From e733dcdcbf0cbc64be9c626b9350c03b72a8f327 Mon Sep 17 00:00:00 2001
From: Tom Alexander <tom@fizz.buzz>
Date: Sun, 23 Mar 2025 15:28:49 -0400
Subject: [PATCH] Add a target for the hydra server.
---
nix/configuration/configuration.nix | 1 +
nix/configuration/flake.nix | 26 ++++
nix/configuration/hosts/hydra/default.nix | 27 ++++
nix/configuration/hosts/hydra/disk-config.nix | 140 ++++++++++++++++++
.../hosts/hydra/hardware-configuration.nix | 39 +++++
.../hosts/hydra/optimized_build.nix | 78 ++++++++++
nix/configuration/roles/ssh/files/ssh_config | 4 +
7 files changed, 315 insertions(+)
create mode 100644 nix/configuration/hosts/hydra/default.nix
create mode 100644 nix/configuration/hosts/hydra/disk-config.nix
create mode 100644 nix/configuration/hosts/hydra/hardware-configuration.nix
create mode 100644 nix/configuration/hosts/hydra/optimized_build.nix
diff --git a/nix/configuration/configuration.nix b/nix/configuration/configuration.nix
index 026b4d1..541451c 100644
--- a/nix/configuration/configuration.nix
+++ b/nix/configuration/configuration.nix
@@ -163,6 +163,7 @@
doas-sudo-shim # To support --use-remote-sudo for remote builds
dmidecode # Read SMBIOS information.
ipcalc
+ gptfdisk # for cgdisk
];
services.openssh = {
diff --git a/nix/configuration/flake.nix b/nix/configuration/flake.nix
index 9ca9626..2ec40d6 100644
--- a/nix/configuration/flake.nix
+++ b/nix/configuration/flake.nix
@@ -149,6 +149,30 @@
}
);
};
+ hydra = {
+ main = nixpkgs.lib.nixosSystem (
+ base_x86_64_linux
+ // {
+ modules = base_x86_64_linux.modules ++ [
+ ./hosts/hydra
+ ];
+ }
+ );
+ iso = nixpkgs.lib.nixosSystem (
+ base_x86_64_linux
+ // {
+ modules = base_x86_64_linux.modules ++ [
+ ./hosts/hydra
+ (nixpkgs + "/nixos/modules/installer/cd-dvd/iso-image.nix")
+ {
+ isoImage.makeEfiBootable = true;
+ isoImage.makeUsbBootable = true;
+ me.buildingIso = true;
+ }
+ ];
+ }
+ );
+ };
};
in
{
@@ -156,5 +180,7 @@
iso.odo = systems.odo.iso.config.system.build.isoImage;
nixosConfigurations.neelix = systems.neelix.main;
iso.neelix = systems.neelix.iso.config.system.build.isoImage;
+ nixosConfigurations.hydra = systems.hydra.main;
+ iso.hydra = systems.hydra.iso.config.system.build.isoImage;
};
}
diff --git a/nix/configuration/hosts/hydra/default.nix b/nix/configuration/hosts/hydra/default.nix
new file mode 100644
index 0000000..874fb2e
--- /dev/null
+++ b/nix/configuration/hosts/hydra/default.nix
@@ -0,0 +1,27 @@
+{ config, pkgs, ... }:
+{
+ imports = [
+ ./hardware-configuration.nix
+ ./disk-config.nix
+ ./optimized_build.nix
+ ];
+
+ # Generate with `head -c4 /dev/urandom | od -A none -t x4`
+ networking.hostId = "fbd233d8";
+
+ networking.hostName = "hydra"; # Define your hostname.
+
+ time.timeZone = "America/New_York";
+ i18n.defaultLocale = "en_US.UTF-8";
+
+ me.secureBoot.enable = false;
+
+ # Mount tmpfs at /tmp
+ boot.tmp.useTmpfs = true;
+
+ me.emacs_flavor = "plainmacs";
+ me.graphical = false;
+ me.zsh.enable = true;
+ me.wireguard.activated = [ ];
+ me.wireguard.deactivated = [ ];
+}
diff --git a/nix/configuration/hosts/hydra/disk-config.nix b/nix/configuration/hosts/hydra/disk-config.nix
new file mode 100644
index 0000000..f9204aa
--- /dev/null
+++ b/nix/configuration/hosts/hydra/disk-config.nix
@@ -0,0 +1,140 @@
+# Manual Step:
+# Check if drive supports 4kn: nvme id-ns -H /dev/nvme0n1
+# Format the drive to 4kn: nvme format --lbaf=1 /dev/nvme0n1
+{
+ config,
+ lib,
+ pkgs,
+ ...
+}:
+
+lib.mkIf (!config.me.buildingIso) {
+ disko.devices = {
+ disk = {
+ main = {
+ type = "disk";
+ device = "/dev/nvme0n1";
+ content = {
+ type = "gpt";
+ partitions = {
+ ESP = {
+ size = "1G";
+ type = "EF00";
+ content = {
+ type = "filesystem";
+ format = "vfat";
+ mountpoint = "/boot";
+ mountOptions = [
+ "umask=0077"
+ "noatime"
+ "discard"
+ ];
+ };
+ };
+ zfs = {
+ size = "100%";
+ content = {
+ type = "zfs";
+ pool = "zroot";
+ };
+ };
+ };
+ };
+ };
+ };
+ zpool = {
+ zroot = {
+ type = "zpool";
+ # mode = "mirror";
+ # Workaround: cannot import 'zroot': I/O error in disko tests
+ options.cachefile = "none";
+ options = {
+ ashift = "12";
+ compatibility = "openzfs-2.2-freebsd";
+ autotrim = "on";
+ };
+ rootFsOptions = {
+ acltype = "posixacl";
+ atime = "off";
+ relatime = "off";
+ xattr = "sa";
+ mountpoint = "none";
+ compression = "lz4";
+ canmount = "off";
+ utf8only = "on";
+ dnodesize = "auto";
+ normalization = "formD";
+ };
+
+ datasets = {
+ "linux/nix" = {
+ type = "zfs_fs";
+ options.mountpoint = "none";
+ };
+ "linux/nix/root" = {
+ type = "zfs_fs";
+ options.mountpoint = "legacy";
+ mountpoint = "/";
+ postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/root@blank$' || zfs snapshot zroot/linux/nix/root@blank";
+ };
+ "linux/nix/nix" = {
+ type = "zfs_fs";
+ options.mountpoint = "legacy";
+ mountpoint = "/nix";
+ postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/nix@blank$' || zfs snapshot zroot/linux/nix/nix@blank";
+ options = {
+ recordsize = "1MiB";
+ compression = "lz4";
+ };
+ };
+ "linux/nix/home" = {
+ type = "zfs_fs";
+ options.mountpoint = "legacy";
+ mountpoint = "/home";
+ postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/home@blank$' || zfs snapshot zroot/linux/nix/home@blank";
+ };
+ "linux/nix/persist" = {
+ type = "zfs_fs";
+ options.mountpoint = "legacy";
+ mountpoint = "/persist";
+ postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/persist@blank$' || zfs snapshot zroot/linux/nix/persist@blank";
+ };
+ "linux/nix/state" = {
+ type = "zfs_fs";
+ options.mountpoint = "legacy";
+ mountpoint = "/state";
+ postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/state@blank$' || zfs snapshot zroot/linux/nix/state@blank";
+ };
+ };
+ };
+ };
+ };
+
+ # Make sure all persistent volumes are marked as neededForBoot
+ #
+ # Also mounts /home so it is mounted before the user home directories are created.
+ fileSystems."/persist".neededForBoot = true;
+ fileSystems."/state".neededForBoot = true;
+ fileSystems."/home".neededForBoot = true;
+
+ fileSystems."/".options = [
+ "noatime"
+ "norelatime"
+ ];
+ fileSystems."/nix".options = [
+ "noatime"
+ "norelatime"
+ ];
+ fileSystems."/persist".options = [
+ "noatime"
+ "norelatime"
+ ];
+ fileSystems."/state".options = [
+ "noatime"
+ "norelatime"
+ ];
+ fileSystems."/home".options = [
+ "noatime"
+ "norelatime"
+ ];
+}
diff --git a/nix/configuration/hosts/hydra/hardware-configuration.nix b/nix/configuration/hosts/hydra/hardware-configuration.nix
new file mode 100644
index 0000000..4d4f9ba
--- /dev/null
+++ b/nix/configuration/hosts/hydra/hardware-configuration.nix
@@ -0,0 +1,39 @@
+# Do not modify this file! It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations. Please make changes
+# to /etc/nixos/configuration.nix instead.
+{
+ config,
+ lib,
+ pkgs,
+ modulesPath,
+ ...
+}:
+
+{
+ imports = [
+ (modulesPath + "/installer/scan/not-detected.nix")
+ ];
+
+ boot.initrd.availableKernelModules = [
+ "xhci_pci"
+ "nvme"
+ "usbhid"
+ "usb_storage"
+ "sd_mod"
+ "sdhci_pci"
+ ];
+ boot.initrd.kernelModules = [ ];
+ boot.kernelModules = [ ];
+ boot.extraModulePackages = [ ];
+
+ # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+ # (the default) this is the recommended approach. When using systemd-networkd it's
+ # still possible to use this option, but it's recommended to use it in conjunction
+ # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+ networking.dhcpcd.enable = lib.mkForce true;
+ networking.useDHCP = lib.mkForce true;
+ networking.interfaces.enp0s2.useDHCP = lib.mkForce true;
+ # systemd.network.enable = true;
+
+ nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+}
diff --git a/nix/configuration/hosts/hydra/optimized_build.nix b/nix/configuration/hosts/hydra/optimized_build.nix
new file mode 100644
index 0000000..d125920
--- /dev/null
+++ b/nix/configuration/hosts/hydra/optimized_build.nix
@@ -0,0 +1,78 @@
+{
+ config,
+ lib,
+ pkgs,
+ ...
+}:
+{
+ imports = [ ];
+
+ config = lib.mkMerge [
+ { }
+ (lib.mkIf (!config.me.buildingIso) {
+ nix.settings.system-features = lib.mkForce [
+ "gccarch-znver4"
+ "gccarch-x86-64-v3"
+ "gccarch-x86-64-v4"
+ "benchmark"
+ "big-parallel"
+ # "kvm"
+ # "nixos-test"
+ ];
+
+ # nixpkgs.hostPlatform = {
+ # gcc.arch = "alderlake";
+ # gcc.tune = "alderlake";
+ # system = "x86_64-linux";
+ # };
+
+ nixpkgs.overlays = [
+ (
+ final: prev:
+ let
+ optimizeWithFlags =
+ pkg: flags:
+ pkg.overrideAttrs (old: {
+ NIX_CFLAGS_COMPILE = [ (old.NIX_CFLAGS_COMPILE or "") ] ++ flags;
+ });
+ addConfig =
+ additionalConfig: pkg:
+ pkg.override (oldconfig: {
+ structuredExtraConfig = pkg.structuredExtraConfig // additionalConfig;
+ });
+ in
+ {
+ linux_znver4 =
+ addConfig
+ {
+ # Full preemption
+ PREEMPT = lib.mkOverride 60 lib.kernel.yes;
+ PREEMPT_VOLUNTARY = lib.mkOverride 60 lib.kernel.no;
+
+ # Google's BBRv3 TCP congestion Control
+ TCP_CONG_BBR = lib.kernel.yes;
+ DEFAULT_BBR = lib.kernel.yes;
+
+ # Preemptive Full Tickless Kernel at 300Hz
+ HZ = lib.kernel.freeform "300";
+ HZ_300 = lib.kernel.yes;
+ HZ_1000 = lib.kernel.no;
+ }
+ (
+ optimizeWithFlags prev.linux_6_13 [
+ "-march=znver4"
+ "-mtune=znver4"
+ ]
+ );
+ }
+ )
+ ];
+
+ boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_znver4;
+ })
+ (lib.mkIf (config.me.buildingIso) {
+ boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_6_13;
+ boot.supportedFilesystems = [ "zfs" ];
+ })
+ ];
+}
diff --git a/nix/configuration/roles/ssh/files/ssh_config b/nix/configuration/roles/ssh/files/ssh_config
index 31c0f00..9cd7997 100644
--- a/nix/configuration/roles/ssh/files/ssh_config
+++ b/nix/configuration/roles/ssh/files/ssh_config
@@ -30,5 +30,9 @@ Host brianai
ProxyJump talexander@mrmanager
HostName 10.215.1.215
+Host hydra
+ ProxyJump talexander@mrmanager
+ HostName 10.215.1.219
+
Host *
Compression yes