Skyworks/skyworks-Nix-infra

Fork: 0

Skyworks / skyworks-Nix-infra

History for skyworks-Nix-infra / modules

2026-03-15	0fd157f Browse files » skydick: switch Samba to ldapsam, rename ylw→ye-lw21, drop legacy datasets ... - Samba passdb backend changed from tdbsam to ldapsam:ldap://10.0.0.1 - Added samba-ldap-admin-password oneshot to seed LDAP admin cred before smbd - Pinned storage group to GID 997 to match LDAP posixGroup - Renamed ylw to ye-lw21 across all hosts (users.nix, skydick, xlab-gateway) - Removed legacy tmpfiles and NFS exports (share/backup/torrent/vm destroyed) - Added bootstrap LDIF for sambaDomain, storage group, machines OU Co-Authored-By: Claude Opus 4.6 <[email protected]> Dixiao-L committed on 15 Mar
2026-03-14	d3f41c3 Browse files » monitoring: add sudo to Telegraf PATH for SMART collection ... Telegraf's SMART plugin with use_sudo=true needs sudo in PATH. On NixOS, sudo lives at /run/wrappers/bin/ which wasn't included. This caused all SMART queries to fail with exit_status=1. Co-Authored-By: Claude Opus 4.6 <[email protected]> Dixiao-L committed on 14 Mar
	26d54cc Browse files » monitoring: auto-discover SMART devices instead of hardcoding ... Remove smartDevices option and per-host device lists. Telegraf will now scan all block devices automatically, so disks can be added or removed without config changes. Co-Authored-By: Claude Opus 4.6 <[email protected]> Dixiao-L committed on 14 Mar
	8cdf72d Browse files » common: disable global flake registry fetch ... channels.nixos.org is unreachable from CN, causing 25s of retries on every nix-shell/nix run invocation. Co-Authored-By: Claude Opus 4.6 <[email protected]> Dixiao-L committed on 14 Mar
	7a00ab6 Browse files » common: add TUNA mirror as primary Nix substituter, add btop ... cache.nixos.org has ~1.1s latency from CN. TUNA mirror responds in ~29ms (38x faster). Set connect-timeout=5 and stalled-download-timeout=15 to fail fast on unreachable mirrors. Also add btop to skydick monitoring packages. Co-Authored-By: Claude Opus 4.6 <[email protected]> Dixiao-L committed on 14 Mar
	71dec76 Browse files » monitoring: add ZFS pool health exec input ... Custom script reports zpool health as numeric metric (0=ONLINE, 1=DEGRADED, 2=FAULTED, etc.) via Telegraf inputs.exec, enabling Grafana alerting on pool degradation. Co-Authored-By: Claude Opus 4.6 <[email protected]> Dixiao-L committed on 14 Mar
	2ca6967 Browse files » monitoring: fix InfluxDB URL and add nvme-cli to Telegraf PATH ... Use door1's LAN IP (10.0.91.30) instead of WireGuard IP (172.16.1.1) for InfluxDB endpoint. Add nvme-cli to Telegraf's PATH for NVMe SMART attribute collection. Co-Authored-By: Claude Opus 4.6 <[email protected]> Dixiao-L committed on 14 Mar
	dfb0924 Browse files » monitoring: add lm_sensors and smartmontools to Telegraf PATH ... Telegraf inputs.sensors needs the `sensors` binary in PATH. Co-Authored-By: Claude Opus 4.6 <[email protected]> Dixiao-L committed on 14 Mar
	10fdb5b Browse files » skydick: add Telegraf monitoring with SMART, ZFS, and system metrics ... Sends metrics to door1 InfluxDB (bucket: skydick) via Telegraf. Monitors all 5 Mach2 SAS drives, NVMe P4500, and boot SSD via SMART. InfluxDB token encrypted with agenix. Co-Authored-By: Claude Opus 4.6 <[email protected]> Dixiao-L committed on 14 Mar
2026-03-11	29a37da Browse files » users: equalize ldx and ylw permissions ... - Add ylw to NOPASSWD sudo rule (matching ldx for deploy-rs) - Add ldx hashedPassword on xlab-gateway (matching ylw) Co-Authored-By: Claude Opus 4.6 <[email protected]> Dixiao-L committed on 11 Mar
	ea06729 Browse files » users: unify ylw as common admin, keep host-specific passwords and groups ... Move ylw base identity (isNormalUser, wheel, SSH key) to modules/users.nix alongside ldx. Host configs retain only extra groups and hashedPassword. Also renames ye-lw21 to ylw on skydick. Co-Authored-By: Claude Opus 4.6 <[email protected]> Dixiao-L committed on 11 Mar
	c94592e Browse files » nix: add ldx as trusted-user for deploy-rs unsigned store paths ... Co-Authored-By: Claude Opus 4.6 <[email protected]> Dixiao-L committed on 11 Mar
2026-03-09	ddc2e9c Browse files » users: grant ldx full NOPASSWD sudo for deploy-rs ... deploy-rs runs activate-rs, nix-env, switch-to-configuration, and confirmation commands through separate non-interactive SSH sessions. Per-command NOPASSWD rules cannot cover all paths it uses. Full NOPASSWD is the intended deploy-rs setup. Co-Authored-By: Claude Opus 4.6 <[email protected]> Dixiao-L committed on 9 Mar
2026-03-09	60a670c Browse files » add systemctl and reboot to NOPASSWD sudo rules ... Needed for restarting services (systemd-networkd, nftables) after deploy when switch-to-configuration doesn't detect unit changes. Co-Authored-By: Claude Opus 4.6 <[email protected]> Dixiao-L committed on 9 Mar
2026-03-07	9568bd6 Browse files » Add switch-to-configuration to NOPASSWD sudo rules ... Co-Authored-By: Claude Opus 4.6 <[email protected]> Dixiao-L committed on 7 Mar
	eaac556 Browse files » Add skydick SSH key, set xlab-gateway deploy to LAN IP ... - Authorize ldx@skydick ed25519 key for cross-machine deploy-rs - Change xlab-gateway deploy hostname to 10.253.254.1 (LAN, reachable from skydick) Co-Authored-By: Claude Opus 4.6 <[email protected]> Dixiao-L committed on 7 Mar
	c158fe2 Browse files » deploy-rs: update xlab-gateway hostname, add NOPASSWD sudo ... - Change xlab-gateway deploy hostname to WAN IP (166.111.98.29) - Add NOPASSWD sudo rules for deploy-rs activation commands (nix-env, activate scripts) Co-Authored-By: Claude Opus 4.6 <[email protected]> Dixiao-L committed on 7 Mar
	1f0408a Browse files » Initial skyworks infrastructure flake ... Unified NixOS configuration for skydick (storage server) and xlab-gateway (lab router). Flat module structure with shared common/users/ssh modules, agenix secrets, disko, and deploy-rs. Co-Authored-By: Claude Opus 4.6 <[email protected]> Dixiao-L committed on 7 Mar