Update packages.

Move kernel config to its own role.
2026-06-13 22:05:23 -04:00 · 2026-06-13 22:05:23 -04:00 · 2026-06-13 22:05:23 -04:00
6 changed files with 22 additions and 123 deletions
--- a/nix/configuration/configuration.nix
+++ b/nix/configuration/configuration.nix
@@ -140,7 +140,8 @@ in
    # Automatic garbage collection
    nix.gc = lib.mkIf (!config.me.buildingPortable) {
      # Runs nix-collect-garbage --delete-older-than 5d
-      automatic = true;
+      # automatic = true;
+      automatic = false;
      persistent = true;
      dates = "monthly";
      # randomizedDelaySec = "14m";
--- a/nix/configuration/hosts/odo/default.nix
+++ b/nix/configuration/hosts/odo/default.nix
@@ -110,6 +110,7 @@
    me.jujutsu.config = ../../roles/jujutsu/files/jujutsu_config_home.toml;
    me.jujutsu.enable = true;
    me.kanshi.enable = false;
+    me.kernel.enable = true;
    me.kubernetes.enable = true;
    me.latex.enable = true;
    me.launch_keyboard.enable = true;
--- a/nix/configuration/hosts/odowork/default.nix
+++ b/nix/configuration/hosts/odowork/default.nix
@@ -111,6 +111,7 @@
    me.iso_mount.enable = true;
    me.jujutsu.config = ../../roles/jujutsu/files/jujutsu_config_home.toml;
    me.jujutsu.enable = true;
+    me.kernel.enable = true;
    me.latex.enable = true;
    me.launch_keyboard.enable = true;
    me.lvfs.enable = true;
--- a/nix/configuration/hosts/quark/default.nix
+++ b/nix/configuration/hosts/quark/default.nix
@@ -104,6 +104,7 @@
    me.jujutsu.config = ../../roles/jujutsu/files/jujutsu_config_home.toml;
    me.jujutsu.enable = true;
    me.kanshi.enable = false;
+    me.kernel.enable = true;
    me.kubernetes.enable = true;
    me.latex.enable = true;
    me.launch_keyboard.enable = true;
--- a/nix/configuration/roles/firewall/default.nix
+++ b/nix/configuration/roles/firewall/default.nix
@@ -24,7 +24,16 @@
    networking.firewall.allowedUDPPorts = [
      5353 # mDNS
    ];
+
+    # networking.firewall.enable = true;
+    # networking.nftables.enable = true;
+
    # Or disable the firewall altogether.
-    # networking.firewall.enable = false;
+    networking.firewall.enable = false;
+
+    # Debugging
+    # networking.firewall.logRefusedConnections = true;
+    # networking.firewall.logRefusedPackets = true;
+    # networking.firewall.logReversePathDrops = true;
  };
 }
--- a/nix/configuration/roles/kernel/default.nix
+++ b/nix/configuration/roles/kernel/default.nix
@@ -1,3 +1,7 @@
+# Check current config:
+#   nix build '/persist/machine_setup/nix/configuration#nixosConfigurations.hydra.pkgs.linux_me.configfile'
+#   cat $(nix eval --raw '/persist/machine_setup/nix/configuration#nixosConfigurations.hydra.pkgs.linux_me.configfile') | less
+
 {
  config,
  lib,
@@ -36,39 +40,6 @@ let
      PREEMPT_NONE = yes;
    };
  };
-  lto_type = with lib.kernel; {
-    none = {
-      LTO_NONE = yes;
-      LTO_CLANG_THIN = no;
-      LTO_CLANG_FULL = no;
-    };
-    thin = {
-      LTO_NONE = no;
-      LTO_CLANG_THIN = yes;
-      LTO_CLANG_FULL = no;
-    };
-    full = {
-      LTO_NONE = no;
-      LTO_CLANG_THIN = no;
-      LTO_CLANG_FULL = yes;
-    };
-  };
-  cpu_scheduler = with lib.kernel; {
-    # Burst-Oriented Response Enhancer
-    # For interactive workloads and gaming.
-    bore = {
-      SCHED_BORE = yes;
-    };
-    # Earliest Eligible Virtual Deadline First
-    # For general purpose computing.
-    eevdf = { };
-    # BitMap Queue CPU Scheduler
-    # For throughput-oriented workloads.
-    bmq = {
-      SCHED_ALT = yes;
-      SCHED_BMQ = yes;
-    };
-  };
  tick_hz =
    with lib.kernel;
    {
@@ -91,56 +62,6 @@ let
      CPU_FREQ_DEFAULT_GOV_PERFORMANCE = yes;
    };
  };
-  cpu_type = with lib.kernel; {
-    x86_64-v1 = {
-      GENERIC_CPU = yes;
-      MZEN4 = no;
-      X86_NATIVE_CPU = no;
-      X86_64_VERSION = freeform "1";
-    };
-    x86_64-v2 = {
-      GENERIC_CPU = yes;
-      MZEN4 = no;
-      X86_NATIVE_CPU = no;
-      X86_64_VERSION = freeform "2";
-    };
-    x86_64-v3 = {
-      GENERIC_CPU = yes;
-      MZEN4 = no;
-      X86_NATIVE_CPU = no;
-      X86_64_VERSION = freeform "3";
-    };
-    x86_64-v4 = {
-      GENERIC_CPU = yes;
-      MZEN4 = no;
-      X86_NATIVE_CPU = no;
-      X86_64_VERSION = freeform "4";
-    };
-    zen4 = {
-      GENERIC_CPU = no;
-      MZEN4 = yes;
-      X86_NATIVE_CPU = no;
-    };
-    default = { };
-  };
-  my_cpu_type = lib.mkMerge [
-    (lib.mkIf (!config.me.optimizations.enable) cpu_type.default)
-    (lib.mkIf (
-      config.me.optimizations.enable && config.me.optimizations.arch == "x86-64-v1"
-    ) cpu_type.x86_64-v1)
-    (lib.mkIf (
-      config.me.optimizations.enable && config.me.optimizations.arch == "x86-64-v2"
-    ) cpu_type.x86_64-v2)
-    (lib.mkIf (
-      config.me.optimizations.enable && config.me.optimizations.arch == "x86-64-v3"
-    ) cpu_type.x86_64-v3)
-    (lib.mkIf (
-      config.me.optimizations.enable && config.me.optimizations.arch == "x86-64-v4"
-    ) cpu_type.x86_64-v4)
-    (lib.mkIf (
-      config.me.optimizations.enable && config.me.optimizations.arch == "znver4"
-    ) cpu_type.zen4)
-  ];
  tick_rate = with lib.kernel; {
    # Always tick at the hz frequency.
    periodic = {
@@ -162,8 +83,6 @@ let
    tickless = {
      HZ_PERIODIC = no;
      NO_HZ_IDLE = no;
-      CONTEXT_TRACKING_FORCE = no;
-      NO_HZ_FULL_NODEF = yes;
      NO_HZ_FULL = yes;
      NO_HZ = yes;
      NO_HZ_COMMON = yes;
@@ -180,49 +99,16 @@ let
      TRANSPARENT_HUGEPAGE_MADVISE = yes;
    };
  };
-  io_scheduler = with lib.kernel; {
-    adios = {
-      MQ_IOSCHED_ADIOS = yes;
-    };
-    bfq = {
-      IOSCHED_BFQ = mkKernelOverride yes;
-    };
-  };
  common_config =
    with lib.kernel;
    {
      # Google's BBRv3 TCP congestion Control
      TCP_CONG_BBR = yes;
      DEFAULT_BBR = yes;
-
-      # TCP_CONG_CUBIC = module;
-      # DEFAULT_CUBIC = no;
-      # TCP_CONG_BBR = yes;
-      # DEFAULT_BBR = yes;
-      # DEFAULT_TCP_CONG = freeform "bbr";
-      # NET_SCH_FQ_CODEL = module;
-      # NET_SCH_FQ = yes;
-      # CONFIG_DEFAULT_FQ_CODEL = no;
-      # CONFIG_DEFAULT_FQ = yes;
-
-      # Enable the Control Flow Integrity sanitizer in clang
-      ARCH_SUPPORTS_CFI_CLANG = yes;
-      CFI_CLANG = yes;
-      CFI_AUTO_DEFAULT = yes;
-
-      # Use O3 optimizations
-      CC_OPTIMIZE_FOR_PERFORMANCE = no;
-      CC_OPTIMIZE_FOR_PERFORMANCE_O3 = yes;
-
-      # Enable Adaptive Deadline I/O Scheduler
-      MQ_IOSCHED_ADIOS = yes;
-    }
-    // my_cpu_type;
+    };
  flavors = {
    server = lib.mkMerge [
      preemption_type.none
-      lto_type.full
-      cpu_scheduler.eevdf
      tick_hz."300"
      performance_governor.default
      tick_rate.tickless
@@ -236,8 +122,6 @@ let
          RCU_LAZY = yes;
        }
        preemption_type.lazy
-        lto_type.full
-        cpu_scheduler.bore
        tick_hz."300"
        performance_governor.default
        tick_rate.tickless
@@ -292,6 +176,8 @@ in
                additionalConfig: pkg:
                pkg.override (oldconfig: {
                  structuredExtraConfig = lib.mkMerge ([ pkg.structuredExtraConfig ] ++ additionalConfig);
+                  # stdenv = pkgs.llvmPackages_latest.stdenv;
+                  # stdenv = pkgs.clangStdenv;
                });
            in
            {
Author	SHA1	Message	Date
Tom Alexander	9e4c079258	Update packages.	2026-06-13 22:05:23 -04:00
Tom Alexander	3ab7a6e460	Update packages.	2026-06-13 22:05:23 -04:00
Tom Alexander	49f75408ae	Move kernel config to its own role.	2026-06-13 22:05:23 -04:00