diff --git a/config/profiles/vfio/profile.nix b/config/profiles/vfio/profile.nix index cec7e7ba..47f2e3ca 100644 --- a/config/profiles/vfio/profile.nix +++ b/config/profiles/vfio/profile.nix @@ -1,11 +1,13 @@ { config, pkgs, lib, ... }: with lib; let win10-toggler = pkgs.writeShellScriptBin "win10-toggle" '' -if systemctl --user is-active konawall-rotation.timer --quiet; then - systemctl --user stop konawall-rotation.timer +REQUEST="$0" +if [[ "REQUEST" = "on" ]]; then + sudo win10-vm-pinning $(cat $XDG_RUNTIME_DIR/win10-vm.pid) + systemctl --user stop konawall-rotation.timer else + sudo win10-vm-pinning systemctl --user start konawall-rotation.timer fi -sudo win10-vm-pinning $(cat $XDG_RUNTIME_DIR/win10-vm.pid) ''; win10-start-pane = pkgs.writeShellScriptBin "win10-start-pane" '' sudo disk-mapper-part /dev/disk/by-id/ata-ST2000DM008-2FR102_WK301C3H-part2 @@ -122,19 +124,17 @@ in { }; wantedBy = ["sysinit.target"]; }; - cpuset = { - type = "cgroup"; - what = "cpuset"; - where = "/sys/fs/cgroup/cpuset"; - wantedBy = singleton "multi-user.target"; - options = "cpuset"; - }; in [ - cpuset (hugepages { where = "/dev/hugepages"; options = "mode=0775"; }) (hugepages { where = "/dev/hugepages1G"; options = "pagesize=1GB,mode=0775"; }) ]; + fileSystems."/sys/fs/cgroup/cpuset" = { + device = "cpuset"; + fsType = "cgroup"; + noCheck = true; + }; + systemd.services.preallocate-huggies = { wantedBy = singleton "multi-user.target"; serviceConfig = { diff --git a/config/services/jira.nix b/config/services/jira.nix new file mode 100644 index 00000000..02a42114 --- /dev/null +++ b/config/services/jira.nix @@ -0,0 +1,56 @@ +{ config, pkgs, lib, tf, ... }: with lib; { + services.jira = { + enable = true; + }; + + + deploy.tf.dns.records.services_jira = { + inherit (config.network.dns) zone; + domain = "jira"; + cname = { inherit (config.network.addresses.public) target; }; + }; + + systemd.services.jiraPostgresSQLInit = { + after = [ "postgresql.service" ]; + before = [ "jira.service" ]; + bindsTo = [ "postgresql.service" ]; + path = [ config.services.postgresql.package ]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + User = "postgres"; + Group = "postgres"; + }; + script = '' + set -o errexit -o pipefail -o nounset -o errtrace + shopt -s inherit_errexit + create_role="$(mktemp)" + trap 'rm -f "$create_role"' ERR EXIT + echo "CREATE ROLE jira WITH LOGIN PASSWORD '$(<'${config.secrets.files.jira-postgres-file.path}')' CREATEDB" > "$create_role" + psql -tAc "SELECT 1 FROM pg_roles WHERE rolname='jira'" | grep -q 1 || psql -tA --file="$create_role" + psql -tAc "SELECT 1 FROM pg_database WHERE datname = 'jira'" | grep -q 1 || psql -tAc 'CREATE DATABASE "jira" OWNER "jira"' + ''; + }; + + + kw.secrets.variables.jira-postgres = { + path = "secrets/jira"; + field = "password"; + }; + + secrets.files.jira-postgres-file = { + text = "${tf.variables.jira-postgres.ref}"; + owner = "postgres"; + group = "jira"; + }; + + users.users.nginx.extraGroups = [ "jira" ]; + services.nginx.virtualHosts."jira.${config.network.dns.domain}" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:8091"; + proxyWebsockets = true; + }; + }; +} diff --git a/config/services/nginx.nix b/config/services/nginx.nix index 70a074e7..51977b8e 100644 --- a/config/services/nginx.nix +++ b/config/services/nginx.nix @@ -39,7 +39,8 @@ with lib; }; security.acme = { - defaults.email = config.network.dns.email; + #defaults.email = config.network.dns.email; + email = config.network.dns.email; acceptTerms = true; }; } diff --git a/config/tf b/config/tf index ab39c7fb..d8a25e3c 160000 --- a/config/tf +++ b/config/tf @@ -1 +1 @@ -Subproject commit ab39c7fb9a3bb8250abbce9b66a1ede088919f12 +Subproject commit d8a25e3cb44bbf66a710f4dcc6bd7d19e60fb233 diff --git a/config/users/kat/dev/packages.nix b/config/users/kat/dev/packages.nix index 08f316b7..aec42eab 100644 --- a/config/users/kat/dev/packages.nix +++ b/config/users/kat/dev/packages.nix @@ -2,6 +2,7 @@ { home.packages = with pkgs; [ + jq hyperfine hexyl tokei diff --git a/flake.lock b/flake.lock index 1014544d..03d357f8 100644 --- a/flake.lock +++ b/flake.lock @@ -391,11 +391,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1641230035, - "narHash": "sha256-hFyqihERaTbLxCOlugy/rpp22VLtLh8SPRnA2uu3F/8=", + "lastModified": 1638806821, + "narHash": "sha256-v2qd2Bsmzft53s43eCbN+4ocrLksRdFLyF/MAGuWuDA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "78cd22c1b8604de423546cd49bfe264b786eca13", + "rev": "bc5d68306b40b8522ffb69ba6cff91898c2fbbff", "type": "github" }, "original": { diff --git a/overlays/local/vm-pinning.nix b/overlays/local/vm-pinning.nix index 9f5bdbcc..1cc89b9e 100644 --- a/overlays/local/vm-pinning.nix +++ b/overlays/local/vm-pinning.nix @@ -50,6 +50,8 @@ cpuset_move . system echo 1 > $CPUSET/qemu/cpuset.cpu_exclusive +chrt -f -p 1 $QEMU_PID + for task in /proc/$QEMU_PID/task/*; do TASKNAME=$(grep -F "Name:" $task/status | cut -d $'\t' -f2) TASK=$(basename $task) @@ -62,10 +64,11 @@ for task in /proc/$QEMU_PID/task/*; do regex="CPU ([0-9]*)/KVM" if [[ $TASKNAME =~ $regex ]]; then CPU_ID=''${BASH_REMATCH[1]} - echo $TASK > $CPUSET/qemu/tasks + echo $TASK > $CPUSET/qemu/tasks CPU_PIN=$((CPU_ID / 2 + (CPU_ID % 2) * 6 + 2)) #CPU_PIN=$((CPU_ID * 2)) taskset -p --cpu-list $CPU_PIN $TASK + chrt -f -p 1 $TASK else echo unknown CPU $TASKNAME exit 1 diff --git a/overlays/local/vm.nix b/overlays/local/vm.nix index c3582f24..b8fdf6f5 100644 --- a/overlays/local/vm.nix +++ b/overlays/local/vm.nix @@ -2,7 +2,7 @@ writeShellScriptBin "win10-vm" '' cat ${pkgs.OVMF.fd}/FV/OVMF_VARS.fd > /tmp/OVMF_VARS.fd - exec chrt -f 1 ${pkgs.qemu-vfio}/bin/qemu-system-x86_64 -name guest=win10,debug-threads=on \ + exec ${pkgs.qemu-vfio}/bin/qemu-system-x86_64 -name guest=win10,debug-threads=on \ -blockdev '{"driver":"file","filename":"${pkgs.OVMF.fd}/FV/OVMF_CODE.fd","node-name":"libvirt-pflash0-storage","auto-read-only":true,"discard":"unmap"}' \ -blockdev '{"node-name":"libvirt-pflash0-format","read-only":true,"driver":"raw","file":"libvirt-pflash0-storage"}' \ -blockdev '{"driver":"file","filename":"/tmp/OVMF_VARS.fd","node-name":"libvirt-pflash1-storage","auto-read-only":true,"discard":"unmap"}' \