maurice/snix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

chore(ops/modules): drop unused NixOS modules

Browse source 
Change-Id: I043fea952df5498cd3e831b479220b1025a295fa
Reviewed-on: https://cl.snix.dev/c/snix/+/30338
Tested-by: besadii
Autosubmit: Florian Klink <flokli@flokli.de>
Reviewed-by: Ilan Joselevich <personal@ilanjoselevich.com>
This commit is contained in:
Florian Klink 2025-04-27 18:22:58 +03:00 committed by clbot
parent 71d7185dcd
commit 11b1f8b304
5 changed files with 0 additions and 292 deletions
Download patch file Download diff file Expand all files Collapse all files

104
ops/modules/auto-deploy.nix
View file

@ -1,104 +0,0 @@
# Defines a service for automatically and periodically calling depot's
# rebuild-system on a NixOS machine.
#
# Deploys can be stopped in emergency situations by creating an empty
# file called `stop` in the state directory of the auto-deploy service
# (typically /var/lib/auto-deploy).
{ depot, config, lib, pkgs, ... }:
let
cfg = config.services.depot.auto-deploy;
description = "to automatically rebuild the current system's NixOS config from the latest checkout of depot";
rebuild-system = depot.ops.nixos.rebuildSystemWith "$STATE_DIRECTORY/deploy";
deployScript = pkgs.writeShellScript "auto-deploy" ''
set -ueo pipefail
if [[ $EUID -ne 0 ]]; then
echo "Oh no! Only root is allowed to run auto-deploy!" >&2
exit 1
fi
if [[ -f $STATE_DIRECTORY/stop ]]; then
echo "stop file exists in $STATE_DIRECTORY, not deploying!" >&2
exit 1
fi
readonly depot=$STATE_DIRECTORY/depot.git
readonly deploy=$STATE_DIRECTORY/deploy
readonly git="git -C $depot"
# find-or-create depot
if [ ! -d $depot ]; then
# cannot use $git here because $depot doesn't exist
git clone --bare ${cfg.git-remote} $depot
fi
function cleanup() {
$git worktree remove $deploy
}
trap cleanup EXIT
$git fetch origin
$git worktree add --force $deploy FETCH_HEAD
# unsure why, but without this switch-to-configuration attempts to install
# NixOS in $STATE_DIRECTORY
(cd / && ${rebuild-system}/bin/rebuild-system)
'';
in
{
options.services.depot.auto-deploy = {
enable = lib.mkEnableOption description;
git-remote = lib.mkOption {
type = lib.types.str;
default = "https://cl.tvl.fyi/depot.git";
description = ''
The (possibly remote) repository from which to clone as specified by the
GIT URLS section of `man git-clone`.
'';
};
interval = lib.mkOption {
type = lib.types.str;
example = "1h";
description = ''
Interval between Nix builds, specified in systemd.time(7) format.
'';
};
};
config = lib.mkIf cfg.enable {
systemd.services.auto-deploy = {
inherit description;
script = "${deployScript}";
path = with pkgs; [
bash
git
gnutar
gzip
];
after = [ "network-online.target" ];
wants = [ "network-online.target" ];
# We need to prevent NixOS from interrupting us while it attempts to
# restart systemd units.
restartIfChanged = false;
serviceConfig = {
Type = "oneshot";
StateDirectory = "auto-deploy";
};
};
systemd.timers.auto-deploy = {
inherit description;
wantedBy = [ "multi-user.target" ];
timerConfig = {
OnActiveSec = "1";
OnUnitActiveSec = cfg.interval;
};
};
};
}

97
ops/modules/automatic-gc.nix
View file

@ -1,97 +0,0 @@
# Defines a service for automatically collecting Nix garbage
# periodically, without relying on the (ostensibly broken) Nix options
# for min/max space available.
{ config, lib, pkgs, ... }:
let
cfg = config.services.depot.automatic-gc;
description = "Automatically collect Nix garbage";
GiBtoKiB = n: n * 1024 * 1024;
GiBtoBytes = n: n * 1024 * 1024 * 1024;
gcScript = pkgs.writeShellScript "automatic-nix-gc" ''
set -ueo pipefail
if [ -e /run/stop-automatic-gc ]; then
echo "GC is disabled through /run/stop-automatic-gc"
exit 0
fi
readonly MIN_THRESHOLD_KIB="${toString (GiBtoKiB cfg.diskThreshold)}"
readonly MAX_FREED_BYTES="${toString (GiBtoBytes cfg.maxFreed)}"
readonly GEN_THRESHOLD="${cfg.preserveGenerations}"
readonly AVAILABLE_KIB=$(df --sync /nix --output=avail | tail -n1)
if [ "''${AVAILABLE_KIB}" -lt "''${MIN_THRESHOLD_KIB}" ]; then
echo "Have ''${AVAILABLE_KIB} KiB, but want ''${MIN_THRESHOLD_KIB} KiB."
echo "Triggering Nix garbage collection up to ''${MAX_FREED_BYTES} bytes."
set -x
${config.nix.package}/bin/nix-collect-garbage \
--delete-older-than "''${GEN_THRESHOLD}" \
--max-freed "''${MAX_FREED_BYTES}"
else
echo "Skipping GC, enough space available"
fi
'';
in
{
options.services.depot.automatic-gc = {
enable = lib.mkEnableOption description;
interval = lib.mkOption {
type = lib.types.str;
example = "1h";
description = ''
Interval between garbage collection runs, specified in
systemd.time(7) format.
'';
};
diskThreshold = lib.mkOption {
type = lib.types.int;
example = "100";
description = ''
Minimum amount of space that needs to be available (in GiB) on
the partition holding /nix. Garbage collection is triggered if
it falls below this.
'';
};
maxFreed = lib.mkOption {
type = lib.types.int;
example = "420";
description = ''
Maximum amount of space to free in a single GC run, in GiB.
'';
};
preserveGenerations = lib.mkOption {
type = lib.types.str;
default = "90d";
description = ''
Preserve NixOS generations younger than the specified value,
in the format expected by nix-collect-garbage(1).
'';
};
};
config = lib.mkIf cfg.enable {
systemd.services.automatic-gc = {
inherit description;
script = "${gcScript}";
serviceConfig.Type = "oneshot";
};
systemd.timers.automatic-gc = {
inherit description;
requisite = [ "nix-daemon.service" ];
wantedBy = [ "multi-user.target" ];
timerConfig = {
OnActiveSec = "1";
OnUnitActiveSec = cfg.interval;
};
};
};
}

14
ops/modules/default-imports.nix
View file

@ -1,14 +0,0 @@
{ depot, ... }:
# Default set of modules that are imported in all Depot nixos systems
#
# All modules here should be properly gated behind a `lib.mkEnableOption` with a
# `lib.mkIf` for the config.
{
imports = [
./automatic-gc.nix
./auto-deploy.nix
./raito-vm.nix
];
}

76
ops/modules/raito-vm.nix
View file

@ -1,76 +0,0 @@
{ lib, config, ... }:
let
cfg = config.infra.hardware.raito-vm;
inherit (lib) mkEnableOption mkIf mkOption types;
in
{
options.infra.hardware.raito-vm = {
enable = mkEnableOption "Raito's VM hardware defaults";
networking = {
nat64.enable = mkEnableOption "the setup of NAT64 rules to the local NAT64 node";
wan = {
address = mkOption {
type = types.str;
description = "IPv6 prefix for WAN. Ask Raito when in doubt.";
};
mac = mkOption {
type = types.str;
description = "MAC address for the WAN interface.";
};
};
};
};
config = mkIf cfg.enable {
services.qemuGuest.enable = true;
systemd.network.enable = true;
networking.useDHCP = lib.mkDefault false;
systemd.network.networks."10-wan" = {
matchConfig.Name = "wan";
linkConfig.RequiredForOnline = true;
networkConfig.Address = [ cfg.networking.wan.address ];
routes = mkIf cfg.networking.nat64.enable [
{
Destination = "64:ff9b::/96";
Gateway = "2001:bc8:38ee:100::100";
Scope = "site";
}
];
# Enable DNS64 resolvers from Google, I'm too lazy.
dns = mkIf cfg.networking.nat64.enable [ "2001:4860:4860::6464" "2001:4860:4860::64" ];
};
systemd.network.links."10-wan" = {
matchConfig.MACAddress = cfg.networking.wan.mac;
linkConfig.Name = "wan";
};
boot.loader.systemd-boot.enable = true;
boot.initrd.kernelModules = [
"virtio_balloon"
"virtio_console"
"virtio_rng"
];
boot.initrd.availableKernelModules = [
"9p"
"9pnet_virtio"
"ata_piix"
"nvme"
"sr_mod"
"uhci_hcd"
"virtio_blk"
"virtio_mmio"
"virtio_net"
"virtio_pci"
"virtio_scsi"
"xhci_pci"
];
};
}

1
third_party/default.nix vendored
View file

@ -35,7 +35,6 @@
inherit specialArgs system; inherit specialArgs system;
modules = [ modules = [
configuration configuration
(import (depot.path.origSrc + "/ops/modules/default-imports.nix"))
]; ];
}; };