Enable the thunderbolt service.

Update packages.
2026-06-17 13:08:11 -04:00 · 2026-06-13 22:05:23 -04:00 · 2026-06-13 22:05:23 -04:00 · 2026-06-13 22:05:23 -04:00
13 changed files with 279 additions and 75 deletions
--- a/nix/configuration/configuration.nix
+++ b/nix/configuration/configuration.nix
@@ -54,6 +54,7 @@ in
    ./roles/iso_mount
    ./roles/jujutsu
    ./roles/kanshi
    ./roles/kernel
    ./roles/kodi
    ./roles/kubernetes
    ./roles/latex
@@ -139,7 +140,8 @@ in
    # Automatic garbage collection
    nix.gc = lib.mkIf (!config.me.buildingPortable) {
      # Runs nix-collect-garbage --delete-older-than 5d
-      automatic = true;
+      # automatic = true;
      automatic = false;
      persistent = true;
      dates = "monthly";
      # randomizedDelaySec = "14m";
@@ -235,12 +237,28 @@ in
      in
      [
        (disableTests "deno") # Tests use too much disk space
-        (final: prev: {
+        (disableOptimizations "libtpms")
          inherit (final.unoptimized)
            libtpms
            ;
        })
        (disableOptimizationsPython3 "scipy")
        (disableOptimizations "assimp")
        (disableOptimizations "gsl")
        (final: prev: {
          rpcs3 = prev.rpcs3.override {
            glew = (final.glew.override { enableEGL = false; });
          };
        })
        (final: prev: {
          fwupd = prev.fwupd.overrideAttrs (
            finalAttrs: prevAttrs: {
              version = "2.1.5";
              src = final.fetchFromGitHub {
                owner = "fwupd";
                repo = "fwupd";
                tag = finalAttrs.version;
                hash = "sha256-DzQ+N99ZmFRqZc2rN6PSqmoIMXUyrE8Kkn+KnT/AWPc=";
              };
            }
          );
        })
        # Works but probably sets python2's scipy to be python3:
        #
--- a/nix/configuration/flake.lock
+++ b/nix/configuration/flake.lock
@@ -22,11 +22,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1779226674,
+        "lastModified": 1780894562,
-        "narHash": "sha256-wuOkjI6pRiN4sEn/EPBRnNW5cmcpvd7xtIM8y5LooAs=",
+        "narHash": "sha256-c3430xwxwhHipl3jigUGMMBfpaMylDqytW/kdmB3ZGs=",
        "owner": "nix-community",
        "repo": "disko",
-        "rev": "65fb947964bd44fc0008faf77d1fcb7a9f40bb32",
+        "rev": "24fed06cac83bcc44ac8efbb57cab1a82fa0bedc",
        "type": "github"
      },
      "original": {
@@ -164,11 +164,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1778869304,
+        "lastModified": 1780749050,
-        "narHash": "sha256-30sZNZoA1cqF5JNO9fVX+wgiQYjB7HJqqJ4ztCDeBZE=",
+        "narHash": "sha256-3av0pIjlOWQ6rDbNOmpUSvbNnJkGORQKKjb4LtCZsIY=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "d233902339c02a9c334e7e593de68855ad26c4cb",
+        "rev": "a799d3e3886da994fa307f817a6bc705ae538eeb",
        "type": "github"
      },
      "original": {
@@ -178,6 +178,22 @@
        "type": "github"
      }
    },
    "nixpkgs-google": {
      "locked": {
        "lastModified": 1779893571,
        "narHash": "sha256-wiwMyVCtmjRjlFCe2zaumCE6LRV9GzzN0ZH25NQkbAU=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "45f6cfaa4605b706c870e75bd74bdb5e97eee11e",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "45f6cfaa4605b706c870e75bd74bdb5e97eee11e",
        "type": "github"
      }
    },
    "nixpkgs-stable": {
      "locked": {
        "lastModified": 1730741070,
@@ -226,7 +242,8 @@
        "disko": "disko",
        "impermanence": "impermanence",
        "lanzaboote": "lanzaboote",
-        "nixpkgs": "nixpkgs"
+        "nixpkgs": "nixpkgs",
        "nixpkgs-google": "nixpkgs-google"
      }
    },
    "rust-overlay": {
--- a/nix/configuration/flake.nix
+++ b/nix/configuration/flake.nix
@@ -20,6 +20,7 @@
      inputs.nixpkgs.follows = "nixpkgs";
    };
    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
    nixpkgs-google.url = "github:NixOS/nixpkgs/45f6cfaa4605b706c870e75bd74bdb5e97eee11e";
    lanzaboote = {
      url = "github:nix-community/lanzaboote/v0.4.2";
      inputs.nixpkgs.follows = "nixpkgs";
@@ -34,6 +35,7 @@
    {
      self,
      nixpkgs,
      nixpkgs-google,
      disko,
      impermanence,
      lanzaboote,
@@ -92,6 +94,9 @@
                      hostPlatform.gcc.arch = "default";
                      hostPlatform.gcc.tune = "default";
                    };
                    google = import nixpkgs-google {
                      system = prev.stdenv.hostPlatform.system;
                    };
                  })
                ];
              };
--- a/nix/configuration/hosts/odo/default.nix
+++ b/nix/configuration/hosts/odo/default.nix
@@ -110,6 +110,7 @@
    me.jujutsu.config = ../../roles/jujutsu/files/jujutsu_config_home.toml;
    me.jujutsu.enable = true;
    me.kanshi.enable = false;
    me.kernel.enable = true;
    me.kubernetes.enable = true;
    me.latex.enable = true;
    me.launch_keyboard.enable = true;
--- a/nix/configuration/hosts/odowork/default.nix
+++ b/nix/configuration/hosts/odowork/default.nix
@@ -111,6 +111,7 @@
    me.iso_mount.enable = true;
    me.jujutsu.config = ../../roles/jujutsu/files/jujutsu_config_home.toml;
    me.jujutsu.enable = true;
    me.kernel.enable = true;
    me.latex.enable = true;
    me.launch_keyboard.enable = true;
    me.lvfs.enable = true;
--- a/nix/configuration/hosts/quark/default.nix
+++ b/nix/configuration/hosts/quark/default.nix
@@ -104,6 +104,7 @@
    me.jujutsu.config = ../../roles/jujutsu/files/jujutsu_config_home.toml;
    me.jujutsu.enable = true;
    me.kanshi.enable = false;
    me.kernel.enable = true;
    me.kubernetes.enable = true;
    me.latex.enable = true;
    me.launch_keyboard.enable = true;
--- a/nix/configuration/roles/firewall/default.nix
+++ b/nix/configuration/roles/firewall/default.nix
@@ -24,7 +24,16 @@
    networking.firewall.allowedUDPPorts = [
      5353 # mDNS
    ];
    # networking.firewall.enable = true;
    # networking.nftables.enable = true;
    # Or disable the firewall altogether.
-    # networking.firewall.enable = false;
+    networking.firewall.enable = false;
    # Debugging
    # networking.firewall.logRefusedConnections = true;
    # networking.firewall.logRefusedPackets = true;
    # networking.firewall.logReversePathDrops = true;
  };
 }
--- a/nix/configuration/roles/gcloud/default.nix
+++ b/nix/configuration/roles/gcloud/default.nix
@@ -18,7 +18,7 @@
  };
  config = lib.mkIf config.me.gcloud.enable {
-    environment.systemPackages = with pkgs; [
+    environment.systemPackages = with pkgs.google; [
      (google-cloud-sdk.withExtraComponents [ google-cloud-sdk.components.gke-gcloud-auth-plugin ])
    ];
--- a/nix/configuration/roles/kernel/default.nix
+++ b/nix/configuration/roles/kernel/default.nix
@@ -0,0 +1,194 @@
 # Check current config:
 #   nix build '/persist/machine_setup/nix/configuration#nixosConfigurations.hydra.pkgs.linux_me.configfile'
 #   cat $(nix eval --raw '/persist/machine_setup/nix/configuration#nixosConfigurations.hydra.pkgs.linux_me.configfile') | less
 {
  config,
  lib,
  pkgs,
  ...
 }:
 let
  preemption_type = with lib.kernel; {
    full = {
      PREEMPT_DYNAMIC = yes;
      PREEMPT = yes;
      PREEMPT_VOLUNTARY = lib.mkForce no;
      PREEMPT_LAZY = lib.mkForce no;
      PREEMPT_NONE = no;
    };
    lazy = {
      PREEMPT_DYNAMIC = yes;
      PREEMPT = no;
      PREEMPT_VOLUNTARY = lib.mkForce no;
      PREEMPT_LAZY = yes;
      PREEMPT_NONE = no;
    };
    voluntary = {
      PREEMPT_DYNAMIC = no;
      PREEMPT = no;
      PREEMPT_VOLUNTARY = yes;
      PREEMPT_LAZY = lib.mkForce no;
      PREEMPT_NONE = no;
    };
    none = {
      PREEMPT_DYNAMIC = no;
      PREEMPT = no;
      PREEMPT_VOLUNTARY = lib.mkForce no;
      PREEMPT_LAZY = lib.mkForce no;
      PREEMPT_NONE = yes;
    };
  };
  tick_hz =
    with lib.kernel;
    {
      "1000" = {
        HZ_1000 = yes;
        HZ = freeform "1000";
      };
    }
    // lib.genAttrs [ "100" "250" "300" "500" "600" "750" ] (hz: {
      HZ_1000 = no;
      "HZ_${hz}" = yes;
      HZ = freeform hz;
    });
  performance_governor = with lib.kernel; {
    default = {
      CPU_FREQ_DEFAULT_GOV_SCHEDUTIL = yes;
    };
    performance = {
      CPU_FREQ_DEFAULT_GOV_SCHEDUTIL = no;
      CPU_FREQ_DEFAULT_GOV_PERFORMANCE = yes;
    };
  };
  tick_rate = with lib.kernel; {
    # Always tick at the hz frequency.
    periodic = {
      NO_HZ_IDLE = no;
      NO_HZ_FULL = no;
      NO_HZ = no;
      NO_HZ_COMMON = no;
      HZ_PERIODIC = yes;
    };
    # Idle - Do not disturb the CPU when idle. This can save power but increase latency.
    idle = {
      HZ_PERIODIC = no;
      NO_HZ_FULL = no;
      NO_HZ_IDLE = yes;
      NO_HZ = yes;
      NO_HZ_COMMON = yes;
    };
    # Full dyntick system (tickless) - The kernel tries to shut down the tick whenever possible.
    tickless = {
      HZ_PERIODIC = no;
      NO_HZ_IDLE = no;
      NO_HZ_FULL = yes;
      NO_HZ = yes;
      NO_HZ_COMMON = yes;
      CONTEXT_TRACKING = yes;
    };
  };
  huge_page = with lib.kernel; {
    always = {
      TRANSPARENT_HUGEPAGE_MADVISE = no;
      TRANSPARENT_HUGEPAGE_ALWAYS = yes;
    };
    madvise = {
      TRANSPARENT_HUGEPAGE_ALWAYS = no;
      TRANSPARENT_HUGEPAGE_MADVISE = yes;
    };
  };
  common_config =
    with lib.kernel;
    {
      # Google's BBRv3 TCP congestion Control
      TCP_CONG_BBR = yes;
      DEFAULT_BBR = yes;
    };
  flavors = {
    server = lib.mkMerge [
      preemption_type.none
      tick_hz."300"
      performance_governor.default
      tick_rate.tickless
      huge_page.madvise
    ];
    interactive =
      with lib.kernel;
      lib.mkMerge [
        {
          # Enable RCU Lazy - Reduces power consumption when idle or lightly loaded. Useful for battery-powered devices like laptops.
          RCU_LAZY = yes;
        }
        preemption_type.lazy
        tick_hz."300"
        performance_governor.default
        tick_rate.tickless
        huge_page.madvise
      ];
  };
 in
 {
  imports = [ ];
  options.me = {
    kernel.enable = lib.mkOption {
      type = lib.types.bool;
      default = false;
      example = true;
      description = "Whether we want to install kernel.";
    };
    kernel.version = lib.mkOption {
      type = lib.types.str;
      default = "linux"; # LTS
      example = "linux_6_18";
      description = "What version of the kernl should we use.";
    };
    kernel.flavor = lib.mkOption {
      type = lib.types.str;
      default = "interactive";
      example = "server";
      description = "What type of kernel should be built.";
    };
  };
  config = lib.mkIf config.me.kernel.enable (
    lib.mkMerge [
      {
        boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_me;
      }
      (lib.mkIf (!config.me.optimizations.enable) {
        nixpkgs.overlays = [
          (final: prev: {
            linux_me = final."${config.me.kernel.version}";
          })
        ];
      })
      (lib.mkIf (config.me.optimizations.enable) {
        nixpkgs.overlays = [
          (
            final: prev:
            let
              addConfig =
                additionalConfig: pkg:
                pkg.override (oldconfig: {
                  structuredExtraConfig = lib.mkMerge ([ pkg.structuredExtraConfig ] ++ additionalConfig);
                  # stdenv = pkgs.llvmPackages_latest.stdenv;
                  # stdenv = pkgs.clangStdenv;
                });
            in
            {
              linux_me = addConfig ([
                common_config
                flavors."${config.me.kernel.flavor}"
              ]) final."${config.me.kernel.version}";
            }
          )
        ];
      })
    ]
  );
 }
--- a/nix/configuration/roles/minimal_base/default.nix
+++ b/nix/configuration/roles/minimal_base/default.nix
@@ -19,6 +19,7 @@
  config = lib.mkIf config.me.minimal_base.enable {
    me.doas.enable = true;
    me.kernel.enable = true;
    me.network.enable = true;
    me.nvme.enable = true;
    me.ssh.enable = true;
--- a/nix/configuration/roles/optimized_build/default.nix
+++ b/nix/configuration/roles/optimized_build/default.nix
@@ -1,7 +1,6 @@
 {
  config,
  lib,
  pkgs,
  ...
 }:
@@ -49,71 +48,13 @@
  };
  config = lib.mkMerge [
    (lib.mkIf (!config.me.optimizations.enable) (
      lib.mkMerge [
        {
          boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_6_18;
          # boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux;
        }
      ]
    ))
    (lib.mkIf config.me.optimizations.enable (
      lib.mkMerge [
        {
          boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_me;
          nixpkgs.hostPlatform = {
            gcc.arch = config.me.optimizations.arch;
            gcc.tune = config.me.optimizations.arch;
          };
          nixpkgs.overlays = [
            (
              final: prev:
              let
                addConfig =
                  additionalConfig: pkg:
                  pkg.override (oldconfig: {
                    structuredExtraConfig = pkg.structuredExtraConfig // additionalConfig;
                  });
              in
              {
                linux_me = addConfig {
                  # Server | No preemption - Run until the next tick. Highest throughput but can cause stutter.
                  # PREEMPT = lib.mkOverride 60 lib.kernel.no;
                  # Desktop | Preempt kernel threads only at pre-defined places that call cond_resched().
                  PREEMPT_VOLUNTARY = lib.mkOverride 60 lib.kernel.no;
                  # Low-latency desktop | Full preemption - Kernel threads can be preempted unless they hold a spinlock or are in a no-preemption section.
                  PREEMPT = lib.mkOverride 60 lib.kernel.yes;
                  # RT - All kernel code is preemptible except for a few critical sections.
                  # Middle ground | Real-time tasks preempt immediately like FULL, normal tasks run until the next tick.
                  PREEMPT_LAZY = lib.mkOverride 90 lib.kernel.no;
                  # Google's BBRv3 TCP congestion Control
                  TCP_CONG_BBR = lib.kernel.yes;
                  DEFAULT_BBR = lib.kernel.yes;
                  # Preemptive Full Tickless Kernel at 300Hz
                  HZ = lib.kernel.freeform "300";
                  HZ_300 = lib.kernel.yes;
                  HZ_1000 = lib.kernel.no;
                } prev.linux_6_18; # or prev.linux
              }
            )
            (final: prev: {
              inherit (final.unoptimized)
                assimp
                binaryen
                gsl
                rapidjson
                ffmpeg-headless
                ffmpeg
                pipewire
                chromaprint
                gtkmm
                ;
            })
          ];
        }
      ]
    ))
--- a/nix/configuration/roles/sm64ex/default.nix
+++ b/nix/configuration/roles/sm64ex/default.nix
@@ -18,7 +18,10 @@
  };
  config = lib.mkIf (config.me.sm64ex.enable && config.me.graphical) {
-    allowedUnfree = [ "sm64ex" ];
+    allowedUnfree = [
      "sm64ex"
      "baserom.us.z64"
    ];
    environment.systemPackages = with pkgs; [
      sm64ex
--- a/nix/configuration/roles/thunderbolt/default.nix
+++ b/nix/configuration/roles/thunderbolt/default.nix
@@ -21,5 +21,18 @@
    environment.systemPackages = with pkgs; [
      bolt # For boltctl
    ];
    services.hardware.bolt.enable = true;
    # Trust all thunderbolt devices
    # services.udev.packages = [
    #   (pkgs.writeTextFile {
    #     name = "removable";
    #     text = ''
    #       ACTION=="add", SUBSYSTEM=="thunderbolt", ATTR{authorized}=="0", ATTR{authorized}="1"
    #     '';
    #     destination = "/etc/udev/rules.d/99-removable.rules";
    #   })
    # ];
  };
 }
Author	SHA1	Message	Date
Tom Alexander	6094fee196	Enable the thunderbolt service.	2026-06-17 13:08:11 -04:00
Tom Alexander	9e4c079258	Update packages.	2026-06-13 22:05:23 -04:00
Tom Alexander	3ab7a6e460	Update packages.	2026-06-13 22:05:23 -04:00
Tom Alexander	49f75408ae	Move kernel config to its own role.	2026-06-13 22:05:23 -04:00