This commit is contained in:
Peder Bergebakken Sundt 2023-06-24 19:11:49 +02:00
parent 39ced22002
commit dbbc62b63f
10 changed files with 70 additions and 57 deletions

5
.envrc
View File

@ -15,9 +15,10 @@ if ! test -s .direnv/pull-date || test "$now" != "$(cat .direnv/pull-date)"; the
echo "$now" > .direnv/pull-date echo "$now" > .direnv/pull-date
fi fi
use flake .#envrc
if test -s .remote.toml; then if ! test -s .remote.toml; then
use flake .#envrc-local
else
use flake .#envrc-remote use flake .#envrc-remote
echo echo
echo "Current remote: $(remote-host)" echo "Current remote: $(remote-host)"

View File

@ -15,42 +15,15 @@
) )
]; ];
# TODO: selectively whitelist?
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
nixpkgs.config.allowUnfreePredicate = (pkg: true); nixpkgs.config.allowUnfreePredicate = (pkg: true);
nixpkgs.config.nonfreeLicensing = true; # used by ffmpeg nixpkgs.config.nonfreeLicensing = true; # used by ffmpeg
# 'nixos-rebuild switch --upgrade', by default daily with no reboot nix.settings.experimental-features = [
system.autoUpgrade.enable = true; "nix-command"
#system.autoUpgrade.allowReboot = true; # reboot after a kernel (module) or initrd upgrade, consider also setting `rebootWindow` "flakes"
/** /
# TODO: this doesn't work during 'nix eval' on a non-nixos machine
system.autoUpgrade.flake = "/etc/nixos";
system.autoUpgrade.flags = [
"--recreate-lock-file" # fetch new inputs
#"--commit-lock-file" # commit new lock to local git repo
# TODO: can i somehow first do a git pull --rebase --autostash with proper abort handling ?
"-L" # print build logs
]; ];
#assertions = [
# { assertion = builtins.pathExists "/etc/nixos/flake.nix"; message = "You have yet to test systems without a flake in /etc/nixos"; }
#];
/**/
# TODO: make /etc/nixos a symlink to the in-store flake? - bad idea, horrible error recovery
# TODO: make /etc/nixos a checkout of repo?
# TODO: update only nixpkgs and unstable
system.autoUpgrade.flake = inputs.self.outPath; # a nix store path
#system.autoUpgrade.flake = "github:pbsds/nix-config"; # TODO: use this instead?
system.autoUpgrade.flags = [
"--recreate-lock-file" # fetch new inputs
"--no-write-lock-file" # no write new flakelock, as the in-store flake is read-only
"-L" # print build logs
];
environment.etc."current-system-flake".source = inputs.self; # the plan was to allow me to locate the new flake.lock, but alas https://github.com/NixOS/nix/issues/6895
/**/
environment.shells = with pkgs; [ bashInteractive zsh ]; # TODO: needed?
programs.zsh.enable = true;
nix.settings.allowed-users = [ "*" ]; # default nix.settings.allowed-users = [ "*" ]; # default
#nix.settings.allowed-users = [ "@nixbld" "@builders" ]; # TODO: this #nix.settings.allowed-users = [ "@nixbld" "@builders" ]; # TODO: this
nix.settings.trusted-users = [ "root" "@wheel" ]; nix.settings.trusted-users = [ "root" "@wheel" ];
@ -59,13 +32,8 @@
nix.gc.automatic = true; nix.gc.automatic = true;
nix.gc.dates = "weekly"; nix.gc.dates = "weekly";
nix.gc.options = "--delete-older-than 30d"; nix.gc.options = "--delete-older-than 30d";
# TODO: can i make this non-string?
nix.extraOptions = ''
experimental-features = nix-command flakes
'';
# TODO: only if x86_64? services.thermald.enable = lib.mkIf (config.nixpkgs.system == "x86_64-linux") true;
services.thermald.enable = true;
# firewall # firewall
services.fail2ban.enable = config.services.openssh.enable; services.fail2ban.enable = config.services.openssh.enable;

View File

@ -106,7 +106,7 @@
# TODO: move nixos-hardware imports to the nixos configs? # TODO: move nixos-hardware imports to the nixos configs?
noximilien = mkConfig "noximilien" "pbsds.net" "x86_64-linux" (with nm; [ common-pc common-pc-ssd common-cpu-intel ]); noximilien = mkConfig "noximilien" "pbsds.net" "x86_64-linux" (with nm; [ common-pc common-pc-ssd common-cpu-intel ]);
bolle = mkConfig "bolle" "pbsds.net" "x86_64-linux" (with nm; [ common-pc common-pc-ssd common-cpu-intel ]); bolle = mkConfig "bolle" "pbsds.net" "x86_64-linux" (with nm; [ common-pc common-pc-ssd common-cpu-intel ]);
nord = mkConfig "nord" "pbsds.net" "x86_64-linux" (with nm; [ common-pc common-pc-ssd common-cpu-intel-cpu-only common-gpu-amd common-hidpi ]); nord = mkConfig "nord" "pbsds.net" "x86_64-linux" (with nm; [ common-pc common-pc-ssd common-cpu-intel-cpu-only common-cpu-intel-sandy-bridge common-gpu-amd common-hidpi ]);
sopp = mkConfig "sopp" "pbsds.net" "x86_64-linux" (with nm; [ common-pc common-pc-ssd common-cpu-intel common-gpu-nvidia-nonprime ]); sopp = mkConfig "sopp" "pbsds.net" "x86_64-linux" (with nm; [ common-pc common-pc-ssd common-cpu-intel common-gpu-nvidia-nonprime ]);
}; };
@ -125,24 +125,24 @@
}); });
devShells = forAllSystems ({ system, pkgs, ... }: let devShells = forAllSystems ({ system, pkgs, ... }: let
inherit (self.packages.${system}) remote-exec;
mkShell = packages: pkgs.mkShell { inherit packages; }; mkShell = packages: pkgs.mkShell { inherit packages; };
nixos-rebuild-nom = pkgs.writeScriptBin "nixos-rebuild" '' nixos-rebuild-nom = pkgs.writeScriptBin "nixos-rebuild" ''
exec ${pkgs.nixos-rebuild}/bin/nixos-rebuild "$@" |& ${pkgs.nix-output-monitor}/bin/nom exec ${pkgs.nixos-rebuild}/bin/nixos-rebuild "$@" |& ${pkgs.nix-output-monitor}/bin/nom
''; '';
in { envrc-pkgs = [
remoteenv = mkShell [
nixos-rebuild-nom
];
envrc = mkShell [
nixos-rebuild-nom nixos-rebuild-nom
pkgs.home-manager pkgs.home-manager
pkgs.nix-output-monitor pkgs.nix-output-monitor
pkgs.cachix pkgs.cachix
]; ];
envrc-remote = mkShell [ in {
remote-exec envrc-local = mkShell envrc-pkgs;
envrc-remote = mkShell(envrc-pkgs ++ [
self.packages.${system}.remote-exec
pkgs.yq pkgs.yq
]);
remoteenv = mkShell [
nixos-rebuild-nom
]; ];
}); });

View File

@ -6,7 +6,7 @@
# https://nixos.wiki/wiki/Nvidia # https://nixos.wiki/wiki/Nvidia
#nixpkgs.config.cudaSupport = true; # TODO: TOO SLOW, BREAKS #nixpkgs.config.cudaSupport = true; # TODO: TOO SLOW, BREAKS
#nixpkgs.config.nvidiaSupport = true; # TODO: used only by zenith #nixpkgs.config.nvidiaSupport = true; # TODO: slow? used only by zenith
nixpkgs.config.allowUnfreePredicate = pkg: lib.any (x: x) [ nixpkgs.config.allowUnfreePredicate = pkg: lib.any (x: x) [
(lib.hasInfix "nvidia" (lib.toLower (lib.getName pkg))) (lib.hasInfix "nvidia" (lib.toLower (lib.getName pkg)))
(lib.hasInfix "cuda" (lib.toLower (lib.getName pkg))) (lib.hasInfix "cuda" (lib.toLower (lib.getName pkg)))
@ -21,12 +21,11 @@
libvdpau-va-gl libvdpau-va-gl
]; ];
hardware.nvidia.modesetting.enable = true; # needed for most wayland compositors hardware.nvidia.modesetting.enable = lib.mkDefault true; # needed for most wayland compositors
hardware.nvidia.nvidiaSettings = true; hardware.nvidia.nvidiaSettings = true;
#hardware.nvidia.open = true; # open source version of kernel module, only on driver 515.43.04+ #hardware.nvidia.open = true; # open source version of kernel module, only on driver 515.43.04+
hardware.nvidia.package = config.boot.kernelPackages.nvidiaPackages.latest; #hardware.nvidia.package = config.boot.kernelPackages.nvidiaPackages.latest; # only do this per-host
#hardware.nvidia.package = config.boot.kernelPackages.nvidiaPackages.stable; hardware.nvidia.powerManagement.enable = true; # Fix graphical corruption on suspend/resume
#hardware.nvidia.powerManagement.enable = true; # Fix graphical corruption on suspend/resume
# add this to the host in question: # add this to the host in question:
#hardware.nvidia.prime = { #hardware.nvidia.prime = {
@ -40,7 +39,7 @@
environment.systemPackages = with pkgs; ([ environment.systemPackages = with pkgs; ([
nvtop-nvidia nvtop-nvidia
] ++ lib.optional config.hardware.nvidia.prime.offload.enable [ ] ++ lib.optionals config.hardware.nvidia.prime.offload.enable [
(writeShellScriptBin "prime-run" '' (writeShellScriptBin "prime-run" ''
export __NV_PRIME_RENDER_OFFLOAD=1 export __NV_PRIME_RENDER_OFFLOAD=1
export __NV_PRIME_RENDER_OFFLOAD_PROVIDER=NVIDIA-G0 export __NV_PRIME_RENDER_OFFLOAD_PROVIDER=NVIDIA-G0

View File

@ -8,6 +8,7 @@
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
../../hardware/opengl-intel.nix ../../hardware/opengl-intel.nix
../../profiles/auto-upgrade.nix
../../users # home-manager ../../users # home-manager
../../users/pbsds ../../users/pbsds
@ -22,7 +23,7 @@
#../../profiles/remote-builders #../../profiles/remote-builders
#../../profiles/autossh-reverse-tunnels #../../profiles/autossh-reverse-tunnels
]; ];
#services.domeneshop-updater.target = "bolle.pbsds.net"; # default? #services.domeneshop-updater.target = [ "bolle.pbsds.net" ]; # TODO: secrets
services.thermald.enable = true; services.thermald.enable = true;

View File

@ -17,6 +17,7 @@
./hardware-configuration.nix ./hardware-configuration.nix
../../hardware/gpu/rocm.nix ../../hardware/gpu/rocm.nix
../../hardware/gpu/intel.nix ../../hardware/gpu/intel.nix
../../profiles/auto-upgrade.nix
../../users # home-manager ../../users # home-manager
../../users/pbsds ../../users/pbsds

View File

@ -7,6 +7,7 @@
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
../../hardware/gpu/intel.nix ../../hardware/gpu/intel.nix
../../profiles/auto-upgrade.nix
../../users # home-manager ../../users # home-manager
../../users/pbsds ../../users/pbsds

View File

@ -10,12 +10,19 @@
systemd.services."getty@tty1".enable = false; systemd.services."getty@tty1".enable = false;
systemd.services."autovt@tty1".enable = false; systemd.services."autovt@tty1".enable = false;
#boot.kernelPackages = pkgs.linuxPackages_latest; # amdgpu audio fix when at 4k@60fps #boot.kernelPackages = pkgs.linuxPackages_latest;
#hardware.nvidia.package = config.boot.kernelPackages.nvidiaPackages.latest;
#hardware.nvidia.modesetting.enable = false; # makes atom behave, but mpv refuses to start
# PRIME:
#hardware.nvidia.prime.intelBusId = "PCI:0:02:0";
#hardware.nvidia.prime.nvidiaBusId = "PCI:1:00:0";
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
../../hardware/gpu/cuda.nix ../../hardware/gpu/cuda.nix
../../hardware/gpu/intel.nix ../../hardware/gpu/intel.nix
../../profiles/auto-upgrade.nix
../../users # home-manager ../../users # home-manager
../../users/pbsds ../../users/pbsds

35
profiles/auto-upgrade.nix Normal file
View File

@ -0,0 +1,35 @@
{ config, pkgs, lib, inputs, ... }:
{
# 'nixos-rebuild switch --upgrade', by default daily with no reboot
system.autoUpgrade.enable = true;
#system.autoUpgrade.allowReboot = true; # reboot after a kernel (module) or initrd upgrade, consider also setting `rebootWindow`
/** /
# TODO: this doesn't work during 'nix eval' on a non-nixos machine
system.autoUpgrade.flake = "/etc/nixos";
system.autoUpgrade.flags = [
"--recreate-lock-file" # fetch new inputs
#"--commit-lock-file" # commit new lock to local git repo
# TODO: can i somehow first do a git pull --rebase --autostash with proper abort handling ?
"-L" # print build logs
];
#assertions = [
# { assertion = builtins.pathExists "/etc/nixos/flake.nix"; message = "You have yet to test systems without a flake in /etc/nixos"; }
#];
/**/
/**/
# TODO: make /etc/nixos a symlink to the in-store flake? - bad idea, horrible error recovery
# TODO: make /etc/nixos a checkout of repo?
# TODO: update only nixpkgs and unstable
system.autoUpgrade.flake = inputs.self.outPath; # a nix store path
#system.autoUpgrade.flake = "github:pbsds/nix-config"; # TODO: use this instead?
system.autoUpgrade.flags = [
"--recreate-lock-file" # fetch new inputs
"--no-write-lock-file" # no write new flakelock, as the in-store flake is read-only
"-L" # print build logs
];
environment.etc."current-system-flake".source = inputs.self; # the plan was to allow me to locate the new flake.lock, but alas https://github.com/NixOS/nix/issues/6895
/**/
}