talexander/machine_setup
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

base: talexander:mt7927
Branches Tags
talexander:main talexander:nix talexander:kubernetes talexander:mt7927 talexander:yubipi talexander:upstream_amd_debug_tools talexander:install_files_mixin talexander:starship talexander:pixelbook
...
compare: talexander:55af3d4910e8ec323b679d5b72e214425eac4a23
Branches Tags
talexander:nix talexander:kubernetes talexander:main talexander:mt7927 talexander:yubipi talexander:upstream_amd_debug_tools talexander:install_files_mixin talexander:starship talexander:pixelbook

22 Commits
mt7927 ... 55af3d4910

Author SHA1 Message Date
Tom Alexander
55af3d4910 Update packages. 2026-06-12 12:09:33 -04:00
Tom Alexander
fe277c9bf7 Update packages. 2026-06-02 22:16:08 -04:00
Tom Alexander
246b903b2f Move kernel config to its own role. 2026-05-31 16:13:51 -04:00
Tom Alexander
0fa170c57e Preserve .vscode-shared. 
The latest vscode is storing data in ~/.vscode-shared that contains the "Open Recent" entries and the settings on which folders are trusted.
 2026-05-27 13:24:16 -04:00
Tom Alexander
3050cece0c Do not force import the root zfs pool. 2026-05-25 22:20:08 -04:00
Tom Alexander
6d070ddbb4 Update packages. 2026-05-25 22:20:08 -04:00
Tom Alexander
f99fa54d60 Revert "Update only the kernel." 
This reverts commit d52b5db39b.
 2026-05-21 20:31:54 -04:00
Tom Alexander
d52b5db39b Update only the kernel. 2026-05-21 20:31:27 -04:00
Tom Alexander
003c3cc41a Fix rnnoise after latest update. 2026-05-07 17:00:03 -04:00
Tom Alexander
d83652bb9c Add rsync_clone script. 2026-05-06 10:02:20 -04:00
Tom Alexander
6fd09a712e Add git_fix_author script. 2026-05-06 10:00:02 -04:00
Tom Alexander
d9c4f824d2 Add git_find_merged_branches script. 2026-05-06 09:56:18 -04:00
Tom Alexander
856e4daee6 Add the decode_jwt script. 2026-05-06 09:49:47 -04:00
Tom Alexander
9a9268f8cc Disable shipwright. 
The hash is not matching, so the build is broken.
 2026-05-05 22:42:17 -04:00
Tom Alexander
8d3ebf7ba2 Update packages. 2026-05-01 20:16:45 -04:00
Tom Alexander
d35cfaacbd Add nix-pin-revision script. 2026-04-26 08:32:17 -04:00
Tom Alexander
8b1212e182 Support hardware accelerated RNG in qemurc. 2026-04-26 08:32:17 -04:00
Tom Alexander
7f0250cb9d Sync to the store before registering paths. 2026-04-26 08:32:17 -04:00
Tom Alexander
bc2636a54c New VPN address for home server. 2026-04-26 08:32:17 -04:00
Tom Alexander
c8147b5e9e Use direct paths for hydra's nix store. 
I was getting corrupted builds, so as a test I am using the direct path where the drive is mounted rather than going through bind mounts.
 2026-04-26 08:32:17 -04:00
Tom Alexander
4115e95bb6 Add a build of nixbsd to nix_builder. 2026-04-26 08:32:17 -04:00
Tom Alexander
4c1465c8d0 Update packages. 2026-04-26 08:32:17 -04:00
28 changed files with 481 additions and 85 deletions
Expand all files Collapse all files

44
nix/configuration/configuration.nix
View File

@@ -1,9 +1,16 @@
{
config,
lib,
pkgs,
...
}:
let
alias_nix_pin_revision = pkgs.writeShellScriptBin "nix-pin-revision" ''
# Usage: nix-pin-revision nixpkgs 'github:NixOS/nixpkgs/00c21e4c93d963c50d4c0c89bfa84ed6e0694df2'
exec nix flake lock --override-input "''${@}"
'';
in
{
imports = [
./roles/2ship2harkinian
@@ -47,6 +54,7 @@
./roles/iso_mount
./roles/jujutsu
./roles/kanshi
./roles/kernel
./roles/kodi
./roles/kubernetes
./roles/latex
@@ -119,6 +127,9 @@
nix.settings.max-free = 1000000000;
nix.settings.fallback = true;
nix.settings.warn-dirty = false;
nix.settings.fsync-metadata = true;
# Ensure store paths are durably written to disk before registering the paths so a crash mid-build does not leave us in a corrupted state.
nix.settings.fsync-store-paths = true;
hardware.enableRedistributableFirmware = true;
@@ -137,6 +148,10 @@
};
nix.settings.auto-optimise-store = !config.me.buildingPortable;
environment.systemPackages = [
alias_nix_pin_revision
];
environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true;
directories = [
@@ -220,13 +235,30 @@
);
in
[
(disableTests "coreutils")
(disableTests "coreutils-full")
(disableTests "libuv")
(final: prev: {
inherit (final.unoptimized) libtpms libjxl;
})
(disableTests "deno") # Tests use too much disk space
(disableOptimizations "libtpms")
(disableOptimizationsPython3 "scipy")
(disableOptimizations "assimp")
(disableOptimizations "gsl")
(final: prev: {
rpcs3 = prev.rpcs3.override {
glew = (final.glew.override { enableEGL = false; });
};
})
(final: prev: {
fwupd = prev.fwupd.overrideAttrs (
finalAttrs: prevAttrs: {
version = "2.1.5";
src = final.fetchFromGitHub {
owner = "fwupd";
repo = "fwupd";
tag = finalAttrs.version;
hash = "sha256-DzQ+N99ZmFRqZc2rN6PSqmoIMXUyrE8Kkn+KnT/AWPc=";
};
}
);
})
# Works but probably sets python2's scipy to be python3:
#
# (final: prev: {

31
nix/configuration/flake.lock generated
View File

@@ -22,11 +22,11 @@
]
},
"locked": {
"lastModified": 1769524058,
"narHash": "sha256-zygdD6X1PcVNR2PsyK4ptzrVEiAdbMqLos7utrMDEWE=",
"lastModified": 1780894562,
"narHash": "sha256-c3430xwxwhHipl3jigUGMMBfpaMylDqytW/kdmB3ZGs=",
"owner": "nix-community",
"repo": "disko",
"rev": "71a3fc97d80881e91710fe721f1158d3b96ae14d",
"rev": "24fed06cac83bcc44ac8efbb57cab1a82fa0bedc",
"type": "github"
},
"original": {
@@ -164,11 +164,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1770197578,
"narHash": "sha256-AYqlWrX09+HvGs8zM6ebZ1pwUqjkfpnv8mewYwAo+iM=",
"lastModified": 1780749050,
"narHash": "sha256-3av0pIjlOWQ6rDbNOmpUSvbNnJkGORQKKjb4LtCZsIY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "00c21e4c93d963c50d4c0c89bfa84ed6e0694df2",
"rev": "a799d3e3886da994fa307f817a6bc705ae538eeb",
"type": "github"
},
"original": {
@@ -178,6 +178,22 @@
"type": "github"
}
},
"nixpkgs-google": {
"locked": {
"lastModified": 1779893571,
"narHash": "sha256-wiwMyVCtmjRjlFCe2zaumCE6LRV9GzzN0ZH25NQkbAU=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "45f6cfaa4605b706c870e75bd74bdb5e97eee11e",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "45f6cfaa4605b706c870e75bd74bdb5e97eee11e",
"type": "github"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1730741070,
@@ -226,7 +242,8 @@
"disko": "disko",
"impermanence": "impermanence",
"lanzaboote": "lanzaboote",
"nixpkgs": "nixpkgs"
"nixpkgs": "nixpkgs",
"nixpkgs-google": "nixpkgs-google"
}
},
"rust-overlay": {

5
nix/configuration/flake.nix
View File

@@ -20,6 +20,7 @@
inputs.nixpkgs.follows = "nixpkgs";
};
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
nixpkgs-google.url = "github:NixOS/nixpkgs/45f6cfaa4605b706c870e75bd74bdb5e97eee11e";
lanzaboote = {
url = "github:nix-community/lanzaboote/v0.4.2";
inputs.nixpkgs.follows = "nixpkgs";
@@ -34,6 +35,7 @@
{
self,
nixpkgs,
nixpkgs-google,
disko,
impermanence,
lanzaboote,
@@ -92,6 +94,9 @@
hostPlatform.gcc.arch = "default";
hostPlatform.gcc.tune = "default";
};
google = import nixpkgs-google {
system = prev.stdenv.hostPlatform.system;
};
})
];
};

1
nix/configuration/hosts/odo/SELF_BUILD
View File

@@ -5,7 +5,6 @@ IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
: "${NOM:="true"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done

2
nix/configuration/hosts/odo/default.nix
View File

@@ -164,7 +164,7 @@
me.zsh.enable = true;
me.sm64ex.enable = true;
me.shipwright.enable = true;
me.shipwright.enable = false;
me.ship2harkinian.enable = true;
};
}

2
nix/configuration/hosts/quark/default.nix
View File

@@ -159,7 +159,7 @@
me.zsh.enable = true;
me.sm64ex.enable = true;
me.shipwright.enable = true;
me.shipwright.enable = false;
me.ship2harkinian.enable = true;
};
}

10
nix/configuration/roles/base/default.nix
View File

@@ -14,6 +14,12 @@ let
cleanup_temporary_files = (
patchScriptBin "cleanup_temporary_files" (builtins.readFile ./files/cleanup_temporary_files.bash)
);
decode_jwt = (patchScriptBin "decode_jwt" (builtins.readFile ./files/decode_jwt.bash));
git_find_merged_branches = (
patchScriptBin "git_find_merged_branches" (builtins.readFile ./files/git_find_merged_branches.bash)
);
git_fix_author = (patchScriptBin "git_fix_author" (builtins.readFile ./files/git_fix_author.bash));
rsync_clone = (patchScriptBin "rsync_clone" (builtins.readFile ./files/rsync_clone.bash));
alias_rga = pkgs.writeShellScriptBin "rga" ''
exec ${pkgs.ripgrep}/bin/rg -uuu "''${@}"
'';
@@ -59,8 +65,12 @@ in
nix-output-monitor # For better view into nixos-rebuild
# nix-serve-ng # Serve nix store over http
cleanup_temporary_files
decode_jwt
jq
inetutils # For whois
git_find_merged_branches
git_fix_author
rsync_clone
];
};
}

5
nix/configuration/roles/base/files/cleanup_temporary_files.bash
View File

@@ -1,4 +1,7 @@
#!/usr/bin/env bash
#
# Delete temporary files on entire disk
find / -type f '(' -name '*.orig' -or -name '*~' -or -name '*.core' ')' -delete -print 2>/dev/null
set -euo pipefail
IFS=$'\n\t'
exec find / -type f '(' -name '*.orig' -or -name '*~' -or -name '*.core' ')' -delete -print 2>/dev/null

8
nix/configuration/roles/base/files/decode_jwt.bash Normal file
View File

@@ -0,0 +1,8 @@
#!/usr/bin/env bash
#
# Decode the contents of a JWT
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
exec jq -R 'split(".") | .[0],.[1] | gsub("-"; "+") | gsub("_"; "/") | gsub("%3D"; "=")| @base64d | fromjson'

10
nix/configuration/roles/base/files/git_find_merged_branches.bash Normal file
View File

@@ -0,0 +1,10 @@
#!/usr/bin/env bash
#
# Find local branches that have been merged
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: ${MAIN_BRANCH:="main"}
git checkout -q ${MAIN_BRANCH} && git for-each-ref refs/heads/ "--format=%(refname:short)" | while read branch; do mergeBase=$(git merge-base ${MAIN_BRANCH} $branch) && [[ $(git cherry ${MAIN_BRANCH} $(git commit-tree $(git rev-parse "$branch^{tree}") -p $mergeBase -m _)) == "-"* ]] && echo "$branch"; done

22
nix/configuration/roles/base/files/git_fix_author.bash Normal file
View File

@@ -0,0 +1,22 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
git filter-branch --env-filter '
WRONG_EMAIL="old@email.foo"
NEW_NAME="New Name"
NEW_EMAIL="new@email.bar"
if [ "$GIT_COMMITTER_EMAIL" = "$WRONG_EMAIL" ]
then
export GIT_COMMITTER_NAME="$NEW_NAME"
export GIT_COMMITTER_EMAIL="$NEW_EMAIL"
fi
if [ "$GIT_AUTHOR_EMAIL" = "$WRONG_EMAIL" ]
then
export GIT_AUTHOR_NAME="$NEW_NAME"
export GIT_AUTHOR_EMAIL="$NEW_EMAIL"
fi
' --tag-name-filter cat --commit-filter 'git commit-tree -S "$@";' -- --branches --tags

8
nix/configuration/roles/base/files/rsync_clone.bash Normal file
View File

@@ -0,0 +1,8 @@
#!/usr/bin/env bash
#
# Wrapper to set rsync flags for cloning a folder preserving attributes
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
exec rsync -aHAXS "$@"

4
nix/configuration/roles/distributed_build/default.nix
View File

@@ -56,7 +56,7 @@ let
# "aarch64-linux"
];
hostName = lib.mkForce "hydra?remote-store=local?root=/home/nixworker/persist/root";
hostName = lib.mkForce "hydra?remote-store=local?root=/.disk/root";
};
};
joined_configs =
@@ -101,7 +101,7 @@ in
# Using an ssh-based substituter slows down the build because querying the remote store for paths takes ages.
#
# nix.settings.substituters = lib.mkForce [
# "ssh-ng://nixworker@ns1.fizz.buzz:65122?compress=true&ssh-key=/persist/manual/ssh/root/keys/id_ed25519&remote-store=/home/nixworker/persist/root"
# "ssh-ng://nixworker@ns1.fizz.buzz:65122?compress=true&ssh-key=/persist/manual/ssh/root/keys/id_ed25519&remote-store=/.disk/root"
# ];
# nix.settings.substitute = lib.mkForce true;

2
nix/configuration/roles/gcloud/default.nix
View File

@@ -18,7 +18,7 @@
};
config = lib.mkIf config.me.gcloud.enable {
environment.systemPackages = with pkgs; [
environment.systemPackages = with pkgs.google; [
(google-cloud-sdk.withExtraComponents [ google-cloud-sdk.components.gke-gcloud-auth-plugin ])
];

2
nix/configuration/roles/graphics/default.nix
View File

@@ -34,7 +34,7 @@
environment.systemPackages = with pkgs; [
mesa-demos # for glxgears
vulkan-tools # for vkcube
xorg.xeyes # to test which windows are using x11
xeyes # to test which windows are using x11
];
hardware.graphics.enable = true;
# hardware.graphics.enable32Bit = true;

8
nix/configuration/roles/hydra/default.nix
View File

@@ -85,11 +85,11 @@ in
};
# Nix 2.30.0 (2025-07-07) changed the build directory from /tmp to /nix/var/nix/builds which broke a number of builds because my ZFS datasets were utf8only.
fileSystems."/home/nixworker/persist/root/nix/var/nix/builds" = {
fileSystems."/.disk/root/nix/var/nix/builds" = {
device = "tmpfs";
fsType = "tmpfs";
options = [
"size=40G" # adjust for your situation and needs
"size=50G" # adjust for your situation and needs
"mode=700"
"uid=11400"
"gid=11400"
@@ -110,7 +110,7 @@ in
IFS=$'\n\t'
DIR="$( cd "$( dirname "''${BASH_SOURCE[0]}" )" && pwd )"
NIX_REMOTE='local?root=/home/nixworker/persist/root' RUST_BACKTRACE=1 RUST_LOG=nix_builder=DEBUG ${nix_builder}/bin/nix-builder build --config ${./files/nix_builder.toml} --target odo --target odo_update --target odowork --target odowork_update --target quark --target quark_update --target hydra --target hydra_update --target controller0 --target controller0_update --target controller1 --target controller1_update --target controller2 --target controller2_update --target worker0 --target worker0_update --target worker1 --target worker1_update --target worker2 --target worker2_update --target family_disks --target family_disks_update
NIX_REMOTE='local?root=/.disk/root' RUST_BACKTRACE=1 RUST_LOG=nix_builder=DEBUG ${nix_builder}/bin/nix-builder build --config ${./files/nix_builder.toml} --target odo --target odo_update --target odowork --target odowork_update --target quark --target quark_update --target hydra --target hydra_update --target controller0 --target controller0_update --target controller1 --target controller1_update --target controller2 --target controller2_update --target worker0 --target worker0_update --target worker1 --target worker1_update --target worker2 --target worker2_update --target family_disks --target family_disks_update --target nixbsd
'';
restartIfChanged = false;
serviceConfig = {
@@ -138,7 +138,7 @@ in
IFS=$'\n\t'
DIR="$( cd "$( dirname "''${BASH_SOURCE[0]}" )" && pwd )"
NIX_REMOTE='local?root=/home/nixworker/persist/root' nix-collect-garbage -d
NIX_REMOTE='local?root=/.disk/root' nix-collect-garbage -d
'';
path = with pkgs; [
pkgs.nix

7
nix/configuration/roles/hydra/files/nix_builder.toml
View File

@@ -177,3 +177,10 @@ output_directory = "/home/nixworker/persist/nix_builder"
attr = "nixosConfigurations.family_disks.config.system.build.toplevel"
update = true
update_branch = "nix_update"
[[targets]]
name = "nixbsd"
repo = "https://github.com/nixos-bsd/nixbsd.git"
revision = "828ff7a3c4ee91f548de65a963fca40eaedb171c"
path = "."
attr = "base.vmClosureInfo"

308
nix/configuration/roles/kernel/default.nix Normal file
View File

@@ -0,0 +1,308 @@
{
config,
lib,
pkgs,
...
}:
let
preemption_type = with lib.kernel; {
full = {
PREEMPT_DYNAMIC = yes;
PREEMPT = yes;
PREEMPT_VOLUNTARY = lib.mkForce no;
PREEMPT_LAZY = lib.mkForce no;
PREEMPT_NONE = no;
};
lazy = {
PREEMPT_DYNAMIC = yes;
PREEMPT = no;
PREEMPT_VOLUNTARY = lib.mkForce no;
PREEMPT_LAZY = yes;
PREEMPT_NONE = no;
};
voluntary = {
PREEMPT_DYNAMIC = no;
PREEMPT = no;
PREEMPT_VOLUNTARY = yes;
PREEMPT_LAZY = lib.mkForce no;
PREEMPT_NONE = no;
};
none = {
PREEMPT_DYNAMIC = no;
PREEMPT = no;
PREEMPT_VOLUNTARY = lib.mkForce no;
PREEMPT_LAZY = lib.mkForce no;
PREEMPT_NONE = yes;
};
};
lto_type = with lib.kernel; {
none = {
LTO_NONE = yes;
LTO_CLANG_THIN = no;
LTO_CLANG_FULL = no;
};
thin = {
LTO_NONE = no;
LTO_CLANG_THIN = yes;
LTO_CLANG_FULL = no;
};
full = {
LTO_NONE = no;
LTO_CLANG_THIN = no;
LTO_CLANG_FULL = yes;
};
};
cpu_scheduler = with lib.kernel; {
# Burst-Oriented Response Enhancer
# For interactive workloads and gaming.
bore = {
SCHED_BORE = yes;
};
# Earliest Eligible Virtual Deadline First
# For general purpose computing.
eevdf = { };
# BitMap Queue CPU Scheduler
# For throughput-oriented workloads.
bmq = {
SCHED_ALT = yes;
SCHED_BMQ = yes;
};
};
tick_hz =
with lib.kernel;
{
"1000" = {
HZ_1000 = yes;
HZ = freeform "1000";
};
}
// lib.genAttrs [ "100" "250" "300" "500" "600" "750" ] (hz: {
HZ_1000 = no;
"HZ_${hz}" = yes;
HZ = freeform hz;
});
performance_governor = with lib.kernel; {
default = {
CPU_FREQ_DEFAULT_GOV_SCHEDUTIL = yes;
};
performance = {
CPU_FREQ_DEFAULT_GOV_SCHEDUTIL = no;
CPU_FREQ_DEFAULT_GOV_PERFORMANCE = yes;
};
};
cpu_type = with lib.kernel; {
x86_64-v1 = {
GENERIC_CPU = yes;
MZEN4 = no;
X86_NATIVE_CPU = no;
X86_64_VERSION = freeform "1";
};
x86_64-v2 = {
GENERIC_CPU = yes;
MZEN4 = no;
X86_NATIVE_CPU = no;
X86_64_VERSION = freeform "2";
};
x86_64-v3 = {
GENERIC_CPU = yes;
MZEN4 = no;
X86_NATIVE_CPU = no;
X86_64_VERSION = freeform "3";
};
x86_64-v4 = {
GENERIC_CPU = yes;
MZEN4 = no;
X86_NATIVE_CPU = no;
X86_64_VERSION = freeform "4";
};
zen4 = {
GENERIC_CPU = no;
MZEN4 = yes;
X86_NATIVE_CPU = no;
};
default = { };
};
my_cpu_type = lib.mkMerge [
(lib.mkIf (!config.me.optimizations.enable) cpu_type.default)
(lib.mkIf (
config.me.optimizations.enable && config.me.optimizations.arch == "x86-64-v1"
) cpu_type.x86_64-v1)
(lib.mkIf (
config.me.optimizations.enable && config.me.optimizations.arch == "x86-64-v2"
) cpu_type.x86_64-v2)
(lib.mkIf (
config.me.optimizations.enable && config.me.optimizations.arch == "x86-64-v3"
) cpu_type.x86_64-v3)
(lib.mkIf (
config.me.optimizations.enable && config.me.optimizations.arch == "x86-64-v4"
) cpu_type.x86_64-v4)
(lib.mkIf (
config.me.optimizations.enable && config.me.optimizations.arch == "znver4"
) cpu_type.zen4)
];
tick_rate = with lib.kernel; {
# Always tick at the hz frequency.
periodic = {
NO_HZ_IDLE = no;
NO_HZ_FULL = no;
NO_HZ = no;
NO_HZ_COMMON = no;
HZ_PERIODIC = yes;
};
# Idle - Do not disturb the CPU when idle. This can save power but increase latency.
idle = {
HZ_PERIODIC = no;
NO_HZ_FULL = no;
NO_HZ_IDLE = yes;
NO_HZ = yes;
NO_HZ_COMMON = yes;
};
# Full dyntick system (tickless) - The kernel tries to shut down the tick whenever possible.
tickless = {
HZ_PERIODIC = no;
NO_HZ_IDLE = no;
CONTEXT_TRACKING_FORCE = no;
NO_HZ_FULL_NODEF = yes;
NO_HZ_FULL = yes;
NO_HZ = yes;
NO_HZ_COMMON = yes;
CONTEXT_TRACKING = yes;
};
};
huge_page = with lib.kernel; {
always = {
TRANSPARENT_HUGEPAGE_MADVISE = no;
TRANSPARENT_HUGEPAGE_ALWAYS = yes;
};
madvise = {
TRANSPARENT_HUGEPAGE_ALWAYS = no;
TRANSPARENT_HUGEPAGE_MADVISE = yes;
};
};
io_scheduler = with lib.kernel; {
adios = {
MQ_IOSCHED_ADIOS = yes;
};
bfq = {
IOSCHED_BFQ = mkKernelOverride yes;
};
};
common_config =
with lib.kernel;
{
# Google's BBRv3 TCP congestion Control
TCP_CONG_BBR = yes;
DEFAULT_BBR = yes;
# TCP_CONG_CUBIC = module;
# DEFAULT_CUBIC = no;
# TCP_CONG_BBR = yes;
# DEFAULT_BBR = yes;
# DEFAULT_TCP_CONG = freeform "bbr";
# NET_SCH_FQ_CODEL = module;
# NET_SCH_FQ = yes;
# CONFIG_DEFAULT_FQ_CODEL = no;
# CONFIG_DEFAULT_FQ = yes;
# Enable the Control Flow Integrity sanitizer in clang
ARCH_SUPPORTS_CFI_CLANG = yes;
CFI_CLANG = yes;
CFI_AUTO_DEFAULT = yes;
# Use O3 optimizations
CC_OPTIMIZE_FOR_PERFORMANCE = no;
CC_OPTIMIZE_FOR_PERFORMANCE_O3 = yes;
# Enable Adaptive Deadline I/O Scheduler
MQ_IOSCHED_ADIOS = yes;
}
// my_cpu_type;
flavors = {
server = lib.mkMerge [
preemption_type.none
lto_type.full
cpu_scheduler.eevdf
tick_hz."300"
performance_governor.default
tick_rate.tickless
huge_page.madvise
];
interactive =
with lib.kernel;
lib.mkMerge [
{
# Enable RCU Lazy - Reduces power consumption when idle or lightly loaded. Useful for battery-powered devices like laptops.
RCU_LAZY = yes;
}
preemption_type.lazy
lto_type.full
cpu_scheduler.bore
tick_hz."300"
performance_governor.default
tick_rate.tickless
huge_page.madvise
];
};
in
{
imports = [ ];
options.me = {
kernel.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install kernel.";
};
kernel.version = lib.mkOption {
type = lib.types.str;
default = "linux"; # LTS
example = "linux_6_18";
description = "What version of the kernl should we use.";
};
kernel.flavor = lib.mkOption {
type = lib.types.str;
default = "interactive";
example = "server";
description = "What type of kernel should be built.";
};
};
config = lib.mkIf config.me.kernel.enable (
lib.mkMerge [
{
boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_me;
}
(lib.mkIf (!config.me.optimizations.enable) {
nixpkgs.overlays = [
(final: prev: {
linux_me = final."${config.me.kernel.version}";
})
];
})
(lib.mkIf (config.me.optimizations.enable) {
nixpkgs.overlays = [
(
final: prev:
let
addConfig =
additionalConfig: pkg:
pkg.override (oldconfig: {
structuredExtraConfig = lib.mkMerge ([ pkg.structuredExtraConfig ] ++ additionalConfig);
});
in
{
linux_me = addConfig ([
common_config
flavors."${config.me.kernel.flavor}"
]) final."${config.me.kernel.version}";
}
)
];
})
]
);
}

1
nix/configuration/roles/minimal_base/default.nix
View File

@@ -19,6 +19,7 @@
config = lib.mkIf config.me.minimal_base.enable {
me.doas.enable = true;
me.kernel.enable = true;
me.network.enable = true;
me.nvme.enable = true;
me.ssh.enable = true;

10
nix/configuration/roles/network/default.nix
View File

@@ -56,15 +56,19 @@ in
# TODO: The 127.0.0.1 address should probably be moved to a host-specific file.
networking.extraHosts = ''
127.0.0.1 ${config.networking.hostName}.home.arpa
10.216.1.1 homeserver
10.216.1.32 homeserver
fdfd:5e8a:ee2d::1:32 homeserver
10.216.1.6 media
10.216.1.12 odo
fdfd:5e8a:ee2d::1:2 odo
10.216.1.14 neelix
10.216.1.15 quark
fdfd:5e8a:ee2d::1:3 quark
10.217.1.1 drmario
10.217.2.1 mrmanager
172.16.16.245 turtle
172.16.16.251 stream
fdfd:5e8a:ee2d::2:2 mrmanager
172.16.16.245 turtle
172.16.16.251 stream
'';
networking.wireless.iwd = {

53
nix/configuration/roles/optimized_build/default.nix
View File

@@ -1,7 +1,6 @@
{
config,
lib,
pkgs,
...
}:
@@ -49,65 +48,13 @@
};
config = lib.mkMerge [
(lib.mkIf (!config.me.optimizations.enable) (
lib.mkMerge [
{
boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_6_18;
# boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux;
}
]
))
(lib.mkIf config.me.optimizations.enable (
lib.mkMerge [
{
boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_me;
nixpkgs.hostPlatform = {
gcc.arch = config.me.optimizations.arch;
gcc.tune = config.me.optimizations.arch;
};
nixpkgs.overlays = [
(
final: prev:
let
addConfig =
additionalConfig: pkg:
pkg.override (oldconfig: {
structuredExtraConfig = pkg.structuredExtraConfig // additionalConfig;
});
in
{
linux_me = addConfig {
# Full preemption
PREEMPT = lib.mkOverride 60 lib.kernel.yes;
PREEMPT_VOLUNTARY = lib.mkOverride 60 lib.kernel.no;
# Google's BBRv3 TCP congestion Control
TCP_CONG_BBR = lib.kernel.yes;
DEFAULT_BBR = lib.kernel.yes;
# Preemptive Full Tickless Kernel at 300Hz
HZ = lib.kernel.freeform "300";
HZ_300 = lib.kernel.yes;
HZ_1000 = lib.kernel.no;
} prev.linux_6_18; # or prev.linux
}
)
(final: prev: {
inherit (final.unoptimized)
assimp
binaryen
gsl
rapidjson
ffmpeg-headless
ffmpeg
pipewire
chromaprint
gtkmm
;
})
];
}
]
))

1
nix/configuration/roles/qemu/files/qemurc.bash
View File

@@ -355,6 +355,7 @@ function start_body {
-smp cores="$CPU_CORES"
-m "$MEMORY"
-rtc base=localtime
-device virtio-rng-pci
-drive "file=\"@OVMFfd@/FV/OVMF_CODE.fd\",if=pflash,format=raw,readonly=on"
-drive "if=pflash,format=raw,file=\"$(readlink -f "${mount_path}/OVMF_VARS.fd")\""
-drive "if=none,file=/dev/zvol/${zfs_path}/disk0,format=raw,id=hd0"

2
nix/configuration/roles/recovery/default.nix
View File

@@ -29,7 +29,7 @@
}
(lib.mkIf config.me.graphical {
environment.systemPackages = with pkgs; [
ddrescueview
#ddrescueview
];
})
]

2
nix/configuration/roles/rpcs3/default.nix
View File

@@ -53,6 +53,8 @@ in
rpcs3
];
allowedUnfree = [ "rpcs3" ];
security.pam.loginLimits = [
{
domain = "@wheel";

5
nix/configuration/roles/sm64ex/default.nix
View File

@@ -18,7 +18,10 @@
};
config = lib.mkIf (config.me.sm64ex.enable && config.me.graphical) {
allowedUnfree = [ "sm64ex" ];
allowedUnfree = [
"sm64ex"
"baserom.us.z64"
];
environment.systemPackages = with pkgs; [
sm64ex

4
nix/configuration/roles/sound/default.nix
View File

@@ -30,7 +30,7 @@
# If you want to use JACK applications, uncomment this
#jack.enable = true;
extraLv2Packages = [ pkgs.rnnoise-plugin ];
extraLadspaPackages = [ pkgs.rnnoise-plugin.ladspa ];
configPackages = [
(pkgs.writeTextDir "share/pipewire/pipewire.conf.d/99-input-denoising.conf" ''
context.modules = [
@@ -43,7 +43,7 @@
{
type = ladspa
name = rnnoise
plugin = "${pkgs.rnnoise-plugin}/lib/ladspa/librnnoise_ladspa.so"
plugin = "librnnoise_ladspa"
label = noise_suppressor_mono
control = {
"VAD Threshold (%)" = 50.0

6
nix/configuration/roles/vscode/default.nix
View File

@@ -121,6 +121,12 @@ in
group = "talexander";
mode = "0755";
}
{
directory = ".vscode-shared";
user = "talexander";
group = "talexander";
mode = "0755";
}
];
};
};

3
nix/configuration/roles/zfs/default.nix
View File

@@ -44,6 +44,9 @@ in
boot.zfs.devNodes = "/dev/disk/by-partuuid";
# Do not force import your root pool during boot. Force importing would be useful if the pool had been imported by a different machine most recently.
boot.zfs.forceImportRoot = false;
services.zfs = {
autoScrub = {
enable = true;