Remove edge · ngp.computer/nixos@82d223c

-2

README.md

-6

flake.nix

··· 186 186 ]; 187 187 enableNFTables = false; 188 188 }; 189 - nixosConfigurations.edge = basicSystem { 190 - useUnstable = true; 191 - modules = [ 192 - ./host-specific/edge/configuration.nix 193 - ]; 194 - }; 195 189 homeConfigurations."noah-aleister" = home-manager.lib.homeManagerConfiguration { 196 190 pkgs = import nixpkgs { 197 191 system = "aarch64-darwin";

-207

host-specific/edge/configuration.nix

··· 1 - # Edit this configuration file to define what should be installed on 2 - # your system. Help is available in the configuration.nix(5) man page, on 3 - # https://search.nixos.org/options and in the NixOS manual (`nixos-help`). 4 - 5 - { 6 - config, 7 - lib, 8 - pkgs, 9 - inputs, 10 - ... 11 - }: 12 - let 13 - system = pkgs.stdenv.targetPlatform.system; 14 - agave = (builtins.getFlake "/home/noah/repos/agave"); 15 - in 16 - { 17 - imports = [ 18 - # Include the results of the hardware scan. 19 - ./hardware-configuration.nix 20 - agave.nixosModules.default 21 - ]; 22 - 23 - nix.settings.experimental-features = [ 24 - "nix-command" 25 - "flakes" 26 - ]; 27 - 28 - # Use the systemd-boot EFI boot loader. 29 - boot.loader.systemd-boot.enable = true; 30 - #boot.loader.grub.device = "nodev"; 31 - #boot.loader.grub.efiSupport = true; 32 - #boot.loader.grub.useOSProber = true; 33 - boot.loader.efi.canTouchEfiVariables = true; 34 - 35 - # Use latest kernel. 36 - boot.kernelPackages = pkgs.linuxPackages_latest; 37 - 38 - networking.hostName = "edge"; # Define your hostname. 39 - 40 - # Configure network connections interactively with nmcli or nmtui. 41 - networking.networkmanager.enable = true; 42 - 43 - # Set your time zone. 44 - # time.timeZone = "Europe/Amsterdam"; 45 - 46 - # Configure network proxy if necessary 47 - # networking.proxy.default = "http://user:password@proxy:port/"; 48 - # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; 49 - 50 - # Select internationalisation properties. 51 - i18n.defaultLocale = "en_US.UTF-8"; 52 - console = { 53 - font = "Lat2-Terminus16"; 54 - keyMap = "us"; 55 - #useXkbConfig = true; # use xkb.options in tty. 56 - }; 57 - 58 - # Enable the X11 windowing system. 59 - # services.xserver.enable = true; 60 - 61 - # Configure keymap in X11 62 - # services.xserver.xkb.layout = "us"; 63 - # services.xserver.xkb.options = "eurosign:e,caps:escape"; 64 - 65 - # Enable CUPS to print documents. 66 - # services.printing.enable = true; 67 - 68 - # Enable sound. 69 - # services.pulseaudio.enable = true; 70 - # OR 71 - # services.pipewire = { 72 - # enable = true; 73 - # pulse.enable = true; 74 - # }; 75 - 76 - # Enable touchpad support (enabled default in most desktopManager). 77 - # services.libinput.enable = true; 78 - 79 - # Define a user account. Don't forget to set a password with ‘passwd’. 80 - # users.users.alice = { 81 - # isNormalUser = true; 82 - # extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. 83 - # packages = with pkgs; [ 84 - # tree 85 - # ]; 86 - # }; 87 - 88 - # programs.firefox.enable = true; 89 - 90 - # List packages installed in system profile. 91 - # You can use https://search.nixos.org/ to find more packages (and options). 92 - environment.systemPackages = with pkgs; [ 93 - neovim 94 - wget 95 - git 96 - htop 97 - inputs.agenix.packages."${system}".agenix 98 - agave.packages.${system}.solana 99 - agave.packages.${system}.solana-keygen 100 - ]; 101 - 102 - services.tailscale.useRoutingFeatures = "both"; 103 - 104 - # Some programs need SUID wrappers, can be configured further or are 105 - # started in user sessions. 106 - # programs.mtr.enable = true; 107 - # programs.gnupg.agent = { 108 - # enable = true; 109 - # enableSSHSupport = true; 110 - # }; 111 - 112 - # List services that you want to enable: 113 - 114 - # Enable the OpenSSH daemon. 115 - services.openssh.enable = true; 116 - services.openssh.openFirewall = true; 117 - 118 - # Open ports in the firewall. 119 - # networking.firewall.allowedTCPPorts = [ ... ]; 120 - # networking.firewall.allowedUDPPorts = [ ... ]; 121 - # Or disable the firewall altogether. 122 - networking.firewall.enable = true; 123 - networking.firewall = { 124 - allowPing = true; 125 - allowedUDPPorts = [ ]; 126 - allowedUDPPortRanges = [ 127 - # Agave 128 - { 129 - from = 8000; 130 - to = 8020; 131 - } 132 - ]; 133 - allowedTCPPorts = [ 134 - 2375 135 - 3000 136 - # Agave 137 - 8001 138 - 8899 139 - 8900 140 - 10000 141 - ]; 142 - }; 143 - security.pam.loginLimits = [ 144 - { 145 - domain = "*"; 146 - type = "soft"; 147 - item = "nofile"; 148 - value = "100000"; 149 - } 150 - { 151 - domain = "*"; 152 - type = "hard"; 153 - item = "nofile"; 154 - value = "1000000"; 155 - } 156 - ]; 157 - 158 - age.secrets.validator-identity = { 159 - file = ../../secrets/validator-identity.age; 160 - owner = "sol"; 161 - group = "sol"; 162 - }; 163 - services.ambient-validator = { 164 - enable = true; 165 - package = agave.packages.${system}.ambient-validator; 166 - # this needs to be a secret 167 - identityKeypair = config.age.secrets.validator-identity.path; 168 - rpcBindAddress = "0.0.0.0"; 169 - geyserPluginConfig = { 170 - libpath = "${agave.packages.${system}.yellowstone-geyser}/lib/libyellowstone_grpc_geyser.so"; 171 - log = { 172 - level = "info"; 173 - }; 174 - tokio = { 175 - worker_threads = 4; 176 - affinity = null; 177 - }; 178 - grpc = { 179 - address = "0.0.0.0:10000"; 180 - }; 181 - }; 182 - }; 183 - # Copy the NixOS configuration file and link it from the resulting system 184 - # (/run/current-system/configuration.nix). This is useful in case you 185 - # accidentally delete configuration.nix. 186 - # system.copySystemConfiguration = true; 187 - 188 - # This option defines the first version of NixOS you have installed on this particular machine, 189 - # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. 190 - # 191 - # Most users should NEVER change this value after the initial install, for any reason, 192 - # even if you've upgraded your system to a new NixOS release. 193 - # 194 - # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, 195 - # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how 196 - # to actually do that. 197 - # 198 - # This value being lower than the current NixOS release does NOT mean your system is 199 - # out of date, out of support, or vulnerable. 200 - # 201 - # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, 202 - # and migrated your data accordingly. 203 - # 204 - # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . 205 - system.stateVersion = "25.11"; # Did you read the comment? 206 - 207 - }

-60

host-specific/edge/hardware-configuration.nix

··· 1 - # Do not modify this file! It was generated by ‘nixos-generate-config’ 2 - # and may be overwritten by future invocations. Please make changes 3 - # to /etc/nixos/configuration.nix instead. 4 - { 5 - config, 6 - lib, 7 - pkgs, 8 - modulesPath, 9 - ... 10 - }: 11 - 12 - { 13 - imports = [ 14 - (modulesPath + "/installer/scan/not-detected.nix") 15 - ]; 16 - 17 - boot.initrd.availableKernelModules = [ 18 - "nvme" 19 - "xhci_pci" 20 - "ahci" 21 - "usbhid" 22 - ]; 23 - boot.initrd.kernelModules = [ ]; 24 - boot.kernelModules = [ "kvm-amd" ]; 25 - boot.extraModulePackages = [ ]; 26 - 27 - fileSystems."/" = { 28 - device = "/dev/disk/by-uuid/8101a0a8-a8c6-4083-85b6-c136d3c80f2e"; 29 - fsType = "ext4"; 30 - }; 31 - 32 - fileSystems."/boot" = { 33 - device = "/dev/disk/by-uuid/E7AD-32DA"; 34 - fsType = "vfat"; 35 - options = [ 36 - "fmask=0077" 37 - "dmask=0077" 38 - ]; 39 - }; 40 - 41 - swapDevices = [ ]; 42 - 43 - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; 44 - hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; 45 - boot.swraid = { 46 - enable = true; 47 - #mdadmConf = '' 48 - # ARRAY /dev/md126 metadata=1.2 UUID=27cd6eab:f0304d07:b859f0f2:1a8f29b7 49 - # MAILADDR noah 50 - #''; 51 - }; 52 - 53 - # stuff for Agave 54 - boot.kernel.sysctl."net.core.rmem_default" = 134217728; 55 - boot.kernel.sysctl."net.core.rmem_max" = 134217728; 56 - boot.kernel.sysctl."net.core.wmem_default" = 134217728; 57 - boot.kernel.sysctl."net.core.wmem_max" = 134217728; 58 - boot.kernel.sysctl."vm.max_map_count" = 1000000; 59 - boot.kernel.sysctl."fs.nr_open" = 1000000; 60 - }

-3

secrets/secrets.nix

··· 5 5 "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIChbA8oSqYgmjIGYjlpAPLf+Nl6IlcSb2Zmh/Hl6xm88 noah@accelerator" 6 6 ]; 7 7 misaki = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO+Rcf4Lr+JPWGKQol6eAml6SMgERkGJWgN7y1qYUUvX root@nixos"; 8 - edge = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINCmFKYXpQf1E8E7fj5s+3R33HPRjPhXrv++FCKYBCd4 root@nixos"; 9 8 odin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJIuvOXEK7M2i/Q8FeableBS+L20zwQpLetOuFGUhba2 root@nixos"; 10 9 touma-wsl = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFeyj52bQ/nf5k4HwDckeHy8wU3weDtY6IF6VlUJ/hAH root@nixos"; 11 10 shizuri = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIaMdVtl8UlDa9kI/PO62Glu/PeJXfgXNsVg92b+BibE root@nixos"; 12 11 hosts = [ 13 12 misaki 14 - edge 15 13 odin 16 14 touma-wsl 17 15 shizuri ··· 24 22 misaki 25 23 noah 26 24 ]; 27 - "validator-identity.age".publicKeys = [ edge ]; 28 25 "catgirl-libera.age".publicKeys = noah; 29 26 "garage_rpc_secret.age".publicKeys = [ misaki ] ++ noah; 30 27 "garage_admin_secret.age".publicKeys = [ misaki ] ++ noah;

secrets/validator-identity.age

This is a binary file and will not be displayed.

Configure Feed

Configure Feed