Merge branch '9pfs' into nix
This commit is contained in:
Tom Alexander
commit
3e80452235
GPG Key ID:
D3A179C9A53C0EDE
@ -170,6 +170,7 @@
|
||||
ipcalc
|
||||
gptfdisk # for cgdisk
|
||||
nix-output-monitor # For better view into nixos-rebuild
|
||||
nix-serve-ng # Serve nix store over http
|
||||
];
|
||||
|
||||
services.openssh = {
|
||||
|
||||
@ -29,12 +29,12 @@
|
||||
# Install on a new machine:
|
||||
#
|
||||
#
|
||||
# doas nix --experimental-features "nix-command flakes" run github:nix-community/disko/latest -- --mode destroy,format,mount hosts/quark/disk-config.nix
|
||||
# doas nix --substituters "http://10.0.2.2:8080?trusted=1 https://cache.nixos.org/" --experimental-features "nix-command flakes" run github:nix-community/disko/latest -- --mode destroy,format,mount hosts/odo/disk-config.nix
|
||||
|
||||
# nix flake update zsh-histdb --flake .
|
||||
# nix flake update ansible-sshjail --flake .
|
||||
# for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
|
||||
# nixos-install --flake ".#quark"
|
||||
# nixos-install --substituters "http://10.0.2.2:8080?trusted=1 https://cache.nixos.org/" --flake ".#vm_ionlybootzfs"
|
||||
#
|
||||
|
||||
{
|
||||
@ -115,120 +115,158 @@
|
||||
./configuration.nix
|
||||
];
|
||||
};
|
||||
systems = {
|
||||
odo = {
|
||||
main = nixpkgs.lib.nixosSystem (
|
||||
base_x86_64_linux
|
||||
// {
|
||||
systems =
|
||||
let
|
||||
additional_iso_modules = [
|
||||
(nixpkgs + "/nixos/modules/installer/cd-dvd/iso-image.nix")
|
||||
# TODO: Figure out how to do image based appliances
|
||||
# (nixpkgs + "/nixos/modules/profiles/image-based-appliance.nix")
|
||||
{
|
||||
isoImage.makeEfiBootable = true;
|
||||
isoImage.makeUsbBootable = true;
|
||||
me.buildingIso = true;
|
||||
me.optimizations.enable = nixpkgs.lib.mkForce false;
|
||||
}
|
||||
{
|
||||
# These are big space hogs. The chance that I need them on an ISO is slim.
|
||||
me.steam.enable = nixpkgs.lib.mkForce false;
|
||||
me.pcsx2.enable = nixpkgs.lib.mkForce false;
|
||||
}
|
||||
];
|
||||
additional_vm_modules = [
|
||||
(nixpkgs + "/nixos/modules/profiles/qemu-guest.nix")
|
||||
{
|
||||
networking.dhcpcd.enable = true;
|
||||
networking.useDHCP = true;
|
||||
me.optimizations.enable = nixpkgs.lib.mkForce false;
|
||||
}
|
||||
{
|
||||
# I don't need games on a virtual machine.
|
||||
me.steam.enable = nixpkgs.lib.mkForce false;
|
||||
me.pcsx2.enable = nixpkgs.lib.mkForce false;
|
||||
me.sm64ex.enable = nixpkgs.lib.mkForce false;
|
||||
me.shipwright.enable = nixpkgs.lib.mkForce false;
|
||||
me.ship2harkinian.enable = nixpkgs.lib.mkForce false;
|
||||
}
|
||||
];
|
||||
in
|
||||
{
|
||||
odo = rec {
|
||||
main = base_x86_64_linux // {
|
||||
modules = base_x86_64_linux.modules ++ [
|
||||
./hosts/odo
|
||||
];
|
||||
}
|
||||
);
|
||||
iso = nixpkgs.lib.nixosSystem (
|
||||
base_x86_64_linux
|
||||
// {
|
||||
modules = base_x86_64_linux.modules ++ [
|
||||
./hosts/odo
|
||||
(nixpkgs + "/nixos/modules/installer/cd-dvd/iso-image.nix")
|
||||
# TODO: Figure out how to do image based appliances
|
||||
# (nixpkgs + "/nixos/modules/profiles/image-based-appliance.nix")
|
||||
{
|
||||
isoImage.makeEfiBootable = true;
|
||||
isoImage.makeUsbBootable = true;
|
||||
me.buildingIso = true;
|
||||
me.optimizations.enable = nixpkgs.lib.mkForce false;
|
||||
}
|
||||
];
|
||||
}
|
||||
);
|
||||
};
|
||||
quark = {
|
||||
main = nixpkgs.lib.nixosSystem (
|
||||
base_x86_64_linux
|
||||
// {
|
||||
};
|
||||
iso = main // {
|
||||
modules = main.modules ++ additional_iso_modules;
|
||||
};
|
||||
vm = main // {
|
||||
modules = main.modules ++ additional_vm_modules;
|
||||
};
|
||||
vm_iso = main // {
|
||||
modules = main.modules ++ additional_vm_modules ++ additional_iso_modules;
|
||||
};
|
||||
};
|
||||
quark = rec {
|
||||
main = base_x86_64_linux // {
|
||||
modules = base_x86_64_linux.modules ++ [
|
||||
./hosts/quark
|
||||
];
|
||||
}
|
||||
);
|
||||
iso = nixpkgs.lib.nixosSystem (
|
||||
base_x86_64_linux
|
||||
// {
|
||||
modules = base_x86_64_linux.modules ++ [
|
||||
./hosts/quark
|
||||
(nixpkgs + "/nixos/modules/installer/cd-dvd/iso-image.nix")
|
||||
# TODO: Figure out how to do image based appliances
|
||||
# (nixpkgs + "/nixos/modules/profiles/image-based-appliance.nix")
|
||||
{
|
||||
isoImage.makeEfiBootable = true;
|
||||
isoImage.makeUsbBootable = true;
|
||||
me.buildingIso = true;
|
||||
me.optimizations.enable = nixpkgs.lib.mkForce false;
|
||||
}
|
||||
];
|
||||
}
|
||||
);
|
||||
};
|
||||
neelix = {
|
||||
main = nixpkgs.lib.nixosSystem (
|
||||
base_x86_64_linux
|
||||
// {
|
||||
};
|
||||
iso = main // {
|
||||
modules = main.modules ++ additional_iso_modules;
|
||||
};
|
||||
vm = main // {
|
||||
modules = main.modules ++ additional_vm_modules;
|
||||
};
|
||||
vm_iso = main // {
|
||||
modules = main.modules ++ additional_vm_modules ++ additional_iso_modules;
|
||||
};
|
||||
};
|
||||
neelix = rec {
|
||||
main = base_x86_64_linux // {
|
||||
modules = base_x86_64_linux.modules ++ [
|
||||
./hosts/neelix
|
||||
];
|
||||
}
|
||||
);
|
||||
iso = nixpkgs.lib.nixosSystem (
|
||||
base_x86_64_linux
|
||||
// {
|
||||
modules = base_x86_64_linux.modules ++ [
|
||||
./hosts/neelix
|
||||
(nixpkgs + "/nixos/modules/installer/cd-dvd/iso-image.nix")
|
||||
};
|
||||
iso = main // {
|
||||
modules = main.modules ++ additional_iso_modules;
|
||||
};
|
||||
vm = main // {
|
||||
modules = main.modules ++ additional_vm_modules;
|
||||
};
|
||||
vm_iso = main // {
|
||||
modules = main.modules ++ additional_vm_modules ++ additional_iso_modules;
|
||||
};
|
||||
};
|
||||
hydra =
|
||||
let
|
||||
additional_iso_modules = additional_iso_modules ++ [
|
||||
{
|
||||
isoImage.makeEfiBootable = true;
|
||||
isoImage.makeUsbBootable = true;
|
||||
me.buildingIso = true;
|
||||
me.optimizations.enable = nixpkgs.lib.mkForce false;
|
||||
me.optimizations.enable = true;
|
||||
}
|
||||
];
|
||||
}
|
||||
);
|
||||
};
|
||||
hydra = {
|
||||
main = nixpkgs.lib.nixosSystem (
|
||||
base_x86_64_linux
|
||||
// {
|
||||
in
|
||||
rec {
|
||||
main = base_x86_64_linux // {
|
||||
modules = base_x86_64_linux.modules ++ [
|
||||
./hosts/hydra
|
||||
];
|
||||
};
|
||||
iso = main // {
|
||||
modules = main.modules ++ additional_iso_modules;
|
||||
};
|
||||
vm = main // {
|
||||
modules = main.modules ++ additional_vm_modules;
|
||||
};
|
||||
vm_iso = main // {
|
||||
modules = main.modules ++ additional_vm_modules ++ additional_iso_modules;
|
||||
};
|
||||
};
|
||||
ionlybootzfs = rec {
|
||||
main = base_x86_64_linux // {
|
||||
modules = base_x86_64_linux.modules ++ [
|
||||
./hosts/hydra
|
||||
./hosts/ionlybootzfs
|
||||
];
|
||||
}
|
||||
);
|
||||
iso = nixpkgs.lib.nixosSystem (
|
||||
base_x86_64_linux
|
||||
// {
|
||||
modules = base_x86_64_linux.modules ++ [
|
||||
./hosts/hydra
|
||||
(nixpkgs + "/nixos/modules/installer/cd-dvd/iso-image.nix")
|
||||
{
|
||||
isoImage.makeEfiBootable = true;
|
||||
isoImage.makeUsbBootable = true;
|
||||
me.buildingIso = true;
|
||||
}
|
||||
];
|
||||
}
|
||||
);
|
||||
};
|
||||
iso = main // {
|
||||
modules = main.modules ++ additional_iso_modules;
|
||||
};
|
||||
vm = main // {
|
||||
modules = main.modules ++ additional_vm_modules;
|
||||
};
|
||||
vm_iso = main // {
|
||||
modules = main.modules ++ additional_vm_modules ++ additional_iso_modules;
|
||||
};
|
||||
};
|
||||
|
||||
};
|
||||
};
|
||||
in
|
||||
{
|
||||
nixosConfigurations.odo = systems.odo.main;
|
||||
iso.odo = systems.odo.iso.config.system.build.isoImage;
|
||||
nixosConfigurations.quark = systems.quark.main;
|
||||
iso.quark = systems.quark.iso.config.system.build.isoImage;
|
||||
nixosConfigurations.neelix = systems.neelix.main;
|
||||
iso.neelix = systems.neelix.iso.config.system.build.isoImage;
|
||||
nixosConfigurations.hydra = systems.hydra.main;
|
||||
iso.hydra = systems.hydra.iso.config.system.build.isoImage;
|
||||
nixosConfigurations.odo = nixpkgs.lib.nixosSystem systems.odo.main;
|
||||
iso.odo = (nixpkgs.lib.nixosSystem systems.odo.iso).config.system.build.isoImage;
|
||||
nixosConfigurations.vm_odo = nixpkgs.lib.nixosSystem systems.odo.vm;
|
||||
vm_iso.odo = (nixpkgs.lib.nixosSystem systems.odo.vm_iso).config.system.build.isoImage;
|
||||
|
||||
nixosConfigurations.quark = nixpkgs.lib.nixosSystem systems.quark.main;
|
||||
iso.quark = (nixpkgs.lib.nixosSystem systems.quark.iso).config.system.build.isoImage;
|
||||
nixosConfigurations.vm_quark = nixpkgs.lib.nixosSystem systems.quark.vm;
|
||||
vm_iso.quark = (nixpkgs.lib.nixosSystem systems.quark.vm_iso).config.system.build.isoImage;
|
||||
|
||||
nixosConfigurations.neelix = nixpkgs.lib.nixosSystem systems.neelix.main;
|
||||
iso.neelix = (nixpkgs.lib.nixosSystem systems.neelix.iso).config.system.build.isoImage;
|
||||
nixosConfigurations.vm_neelix = nixpkgs.lib.nixosSystem systems.neelix.vm;
|
||||
vm_iso.neelix = (nixpkgs.lib.nixosSystem systems.neelix.vm_iso).config.system.build.isoImage;
|
||||
|
||||
nixosConfigurations.hydra = nixpkgs.lib.nixosSystem systems.hydra.main;
|
||||
iso.hydra = (nixpkgs.lib.nixosSystem systems.hydra.iso).config.system.build.isoImage;
|
||||
nixosConfigurations.vm_hydra = nixpkgs.lib.nixosSystem systems.hydra.vm;
|
||||
vm_iso.hydra = (nixpkgs.lib.nixosSystem systems.hydra.vm_iso).config.system.build.isoImage;
|
||||
|
||||
nixosConfigurations.ionlybootzfs = nixpkgs.lib.nixosSystem systems.ionlybootzfs.main;
|
||||
iso.ionlybootzfs = (nixpkgs.lib.nixosSystem systems.ionlybootzfs.iso).config.system.build.isoImage;
|
||||
nixosConfigurations.vm_ionlybootzfs = nixpkgs.lib.nixosSystem systems.ionlybootzfs.vm;
|
||||
vm_iso.ionlybootzfs =
|
||||
(nixpkgs.lib.nixosSystem systems.ionlybootzfs.vm_iso).config.system.build.isoImage;
|
||||
};
|
||||
}
|
||||
|
||||
19
nix/configuration/hosts/ionlybootzfs/DEPLOY_BOOT
Executable file
19
nix/configuration/hosts/ionlybootzfs/DEPLOY_BOOT
Executable file
@ -0,0 +1,19 @@
|
||||
#!/usr/bin/env bash
|
||||
#
|
||||
set -euo pipefail
|
||||
IFS=$'\n\t'
|
||||
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
|
||||
|
||||
: "${JOBS:="1"}"
|
||||
|
||||
#TARGET=10.216.1.14
|
||||
# TARGET=192.168.211.250
|
||||
TARGET="ionlybootzfs"
|
||||
|
||||
nix flake update zsh-histdb --flake "$DIR/../../"
|
||||
nix flake update ansible-sshjail --flake "$DIR/../../"
|
||||
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
|
||||
|
||||
nixos-rebuild boot --flake "$DIR/../../#ionlybootzfs" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" "${@}" |& nom
|
||||
|
||||
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild boot --flake /persist/manual/configuration#ionlybootzfs'
|
||||
19
nix/configuration/hosts/ionlybootzfs/DEPLOY_SWITCH
Executable file
19
nix/configuration/hosts/ionlybootzfs/DEPLOY_SWITCH
Executable file
@ -0,0 +1,19 @@
|
||||
#!/usr/bin/env bash
|
||||
#
|
||||
set -euo pipefail
|
||||
IFS=$'\n\t'
|
||||
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
|
||||
|
||||
: "${JOBS:="1"}"
|
||||
|
||||
#TARGET=10.216.1.14
|
||||
# TARGET=192.168.211.250
|
||||
TARGET=ionlybootzfs
|
||||
|
||||
nix flake update zsh-histdb --flake "$DIR/../../"
|
||||
nix flake update ansible-sshjail --flake "$DIR/../../"
|
||||
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
|
||||
|
||||
nixos-rebuild switch --flake "$DIR/../../#ionlybootzfs" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" "${@}" |& nom
|
||||
|
||||
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild switch --flake /persist/manual/configuration#ionlybootzfs'
|
||||
12
nix/configuration/hosts/ionlybootzfs/ISO
Executable file
12
nix/configuration/hosts/ionlybootzfs/ISO
Executable file
@ -0,0 +1,12 @@
|
||||
#!/usr/bin/env bash
|
||||
#
|
||||
set -euo pipefail
|
||||
IFS=$'\n\t'
|
||||
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
|
||||
|
||||
: "${JOBS:="1"}"
|
||||
|
||||
nix flake update zsh-histdb --flake "$DIR/../../"
|
||||
nix flake update ansible-sshjail --flake "$DIR/../../"
|
||||
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
|
||||
nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#iso.ionlybootzfs" --max-jobs "$JOBS" "${@}" |& nom
|
||||
49
nix/configuration/hosts/ionlybootzfs/default.nix
Normal file
49
nix/configuration/hosts/ionlybootzfs/default.nix
Normal file
@ -0,0 +1,49 @@
|
||||
#
|
||||
# Testing:
|
||||
# doas "$(nix-build '<nixpkgs>' --no-out-link -A 'qemu')/bin/qemu-system-x86_64" \
|
||||
# -accel kvm \
|
||||
# -cpu host \
|
||||
# -smp cores=8 \
|
||||
# -m 32768 \
|
||||
# -drive "file=$(nix-build '<nixpkgs>' --no-out-link -A 'OVMF.fd')/FV/OVMF.fd,if=pflash,format=raw,readonly=on" \
|
||||
# -drive file=/tmp/localdisk.img,if=none,id=nvm,format=raw \
|
||||
# -device nvme,serial=deadbeef,drive=nvm \
|
||||
# -nic user,hostfwd=tcp::60022-:22 \
|
||||
# -boot order=d \
|
||||
# -cdrom "$(readlink -f /persist/machine_setup/nix/configuration/result/iso/nixos*.iso)" \
|
||||
# -display vnc=127.0.0.1:0
|
||||
#
|
||||
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
{
|
||||
imports = [
|
||||
./wrapped-disk-config.nix
|
||||
./hardware-configuration.nix
|
||||
./optimized_build.nix
|
||||
];
|
||||
|
||||
# Generate with `head -c4 /dev/urandom | od -A none -t x4`
|
||||
networking.hostId = "fbd233d8";
|
||||
|
||||
networking.hostName = "ionlybootzfs"; # Define your hostname.
|
||||
|
||||
time.timeZone = "America/New_York";
|
||||
i18n.defaultLocale = "en_US.UTF-8";
|
||||
|
||||
me.optimizations.enable = false;
|
||||
me.secureBoot.enable = true;
|
||||
|
||||
# Mount tmpfs at /tmp
|
||||
boot.tmp.useTmpfs = true;
|
||||
|
||||
me.emacs_flavor = "plainmacs";
|
||||
me.graphical = false;
|
||||
me.wireguard.activated = [ ];
|
||||
me.wireguard.deactivated = [ ];
|
||||
me.zsh.enable = true;
|
||||
}
|
||||
142
nix/configuration/hosts/ionlybootzfs/disk-config.nix
Normal file
142
nix/configuration/hosts/ionlybootzfs/disk-config.nix
Normal file
@ -0,0 +1,142 @@
|
||||
# Manual Step:
|
||||
# Check if drive supports 4kn: nvme id-ns -H /dev/nvme0n1
|
||||
# Format the drive to 4kn: nvme format --lbaf=1 /dev/nvme0n1
|
||||
|
||||
{
|
||||
disko.devices = {
|
||||
disk = {
|
||||
main = {
|
||||
type = "disk";
|
||||
device = "/dev/nvme0n1";
|
||||
content = {
|
||||
type = "gpt";
|
||||
partitions = {
|
||||
ESP = {
|
||||
size = "1G";
|
||||
type = "EF00";
|
||||
content = {
|
||||
type = "filesystem";
|
||||
format = "vfat";
|
||||
mountpoint = "/boot";
|
||||
mountOptions = [
|
||||
"umask=0077"
|
||||
"noatime"
|
||||
"discard"
|
||||
];
|
||||
};
|
||||
};
|
||||
zfs = {
|
||||
size = "100%";
|
||||
content = {
|
||||
type = "zfs";
|
||||
pool = "zroot";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
zpool = {
|
||||
zroot = {
|
||||
type = "zpool";
|
||||
# mode = "mirror";
|
||||
# Workaround: cannot import 'zroot': I/O error in disko tests
|
||||
options.cachefile = "none";
|
||||
options = {
|
||||
ashift = "12";
|
||||
compatibility = "openzfs-2.2-freebsd";
|
||||
autotrim = "on";
|
||||
};
|
||||
rootFsOptions = {
|
||||
acltype = "posixacl";
|
||||
atime = "off";
|
||||
relatime = "off";
|
||||
xattr = "sa";
|
||||
mountpoint = "none";
|
||||
compression = "lz4";
|
||||
canmount = "off";
|
||||
utf8only = "on";
|
||||
dnodesize = "auto";
|
||||
normalization = "formD";
|
||||
};
|
||||
|
||||
datasets = {
|
||||
"linux/nix" = {
|
||||
type = "zfs_fs";
|
||||
options.mountpoint = "none";
|
||||
options = {
|
||||
encryption = "aes-256-gcm";
|
||||
keyformat = "passphrase";
|
||||
# keylocation = "file:///tmp/secret.key";
|
||||
};
|
||||
};
|
||||
"linux/nix/root" = {
|
||||
type = "zfs_fs";
|
||||
options.mountpoint = "legacy";
|
||||
mountpoint = "/";
|
||||
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/root@blank$' || zfs snapshot zroot/linux/nix/root@blank";
|
||||
};
|
||||
"linux/nix/nix" = {
|
||||
type = "zfs_fs";
|
||||
options.mountpoint = "legacy";
|
||||
mountpoint = "/nix";
|
||||
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/nix@blank$' || zfs snapshot zroot/linux/nix/nix@blank";
|
||||
options = {
|
||||
recordsize = "16MiB";
|
||||
compression = "zstd-19";
|
||||
};
|
||||
};
|
||||
"linux/nix/home" = {
|
||||
type = "zfs_fs";
|
||||
options.mountpoint = "legacy";
|
||||
mountpoint = "/home";
|
||||
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/home@blank$' || zfs snapshot zroot/linux/nix/home@blank";
|
||||
};
|
||||
"linux/nix/persist" = {
|
||||
type = "zfs_fs";
|
||||
options.mountpoint = "legacy";
|
||||
mountpoint = "/persist";
|
||||
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/persist@blank$' || zfs snapshot zroot/linux/nix/persist@blank";
|
||||
};
|
||||
"linux/nix/state" = {
|
||||
type = "zfs_fs";
|
||||
options.mountpoint = "legacy";
|
||||
mountpoint = "/state";
|
||||
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/state@blank$' || zfs snapshot zroot/linux/nix/state@blank";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
# Make sure all persistent volumes are marked as neededForBoot
|
||||
#
|
||||
# Also mounts /home so it is mounted before the user home directories are created.
|
||||
fileSystems."/persist".neededForBoot = true;
|
||||
fileSystems."/state".neededForBoot = true;
|
||||
fileSystems."/home".neededForBoot = true;
|
||||
|
||||
fileSystems."/".options = [
|
||||
"noatime"
|
||||
"norelatime"
|
||||
];
|
||||
fileSystems."/nix".options = [
|
||||
"noatime"
|
||||
"norelatime"
|
||||
];
|
||||
fileSystems."/persist".options = [
|
||||
"noatime"
|
||||
"norelatime"
|
||||
];
|
||||
fileSystems."/state".options = [
|
||||
"noatime"
|
||||
"norelatime"
|
||||
];
|
||||
fileSystems."/home".options = [
|
||||
"noatime"
|
||||
"norelatime"
|
||||
];
|
||||
|
||||
# Only attempt to decrypt the main pool. Otherwise it attempts to decrypt pools that aren't even used.
|
||||
boot.zfs.requestEncryptionCredentials = [ "zroot/linux/nix" ];
|
||||
}
|
||||
@ -0,0 +1,38 @@
|
||||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||
# and may be overwritten by future invocations. Please make changes
|
||||
# to /etc/nixos/configuration.nix instead.
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
modulesPath,
|
||||
...
|
||||
}:
|
||||
|
||||
{
|
||||
imports = [
|
||||
(modulesPath + "/installer/scan/not-detected.nix")
|
||||
];
|
||||
|
||||
boot.initrd.availableKernelModules = [
|
||||
"xhci_pci"
|
||||
"nvme"
|
||||
"usbhid"
|
||||
"usb_storage"
|
||||
"sd_mod"
|
||||
"sdhci_pci"
|
||||
];
|
||||
boot.initrd.kernelModules = [ ];
|
||||
boot.kernelModules = [ ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||
# still possible to use this option, but it's recommended to use it in conjunction
|
||||
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||
networking.dhcpcd.enable = lib.mkForce true;
|
||||
networking.useDHCP = lib.mkForce true;
|
||||
# systemd.network.enable = true;
|
||||
|
||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||
}
|
||||
131
nix/configuration/hosts/ionlybootzfs/optimized_build.nix
Normal file
131
nix/configuration/hosts/ionlybootzfs/optimized_build.nix
Normal file
@ -0,0 +1,131 @@
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
pkgs-unoptimized,
|
||||
...
|
||||
}:
|
||||
{
|
||||
imports = [ ];
|
||||
|
||||
config = lib.mkMerge [
|
||||
{ }
|
||||
(lib.mkIf (!config.me.optimizations.enable) {
|
||||
boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_6_14;
|
||||
})
|
||||
(lib.mkIf (config.me.optimizations.enable) {
|
||||
nixpkgs.hostPlatform = {
|
||||
gcc.arch = "znver4";
|
||||
gcc.tune = "znver4";
|
||||
system = "x86_64-linux";
|
||||
};
|
||||
|
||||
nixpkgs.overlays = [
|
||||
(
|
||||
final: prev:
|
||||
let
|
||||
addConfig =
|
||||
additionalConfig: pkg:
|
||||
pkg.override (oldconfig: {
|
||||
structuredExtraConfig = pkg.structuredExtraConfig // additionalConfig;
|
||||
});
|
||||
in
|
||||
{
|
||||
linux_me = addConfig {
|
||||
# Full preemption
|
||||
PREEMPT = lib.mkOverride 60 lib.kernel.yes;
|
||||
PREEMPT_VOLUNTARY = lib.mkOverride 60 lib.kernel.no;
|
||||
|
||||
# Google's BBRv3 TCP congestion Control
|
||||
TCP_CONG_BBR = lib.kernel.yes;
|
||||
DEFAULT_BBR = lib.kernel.yes;
|
||||
|
||||
# Preemptive Full Tickless Kernel at 300Hz
|
||||
HZ = lib.kernel.freeform "300";
|
||||
HZ_300 = lib.kernel.yes;
|
||||
HZ_1000 = lib.kernel.no;
|
||||
} prev.linux_6_14;
|
||||
# gsl = prev.gsl.overrideAttrs (old: {
|
||||
# # gsl tests fails when optimizations are enabled.
|
||||
# # > FAIL: cholesky_invert unscaled hilbert ( 4, 4)[0,2]: 2.55795384873636067e-13 0
|
||||
# # > (2.55795384873636067e-13 observed vs 0 expected) [28259614]
|
||||
# doCheck = false;
|
||||
# });
|
||||
}
|
||||
)
|
||||
(final: prev: {
|
||||
haskellPackages = prev.haskellPackages.extend (
|
||||
final': prev': {
|
||||
inherit (pkgs-unoptimized.haskellPackages)
|
||||
crypton
|
||||
crypton-connection
|
||||
crypton-x509
|
||||
crypton-x509-store
|
||||
crypton-x509-system
|
||||
crypton-x509-validation
|
||||
hspec-wai
|
||||
http-client-tls
|
||||
http2
|
||||
pandoc
|
||||
pandoc-cli
|
||||
pandoc-lua-engine
|
||||
pandoc-server
|
||||
servant-server
|
||||
tls
|
||||
wai-app-static
|
||||
wai-extra
|
||||
warp
|
||||
;
|
||||
}
|
||||
);
|
||||
})
|
||||
(final: prev: {
|
||||
inherit (pkgs-unoptimized)
|
||||
gsl
|
||||
redis
|
||||
valkey
|
||||
;
|
||||
})
|
||||
];
|
||||
|
||||
boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_me;
|
||||
})
|
||||
(lib.mkIf (!config.me.buildingIso) {
|
||||
nix.settings.system-features = lib.mkForce [
|
||||
"gccarch-znver4"
|
||||
"gccarch-skylake"
|
||||
# "gccarch-alderlake" missing WAITPKG
|
||||
"gccarch-x86-64-v3"
|
||||
"gccarch-x86-64-v4"
|
||||
"benchmark"
|
||||
"big-parallel"
|
||||
"kvm"
|
||||
"nixos-test"
|
||||
];
|
||||
|
||||
# Keep ALL dependencies so we can rebuild offline. This DRASTICALLY increase disk usage, but disk space is cheap.
|
||||
# system.includeBuildDependencies = true;
|
||||
|
||||
# This also should enable building offline? TODO: test.
|
||||
nix.extraOptions = ''
|
||||
keep-outputs = true
|
||||
keep-derivations = true
|
||||
'';
|
||||
|
||||
# # building ON
|
||||
# nixpkgs.localSystem = { system = "aarch64-linux"; };
|
||||
# # building FOR
|
||||
# nixpkgs.crossSystem = { system = "aarch64-linux"; };
|
||||
|
||||
# nixpkgs.config = {
|
||||
# replaceStdenv = ({ pkgs }: pkgs.clangStdenv);
|
||||
# };
|
||||
# or maybe an overlay
|
||||
# stdenv = prev.clangStdenv;
|
||||
|
||||
})
|
||||
(lib.mkIf (config.me.buildingIso) {
|
||||
boot.supportedFilesystems.zfs = true;
|
||||
})
|
||||
];
|
||||
}
|
||||
@ -0,0 +1,8 @@
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
|
||||
lib.mkIf (!config.me.buildingIso) (import ./disk-config.nix)
|
||||
@ -14,7 +14,14 @@
|
||||
(modulesPath + "/installer/scan/not-detected.nix")
|
||||
];
|
||||
|
||||
boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usbhid" "usb_storage" "sd_mod" "sdhci_pci" ];
|
||||
boot.initrd.availableKernelModules = [
|
||||
"xhci_pci"
|
||||
"nvme"
|
||||
"usbhid"
|
||||
"usb_storage"
|
||||
"sd_mod"
|
||||
"sdhci_pci"
|
||||
];
|
||||
boot.initrd.kernelModules = [ ];
|
||||
boot.kernelModules = [ ];
|
||||
boot.extraModulePackages = [ ];
|
||||
@ -23,7 +30,7 @@
|
||||
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||
# still possible to use this option, but it's recommended to use it in conjunction
|
||||
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||
networking.useDHCP = lib.mkDefault true;
|
||||
# networking.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.wlp58s0.useDHCP = lib.mkDefault true;
|
||||
|
||||
|
||||
@ -7,7 +7,7 @@
|
||||
{
|
||||
imports = [
|
||||
./hardware-configuration.nix
|
||||
./disk-config.nix
|
||||
./wrapped-disk-config.nix
|
||||
./optimized_build.nix
|
||||
./distributed_build.nix
|
||||
./power_management.nix
|
||||
|
||||
@ -1,14 +1,8 @@
|
||||
# Manual Step:
|
||||
# Check if drive supports 4kn: nvme id-ns -H /dev/nvme0n1
|
||||
# Format the drive to 4kn: nvme format --lbaf=1 /dev/nvme0n1
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
|
||||
lib.mkIf (!config.me.buildingIso) {
|
||||
{
|
||||
disko.devices = {
|
||||
disk = {
|
||||
main = {
|
||||
|
||||
@ -27,7 +27,7 @@
|
||||
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||
# still possible to use this option, but it's recommended to use it in conjunction
|
||||
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||
networking.useDHCP = lib.mkDefault true;
|
||||
# networking.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.wlp58s0.useDHCP = lib.mkDefault true;
|
||||
|
||||
|
||||
@ -56,31 +56,35 @@
|
||||
(final: prev: {
|
||||
haskellPackages = prev.haskellPackages.extend (
|
||||
final': prev': {
|
||||
crypton = pkgs-unoptimized.haskellPackages.crypton;
|
||||
crypton-connection = pkgs-unoptimized.haskellPackages.crypton-connection;
|
||||
crypton-x509 = pkgs-unoptimized.haskellPackages.crypton-x509;
|
||||
crypton-x509-store = pkgs-unoptimized.haskellPackages.crypton-x509-store;
|
||||
crypton-x509-system = pkgs-unoptimized.haskellPackages.crypton-x509-system;
|
||||
crypton-x509-validation = pkgs-unoptimized.haskellPackages.crypton-x509-validation;
|
||||
hspec-wai = pkgs-unoptimized.haskellPackages.hspec-wai;
|
||||
http-client-tls = pkgs-unoptimized.haskellPackages.http-client-tls;
|
||||
http2 = pkgs-unoptimized.haskellPackages.http2;
|
||||
pandoc = pkgs-unoptimized.haskellPackages.pandoc;
|
||||
pandoc-cli = pkgs-unoptimized.haskellPackages.pandoc-cli;
|
||||
pandoc-lua-engine = pkgs-unoptimized.haskellPackages.pandoc-lua-engine;
|
||||
pandoc-server = pkgs-unoptimized.haskellPackages.pandoc-server;
|
||||
servant-server = pkgs-unoptimized.haskellPackages.servant-server;
|
||||
tls = pkgs-unoptimized.haskellPackages.tls;
|
||||
wai-app-static = pkgs-unoptimized.haskellPackages.wai-app-static;
|
||||
wai-extra = pkgs-unoptimized.haskellPackages.wai-extra;
|
||||
warp = pkgs-unoptimized.haskellPackages.warp;
|
||||
inherit (pkgs-unoptimized.haskellPackages)
|
||||
crypton
|
||||
crypton-connection
|
||||
crypton-x509
|
||||
crypton-x509-store
|
||||
crypton-x509-system
|
||||
crypton-x509-validation
|
||||
hspec-wai
|
||||
http-client-tls
|
||||
http2
|
||||
pandoc
|
||||
pandoc-cli
|
||||
pandoc-lua-engine
|
||||
pandoc-server
|
||||
servant-server
|
||||
tls
|
||||
wai-app-static
|
||||
wai-extra
|
||||
warp
|
||||
;
|
||||
}
|
||||
);
|
||||
})
|
||||
(final: prev: {
|
||||
gsl = pkgs-unoptimized.gsl;
|
||||
redis = pkgs-unoptimized.redis;
|
||||
valkey = pkgs-unoptimized.valkey;
|
||||
inherit (pkgs-unoptimized)
|
||||
gsl
|
||||
redis
|
||||
valkey
|
||||
;
|
||||
})
|
||||
];
|
||||
|
||||
|
||||
8
nix/configuration/hosts/odo/wrapped-disk-config.nix
Normal file
8
nix/configuration/hosts/odo/wrapped-disk-config.nix
Normal file
@ -0,0 +1,8 @@
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
|
||||
lib.mkIf (!config.me.buildingIso) (import ./disk-config.nix)
|
||||
@ -27,7 +27,7 @@
|
||||
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||
# still possible to use this option, but it's recommended to use it in conjunction
|
||||
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||
networking.useDHCP = lib.mkDefault true;
|
||||
# networking.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.wlp58s0.useDHCP = lib.mkDefault true;
|
||||
|
||||
|
||||
@ -50,31 +50,35 @@
|
||||
(final: prev: {
|
||||
haskellPackages = prev.haskellPackages.extend (
|
||||
final': prev': {
|
||||
crypton = pkgs-unoptimized.haskellPackages.crypton;
|
||||
crypton-connection = pkgs-unoptimized.haskellPackages.crypton-connection;
|
||||
crypton-x509 = pkgs-unoptimized.haskellPackages.crypton-x509;
|
||||
crypton-x509-store = pkgs-unoptimized.haskellPackages.crypton-x509-store;
|
||||
crypton-x509-system = pkgs-unoptimized.haskellPackages.crypton-x509-system;
|
||||
crypton-x509-validation = pkgs-unoptimized.haskellPackages.crypton-x509-validation;
|
||||
hspec-wai = pkgs-unoptimized.haskellPackages.hspec-wai;
|
||||
http-client-tls = pkgs-unoptimized.haskellPackages.http-client-tls;
|
||||
http2 = pkgs-unoptimized.haskellPackages.http2;
|
||||
pandoc = pkgs-unoptimized.haskellPackages.pandoc;
|
||||
pandoc-cli = pkgs-unoptimized.haskellPackages.pandoc-cli;
|
||||
pandoc-lua-engine = pkgs-unoptimized.haskellPackages.pandoc-lua-engine;
|
||||
pandoc-server = pkgs-unoptimized.haskellPackages.pandoc-server;
|
||||
servant-server = pkgs-unoptimized.haskellPackages.servant-server;
|
||||
tls = pkgs-unoptimized.haskellPackages.tls;
|
||||
wai-app-static = pkgs-unoptimized.haskellPackages.wai-app-static;
|
||||
wai-extra = pkgs-unoptimized.haskellPackages.wai-extra;
|
||||
warp = pkgs-unoptimized.haskellPackages.warp;
|
||||
inherit (pkgs-unoptimized.haskellPackages)
|
||||
crypton
|
||||
crypton-connection
|
||||
crypton-x509
|
||||
crypton-x509-store
|
||||
crypton-x509-system
|
||||
crypton-x509-validation
|
||||
hspec-wai
|
||||
http-client-tls
|
||||
http2
|
||||
pandoc
|
||||
pandoc-cli
|
||||
pandoc-lua-engine
|
||||
pandoc-server
|
||||
servant-server
|
||||
tls
|
||||
wai-app-static
|
||||
wai-extra
|
||||
warp
|
||||
;
|
||||
}
|
||||
);
|
||||
})
|
||||
(final: prev: {
|
||||
gsl = pkgs-unoptimized.gsl;
|
||||
redis = pkgs-unoptimized.redis;
|
||||
valkey = pkgs-unoptimized.valkey;
|
||||
inherit (pkgs-unoptimized)
|
||||
gsl
|
||||
redis
|
||||
valkey
|
||||
;
|
||||
})
|
||||
];
|
||||
|
||||
|
||||
@ -18,8 +18,8 @@
|
||||
{
|
||||
imports = [ ];
|
||||
|
||||
networking.dhcpcd.enable = false;
|
||||
networking.useDHCP = false;
|
||||
networking.dhcpcd.enable = lib.mkDefault false;
|
||||
networking.useDHCP = lib.mkDefault false;
|
||||
networking.nameservers = [
|
||||
"194.242.2.2#doh.mullvad.net"
|
||||
"2a07:e340::2#doh.mullvad.net"
|
||||
|
||||
@ -34,5 +34,9 @@ Host hydra
|
||||
ProxyJump talexander@mrmanager
|
||||
HostName 10.215.1.219
|
||||
|
||||
Host ionlybootzfs
|
||||
HostName 127.0.0.1
|
||||
Port 60022
|
||||
|
||||
Host *
|
||||
Compression yes
|
||||
|
||||
@ -24,7 +24,15 @@
|
||||
environment.systemPackages = with pkgs; [
|
||||
wabt
|
||||
wasm-bindgen-cli
|
||||
pkgs-unoptimized.binaryen # for wasm-opt
|
||||
binaryen # for wasm-opt
|
||||
];
|
||||
|
||||
nixpkgs.overlays = [
|
||||
(final: prev: {
|
||||
inherit (pkgs-unoptimized)
|
||||
binaryen
|
||||
;
|
||||
})
|
||||
];
|
||||
}
|
||||
]
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user