9% of the data (only the most recent stuff wasn't
recoverable), but I certainly don't want this to happen again in the
future.
While I did use bcache with hibernate and writeback, the interesting
part is that the caching device went bonkers after a "normal" shutdown
rather than a suspend/hibernate, with "normal" being "with a bunch of
kernel warnings about zswap". Also, this happened around a btrfs scrub,
so the inconsistency was all over the place.
So first of all, I'm now going with writaround mode rather than
writeback mode for the time being. Although it's slower than writeback,
the chances that I need to do such a recovery again is close to 0% with
writethrough and writearound because all writes are synchronous.
Second, this very change makes sure that whenever the machine goes to
sleep or a scrub is started, the caching is disabled and afterwards it's
re-enabled. That way we shouldn't have lots of trash on the caching
device.
Signed-off-by: aszlig <aszlig@nix.build>
|
| |
|
|
|
|
|
|
| |
I had this in my local configuration.nix since a while and while it
might be annoying when this runs every month, I think it's better to do
it regularily rather than having a dying disk go unnoticed.
Signed-off-by: aszlig <aszlig@nix.build>
|
| |
|
|
|
|
|
|
| |
Since quite a while, NixOS re-uses the passphrases from earlier devices,
so there is no need anymore for such a device in order to unlock
multiple containers with the same passphrase.
Signed-off-by: aszlig <aszlig@nix.build>
|
| |
|
|
|
|
|
| |
The "luksClose" subcommand for cryptsetup has been deprecated for a
while, so let's move over to "close".
Signed-off-by: aszlig <aszlig@nix.build>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since I got a new SSD for the machine (thanks @cvdnext), I also had the
opportunity to re-create my LUKS containers to LUKS2 with Argon2 key
derivation alongside creating bcache backing devices.
The change in order to support bcache is just a matter of adding
"bcache" to availableKernelModules and we're done.
However, as the storage configuration is not a very common one, I
decided to add a test specific to that to make sure future NixOS updates
won't prevent the machine from booting.
Signed-off-by: aszlig <aszlig@nix.build>
|
| |
|
|
|
|
|
|
|
|
|
| |
The upstream version 0.6.4 was released 2 months ago and it recently hit
nixpkgs[1], so we can finally drop the override as the new version now
contains the fix[2] for the problem that affected me.
[1]: https://github.com/NixOS/nixpkgs/commit/5e2590ba6fd352bc65b4cd7fd82
[2]: https://github.com/gpodder/podcastparser/pull/17
Signed-off-by: aszlig <aszlig@nix.build>
|
| |
|
|
|
|
|
|
|
| |
Similar to 8562389f5e13e42329fc26ca53e9cf54ac0e541e but now for dnyarri.
I grew a bit tired recently to fix up kernels, so let's actually run the
latest release version instead.
Signed-off-by: aszlig <aszlig@nix.build>
|
| |
|
|
|
|
|
| |
These were needed a few months ago but they're now automatically added
if boot.initrd.luks.devices is non-empty.
Signed-off-by: aszlig <aszlig@nix.build>
|
| |
|
|
|
|
|
|
|
|
|
| |
I've put in an assertion back then to make sure that once gpodder 3.10.1
is released, we get a failure so we don't stay behind forever.
With NixOS/nixpkgs@4d1e72cfbb8de0d8adf2c047aad14f29eb4f77bf, not only
the version is bumped but also the icon theme is added back, so we can
drop the whole override of the attributes.
Signed-off-by: aszlig <aszlig@nix.build>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This is needed in order to correctly display icons if someone doesn't
use a full desktop environment.
I'm not sure why NixOS/nixpkgs@bff6d624e05c53777a9d2fd85872884983f74313
removed this (in particular gnome3.defaultIconTheme, but
hicolor_icon_theme should be enough anyway), but let's re-add it for our
configuration until this is sorted out.
Signed-off-by: aszlig <aszlig@nix.build>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Seems that 543ca6580d6f52d58caf975c0ed583956aa08b39 was not enough to
fix the actual issue, because the real issue was in podcastparser.
The upstream issue is gpodder/gpodder#394 and the pull request fixing
this is gpodder/podcastparser#17.
Instead of just updating podcastparser, I also updated gpodder to latest
master, because it contains a few more fixes.
I've tested whether this fixes my issue and it did (feed items now have
the correct date).
Signed-off-by: aszlig <aszlig@nix.build>
|
| |
|
|
|
|
|
| |
I've been using this for a while and got better results than zlib and
lzo, so let's actually use this for all my machines.
Signed-off-by: aszlig <aszlig@nix.build>
|
| |
|
|
|
|
|
|
|
|
|
| |
This is mainly to get gpodder/gpodder@c937184987431427dfcf8ac9bc098ce0ac
but there are other fixes in the current master version, so instead of
just patching the single fix, I'm heading for master directly instead.
I've also added an assertion on the version attribute so that whenever
there is a new upstream version, we can revert this.
Signed-off-by: aszlig <aszlig@nix.build>
|
| |
|
|
|
|
|
| |
I'm using Firefox now and also having a label which only says "Browser"
is a bit more browser-agnostic.
Signed-off-by: aszlig <aszlig@nix.build>
|
| |
|
|
|
|
|
| |
Actually this is the only one workstation where I use gpodder, so let's
move it there and also don't make it a lazy package.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This dissolves the user.aszlig.system.kernel module, which was not only
to stay on the latest bleeding edge kernel but also to enable BFQ. The
latter has been factored out already a while ago already.
Originally, I had a fully custom kernel config for mmrnmhrm and dnyarri,
but it's no longer the case and thus the user.aszlig.system.kernel
module is now no longer needed.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There are two other occasions where packageOverrides are still in use,
one of them is @sternenseemann's fliewatuet machine and another one is
@devhell's package profile.
I've replaced every other occurence of packageOverrides and replaced it
with overlays and checked the store path hash after evaluation.
The reason why I left @sternenseemann's fliewatuet alone was that for
I wasn't quite sure whether "bluez = pkgs.bluez5" is still needed or
intentional to pin it to version 5. Because if it's not the case the
packageOverrides can just be dropped because bluez is already bluez5 in
upstream <nixpkgs>.
For @devhell's package profile, I did the conversion, but the store path
turned out to be a different one than what it was prior to the change.
I did take a quick look at the requisites of the drv and found that sox
was one of the different paths that led to the change in the final store
path.
This obviously needs to be tested and/or investigated first.
Other than that, the main reason why I'm moving everything to overlays
is that it's the replacement for packageOverrides and also has a better
way to pass through chains of overrides than packageOverrides had.
My guess is that after NixOS 17.09, the old packageOverrides function
will be removed, so let's make sure we're ready for that.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @devhell, @sternenseemann
|
| |
|
|
|
|
|
|
| |
We only use the firmware blobs for the CPU microcode and the GPU, both
of them are redistributable so there is no need to enable those that
have even more licensing restrictions.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
The derivation name now is just "hplip-VERSION" (eg. "hplip-3.16.11")
instead of "pythonX.Y-hplip-VERSION".
The upstream commit changing this was:
NixOS/nixpkgs@3760c8c7fde6e8b15d19b063579d05018fc2d8b3
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts the following commits:
* f34f60216a94f41e684b2b2a29be9ca5f8f72940
* fb6cd06936a469fad708e1095b5ee25ad1298375
Using permittedInsecurePackages on all my machines isn't something I
want to pursue, because this really affects *one* single package and I
really don't want to whitelist webkitgtk-2.4.11 across all of my
machines.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Unfortunately, mmrnmhrm has died because of three blown up capacitors
which resulted in hard shut downs due to CPU0 temperature values that
were out of range.
At first I assumed a real temperature problem and thus vacuumed the fan
and everything else, applied new thermal paste and it still failed after
a few minutes. What I found a bit odd was the fact that the machine
powered off even though the last reading of the CPU temperature was 40
degrees Celsius, so that definitly wasn't the problem.
So I went on to look for any blown capacitors on the main board, because
that's probably one of the most frequent cause of hardware failure... at
least for mainboards and monitors. One of the three capacitors I found
to be leaking seems to be leading to the CPU temperature sensor as far
as I can tell (I didn't test with a multimeter though, because I have
lent it out to someone else).
While it shouldn't be hard to fix the blown capacitors (apart from the
fact that we had national holiday during the Easter week), my long-term
goal was to make mmrnmhrm obsolete anyway, so it was a good opportunity
to do exactly that.
The reason why I wanted to get rid of mmrnmhrm was that it has been a
very slow machine since commit 2df7ee103a01da34c9c82235bc286dde35e0f1ba,
which was essentially a hardware downgrade back then.
Dnyarri always has been the better machine hardware-wise but I couldn't
use it to its full potential because it had a cooling issue. The latter
has been resolved a few weeks ago, where I replaced the CPU fan and it's
now not only less noisy but stays at below 50 degrees Celsius even on
high load.
Merging mmrnmhrm into dnyarri also means, that we now have a new disk
layout:
+---------------+--------------+--------------+--------------+
| Disk 1 | Disk 2 | Whole disk 3 | Whole disk 4 |
+---------------+--------------+--------------+--------------+
| EFI partition | crypt-vault | crypt-root-3 | crypt-root-4 |
| crypt-swap-1 | crypt-swap-2 +-----------------------------+
| crypt-root-1 | crypt-root-2 |
+---------------+--------------+
Disk 1 and 2 use GUID partitions while disk 3 and 4 don't have a
partition table but use btrfs across the whole device. The crypt-vault
partition is solely for unlocking other crypto volumes so that a single
passphrase unlocks all of the LUKS containers rather than needing to
provide 6 passphrases.
Also, I've migrated to using UEFI for booting, which is why there now is
an EFI partition as well. Having no redundancy on the EFI and the
crypt-vault partitions doesn't hurt so much because in the event of
drive failure all of the containers can still be unlocked via a
passphrase instead of the vault key.
Disk 3 and 4 are the disks that were formerly installed into mmrnmhrm
and now comprise one big btrfs volume together with the two disks (1 and
2) already present inside dnyarri.
Instead of RAID1 on data and metadata, the btrfs file system layout now
is RAID10 for data and metadata.
This merge also removes synergy for obvious reasons (no other machine
anymore) and disables kmscon because it was just a test in the first
place and I found it a bit annoying to work with.
Summary: Mmrnmhrm is (are?) dead, long live dnyarri!
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| | |
|
| |
|
|
|
|
|
|
| |
webkitgtk-2.4.11 is insecure, I am whitelisting it for now to fix the
evaluation errors on the hydra.
Consider, what you want to do on the issue long term, or just revert
this commit as soon as the CVEs are fixed upstream, @aszlig!
|
| |
|
|
|
|
|
|
|
|
|
| |
This machine is used for collecting all that useless paperwork gathered
since a few years, so I need scanner support.
Unfortunately the scanner (it's part of a HP Officejet all-in-one
thingy) needs to have a proprietary plugin for hplip in order to work,
which is not nice and I'm not very proud about needing to do this.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
I now prefer to explicitly state the function along with the "lib."
namespace instead of making it available over the whole scope of the
module.
One of the main reasons for this is that you can do early error checking
with nix-instantiate --parse.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
|
|
|
|
| |
I use this machine to archive all the crap that's piling up over the
years and paperwork is quite useful in this regard :-)
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
|
|
|
| |
This is needed mostly for the GPUs and for KMS to hopefully work.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I've been patching these machines up since ages and I'm tired now to do
both kernel configs *again* for the recent kernel versions.
Of course, in the long run I still want them to have their customized
kernel, but right now it's better to have a recent generic kernel rather
than have a fucked up custom kernel.
Also, this removes all that cruft for the Intel HDA pinning on dnyarri,
because the machine now has two X-Fi sound cards.
Both machines probably won't boot now, so we'll have to adjust a few
things very soon.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
|
|
|
|
| |
I no longer use VirtualBox on any of my machines anymore, so let's
remove it for good :-)
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
|
|
|
|
| |
Actually this is the *only* machine where I actually use VirtualBox, on
every other machine I'm fine with qemu/KVM.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
|
|
|
|
| |
It has been renamed since months (NixOS/nixpkgs@14321ae) and
users.extra* are now just aliases to users.users and users.groups.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
|
|
|
|
|
| |
I'm going to remove legacy fbdev support from the kernel configurations,
so in order to still have terminals besides the X server we need to
enable this (also, kmscon allows more eyecandy if we want that).
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
|
|
|
|
|
| |
This reverts commit 6d823f636947701f98ee5943187f0a99f0827e72.
Second screen on dnyarri is back :-)
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
|
|
|
|
| |
That monitor died a few days ago (probably blown capacitor), so let's
disable it until I got time to fix that monitor.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This means, we don't have that lib directory anymore and also we're not
doing text substitution on the kernel config but instead override the
original attributes.
However, this needs to be refactored even further, so we can use the
NixOS kernel system, which allows for certain modules to require
specific kernel features. That way we can automatically create a kernel
config from the list of required features and we only need to set a
specific base config instead of specifying the *full* kernel config.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Both files are specific to my machines only and need to be generalized
in order to be useful for anyone else.
Moving these files has a few other censequences, such that we now need
to automatically import the module-list.nix in callMachine.
Speaking of module-list.nix, the file is now alphabetically sorted.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
|
|
|
|
|
| |
So far the modules were still using the old naming scheme of
vuizvui.name where name is the corresponding module name directly
instead of the category.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
|
|
Introduces callMachine in machines/default.nix, which returns an
attribute set containing the (input) configuration and also a build
attribute containing the output configuration and thus also the builds.
However, we still have references to ../../common-workstation.nix which
we need to refactor very soon.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
