diff --git a/.gitignore b/.gitignore index 9326ca9e..4b9ccce3 100644 --- a/.gitignore +++ b/.gitignore @@ -10,3 +10,4 @@ Rocket.toml result* *.sk *.vk +treefmt.toml diff --git a/.sops.yaml b/.sops.yaml new file mode 100644 index 00000000..c88c5e99 --- /dev/null +++ b/.sops.yaml @@ -0,0 +1,13 @@ +# This example uses YAML anchors which allows reuse of multiple keys +# without having to repeat yourself. +# Also see https://github.com/Mic92/dotfiles/blob/master/nixos/.sops.yaml +# for a more complex example. +keys: + - &admin_disasm age1xls94zehkupxnvtc5krd3clm4ky28npate5n09cgmzsyjlh6actqmm89xn + - &hydra-arcade-test age1vfrq2nmetzquwchm752thgt8epece9ynkk7azx6ltt8wxj37cyqq8l28js +creation_rules: + - path_regex: secrets.yaml$ + key_groups: + - age: + - *admin_disasm + - *hydra-arcade-test diff --git a/deployment/hydra-arcade-test/hardware-configuration.nix b/deployment/hydra-arcade-test/hardware-configuration.nix new file mode 100644 index 00000000..e65b923f --- /dev/null +++ b/deployment/hydra-arcade-test/hardware-configuration.nix @@ -0,0 +1,50 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot.initrd.availableKernelModules = [ "ata_piix" "ahci" "floppy" "sd_mod" "sr_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "tank/root"; + fsType = "zfs"; + }; + + fileSystems."/home" = + { device = "tank/home"; + fsType = "zfs"; + }; + + fileSystems."/nix" = + { device = "tank/nix"; + fsType = "zfs"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/DE79-CE7E"; + fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/a876c4fa-3523-45c1-86ae-6f1560ddd882"; } + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.ens3.useDHCP = lib.mkDefault true; + # networking.interfaces.wg0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +} diff --git a/deployment/hydra-arcade-test/secrets.yaml b/deployment/hydra-arcade-test/secrets.yaml new file mode 100644 index 00000000..71caada9 --- /dev/null +++ b/deployment/hydra-arcade-test/secrets.yaml @@ -0,0 +1,30 @@ +wg0PrivateKey: ENC[AES256_GCM,data:fmn46/cvoXu0SULlYhihrzFd8SOhPaPocE0leLds/mnarGlH1Pinv5slyQA=,iv:bt0WIh73rz8I7ylNDgrFzNHVE1oFXu9MplvVQz8UwUo=,tag:ZekUuiybQNgCXSsceG5wyg==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1xls94zehkupxnvtc5krd3clm4ky28npate5n09cgmzsyjlh6actqmm89xn + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHOVc0VXRmbVMzK3RhQ2tn + REgrZ1hCNDlvRXkwU3RpR0wzVXBZaTZuWXg4CkZiKzZzekM1bHNrMkpHbzQxaTlI + TjhnOStSeUFjeENqajVVcTVBZjhDNVEKLS0tIHN6Y0dqZldpU1ZtSzNLZkk3MWVN + em1LMVZrNGFqc2pHc2w4UnQrL0I0bncKCnLq6s0LJrrqCzhGDrC/Ut1wEHRY+5Wu + ds1LLuV06YrjABfkiCHx4cHr48iket0gls2U6e/uQzG/IDKpdl2jKg== + -----END AGE ENCRYPTED FILE----- + - recipient: age1vfrq2nmetzquwchm752thgt8epece9ynkk7azx6ltt8wxj37cyqq8l28js + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQZ2hHNXdwbnlKTmpCMis0 + diticHJQUmx4cktxditldlJDdVlPZWluM1dJCjJ1VWphMnFLSDJqK3p4QjBNbXhH + c2w4UjhmT0NVM2NKRy9DakNScTI4M1kKLS0tIHZDbjRjVUZVRTJ5WS91Q213dnlG + TTF4ZG1ZY0U4RmJQbTJOYlNpUk9oVVUK3CtjQ3Y02dmmzZOqVqouAUcCGFuVZHjU + 0VXTBVeD+ASKdobDkvYHb0LbnxsPbbO3XNEBb/kLQpw/rJpgMsIEFA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-08-08T07:49:46Z" + mac: ENC[AES256_GCM,data:Vvkjq5RKfA9tgMgEnGEpQrr2J88iELpAb8n3zjRGZnWXhsuCX4jv8WMHb+6s3+bTsk61kGpdr42g4BdNelyAaWC3PV9DTtEq77LFmbn6zZ0U4fvAAYrb8tUEkNg545hCu38M+FWscsv+yvck12qUBeOZra3aUbSqnRJsw9f2a6A=,iv:Vc+fj6Xj4YQP5XLFePJTc3K1/QJeCO//0oP6n/jNvRQ=,tag:2nXn0oOqciK5ulv4dtF27Q==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.0 diff --git a/kiosk-boot.nix b/deployment/kiosk-boot.nix similarity index 100% rename from kiosk-boot.nix rename to deployment/kiosk-boot.nix diff --git a/flake.lock b/flake.lock index 988a0be0..0264b055 100644 --- a/flake.lock +++ b/flake.lock @@ -770,7 +770,7 @@ }, "cardano-automation_2": { "inputs": { - "flake-utils": "flake-utils_9", + "flake-utils": "flake-utils_10", "haskellNix": [ "hydra", "cardano-node", @@ -799,7 +799,7 @@ }, "cardano-automation_3": { "inputs": { - "flake-utils": "flake-utils_16", + "flake-utils": "flake-utils_17", "haskellNix": [ "hydra-control-plane", "cardano-node", @@ -828,7 +828,7 @@ }, "cardano-automation_4": { "inputs": { - "flake-utils": "flake-utils_21", + "flake-utils": "flake-utils_22", "haskellNix": [ "hydra-control-plane", "hydra", @@ -878,7 +878,7 @@ }, "cardano-mainnet-mirror_2": { "inputs": { - "nixpkgs": "nixpkgs_14" + "nixpkgs": "nixpkgs_15" }, "locked": { "lastModified": 1642701714, @@ -897,7 +897,7 @@ }, "cardano-mainnet-mirror_3": { "inputs": { - "nixpkgs": "nixpkgs_27" + "nixpkgs": "nixpkgs_28" }, "locked": { "lastModified": 1642701714, @@ -916,7 +916,7 @@ }, "cardano-mainnet-mirror_4": { "inputs": { - "nixpkgs": "nixpkgs_34" + "nixpkgs": "nixpkgs_35" }, "locked": { "lastModified": 1642701714, @@ -982,7 +982,7 @@ "customConfig": "customConfig_2", "em": "em_2", "empty-flake": "empty-flake_2", - "flake-compat": "flake-compat_6", + "flake-compat": "flake-compat_7", "hackageNix": "hackageNix_2", "haskellNix": "haskellNix_2", "hostNixpkgs": [ @@ -1025,7 +1025,7 @@ "customConfig": "customConfig_3", "em": "em_3", "empty-flake": "empty-flake_3", - "flake-compat": "flake-compat_11", + "flake-compat": "flake-compat_12", "hackageNix": "hackageNix_3", "haskellNix": "haskellNix_4", "hostNixpkgs": [ @@ -1068,7 +1068,7 @@ "customConfig": "customConfig_4", "em": "em_4", "empty-flake": "empty-flake_4", - "flake-compat": "flake-compat_14", + "flake-compat": "flake-compat_15", "hackageNix": "hackageNix_4", "haskellNix": "haskellNix_5", "hostNixpkgs": [ @@ -1201,6 +1201,27 @@ "type": "github" } }, + "colmena": { + "inputs": { + "flake-compat": "flake-compat_5", + "flake-utils": "flake-utils_7", + "nixpkgs": "nixpkgs_10", + "stable": "stable" + }, + "locked": { + "lastModified": 1711386353, + "narHash": "sha256-gWEpb8Hybnoqb4O4tmpohGZk6+aerAbJpywKcFIiMlg=", + "owner": "zhaofengli", + "repo": "colmena", + "rev": "cd65ef7a25cdc75052fbd04b120aeb066c3881db", + "type": "github" + }, + "original": { + "owner": "zhaofengli", + "repo": "colmena", + "type": "github" + } + }, "crane": { "inputs": { "flake-compat": "flake-compat_4", @@ -1229,8 +1250,8 @@ }, "crane_2": { "inputs": { - "flake-compat": "flake-compat_8", - "flake-utils": "flake-utils_14", + "flake-compat": "flake-compat_9", + "flake-utils": "flake-utils_15", "nixpkgs": [ "hydra", "cardano-node", @@ -1278,8 +1299,8 @@ }, "crane_4": { "inputs": { - "flake-compat": "flake-compat_16", - "flake-utils": "flake-utils_26", + "flake-compat": "flake-compat_17", + "flake-utils": "flake-utils_27", "nixpkgs": [ "hydra-control-plane", "hydra", @@ -1872,8 +1893,8 @@ }, "doom-wasm": { "inputs": { - "flake-utils": "flake-utils_7", - "nixpkgs": "nixpkgs_10" + "flake-utils": "flake-utils_8", + "nixpkgs": "nixpkgs_11" }, "locked": { "lastModified": 1722956383, @@ -2034,7 +2055,7 @@ }, "fenix_2": { "inputs": { - "nixpkgs": "nixpkgs_19", + "nixpkgs": "nixpkgs_20", "rust-analyzer-src": "rust-analyzer-src_2" }, "locked": { @@ -2053,7 +2074,7 @@ }, "fenix_3": { "inputs": { - "nixpkgs": "nixpkgs_39", + "nixpkgs": "nixpkgs_40", "rust-analyzer-src": "rust-analyzer-src_3" }, "locked": { @@ -2087,6 +2108,23 @@ } }, "flake-compat_10": { + "flake": false, + "locked": { + "lastModified": 1672831974, + "narHash": "sha256-z9k3MfslLjWQfnjBtEtJZdq3H7kyi2kQtUThfTgdRk0=", + "owner": "input-output-hk", + "repo": "flake-compat", + "rev": "45f2638735f8cdc40fe302742b79f248d23eb368", + "type": "github" + }, + "original": { + "owner": "input-output-hk", + "ref": "hkm/gitlab-fix", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_11": { "flake": false, "locked": { "lastModified": 1650374568, @@ -2102,7 +2140,7 @@ "type": "github" } }, - "flake-compat_11": { + "flake-compat_12": { "flake": false, "locked": { "lastModified": 1647532380, @@ -2119,7 +2157,7 @@ "type": "github" } }, - "flake-compat_12": { + "flake-compat_13": { "flake": false, "locked": { "lastModified": 1672831974, @@ -2136,7 +2174,7 @@ "type": "github" } }, - "flake-compat_13": { + "flake-compat_14": { "flake": false, "locked": { "lastModified": 1650374568, @@ -2152,7 +2190,7 @@ "type": "github" } }, - "flake-compat_14": { + "flake-compat_15": { "flake": false, "locked": { "lastModified": 1647532380, @@ -2169,7 +2207,7 @@ "type": "github" } }, - "flake-compat_15": { + "flake-compat_16": { "flake": false, "locked": { "lastModified": 1672831974, @@ -2186,7 +2224,7 @@ "type": "github" } }, - "flake-compat_16": { + "flake-compat_17": { "flake": false, "locked": { "lastModified": 1673956053, @@ -2202,7 +2240,7 @@ "type": "github" } }, - "flake-compat_17": { + "flake-compat_18": { "flake": false, "locked": { "lastModified": 1672831974, @@ -2286,6 +2324,22 @@ } }, "flake-compat_6": { + "flake": false, + "locked": { + "lastModified": 1650374568, + "narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "b4a34015c698c7793d592d66adbab377907a2be8", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_7": { "flake": false, "locked": { "lastModified": 1647532380, @@ -2302,7 +2356,7 @@ "type": "github" } }, - "flake-compat_7": { + "flake-compat_8": { "flake": false, "locked": { "lastModified": 1672831974, @@ -2319,7 +2373,7 @@ "type": "github" } }, - "flake-compat_8": { + "flake-compat_9": { "flake": false, "locked": { "lastModified": 1673956053, @@ -2335,23 +2389,6 @@ "type": "github" } }, - "flake-compat_9": { - "flake": false, - "locked": { - "lastModified": 1672831974, - "narHash": "sha256-z9k3MfslLjWQfnjBtEtJZdq3H7kyi2kQtUThfTgdRk0=", - "owner": "input-output-hk", - "repo": "flake-compat", - "rev": "45f2638735f8cdc40fe302742b79f248d23eb368", - "type": "github" - }, - "original": { - "owner": "input-output-hk", - "ref": "hkm/gitlab-fix", - "repo": "flake-compat", - "type": "github" - } - }, "flake-parts": { "inputs": { "nixpkgs-lib": "nixpkgs-lib" @@ -2458,6 +2495,21 @@ } }, "flake-utils_10": { + "locked": { + "lastModified": 1667395993, + "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_11": { "locked": { "lastModified": 1653893745, "narHash": "sha256-0jntwV3Z8//YwuOjzhV2sgJJPt+HY6KhU7VZUL0fKZQ=", @@ -2472,7 +2524,7 @@ "type": "github" } }, - "flake-utils_11": { + "flake-utils_12": { "locked": { "lastModified": 1659877975, "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", @@ -2487,7 +2539,7 @@ "type": "github" } }, - "flake-utils_12": { + "flake-utils_13": { "locked": { "lastModified": 1653893745, "narHash": "sha256-0jntwV3Z8//YwuOjzhV2sgJJPt+HY6KhU7VZUL0fKZQ=", @@ -2502,7 +2554,7 @@ "type": "github" } }, - "flake-utils_13": { + "flake-utils_14": { "locked": { "lastModified": 1659877975, "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", @@ -2517,7 +2569,7 @@ "type": "github" } }, - "flake-utils_14": { + "flake-utils_15": { "locked": { "lastModified": 1667395993, "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", @@ -2532,7 +2584,7 @@ "type": "github" } }, - "flake-utils_15": { + "flake-utils_16": { "locked": { "lastModified": 1644229661, "narHash": "sha256-1YdnJAsNy69bpcjuoKdOYQX0YxZBiCYZo4Twxerqv7k=", @@ -2547,7 +2599,7 @@ "type": "github" } }, - "flake-utils_16": { + "flake-utils_17": { "locked": { "lastModified": 1667395993, "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", @@ -2562,7 +2614,7 @@ "type": "github" } }, - "flake-utils_17": { + "flake-utils_18": { "locked": { "lastModified": 1653893745, "narHash": "sha256-0jntwV3Z8//YwuOjzhV2sgJJPt+HY6KhU7VZUL0fKZQ=", @@ -2577,7 +2629,7 @@ "type": "github" } }, - "flake-utils_18": { + "flake-utils_19": { "locked": { "lastModified": 1659877975, "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", @@ -2592,7 +2644,7 @@ "type": "github" } }, - "flake-utils_19": { + "flake-utils_2": { "locked": { "lastModified": 1653893745, "narHash": "sha256-0jntwV3Z8//YwuOjzhV2sgJJPt+HY6KhU7VZUL0fKZQ=", @@ -2607,7 +2659,7 @@ "type": "github" } }, - "flake-utils_2": { + "flake-utils_20": { "locked": { "lastModified": 1653893745, "narHash": "sha256-0jntwV3Z8//YwuOjzhV2sgJJPt+HY6KhU7VZUL0fKZQ=", @@ -2622,7 +2674,7 @@ "type": "github" } }, - "flake-utils_20": { + "flake-utils_21": { "inputs": { "systems": "systems_5" }, @@ -2640,7 +2692,7 @@ "type": "github" } }, - "flake-utils_21": { + "flake-utils_22": { "locked": { "lastModified": 1667395993, "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", @@ -2655,7 +2707,7 @@ "type": "github" } }, - "flake-utils_22": { + "flake-utils_23": { "locked": { "lastModified": 1653893745, "narHash": "sha256-0jntwV3Z8//YwuOjzhV2sgJJPt+HY6KhU7VZUL0fKZQ=", @@ -2670,7 +2722,7 @@ "type": "github" } }, - "flake-utils_23": { + "flake-utils_24": { "locked": { "lastModified": 1659877975, "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", @@ -2685,7 +2737,7 @@ "type": "github" } }, - "flake-utils_24": { + "flake-utils_25": { "locked": { "lastModified": 1653893745, "narHash": "sha256-0jntwV3Z8//YwuOjzhV2sgJJPt+HY6KhU7VZUL0fKZQ=", @@ -2700,7 +2752,7 @@ "type": "github" } }, - "flake-utils_25": { + "flake-utils_26": { "locked": { "lastModified": 1659877975, "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", @@ -2715,7 +2767,7 @@ "type": "github" } }, - "flake-utils_26": { + "flake-utils_27": { "locked": { "lastModified": 1667395993, "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", @@ -2730,7 +2782,7 @@ "type": "github" } }, - "flake-utils_27": { + "flake-utils_28": { "locked": { "lastModified": 1644229661, "narHash": "sha256-1YdnJAsNy69bpcjuoKdOYQX0YxZBiCYZo4Twxerqv7k=", @@ -2806,15 +2858,12 @@ } }, "flake-utils_7": { - "inputs": { - "systems": "systems_2" - }, "locked": { - "lastModified": 1710146030, - "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "lastModified": 1659877975, + "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", "owner": "numtide", "repo": "flake-utils", - "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0", "type": "github" }, "original": { @@ -2825,7 +2874,7 @@ }, "flake-utils_8": { "inputs": { - "systems": "systems_3" + "systems": "systems_2" }, "locked": { "lastModified": 1710146030, @@ -2842,12 +2891,15 @@ } }, "flake-utils_9": { + "inputs": { + "systems": "systems_3" + }, "locked": { - "lastModified": 1667395993, - "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", "owner": "numtide", "repo": "flake-utils", - "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", "type": "github" }, "original": { @@ -3201,7 +3253,7 @@ }, "gomod2nix_2": { "inputs": { - "nixpkgs": "nixpkgs_11", + "nixpkgs": "nixpkgs_12", "utils": "utils_3" }, "locked": { @@ -3220,7 +3272,7 @@ }, "gomod2nix_3": { "inputs": { - "nixpkgs": "nixpkgs_24", + "nixpkgs": "nixpkgs_25", "utils": "utils_5" }, "locked": { @@ -3239,7 +3291,7 @@ }, "gomod2nix_4": { "inputs": { - "nixpkgs": "nixpkgs_31", + "nixpkgs": "nixpkgs_32", "utils": "utils_7" }, "locked": { @@ -3414,7 +3466,7 @@ "cabal-34": "cabal-34_2", "cabal-36": "cabal-36_2", "cardano-shell": "cardano-shell_2", - "flake-compat": "flake-compat_7", + "flake-compat": "flake-compat_8", "ghc-8.6.5-iohk": "ghc-8.6.5-iohk_2", "ghc98X": "ghc98X_2", "ghc99": "ghc99_2", @@ -3471,7 +3523,7 @@ "cabal-34": "cabal-34_3", "cabal-36": "cabal-36_3", "cardano-shell": "cardano-shell_3", - "flake-compat": "flake-compat_9", + "flake-compat": "flake-compat_10", "ghc-8.6.5-iohk": "ghc-8.6.5-iohk_3", "ghc98X": "ghc98X_3", "ghc99": "ghc99_3", @@ -3524,7 +3576,7 @@ "cabal-34": "cabal-34_4", "cabal-36": "cabal-36_4", "cardano-shell": "cardano-shell_4", - "flake-compat": "flake-compat_12", + "flake-compat": "flake-compat_13", "ghc-8.6.5-iohk": "ghc-8.6.5-iohk_4", "ghc910X": "ghc910X", "ghc911": "ghc911", @@ -3582,7 +3634,7 @@ "cabal-34": "cabal-34_5", "cabal-36": "cabal-36_5", "cardano-shell": "cardano-shell_5", - "flake-compat": "flake-compat_15", + "flake-compat": "flake-compat_16", "ghc-8.6.5-iohk": "ghc-8.6.5-iohk_5", "ghc98X": "ghc98X_4", "ghc99": "ghc99_4", @@ -3641,7 +3693,7 @@ "cabal-34": "cabal-34_6", "cabal-36": "cabal-36_6", "cardano-shell": "cardano-shell_6", - "flake-compat": "flake-compat_17", + "flake-compat": "flake-compat_18", "ghc-8.6.5-iohk": "ghc-8.6.5-iohk_6", "ghc98X": "ghc98X_5", "ghc99": "ghc99_5", @@ -3709,7 +3761,7 @@ }, "haumea_2": { "inputs": { - "nixpkgs": "nixpkgs_17" + "nixpkgs": "nixpkgs_18" }, "locked": { "lastModified": 1685133229, @@ -3752,7 +3804,7 @@ }, "haumea_4": { "inputs": { - "nixpkgs": "nixpkgs_37" + "nixpkgs": "nixpkgs_38" }, "locked": { "lastModified": 1685133229, @@ -4676,15 +4728,15 @@ "cardano-node": "cardano-node_3", "hydra": "hydra_6", "naersk": "naersk", - "nixpkgs": "nixpkgs_45", + "nixpkgs": "nixpkgs_46", "utils": "utils_9" }, "locked": { - "lastModified": 1722622512, - "narHash": "sha256-0IYnBMa8UJPgXn55N3YKEwnbXG4/kVGY/kPhm5l/cCQ=", + "lastModified": 1723091016, + "narHash": "sha256-rWJ1y7IojaXtBMowU7GE8sBkFksG5k4E93zSN4lhUgQ=", "owner": "cardano-scaling", "repo": "hydra-control-plane", - "rev": "4e686a3e4fef9a2f12af16be12a47a7336d14a70", + "rev": "2ff6b279025b7df05fd174a703f061aebe67246f", "type": "github" }, "original": { @@ -5056,7 +5108,7 @@ "iohk-nix": { "inputs": { "blst": "blst_3", - "nixpkgs": "nixpkgs_21", + "nixpkgs": "nixpkgs_22", "secp256k1": "secp256k1_3", "sodium": "sodium_3" }, @@ -5077,7 +5129,7 @@ "iohk-nix_2": { "inputs": { "blst": "blst_6", - "nixpkgs": "nixpkgs_41", + "nixpkgs": "nixpkgs_42", "secp256k1": "secp256k1_6", "sodium": "sodium_6" }, @@ -5314,7 +5366,7 @@ }, "lint-utils": { "inputs": { - "flake-utils": "flake-utils_15", + "flake-utils": "flake-utils_16", "nixpkgs": [ "hydra", "haskellNix", @@ -5337,7 +5389,7 @@ }, "lint-utils_2": { "inputs": { - "flake-utils": "flake-utils_27", + "flake-utils": "flake-utils_28", "nixpkgs": [ "hydra-control-plane", "hydra", @@ -5475,7 +5527,7 @@ "inputs": { "crane": "crane_3", "flake-parts": "flake-parts_3", - "nixpkgs": "nixpkgs_22", + "nixpkgs": "nixpkgs_23", "treefmt-nix": "treefmt-nix" }, "locked": { @@ -5497,7 +5549,7 @@ "inputs": { "crane": "crane_5", "flake-parts": "flake-parts_5", - "nixpkgs": "nixpkgs_42", + "nixpkgs": "nixpkgs_43", "treefmt-nix": "treefmt-nix_2" }, "locked": { @@ -5637,7 +5689,7 @@ }, "n2c_5": { "inputs": { - "flake-utils": "flake-utils_19", + "flake-utils": "flake-utils_20", "nixpkgs": [ "hydra-control-plane", "cardano-node", @@ -5729,7 +5781,7 @@ }, "naersk": { "inputs": { - "nixpkgs": "nixpkgs_44" + "nixpkgs": "nixpkgs_45" }, "locked": { "lastModified": 1718727675, @@ -5825,7 +5877,7 @@ }, "nix-nomad_2": { "inputs": { - "flake-compat": "flake-compat_5", + "flake-compat": "flake-compat_6", "flake-utils": [ "hydra", "cardano-node", @@ -5866,7 +5918,7 @@ }, "nix-nomad_3": { "inputs": { - "flake-compat": "flake-compat_10", + "flake-compat": "flake-compat_11", "flake-utils": [ "hydra-control-plane", "cardano-node", @@ -5907,7 +5959,7 @@ }, "nix-nomad_4": { "inputs": { - "flake-compat": "flake-compat_13", + "flake-compat": "flake-compat_14", "flake-utils": [ "hydra-control-plane", "hydra", @@ -5951,7 +6003,7 @@ }, "nix-npm-buildpackage": { "inputs": { - "nixpkgs": "nixpkgs_23" + "nixpkgs": "nixpkgs_24" }, "locked": { "lastModified": 1686315622, @@ -5969,7 +6021,7 @@ }, "nix-npm-buildpackage_2": { "inputs": { - "nixpkgs": "nixpkgs_43" + "nixpkgs": "nixpkgs_44" }, "locked": { "lastModified": 1686315622, @@ -6110,8 +6162,8 @@ }, "nix2container_3": { "inputs": { - "flake-utils": "flake-utils_10", - "nixpkgs": "nixpkgs_12" + "flake-utils": "flake-utils_11", + "nixpkgs": "nixpkgs_13" }, "locked": { "lastModified": 1658567952, @@ -6129,8 +6181,8 @@ }, "nix2container_4": { "inputs": { - "flake-utils": "flake-utils_12", - "nixpkgs": "nixpkgs_16" + "flake-utils": "flake-utils_13", + "nixpkgs": "nixpkgs_17" }, "locked": { "lastModified": 1671269339, @@ -6148,8 +6200,8 @@ }, "nix2container_5": { "inputs": { - "flake-utils": "flake-utils_17", - "nixpkgs": "nixpkgs_25" + "flake-utils": "flake-utils_18", + "nixpkgs": "nixpkgs_26" }, "locked": { "lastModified": 1658567952, @@ -6167,8 +6219,8 @@ }, "nix2container_6": { "inputs": { - "flake-utils": "flake-utils_20", - "nixpkgs": "nixpkgs_29" + "flake-utils": "flake-utils_21", + "nixpkgs": "nixpkgs_30" }, "locked": { "lastModified": 1712990762, @@ -6186,8 +6238,8 @@ }, "nix2container_7": { "inputs": { - "flake-utils": "flake-utils_22", - "nixpkgs": "nixpkgs_32" + "flake-utils": "flake-utils_23", + "nixpkgs": "nixpkgs_33" }, "locked": { "lastModified": 1658567952, @@ -6205,8 +6257,8 @@ }, "nix2container_8": { "inputs": { - "flake-utils": "flake-utils_24", - "nixpkgs": "nixpkgs_36" + "flake-utils": "flake-utils_25", + "nixpkgs": "nixpkgs_37" }, "locked": { "lastModified": 1671269339, @@ -6225,7 +6277,7 @@ "nix_2": { "inputs": { "lowdown-src": "lowdown-src_2", - "nixpkgs": "nixpkgs_15", + "nixpkgs": "nixpkgs_16", "nixpkgs-regression": "nixpkgs-regression_2" }, "locked": { @@ -6246,7 +6298,7 @@ "nix_3": { "inputs": { "lowdown-src": "lowdown-src_3", - "nixpkgs": "nixpkgs_20", + "nixpkgs": "nixpkgs_21", "nixpkgs-regression": "nixpkgs-regression_3" }, "locked": { @@ -6267,7 +6319,7 @@ "nix_4": { "inputs": { "lowdown-src": "lowdown-src_4", - "nixpkgs": "nixpkgs_28", + "nixpkgs": "nixpkgs_29", "nixpkgs-regression": "nixpkgs-regression_4" }, "locked": { @@ -6288,7 +6340,7 @@ "nix_5": { "inputs": { "lowdown-src": "lowdown-src_5", - "nixpkgs": "nixpkgs_35", + "nixpkgs": "nixpkgs_36", "nixpkgs-regression": "nixpkgs-regression_5" }, "locked": { @@ -6309,7 +6361,7 @@ "nix_6": { "inputs": { "lowdown-src": "lowdown-src_6", - "nixpkgs": "nixpkgs_40", + "nixpkgs": "nixpkgs_41", "nixpkgs-regression": "nixpkgs-regression_6" }, "locked": { @@ -7464,6 +7516,22 @@ "type": "github" } }, + "nixpkgs-stable": { + "locked": { + "lastModified": 1721524707, + "narHash": "sha256-5NctRsoE54N86nWd0psae70YSLfrOek3Kv1e8KoXe/0=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "556533a23879fc7e5f98dd2e0b31a6911a213171", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "release-24.05", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs-unstable": { "locked": { "lastModified": 1694822471, @@ -7561,6 +7629,22 @@ } }, "nixpkgs_10": { + "locked": { + "lastModified": 1696019113, + "narHash": "sha256-X3+DKYWJm93DRSdC5M6K5hLqzSya9BjibtBsuARoPco=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "f5892ddac112a1e9b3612c39af1b72987ee5783a", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_11": { "locked": { "lastModified": 1715395895, "narHash": "sha256-DreMqi6+qa21ffLQqhMQL2XRUkAGt3N7iVB5FhJKie4=", @@ -7576,7 +7660,7 @@ "type": "github" } }, - "nixpkgs_11": { + "nixpkgs_12": { "locked": { "lastModified": 1653581809, "narHash": "sha256-Uvka0V5MTGbeOfWte25+tfRL3moECDh1VwokWSZUdoY=", @@ -7592,7 +7676,7 @@ "type": "github" } }, - "nixpkgs_12": { + "nixpkgs_13": { "locked": { "lastModified": 1654807842, "narHash": "sha256-ADymZpr6LuTEBXcy6RtFHcUZdjKTBRTMYwu19WOx17E=", @@ -7607,7 +7691,7 @@ "type": "github" } }, - "nixpkgs_13": { + "nixpkgs_14": { "locked": { "lastModified": 1675940568, "narHash": "sha256-epG6pOT9V0kS+FUqd7R6/CWkgnZx2DMT5Veqo+y6G3c=", @@ -7623,7 +7707,7 @@ "type": "github" } }, - "nixpkgs_14": { + "nixpkgs_15": { "locked": { "lastModified": 1642336556, "narHash": "sha256-QSPPbFEwy0T0DrIuSzAACkaANPQaR1lZR/nHZGz9z04=", @@ -7637,7 +7721,7 @@ "type": "indirect" } }, - "nixpkgs_15": { + "nixpkgs_16": { "locked": { "lastModified": 1657693803, "narHash": "sha256-G++2CJ9u0E7NNTAi9n5G8TdDmGJXcIjkJ3NF8cetQB8=", @@ -7653,7 +7737,7 @@ "type": "github" } }, - "nixpkgs_16": { + "nixpkgs_17": { "locked": { "lastModified": 1654807842, "narHash": "sha256-ADymZpr6LuTEBXcy6RtFHcUZdjKTBRTMYwu19WOx17E=", @@ -7668,7 +7752,7 @@ "type": "github" } }, - "nixpkgs_17": { + "nixpkgs_18": { "locked": { "lastModified": 1681001314, "narHash": "sha256-5sDnCLdrKZqxLPK4KA8+f4A3YKO/u6ElpMILvX0g72c=", @@ -7683,7 +7767,7 @@ "type": "github" } }, - "nixpkgs_18": { + "nixpkgs_19": { "locked": { "lastModified": 1675940568, "narHash": "sha256-epG6pOT9V0kS+FUqd7R6/CWkgnZx2DMT5Veqo+y6G3c=", @@ -7699,38 +7783,38 @@ "type": "github" } }, - "nixpkgs_19": { + "nixpkgs_2": { "locked": { - "lastModified": 1677063315, - "narHash": "sha256-qiB4ajTeAOVnVSAwCNEEkoybrAlA+cpeiBxLobHndE8=", - "owner": "nixos", + "lastModified": 1654807842, + "narHash": "sha256-ADymZpr6LuTEBXcy6RtFHcUZdjKTBRTMYwu19WOx17E=", + "owner": "NixOS", "repo": "nixpkgs", - "rev": "988cc958c57ce4350ec248d2d53087777f9e1949", + "rev": "fc909087cc3386955f21b4665731dbdaceefb1d8", "type": "github" }, "original": { - "owner": "nixos", - "ref": "nixos-unstable", + "owner": "NixOS", "repo": "nixpkgs", "type": "github" } }, - "nixpkgs_2": { + "nixpkgs_20": { "locked": { - "lastModified": 1654807842, - "narHash": "sha256-ADymZpr6LuTEBXcy6RtFHcUZdjKTBRTMYwu19WOx17E=", - "owner": "NixOS", + "lastModified": 1677063315, + "narHash": "sha256-qiB4ajTeAOVnVSAwCNEEkoybrAlA+cpeiBxLobHndE8=", + "owner": "nixos", "repo": "nixpkgs", - "rev": "fc909087cc3386955f21b4665731dbdaceefb1d8", + "rev": "988cc958c57ce4350ec248d2d53087777f9e1949", "type": "github" }, "original": { - "owner": "NixOS", + "owner": "nixos", + "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } }, - "nixpkgs_20": { + "nixpkgs_21": { "locked": { "lastModified": 1657693803, "narHash": "sha256-G++2CJ9u0E7NNTAi9n5G8TdDmGJXcIjkJ3NF8cetQB8=", @@ -7746,7 +7830,7 @@ "type": "github" } }, - "nixpkgs_21": { + "nixpkgs_22": { "locked": { "lastModified": 1684171562, "narHash": "sha256-BMUWjVWAUdyMWKk0ATMC9H0Bv4qAV/TXwwPUvTiC5IQ=", @@ -7762,7 +7846,7 @@ "type": "github" } }, - "nixpkgs_22": { + "nixpkgs_23": { "locked": { "lastModified": 1708976803, "narHash": "sha256-yvRygcySjjSvj5JTaCdo7lPqJ/2mBV2XQ94Oaq/14qw=", @@ -7778,7 +7862,7 @@ "type": "github" } }, - "nixpkgs_23": { + "nixpkgs_24": { "locked": { "lastModified": 1653917367, "narHash": "sha256-04MsJC0g9kE01nBuXThMppZK+yvCZECQnUaZKSU+HJo=", @@ -7792,7 +7876,7 @@ "type": "indirect" } }, - "nixpkgs_24": { + "nixpkgs_25": { "locked": { "lastModified": 1653581809, "narHash": "sha256-Uvka0V5MTGbeOfWte25+tfRL3moECDh1VwokWSZUdoY=", @@ -7808,7 +7892,7 @@ "type": "github" } }, - "nixpkgs_25": { + "nixpkgs_26": { "locked": { "lastModified": 1654807842, "narHash": "sha256-ADymZpr6LuTEBXcy6RtFHcUZdjKTBRTMYwu19WOx17E=", @@ -7823,7 +7907,7 @@ "type": "github" } }, - "nixpkgs_26": { + "nixpkgs_27": { "locked": { "lastModified": 1665087388, "narHash": "sha256-FZFPuW9NWHJteATOf79rZfwfRn5fE0wi9kRzvGfDHPA=", @@ -7839,7 +7923,7 @@ "type": "github" } }, - "nixpkgs_27": { + "nixpkgs_28": { "locked": { "lastModified": 1642336556, "narHash": "sha256-QSPPbFEwy0T0DrIuSzAACkaANPQaR1lZR/nHZGz9z04=", @@ -7853,7 +7937,7 @@ "type": "indirect" } }, - "nixpkgs_28": { + "nixpkgs_29": { "locked": { "lastModified": 1657693803, "narHash": "sha256-G++2CJ9u0E7NNTAi9n5G8TdDmGJXcIjkJ3NF8cetQB8=", @@ -7869,38 +7953,38 @@ "type": "github" } }, - "nixpkgs_29": { + "nixpkgs_3": { "locked": { - "lastModified": 1712920918, - "narHash": "sha256-1yxFvUcJfUphK9V91KufIQom7gCsztza0H4Rz2VCWUU=", - "owner": "NixOS", + "lastModified": 1675940568, + "narHash": "sha256-epG6pOT9V0kS+FUqd7R6/CWkgnZx2DMT5Veqo+y6G3c=", + "owner": "nixos", "repo": "nixpkgs", - "rev": "92323443a56f4e9fc4e4b712e3119f66d0969297", + "rev": "6ccc4a59c3f1b56d039d93da52696633e641bc71", "type": "github" }, "original": { - "owner": "NixOS", + "owner": "nixos", + "ref": "nixpkgs-unstable", "repo": "nixpkgs", "type": "github" } }, - "nixpkgs_3": { + "nixpkgs_30": { "locked": { - "lastModified": 1675940568, - "narHash": "sha256-epG6pOT9V0kS+FUqd7R6/CWkgnZx2DMT5Veqo+y6G3c=", - "owner": "nixos", + "lastModified": 1712920918, + "narHash": "sha256-1yxFvUcJfUphK9V91KufIQom7gCsztza0H4Rz2VCWUU=", + "owner": "NixOS", "repo": "nixpkgs", - "rev": "6ccc4a59c3f1b56d039d93da52696633e641bc71", + "rev": "92323443a56f4e9fc4e4b712e3119f66d0969297", "type": "github" }, "original": { - "owner": "nixos", - "ref": "nixpkgs-unstable", + "owner": "NixOS", "repo": "nixpkgs", "type": "github" } }, - "nixpkgs_30": { + "nixpkgs_31": { "locked": { "lastModified": 1708343346, "narHash": "sha256-qlzHvterVRzS8fS0ophQpkh0rqw0abijHEOAKm0HmV0=", @@ -7916,7 +8000,7 @@ "type": "github" } }, - "nixpkgs_31": { + "nixpkgs_32": { "locked": { "lastModified": 1653581809, "narHash": "sha256-Uvka0V5MTGbeOfWte25+tfRL3moECDh1VwokWSZUdoY=", @@ -7932,7 +8016,7 @@ "type": "github" } }, - "nixpkgs_32": { + "nixpkgs_33": { "locked": { "lastModified": 1654807842, "narHash": "sha256-ADymZpr6LuTEBXcy6RtFHcUZdjKTBRTMYwu19WOx17E=", @@ -7947,7 +8031,7 @@ "type": "github" } }, - "nixpkgs_33": { + "nixpkgs_34": { "locked": { "lastModified": 1675940568, "narHash": "sha256-epG6pOT9V0kS+FUqd7R6/CWkgnZx2DMT5Veqo+y6G3c=", @@ -7963,7 +8047,7 @@ "type": "github" } }, - "nixpkgs_34": { + "nixpkgs_35": { "locked": { "lastModified": 1642336556, "narHash": "sha256-QSPPbFEwy0T0DrIuSzAACkaANPQaR1lZR/nHZGz9z04=", @@ -7977,7 +8061,7 @@ "type": "indirect" } }, - "nixpkgs_35": { + "nixpkgs_36": { "locked": { "lastModified": 1657693803, "narHash": "sha256-G++2CJ9u0E7NNTAi9n5G8TdDmGJXcIjkJ3NF8cetQB8=", @@ -7993,7 +8077,7 @@ "type": "github" } }, - "nixpkgs_36": { + "nixpkgs_37": { "locked": { "lastModified": 1654807842, "narHash": "sha256-ADymZpr6LuTEBXcy6RtFHcUZdjKTBRTMYwu19WOx17E=", @@ -8008,7 +8092,7 @@ "type": "github" } }, - "nixpkgs_37": { + "nixpkgs_38": { "locked": { "lastModified": 1681001314, "narHash": "sha256-5sDnCLdrKZqxLPK4KA8+f4A3YKO/u6ElpMILvX0g72c=", @@ -8023,7 +8107,7 @@ "type": "github" } }, - "nixpkgs_38": { + "nixpkgs_39": { "locked": { "lastModified": 1675940568, "narHash": "sha256-epG6pOT9V0kS+FUqd7R6/CWkgnZx2DMT5Veqo+y6G3c=", @@ -8039,22 +8123,6 @@ "type": "github" } }, - "nixpkgs_39": { - "locked": { - "lastModified": 1677063315, - "narHash": "sha256-qiB4ajTeAOVnVSAwCNEEkoybrAlA+cpeiBxLobHndE8=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "988cc958c57ce4350ec248d2d53087777f9e1949", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs_4": { "locked": { "lastModified": 1642336556, @@ -8070,6 +8138,22 @@ } }, "nixpkgs_40": { + "locked": { + "lastModified": 1677063315, + "narHash": "sha256-qiB4ajTeAOVnVSAwCNEEkoybrAlA+cpeiBxLobHndE8=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "988cc958c57ce4350ec248d2d53087777f9e1949", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_41": { "locked": { "lastModified": 1657693803, "narHash": "sha256-G++2CJ9u0E7NNTAi9n5G8TdDmGJXcIjkJ3NF8cetQB8=", @@ -8085,7 +8169,7 @@ "type": "github" } }, - "nixpkgs_41": { + "nixpkgs_42": { "locked": { "lastModified": 1684171562, "narHash": "sha256-BMUWjVWAUdyMWKk0ATMC9H0Bv4qAV/TXwwPUvTiC5IQ=", @@ -8101,7 +8185,7 @@ "type": "github" } }, - "nixpkgs_42": { + "nixpkgs_43": { "locked": { "lastModified": 1708976803, "narHash": "sha256-yvRygcySjjSvj5JTaCdo7lPqJ/2mBV2XQ94Oaq/14qw=", @@ -8117,7 +8201,7 @@ "type": "github" } }, - "nixpkgs_43": { + "nixpkgs_44": { "locked": { "lastModified": 1653917367, "narHash": "sha256-04MsJC0g9kE01nBuXThMppZK+yvCZECQnUaZKSU+HJo=", @@ -8131,7 +8215,7 @@ "type": "indirect" } }, - "nixpkgs_44": { + "nixpkgs_45": { "locked": { "lastModified": 1720087678, "narHash": "sha256-uOhYJU3ldDKXYV+mFaXcPtyjq/UIMh/6SCuoVNU9rxM=", @@ -8145,7 +8229,7 @@ "type": "indirect" } }, - "nixpkgs_45": { + "nixpkgs_46": { "locked": { "lastModified": 1720087678, "narHash": "sha256-uOhYJU3ldDKXYV+mFaXcPtyjq/UIMh/6SCuoVNU9rxM=", @@ -8161,7 +8245,7 @@ "type": "github" } }, - "nixpkgs_46": { + "nixpkgs_47": { "locked": { "lastModified": 1721686456, "narHash": "sha256-nw/BnNzATDPfzpJVTnY8mcSKKsz6BJMEFRkJ332QSN0=", @@ -8177,6 +8261,22 @@ "type": "github" } }, + "nixpkgs_48": { + "locked": { + "lastModified": 1721466660, + "narHash": "sha256-pFSxgSZqZ3h+5Du0KvEL1ccDZBwu4zvOil1zzrPNb3c=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "6e14bbce7bea6c4efd7adfa88a40dac750d80100", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs_5": { "locked": { "lastModified": 1657693803, @@ -9136,14 +9236,17 @@ "root": { "inputs": { "cardano-node": "cardano-node", + "colmena": "colmena", "doom-wasm": "doom-wasm", "flake-parts": "flake-parts", - "flake-utils": "flake-utils_8", + "flake-utils": "flake-utils_9", "hydra": "hydra_2", "hydra-control-plane": "hydra-control-plane", "nix-inclusive": "nix-inclusive", - "nixpkgs": "nixpkgs_46", - "process-compose-flake": "process-compose-flake" + "nixpkgs": "nixpkgs_47", + "process-compose-flake": "process-compose-flake", + "sops-nix": "sops-nix", + "treefmt-nix": "treefmt-nix_3" } }, "rust-analyzer-src": { @@ -9500,6 +9603,41 @@ "type": "github" } }, + "sops-nix": { + "inputs": { + "nixpkgs": "nixpkgs_48", + "nixpkgs-stable": "nixpkgs-stable" + }, + "locked": { + "lastModified": 1722897572, + "narHash": "sha256-3m/iyyjCdRBF8xyehf59QlckIcmShyTesymSb+N4Ap4=", + "owner": "Mic92", + "repo": "sops-nix", + "rev": "8ae477955dfd9cbf5fa4eb82a8db8ddbb94e79d9", + "type": "github" + }, + "original": { + "owner": "Mic92", + "repo": "sops-nix", + "type": "github" + } + }, + "stable": { + "locked": { + "lastModified": 1696039360, + "narHash": "sha256-g7nIUV4uq1TOVeVIDEZLb005suTWCUjSY0zYOlSBsyE=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "32dcb45f66c0487e92db8303a798ebc548cadedc", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-23.05", + "repo": "nixpkgs", + "type": "github" + } + }, "stackage": { "flake": false, "locked": { @@ -9703,7 +9841,7 @@ "blank": "blank_3", "devshell": "devshell_3", "dmerge": "dmerge_3", - "flake-utils": "flake-utils_11", + "flake-utils": "flake-utils_12", "incl": "incl_3", "makes": [ "hydra", @@ -9723,7 +9861,7 @@ ], "n2c": "n2c_3", "nixago": "nixago_3", - "nixpkgs": "nixpkgs_13", + "nixpkgs": "nixpkgs_14", "paisano": "paisano_3", "paisano-tui": "paisano-tui_3", "yants": "yants_3" @@ -9753,7 +9891,7 @@ "blank": "blank_4", "devshell": "devshell_4", "dmerge": "dmerge_4", - "flake-utils": "flake-utils_13", + "flake-utils": "flake-utils_14", "haumea": "haumea_2", "incl": "incl_4", "makes": [ @@ -9770,7 +9908,7 @@ ], "n2c": "n2c_4", "nixago": "nixago_4", - "nixpkgs": "nixpkgs_18", + "nixpkgs": "nixpkgs_19", "paisano": "paisano_4", "paisano-mdbook-preprocessor": "paisano-mdbook-preprocessor_2", "paisano-tui": "paisano-tui_4", @@ -9795,7 +9933,7 @@ "blank": "blank_5", "devshell": "devshell_5", "dmerge": "dmerge_5", - "flake-utils": "flake-utils_18", + "flake-utils": "flake-utils_19", "makes": [ "hydra-control-plane", "cardano-node", @@ -9815,7 +9953,7 @@ ], "n2c": "n2c_5", "nixago": "nixago_5", - "nixpkgs": "nixpkgs_26", + "nixpkgs": "nixpkgs_27", "yants": "yants_5" }, "locked": { @@ -9875,7 +10013,7 @@ "std", "blank" ], - "nixpkgs": "nixpkgs_30", + "nixpkgs": "nixpkgs_31", "paisano": "paisano_5", "paisano-tui": "paisano-tui_5", "terranix": [ @@ -9914,7 +10052,7 @@ "blank": "blank_7", "devshell": "devshell_6", "dmerge": "dmerge_7", - "flake-utils": "flake-utils_23", + "flake-utils": "flake-utils_24", "incl": "incl_6", "makes": [ "hydra-control-plane", @@ -9936,7 +10074,7 @@ ], "n2c": "n2c_6", "nixago": "nixago_6", - "nixpkgs": "nixpkgs_33", + "nixpkgs": "nixpkgs_34", "paisano": "paisano_6", "paisano-tui": "paisano-tui_6", "yants": "yants_7" @@ -9967,7 +10105,7 @@ "blank": "blank_8", "devshell": "devshell_7", "dmerge": "dmerge_8", - "flake-utils": "flake-utils_25", + "flake-utils": "flake-utils_26", "haumea": "haumea_4", "incl": "incl_7", "makes": [ @@ -9986,7 +10124,7 @@ ], "n2c": "n2c_7", "nixago": "nixago_7", - "nixpkgs": "nixpkgs_38", + "nixpkgs": "nixpkgs_39", "paisano": "paisano_7", "paisano-mdbook-preprocessor": "paisano-mdbook-preprocessor_3", "paisano-tui": "paisano-tui_7", @@ -10186,6 +10324,26 @@ "type": "github" } }, + "treefmt-nix_3": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1722330636, + "narHash": "sha256-uru7JzOa33YlSRwf9sfXpJG+UAV+bnBEYMjrzKrQZFw=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "768acdb06968e53aa1ee8de207fd955335c754b7", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } + }, "tullia": { "inputs": { "nix-nomad": "nix-nomad", diff --git a/flake.nix b/flake.nix index fa941819..3b6bed81 100644 --- a/flake.nix +++ b/flake.nix @@ -10,276 +10,24 @@ hydra-control-plane.url = "github:cardano-scaling/hydra-control-plane"; doom-wasm.url = "github:cardano-scaling/doom-wasm"; nix-inclusive.url = "github:input-output-hk/nix-inclusive"; + colmena.url = "github:zhaofengli/colmena"; + sops-nix.url = "github:Mic92/sops-nix"; + treefmt-nix.url = "github:numtide/treefmt-nix"; + treefmt-nix.inputs.nixpkgs.follows = "nixpkgs"; }; - outputs = { self, flake-parts, nixpkgs, ... }@ inputs: - flake-parts.lib.mkFlake { inherit inputs; } { - imports = [ + outputs = { self, flake-parts, nixpkgs, ... }@ inputs: let + inherit ((import ./flake/lib.nix {inherit inputs;}).flake.lib) recursiveImports; + in flake-parts.lib.mkFlake { inherit inputs; } { + imports = recursiveImports [ + ./flake + ./perSystem + ] ++ [ inputs.process-compose-flake.flakeModule + inputs.treefmt-nix.flakeModule ]; - flake = { - # Put your original flake attributes here. - }; systems = [ - # systems for which you want to build the `perSystem` attributes "x86_64-linux" - # ... ]; - perSystem = { config, system, pkgs, lib, ... }: - let - hydraDataDir = "state-hydra"; - # edit these to override defaults for serverUrl and doom wad file - controlPlaneHost = "0.0.0.0"; - controlPlanePort = "8000"; - controlPlaneUrl = "http://${controlPlaneHost}:${controlPlanePort}"; - doomWad = pkgs.fetchurl { - url = "https://distro.ibiblio.org/slitaz/sources/packages/d/doom1.wad"; - sha256 = "sha256-HX1DvlAeZ9kn5BXguPPinDvzMHXoWXIYFvZSpSbKx3E="; - }; - mkHydraDoomStatic = - { serverUrl ? controlPlaneUrl - , wadFile ? doomWad - }: - let - src = inputs.nix-inclusive.lib.inclusive ./. [ - ./src - ./assets - ./fonts - ./package.json - ./package-lock.json - ./tsconfig.json - ./webpack.config.js - ]; - packageLock = builtins.fromJSON (builtins.readFile (src + "/package-lock.json")); - deps = builtins.attrValues (removeAttrs packageLock.packages [ "" ]); - - nodeModules = pkgs.writeTextFile { - name = "tarballs"; - text = '' - ${builtins.concatStringsSep "\n" (map (p: pkgs.fetchurl { url = p.resolved; hash = p.integrity; }) deps)} - ''; - }; - in - pkgs.stdenv.mkDerivation { - name = "hydra-doom-static"; - phases = [ "unpackPhase" "buildPhase" "installPhase" ]; - inherit src; - buildInputs = [ - pkgs.nodejs - pkgs.curl - pkgs.coreutils - ]; - buildPhase = '' - export HOME="$PWD/.home" - mkdir -p "$HOME" - export npm_config_cache=$HOME/.npm - while read package - do - echo "caching $package" - npm cache add "$package" - done <${nodeModules} > /dev/null - - ln -sf ${wadFile} assets/doom1.wad - ln -sf ${config.packages.doom-wasm}/websockets-doom.js assets/websockets-doom.js - ln -sf ${config.packages.doom-wasm}/websockets-doom.wasm assets/websockets-doom.wasm - ln -sf ${config.packages.doom-wasm}/websockets-doom.wasm.map assets/websockets-doom.wasm.map - - echo "SERVER_URL=${serverUrl}" > .env; - - npm install - head -n 1 node_modules/.bin/webpack - patchShebangs --build node_modules/webpack/bin/webpack.js - head -n 1 node_modules/.bin/webpack - npm run build - ''; - installPhase = '' - cp -a dist $out - ''; - }; - in - { - packages = { - inherit (inputs.hydra.packages.${system}) hydra-cluster hydra-tui hydra-node; - inherit (inputs.cardano-node.packages.${system}) cardano-node cardano-cli bech32; - inherit (inputs.hydra-control-plane.packages.${system}) hydra-control-plane; - inherit (inputs.doom-wasm.packages.${system}) doom-wasm; - hydra-cluster-wrapper = pkgs.writeShellApplication { - name = "hydra-cluster-wrapper"; - runtimeInputs = [ config.packages.cardano-node config.packages.cardano-cli ]; - text = '' - rm -rf "${hydraDataDir}" - ${lib.getExe' config.packages.hydra-cluster "hydra-cluster"} --devnet --publish-hydra-scripts --state-directory ${hydraDataDir} - ''; - }; - hydra-offline-wrapper = pkgs.writeShellApplication { - name = "hydra-offline-wrapper"; - runtimeInputs = [ config.packages.cardano-node config.packages.cardano-cli pkgs.jq ]; - text = '' - rm -rf "${hydraDataDir}" - mkdir -p "${hydraDataDir}" - cardano-cli address key-gen --normal-key --verification-key-file admin.vk --signing-key-file admin.sk - pushd ${hydraDataDir} - ${lib.getExe' config.packages.hydra-node "hydra-node"} gen-hydra-key --output-file hydra - curl https://raw.githubusercontent.com/cardano-scaling/hydra/0.17.0/hydra-cluster/config/protocol-parameters.json | jq '.utxoCostPerByte = 0' > protocol-parameters.json - cat > utxo.json << EOF - { - "0000000000000000000000000000000000000000000000000000000000000000#0": { - "address": "$(cardano-cli address build --verification-key-file ../admin.vk --testnet-magic 1)", - "value": { - "lovelace": 1000000000 - } - } - } - EOF - ${lib.getExe' config.packages.hydra-node "hydra-node"} offline \ - --hydra-signing-key hydra.sk \ - --ledger-protocol-parameters protocol-parameters.json \ - --initial-utxo utxo.json - popd - ''; - }; - hydra-doom-static-local = mkHydraDoomStatic { }; - hydra-doom-static-remote = mkHydraDoomStatic { serverUrl = "http://3.15.33.186:8000"; }; - hydra-doom-wrapper = pkgs.writeShellApplication { - name = "hydra-doom-wrapper"; - runtimeInputs = [ config.packages.bech32 pkgs.jq pkgs.git pkgs.nodejs ]; - text = '' - [ -f assets/doom1.wad ] || ln -s ${doomWad} assets/doom1.wad - ln -sf ${config.packages.doom-wasm}/websockets-doom.js assets/websockets-doom.js - ln -sf ${config.packages.doom-wasm}/websockets-doom.wasm assets/websockets-doom.wasm - ln -sf ${config.packages.doom-wasm}/websockets-doom.wasm.map assets/websockets-doom.wasm.map - sleep 1 - npm install - npm start - ''; - }; - hydra-tui-wrapper = pkgs.writeShellApplication { - name = "hydra-tui-wrapper"; - runtimeInputs = [ config.packages.hydra-tui ]; - text = '' - ${lib.getExe' config.packages.hydra-tui "hydra-tui"} -k admin.sk - ''; - }; - hydra-control-plane-wrapper = pkgs.writeShellApplication { - name = "hydra-control-plane-wrapper"; - text = '' - cat > Rocket.toml << EOF - [default] - ttl_minutes = 5 - max_players = 100 - port = ${controlPlanePort} - address = "${controlPlaneHost}" - - [[default.nodes]] - connection_url = "ws://127.0.0.1:4001" - admin_key_file = "admin.sk" - persisted = false - EOF - ${lib.getExe' config.packages.hydra-control-plane "hydra_control_plane"} - ''; - }; - qemu-run-iso = pkgs.writeShellApplication { - name = "qemu-run-iso"; - runtimeInputs = with pkgs; [ fd qemu_kvm ]; - - text = '' - if fd --type file --has-results 'nixos-.*\.iso' result/iso 2> /dev/null; then - echo "Symlinking the existing iso image for qemu:" - ln -sfv result/iso/nixos-*.iso result-iso - echo - else - echo "No iso file exists to run, please build one first, example:" - echo " nix build -L .#nixosConfigurations.kiosk-boot.config.system.build.isoImage" - exit - fi - - qemu-kvm \ - -smp 2 \ - -m 4G \ - -drive file=result-iso,format=raw,if=none,media=cdrom,id=drive-cd1,readonly=on \ - -device ahci,id=achi0 \ - -device ide-cd,bus=achi0.0,drive=drive-cd1,id=cd1,bootindex=1 \ - ''; - }; - }; - devShells.default = pkgs.mkShell - { - buildInputs = [ - config.packages.hydra-cluster - config.packages.hydra-node - config.packages.hydra-tui - config.packages.cardano-node - config.packages.cardano-cli - config.packages.bech32 - config.packages.hydra-offline-wrapper - config.packages.hydra-cluster-wrapper - config.packages.hydra-doom-wrapper - pkgs.nodejs - pkgs.jq - ]; - }; - process-compose."default" = - { - # httpServer.enable = true; - settings = { - #environment = { - #}; - - processes = { - #hydra-cluster = { - # command = config.packages.hydra-cluster-wrapper; - #}; - hydra-offline = { - command = config.packages.hydra-offline-wrapper; - }; - hydra-doom = { - command = config.packages.hydra-doom-wrapper; - depends_on."hydra-offline".condition = "process_started"; - availability = { - restart = "on_failure"; - backoff_seconds = 2; - }; - }; - hydra-control-plane = { - command = config.packages.hydra-control-plane-wrapper; - depends_on."hydra-offline".condition = "process_started"; - availability = { - restart = "on_failure"; - backoff_seconds = 2; - }; - }; - hydra-tui = { - command = config.packages.hydra-tui-wrapper; - depends_on."hydra-offline".condition = "process_started"; - is_foreground = true; - disabled = true; - }; - - # If a process is named 'test', it will be ignored. But a new - # flake check will be created that runs it so as to test the - # other processes. - #test = { - # command = pkgs.writeShellApplication { - # name = "hydra-doom-tests"; - # runtimeInputs = [ pkgs.curl ]; - # text = '' - # curl -v http://localhost:${builtins.toString port}/ - # ''; - # }; - # depends_on."sqlite-web".condition = "process_healthy"; - #}; - }; - }; - }; - - }; - flake.nixosConfigurations.kiosk-boot = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - modules = [ ./kiosk-boot.nix ]; - specialArgs = { - inherit self; - system = "x86_64-linux"; - }; - }; }; } diff --git a/flake/colmena.nix b/flake/colmena.nix new file mode 100644 index 00000000..fc61ddc3 --- /dev/null +++ b/flake/colmena.nix @@ -0,0 +1,148 @@ +{ + self, + inputs, + config, + lib, + ... +}: let + mkWireGuardTunnel = ips: privateKeyFile: { + networking.wireguard.interfaces.wg0 = { + inherit ips privateKeyFile; + listenPort = 51820; + peers = [ + { + publicKey = "RtwIQ8Ni8q+/E5tgYPFUnHrOhwAnkGOEe98h+vUYmyg="; + allowedIPs = [ "10.40.33.0/24" "10.40.9.1/32" ]; + endpoint = "prophet.samleathers.com:51820"; + persistentKeepalive = 30; + } + ]; + }; + }; + hydraCageLocal = { config, pkgs, ... }: { + services = { + cage = { + enable = true; + program = "${pkgs.google-chrome}/bin/google-chrome-stable --app=http://doom-offline.local"; + user = "nixos"; + }; + }; + }; + hydraCageRemote = { config, pkgs, ... }: { + services = { + cage = { + enable = true; + program = "${pkgs.google-chrome}/bin/google-chrome-stable --app=http://doom-remote.local"; + user = "nixos"; + }; + }; + }; + hydraBase = {inputs, config, pkgs, ...}: let + system = "x86_64-linux"; + in { + networking.hosts = lib.mkForce { + "127.0.0.1" = [ "localhost" "doom-remote.local" "doom-offline.local" ]; + "::1" = [ "localhost" "doom-remote.local" "doom-offline.local" ]; + }; + services = { + nginx = { + enable = true; + virtualHosts = { + "doom-remote.local" = { + root = self.packages.${system}.hydra-doom-static-remote; + extraConfig = '' + disable_symlinks off; + try_files $uri $uri /index.html; + ''; + }; + "doom-offline.local" = { + root = self.packages.${system}.hydra-doom-static-local; + extraConfig = '' + disable_symlinks off; + try_files $uri $uri /index.html; + ''; + }; + }; + }; + }; + }; + baseConfig = { pkgs, ...}: { + boot = { + loader.grub = { + enable = true; + efiInstallAsRemovable = true; + efiSupport = true; + device = "nodev"; + }; + + }; + nix = { + settings.sandbox = true; + settings.cores = 4; + settings.extra-sandbox-paths = [ "/etc/nsswitch.conf" "/etc/protocols" ]; + settings.substituters = [ "https://cache.nixos.org" "https://cache.iog.io" ]; + settings.trusted-public-keys = [ "hydra.iohk.io:f/Ea+s+dFdN+3Y/G+FDgSq+a5NEWhJGzdjvKNGv0/EQ=" ]; + extraOptions = '' + binary-caches-parallel-connections = 3 + connect-timeout = 5 + experimental-features = nix-command flakes + ''; + }; + nixpkgs.config.allowUnfree = true; + + environment.systemPackages = [ + pkgs.neovim + pkgs.ssh-to-age + ]; + + + services.openssh = { + enable = true; + settings = { + PasswordAuthentication = false; + PermitRootLogin = "without-password"; + }; + }; + systemd.services.sshd.wantedBy = lib.mkForce [ "multi-user.target" ]; + users.users.root.openssh.authorizedKeys.keys = [ + # we hard-code this because it runs on the system itself + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDEPOLnk4+mWNGOXd309PPxal8wgMzKXHnn7Jbu/SpSUYEc1EmjgnrVBcR0eDxgDmGD9zJ69wEH/zLQLPWjaTusiuF+bqAM/x7z7wwy1nZ48SYJw3Q+Xsgzeb0nvmNsPzb0mfnpI6av8MTHNt+xOqDnpC5B82h/voQ4m5DGMQz60ok2hMeh+sy4VIvX5zOVTOFPQqFR6BGDwtALiP5PwMfyScYXlebWHhDRdX9B0j9t+cqiy5utBUsl4cIUInE0KW7Z8Kf6gIsmQnfSZadqI857kdozU3IbaLoJc1C6LyVjzPFyC4+KUC11BmemTGdCjwcoqEZ0k5XtJaKFXacYYXi1l5MS7VdfHldFDZmMEMvfJG/PwvXN4prfOIjpy1521MJHGBNXRktvWhlNBgI1NUQlx7rGmPZmtrYdeclVnnY9Y4HIpkhm0iEt/XUZTMQpXhedd1BozpMp0h135an4uorIEUQnotkaGDwZIV3mSL8x4n6V02Qe2CYvqf4DcCSBv7D91N3JplJJKt7vV4ltwrseDPxDtCxXrQfSIQd0VGmwu1D9FzzDOuk/MGCiCMFCKIKngxZLzajjgfc9+rGLZ94iDz90jfk6GF4hgF78oFNfPEwoGl0soyZM7960QdBcHgB5QF9+9Yd6QhCb/6+ENM9sz6VLdAY7f/9hj/3Aq0Lm4Q== samuel.leathers@iohk.io" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIATbejW2TmxxkzFxDzU0Lw2S4Lig0UdSgl8xO761WVtd Adam Key" + ]; + }; +in { + flake.colmena = { + meta = { + nixpkgs = import inputs.nixpkgs { + system = "x86_64-linux"; + }; + }; + hydra-arcade-test = { config, pkgs, ... }: { + deployment = { + targetHost = "10.40.9.5"; + targetPort = 22; + targetUser = "root"; + }; + imports = [ + inputs.sops-nix.nixosModules.sops + baseConfig + hydraBase + hydraCageRemote + ../deployment/hydra-arcade-test/hardware-configuration.nix + (mkWireGuardTunnel [ "10.40.9.5/24" "fd00::5" ] config.sops.secrets.wg0PrivateKey.path) + ]; + networking.hostId = "3ceff0ad"; # required for zfs use + sops = { + defaultSopsFile = ../deployment/hydra-arcade-test/secrets.yaml; + age = { + sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"]; + }; + secrets.wg0PrivateKey = {}; + }; + }; + #hydra-arcade-2 = { name, nodes, pkgs, ... }: { + # deployment = { + # }; + #}; + }; +} diff --git a/flake/lib.nix b/flake/lib.nix new file mode 100644 index 00000000..56279e7b --- /dev/null +++ b/flake/lib.nix @@ -0,0 +1,38 @@ +{inputs, ...}: { + flake.lib = inputs.nixpkgs.lib.extend (_self: lib: { + recursiveImports = let + # Recursively constructs an attrset of a given folder, recursing on + # directories, value of attrs is the filetype + getDir = dir: + lib.mapAttrs + ( + file: type: + if type == "directory" + then getDir "${dir}/${file}" + else type + ) + (builtins.readDir dir); + + # Collects all files of a directory as a list of strings of paths + files = path: + if lib.pathType path == "directory" + then + lib.collect lib.isString (lib.mapAttrsRecursive + (path: _type: lib.concatStringsSep "/" path) + (getDir path)) + else [path]; + + # Filters out files that don't end with .nix and also make the strings absolute path based + validFiles = path: + map + (file: + if lib.hasPrefix "/nix/store" file + then file + else path + "/${file}") + (lib.filter + (lib.hasSuffix ".nix") + (files path)); + in + lib.concatMap validFiles; + }); +} diff --git a/flake/nixosConfigurations/default.nix b/flake/nixosConfigurations/default.nix new file mode 100644 index 00000000..af4b73bb --- /dev/null +++ b/flake/nixosConfigurations/default.nix @@ -0,0 +1,7 @@ +{ + inputs, + config, + ... +}: { + flake.nixosConfigurations = (inputs.colmena.lib.makeHive config.flake.colmena).nodes; +} diff --git a/flake/nixosConfigurations/kiosk-boot.nix b/flake/nixosConfigurations/kiosk-boot.nix new file mode 100644 index 00000000..8002038f --- /dev/null +++ b/flake/nixosConfigurations/kiosk-boot.nix @@ -0,0 +1,16 @@ +{ + self, + inputs, + config, + lib, + ... +}: { + flake.nixosConfigurations.kiosk-boot = inputs.nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ ../../deployment/kiosk-boot.nix ]; + specialArgs = { + inherit self; + system = "x86_64-linux"; + }; + }; +} diff --git a/perSystem/devShells/default.nix b/perSystem/devShells/default.nix new file mode 100644 index 00000000..3d813a58 --- /dev/null +++ b/perSystem/devShells/default.nix @@ -0,0 +1,31 @@ +{ inputs, ... }: { + perSystem = {config, system, pkgs, lib, ...}: { + devShells.default = pkgs.mkShell + { + sopsPGPKeyDirs = [ + "${toString ../../.}/secrets/keys" + ]; + nativeBuildInputs = let + inherit (inputs.sops-nix.packages."${system}") sops-import-keys-hook ssh-to-pgp sops-init-gpg-key; + in [ + config.packages.hydra-cluster + config.packages.hydra-node + config.packages.hydra-tui + config.packages.cardano-node + config.packages.cardano-cli + config.packages.bech32 + config.packages.hydra-offline-wrapper + config.packages.hydra-cluster-wrapper + config.packages.hydra-doom-wrapper + pkgs.nodejs + pkgs.jq + pkgs.age + inputs.colmena.packages.${system}.colmena + sops-import-keys-hook + ssh-to-pgp + sops-init-gpg-key + config.treefmt.build.wrapper + ]; + }; + }; +} diff --git a/perSystem/format.nix b/perSystem/format.nix new file mode 100644 index 00000000..fe608fc2 --- /dev/null +++ b/perSystem/format.nix @@ -0,0 +1,5 @@ +{ inputs, ... }: { + perSystem = {config, system, pkgs, lib, ...}: { + treefmt.projectRootFile = "flake.nix"; + }; +} diff --git a/perSystem/packages/external.nix b/perSystem/packages/external.nix new file mode 100644 index 00000000..3e9db26e --- /dev/null +++ b/perSystem/packages/external.nix @@ -0,0 +1,11 @@ +{ inputs, ... }: { + perSystem = {config, system, pkgs, lib, ...}: + { + packages = { + inherit (inputs.hydra.packages.${system}) hydra-cluster hydra-tui hydra-node; + inherit (inputs.cardano-node.packages.${system}) cardano-node cardano-cli bech32; + inherit (inputs.hydra-control-plane.packages.${system}) hydra-control-plane; + inherit (inputs.doom-wasm.packages.${system}) doom-wasm; + }; + }; +} diff --git a/perSystem/packages/qemu.nix b/perSystem/packages/qemu.nix new file mode 100644 index 00000000..93180c45 --- /dev/null +++ b/perSystem/packages/qemu.nix @@ -0,0 +1,30 @@ +{ inputs, ... }: { + perSystem = {config, system, pkgs, lib, ...}: + { + packages = { + qemu-run-iso = pkgs.writeShellApplication { + name = "qemu-run-iso"; + runtimeInputs = with pkgs; [ fd qemu_kvm ]; + + text = '' + if fd --type file --has-results 'nixos-.*\.iso' result/iso 2> /dev/null; then + echo "Symlinking the existing iso image for qemu:" + ln -sfv result/iso/nixos-*.iso result-iso + echo + else + echo "No iso file exists to run, please build one first, example:" + echo " nix build -L .#nixosConfigurations.kiosk-boot.config.system.build.isoImage" + exit + fi + + qemu-kvm \ + -smp 2 \ + -m 4G \ + -drive file=result-iso,format=raw,if=none,media=cdrom,id=drive-cd1,readonly=on \ + -device ahci,id=achi0 \ + -device ide-cd,bus=achi0.0,drive=drive-cd1,id=cd1,bootindex=1 \ + ''; + }; + }; + }; +} diff --git a/perSystem/packages/wrappers.nix b/perSystem/packages/wrappers.nix new file mode 100644 index 00000000..9413b6df --- /dev/null +++ b/perSystem/packages/wrappers.nix @@ -0,0 +1,185 @@ +# TODO: replace with nixosModules + +{ inputs, ... }: { + perSystem = {config, system, pkgs, lib, ...}: + let + hydraDataDir = "state-hydra"; + # edit these to override defaults for serverUrl and doom wad file + controlPlaneListenAddr = "0.0.0.0"; + controlPlaneHost = "127.0.0.1"; + controlPlanePort = "8000"; + controlPlaneUrl = "http://${controlPlaneHost}:${controlPlanePort}"; + hydraHost = "127.0.0.1"; + hydraPort = "4001"; + doomWad = pkgs.fetchurl { + url = "https://distro.ibiblio.org/slitaz/sources/packages/d/doom1.wad"; + sha256 = "sha256-HX1DvlAeZ9kn5BXguPPinDvzMHXoWXIYFvZSpSbKx3E="; + }; + mkHydraDoomStatic = + { serverUrl ? controlPlaneUrl + , wadFile ? doomWad + }: + let + src = inputs.nix-inclusive.lib.inclusive ../../. [ + ../../src + ../../assets + ../../package.json + ../../package-lock.json + ../../tsconfig.json + ../../webpack.config.js + ]; + packageLock = builtins.fromJSON (builtins.readFile (src + "/package-lock.json")); + deps = builtins.attrValues (removeAttrs packageLock.packages [ "" ]); + + nodeModules = pkgs.writeTextFile { + name = "tarballs"; + text = '' + ${builtins.concatStringsSep "\n" (map (p: pkgs.fetchurl { url = p.resolved; hash = p.integrity; }) deps)} + ''; + }; + in + pkgs.stdenv.mkDerivation { + name = "hydra-doom-static"; + phases = [ "unpackPhase" "buildPhase" "installPhase" ]; + inherit src; + buildInputs = [ + pkgs.nodejs + pkgs.curl + pkgs.coreutils + ]; + buildPhase = '' + export HOME="$PWD/.home" + mkdir -p "$HOME" + export npm_config_cache=$HOME/.npm + while read package + do + echo "caching $package" + npm cache add "$package" + done <${nodeModules} > /dev/null + + ln -sf ${wadFile} assets/doom1.wad + ln -sf ${config.packages.doom-wasm}/websockets-doom.js assets/websockets-doom.js + ln -sf ${config.packages.doom-wasm}/websockets-doom.wasm assets/websockets-doom.wasm + ln -sf ${config.packages.doom-wasm}/websockets-doom.wasm.map assets/websockets-doom.wasm.map + + echo "SERVER_URL=${serverUrl}" > .env; + + npm install + head -n 1 node_modules/.bin/webpack + patchShebangs --build node_modules/webpack/bin/webpack.js + head -n 1 node_modules/.bin/webpack + npm run build + ''; + installPhase = '' + cp -a dist $out + ''; + }; + in + { + packages = { + hydra-cluster-wrapper = pkgs.writeShellApplication { + name = "hydra-cluster-wrapper"; + runtimeInputs = [ config.packages.cardano-node config.packages.cardano-cli ]; + text = '' + rm -rf "${hydraDataDir}" + ${lib.getExe' config.packages.hydra-cluster "hydra-cluster"} --devnet --publish-hydra-scripts --state-directory ${hydraDataDir} + ''; + }; + hydra-offline-wrapper = pkgs.writeShellApplication { + name = "hydra-offline-wrapper"; + runtimeInputs = [ config.packages.cardano-node config.packages.cardano-cli pkgs.jq ]; + text = '' + export LOCAL_HYDRA=1 + if [ -z "''${LOCAL_HYDRA}" ]; then + echo "Not starting hydra control plane because LOCAL_HYDRA is not set" + sleep 600 + exit 0 + fi + rm -rf "${hydraDataDir}" + mkdir -p "${hydraDataDir}" + cardano-cli address key-gen --normal-key --verification-key-file admin.vk --signing-key-file admin.sk + pushd ${hydraDataDir} + ${lib.getExe' config.packages.hydra-node "hydra-node"} gen-hydra-key --output-file hydra + curl https://raw.githubusercontent.com/cardano-scaling/hydra/0.17.0/hydra-cluster/config/protocol-parameters.json | jq '.utxoCostPerByte = 0' > protocol-parameters.json + cat > utxo.json << EOF + { + "0000000000000000000000000000000000000000000000000000000000000000#0": { + "address": "$(cardano-cli address build --verification-key-file ../admin.vk --testnet-magic 1)", + "value": { + "lovelace": 1000000000 + } + } + } + EOF + ${lib.getExe' config.packages.hydra-node "hydra-node"} offline \ + --hydra-signing-key hydra.sk \ + --ledger-protocol-parameters protocol-parameters.json \ + --initial-utxo utxo.json + popd + ''; + }; + hydra-doom-static-local = mkHydraDoomStatic { }; + hydra-doom-static-remote = mkHydraDoomStatic { serverUrl = "http://3.145.114.225:8000"; }; + hydra-doom-wrapper = pkgs.writeShellApplication { + name = "hydra-doom-wrapper"; + runtimeInputs = [ config.packages.bech32 pkgs.jq pkgs.git pkgs.nodejs pkgs.python3 ]; + text = '' + export STATIC=1 + export LOCAL_HYDRA=1 + if [ -z "''${STATIC}" ]; then + echo "running npm..." + [ -f assets/doom1.wad ] || ln -s ${doomWad} assets/doom1.wad + ln -sf ${config.packages.doom-wasm}/websockets-doom.js assets/websockets-doom.js + ln -sf ${config.packages.doom-wasm}/websockets-doom.wasm assets/websockets-doom.wasm + ln -sf ${config.packages.doom-wasm}/websockets-doom.wasm.map assets/websockets-doom.wasm.map + sleep 1 + npm install + npm start + elif [ -z "''${LOCAL_HYDRA}" ]; then + echo "running http webserver for remote play..." + pushd ${config.packages.hydra-doom-static-remote} + python3 -m http.server 3000 + + else + echo "running http webserver for local play..." + pushd ${config.packages.hydra-doom-static-local} + python3 -m http.server 3000 + fi + ''; + }; + hydra-tui-wrapper = pkgs.writeShellApplication { + name = "hydra-tui-wrapper"; + runtimeInputs = [ config.packages.hydra-tui ]; + text = '' + ${lib.getExe' config.packages.hydra-tui "hydra-tui"} -k admin.sk + ''; + }; + hydra-control-plane-wrapper = pkgs.writeShellApplication { + name = "hydra-control-plane-wrapper"; + text = '' + export LOCAL_HYDRA=1 + if [ -z "''${LOCAL_HYDRA}" ]; then + echo "Not starting hydra control plane because LOCAL_HYDRA is not set" + sleep 600 + exit 0 + fi + cat > Rocket.toml << EOF + [default] + ttl_minutes = 5 + max_players = 100 + port = ${controlPlanePort} + address = "${controlPlaneListenAddr}" + + [[default.nodes]] + local_url = "ws://${hydraHost}:${hydraPort}" + remote_url = "ws://${hydraHost}:${hydraPort}" + max_players = 5 + admin_key_file = "admin.sk" + persisted = false + EOF + ${lib.getExe' config.packages.hydra-control-plane "hydra_control_plane"} + ''; + }; + }; + }; +} diff --git a/perSystem/process-compose/default.nix b/perSystem/process-compose/default.nix new file mode 100644 index 00000000..e7ab455d --- /dev/null +++ b/perSystem/process-compose/default.nix @@ -0,0 +1,59 @@ +# TODO: use process-compose-services flake utilizing nixos modules + +{ inputs, ... }: { + perSystem = {config, system, pkgs, lib, ...}: { + process-compose."default" = + { + # httpServer.enable = true; + settings = { + #environment = { + #}; + + processes = { + #hydra-cluster = { + # command = config.packages.hydra-cluster-wrapper; + #}; + hydra-offline = { + command = config.packages.hydra-offline-wrapper; + }; + hydra-doom = { + command = config.packages.hydra-doom-wrapper; + depends_on."hydra-offline".condition = "process_started"; + availability = { + restart = "on_failure"; + backoff_seconds = 2; + }; + }; + hydra-control-plane = { + command = config.packages.hydra-control-plane-wrapper; + depends_on."hydra-offline".condition = "process_started"; + availability = { + restart = "on_failure"; + backoff_seconds = 2; + }; + }; + hydra-tui = { + command = config.packages.hydra-tui-wrapper; + depends_on."hydra-offline".condition = "process_started"; + is_foreground = true; + disabled = true; + }; + + # If a process is named 'test', it will be ignored. But a new + # flake check will be created that runs it so as to test the + # other processes. + #test = { + # command = pkgs.writeShellApplication { + # name = "hydra-doom-tests"; + # runtimeInputs = [ pkgs.curl ]; + # text = '' + # curl -v http://localhost:${builtins.toString port}/ + # ''; + # }; + # depends_on."sqlite-web".condition = "process_healthy"; + #}; + }; + }; + }; + }; +}