diff --git a/nix/configuration/configuration.nix b/nix/configuration/configuration.nix index 1a0d773..ab87646 100644 --- a/nix/configuration/configuration.nix +++ b/nix/configuration/configuration.nix @@ -54,6 +54,7 @@ in ./roles/iso_mount ./roles/jujutsu ./roles/kanshi + ./roles/kernel ./roles/kodi ./roles/kubernetes ./roles/latex @@ -139,7 +140,8 @@ in # Automatic garbage collection nix.gc = lib.mkIf (!config.me.buildingPortable) { # Runs nix-collect-garbage --delete-older-than 5d - automatic = true; + # automatic = true; + automatic = false; persistent = true; dates = "monthly"; # randomizedDelaySec = "14m"; @@ -235,12 +237,10 @@ in in [ (disableTests "deno") # Tests use too much disk space - (final: prev: { - inherit (final.unoptimized) - libtpms - ; - }) + (disableOptimizations "libtpms") (disableOptimizationsPython3 "scipy") + (disableOptimizations "assimp") + (disableOptimizations "gsl") # Works but probably sets python2's scipy to be python3: # diff --git a/nix/configuration/hosts/odo/default.nix b/nix/configuration/hosts/odo/default.nix index c176469..a9ee9b2 100644 --- a/nix/configuration/hosts/odo/default.nix +++ b/nix/configuration/hosts/odo/default.nix @@ -110,6 +110,7 @@ me.jujutsu.config = ../../roles/jujutsu/files/jujutsu_config_home.toml; me.jujutsu.enable = true; me.kanshi.enable = false; + me.kernel.enable = true; me.kubernetes.enable = true; me.latex.enable = true; me.launch_keyboard.enable = true; diff --git a/nix/configuration/hosts/odowork/default.nix b/nix/configuration/hosts/odowork/default.nix index 98333f0..970cc6f 100644 --- a/nix/configuration/hosts/odowork/default.nix +++ b/nix/configuration/hosts/odowork/default.nix @@ -111,6 +111,7 @@ me.iso_mount.enable = true; me.jujutsu.config = ../../roles/jujutsu/files/jujutsu_config_home.toml; me.jujutsu.enable = true; + me.kernel.enable = true; me.latex.enable = true; me.launch_keyboard.enable = true; me.lvfs.enable = true; diff --git a/nix/configuration/hosts/quark/default.nix b/nix/configuration/hosts/quark/default.nix index 4e8a39a..7c05ae1 100644 --- a/nix/configuration/hosts/quark/default.nix +++ b/nix/configuration/hosts/quark/default.nix @@ -104,6 +104,7 @@ me.jujutsu.config = ../../roles/jujutsu/files/jujutsu_config_home.toml; me.jujutsu.enable = true; me.kanshi.enable = false; + me.kernel.enable = true; me.kubernetes.enable = true; me.latex.enable = true; me.launch_keyboard.enable = true; diff --git a/nix/configuration/roles/firewall/default.nix b/nix/configuration/roles/firewall/default.nix index b17c93b..e929af0 100644 --- a/nix/configuration/roles/firewall/default.nix +++ b/nix/configuration/roles/firewall/default.nix @@ -24,7 +24,16 @@ networking.firewall.allowedUDPPorts = [ 5353 # mDNS ]; + + # networking.firewall.enable = true; + # networking.nftables.enable = true; + # Or disable the firewall altogether. - # networking.firewall.enable = false; + networking.firewall.enable = false; + + # Debugging + # networking.firewall.logRefusedConnections = true; + # networking.firewall.logRefusedPackets = true; + # networking.firewall.logReversePathDrops = true; }; } diff --git a/nix/configuration/roles/kernel/default.nix b/nix/configuration/roles/kernel/default.nix new file mode 100644 index 0000000..58493fc --- /dev/null +++ b/nix/configuration/roles/kernel/default.nix @@ -0,0 +1,194 @@ +# Check current config: +# nix build '/persist/machine_setup/nix/configuration#nixosConfigurations.hydra.pkgs.linux_me.configfile' +# cat $(nix eval --raw '/persist/machine_setup/nix/configuration#nixosConfigurations.hydra.pkgs.linux_me.configfile') | less + +{ + config, + lib, + pkgs, + ... +}: + +let + preemption_type = with lib.kernel; { + full = { + PREEMPT_DYNAMIC = yes; + PREEMPT = yes; + PREEMPT_VOLUNTARY = lib.mkForce no; + PREEMPT_LAZY = lib.mkForce no; + PREEMPT_NONE = no; + }; + lazy = { + PREEMPT_DYNAMIC = yes; + PREEMPT = no; + PREEMPT_VOLUNTARY = lib.mkForce no; + PREEMPT_LAZY = yes; + PREEMPT_NONE = no; + }; + voluntary = { + PREEMPT_DYNAMIC = no; + PREEMPT = no; + PREEMPT_VOLUNTARY = yes; + PREEMPT_LAZY = lib.mkForce no; + PREEMPT_NONE = no; + }; + none = { + PREEMPT_DYNAMIC = no; + PREEMPT = no; + PREEMPT_VOLUNTARY = lib.mkForce no; + PREEMPT_LAZY = lib.mkForce no; + PREEMPT_NONE = yes; + }; + }; + tick_hz = + with lib.kernel; + { + "1000" = { + HZ_1000 = yes; + HZ = freeform "1000"; + }; + } + // lib.genAttrs [ "100" "250" "300" "500" "600" "750" ] (hz: { + HZ_1000 = no; + "HZ_${hz}" = yes; + HZ = freeform hz; + }); + performance_governor = with lib.kernel; { + default = { + CPU_FREQ_DEFAULT_GOV_SCHEDUTIL = yes; + }; + performance = { + CPU_FREQ_DEFAULT_GOV_SCHEDUTIL = no; + CPU_FREQ_DEFAULT_GOV_PERFORMANCE = yes; + }; + }; + tick_rate = with lib.kernel; { + # Always tick at the hz frequency. + periodic = { + NO_HZ_IDLE = no; + NO_HZ_FULL = no; + NO_HZ = no; + NO_HZ_COMMON = no; + HZ_PERIODIC = yes; + }; + # Idle - Do not disturb the CPU when idle. This can save power but increase latency. + idle = { + HZ_PERIODIC = no; + NO_HZ_FULL = no; + NO_HZ_IDLE = yes; + NO_HZ = yes; + NO_HZ_COMMON = yes; + }; + # Full dyntick system (tickless) - The kernel tries to shut down the tick whenever possible. + tickless = { + HZ_PERIODIC = no; + NO_HZ_IDLE = no; + NO_HZ_FULL = yes; + NO_HZ = yes; + NO_HZ_COMMON = yes; + CONTEXT_TRACKING = yes; + }; + }; + huge_page = with lib.kernel; { + always = { + TRANSPARENT_HUGEPAGE_MADVISE = no; + TRANSPARENT_HUGEPAGE_ALWAYS = yes; + }; + madvise = { + TRANSPARENT_HUGEPAGE_ALWAYS = no; + TRANSPARENT_HUGEPAGE_MADVISE = yes; + }; + }; + common_config = + with lib.kernel; + { + # Google's BBRv3 TCP congestion Control + TCP_CONG_BBR = yes; + DEFAULT_BBR = yes; + }; + flavors = { + server = lib.mkMerge [ + preemption_type.none + tick_hz."300" + performance_governor.default + tick_rate.tickless + huge_page.madvise + ]; + interactive = + with lib.kernel; + lib.mkMerge [ + { + # Enable RCU Lazy - Reduces power consumption when idle or lightly loaded. Useful for battery-powered devices like laptops. + RCU_LAZY = yes; + } + preemption_type.lazy + tick_hz."300" + performance_governor.default + tick_rate.tickless + huge_page.madvise + ]; + }; +in +{ + imports = [ ]; + + options.me = { + kernel.enable = lib.mkOption { + type = lib.types.bool; + default = false; + example = true; + description = "Whether we want to install kernel."; + }; + + kernel.version = lib.mkOption { + type = lib.types.str; + default = "linux"; # LTS + example = "linux_6_18"; + description = "What version of the kernl should we use."; + }; + + kernel.flavor = lib.mkOption { + type = lib.types.str; + default = "interactive"; + example = "server"; + description = "What type of kernel should be built."; + }; + }; + + config = lib.mkIf config.me.kernel.enable ( + lib.mkMerge [ + { + boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_me; + } + (lib.mkIf (!config.me.optimizations.enable) { + nixpkgs.overlays = [ + (final: prev: { + linux_me = final."${config.me.kernel.version}"; + }) + ]; + }) + (lib.mkIf (config.me.optimizations.enable) { + nixpkgs.overlays = [ + ( + final: prev: + let + addConfig = + additionalConfig: pkg: + pkg.override (oldconfig: { + structuredExtraConfig = lib.mkMerge ([ pkg.structuredExtraConfig ] ++ additionalConfig); + # stdenv = pkgs.llvmPackages_latest.stdenv; + # stdenv = pkgs.clangStdenv; + }); + in + { + linux_me = addConfig ([ + common_config + flavors."${config.me.kernel.flavor}" + ]) final."${config.me.kernel.version}"; + } + ) + ]; + }) + ] + ); +} diff --git a/nix/configuration/roles/minimal_base/default.nix b/nix/configuration/roles/minimal_base/default.nix index 1654729..076d82d 100644 --- a/nix/configuration/roles/minimal_base/default.nix +++ b/nix/configuration/roles/minimal_base/default.nix @@ -19,6 +19,7 @@ config = lib.mkIf config.me.minimal_base.enable { me.doas.enable = true; + me.kernel.enable = true; me.network.enable = true; me.nvme.enable = true; me.ssh.enable = true; diff --git a/nix/configuration/roles/optimized_build/default.nix b/nix/configuration/roles/optimized_build/default.nix index 3fc944d..b8735bf 100644 --- a/nix/configuration/roles/optimized_build/default.nix +++ b/nix/configuration/roles/optimized_build/default.nix @@ -1,7 +1,6 @@ { config, lib, - pkgs, ... }: @@ -49,71 +48,13 @@ }; config = lib.mkMerge [ - (lib.mkIf (!config.me.optimizations.enable) ( - lib.mkMerge [ - { - boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_6_18; - # boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux; - } - ] - )) (lib.mkIf config.me.optimizations.enable ( lib.mkMerge [ { - boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_me; - nixpkgs.hostPlatform = { gcc.arch = config.me.optimizations.arch; gcc.tune = config.me.optimizations.arch; }; - - nixpkgs.overlays = [ - ( - final: prev: - let - addConfig = - additionalConfig: pkg: - pkg.override (oldconfig: { - structuredExtraConfig = pkg.structuredExtraConfig // additionalConfig; - }); - in - { - linux_me = addConfig { - # Server | No preemption - Run until the next tick. Highest throughput but can cause stutter. - # PREEMPT = lib.mkOverride 60 lib.kernel.no; - # Desktop | Preempt kernel threads only at pre-defined places that call cond_resched(). - PREEMPT_VOLUNTARY = lib.mkOverride 60 lib.kernel.no; - # Low-latency desktop | Full preemption - Kernel threads can be preempted unless they hold a spinlock or are in a no-preemption section. - PREEMPT = lib.mkOverride 60 lib.kernel.yes; - # RT - All kernel code is preemptible except for a few critical sections. - # Middle ground | Real-time tasks preempt immediately like FULL, normal tasks run until the next tick. - PREEMPT_LAZY = lib.mkOverride 90 lib.kernel.no; - - # Google's BBRv3 TCP congestion Control - TCP_CONG_BBR = lib.kernel.yes; - DEFAULT_BBR = lib.kernel.yes; - - # Preemptive Full Tickless Kernel at 300Hz - HZ = lib.kernel.freeform "300"; - HZ_300 = lib.kernel.yes; - HZ_1000 = lib.kernel.no; - } prev.linux_6_18; # or prev.linux - } - ) - (final: prev: { - inherit (final.unoptimized) - assimp - binaryen - gsl - rapidjson - ffmpeg-headless - ffmpeg - pipewire - chromaprint - gtkmm - ; - }) - ]; } ] ))