Update packages.

nix/configuration/configuration.nix

@@ -140,8 +140,7 @@ in
     # Automatic garbage collection
     nix.gc = lib.mkIf (!config.me.buildingPortable) {
       # Runs nix-collect-garbage --delete-older-than 5d
-      # automatic = true;
-      automatic = false;
+      automatic = true;
       persistent = true;
       dates = "monthly";
       # randomizedDelaySec = "14m";

nix/configuration/hosts/odo/default.nix

@@ -110,7 +110,6 @@
     me.jujutsu.config = ../../roles/jujutsu/files/jujutsu_config_home.toml;
     me.jujutsu.enable = true;
     me.kanshi.enable = false;
-    me.kernel.enable = true;
     me.kubernetes.enable = true;
     me.latex.enable = true;
     me.launch_keyboard.enable = true;

nix/configuration/hosts/odowork/default.nix

@@ -111,7 +111,6 @@
     me.iso_mount.enable = true;
     me.jujutsu.config = ../../roles/jujutsu/files/jujutsu_config_home.toml;
     me.jujutsu.enable = true;
-    me.kernel.enable = true;
     me.latex.enable = true;
     me.launch_keyboard.enable = true;
     me.lvfs.enable = true;

nix/configuration/hosts/quark/default.nix

@@ -104,7 +104,6 @@
     me.jujutsu.config = ../../roles/jujutsu/files/jujutsu_config_home.toml;
     me.jujutsu.enable = true;
     me.kanshi.enable = false;
-    me.kernel.enable = true;
     me.kubernetes.enable = true;
     me.latex.enable = true;
     me.launch_keyboard.enable = true;

nix/configuration/roles/firewall/default.nix

@@ -24,16 +24,7 @@
     networking.firewall.allowedUDPPorts = [
       5353 # mDNS
     ];
-
-    # networking.firewall.enable = true;
-    # networking.nftables.enable = true;
-
     # Or disable the firewall altogether.
-    networking.firewall.enable = false;
-
-    # Debugging
-    # networking.firewall.logRefusedConnections = true;
-    # networking.firewall.logRefusedPackets = true;
-    # networking.firewall.logReversePathDrops = true;
+    # networking.firewall.enable = false;
   };
 }

nix/configuration/roles/kernel/default.nix

@@ -1,7 +1,3 @@
-# Check current config:
-#   nix build '/persist/machine_setup/nix/configuration#nixosConfigurations.hydra.pkgs.linux_me.configfile'
-#   cat $(nix eval --raw '/persist/machine_setup/nix/configuration#nixosConfigurations.hydra.pkgs.linux_me.configfile') | less
-
 {
   config,
   lib,
@@ -40,6 +36,39 @@ let
       PREEMPT_NONE = yes;
     };
   };
+  lto_type = with lib.kernel; {
+    none = {
+      LTO_NONE = yes;
+      LTO_CLANG_THIN = no;
+      LTO_CLANG_FULL = no;
+    };
+    thin = {
+      LTO_NONE = no;
+      LTO_CLANG_THIN = yes;
+      LTO_CLANG_FULL = no;
+    };
+    full = {
+      LTO_NONE = no;
+      LTO_CLANG_THIN = no;
+      LTO_CLANG_FULL = yes;
+    };
+  };
+  cpu_scheduler = with lib.kernel; {
+    # Burst-Oriented Response Enhancer
+    # For interactive workloads and gaming.
+    bore = {
+      SCHED_BORE = yes;
+    };
+    # Earliest Eligible Virtual Deadline First
+    # For general purpose computing.
+    eevdf = { };
+    # BitMap Queue CPU Scheduler
+    # For throughput-oriented workloads.
+    bmq = {
+      SCHED_ALT = yes;
+      SCHED_BMQ = yes;
+    };
+  };
   tick_hz =
     with lib.kernel;
     {
@@ -62,6 +91,56 @@ let
       CPU_FREQ_DEFAULT_GOV_PERFORMANCE = yes;
     };
   };
+  cpu_type = with lib.kernel; {
+    x86_64-v1 = {
+      GENERIC_CPU = yes;
+      MZEN4 = no;
+      X86_NATIVE_CPU = no;
+      X86_64_VERSION = freeform "1";
+    };
+    x86_64-v2 = {
+      GENERIC_CPU = yes;
+      MZEN4 = no;
+      X86_NATIVE_CPU = no;
+      X86_64_VERSION = freeform "2";
+    };
+    x86_64-v3 = {
+      GENERIC_CPU = yes;
+      MZEN4 = no;
+      X86_NATIVE_CPU = no;
+      X86_64_VERSION = freeform "3";
+    };
+    x86_64-v4 = {
+      GENERIC_CPU = yes;
+      MZEN4 = no;
+      X86_NATIVE_CPU = no;
+      X86_64_VERSION = freeform "4";
+    };
+    zen4 = {
+      GENERIC_CPU = no;
+      MZEN4 = yes;
+      X86_NATIVE_CPU = no;
+    };
+    default = { };
+  };
+  my_cpu_type = lib.mkMerge [
+    (lib.mkIf (!config.me.optimizations.enable) cpu_type.default)
+    (lib.mkIf (
+      config.me.optimizations.enable && config.me.optimizations.arch == "x86-64-v1"
+    ) cpu_type.x86_64-v1)
+    (lib.mkIf (
+      config.me.optimizations.enable && config.me.optimizations.arch == "x86-64-v2"
+    ) cpu_type.x86_64-v2)
+    (lib.mkIf (
+      config.me.optimizations.enable && config.me.optimizations.arch == "x86-64-v3"
+    ) cpu_type.x86_64-v3)
+    (lib.mkIf (
+      config.me.optimizations.enable && config.me.optimizations.arch == "x86-64-v4"
+    ) cpu_type.x86_64-v4)
+    (lib.mkIf (
+      config.me.optimizations.enable && config.me.optimizations.arch == "znver4"
+    ) cpu_type.zen4)
+  ];
   tick_rate = with lib.kernel; {
     # Always tick at the hz frequency.
     periodic = {
@@ -83,6 +162,8 @@ let
     tickless = {
       HZ_PERIODIC = no;
       NO_HZ_IDLE = no;
+      CONTEXT_TRACKING_FORCE = no;
+      NO_HZ_FULL_NODEF = yes;
       NO_HZ_FULL = yes;
       NO_HZ = yes;
       NO_HZ_COMMON = yes;
@@ -99,16 +180,49 @@ let
       TRANSPARENT_HUGEPAGE_MADVISE = yes;
     };
   };
+  io_scheduler = with lib.kernel; {
+    adios = {
+      MQ_IOSCHED_ADIOS = yes;
+    };
+    bfq = {
+      IOSCHED_BFQ = mkKernelOverride yes;
+    };
+  };
   common_config =
     with lib.kernel;
     {
       # Google's BBRv3 TCP congestion Control
       TCP_CONG_BBR = yes;
       DEFAULT_BBR = yes;
-    };
+
+      # TCP_CONG_CUBIC = module;
+      # DEFAULT_CUBIC = no;
+      # TCP_CONG_BBR = yes;
+      # DEFAULT_BBR = yes;
+      # DEFAULT_TCP_CONG = freeform "bbr";
+      # NET_SCH_FQ_CODEL = module;
+      # NET_SCH_FQ = yes;
+      # CONFIG_DEFAULT_FQ_CODEL = no;
+      # CONFIG_DEFAULT_FQ = yes;
+
+      # Enable the Control Flow Integrity sanitizer in clang
+      ARCH_SUPPORTS_CFI_CLANG = yes;
+      CFI_CLANG = yes;
+      CFI_AUTO_DEFAULT = yes;
+
+      # Use O3 optimizations
+      CC_OPTIMIZE_FOR_PERFORMANCE = no;
+      CC_OPTIMIZE_FOR_PERFORMANCE_O3 = yes;
+
+      # Enable Adaptive Deadline I/O Scheduler
+      MQ_IOSCHED_ADIOS = yes;
+    }
+    // my_cpu_type;
   flavors = {
     server = lib.mkMerge [
       preemption_type.none
+      lto_type.full
+      cpu_scheduler.eevdf
       tick_hz."300"
       performance_governor.default
       tick_rate.tickless
@@ -122,6 +236,8 @@ let
           RCU_LAZY = yes;
         }
         preemption_type.lazy
+        lto_type.full
+        cpu_scheduler.bore
         tick_hz."300"
         performance_governor.default
         tick_rate.tickless
@@ -176,8 +292,6 @@ in
                 additionalConfig: pkg:
                 pkg.override (oldconfig: {
                   structuredExtraConfig = lib.mkMerge ([ pkg.structuredExtraConfig ] ++ additionalConfig);
-                  # stdenv = pkgs.llvmPackages_latest.stdenv;
-                  # stdenv = pkgs.clangStdenv;
                 });
             in
             {

nix/configuration/roles/thunderbolt/default.nix

@@ -21,18 +21,5 @@
     environment.systemPackages = with pkgs; [
       bolt # For boltctl
     ];
-
-    services.hardware.bolt.enable = true;
-
-    # Trust all thunderbolt devices
-    # services.udev.packages = [
-    #   (pkgs.writeTextFile {
-    #     name = "removable";
-    #     text = ''
-    #       ACTION=="add", SUBSYSTEM=="thunderbolt", ATTR{authorized}=="0", ATTR{authorized}="1"
-    #     '';
-    #     destination = "/etc/udev/rules.d/99-removable.rules";
-    #   })
-    # ];
   };
 }