diff --git a/lib/mkmachine.nix b/lib/mkmachine.nix index b28d780..b5de42c 100644 --- a/lib/mkmachine.nix +++ b/lib/mkmachine.nix @@ -34,6 +34,7 @@ import "${nixpkgs}/nixos/lib/eval-config.nix" { (import "${inputs.buildbot-nix}/nix/master.nix") (import "${inputs.buildbot-nix}/nix/worker.nix") (import "${inputs.agenix}/modules/age.nix") + (import "${inputs.artiflakery}/module.nix") (import "${inputs.impermanence}/nixos.nix") (import inputs.lanzaboote).nixosModules.lanzaboote (import inputs.lila).nixosModules.hash-collection @@ -52,6 +53,7 @@ import "${nixpkgs}/nixos/lib/eval-config.nix" { }); # Packages comming from other repositories lila-build-hook = (import inputs.lila).packages.${system}.utils; + artiflakery = (import inputs.artiflakery).defaultPackage.${system}; # My own packages keycloak-keywind = prev.pkgs.callPackage ../packages/keycloak-keywind { }; hydrasect = prev.pkgs.callPackage ../packages/hydrasect { }; diff --git a/lon.lock b/lon.lock index c4a5169..43a2279 100644 --- a/lon.lock +++ b/lon.lock @@ -11,6 +11,16 @@ "url": "https://github.com/ryantm/agenix/archive/96e078c646b711aee04b82ba01aefbff87004ded.tar.gz", "hash": "sha256-bHCFgGeu8XjWlVuaWzi3QONjDW3coZDqSHvnd4l7xus=" }, + "artiflakery": { + "type": "GitHub", + "fetchType": "tarball", + "owner": "JulienMalka", + "repo": "artiflakery", + "branch": "main", + "revision": "485ef296b4f9ff7bb6edb9ff5fe525a04e422adc", + "url": "https://github.com/JulienMalka/artiflakery/archive/485ef296b4f9ff7bb6edb9ff5fe525a04e422adc.tar.gz", + "hash": "sha256-fADYwTMZuO4S1uH3RSYc9wowvGoa/55mYvG47NmVvbc=" + }, "buildbot-nix": { "type": "GitHub", "fetchType": "tarball", @@ -127,9 +137,9 @@ "owner": "nikstur", "repo": "lon", "branch": "main", - "revision": "ad3bc97747c651e23fbc12c70a5849d3d8e9fdf4", - "url": "https://github.com/nikstur/lon/archive/ad3bc97747c651e23fbc12c70a5849d3d8e9fdf4.tar.gz", - "hash": "sha256-MgMDxS9xiiSkL/KsCTxLrr9wd9n1S/wq4lrA/NSyqBE=" + "revision": "d17d0fe04fb7ce15f0e2e3521b97906514ec1857", + "url": "https://github.com/nikstur/lon/archive/d17d0fe04fb7ce15f0e2e3521b97906514ec1857.tar.gz", + "hash": "sha256-3wppxmmCMoizu6aemTt2wtakXlPI4E68odEVxU2r2Uc=" }, "nix-index-database": { "type": "GitHub", diff --git a/lon.nix b/lon.nix index 5f320ea..a88d448 100644 --- a/lon.nix +++ b/lon.nix @@ -23,12 +23,24 @@ let fetchSource = args@{ fetchType, ... }: if fetchType == "git" then - builtins.fetchGit { - url = args.url; - ref = args.branch; - rev = args.revision; - narHash = args.hash; - } + builtins.fetchGit ( + { + url = args.url; + ref = args.branch; + rev = args.revision; + narHash = args.hash; + submodules = args.submodules; + } + // ( + if args ? lastModified then + { + inherit (args) lastModified; + shallow = true; + } + else + { } + ) + ) else if fetchType == "tarball" then builtins.fetchTarball { url = args.url; diff --git a/machines/fischer/default.nix b/machines/fischer/default.nix index 333535d..1ec72e4 100644 --- a/machines/fischer/default.nix +++ b/machines/fischer/default.nix @@ -126,36 +126,65 @@ in services.autorandr = { enable = true; + matchEdid = true; + ignoreLid = true; profiles = { default = { fingerprint = { - eDP-1-1 = "00ffffffffffff0006af9af900000000141f0104a51e13780363f5a854489d240e505400000001010101010101010101010101010101fa3c80b870b0244010103e002dbc1000001ac83080b870b0244010103e002dbc1000001a000000fe004a38335646804231343055414e0000000000024101b2001100000a410a20200068"; + "eDP*" = + "00ffffffffffff0006af9af900000000141f0104a51e13780363f5a854489d240e505400000001010101010101010101010101010101fa3c80b870b0244010103e002dbc1000001ac83080b870b0244010103e002dbc1000001a000000fe004a38335646804231343055414e0000000000024101b2001100000a410a20200068"; }; config = { - eDP-1-1.enable = true; + "eDP*" = { + enable = true; + primary = true; + position = "0x0"; + mode = "1920x1200"; + }; }; }; dock-julien = { fingerprint = { - eDP-1-1 = "00ffffffffffff0006af9af900000000141f0104a51e13780363f5a854489d240e505400000001010101010101010101010101010101fa3c80b870b0244010103e002dbc1000001ac83080b870b0244010103e002dbc1000001a000000fe004a38335646804231343055414e0000000000024101b2001100000a410a20200068"; - DP-1-5-3 = "00ffffffffffff0010ac42d1425439312021010380351e78eaa3d5ab524f9d240f5054a54b008100b300d100714fa9408180d1c00101565e00a0a0a02950302035000f282100001a000000ff004446354c5459330a2020202020000000fc0044454c4c205032343233440a20000000fd00314b1d711c000a2020202020200107020318b14d010203071112161304141f051065030c001000023a801871382d40582c45000f282100001e011d8018711c1620582c25000f282100009e011d007251d01e206e2855000f282100001e7e3900a080381f4030203a000f282100001a00000000000000000000000000000000000000000000000000000000000000c1"; - DP-1-5-1 = "00ffffffffffff0026cd6b610f01010117210104a5351e783be725a8554ea0260d5054bfef80d140d100d1c0b30095009040818081c0565e00a0a0a02950302035000f282100001a000000ff0031323134383332333030313335000000fd00314b0f5a19000a202020202020000000fc00504c32343933510a202020202001c5020320f153101f051404131e1d121116150f0e030207060123097f0783010000394e00a0a0a02250302035000f282100001a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000079"; + "eDP*" = + "00ffffffffffff0006af9af900000000141f0104a51e13780363f5a854489d240e505400000001010101010101010101010101010101fa3c80b870b0244010103e002dbc1000001ac83080b870b0244010103e002dbc1000001a000000fe004a38335646804231343055414e0000000000024101b2001100000a410a20200068"; + "DP*-3" = + "00ffffffffffff0010ac42d1425439312021010380351e78eaa3d5ab524f9d240f5054a54b008100b300d100714fa9408180d1c00101565e00a0a0a02950302035000f282100001a000000ff004446354c5459330a2020202020000000fc0044454c4c205032343233440a20000000fd00314b1d711c000a2020202020200107020318b14d010203071112161304141f051065030c001000023a801871382d40582c45000f282100001e011d8018711c1620582c25000f282100009e011d007251d01e206e2855000f282100001e7e3900a080381f4030203a000f282100001a00000000000000000000000000000000000000000000000000000000000000c1"; + "DP*-1" = + "00ffffffffffff0026cd6b610f01010117210104a5351e783be725a8554ea0260d5054bfef80d140d100d1c0b30095009040818081c0565e00a0a0a02950302035000f282100001a000000ff0031323134383332333030313335000000fd00314b0f5a19000a202020202020000000fc00504c32343933510a202020202001c5020320f153101f051404131e1d121116150f0e030207060123097f0783010000394e00a0a0a02250302035000f282100001a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000079"; }; config = { - eDP-1-1.enable = false; - DP-1-5-1 = { + "eDP*".enable = false; + "DP*-1" = { enable = true; primary = true; position = "0x0"; mode = "2560x1440"; }; - DP-1-5-3 = { + "DP*3" = { enable = true; position = "2560x0"; mode = "2560x1440"; }; }; }; + + dock-theo = { + fingerprint = { + "eDP*" = + "00ffffffffffff0006af9af900000000141f0104a51e13780363f5a854489d240e505400000001010101010101010101010101010101fa3c80b870b0244010103e002dbc1000001ac83080b870b0244010103e002dbc1000001a000000fe004a38335646804231343055414e0000000000024101b2001100000a410a20200068"; + "DP*-1" = + "00ffffffffffff0010ac4042424d34412d200104a53c22783ac525aa534f9d25105054a54b00714f8180a9c0d1c081c081cf01010101023a801871382d40582c450056502100001e000000ff0039464c505a4e330a2020202020000000fc0044454c4c205032373232480a20000000fd00384c1e5311010a2020202020200000"; + }; + config = { + "eDP*".enable = false; + "DP*-1" = { + enable = true; + primary = true; + position = "0x0"; + mode = "1920x1080"; + }; + }; + }; }; }; @@ -170,7 +199,10 @@ in # Load nvidia driver for Xorg and Wayland services.xserver.videoDrivers = [ "nvidia" ]; + services.xserver.autoRepeatDelay = 250; + services.xserver.autoRepeatInterval = 30; + hardware.nvidia.forceFullCompositionPipeline = true; services.libinput.touchpad.tapping = false; hardware.nvidia.prime = { @@ -179,14 +211,33 @@ in nvidiaBusId = "PCI:1:0:0"; }; - hardware.nvidia = { + nix = { + distributedBuilds = true; + buildMachines = [ + { + hostName = "epyc.infra.newtype.fr"; + maxJobs = 100; + systems = [ + "x86_64-linux" + "aarch64-linux" + ]; + sshUser = "root"; + sshKey = "/home/julien/.ssh/id_ed25519"; + supportedFeatures = [ + "nixos-test" + "benchmark" + "big-parallel" + "kvm" + ]; + speedFactor = 2; + } + ]; + }; + hardware.nvidia = { modesetting.enable = true; - powerManagement.enable = true; - #powerManagement.finegrained = true; open = true; nvidiaSettings = true; - dynamicBoost.enable = true; package = config.boot.kernelPackages.nvidiaPackages.beta; }; diff --git a/machines/gustave/artiflakery.nix b/machines/gustave/artiflakery.nix new file mode 100644 index 0000000..54cee3f --- /dev/null +++ b/machines/gustave/artiflakery.nix @@ -0,0 +1,108 @@ +{ config, lib, ... }: +{ + + age.secrets."artiflakery-auth" = { + file = ../../secrets/artiflakery-auth.age; + owner = "artiflakery"; + }; + + services.nginx.virtualHosts."static.luj.fr" = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://localhost:8090"; + }; + }; + + users.users.artiflakery.isSystemUser = lib.mkForce false; + users.users.artiflakery.isNormalUser = lib.mkForce true; + + services.artiflakery = { + enable = true; + authFile = config.age.secrets."artiflakery-auth".path; + routes = { + "papers/2024/increasing-trust-scc-rb-fpm/" = { + flakeref = "git+ssh://git@gitlab.enst.fr/julien.malka/phd.git?dir=productions/papers/2024-ICSE-doctoral-symposium&ref=main"; + access = [ + "public" + ]; + }; + "papers/2024/reproducibility-env-space-time/" = { + flakeref = "git+ssh://git@gitlab.enst.fr/julien.malka/phd.git?dir=productions/papers/2024-ICSE-reproducibility-build-env-space-time&ref=main"; + access = [ + "public" + ]; + }; + "papers/2025/bitwise-reproducibility-at-scale/" = { + flakeref = "git+ssh://git@gitlab.enst.fr/julien.malka/phd.git?dir=productions/papers/2025-MSR-reproducibility&ref=main"; + access = [ + "public" + ]; + }; + "papers/WIP/xz-mitigation-rb/" = { + flakeref = "git+ssh://git@gitlab.enst.fr/julien.malka/phd.git?dir=productions/papers/2025-xz-reproducible-builds&ref=main"; + access = [ + "phd" + "julien" + ]; + }; + "posters/2024/ICSE-DS/" = { + flakeref = "git+ssh://git@gitlab.enst.fr/julien.malka/phd.git?dir=productions/posters/2024-ICSE-DS&ref=main"; + access = [ + "public" + ]; + }; + "posters/2025/MSR/" = { + flakeref = "git+ssh://git@gitlab.enst.fr/julien.malka/phd.git?dir=productions/posters/2025-MSR&ref=main"; + access = [ + "public" + ]; + }; + "slides/2023/journee-gdr-gpl/" = { + flakeref = "git+ssh://git@gitlab.enst.fr/julien.malka/phd.git?dir=productions/slides/2023-gdr-gpl-days&ref=main"; + access = [ + "public" + ]; + }; + "slides/2024/csi-year-1/" = { + flakeref = "git+ssh://git@gitlab.enst.fr/julien.malka/phd.git?dir=productions/slides/2024-csi-year-1&ref=main"; + access = [ + "phd" + "julien" + ]; + }; + "slides/2024/phd-symposium-infres/" = { + flakeref = "git+ssh://git@gitlab.enst.fr/julien.malka/phd.git?dir=productions/slides/2024-phd-symposium-infres&ref=main"; + access = [ + "public" + ]; + }; + "slides/2024/point-etape-mai/" = { + flakeref = "git+ssh://git@gitlab.enst.fr/julien.malka/phd.git?dir=productions/slides/2024-point-etape-main&ref=main"; + access = [ + "phd" + "julien" + ]; + }; + "slides/2024/reading-group-build-systems/" = { + flakeref = "git+ssh://git@gitlab.enst.fr/julien.malka/phd.git?dir=productions/slides/2024-reading-group-build-systems&ref=main"; + access = [ + "aces" + ]; + }; + "slides/2024/reading-group-vulnerabilities-ssc/" = { + flakeref = "git+ssh://git@gitlab.enst.fr/julien.malka/phd.git?dir=productions/slides/2024-reading-group-vulnerabilities-ssc&ref=main"; + access = [ + "aces" + ]; + }; + "slides/2025/assert-june-workshop/" = { + flakeref = "git+ssh://forgejo@git.luj.fr/luj/assert-prez.git?ref=main"; + access = [ + "assert" + ]; + }; + + }; + }; +} diff --git a/machines/gustave/default.nix b/machines/gustave/default.nix index 47715bd..25c3cc5 100644 --- a/machines/gustave/default.nix +++ b/machines/gustave/default.nix @@ -18,6 +18,7 @@ ./nextcloud.nix ./glance.nix ./syncthing.nix + ./artiflakery.nix "${inputs.unstable}/nixos/modules/services/web-apps/readeck.nix" ]; diff --git a/secrets/artiflakery-auth.age b/secrets/artiflakery-auth.age new file mode 100644 index 0000000..e5ac01b Binary files /dev/null and b/secrets/artiflakery-auth.age differ