From 56c0add33f188ad616dc8d6e5f401dae4cce8079 Mon Sep 17 00:00:00 2001 From: Tom Alexander Date: Wed, 16 Apr 2025 20:36:08 -0400 Subject: [PATCH] Add Quark to nix config. --- nix/configuration/.gitignore | 1 + nix/configuration/configuration.nix | 2 + nix/configuration/flake.nix | 40 +++++ nix/configuration/hosts/hydra/DEPLOY_BOOT | 19 +++ nix/configuration/hosts/hydra/DEPLOY_SWITCH | 19 +++ nix/configuration/hosts/hydra/ISO | 12 ++ nix/configuration/hosts/neelix/DEPLOY_BOOT | 19 +++ nix/configuration/hosts/neelix/DEPLOY_SWITCH | 19 +++ nix/configuration/hosts/neelix/default.nix | 2 +- nix/configuration/hosts/odo/ISO | 12 ++ nix/configuration/hosts/odo/SELF_BOOT | 12 ++ nix/configuration/hosts/odo/SELF_SWITCH | 12 ++ nix/configuration/hosts/odo/default.nix | 2 + .../hosts/odo/optimized_build.nix | 39 ++--- nix/configuration/hosts/quark/DEPLOY_BOOT | 19 +++ nix/configuration/hosts/quark/DEPLOY_SWITCH | 19 +++ nix/configuration/hosts/quark/ISO | 12 ++ nix/configuration/hosts/quark/SELF_BOOT | 12 ++ nix/configuration/hosts/quark/SELF_SWITCH | 12 ++ nix/configuration/hosts/quark/default.nix | 89 +++++++++++ nix/configuration/hosts/quark/disk-config.nix | 148 ++++++++++++++++++ .../hosts/quark/distributed_build.nix | 36 +++++ .../hosts/quark/hardware-configuration.nix | 36 +++++ .../hosts/quark/optimized_build.nix | 100 ++++++++++++ .../hosts/quark/power_management.nix | 59 +++++++ nix/configuration/hosts/quark/wifi.nix | 16 ++ nix/configuration/roles/boot/default.nix | 13 +- nix/configuration/roles/ecc/default.nix | 27 ++++ nix/configuration/roles/network/default.nix | 5 +- .../roles/thunderbolt/default.nix | 29 ++++ .../configuration/hosts/deck/DEPLOY_SWITCH | 18 +++ 31 files changed, 824 insertions(+), 36 deletions(-) create mode 100644 nix/configuration/.gitignore create mode 100755 nix/configuration/hosts/hydra/DEPLOY_BOOT create mode 100755 nix/configuration/hosts/hydra/DEPLOY_SWITCH create mode 100755 nix/configuration/hosts/hydra/ISO create mode 100755 nix/configuration/hosts/neelix/DEPLOY_BOOT create mode 100755 nix/configuration/hosts/neelix/DEPLOY_SWITCH create mode 100755 nix/configuration/hosts/odo/ISO create mode 100755 nix/configuration/hosts/odo/SELF_BOOT create mode 100755 nix/configuration/hosts/odo/SELF_SWITCH create mode 100755 nix/configuration/hosts/quark/DEPLOY_BOOT create mode 100755 nix/configuration/hosts/quark/DEPLOY_SWITCH create mode 100755 nix/configuration/hosts/quark/ISO create mode 100755 nix/configuration/hosts/quark/SELF_BOOT create mode 100755 nix/configuration/hosts/quark/SELF_SWITCH create mode 100644 nix/configuration/hosts/quark/default.nix create mode 100644 nix/configuration/hosts/quark/disk-config.nix create mode 100644 nix/configuration/hosts/quark/distributed_build.nix create mode 100644 nix/configuration/hosts/quark/hardware-configuration.nix create mode 100644 nix/configuration/hosts/quark/optimized_build.nix create mode 100644 nix/configuration/hosts/quark/power_management.nix create mode 100644 nix/configuration/hosts/quark/wifi.nix create mode 100644 nix/configuration/roles/ecc/default.nix create mode 100644 nix/configuration/roles/thunderbolt/default.nix create mode 100755 nix/steam_deck/configuration/hosts/deck/DEPLOY_SWITCH diff --git a/nix/configuration/.gitignore b/nix/configuration/.gitignore new file mode 100644 index 0000000..b2be92b --- /dev/null +++ b/nix/configuration/.gitignore @@ -0,0 +1 @@ +result diff --git a/nix/configuration/configuration.nix b/nix/configuration/configuration.nix index 4fc5cbe..590864a 100644 --- a/nix/configuration/configuration.nix +++ b/nix/configuration/configuration.nix @@ -17,6 +17,7 @@ ./roles/chromecast ./roles/chromium ./roles/docker + ./roles/ecc ./roles/emacs ./roles/firefox ./roles/firewall @@ -57,6 +58,7 @@ ./roles/sway ./roles/tekton ./roles/terraform + ./roles/thunderbolt ./roles/vnc_client ./roles/vscode ./roles/wasm diff --git a/nix/configuration/flake.nix b/nix/configuration/flake.nix index 7fe67a0..1855e62 100644 --- a/nix/configuration/flake.nix +++ b/nix/configuration/flake.nix @@ -25,6 +25,18 @@ # iso.odo.isoName == "nixos.iso" # full path = / iso / +# +# Install on a new machine: +# +# +# doas nix --experimental-features "nix-command flakes" run github:nix-community/disko/latest -- --mode destroy,format,mount hosts/quark/disk-config.nix + +# nix flake update zsh-histdb --flake . +# nix flake update ansible-sshjail --flake . +# for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done +# nixos-install --flake ".#quark" +# + { description = "My system configuration"; @@ -130,6 +142,32 @@ } ); }; + quark = { + main = nixpkgs.lib.nixosSystem ( + base_x86_64_linux + // { + modules = base_x86_64_linux.modules ++ [ + ./hosts/quark + ]; + } + ); + iso = nixpkgs.lib.nixosSystem ( + base_x86_64_linux + // { + modules = base_x86_64_linux.modules ++ [ + ./hosts/quark + (nixpkgs + "/nixos/modules/installer/cd-dvd/iso-image.nix") + # TODO: Figure out how to do image based appliances + # (nixpkgs + "/nixos/modules/profiles/image-based-appliance.nix") + { + isoImage.makeEfiBootable = true; + isoImage.makeUsbBootable = true; + me.buildingIso = true; + } + ]; + } + ); + }; neelix = { main = nixpkgs.lib.nixosSystem ( base_x86_64_linux @@ -183,6 +221,8 @@ { nixosConfigurations.odo = systems.odo.main; iso.odo = systems.odo.iso.config.system.build.isoImage; + nixosConfigurations.quark = systems.quark.main; + iso.quark = systems.quark.iso.config.system.build.isoImage; nixosConfigurations.neelix = systems.neelix.main; iso.neelix = systems.neelix.iso.config.system.build.isoImage; nixosConfigurations.hydra = systems.hydra.main; diff --git a/nix/configuration/hosts/hydra/DEPLOY_BOOT b/nix/configuration/hosts/hydra/DEPLOY_BOOT new file mode 100755 index 0000000..04484dc --- /dev/null +++ b/nix/configuration/hosts/hydra/DEPLOY_BOOT @@ -0,0 +1,19 @@ +#!/usr/bin/env bash +# +set -euo pipefail +IFS=$'\n\t' +DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" + +: "${JOBS:="1"}" + +#TARGET=10.216.1.14 +# TARGET=192.168.211.250 +TARGET=hydra + +nix flake update zsh-histdb --flake "$DIR/../../" +nix flake update ansible-sshjail --flake "$DIR/../../" +for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done + +nixos-rebuild boot --flake "$DIR/../../#hydra" --target-host "$TARGET" --build-host "$TARGET" --no-build-nix --use-remote-sudo --max-jobs "$JOBS" |& nom + +# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild boot --flake /persist/manual/configuration#hydra' diff --git a/nix/configuration/hosts/hydra/DEPLOY_SWITCH b/nix/configuration/hosts/hydra/DEPLOY_SWITCH new file mode 100755 index 0000000..e1fedc3 --- /dev/null +++ b/nix/configuration/hosts/hydra/DEPLOY_SWITCH @@ -0,0 +1,19 @@ +#!/usr/bin/env bash +# +set -euo pipefail +IFS=$'\n\t' +DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" + +: "${JOBS:="1"}" + +#TARGET=10.216.1.14 +# TARGET=192.168.211.250 +TARGET=hydra + +nix flake update zsh-histdb --flake "$DIR/../../" +nix flake update ansible-sshjail --flake "$DIR/../../" +for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done + +nixos-rebuild switch --flake "$DIR/../../#hydra" --target-host "$TARGET" --build-host "$TARGET" --no-build-nix --use-remote-sudo --max-jobs "$JOBS" |& nom + +# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild switch --flake /persist/manual/configuration#hydra' diff --git a/nix/configuration/hosts/hydra/ISO b/nix/configuration/hosts/hydra/ISO new file mode 100755 index 0000000..16891ac --- /dev/null +++ b/nix/configuration/hosts/hydra/ISO @@ -0,0 +1,12 @@ +#!/usr/bin/env bash +# +set -euo pipefail +IFS=$'\n\t' +DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" + +: "${JOBS:="1"}" + +nix flake update zsh-histdb --flake "$DIR/../../" +nix flake update ansible-sshjail --flake "$DIR/../../" +for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done +nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#iso.hydra" --max-jobs "$JOBS" |& nom diff --git a/nix/configuration/hosts/neelix/DEPLOY_BOOT b/nix/configuration/hosts/neelix/DEPLOY_BOOT new file mode 100755 index 0000000..41c2faf --- /dev/null +++ b/nix/configuration/hosts/neelix/DEPLOY_BOOT @@ -0,0 +1,19 @@ +#!/usr/bin/env bash +# +set -euo pipefail +IFS=$'\n\t' +DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" + +: "${JOBS:="1"}" + +#TARGET=10.216.1.14 +# TARGET=192.168.211.250 +TARGET=neelix + +nix flake update zsh-histdb --flake "$DIR/../../" +nix flake update ansible-sshjail --flake "$DIR/../../" +for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done + +nixos-rebuild boot --flake "$DIR/../../#neelix" --target-host "$TARGET" --build-host "$TARGET" --no-build-nix --use-remote-sudo --max-jobs "$JOBS" |& nom + +# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild boot --flake /persist/manual/configuration#neelix' diff --git a/nix/configuration/hosts/neelix/DEPLOY_SWITCH b/nix/configuration/hosts/neelix/DEPLOY_SWITCH new file mode 100755 index 0000000..d85e001 --- /dev/null +++ b/nix/configuration/hosts/neelix/DEPLOY_SWITCH @@ -0,0 +1,19 @@ +#!/usr/bin/env bash +# +set -euo pipefail +IFS=$'\n\t' +DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" + +: "${JOBS:="1"}" + +#TARGET=10.216.1.14 +# TARGET=192.168.211.250 +TARGET=neelix + +nix flake update zsh-histdb --flake "$DIR/../../" +nix flake update ansible-sshjail --flake "$DIR/../../" +for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done + +nixos-rebuild switch --flake "$DIR/../../#neelix" --target-host "$TARGET" --build-host "$TARGET" --no-build-nix --use-remote-sudo --max-jobs "$JOBS" |& nom + +# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild switch --flake /persist/manual/configuration#neelix' diff --git a/nix/configuration/hosts/neelix/default.nix b/nix/configuration/hosts/neelix/default.nix index 0ccf563..1424cb3 100644 --- a/nix/configuration/hosts/neelix/default.nix +++ b/nix/configuration/hosts/neelix/default.nix @@ -8,7 +8,7 @@ ]; # Generate with `head -c4 /dev/urandom | od -A none -t x4` - networking.hostId = "fbd233d8"; + networking.hostId = "bca9d0a5"; networking.hostName = "neelix"; # Define your hostname. diff --git a/nix/configuration/hosts/odo/ISO b/nix/configuration/hosts/odo/ISO new file mode 100755 index 0000000..99e918d --- /dev/null +++ b/nix/configuration/hosts/odo/ISO @@ -0,0 +1,12 @@ +#!/usr/bin/env bash +# +set -euo pipefail +IFS=$'\n\t' +DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" + +: "${JOBS:="1"}" + +nix flake update zsh-histdb --flake "$DIR/../../" +nix flake update ansible-sshjail --flake "$DIR/../../" +for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done +nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#iso.odo" --max-jobs "$JOBS" |& nom diff --git a/nix/configuration/hosts/odo/SELF_BOOT b/nix/configuration/hosts/odo/SELF_BOOT new file mode 100755 index 0000000..7550487 --- /dev/null +++ b/nix/configuration/hosts/odo/SELF_BOOT @@ -0,0 +1,12 @@ +#!/usr/bin/env bash +# +set -euo pipefail +IFS=$'\n\t' +DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" + +: "${JOBS:="1"}" + +nix flake update zsh-histdb --flake "$DIR/../../" +nix flake update ansible-sshjail --flake "$DIR/../../" +for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done +nixos-rebuild boot --show-trace --use-remote-sudo --max-jobs "$JOBS" --flake "$DIR/../../#odo" |& nom diff --git a/nix/configuration/hosts/odo/SELF_SWITCH b/nix/configuration/hosts/odo/SELF_SWITCH new file mode 100755 index 0000000..5377bb6 --- /dev/null +++ b/nix/configuration/hosts/odo/SELF_SWITCH @@ -0,0 +1,12 @@ +#!/usr/bin/env bash +# +set -euo pipefail +IFS=$'\n\t' +DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" + +: "${JOBS:="1"}" + +nix flake update zsh-histdb --flake "$DIR/../../" +nix flake update ansible-sshjail --flake "$DIR/../../" +for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done +nixos-rebuild switch --show-trace --use-remote-sudo --max-jobs "$JOBS" --flake "$DIR/../../#odo" |& nom diff --git a/nix/configuration/hosts/odo/default.nix b/nix/configuration/hosts/odo/default.nix index 2f02baa..9903c5f 100644 --- a/nix/configuration/hosts/odo/default.nix +++ b/nix/configuration/hosts/odo/default.nix @@ -50,6 +50,7 @@ me.chromecast.enable = true; me.chromium.enable = true; me.docker.enable = true; + me.ecc.enable = true; me.emacs_flavor = "full"; me.firefox.enable = true; me.flux.enable = true; @@ -78,6 +79,7 @@ me.sway.enable = true; me.tekton.enable = true; me.terraform.enable = true; + me.thunderbolt.enable = true; me.vnc_client.enable = true; me.vscode.enable = true; me.wasm.enable = true; diff --git a/nix/configuration/hosts/odo/optimized_build.nix b/nix/configuration/hosts/odo/optimized_build.nix index 0b2fc5a..ab5a323 100644 --- a/nix/configuration/hosts/odo/optimized_build.nix +++ b/nix/configuration/hosts/odo/optimized_build.nix @@ -42,11 +42,6 @@ ( final: prev: let - optimizeWithFlags = - pkg: flags: - pkg.overrideAttrs (old: { - NIX_CFLAGS_COMPILE = [ (old.NIX_CFLAGS_COMPILE or "") ] ++ flags; - }); addConfig = additionalConfig: pkg: pkg.override (oldconfig: { @@ -54,28 +49,20 @@ }); in { - linux_znver4 = - addConfig - { - # Full preemption - PREEMPT = lib.mkOverride 60 lib.kernel.yes; - PREEMPT_VOLUNTARY = lib.mkOverride 60 lib.kernel.no; + linux_me = addConfig { + # Full preemption + PREEMPT = lib.mkOverride 60 lib.kernel.yes; + PREEMPT_VOLUNTARY = lib.mkOverride 60 lib.kernel.no; - # Google's BBRv3 TCP congestion Control - TCP_CONG_BBR = lib.kernel.yes; - DEFAULT_BBR = lib.kernel.yes; + # Google's BBRv3 TCP congestion Control + TCP_CONG_BBR = lib.kernel.yes; + DEFAULT_BBR = lib.kernel.yes; - # Preemptive Full Tickless Kernel at 300Hz - HZ = lib.kernel.freeform "300"; - HZ_300 = lib.kernel.yes; - HZ_1000 = lib.kernel.no; - } - ( - optimizeWithFlags prev.linux_6_13 [ - "-march=znver4" - "-mtune=znver4" - ] - ); + # Preemptive Full Tickless Kernel at 300Hz + HZ = lib.kernel.freeform "300"; + HZ_300 = lib.kernel.yes; + HZ_1000 = lib.kernel.no; + } prev.linux_6_13; # gsl = prev.gsl.overrideAttrs (old: { # # gsl tests fails when optimizations are enabled. # # > FAIL: cholesky_invert unscaled hilbert ( 4, 4)[0,2]: 2.55795384873636067e-13 0 @@ -106,7 +93,7 @@ }) ]; - boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_znver4; + boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_me; }) (lib.mkIf (config.me.buildingIso) { boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_6_13; diff --git a/nix/configuration/hosts/quark/DEPLOY_BOOT b/nix/configuration/hosts/quark/DEPLOY_BOOT new file mode 100755 index 0000000..a2c7f49 --- /dev/null +++ b/nix/configuration/hosts/quark/DEPLOY_BOOT @@ -0,0 +1,19 @@ +#!/usr/bin/env bash +# +set -euo pipefail +IFS=$'\n\t' +DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" + +: "${JOBS:="1"}" + +#TARGET=10.216.1.14 +# TARGET=192.168.211.250 +TARGET=quark + +nix flake update zsh-histdb --flake "$DIR/../../" +nix flake update ansible-sshjail --flake "$DIR/../../" +for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done + +nixos-rebuild boot --flake "$DIR/../../#quark" --target-host "$TARGET" --build-host "$TARGET" --no-build-nix --use-remote-sudo --max-jobs "$JOBS" |& nom + +# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild boot --flake /persist/manual/configuration#quark' diff --git a/nix/configuration/hosts/quark/DEPLOY_SWITCH b/nix/configuration/hosts/quark/DEPLOY_SWITCH new file mode 100755 index 0000000..46854c2 --- /dev/null +++ b/nix/configuration/hosts/quark/DEPLOY_SWITCH @@ -0,0 +1,19 @@ +#!/usr/bin/env bash +# +set -euo pipefail +IFS=$'\n\t' +DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" + +: "${JOBS:="1"}" + +#TARGET=10.216.1.14 +# TARGET=192.168.211.250 +TARGET=quark + +nix flake update zsh-histdb --flake "$DIR/../../" +nix flake update ansible-sshjail --flake "$DIR/../../" +for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done + +nixos-rebuild switch --flake "$DIR/../../#quark" --target-host "$TARGET" --build-host "$TARGET" --no-build-nix --use-remote-sudo --max-jobs "$JOBS" |& nom + +# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild switch --flake /persist/manual/configuration#quark' diff --git a/nix/configuration/hosts/quark/ISO b/nix/configuration/hosts/quark/ISO new file mode 100755 index 0000000..73a198d --- /dev/null +++ b/nix/configuration/hosts/quark/ISO @@ -0,0 +1,12 @@ +#!/usr/bin/env bash +# +set -euo pipefail +IFS=$'\n\t' +DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" + +: "${JOBS:="1"}" + +nix flake update zsh-histdb --flake "$DIR/../../" +nix flake update ansible-sshjail --flake "$DIR/../../" +for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done +nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#iso.quark" --max-jobs "$JOBS" |& nom diff --git a/nix/configuration/hosts/quark/SELF_BOOT b/nix/configuration/hosts/quark/SELF_BOOT new file mode 100755 index 0000000..5441258 --- /dev/null +++ b/nix/configuration/hosts/quark/SELF_BOOT @@ -0,0 +1,12 @@ +#!/usr/bin/env bash +# +set -euo pipefail +IFS=$'\n\t' +DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" + +: "${JOBS:="1"}" + +nix flake update zsh-histdb --flake "$DIR/../../" +nix flake update ansible-sshjail --flake "$DIR/../../" +for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done +nixos-rebuild boot --show-trace --use-remote-sudo --max-jobs "$JOBS" --flake "$DIR/../../#quark" |& nom diff --git a/nix/configuration/hosts/quark/SELF_SWITCH b/nix/configuration/hosts/quark/SELF_SWITCH new file mode 100755 index 0000000..12909eb --- /dev/null +++ b/nix/configuration/hosts/quark/SELF_SWITCH @@ -0,0 +1,12 @@ +#!/usr/bin/env bash +# +set -euo pipefail +IFS=$'\n\t' +DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" + +: "${JOBS:="1"}" + +nix flake update zsh-histdb --flake "$DIR/../../" +nix flake update ansible-sshjail --flake "$DIR/../../" +for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done +nixos-rebuild switch --show-trace --use-remote-sudo --max-jobs "$JOBS" --flake "$DIR/../../#quark" |& nom diff --git a/nix/configuration/hosts/quark/default.nix b/nix/configuration/hosts/quark/default.nix new file mode 100644 index 0000000..c8d3d0c --- /dev/null +++ b/nix/configuration/hosts/quark/default.nix @@ -0,0 +1,89 @@ +{ + config, + lib, + pkgs, + ... +}: +{ + imports = [ + ./disk-config.nix + ./distributed_build.nix + ./hardware-configuration.nix + ./optimized_build.nix + ./power_management.nix + ./wifi.nix + ]; + + # Generate with `head -c4 /dev/urandom | od -A none -t x4` + networking.hostId = "47ee7d7c"; + + networking.hostName = "quark"; # Define your hostname. + + time.timeZone = "America/New_York"; + i18n.defaultLocale = "en_US.UTF-8"; + + me.secureBoot.enable = true; + + # Early KMS + boot.initrd.kernelModules = [ "amdgpu" ]; + + # Mount tmpfs at /tmp + boot.tmp.useTmpfs = true; + + # Enable TRIM + # services.fstrim.enable = lib.mkDefault true; + + me.alacritty.enable = true; + me.ansible.enable = true; + me.ares.enable = true; + me.bluetooth.enable = true; + me.chromecast.enable = true; + me.chromium.enable = true; + me.docker.enable = true; + me.ecc.enable = true; + me.emacs_flavor = "full"; + me.firefox.enable = true; + me.flux.enable = true; + me.gcloud.enable = true; + me.git.config = ../../roles/git/files/gitconfig_home; + me.gnuplot.enable = true; + me.gpg.enable = true; + me.graphical = true; + me.graphics_card_type = "amd"; + me.kanshi.enable = false; + me.kubernetes.enable = true; + me.latex.enable = true; + me.launch_keyboard.enable = true; + me.lvfs.enable = true; + me.media.enable = true; + me.nix_index.enable = true; + me.pcsx2.enable = true; + me.python.enable = true; + me.qemu.enable = true; + me.rust.enable = true; + me.shikane.enable = true; + me.sops.enable = true; + me.sound.enable = true; + me.steam.enable = true; + me.steam_run_free.enable = true; + me.sway.enable = true; + me.tekton.enable = true; + me.terraform.enable = true; + me.thunderbolt.enable = true; + me.vnc_client.enable = true; + me.vscode.enable = true; + me.wasm.enable = true; + me.waybar.enable = true; + me.wireguard.activated = [ + "drmario" + "wgh" + "colo" + ]; + me.wireguard.deactivated = [ "wgf" ]; + me.zrepl.enable = true; + me.zsh.enable = true; + + me.sm64ex.enable = true; + me.shipwright.enable = true; + me.ship2harkinian.enable = true; +} diff --git a/nix/configuration/hosts/quark/disk-config.nix b/nix/configuration/hosts/quark/disk-config.nix new file mode 100644 index 0000000..dc31c68 --- /dev/null +++ b/nix/configuration/hosts/quark/disk-config.nix @@ -0,0 +1,148 @@ +# Manual Step: +# Check if drive supports 4kn: nvme id-ns -H /dev/nvme0n1 +# Format the drive to 4kn: nvme format --lbaf=1 /dev/nvme0n1 +{ + config, + lib, + pkgs, + ... +}: + +lib.mkIf (!config.me.buildingIso) { + disko.devices = { + disk = { + main = { + type = "disk"; + device = "/dev/nvme0n1"; + content = { + type = "gpt"; + partitions = { + ESP = { + size = "1G"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ + "umask=0077" + "noatime" + "discard" + ]; + }; + }; + zfs = { + size = "100%"; + content = { + type = "zfs"; + pool = "zroot"; + }; + }; + }; + }; + }; + }; + zpool = { + zroot = { + type = "zpool"; + # mode = "mirror"; + # Workaround: cannot import 'zroot': I/O error in disko tests + options.cachefile = "none"; + options = { + ashift = "12"; + compatibility = "openzfs-2.2-freebsd"; + autotrim = "on"; + }; + rootFsOptions = { + acltype = "posixacl"; + atime = "off"; + relatime = "off"; + xattr = "sa"; + mountpoint = "none"; + compression = "lz4"; + canmount = "off"; + utf8only = "on"; + dnodesize = "auto"; + normalization = "formD"; + }; + + datasets = { + "linux/nix" = { + type = "zfs_fs"; + options.mountpoint = "none"; + options = { + encryption = "aes-256-gcm"; + keyformat = "passphrase"; + # keylocation = "file:///tmp/secret.key"; + }; + }; + "linux/nix/root" = { + type = "zfs_fs"; + options.mountpoint = "legacy"; + mountpoint = "/"; + postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/root@blank$' || zfs snapshot zroot/linux/nix/root@blank"; + }; + "linux/nix/nix" = { + type = "zfs_fs"; + options.mountpoint = "legacy"; + mountpoint = "/nix"; + postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/nix@blank$' || zfs snapshot zroot/linux/nix/nix@blank"; + options = { + recordsize = "16MiB"; + compression = "zstd-19"; + }; + }; + "linux/nix/home" = { + type = "zfs_fs"; + options.mountpoint = "legacy"; + mountpoint = "/home"; + postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/home@blank$' || zfs snapshot zroot/linux/nix/home@blank"; + }; + "linux/nix/persist" = { + type = "zfs_fs"; + options.mountpoint = "legacy"; + mountpoint = "/persist"; + postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/persist@blank$' || zfs snapshot zroot/linux/nix/persist@blank"; + }; + "linux/nix/state" = { + type = "zfs_fs"; + options.mountpoint = "legacy"; + mountpoint = "/state"; + postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/state@blank$' || zfs snapshot zroot/linux/nix/state@blank"; + }; + }; + }; + }; + }; + + # Make sure all persistent volumes are marked as neededForBoot + # + # Also mounts /home so it is mounted before the user home directories are created. + fileSystems."/persist".neededForBoot = true; + fileSystems."/state".neededForBoot = true; + fileSystems."/home".neededForBoot = true; + + fileSystems."/".options = [ + "noatime" + "norelatime" + ]; + fileSystems."/nix".options = [ + "noatime" + "norelatime" + ]; + fileSystems."/persist".options = [ + "noatime" + "norelatime" + ]; + fileSystems."/state".options = [ + "noatime" + "norelatime" + ]; + fileSystems."/home".options = [ + "noatime" + "norelatime" + ]; + + # Only attempt to decrypt the main pool. Otherwise it attempts to decrypt pools that aren't even used. + boot.zfs.requestEncryptionCredentials = [ "zroot/linux/nix" ]; +} diff --git a/nix/configuration/hosts/quark/distributed_build.nix b/nix/configuration/hosts/quark/distributed_build.nix new file mode 100644 index 0000000..6064fc0 --- /dev/null +++ b/nix/configuration/hosts/quark/distributed_build.nix @@ -0,0 +1,36 @@ +{ + config, + lib, + pkgs, + ... +}: +{ + imports = [ ]; + + config = lib.mkMerge [ + { + nix.distributedBuilds = true; + nix.buildMachines = [ + { + hostName = "hydra"; + sshUser = "talexander"; + systems = [ + "x86_64-linux" + # "aarch64-linux" + ]; + maxJobs = 1; + speedFactor = 2; + supportedFeatures = [ + # "nixos-test" + "benchmark" + "big-parallel" + # "kvm" + "gccarch-znver4" + "gccarch-x86-64-v3" + "gccarch-x86-64-v4" + ]; + } + ]; + } + ]; +} diff --git a/nix/configuration/hosts/quark/hardware-configuration.nix b/nix/configuration/hosts/quark/hardware-configuration.nix new file mode 100644 index 0000000..1852fa3 --- /dev/null +++ b/nix/configuration/hosts/quark/hardware-configuration.nix @@ -0,0 +1,36 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ + config, + lib, + pkgs, + modulesPath, + ... +}: + +{ + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ + "nvme" + "xhci_pci" + "thunderbolt" + ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.eno1.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp58s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/nix/configuration/hosts/quark/optimized_build.nix b/nix/configuration/hosts/quark/optimized_build.nix new file mode 100644 index 0000000..ec211a1 --- /dev/null +++ b/nix/configuration/hosts/quark/optimized_build.nix @@ -0,0 +1,100 @@ +{ + config, + lib, + pkgs, + pkgs-unoptimized, + ... +}: +{ + imports = [ ]; + + config = lib.mkMerge [ + { } + (lib.mkIf (!config.me.buildingIso) { + nix.settings.system-features = lib.mkForce [ + "gccarch-znver4" + "gccarch-znver5" + "gccarch-skylake" + # "gccarch-alderlake" missing WAITPKG + "gccarch-x86-64-v3" + "gccarch-x86-64-v4" + "benchmark" + "big-parallel" + "kvm" + "nixos-test" + ]; + + # Keep ALL dependencies so we can rebuild offline. This DRASTICALLY increase disk usage, but disk space is cheap. + # system.includeBuildDependencies = true; + + # This also should enable building offline? TODO: test. + # nix.extraOptions = '' + # keep-outputs = true + # keep-derivations = true + # ''; + + nixpkgs.hostPlatform = { + gcc.arch = "znver4"; + gcc.tune = "znver4"; + system = "x86_64-linux"; + }; + + # # building ON + # nixpkgs.localSystem = { system = "aarch64-linux"; }; + # # building FOR + # nixpkgs.crossSystem = { system = "aarch64-linux"; }; + + # nixpkgs.config = { + # replaceStdenv = ({ pkgs }: pkgs.clangStdenv); + # }; + # or maybe an overlay + # stdenv = prev.clangStdenv; + + nixpkgs.overlays = [ + ( + final: prev: + let + addConfig = + additionalConfig: pkg: + pkg.override (oldconfig: { + structuredExtraConfig = pkg.structuredExtraConfig // additionalConfig; + }); + in + { + linux_me = addConfig { + # Full preemption + PREEMPT = lib.mkOverride 60 lib.kernel.yes; + PREEMPT_VOLUNTARY = lib.mkOverride 60 lib.kernel.no; + + # Google's BBRv3 TCP congestion Control + TCP_CONG_BBR = lib.kernel.yes; + DEFAULT_BBR = lib.kernel.yes; + + # Preemptive Full Tickless Kernel at 300Hz + HZ = lib.kernel.freeform "300"; + HZ_300 = lib.kernel.yes; + HZ_1000 = lib.kernel.no; + } prev.linux_6_13; + } + ) + (final: prev: { + haskellPackages = prev.haskellPackages.extend ( + final': prev': { + crypton = pkgs-unoptimized.haskellPackages.crypton; + } + ); + }) + (final: prev: { + redis = pkgs-unoptimized.redis; + gsl = pkgs-unoptimized.gsl; + }) + ]; + + boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_me; + }) + (lib.mkIf (config.me.buildingIso) { + boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_6_13; + boot.supportedFilesystems.zfs = true; + }) + ]; +} diff --git a/nix/configuration/hosts/quark/power_management.nix b/nix/configuration/hosts/quark/power_management.nix new file mode 100644 index 0000000..211ee36 --- /dev/null +++ b/nix/configuration/hosts/quark/power_management.nix @@ -0,0 +1,59 @@ +{ + config, + lib, + pkgs, + ... +}: + +{ + imports = [ ]; + + environment.systemPackages = with pkgs; [ + powertop + ]; + + # amdgpu.abmlevel=3 :: Automatically reduce screen brightness but tweak colors to compensate for power reduction. + # pcie_aspm=force pcie_aspm.policy=powersupersave :: Enable PCIe active state power management for power reduction. + # nowatchdog :: Disable watchdog for power savings (related to disable_sp5100_watchdog above). + # amd_pstate=passive :: Fully automated hardware pstate control. + # amd_pstate=active :: Same as passive except we can set the energy performance preference (EPP) to suggest how much we prefer performance or energy efficiency. + # amd_pstate=guided :: Same as passive except we can set upper and lower frequency bounds. + # amdgpu.dcdebugmask=0x10 :: Allegedly disables Panel Replay from https://community.frame.work/t/tracking-freezing-arch-linux-amd/39495/32 + boot.kernelParams = [ + # "amdgpu.abmlevel=3" + # "pcie_aspm=force" + # "pcie_aspm.policy=powersupersave" + # "nowatchdog" + # I don't see a measurable benefit from these two: + # "cpufreq.default_governor=powersave" + # "initcall_blacklist=cpufreq_gov_userspace_init" + ]; + + # systemd.tmpfiles.rules = [ + # "w- /sys/firmware/acpi/platform_profile - - - - low-power" + # "w- /sys/devices/system/cpu/cpufreq/policy0/energy_performance_preference - - - - power" + # "w- /sys/devices/system/cpu/cpufreq/policy1/energy_performance_preference - - - - power" + # "w- /sys/devices/system/cpu/cpufreq/policy2/energy_performance_preference - - - - power" + # "w- /sys/devices/system/cpu/cpufreq/policy3/energy_performance_preference - - - - power" + # "w- /sys/devices/system/cpu/cpufreq/policy4/energy_performance_preference - - - - power" + # "w- /sys/devices/system/cpu/cpufreq/policy5/energy_performance_preference - - - - power" + # "w- /sys/devices/system/cpu/cpufreq/policy6/energy_performance_preference - - - - power" + # "w- /sys/devices/system/cpu/cpufreq/policy7/energy_performance_preference - - - - power" + # "w- /sys/devices/system/cpu/cpufreq/policy8/energy_performance_preference - - - - power" + # "w- /sys/devices/system/cpu/cpufreq/policy9/energy_performance_preference - - - - power" + # "w- /sys/devices/system/cpu/cpufreq/policy10/energy_performance_preference - - - - power" + # "w- /sys/devices/system/cpu/cpufreq/policy11/energy_performance_preference - - - - power" + # "w- /sys/devices/system/cpu/cpufreq/policy12/energy_performance_preference - - - - power" + # "w- /sys/devices/system/cpu/cpufreq/policy13/energy_performance_preference - - - - power" + # "w- /sys/devices/system/cpu/cpufreq/policy14/energy_performance_preference - - - - power" + # "w- /sys/devices/system/cpu/cpufreq/policy15/energy_performance_preference - - - - power" + # ]; + + # boot.extraModprobeConfig = '' + # # Disable the hardware watchdog inside AMD 700 chipset series for power savings. + # blacklist sp5100_tco + + # # Sound power-saving was causing chat notifications to be inaudible. + # # options snd_hda_intel power_save=1 + # ''; +} diff --git a/nix/configuration/hosts/quark/wifi.nix b/nix/configuration/hosts/quark/wifi.nix new file mode 100644 index 0000000..64d4247 --- /dev/null +++ b/nix/configuration/hosts/quark/wifi.nix @@ -0,0 +1,16 @@ +{ + config, + lib, + pkgs, + ... +}: + +{ + imports = [ ]; + + config = { + environment.loginShellInit = lib.mkIf (!config.me.buildingIso) '' + doas iw dev wlan0 set power_save off + ''; + }; +} diff --git a/nix/configuration/roles/boot/default.nix b/nix/configuration/roles/boot/default.nix index 3918e2f..07bce51 100644 --- a/nix/configuration/roles/boot/default.nix +++ b/nix/configuration/roles/boot/default.nix @@ -75,9 +75,14 @@ # options root=PARTUUID=17e325bf-a378-4d1d-be6a-f6df5476f0fa # ''; # }; + environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) { + hideMounts = true; + directories = [ + "/var/lib/sbctl" # Secure Boot Keys + ]; + }; }) (lib.mkIf (config.me.secureBoot.enable) { - environment.systemPackages = with pkgs; [ sbctl ]; @@ -86,12 +91,6 @@ enable = true; pkiBundle = "/var/lib/sbctl"; }; - environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) { - hideMounts = true; - directories = [ - "/var/lib/sbctl" # Secure Boot Keys - ]; - }; }) ]; } diff --git a/nix/configuration/roles/ecc/default.nix b/nix/configuration/roles/ecc/default.nix new file mode 100644 index 0000000..ee7ac49 --- /dev/null +++ b/nix/configuration/roles/ecc/default.nix @@ -0,0 +1,27 @@ +{ + config, + lib, + pkgs, + ... +}: + +{ + imports = [ ]; + + options.me = { + ecc.enable = lib.mkOption { + type = lib.types.bool; + default = false; + example = true; + description = "Whether we want to install ecc."; + }; + }; + + config = lib.mkIf config.me.ecc.enable ( + lib.mkMerge [ + { + hardware.rasdaemon.enable = true; + } + ] + ); +} diff --git a/nix/configuration/roles/network/default.nix b/nix/configuration/roles/network/default.nix index ee21cd3..393fee7 100644 --- a/nix/configuration/roles/network/default.nix +++ b/nix/configuration/roles/network/default.nix @@ -32,11 +32,12 @@ dnsovertls = "true"; }; - # Without this, systemd-resolved will send DNS requests for .home.arpa to the per-link DNS server (172.16.0.1) which does not support DNS-over-TLS. This leads to the connection anging and timing out. This causes firefox startup to take an extra 10+ seconds. + # Without this, systemd-resolved will send DNS requests for .home.arpa to the per-link DNS server (172.16.0.1) which does not support DNS-over-TLS. This leads to the connection hanging and timing out. This causes firefox startup to take an extra 10+ seconds. # # Test with: drill @127.0.0.53 odo.home.arpa + # TODO: The 127.0.0.1 address should probably be moved to a host-specific file. networking.extraHosts = '' - 127.0.0.1 odo.home.arpa + 127.0.0.1 odo.home.arpa quark.home.arpa 10.216.1.1 homeserver 10.216.1.6 media #10.216.1.12 odo diff --git a/nix/configuration/roles/thunderbolt/default.nix b/nix/configuration/roles/thunderbolt/default.nix new file mode 100644 index 0000000..f87e1e3 --- /dev/null +++ b/nix/configuration/roles/thunderbolt/default.nix @@ -0,0 +1,29 @@ +{ + config, + lib, + pkgs, + ... +}: + +{ + imports = [ ]; + + options.me = { + thunderbolt.enable = lib.mkOption { + type = lib.types.bool; + default = false; + example = true; + description = "Whether we want to install thunderbolt."; + }; + }; + + config = lib.mkIf config.me.thunderbolt.enable ( + lib.mkMerge [ + { + environment.systemPackages = with pkgs; [ + bolt # For boltctl + ]; + } + ] + ); +} diff --git a/nix/steam_deck/configuration/hosts/deck/DEPLOY_SWITCH b/nix/steam_deck/configuration/hosts/deck/DEPLOY_SWITCH new file mode 100755 index 0000000..bdb56b1 --- /dev/null +++ b/nix/steam_deck/configuration/hosts/deck/DEPLOY_SWITCH @@ -0,0 +1,18 @@ +#!/usr/bin/env bash +# +set -euo pipefail +IFS=$'\n\t' +DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" + +: "${JOBS:="1"}" + +TARGET=deck@172.16.16.250 + +rsync -av --progress --delete --exclude=.git "$DIR/../../" "${TARGET}:~/.config/mynix" +rsync -av --progress --delete --exclude=.git "/persist/manual/manual_add_to_store" "${TARGET}:~/.persist/manual/" + +ssh "${TARGET}" 'source /home/deck/.nix-profile/etc/profile.d/nix.sh && for f in ~/.persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done' + +ssh "${TARGET}" "source /home/deck/.nix-profile/etc/profile.d/nix.sh && nix run /home/deck/.config/mynix -- switch -b \$(date +%s).hmbackup --flake /home/deck/.config/mynix --max-jobs $JOBS" + +ssh "${TARGET}" 'cat .config/mynix/flake.lock' > "$DIR/../../flake.lock"