ingenieroariel · May 8, 2023 22:14
diff --git a/flakes.nix b/flakes.nix
 {
  inputs.nixpkgs.url = github:NixOS/nixpkgs/b3251e04ee470c20f81e75d5a6080ba92dc7ed3f;
  outputs = { self, nixpkgs }: {

    nixosConfigurations.sensei = nixpkgs.lib.nixosSystem {
      system = "x86_64-linux";
      modules = [
        nixpkgs.nixosModules.notDetected
          { config, pkgs, lib, ... }:
          
         let 
            hasuraDbPerms = pkgs.writeScript "hasuraDbPerms.sql" ''
      CREATE EXTENSION IF NOT EXISTS pgcrypto;
      CREATE EXTENSION IF NOT EXISTS timescaledb;

      CREATE SCHEMA IF NOT EXISTS hdb_catalog;
      CREATE SCHEMA IF NOT EXISTS hdb_views;
      ALTER SCHEMA hdb_catalog OWNER TO ${cfg.dbUser};
      ALTER SCHEMA hdb_views OWNER TO ${cfg.dbUser};
      GRANT SELECT ON ALL TABLES IN SCHEMA information_schema TO ${cfg.dbUser};
      GRANT SELECT ON ALL TABLES IN SCHEMA pg_catalog TO ${cfg.dbUser};
    ''';
         in
 {

  fileSystems."/zfs" =
    { device = "apool/root/nixos";
      fsType = "zfs";
    };

  hardware.enableAllFirmware = true;

  fileSystems."/" =
    { device = "/dev/disk/by-label/nix";
      fsType = "btrfs";
    };

  fileSystems."/boot" =
    { device = "/dev/disk/by-label/boot";
      fsType = "vfat";
    };

  fileSystems."tmpfs" =
      { mountPoint = "/tmp";
      device = "tmpfs";
      fsType = "tmpfs";
      options = [ "size=15g" "mode=1777" ];
    };

  boot.loader.timeout = 5;
  boot.loader = {
    efi = {
      canTouchEfiVariables = true;
      efiSysMountPoint = "/boot";
    };
    grub = {
      devices = [ "nodev" ];
      efiSupport = true;
      enable = true;
      version = 2;
    };
  };


  time.timeZone = "America/Bogota";

  networking.networkmanager.enable = false;
  networking.useDHCP = false;
  networking.hostId = "1238dcba";
  networking.hostName = "quipu-api";

  users.mutableUsers = false;

  networking.firewall = {
    enable = true;
    allowPing = true;
    allowedTCPPorts = [ 80 443 ];
    allowedUDPPorts = [ 443 ];
    extraCommands = ''
    '';
  };


  services.blueman.enable = true;
  services.ofono.enable = true;
  services.openssh.enable = true;
  services.openssh.passwordAuthentication = false;
  services.openssh.permitRootLogin = "no";
 


  environment.systemPackages = with pkgs; [
     wget vim any-nix-shell htop tmux git  nixFlakes
    ripgrep usbutils
  ];
  
  fonts.fontconfig.dpi = 115;
  fonts.fontconfig.subpixel.rgba = "bgr";
 
  system.stateVersion = "nixos-unstable";

  nix.systemFeatures =
    [ "benchmark" "big-parallel" "kvm" "nixos-test" "recursive-nix" "nix-command" "ca-references" ];

 
 nixpkgs.config = {
    allowUnfree = true;
 };

  boot.supportedFilesystems = [ "zfs" ];
  boot.initrd.supportedFilesystems = [ "zfs" ];
  boot.zfs.enableUnstable = true;
  services.zfs.autoScrub.enable = true;
  programs.dconf.enable = true;
  swapDevices = [ ];

  nix.maxJobs = 12;
  nix.buildCores = 48;

  zramSwap.enable = true;

 nix.package = pkgs.nixFlakes;
 nix.extraOptions = ''
    keep-outputs = true
    keep-derivations = true
    trusted-users = x
    experimental-features = nix-command flakes ca-references
    extra-platforms = aarch64-linux arm-linux  
 '';



 systemd.services.graphql-engine = {
      wantedBy = [ "multi-user.target" ];
      requires = [ "postgresql.service" ];
      path = with pkgs; [ curl netcat postgresql sudo ];
      preStart = ''
        for x in {1..10}; do
          nc -z 127.0.0.1 5432 && break
          echo loop $x: waiting for postgresql 2 sec...
          sleep 2
        done
        sudo -u postgres -- psql quipuswap < ${hasuraDbPerms}
      '';
      script = ''
        ${pkgs.graphql-engine}/bin/graphql-engine \
          --host ${cfg.host} \
          -u ${cfg.dbUser} \
          --password ${cfg.password} \
          -d ${cfg.db} \
          --port ${toString cfg.dbPort} \
          serve \
          --server-port ${toString cfg.enginePort} \
          --enable-telemetry=false \
          --disable-cors
      '';
    };

  services.postgresql = {
    enable = true;
    dataDir = "/zfs/postgres";
    package = pkgs.postgresql_12.withPackages(ps: [ ps.postgis ps.timescaledb ps.pgcrypto ]);
    extraConfig = "shared_preload_libraries = 'timescaledb'";



    enableTCPIP = true;
    authentication = pkgs.lib.mkOverride 10 ''
      local all all trust
      host all x 127.0.0.1/32 trust
    '';
  };
      ];
    };
  };
 }
diff --git a/hdao.ipynb b/hdao.ipynb
	{
	inputs.nixpkgs.url = github:NixOS/nixpkgs/b3251e04ee470c20f81e75d5a6080ba92dc7ed3f;
	outputs = { self, nixpkgs }: {

	nixosConfigurations.sensei = nixpkgs.lib.nixosSystem {
	system = "x86_64-linux";
	modules = [
	nixpkgs.nixosModules.notDetected
	{ config, pkgs, lib, ... }:

	let
	hasuraDbPerms = pkgs.writeScript "hasuraDbPerms.sql" ''
	CREATE EXTENSION IF NOT EXISTS pgcrypto;
	CREATE EXTENSION IF NOT EXISTS timescaledb;

	CREATE SCHEMA IF NOT EXISTS hdb_catalog;
	CREATE SCHEMA IF NOT EXISTS hdb_views;
	ALTER SCHEMA hdb_catalog OWNER TO ${cfg.dbUser};
	ALTER SCHEMA hdb_views OWNER TO ${cfg.dbUser};
	GRANT SELECT ON ALL TABLES IN SCHEMA information_schema TO ${cfg.dbUser};
	GRANT SELECT ON ALL TABLES IN SCHEMA pg_catalog TO ${cfg.dbUser};
	''';
	in
	{

	fileSystems."/zfs" =
	{ device = "apool/root/nixos";
	fsType = "zfs";
	};

	hardware.enableAllFirmware = true;

	fileSystems."/" =
	{ device = "/dev/disk/by-label/nix";
	fsType = "btrfs";
	};

	fileSystems."/boot" =
	{ device = "/dev/disk/by-label/boot";
	fsType = "vfat";
	};

	fileSystems."tmpfs" =
	{ mountPoint = "/tmp";
	device = "tmpfs";
	fsType = "tmpfs";
	options = [ "size=15g" "mode=1777" ];
	};

	boot.loader.timeout = 5;
	boot.loader = {
	efi = {
	canTouchEfiVariables = true;
	efiSysMountPoint = "/boot";
	};
	grub = {
	devices = [ "nodev" ];
	efiSupport = true;
	enable = true;
	version = 2;
	};
	};


	time.timeZone = "America/Bogota";

	networking.networkmanager.enable = false;
	networking.useDHCP = false;
	networking.hostId = "1238dcba";
	networking.hostName = "quipu-api";

	users.mutableUsers = false;

	networking.firewall = {
	enable = true;
	allowPing = true;
	allowedTCPPorts = [ 80 443 ];
	allowedUDPPorts = [ 443 ];
	extraCommands = ''
	'';
	};


	services.blueman.enable = true;
	services.ofono.enable = true;
	services.openssh.enable = true;
	services.openssh.passwordAuthentication = false;
	services.openssh.permitRootLogin = "no";



	environment.systemPackages = with pkgs; [
	wget vim any-nix-shell htop tmux git nixFlakes
	ripgrep usbutils
	];

	fonts.fontconfig.dpi = 115;
	fonts.fontconfig.subpixel.rgba = "bgr";

	system.stateVersion = "nixos-unstable";

	nix.systemFeatures =
	[ "benchmark" "big-parallel" "kvm" "nixos-test" "recursive-nix" "nix-command" "ca-references" ];


	nixpkgs.config = {
	allowUnfree = true;
	};

	boot.supportedFilesystems = [ "zfs" ];
	boot.initrd.supportedFilesystems = [ "zfs" ];
	boot.zfs.enableUnstable = true;
	services.zfs.autoScrub.enable = true;
	programs.dconf.enable = true;
	swapDevices = [ ];

	nix.maxJobs = 12;
	nix.buildCores = 48;

	zramSwap.enable = true;

	nix.package = pkgs.nixFlakes;
	nix.extraOptions = ''
	keep-outputs = true
	keep-derivations = true
	trusted-users = x
	experimental-features = nix-command flakes ca-references
	extra-platforms = aarch64-linux arm-linux
	'';



	systemd.services.graphql-engine = {
	wantedBy = [ "multi-user.target" ];
	requires = [ "postgresql.service" ];
	path = with pkgs; [ curl netcat postgresql sudo ];
	preStart = ''
	for x in {1..10}; do
	nc -z 127.0.0.1 5432 && break
	echo loop $x: waiting for postgresql 2 sec...
	sleep 2
	done
	sudo -u postgres -- psql quipuswap < ${hasuraDbPerms}
	'';
	script = ''
	${pkgs.graphql-engine}/bin/graphql-engine \
	--host ${cfg.host} \
	-u ${cfg.dbUser} \
	--password ${cfg.password} \
	-d ${cfg.db} \
	--port ${toString cfg.dbPort} \
	serve \
	--server-port ${toString cfg.enginePort} \
	--enable-telemetry=false \
	--disable-cors
	'';
	};

	services.postgresql = {
	enable = true;
	dataDir = "/zfs/postgres";
	package = pkgs.postgresql_12.withPackages(ps: [ ps.postgis ps.timescaledb ps.pgcrypto ]);
	extraConfig = "shared_preload_libraries = 'timescaledb'";



	enableTCPIP = true;
	authentication = pkgs.lib.mkOverride 10 ''
	local all all trust
	host all x 127.0.0.1/32 trust
	'';
	};
	];
	};
	};
	}