Merge branch 'master' into release

Author: marenz2569

flake.lock

@@ -1,7 +1,6 @@
 {
   inputs = {
     nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11";
-    nixpkgs-2311.url = "github:NixOS/nixpkgs/nixos-23.11";
 
     # naersk and flake utils are not used by this flake directly, but needed
     # for the follows in all the other ones.
@@ -121,7 +120,6 @@
     , kindergarten
     , microvm
     , nixpkgs
-    , nixpkgs-2311
     , sops-nix
     , lizard
     , bureaucrat

flake.nix

@@ -45,16 +45,15 @@
   hardware.cpu.amd.updateMicrocode =
     lib.mkDefault config.hardware.enableRedistributableFirmware;
 
-  # Enable OpenCL
-  hardware.opengl = {
+  # Enable OpenGL/OpenCL
+  hardware.graphics = {
     enable = true;
-    driSupport32Bit = true;
+    enable32Bit = true;
     extraPackages = with pkgs; [
       rocmPackages.clr.icd
       rocmPackages.clr
       rocmPackages.rocminfo
       rocmPackages.rocm-runtime
-      #rocm-opencl-icd
       rocmPackages.rocm-smi
     ];
   };

hardware/tetra-zw.nix

@@ -51,10 +51,8 @@ in
     dns = [ "172.20.73.8" "9.9.9.9" ];
     routes = [
       {
-        routeConfig = {
-          Gateway = "172.20.73.1";
-          Destination = "0.0.0.0/0";
-        };
+        Gateway = "172.20.73.1";
+        Destination = "0.0.0.0/0";
       }
     ];
   };

hosts/data-hoarder/configuration.nix

@@ -8,7 +8,7 @@ let
 in
 {
   imports = [
-    #./grafana.nix
+    ./grafana.nix
   ];
   microvm = {
     vcpu = 4;
@@ -65,11 +65,9 @@ in
       dns = [ "1.1.1.1" ];
       routes = [
         {
-          routeConfig = {
-            Gateway = "45.158.40.160";
-            GatewayOnLink = true;
-            Destination = "0.0.0.0/0";
-          };
+          Gateway = "45.158.40.160";
+          GatewayOnLink = true;
+          Destination = "0.0.0.0/0";
         }
       ];
     };

hosts/notice-me-senpai/default.nix

@@ -32,7 +32,10 @@ in
             wgHosts = lib.filterAttrs filterWgHosts self.nixosConfigurations;
 
             # collect active prometheus exporters
-            filterEnabledExporters = name: host: lib.filterAttrs (k: v: (builtins.isAttrs v) && v.enable == true) host.config.services.prometheus.exporters;
+            # First we check that the config section actually evalutes, since it is common practice to assert on evaluating a section if this is a removed option.
+            filterSuccessfulEvalExporters = host: lib.filterAttrs (k: v: (builtins.tryEval host.config.services.prometheus.exporters.${k}).success) host.config.services.prometheus.exporters;
+            # Then we filter on the enabled exporters
+            filterEnabledExporters = name: host: lib.filterAttrs (k: v: (builtins.isAttrs v) && v.enable == true) (filterSuccessfulEvalExporters host);
             enabledExporters = lib.mapAttrs filterEnabledExporters wgHosts;
 
             # turns exporter config into scraper config
@@ -122,28 +125,46 @@ in
           max_chunk_age = "1h";
           chunk_target_size = 1048576;
           chunk_retain_period = "30s";
-          max_transfer_retries = 0;
+          wal = {
+            enabled = true;
+          };
         };
 
         schema_config = {
-          configs = [{
-            from = "2022-05-05";
-            store = "boltdb-shipper";
-            object_store = "filesystem";
-            schema = "v11";
-            index = {
-              prefix = "index_";
-              period = "24h";
-            };
-          }];
+          configs = [
+            {
+              from = "2022-05-05";
+              store = "boltdb-shipper";
+              object_store = "filesystem";
+              schema = "v11";
+              index = {
+                prefix = "index_";
+                period = "24h";
+              };
+            }
+            {
+              from = "2024-12-29";
+              store = "tsdb";
+              object_store = "filesystem";
+              schema = "v13";
+              index = {
+                prefix = "index_";
+                period = "24h";
+              };
+            }
+          ];
         };
 
         storage_config = {
           boltdb_shipper = {
             active_index_directory = "/var/lib/loki/boltdb-shipper-active";
             cache_location = "/var/lib/loki/boltdb-shipper-cache";
             cache_ttl = "48h";
-            shared_store = "filesystem";
+          };
+          tsdb_shipper = {
+            active_index_directory = "/var/lib/loki/tsdb-shipper-active";
+            cache_location = "/var/lib/loki/tsdb-shipper-cache";
+            cache_ttl = "48h";
           };
           filesystem = {
             directory = "/var/lib/loki/chunks";
@@ -155,10 +176,6 @@ in
           reject_old_samples_max_age = "168h";
         };
 
-        chunk_store_config = {
-          max_look_back_period = "0s";
-        };
-
         table_manager = {
           retention_deletes_enabled = true;
           retention_period = "720h";
@@ -168,8 +185,8 @@ in
           working_directory = "/var/lib/loki";
           compaction_interval = "10m";
           retention_enabled = true;
+          delete_request_store = "filesystem";
           retention_delete_delay = "1m";
-          shared_store = "filesystem";
           compactor_ring = {
             kvstore = {
               store = "inmemory";

hosts/notice-me-senpai/grafana.nix

@@ -58,11 +58,9 @@ in
       dns = [ "172.20.73.8" "9.9.9.9" ];
       routes = [
         {
-          routeConfig = {
-            Gateway = "172.20.73.1";
-            GatewayOnLink = true;
-            Destination = "0.0.0.0/0";
-          };
+          Gateway = "172.20.73.1";
+          GatewayOnLink = true;
+          Destination = "0.0.0.0/0";
         }
       ];
     };

hosts/staging-data-hoarder/configuration.nix

@@ -15,10 +15,8 @@ let eth = "enp1s0"; in
     dns = [ "141.30.1.1" "9.9.9.9" ];
     routes = [
       {
-        routeConfig = {
-          Gateway = "141.30.30.129";
-          Destination = "0.0.0.0/0";
-        };
+        Gateway = "141.30.30.129";
+        Destination = "0.0.0.0/0";
       }
     ];
   };

hosts/traffic-stop-box/4/default.nix

@@ -66,11 +66,9 @@ in
       dns = [ "172.20.73.8" "9.9.9.9" ];
       routes = [
         {
-          routeConfig = {
-            Gateway = "172.20.73.1";
-            GatewayOnLink = true;
-            Destination = "0.0.0.0/0";
-          };
+          Gateway = "172.20.73.1";
+          GatewayOnLink = true;
+          Destination = "0.0.0.0/0";
         }
       ];
     };

hosts/tram-borzoi/default.nix

@@ -9,7 +9,7 @@
     owner = config.users.users.postgres.name;
   };
   services.postgresql = {
-    inherit (registry.postgres) port;
+    settings.port = registry.postgres.port;
     enable = true;
     enableTCPIP = true;
     authentication =

hosts/tram-borzoi/postgres.nix

@@ -9,7 +9,6 @@ in
 {
   imports = [
     ./stateful-jupyter.nix
-    ./stateless-jupyter.nix
   ];
 
   microvm = {
@@ -70,11 +69,9 @@ in
       dns = [ "172.20.73.8" "9.9.9.9" ];
       routes = [
         {
-          routeConfig = {
-            Gateway = "172.20.73.1";
-            GatewayOnLink = true;
-            Destination = "0.0.0.0/0";
-          };
+          Gateway = "172.20.73.1";
+          GatewayOnLink = true;
+          Destination = "0.0.0.0/0";
         }
       ];
     };
@@ -86,7 +83,7 @@ in
 
   };
 
-  networking.firewall.allowedTCPPorts = [ 80 443 8080 22 ];
+  networking.firewall.allowedTCPPorts = [ 8080 ];
 
   users.motd = lib.mkForce (builtins.readFile ./motd.txt);
 

hosts/uranus/default.nix

@@ -30,11 +30,9 @@ in
 
   virtualisation.docker = {
     enable = true;
-    # magic from marenz to make it work on ceph
-    storageDriver = "devicemapper";
-    extraOptions = "--storage-opt dm.basesize=40G --storage-opt dm.fs=xfs";
+    # automatic selection by docker
+    storageDriver = null;
   };
-  #systemd.enableUnifiedCgroupHierarchy = false;
 
   # user to run the thing
   # jupyterlab container
@@ -53,6 +51,7 @@ in
         let
           packages = lib.concatStringsSep " " [
             # alphabetically `:sort`ed plz
+            "bitstring"
             "geojson"
             "matplotlib"
             "numpy"
@@ -61,7 +60,6 @@ in
             "psycopg"
             "scipy"
             "seaborn"
-            "bitstring"
           ];
         in
         (import ./jupyter-container.nix {

hosts/uranus/stateful-jupyter.nix

@@ -1 +1 @@
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHv82n6F6kwJ3/EMYlOoCc1/NaYFW7QHC5F8jKVzdlio gshipunov@toaster
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJl9iYG5oHBq/poBn7Jf1/FGWWbAnbx+NKjs7qtT3uAK 0xa@toaster 2024-12-31

hosts/uranus/stateless-jupyter.nix

@@ -20,7 +20,6 @@ let
 in
 {
   nix = {
-    package = pkgs.nixVersions.latest;
     extraOptions = ''
     '';
     settings = {

keys/ssh/oxa

@@ -4,8 +4,9 @@
       ./base.nix
       ./binary-cache.nix
       ./general-options.nix
+      ./monitoring.nix
       ./net.nix
+      ./nginx.nix
       ./wg.nix
-      ./monitoring.nix
     ];
 }

modules/TLMS/base.nix

@@ -1,4 +1,4 @@
-{ ... }:
+{ config, ... }:
 let
   headers = ''
     # Permissions Policy - gps only
@@ -22,7 +22,8 @@ let
   '';
 in
 {
-  networking.firewall.allowedTCPPorts = [ 80 443 ];
+  # Open firewall HTTP and HTTPS if nginx is enabled
+  networking.firewall.allowedTCPPorts = if config.services.nginx.enable then [ 80 443 ] else [];
 
   security.acme.acceptTerms = true;
   security.acme.defaults.email = "TLMS@protonmail.com";