diff --git a/base.nix b/base.nix index 6de03c7..1497d17 100644 --- a/base.nix +++ b/base.nix @@ -154,4 +154,13 @@ noto-fonts-emoji noto-fonts-extra ]; + + services.fail2ban = { + ignoreIP = [ + # Whitelist some subnets + "192.168.0.0/24" # local + "10.0.0.0/8" # local + "100.64.0.0/10" # tailscale + ]; + }; } diff --git a/hardware/gpu/cuda.nix b/hardware/gpu/cuda.nix index ecb3a8b..e29dd94 100644 --- a/hardware/gpu/cuda.nix +++ b/hardware/gpu/cuda.nix @@ -15,7 +15,11 @@ lib.mkMerge [ hardware.graphics.enable = true; hardware.graphics.enable32Bit = true; - # hardware.nvidia.open = if lib.versionOlder config.hardware.nvidia.package.version "560" then false else null; + # does not work on pascal + # hardware.nvidia.open = true; + + # Experimental and only works on modern Nvidia GPUs (Turing or newer). + /* powerManagement.finegrained = true; */ }) { diff --git a/hosts/nixos/bjarte/configuration.nix b/hosts/nixos/bjarte/configuration.nix index e0eb339..3a56ee5 100644 --- a/hosts/nixos/bjarte/configuration.nix +++ b/hosts/nixos/bjarte/configuration.nix @@ -6,6 +6,8 @@ #boot.kernel.sysctl."vm.swappiness" = lib.mkDefault 10; # 0-100, commonly 60 + zramSwap.enable = true; + # for testing only, not for building boot.binfmt.addEmulatedSystemsToNixSandbox = false; boot.binfmt.emulatedSystems = [ diff --git a/profiles/known-hosts/default.nix b/profiles/known-hosts/default.nix index dac0b67..a6a89fc 100644 --- a/profiles/known-hosts/default.nix +++ b/profiles/known-hosts/default.nix @@ -55,7 +55,7 @@ let ]; hostNames = attrNames known-hosts; thisHost = known-hosts.${config.networking.fqdn}; - thisHostIsBuilder = thisHost.buildMachine.maxJobs > 0; + thisHostIsBuilder = thisHost.buildMachine.maxJobs > 0 && thisHost.ssh ? listenPublicKey; thisHostIsBuildee = thisHost.ssh ? userPublicKey; thisHostIsHopHost = elem config.networking.fqdn (lib.forEach (attrValues known-hosts) (host: host.ssh.proxyJump or null)); @@ -66,7 +66,7 @@ let hostName = fqdn; sshUser = thatHost.ssh.listenUser; }; - thatHostIsBuilder = thatHost.buildMachine.maxJobs > 0; + thatHostIsBuilder = thatHost.buildMachine.maxJobs > 0 && thatHost.ssh ? listenPublicKey; thatHostIsBuildee = thatHost.ssh ? userPublicKey && thisHostIsBuilder; thatHostIsThis = elem config.networking.fqdn ([ fqdn ] ++ thatHost.aliases); in lib.mkIf (!thatHostIsThis) ( lib.mkMerge [ @@ -130,4 +130,8 @@ in { imports = lib.forEach hostNames mkRemoteConfig; + nix.settings.max-jobs = + lib.mkIf ((thisHost.buildMachine.maxJobs or 0) > 0) + (lib.mkDefault thisHost.buildMachine.maxJobs); + } diff --git a/profiles/known-hosts/hosts.toml b/profiles/known-hosts/hosts.toml index 5b0be55..327c547 100644 --- a/profiles/known-hosts/hosts.toml +++ b/profiles/known-hosts/hosts.toml @@ -65,7 +65,7 @@ ssh.proxyJump = "hildring.pvv.ntnu.no" ["garp.pbsds.net"] # gtx 1080 aliases = [ "garp.tail9aac63.ts.net" ] buildMachine.systems = ["x86_64-linux", "i686-linux", "riscv64-linux"] -# buildMachine.maxJobs = 2 # 8 threads 32GB +buildMachine.maxJobs = 2 # 8 threads 32GB buildMachine.speedFactor = 4 # i7-6700 buildMachine.supportedFeatures = ["kvm", "big-parallel", "nixos-test", "cuda"] ssh.listenPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOkcZ3cUAKk8uUvZPsX7PDBInkb3Eps3Xh+xVrhPY+sx" @@ -115,6 +115,7 @@ ssh.listenPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGDuWdqEQ5mmVjuKi6f/Q ["bjarte.pbsds.net"] aliases = [ "bjarte.tail9aac63.ts.net" ] +buildMachine.maxJobs = 2 # 8 threads 16GB ssh.userPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF4v1+FbiEa6Mohpf3/Una5ahKeKSG9yZ9iU5TC7ddL5 root@bjarte" # wakeonlan f8:75:a4:58:f1:35 diff --git a/profiles/shell.nix b/profiles/shell.nix index 951b793..afd213b 100644 --- a/profiles/shell.nix +++ b/profiles/shell.nix @@ -61,6 +61,7 @@ #(pkgs.jnv or unstable.jnv or null) xh htmlq + mprocs sysz systemctl-tui du-dust # du alternative ncdu # Disk usage analyzer with an ncurses interface