| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since Tishtushi had a SSD failure and thus became a majoor nuisance to
work with, I got a temporary laptop from someone (since I don't know
whether they want to be mentioned, I leave out their name for now) in
order to be able to be more productive than waiting for several seconds
for a 1 KiB text file to be saved.
Right now, I'm not sure whether any firmware is needed for the temporary
laptop, so this is a hardware configuration just to get started with a
proper Hydra channel.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Injecting pre/post start scripts into services called
"btrfs-scrub-.service.service" isn't going to do a whole lot if the
actual service name is called "btrfs-scrub-.service".
During the last scrub I was wondering why caching got slow afterwards
and found out that the caching devices were filled with lots of
irrelevant data from the scrub. This led me to inspect what went wrong
and when checking the properties of the scrub service unit, I found out
that it never worked in the first place for the reason meantioned in the
first paragraph.
Actually using the right unit name helps a lot here, so onwards to the
next scrub in February :-)
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I already have this running in writethrough for long enough so that I'm
pretty confident that a disaster like last time[1] should not happen
anytime soon so that hereby I'm making this permanent in the machine
configuration.
The reason why I set this to writearound initially instead of
writethrough, was that I just wanted to go with the most conservative
option first.
Of course, during scrub, we still disable all caching, so we should not
generate too much wear on the SSD.
[1]: 15008e69542774c441e388ad4c2e28a2d27f9ba0
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This was one of the places where types.loaOf was still in place and it
got removed a while[1] ago and this in turn causes evaluation to fail
for quite a few machines:
The option value `boot.initrd.luks.devices' in `...' is not of type
`attribute set of submodules'.
I've not only changed all the machines to use attribute sets but also
fixed the check in core/tests.nix, because comparing against a list when
the actual type is an attribute set will result in all the LUKS tests to
be part of *all* channels, no matter whether you're actually using LUKS.
[1]: https://github.com/NixOS/nixpkgs/commit/20d491a317d9956ddca80913f07
Signed-off-by: aszlig <aszlig@nix.build>
Cc: @Profpatsch
Cc: @sternenseemann
|
|
|
|
|
|
|
|
| |
I've had this laying around in my configuration.nix since quite a while,
but today is one of those days where I can't stand all the cruft piling
up there anymore and decided to add it here.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I'm using gPodder to follow a bunch of YouTube channels and the internal
extractor/downloader tends to be pretty unreliable.
On the other hand, youtube-dl is regularily updated and supports a ton
of different formats.
To make sure we can actually use the extension, gPodder needs to have
access to the youtube_dl Python module, so we need to add it to the
propagatedBuildInputs.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
|
|
|
|
| |
One (or maybe more?) dependency of weboob requires Python 3 and hence
using weboob from python2Packages isn't going to evaluate and instead
result in this error:
error: google-api-core-1.16.0 not supported for interpreter python2.7
Using weboob from python3Packages fixes the eval error.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The use of types.loaOf has been deprecated since quite a while and
lately[1] there is also an appropriate warning in place if an option
definition relies on types.loaOf to coerce the list to an attrset.
In vuizvui we didn't rely on types.loaOf, but it turned out that dnyarri
still relied on it in boot.initrd.luks.devices.
Since we already use attrsets for defining the LUKS devices, it's rather
easy to fix and we just need to return a nameValuePair in mkDevice.
[1]: https://github.com/NixOS/nixpkgs/commit/03309899eb41e50ef65001f63d6a4f078e3d4556
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
| |
`runCommandLocal` was added to nixpkgs in
https://github.com/NixOS/nixpkgs/pull/74642
to speed up trivial `runCommand` derivations by always building them
locally. We have a few places where that’s good to use.
|
|
|
|
|
|
|
|
|
| |
Unfortunately, this is a work requirement for the user in question, so
while I'd (personally) prefer to pretty much stay on free software, the
circumstances prevent this :-/
Signed-off-by: aszlig <aszlig@nix.build>
Cc: @dwenola
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The usage of DHCP is no longer global since a while[1] and we now have
to explicitly enable it for the interfaces in question.
This actually is a good thing and makes it far less problematic if we
use tunnel interfaces and other more complicated networking
configuration.
I added the definitions for all machines where I actually know which
interfaces are in use and disabled useNetworkd for shakti, because I
don't know the interface names for that machine and the machine
currently isn't in use anyway, so we can add it later if needed.
[1]: https://github.com/NixOS/nixpkgs/pull/69302
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
| |
https://github.com/NixOS/nixpkgs/pull/58399 has been merged a few hours
ago, so we no longer need to use our manual override.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since NixOS/nixpkgs@466f5e534688049be2ed6e75ae5659633016b45e, libinput
is enabled by default for Plasma 5, so we no longer need to explicitly
enable it anymore.
Furthermore, there was brawndo as the only machine still using
Synaptics and it's about time it's using libinput as well, so I
subsequently removed synaptics there.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since NixOS/nixpkgs@c814d72b517bb201c8bbbfc64e386c7023352886, a lot of
packages now no longer have a name attribute but instead use pname, so
when checking the package name within allowUnfreePredicate we need to
make sure that we fall back to a default if the name attribute is not
present.
This fixes evaluation of the machine, however I didn't check if it
actually builds.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I don't recall the exact model which was used for that machine, but it
was definitely one that required version 5.70.
Now I made a pull request for nixpkgs a while ago[1], which hasn't been
merged and as I didn't have the chance to test it by myself I didn't
merge that pull request yet.
Since the user asked about that printer driver again, I decided to give
version 5.70 a shot in vuizvui only and merge it upstream, once the user
reports that the driver is working.
[1]: https://github.com/NixOS/nixpkgs/pull/58399
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
| |
This machine was used for controlling the LED lighting bars at
Rockfabrik. I no longer work there and the machine has subsequently been
replaced by something else, so I don't need kzerza anymore.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I did have a major outage this week, because I was using bcache with
writeback mode on a RAID10 backing storage. Fortunately, I was able to
recover 99.9% of the data (only the most recent stuff wasn't
recoverable), but I certainly don't want this to happen again in the
future.
While I did use bcache with hibernate and writeback, the interesting
part is that the caching device went bonkers after a "normal" shutdown
rather than a suspend/hibernate, with "normal" being "with a bunch of
kernel warnings about zswap". Also, this happened around a btrfs scrub,
so the inconsistency was all over the place.
So first of all, I'm now going with writaround mode rather than
writeback mode for the time being. Although it's slower than writeback,
the chances that I need to do such a recovery again is close to 0% with
writethrough and writearound because all writes are synchronous.
Second, this very change makes sure that whenever the machine goes to
sleep or a scrub is started, the caching is disabled and afterwards it's
re-enabled. That way we shouldn't have lots of trash on the caching
device.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
| |
I had this in my local configuration.nix since a while and while it
might be annoying when this runs every month, I think it's better to do
it regularily rather than having a dying disk go unnoticed.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
| |
Since quite a while, NixOS re-uses the passphrases from earlier devices,
so there is no need anymore for such a device in order to unlock
multiple containers with the same passphrase.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
| |
The "luksClose" subcommand for cryptsetup has been deprecated for a
while, so let's move over to "close".
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since I got a new SSD for the machine (thanks @cvdnext), I also had the
opportunity to re-create my LUKS containers to LUKS2 with Argon2 key
derivation alongside creating bcache backing devices.
The change in order to support bcache is just a matter of adding
"bcache" to availableKernelModules and we're done.
However, as the storage configuration is not a very common one, I
decided to add a test specific to that to make sure future NixOS updates
won't prevent the machine from booting.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
|
|
|
|
| |
The internal SSD of the machine just died, so I reconstructed the Nix
store on the spinning rust from the machine configuration and we're now
left without the SSD.
Maybe it makes sense to still use the SSD with bcache, depending on how
failure-resilient it is, but for now, let's just remove it so we at
least have a working system.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
|
|
|
| |
The upstream version 0.6.4 was released 2 months ago and it recently hit
nixpkgs[1], so we can finally drop the override as the new version now
contains the fix[2] for the problem that affected me.
[1]: https://github.com/NixOS/nixpkgs/commit/5e2590ba6fd352bc65b4cd7fd82
[2]: https://github.com/gpodder/podcastparser/pull/17
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
| |
User is likely to switch, so let's add Firefox alongside to Chromium and
eventually remove Chromium at some day.
Signed-off-by: aszlig <aszlig@nix.build>
Cc: @dwenola
|
|
|
|
|
| |
Signed-off-by: aszlig <aszlig@nix.build>
Cc: @dwenola
|
|
|
|
|
|
|
|
| |
Those are useful for HBCI/FinTS support and scraping other banking
websites. KGPG is for encrypting the ledger.
Signed-off-by: aszlig <aszlig@nix.build>
Cc: @brokkoliberta
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit d813e5de7f84ad57d25b5c0ec95c2098204e976b.
Turns out that the machine's owner has found an alternative font already
installed on the system, so we don't need proprietary fonts, yay!
Signed-off-by: aszlig <aszlig@nix.build>
Cc: @brokkoliberta
|
|
|
|
|
|
|
|
|
|
| |
I thought about whether this would be a good idea to generally add this
to the managed profile, but didn't do so because we don't want to
encourage users to use proprietary fonts if possible. If requested we
can still add it on a by-machine basis.
Signed-off-by: aszlig <aszlig@nix.build>
Cc: @brokkoliberta
|
|
|
|
|
|
|
| |
This has been on the machine for a while and it's now in nixpkgs master.
Signed-off-by: aszlig <aszlig@nix.build>
Cc: @brokkoliberta
|
|
|
|
|
|
|
|
|
|
| |
This has been in the configuration.nix for a while and it seems to be
working. It might be a good idea to add it to the managed profile, but
we first have to test whether this really works for other machines than
tyree.
Signed-off-by: aszlig <aszlig@nix.build>
Cc: @brokkoliberta
|
|
|
|
|
|
|
|
|
| |
The machine doesn't have a lot of MMC space, so putting a whole lot of
logs which we probably won't need for such a long time isn't a good
idea.
Signed-off-by: aszlig <aszlig@nix.build>
Cc: @brokkoliberta
|
|
|
|
|
|
|
|
|
| |
The new installation of this Laptop uses encryption and so far these
options have been residing in the local configuration.nix, so let's get
it over to Vuizvui.
Signed-off-by: aszlig <aszlig@nix.build>
Cc: @brokkoliberta
|
|
|
|
|
|
|
|
| |
The machine's user already has switched to Firefox since quite a while,
so let's actually add it to systemPackages.
Signed-off-by: aszlig <aszlig@nix.build>
Cc: @brokkoliberta
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The monitor reports back EDID via DVI but the HDMI->DVI adapter seems to
not handle that correctly. Also the monitor has weird resolutions, so
using the fallback modes provided by the kernel also doesn't seem to
work and the monitor stays blank.
While hardcoding the EDID information isn't a very good idea for this
machine in general (because it might be connected to a different
monitor), for now this is the easiest workaround because I don't have
access to that machine.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
|
| |
Similar to 8562389f5e13e42329fc26ca53e9cf54ac0e541e but now for dnyarri.
I grew a bit tired recently to fix up kernels, so let's actually run the
latest release version instead.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
| |
Not sure why I added them in the first place, but it was probably
because they were listed in the hardware config generated by
nixos-generate-config.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
| |
These were needed a few months ago but they're now automatically added
if boot.initrd.luks.devices is non-empty.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
| |
I'm a bit tired of constantly running into regression from release
canidate kernels, so let's switch to released kernels for now.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
| |
We no longer write directly to the physical block device, so let's not
try to TRIM a mapper device.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
|
|
|
| |
I had to recover tishtushi while on the road because I have used zstd
compression, which GRUB doesn't support.
So instead of just adding a boot partition I decided to actually do
what I long wanted to do, which is to actually encrypt the disks, so the
new partitioning reflects that.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
| |
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
| |
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
| |
The new machine (shakti) is going to use Firefox, so let's make sure
this is machine-specific.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
| |
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
| |
At least for now until the owner gets rid of it.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
| |
This is only a placeholder right now so we get Hydra builds.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
| |
This is clearly something that is specific to the actual hardware, so
even though both brawndo and tyree share the same CPU vendor, we will
have a third managed machine that is going to be different.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
|
|
| |
Why do I fix up a machine that doesn't exist anymore?
This was from a time where I had no laptop and was travelling around
with an USB stick in order to have a working environment on other
machines, but that's no longer the case.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
|
|
|
| |
Since I wrote the config for that machine, the modulesPath attribute is
actually a thing in NixOS modules, so let's use that one instead.
Besides, I really tend to like that even more restrictive restrictive
evaluation mode, because it allows us to get rid of all those references
to the Nix path.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
|
|
|
| |
I've put in an assertion back then to make sure that once gpodder 3.10.1
is released, we get a failure so we don't stay behind forever.
With NixOS/nixpkgs@4d1e72cfbb8de0d8adf2c047aad14f29eb4f77bf, not only
the version is bumped but also the icon theme is added back, so we can
drop the whole override of the attributes.
Signed-off-by: aszlig <aszlig@nix.build>
|