Add secret for homepage-staging.

1.5 came out recently, so no gateway providers support it.

nix/configuration/configuration.nix

@@ -54,7 +54,6 @@ in
     ./roles/iso_mount
     ./roles/jujutsu
     ./roles/kanshi
-    ./roles/kernel
     ./roles/kodi
     ./roles/kubernetes
     ./roles/latex
@@ -138,15 +137,14 @@ in
     nix.settings.keep-derivations = true;
 
     # Automatic garbage collection
-    nix.gc = lib.mkIf (!config.me.buildingPortable) {
+    # nix.gc = lib.mkIf (!config.me.buildingPortable) {
-      # Runs nix-collect-garbage --delete-older-than 5d
+    #   # Runs nix-collect-garbage --delete-older-than 5d
     #   automatic = true;
-      automatic = false;
+    #   persistent = true;
-      persistent = true;
+    #   dates = "monthly";
-      dates = "monthly";
+    #   # randomizedDelaySec = "14m";
-      # randomizedDelaySec = "14m";
+    #   options = "--delete-older-than 30d";
-      options = "--delete-older-than 30d";
+    # };
-    };
     nix.settings.auto-optimise-store = !config.me.buildingPortable;
 
     environment.systemPackages = [
@@ -236,30 +234,20 @@ in
         );
       in
       [
+        (disableTests "coreutils")
+        (disableTests "coreutils-full")
         (disableTests "deno") # Tests use too much disk space
-        (disableOptimizations "libtpms")
+        (disableTests "libuv")
+        (final: prev: {
+          inherit (final.unoptimized)
+            libtpms
+            libjxl
+            ddrescueview
+            deno
+            mesa
+            ;
+        })
         (disableOptimizationsPython3 "scipy")
-        (disableOptimizations "assimp")
-        (disableOptimizations "gsl")
-        (final: prev: {
-          rpcs3 = prev.rpcs3.override {
-            glew = (final.glew.override { enableEGL = false; });
-          };
-        })
-        (final: prev: {
-          fwupd = prev.fwupd.overrideAttrs (
-            finalAttrs: prevAttrs: {
-              version = "2.1.5";
-              src = final.fetchFromGitHub {
-                owner = "fwupd";
-                repo = "fwupd";
-                tag = finalAttrs.version;
-                hash = "sha256-DzQ+N99ZmFRqZc2rN6PSqmoIMXUyrE8Kkn+KnT/AWPc=";
-              };
-            }
-          );
-        })
-
         # Works but probably sets python2's scipy to be python3:
         #
         # (final: prev: {

nix/configuration/flake.lock

@@ -22,11 +22,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1780894562,
+        "lastModified": 1776613567,
-        "narHash": "sha256-c3430xwxwhHipl3jigUGMMBfpaMylDqytW/kdmB3ZGs=",
+        "narHash": "sha256-gC9Cp5ibBmGD5awCA9z7xy6MW6iJufhazTYJOiGlCUI=",
         "owner": "nix-community",
         "repo": "disko",
-        "rev": "24fed06cac83bcc44ac8efbb57cab1a82fa0bedc",
+        "rev": "32f4236bfc141ae930b5ba2fb604f561fed5219d",
         "type": "github"
       },
       "original": {
@@ -164,11 +164,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1780749050,
+        "lastModified": 1777268161,
-        "narHash": "sha256-3av0pIjlOWQ6rDbNOmpUSvbNnJkGORQKKjb4LtCZsIY=",
+        "narHash": "sha256-bxrdOn8SCOv8tN4JbTF/TXq7kjo9ag4M+C8yzzIRYbE=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "a799d3e3886da994fa307f817a6bc705ae538eeb",
+        "rev": "1c3fe55ad329cbcb28471bb30f05c9827f724c76",
         "type": "github"
       },
       "original": {
@@ -178,22 +178,6 @@
         "type": "github"
       }
     },
-    "nixpkgs-google": {
-      "locked": {
-        "lastModified": 1779893571,
-        "narHash": "sha256-wiwMyVCtmjRjlFCe2zaumCE6LRV9GzzN0ZH25NQkbAU=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "45f6cfaa4605b706c870e75bd74bdb5e97eee11e",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "45f6cfaa4605b706c870e75bd74bdb5e97eee11e",
-        "type": "github"
-      }
-    },
     "nixpkgs-stable": {
       "locked": {
         "lastModified": 1730741070,
@@ -242,8 +226,7 @@
         "disko": "disko",
         "impermanence": "impermanence",
         "lanzaboote": "lanzaboote",
-        "nixpkgs": "nixpkgs",
+        "nixpkgs": "nixpkgs"
-        "nixpkgs-google": "nixpkgs-google"
       }
     },
     "rust-overlay": {

nix/configuration/flake.nix

@@ -20,7 +20,6 @@
       inputs.nixpkgs.follows = "nixpkgs";
     };
     nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
-    nixpkgs-google.url = "github:NixOS/nixpkgs/45f6cfaa4605b706c870e75bd74bdb5e97eee11e";
     lanzaboote = {
       url = "github:nix-community/lanzaboote/v0.4.2";
       inputs.nixpkgs.follows = "nixpkgs";
@@ -35,7 +34,6 @@
     {
       self,
       nixpkgs,
-      nixpkgs-google,
       disko,
       impermanence,
       lanzaboote,
@@ -94,9 +92,6 @@
                       hostPlatform.gcc.arch = "default";
                       hostPlatform.gcc.tune = "default";
                     };
-                    google = import nixpkgs-google {
-                      system = prev.stdenv.hostPlatform.system;
-                    };
                   })
                 ];
               };

nix/configuration/hosts/odo/default.nix

@@ -110,7 +110,6 @@
     me.jujutsu.config = ../../roles/jujutsu/files/jujutsu_config_home.toml;
     me.jujutsu.enable = true;
     me.kanshi.enable = false;
-    me.kernel.enable = true;
     me.kubernetes.enable = true;
     me.latex.enable = true;
     me.launch_keyboard.enable = true;

nix/configuration/hosts/odowork/default.nix

@@ -111,7 +111,6 @@
     me.iso_mount.enable = true;
     me.jujutsu.config = ../../roles/jujutsu/files/jujutsu_config_home.toml;
     me.jujutsu.enable = true;
-    me.kernel.enable = true;
     me.latex.enable = true;
     me.launch_keyboard.enable = true;
     me.lvfs.enable = true;

nix/configuration/hosts/quark/default.nix

@@ -104,7 +104,6 @@
     me.jujutsu.config = ../../roles/jujutsu/files/jujutsu_config_home.toml;
     me.jujutsu.enable = true;
     me.kanshi.enable = false;
-    me.kernel.enable = true;
     me.kubernetes.enable = true;
     me.latex.enable = true;
     me.launch_keyboard.enable = true;

nix/configuration/roles/base/default.nix

@@ -14,12 +14,6 @@ let
   cleanup_temporary_files = (
     patchScriptBin "cleanup_temporary_files" (builtins.readFile ./files/cleanup_temporary_files.bash)
   );
-  decode_jwt = (patchScriptBin "decode_jwt" (builtins.readFile ./files/decode_jwt.bash));
-  git_find_merged_branches = (
-    patchScriptBin "git_find_merged_branches" (builtins.readFile ./files/git_find_merged_branches.bash)
-  );
-  git_fix_author = (patchScriptBin "git_fix_author" (builtins.readFile ./files/git_fix_author.bash));
-  rsync_clone = (patchScriptBin "rsync_clone" (builtins.readFile ./files/rsync_clone.bash));
   alias_rga = pkgs.writeShellScriptBin "rga" ''
     exec ${pkgs.ripgrep}/bin/rg -uuu "''${@}"
   '';
@@ -65,12 +59,8 @@ in
       nix-output-monitor # For better view into nixos-rebuild
       # nix-serve-ng # Serve nix store over http
       cleanup_temporary_files
-      decode_jwt
       jq
       inetutils # For whois
-      git_find_merged_branches
-      git_fix_author
-      rsync_clone
     ];
   };
 }

nix/configuration/roles/base/files/cleanup_temporary_files.bash

@@ -1,7 +1,4 @@
 #!/usr/bin/env bash
 #
 # Delete temporary files on entire disk
-set -euo pipefail
+find / -type f '(' -name '*.orig' -or -name '*~' -or -name '*.core' ')' -delete -print 2>/dev/null
-IFS=$'\n\t'
-
-exec find / -type f '(' -name '*.orig' -or -name '*~' -or -name '*.core' ')' -delete -print 2>/dev/null

nix/configuration/roles/base/files/decode_jwt.bash

@@ -1,8 +0,0 @@
-#!/usr/bin/env bash
-#
-# Decode the contents of a JWT
-set -euo pipefail
-IFS=$'\n\t'
-DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
-
-exec jq -R 'split(".") | .[0],.[1] | gsub("-"; "+") | gsub("_"; "/") | gsub("%3D"; "=")| @base64d | fromjson'

nix/configuration/roles/base/files/git_find_merged_branches.bash

@@ -1,10 +0,0 @@
-#!/usr/bin/env bash
-#
-# Find local branches that have been merged
-set -euo pipefail
-IFS=$'\n\t'
-DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
-
-: ${MAIN_BRANCH:="main"}
-
-git checkout -q ${MAIN_BRANCH} && git for-each-ref refs/heads/ "--format=%(refname:short)" | while read branch; do mergeBase=$(git merge-base ${MAIN_BRANCH} $branch) && [[ $(git cherry ${MAIN_BRANCH} $(git commit-tree $(git rev-parse "$branch^{tree}") -p $mergeBase -m _)) == "-"* ]] && echo "$branch"; done

nix/configuration/roles/base/files/git_fix_author.bash

@@ -1,22 +0,0 @@
-#!/usr/bin/env bash
-#
-set -euo pipefail
-IFS=$'\n\t'
-DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
-
-git filter-branch --env-filter '
-WRONG_EMAIL="old@email.foo"
-NEW_NAME="New Name"
-NEW_EMAIL="new@email.bar"
-
-if [ "$GIT_COMMITTER_EMAIL" = "$WRONG_EMAIL" ]
-then
-    export GIT_COMMITTER_NAME="$NEW_NAME"
-    export GIT_COMMITTER_EMAIL="$NEW_EMAIL"
-fi
-if [ "$GIT_AUTHOR_EMAIL" = "$WRONG_EMAIL" ]
-then
-    export GIT_AUTHOR_NAME="$NEW_NAME"
-    export GIT_AUTHOR_EMAIL="$NEW_EMAIL"
-fi
-' --tag-name-filter cat --commit-filter 'git commit-tree -S "$@";' -- --branches --tags

nix/configuration/roles/base/files/rsync_clone.bash

@@ -1,8 +0,0 @@
-#!/usr/bin/env bash
-#
-# Wrapper to set rsync flags for cloning a folder preserving attributes
-set -euo pipefail
-IFS=$'\n\t'
-DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
-
-exec rsync -aHAXS "$@"

nix/configuration/roles/firewall/default.nix

@@ -24,16 +24,7 @@
     networking.firewall.allowedUDPPorts = [
       5353 # mDNS
     ];
-
-    # networking.firewall.enable = true;
-    # networking.nftables.enable = true;
-
     # Or disable the firewall altogether.
-    networking.firewall.enable = false;
+    # networking.firewall.enable = false;
-
-    # Debugging
-    # networking.firewall.logRefusedConnections = true;
-    # networking.firewall.logRefusedPackets = true;
-    # networking.firewall.logReversePathDrops = true;
   };
 }

nix/configuration/roles/gcloud/default.nix

@@ -18,7 +18,7 @@
   };
 
   config = lib.mkIf config.me.gcloud.enable {
-    environment.systemPackages = with pkgs.google; [
+    environment.systemPackages = with pkgs; [
       (google-cloud-sdk.withExtraComponents [ google-cloud-sdk.components.gke-gcloud-auth-plugin ])
     ];
 

nix/configuration/roles/kernel/default.nix

@@ -1,194 +0,0 @@
-# Check current config:
-#   nix build '/persist/machine_setup/nix/configuration#nixosConfigurations.hydra.pkgs.linux_me.configfile'
-#   cat $(nix eval --raw '/persist/machine_setup/nix/configuration#nixosConfigurations.hydra.pkgs.linux_me.configfile') | less
-
-{
-  config,
-  lib,
-  pkgs,
-  ...
-}:
-
-let
-  preemption_type = with lib.kernel; {
-    full = {
-      PREEMPT_DYNAMIC = yes;
-      PREEMPT = yes;
-      PREEMPT_VOLUNTARY = lib.mkForce no;
-      PREEMPT_LAZY = lib.mkForce no;
-      PREEMPT_NONE = no;
-    };
-    lazy = {
-      PREEMPT_DYNAMIC = yes;
-      PREEMPT = no;
-      PREEMPT_VOLUNTARY = lib.mkForce no;
-      PREEMPT_LAZY = yes;
-      PREEMPT_NONE = no;
-    };
-    voluntary = {
-      PREEMPT_DYNAMIC = no;
-      PREEMPT = no;
-      PREEMPT_VOLUNTARY = yes;
-      PREEMPT_LAZY = lib.mkForce no;
-      PREEMPT_NONE = no;
-    };
-    none = {
-      PREEMPT_DYNAMIC = no;
-      PREEMPT = no;
-      PREEMPT_VOLUNTARY = lib.mkForce no;
-      PREEMPT_LAZY = lib.mkForce no;
-      PREEMPT_NONE = yes;
-    };
-  };
-  tick_hz =
-    with lib.kernel;
-    {
-      "1000" = {
-        HZ_1000 = yes;
-        HZ = freeform "1000";
-      };
-    }
-    // lib.genAttrs [ "100" "250" "300" "500" "600" "750" ] (hz: {
-      HZ_1000 = no;
-      "HZ_${hz}" = yes;
-      HZ = freeform hz;
-    });
-  performance_governor = with lib.kernel; {
-    default = {
-      CPU_FREQ_DEFAULT_GOV_SCHEDUTIL = yes;
-    };
-    performance = {
-      CPU_FREQ_DEFAULT_GOV_SCHEDUTIL = no;
-      CPU_FREQ_DEFAULT_GOV_PERFORMANCE = yes;
-    };
-  };
-  tick_rate = with lib.kernel; {
-    # Always tick at the hz frequency.
-    periodic = {
-      NO_HZ_IDLE = no;
-      NO_HZ_FULL = no;
-      NO_HZ = no;
-      NO_HZ_COMMON = no;
-      HZ_PERIODIC = yes;
-    };
-    # Idle - Do not disturb the CPU when idle. This can save power but increase latency.
-    idle = {
-      HZ_PERIODIC = no;
-      NO_HZ_FULL = no;
-      NO_HZ_IDLE = yes;
-      NO_HZ = yes;
-      NO_HZ_COMMON = yes;
-    };
-    # Full dyntick system (tickless) - The kernel tries to shut down the tick whenever possible.
-    tickless = {
-      HZ_PERIODIC = no;
-      NO_HZ_IDLE = no;
-      NO_HZ_FULL = yes;
-      NO_HZ = yes;
-      NO_HZ_COMMON = yes;
-      CONTEXT_TRACKING = yes;
-    };
-  };
-  huge_page = with lib.kernel; {
-    always = {
-      TRANSPARENT_HUGEPAGE_MADVISE = no;
-      TRANSPARENT_HUGEPAGE_ALWAYS = yes;
-    };
-    madvise = {
-      TRANSPARENT_HUGEPAGE_ALWAYS = no;
-      TRANSPARENT_HUGEPAGE_MADVISE = yes;
-    };
-  };
-  common_config =
-    with lib.kernel;
-    {
-      # Google's BBRv3 TCP congestion Control
-      TCP_CONG_BBR = yes;
-      DEFAULT_BBR = yes;
-    };
-  flavors = {
-    server = lib.mkMerge [
-      preemption_type.none
-      tick_hz."300"
-      performance_governor.default
-      tick_rate.tickless
-      huge_page.madvise
-    ];
-    interactive =
-      with lib.kernel;
-      lib.mkMerge [
-        {
-          # Enable RCU Lazy - Reduces power consumption when idle or lightly loaded. Useful for battery-powered devices like laptops.
-          RCU_LAZY = yes;
-        }
-        preemption_type.lazy
-        tick_hz."300"
-        performance_governor.default
-        tick_rate.tickless
-        huge_page.madvise
-      ];
-  };
-in
-{
-  imports = [ ];
-
-  options.me = {
-    kernel.enable = lib.mkOption {
-      type = lib.types.bool;
-      default = false;
-      example = true;
-      description = "Whether we want to install kernel.";
-    };
-
-    kernel.version = lib.mkOption {
-      type = lib.types.str;
-      default = "linux"; # LTS
-      example = "linux_6_18";
-      description = "What version of the kernl should we use.";
-    };
-
-    kernel.flavor = lib.mkOption {
-      type = lib.types.str;
-      default = "interactive";
-      example = "server";
-      description = "What type of kernel should be built.";
-    };
-  };
-
-  config = lib.mkIf config.me.kernel.enable (
-    lib.mkMerge [
-      {
-        boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_me;
-      }
-      (lib.mkIf (!config.me.optimizations.enable) {
-        nixpkgs.overlays = [
-          (final: prev: {
-            linux_me = final."${config.me.kernel.version}";
-          })
-        ];
-      })
-      (lib.mkIf (config.me.optimizations.enable) {
-        nixpkgs.overlays = [
-          (
-            final: prev:
-            let
-              addConfig =
-                additionalConfig: pkg:
-                pkg.override (oldconfig: {
-                  structuredExtraConfig = lib.mkMerge ([ pkg.structuredExtraConfig ] ++ additionalConfig);
-                  # stdenv = pkgs.llvmPackages_latest.stdenv;
-                  # stdenv = pkgs.clangStdenv;
-                });
-            in
-            {
-              linux_me = addConfig ([
-                common_config
-                flavors."${config.me.kernel.flavor}"
-              ]) final."${config.me.kernel.version}";
-            }
-          )
-        ];
-      })
-    ]
-  );
-}

nix/configuration/roles/minimal_base/default.nix

@@ -19,7 +19,6 @@
 
   config = lib.mkIf config.me.minimal_base.enable {
     me.doas.enable = true;
-    me.kernel.enable = true;
     me.network.enable = true;
     me.nvme.enable = true;
     me.ssh.enable = true;

nix/configuration/roles/optimized_build/default.nix

@@ -1,6 +1,7 @@
 {
   config,
   lib,
+  pkgs,
   ...
 }:
 
@@ -48,13 +49,71 @@
   };
 
   config = lib.mkMerge [
+    (lib.mkIf (!config.me.optimizations.enable) (
+      lib.mkMerge [
+        {
+          boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_6_18;
+          # boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux;
+        }
+      ]
+    ))
     (lib.mkIf config.me.optimizations.enable (
       lib.mkMerge [
         {
+          boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_me;
+
           nixpkgs.hostPlatform = {
             gcc.arch = config.me.optimizations.arch;
             gcc.tune = config.me.optimizations.arch;
           };
+
+          nixpkgs.overlays = [
+            (
+              final: prev:
+              let
+                addConfig =
+                  additionalConfig: pkg:
+                  pkg.override (oldconfig: {
+                    structuredExtraConfig = pkg.structuredExtraConfig // additionalConfig;
+                  });
+              in
+              {
+                linux_me = addConfig {
+                  # Server | No preemption - Run until the next tick. Highest throughput but can cause stutter.
+                  # PREEMPT = lib.mkOverride 60 lib.kernel.no;
+                  # Desktop | Preempt kernel threads only at pre-defined places that call cond_resched().
+                  PREEMPT_VOLUNTARY = lib.mkOverride 60 lib.kernel.no;
+                  # Low-latency desktop | Full preemption - Kernel threads can be preempted unless they hold a spinlock or are in a no-preemption section.
+                  PREEMPT = lib.mkOverride 60 lib.kernel.yes;
+                  # RT - All kernel code is preemptible except for a few critical sections.
+                  # Middle ground | Real-time tasks preempt immediately like FULL, normal tasks run until the next tick.
+                  PREEMPT_LAZY = lib.mkOverride 90 lib.kernel.no;
+
+                  # Google's BBRv3 TCP congestion Control
+                  TCP_CONG_BBR = lib.kernel.yes;
+                  DEFAULT_BBR = lib.kernel.yes;
+
+                  # Preemptive Full Tickless Kernel at 300Hz
+                  HZ = lib.kernel.freeform "300";
+                  HZ_300 = lib.kernel.yes;
+                  HZ_1000 = lib.kernel.no;
+                } prev.linux_6_18; # or prev.linux
+              }
+            )
+            (final: prev: {
+              inherit (final.unoptimized)
+                assimp
+                binaryen
+                gsl
+                rapidjson
+                ffmpeg-headless
+                ffmpeg
+                pipewire
+                chromaprint
+                gtkmm
+                ;
+            })
+          ];
         }
       ]
     ))

nix/configuration/roles/sm64ex/default.nix

@@ -18,10 +18,7 @@
   };
 
   config = lib.mkIf (config.me.sm64ex.enable && config.me.graphical) {
-    allowedUnfree = [
+    allowedUnfree = [ "sm64ex" ];
-      "sm64ex"
-      "baserom.us.z64"
-    ];
 
     environment.systemPackages = with pkgs; [
       sm64ex

nix/configuration/roles/sound/default.nix

@@ -30,7 +30,7 @@
           # If you want to use JACK applications, uncomment this
           #jack.enable = true;
 
-          extraLadspaPackages = [ pkgs.rnnoise-plugin.ladspa ];
+          extraLv2Packages = [ pkgs.rnnoise-plugin ];
           configPackages = [
             (pkgs.writeTextDir "share/pipewire/pipewire.conf.d/99-input-denoising.conf" ''
               context.modules = [
@@ -43,7 +43,7 @@
                               {
                                   type = ladspa
                                   name = rnnoise
-                                  plugin = "librnnoise_ladspa"
+                                  plugin = "${pkgs.rnnoise-plugin}/lib/ladspa/librnnoise_ladspa.so"
                                   label = noise_suppressor_mono
                                   control = {
                                       "VAD Threshold (%)" = 50.0

nix/configuration/roles/vscode/default.nix

@@ -121,12 +121,6 @@ in
             group = "talexander";
             mode = "0755";
           }
-          {
-            directory = ".vscode-shared";
-            user = "talexander";
-            group = "talexander";
-            mode = "0755";
-          }
         ];
       };
     };

nix/configuration/roles/zfs/default.nix

@@ -44,9 +44,6 @@ in
 
     boot.zfs.devNodes = "/dev/disk/by-partuuid";
 
-    # Do not force import your root pool during boot. Force importing would be useful if the pool had been imported by a different machine most recently.
-    boot.zfs.forceImportRoot = false;
-
     services.zfs = {
       autoScrub = {
         enable = true;

nix/kubernetes/configuration.nix

@@ -17,7 +17,6 @@
     ./roles/firewall
     ./roles/image_based_appliance
     ./roles/iso
-    ./roles/kernel
     ./roles/kube_apiserver
     ./roles/kube_controller_manager
     ./roles/kube_proxy

nix/kubernetes/flake.lock

@@ -22,11 +22,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1780290312,
+        "lastModified": 1769524058,
-        "narHash": "sha256-eTAlX0CwgB84Ts3GaBd944A3DRXVMzgA0EqroZBISUo=",
+        "narHash": "sha256-zygdD6X1PcVNR2PsyK4ptzrVEiAdbMqLos7utrMDEWE=",
         "owner": "nix-community",
         "repo": "disko",
-        "rev": "115e5211780054d8a890b41f0b7734cafad54dfe",
+        "rev": "71a3fc97d80881e91710fe721f1158d3b96ae14d",
         "type": "github"
       },
       "original": {
@@ -164,11 +164,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1780749050,
+        "lastModified": 1770197578,
-        "narHash": "sha256-3av0pIjlOWQ6rDbNOmpUSvbNnJkGORQKKjb4LtCZsIY=",
+        "narHash": "sha256-AYqlWrX09+HvGs8zM6ebZ1pwUqjkfpnv8mewYwAo+iM=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "a799d3e3886da994fa307f817a6bc705ae538eeb",
+        "rev": "00c21e4c93d963c50d4c0c89bfa84ed6e0694df2",
         "type": "github"
       },
       "original": {

nix/kubernetes/keys/package/bootstrap-script/package.nix

@@ -54,23 +54,22 @@ let
   gateway_crds_repo = fetchFromGitHub {
     owner = "kubernetes-sigs";
     repo = "gateway-api";
-    rev = "v1.5.1";
+    rev = "v1.4.1";
-    sha256 = "sha256-mWMvJG6esOqDBSbhExvt7L3ZTiQUOfeRBohew/m67A0=";
+    sha256 = "sha256-/GHyikcC2QGDN0ndpY6/xvSEEnpSsLrNU+lFElCKBs8=";
   };
   gateway_crds = [
     "${gateway_crds_repo}/config/crd/experimental/gateway.networking.k8s.io_backendtlspolicies.yaml"
-    "${gateway_crds_repo}/config/crd/experimental/gateway.networking.k8s.io_gatewayclasses.yaml"
-    "${gateway_crds_repo}/config/crd/experimental/gateway.networking.k8s.io_gateways.yaml"
-    "${gateway_crds_repo}/config/crd/experimental/gateway.networking.k8s.io_grpcroutes.yaml"
-    "${gateway_crds_repo}/config/crd/experimental/gateway.networking.k8s.io_httproutes.yaml"
-    "${gateway_crds_repo}/config/crd/experimental/gateway.networking.k8s.io_listenersets.yaml"
     "${gateway_crds_repo}/config/crd/experimental/gateway.networking.k8s.io_referencegrants.yaml"
-    "${gateway_crds_repo}/config/crd/experimental/gateway.networking.k8s.io_tcproutes.yaml"
-    "${gateway_crds_repo}/config/crd/experimental/gateway.networking.k8s.io_tlsroutes.yaml"
-    "${gateway_crds_repo}/config/crd/experimental/gateway.networking.k8s.io_udproutes.yaml"
-    "${gateway_crds_repo}/config/crd/experimental/gateway.networking.k8s.io_vap_safeupgrades.yaml"
-    "${gateway_crds_repo}/config/crd/experimental/gateway.networking.x-k8s.io_xbackendtrafficpolicies.yaml"
     "${gateway_crds_repo}/config/crd/experimental/gateway.networking.x-k8s.io_xmeshes.yaml"
+    "${gateway_crds_repo}/config/crd/experimental/gateway.networking.k8s.io_gatewayclasses.yaml"
+    "${gateway_crds_repo}/config/crd/experimental/gateway.networking.k8s.io_udproutes.yaml"
+    "${gateway_crds_repo}/config/crd/experimental/gateway.networking.k8s.io_tlsroutes.yaml"
+    "${gateway_crds_repo}/config/crd/experimental/gateway.networking.x-k8s.io_xbackendtrafficpolicies.yaml"
+    "${gateway_crds_repo}/config/crd/experimental/gateway.networking.k8s.io_gateways.yaml"
+    "${gateway_crds_repo}/config/crd/experimental/gateway.networking.x-k8s.io_xlistenersets.yaml"
+    "${gateway_crds_repo}/config/crd/experimental/gateway.networking.k8s.io_tcproutes.yaml"
+    "${gateway_crds_repo}/config/crd/experimental/gateway.networking.k8s.io_httproutes.yaml"
+    "${gateway_crds_repo}/config/crd/experimental/gateway.networking.k8s.io_grpcroutes.yaml"
   ];
 in
 stdenv.mkDerivation (finalAttrs: {

nix/kubernetes/roles/kernel/default.nix

@@ -1,192 +0,0 @@
-# Check current config:
-#   nix build '/persist/machine_setup/nix/configuration#nixosConfigurations.hydra.pkgs.linux_me.configfile'
-#   cat $(nix eval --raw '/persist/machine_setup/nix/configuration#nixosConfigurations.hydra.pkgs.linux_me.configfile') | less
-
-{
-  config,
-  lib,
-  pkgs,
-  ...
-}:
-
-let
-  preemption_type = with lib.kernel; {
-    full = {
-      PREEMPT_DYNAMIC = yes;
-      PREEMPT = yes;
-      PREEMPT_VOLUNTARY = lib.mkForce no;
-      PREEMPT_LAZY = lib.mkForce no;
-      PREEMPT_NONE = no;
-    };
-    lazy = {
-      PREEMPT_DYNAMIC = yes;
-      PREEMPT = no;
-      PREEMPT_VOLUNTARY = lib.mkForce no;
-      PREEMPT_LAZY = yes;
-      PREEMPT_NONE = no;
-    };
-    voluntary = {
-      PREEMPT_DYNAMIC = no;
-      PREEMPT = no;
-      PREEMPT_VOLUNTARY = yes;
-      PREEMPT_LAZY = lib.mkForce no;
-      PREEMPT_NONE = no;
-    };
-    none = {
-      PREEMPT_DYNAMIC = no;
-      PREEMPT = no;
-      PREEMPT_VOLUNTARY = lib.mkForce no;
-      PREEMPT_LAZY = lib.mkForce no;
-      PREEMPT_NONE = yes;
-    };
-  };
-  tick_hz =
-    with lib.kernel;
-    {
-      "1000" = {
-        HZ_1000 = yes;
-        HZ = freeform "1000";
-      };
-    }
-    // lib.genAttrs [ "100" "250" "300" "500" "600" "750" ] (hz: {
-      HZ_1000 = no;
-      "HZ_${hz}" = yes;
-      HZ = freeform hz;
-    });
-  performance_governor = with lib.kernel; {
-    default = {
-      CPU_FREQ_DEFAULT_GOV_SCHEDUTIL = yes;
-    };
-    performance = {
-      CPU_FREQ_DEFAULT_GOV_SCHEDUTIL = no;
-      CPU_FREQ_DEFAULT_GOV_PERFORMANCE = yes;
-    };
-  };
-  tick_rate = with lib.kernel; {
-    # Always tick at the hz frequency.
-    periodic = {
-      NO_HZ_IDLE = no;
-      NO_HZ_FULL = no;
-      NO_HZ = no;
-      NO_HZ_COMMON = no;
-      HZ_PERIODIC = yes;
-    };
-    # Idle - Do not disturb the CPU when idle. This can save power but increase latency.
-    idle = {
-      HZ_PERIODIC = no;
-      NO_HZ_FULL = no;
-      NO_HZ_IDLE = yes;
-      NO_HZ = yes;
-      NO_HZ_COMMON = yes;
-    };
-    # Full dyntick system (tickless) - The kernel tries to shut down the tick whenever possible.
-    tickless = {
-      HZ_PERIODIC = no;
-      NO_HZ_IDLE = no;
-      NO_HZ_FULL = yes;
-      NO_HZ = yes;
-      NO_HZ_COMMON = yes;
-      CONTEXT_TRACKING = yes;
-    };
-  };
-  huge_page = with lib.kernel; {
-    always = {
-      TRANSPARENT_HUGEPAGE_MADVISE = no;
-      TRANSPARENT_HUGEPAGE_ALWAYS = yes;
-    };
-    madvise = {
-      TRANSPARENT_HUGEPAGE_ALWAYS = no;
-      TRANSPARENT_HUGEPAGE_MADVISE = yes;
-    };
-  };
-  common_config = with lib.kernel; {
-    # Google's BBRv3 TCP congestion Control
-    TCP_CONG_BBR = yes;
-    DEFAULT_BBR = yes;
-  };
-  flavors = {
-    server = lib.mkMerge [
-      preemption_type.none
-      tick_hz."300"
-      performance_governor.default
-      tick_rate.tickless
-      huge_page.madvise
-    ];
-    interactive =
-      with lib.kernel;
-      lib.mkMerge [
-        {
-          # Enable RCU Lazy - Reduces power consumption when idle or lightly loaded. Useful for battery-powered devices like laptops.
-          RCU_LAZY = yes;
-        }
-        preemption_type.lazy
-        tick_hz."300"
-        performance_governor.default
-        tick_rate.tickless
-        huge_page.madvise
-      ];
-  };
-in
-{
-  imports = [ ];
-
-  options.me = {
-    kernel.enable = lib.mkOption {
-      type = lib.types.bool;
-      default = false;
-      example = true;
-      description = "Whether we want to install kernel.";
-    };
-
-    kernel.version = lib.mkOption {
-      type = lib.types.str;
-      default = "linux"; # LTS
-      example = "linux_6_18";
-      description = "What version of the kernl should we use.";
-    };
-
-    kernel.flavor = lib.mkOption {
-      type = lib.types.str;
-      default = "server";
-      example = "interactive";
-      description = "What type of kernel should be built.";
-    };
-  };
-
-  config = lib.mkIf config.me.kernel.enable (
-    lib.mkMerge [
-      {
-        boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_me;
-      }
-      (lib.mkIf (!config.me.optimizations.enable) {
-        nixpkgs.overlays = [
-          (final: prev: {
-            linux_me = final."${config.me.kernel.version}";
-          })
-        ];
-      })
-      (lib.mkIf (config.me.optimizations.enable) {
-        nixpkgs.overlays = [
-          (
-            final: prev:
-            let
-              addConfig =
-                additionalConfig: pkg:
-                pkg.override (oldconfig: {
-                  structuredExtraConfig = lib.mkMerge ([ pkg.structuredExtraConfig ] ++ additionalConfig);
-                  # stdenv = pkgs.llvmPackages_latest.stdenv;
-                  # stdenv = pkgs.clangStdenv;
-                });
-            in
-            {
-              linux_me = addConfig ([
-                common_config
-                flavors."${config.me.kernel.flavor}"
-              ]) final."${config.me.kernel.version}";
-            }
-          )
-        ];
-      })
-    ]
-  );
-}

nix/kubernetes/roles/kubernetes/default.nix

@@ -21,7 +21,7 @@
     assertions = [
       {
         # Kubernetes should only upgrade 1 minor version at a time, so this assert is here to prevent unwittingly jumping versions.
-        assertion = lib.hasPrefix "1.36." pkgs.kubernetes.version;
+        assertion = lib.hasPrefix "1.35." pkgs.kubernetes.version;
         message = "Unexpected Kubernetes package version: ${pkgs.kubernetes.version}";
       }
     ];

nix/kubernetes/roles/minimal_base/default.nix

@@ -19,7 +19,6 @@
 
   config = lib.mkIf config.me.minimal_base.enable {
     me.doas.enable = true;
-    me.kernel.enable = true;
     me.network.enable = true;
     me.nvme.enable = true;
     me.ssh.enable = true;

nix/kubernetes/roles/optimized_build/default.nix

@@ -49,29 +49,65 @@
   };
 
   config = lib.mkMerge [
+    (lib.mkIf (!config.me.optimizations.enable) (
+      lib.mkMerge [
+        {
+          # boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_6_17;
+          boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux;
+        }
+      ]
+    ))
     (lib.mkIf config.me.optimizations.enable (
       lib.mkMerge [
         {
+          boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_me;
+
           nixpkgs.hostPlatform = {
             gcc.arch = config.me.optimizations.arch;
             gcc.tune = config.me.optimizations.arch;
           };
 
-          # nixpkgs.overlays = [
+          nixpkgs.overlays = [
-          #   (final: prev: {
+            (
-          #     inherit (final.unoptimized)
+              final: prev:
-          #       assimp
+              let
-          #       binaryen
+                addConfig =
-          #       gsl
+                  additionalConfig: pkg:
-          #       rapidjson
+                  pkg.override (oldconfig: {
-          #       ffmpeg-headless
+                    structuredExtraConfig = pkg.structuredExtraConfig // additionalConfig;
-          #       ffmpeg
+                  });
-          #       pipewire
+              in
-          #       chromaprint
+              {
-          #       gtkmm
+                linux_me = addConfig {
-          #       ;
+                  # Full preemption
-          #   })
+                  PREEMPT = lib.mkOverride 60 lib.kernel.yes;
-          # ];
+                  PREEMPT_VOLUNTARY = lib.mkOverride 60 lib.kernel.no;
+
+                  # Google's BBRv3 TCP congestion Control
+                  TCP_CONG_BBR = lib.kernel.yes;
+                  DEFAULT_BBR = lib.kernel.yes;
+
+                  # Preemptive Full Tickless Kernel at 300Hz
+                  HZ = lib.kernel.freeform "300";
+                  HZ_300 = lib.kernel.yes;
+                  HZ_1000 = lib.kernel.no;
+                } prev.linux; # or prev.linux_6_17
+              }
+            )
+            (final: prev: {
+              inherit (final.unoptimized)
+                assimp
+                binaryen
+                gsl
+                rapidjson
+                ffmpeg-headless
+                ffmpeg
+                pipewire
+                chromaprint
+                gtkmm
+                ;
+            })
+          ];
         }
       ]
     ))