Enable the thunderbolt service.

nix/configuration/configuration.nix

@@ -140,7 +140,8 @@ in
     # Automatic garbage collection
     nix.gc = lib.mkIf (!config.me.buildingPortable) {
       # Runs nix-collect-garbage --delete-older-than 5d
-      automatic = true;
+      # automatic = true;
+      automatic = false;
       persistent = true;
       dates = "monthly";
       # randomizedDelaySec = "14m";

nix/configuration/hosts/odo/default.nix

@@ -110,6 +110,7 @@
     me.jujutsu.config = ../../roles/jujutsu/files/jujutsu_config_home.toml;
     me.jujutsu.enable = true;
     me.kanshi.enable = false;
+    me.kernel.enable = true;
     me.kubernetes.enable = true;
     me.latex.enable = true;
     me.launch_keyboard.enable = true;

nix/configuration/hosts/odowork/default.nix

@@ -111,6 +111,7 @@
     me.iso_mount.enable = true;
     me.jujutsu.config = ../../roles/jujutsu/files/jujutsu_config_home.toml;
     me.jujutsu.enable = true;
+    me.kernel.enable = true;
     me.latex.enable = true;
     me.launch_keyboard.enable = true;
     me.lvfs.enable = true;

nix/configuration/hosts/quark/default.nix

@@ -104,6 +104,7 @@
     me.jujutsu.config = ../../roles/jujutsu/files/jujutsu_config_home.toml;
     me.jujutsu.enable = true;
     me.kanshi.enable = false;
+    me.kernel.enable = true;
     me.kubernetes.enable = true;
     me.latex.enable = true;
     me.launch_keyboard.enable = true;

nix/configuration/roles/firewall/default.nix

@@ -24,7 +24,16 @@
     networking.firewall.allowedUDPPorts = [
       5353 # mDNS
     ];
+
+    # networking.firewall.enable = true;
+    # networking.nftables.enable = true;
+
     # Or disable the firewall altogether.
-    # networking.firewall.enable = false;
+    networking.firewall.enable = false;
+
+    # Debugging
+    # networking.firewall.logRefusedConnections = true;
+    # networking.firewall.logRefusedPackets = true;
+    # networking.firewall.logReversePathDrops = true;
   };
 }

nix/configuration/roles/kernel/default.nix

@@ -1,3 +1,7 @@
+# Check current config:
+#   nix build '/persist/machine_setup/nix/configuration#nixosConfigurations.hydra.pkgs.linux_me.configfile'
+#   cat $(nix eval --raw '/persist/machine_setup/nix/configuration#nixosConfigurations.hydra.pkgs.linux_me.configfile') | less
+
 {
   config,
   lib,
@@ -36,39 +40,6 @@ let
       PREEMPT_NONE = yes;
     };
   };
-  lto_type = with lib.kernel; {
-    none = {
-      LTO_NONE = yes;
-      LTO_CLANG_THIN = no;
-      LTO_CLANG_FULL = no;
-    };
-    thin = {
-      LTO_NONE = no;
-      LTO_CLANG_THIN = yes;
-      LTO_CLANG_FULL = no;
-    };
-    full = {
-      LTO_NONE = no;
-      LTO_CLANG_THIN = no;
-      LTO_CLANG_FULL = yes;
-    };
-  };
-  cpu_scheduler = with lib.kernel; {
-    # Burst-Oriented Response Enhancer
-    # For interactive workloads and gaming.
-    bore = {
-      SCHED_BORE = yes;
-    };
-    # Earliest Eligible Virtual Deadline First
-    # For general purpose computing.
-    eevdf = { };
-    # BitMap Queue CPU Scheduler
-    # For throughput-oriented workloads.
-    bmq = {
-      SCHED_ALT = yes;
-      SCHED_BMQ = yes;
-    };
-  };
   tick_hz =
     with lib.kernel;
     {
@@ -91,56 +62,6 @@ let
       CPU_FREQ_DEFAULT_GOV_PERFORMANCE = yes;
     };
   };
-  cpu_type = with lib.kernel; {
-    x86_64-v1 = {
-      GENERIC_CPU = yes;
-      MZEN4 = no;
-      X86_NATIVE_CPU = no;
-      X86_64_VERSION = freeform "1";
-    };
-    x86_64-v2 = {
-      GENERIC_CPU = yes;
-      MZEN4 = no;
-      X86_NATIVE_CPU = no;
-      X86_64_VERSION = freeform "2";
-    };
-    x86_64-v3 = {
-      GENERIC_CPU = yes;
-      MZEN4 = no;
-      X86_NATIVE_CPU = no;
-      X86_64_VERSION = freeform "3";
-    };
-    x86_64-v4 = {
-      GENERIC_CPU = yes;
-      MZEN4 = no;
-      X86_NATIVE_CPU = no;
-      X86_64_VERSION = freeform "4";
-    };
-    zen4 = {
-      GENERIC_CPU = no;
-      MZEN4 = yes;
-      X86_NATIVE_CPU = no;
-    };
-    default = { };
-  };
-  my_cpu_type = lib.mkMerge [
-    (lib.mkIf (!config.me.optimizations.enable) cpu_type.default)
-    (lib.mkIf (
-      config.me.optimizations.enable && config.me.optimizations.arch == "x86-64-v1"
-    ) cpu_type.x86_64-v1)
-    (lib.mkIf (
-      config.me.optimizations.enable && config.me.optimizations.arch == "x86-64-v2"
-    ) cpu_type.x86_64-v2)
-    (lib.mkIf (
-      config.me.optimizations.enable && config.me.optimizations.arch == "x86-64-v3"
-    ) cpu_type.x86_64-v3)
-    (lib.mkIf (
-      config.me.optimizations.enable && config.me.optimizations.arch == "x86-64-v4"
-    ) cpu_type.x86_64-v4)
-    (lib.mkIf (
-      config.me.optimizations.enable && config.me.optimizations.arch == "znver4"
-    ) cpu_type.zen4)
-  ];
   tick_rate = with lib.kernel; {
     # Always tick at the hz frequency.
     periodic = {
@@ -162,8 +83,6 @@ let
     tickless = {
       HZ_PERIODIC = no;
       NO_HZ_IDLE = no;
-      CONTEXT_TRACKING_FORCE = no;
-      NO_HZ_FULL_NODEF = yes;
       NO_HZ_FULL = yes;
       NO_HZ = yes;
       NO_HZ_COMMON = yes;
@@ -180,49 +99,16 @@ let
       TRANSPARENT_HUGEPAGE_MADVISE = yes;
     };
   };
-  io_scheduler = with lib.kernel; {
-    adios = {
-      MQ_IOSCHED_ADIOS = yes;
-    };
-    bfq = {
-      IOSCHED_BFQ = mkKernelOverride yes;
-    };
-  };
   common_config =
     with lib.kernel;
     {
       # Google's BBRv3 TCP congestion Control
       TCP_CONG_BBR = yes;
       DEFAULT_BBR = yes;
-
+    };
-      # TCP_CONG_CUBIC = module;
-      # DEFAULT_CUBIC = no;
-      # TCP_CONG_BBR = yes;
-      # DEFAULT_BBR = yes;
-      # DEFAULT_TCP_CONG = freeform "bbr";
-      # NET_SCH_FQ_CODEL = module;
-      # NET_SCH_FQ = yes;
-      # CONFIG_DEFAULT_FQ_CODEL = no;
-      # CONFIG_DEFAULT_FQ = yes;
-
-      # Enable the Control Flow Integrity sanitizer in clang
-      ARCH_SUPPORTS_CFI_CLANG = yes;
-      CFI_CLANG = yes;
-      CFI_AUTO_DEFAULT = yes;
-
-      # Use O3 optimizations
-      CC_OPTIMIZE_FOR_PERFORMANCE = no;
-      CC_OPTIMIZE_FOR_PERFORMANCE_O3 = yes;
-
-      # Enable Adaptive Deadline I/O Scheduler
-      MQ_IOSCHED_ADIOS = yes;
-    }
-    // my_cpu_type;
   flavors = {
     server = lib.mkMerge [
       preemption_type.none
-      lto_type.full
-      cpu_scheduler.eevdf
       tick_hz."300"
       performance_governor.default
       tick_rate.tickless
@@ -236,8 +122,6 @@ let
           RCU_LAZY = yes;
         }
         preemption_type.lazy
-        lto_type.full
-        cpu_scheduler.bore
         tick_hz."300"
         performance_governor.default
         tick_rate.tickless
@@ -292,6 +176,8 @@ in
                 additionalConfig: pkg:
                 pkg.override (oldconfig: {
                   structuredExtraConfig = lib.mkMerge ([ pkg.structuredExtraConfig ] ++ additionalConfig);
+                  # stdenv = pkgs.llvmPackages_latest.stdenv;
+                  # stdenv = pkgs.clangStdenv;
                 });
             in
             {

nix/configuration/roles/thunderbolt/default.nix

@@ -21,5 +21,18 @@
     environment.systemPackages = with pkgs; [
       bolt # For boltctl
     ];
+
+    services.hardware.bolt.enable = true;
+
+    # Trust all thunderbolt devices
+    # services.udev.packages = [
+    #   (pkgs.writeTextFile {
+    #     name = "removable";
+    #     text = ''
+    #       ACTION=="add", SUBSYSTEM=="thunderbolt", ATTR{authorized}=="0", ATTR{authorized}="1"
+    #     '';
+    #     destination = "/etc/udev/rules.d/99-removable.rules";
+    #   })
+    # ];
   };
 }