lkjsadlkjasldkjasd

base.nix

@@ -154,4 +154,13 @@
     noto-fonts-emoji
     noto-fonts-extra
   ];
+
+  services.fail2ban = {
+    ignoreIP = [
+      # Whitelist some subnets
+      "192.168.0.0/24" # local
+      "10.0.0.0/8" # local
+      "100.64.0.0/10" # tailscale
+    ];
+  };
 }

hardware/gpu/cuda.nix

@@ -15,7 +15,11 @@ lib.mkMerge [
   hardware.graphics.enable = true;
   hardware.graphics.enable32Bit = true;
 
-  # hardware.nvidia.open = if lib.versionOlder config.hardware.nvidia.package.version "560" then false else null;
+  # does not work on pascal
+  # hardware.nvidia.open = true;
+
+  # Experimental and only works on modern Nvidia GPUs (Turing or newer).
+  /* powerManagement.finegrained = true; */
 })
 {
 

hosts/nixos/bjarte/configuration.nix

@@ -6,6 +6,8 @@
 
   #boot.kernel.sysctl."vm.swappiness" = lib.mkDefault 10; # 0-100, commonly 60
 
+  zramSwap.enable = true;
+
   # for testing only, not for building
   boot.binfmt.addEmulatedSystemsToNixSandbox = false;
   boot.binfmt.emulatedSystems = [

profiles/known-hosts/default.nix

@@ -55,7 +55,7 @@ let
     ];
   hostNames = attrNames known-hosts;
   thisHost = known-hosts.${config.networking.fqdn};
-  thisHostIsBuilder = thisHost.buildMachine.maxJobs > 0;
+  thisHostIsBuilder = thisHost.buildMachine.maxJobs > 0 && thisHost.ssh ? listenPublicKey;
   thisHostIsBuildee = thisHost.ssh ? userPublicKey;
   thisHostIsHopHost = elem config.networking.fqdn (lib.forEach (attrValues known-hosts) (host: host.ssh.proxyJump or null));
 
@@ -66,7 +66,7 @@ let
       hostName = fqdn;
       sshUser = thatHost.ssh.listenUser;
     };
-    thatHostIsBuilder = thatHost.buildMachine.maxJobs > 0;
+    thatHostIsBuilder = thatHost.buildMachine.maxJobs > 0 && thatHost.ssh ? listenPublicKey;
     thatHostIsBuildee = thatHost.ssh ? userPublicKey && thisHostIsBuilder;
     thatHostIsThis = elem config.networking.fqdn ([ fqdn ] ++ thatHost.aliases);
   in lib.mkIf (!thatHostIsThis) ( lib.mkMerge [
@@ -130,4 +130,8 @@ in {
 
   imports = lib.forEach hostNames mkRemoteConfig;
 
+  nix.settings.max-jobs =
+    lib.mkIf ((thisHost.buildMachine.maxJobs or 0) > 0)
+    (lib.mkDefault thisHost.buildMachine.maxJobs);
+
 }

profiles/known-hosts/hosts.toml

@@ -65,7 +65,7 @@ ssh.proxyJump = "hildring.pvv.ntnu.no"
 ["garp.pbsds.net"] # gtx 1080
 aliases = [ "garp.tail9aac63.ts.net" ]
 buildMachine.systems = ["x86_64-linux", "i686-linux", "riscv64-linux"]
-# buildMachine.maxJobs = 2 # 8 threads 32GB
+buildMachine.maxJobs = 2 # 8 threads 32GB
 buildMachine.speedFactor = 4 # i7-6700
 buildMachine.supportedFeatures = ["kvm", "big-parallel", "nixos-test", "cuda"]
 ssh.listenPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOkcZ3cUAKk8uUvZPsX7PDBInkb3Eps3Xh+xVrhPY+sx"
@@ -115,6 +115,7 @@ ssh.listenPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGDuWdqEQ5mmVjuKi6f/Q
 
 ["bjarte.pbsds.net"]
 aliases = [ "bjarte.tail9aac63.ts.net" ]
+buildMachine.maxJobs = 2 # 8 threads 16GB
 ssh.userPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF4v1+FbiEa6Mohpf3/Una5ahKeKSG9yZ9iU5TC7ddL5 root@bjarte"
 # wakeonlan f8:75:a4:58:f1:35
 

profiles/shell.nix

@@ -61,6 +61,7 @@
     #(pkgs.jnv or unstable.jnv or null)
     xh
     htmlq
+    mprocs
     sysz systemctl-tui
     du-dust # du alternative
     ncdu    # Disk usage analyzer with an ncurses interface