gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 12:29:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

VFIO profile: some changes. Remove jira.

Browse source
This commit is contained in:
kat witch 2022-01-07 23:43:00 +00:00 committed by kat
parent 9dbef76fad
commit e214f7af79
Signed by: kat
GPG key ID: 465E64DECEA8CF0F
8 changed files with 79 additions and 18 deletions
Download patch file Download diff file Expand all files Collapse all files

22
config/profiles/vfio/profile.nix
View file

@ -1,11 +1,13 @@
{ config, pkgs, lib, ... }: with lib; let { config, pkgs, lib, ... }: with lib; let
win10-toggler = pkgs.writeShellScriptBin "win10-toggle" '' win10-toggler = pkgs.writeShellScriptBin "win10-toggle" ''
if systemctl --user is-active konawall-rotation.timer --quiet; then REQUEST="$0"
systemctl --user stop konawall-rotation.timer if [[ "REQUEST" = "on" ]]; then
sudo win10-vm-pinning $(cat $XDG_RUNTIME_DIR/win10-vm.pid)
systemctl --user stop konawall-rotation.timer
else else
sudo win10-vm-pinning
systemctl --user start konawall-rotation.timer systemctl --user start konawall-rotation.timer
fi fi
sudo win10-vm-pinning $(cat $XDG_RUNTIME_DIR/win10-vm.pid)
''; '';
win10-start-pane = pkgs.writeShellScriptBin "win10-start-pane" '' win10-start-pane = pkgs.writeShellScriptBin "win10-start-pane" ''
sudo disk-mapper-part /dev/disk/by-id/ata-ST2000DM008-2FR102_WK301C3H-part2 sudo disk-mapper-part /dev/disk/by-id/ata-ST2000DM008-2FR102_WK301C3H-part2
@ -122,19 +124,17 @@ in {
}; };
wantedBy = ["sysinit.target"]; wantedBy = ["sysinit.target"];
}; };
cpuset = {
type = "cgroup";
what = "cpuset";
where = "/sys/fs/cgroup/cpuset";
wantedBy = singleton "multi-user.target";
options = "cpuset";
};
in [ in [
cpuset
(hugepages { where = "/dev/hugepages"; options = "mode=0775"; }) (hugepages { where = "/dev/hugepages"; options = "mode=0775"; })
(hugepages { where = "/dev/hugepages1G"; options = "pagesize=1GB,mode=0775"; }) (hugepages { where = "/dev/hugepages1G"; options = "pagesize=1GB,mode=0775"; })
]; ];
fileSystems."/sys/fs/cgroup/cpuset" = {
device = "cpuset";
fsType = "cgroup";
noCheck = true;
};
systemd.services.preallocate-huggies = { systemd.services.preallocate-huggies = {
wantedBy = singleton "multi-user.target"; wantedBy = singleton "multi-user.target";
serviceConfig = { serviceConfig = {

56
config/services/jira.nix Normal file
View file

@ -0,0 +1,56 @@
{ config, pkgs, lib, tf, ... }: with lib; {
services.jira = {
enable = true;
};
deploy.tf.dns.records.services_jira = {
inherit (config.network.dns) zone;
domain = "jira";
cname = { inherit (config.network.addresses.public) target; };
};
systemd.services.jiraPostgresSQLInit = {
after = [ "postgresql.service" ];
before = [ "jira.service" ];
bindsTo = [ "postgresql.service" ];
path = [ config.services.postgresql.package ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
User = "postgres";
Group = "postgres";
};
script = ''
set -o errexit -o pipefail -o nounset -o errtrace
shopt -s inherit_errexit
create_role="$(mktemp)"
trap 'rm -f "$create_role"' ERR EXIT
echo "CREATE ROLE jira WITH LOGIN PASSWORD '$(<'${config.secrets.files.jira-postgres-file.path}')' CREATEDB" > "$create_role"
psql -tAc "SELECT 1 FROM pg_roles WHERE rolname='jira'" | grep -q 1 || psql -tA --file="$create_role"
psql -tAc "SELECT 1 FROM pg_database WHERE datname = 'jira'" | grep -q 1 || psql -tAc 'CREATE DATABASE "jira" OWNER "jira"'
'';
};
kw.secrets.variables.jira-postgres = {
path = "secrets/jira";
field = "password";
};
secrets.files.jira-postgres-file = {
text = "${tf.variables.jira-postgres.ref}";
owner = "postgres";
group = "jira";
};
users.users.nginx.extraGroups = [ "jira" ];
services.nginx.virtualHosts."jira.${config.network.dns.domain}" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:8091";
proxyWebsockets = true;
};
};
}

3
config/services/nginx.nix
View file

@ -39,7 +39,8 @@ with lib;
}; };
security.acme = { security.acme = {
defaults.email = config.network.dns.email; #defaults.email = config.network.dns.email;
email = config.network.dns.email;
acceptTerms = true; acceptTerms = true;
}; };
} }

2
config/tf

@ -1 +1 @@
Subproject commit ab39c7fb9a3bb8250abbce9b66a1ede088919f12 Subproject commit d8a25e3cb44bbf66a710f4dcc6bd7d19e60fb233

1
config/users/kat/dev/packages.nix
View file

@ -2,6 +2,7 @@
{ {
home.packages = with pkgs; [ home.packages = with pkgs; [
jq
hyperfine hyperfine
hexyl hexyl
tokei tokei

6
flake.lock generated
View file

@ -391,11 +391,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1641230035, "lastModified": 1638806821,
"narHash": "sha256-hFyqihERaTbLxCOlugy/rpp22VLtLh8SPRnA2uu3F/8=", "narHash": "sha256-v2qd2Bsmzft53s43eCbN+4ocrLksRdFLyF/MAGuWuDA=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "78cd22c1b8604de423546cd49bfe264b786eca13", "rev": "bc5d68306b40b8522ffb69ba6cff91898c2fbbff",
"type": "github" "type": "github"
}, },
"original": { "original": {

5
overlays/local/vm-pinning.nix
View file

@ -50,6 +50,8 @@ cpuset_move . system
echo 1 > $CPUSET/qemu/cpuset.cpu_exclusive echo 1 > $CPUSET/qemu/cpuset.cpu_exclusive
chrt -f -p 1 $QEMU_PID
for task in /proc/$QEMU_PID/task/*; do for task in /proc/$QEMU_PID/task/*; do
TASKNAME=$(grep -F "Name:" $task/status | cut -d $'\t' -f2) TASKNAME=$(grep -F "Name:" $task/status | cut -d $'\t' -f2)
TASK=$(basename $task) TASK=$(basename $task)
@ -62,10 +64,11 @@ for task in /proc/$QEMU_PID/task/*; do
regex="CPU ([0-9]*)/KVM" regex="CPU ([0-9]*)/KVM"
if [[ $TASKNAME =~ $regex ]]; then if [[ $TASKNAME =~ $regex ]]; then
CPU_ID=''${BASH_REMATCH[1]} CPU_ID=''${BASH_REMATCH[1]}
echo $TASK > $CPUSET/qemu/tasks echo $TASK > $CPUSET/qemu/tasks
CPU_PIN=$((CPU_ID / 2 + (CPU_ID % 2) * 6 + 2)) CPU_PIN=$((CPU_ID / 2 + (CPU_ID % 2) * 6 + 2))
#CPU_PIN=$((CPU_ID * 2)) #CPU_PIN=$((CPU_ID * 2))
taskset -p --cpu-list $CPU_PIN $TASK taskset -p --cpu-list $CPU_PIN $TASK
chrt -f -p 1 $TASK
else else
echo unknown CPU $TASKNAME echo unknown CPU $TASKNAME
exit 1 exit 1

2
overlays/local/vm.nix
View file

@ -2,7 +2,7 @@
writeShellScriptBin "win10-vm" '' writeShellScriptBin "win10-vm" ''
cat ${pkgs.OVMF.fd}/FV/OVMF_VARS.fd > /tmp/OVMF_VARS.fd cat ${pkgs.OVMF.fd}/FV/OVMF_VARS.fd > /tmp/OVMF_VARS.fd
exec chrt -f 1 ${pkgs.qemu-vfio}/bin/qemu-system-x86_64 -name guest=win10,debug-threads=on \ exec ${pkgs.qemu-vfio}/bin/qemu-system-x86_64 -name guest=win10,debug-threads=on \
-blockdev '{"driver":"file","filename":"${pkgs.OVMF.fd}/FV/OVMF_CODE.fd","node-name":"libvirt-pflash0-storage","auto-read-only":true,"discard":"unmap"}' \ -blockdev '{"driver":"file","filename":"${pkgs.OVMF.fd}/FV/OVMF_CODE.fd","node-name":"libvirt-pflash0-storage","auto-read-only":true,"discard":"unmap"}' \
-blockdev '{"node-name":"libvirt-pflash0-format","read-only":true,"driver":"raw","file":"libvirt-pflash0-storage"}' \ -blockdev '{"node-name":"libvirt-pflash0-format","read-only":true,"driver":"raw","file":"libvirt-pflash0-storage"}' \
-blockdev '{"driver":"file","filename":"/tmp/OVMF_VARS.fd","node-name":"libvirt-pflash1-storage","auto-read-only":true,"discard":"unmap"}' \ -blockdev '{"driver":"file","filename":"/tmp/OVMF_VARS.fd","node-name":"libvirt-pflash1-storage","auto-read-only":true,"discard":"unmap"}' \