wow
This commit is contained in:
parent
39ced22002
commit
dbbc62b63f
5
.envrc
5
.envrc
|
@ -15,9 +15,10 @@ if ! test -s .direnv/pull-date || test "$now" != "$(cat .direnv/pull-date)"; the
|
||||||
echo "$now" > .direnv/pull-date
|
echo "$now" > .direnv/pull-date
|
||||||
fi
|
fi
|
||||||
|
|
||||||
use flake .#envrc
|
|
||||||
|
|
||||||
if test -s .remote.toml; then
|
if ! test -s .remote.toml; then
|
||||||
|
use flake .#envrc-local
|
||||||
|
else
|
||||||
use flake .#envrc-remote
|
use flake .#envrc-remote
|
||||||
echo
|
echo
|
||||||
echo "Current remote: $(remote-host)"
|
echo "Current remote: $(remote-host)"
|
||||||
|
|
42
base.nix
42
base.nix
|
@ -15,42 +15,15 @@
|
||||||
)
|
)
|
||||||
];
|
];
|
||||||
|
|
||||||
|
# TODO: selectively whitelist?
|
||||||
nixpkgs.config.allowUnfree = true;
|
nixpkgs.config.allowUnfree = true;
|
||||||
nixpkgs.config.allowUnfreePredicate = (pkg: true);
|
nixpkgs.config.allowUnfreePredicate = (pkg: true);
|
||||||
nixpkgs.config.nonfreeLicensing = true; # used by ffmpeg
|
nixpkgs.config.nonfreeLicensing = true; # used by ffmpeg
|
||||||
|
|
||||||
# 'nixos-rebuild switch --upgrade', by default daily with no reboot
|
nix.settings.experimental-features = [
|
||||||
system.autoUpgrade.enable = true;
|
"nix-command"
|
||||||
#system.autoUpgrade.allowReboot = true; # reboot after a kernel (module) or initrd upgrade, consider also setting `rebootWindow`
|
"flakes"
|
||||||
/** /
|
|
||||||
# TODO: this doesn't work during 'nix eval' on a non-nixos machine
|
|
||||||
system.autoUpgrade.flake = "/etc/nixos";
|
|
||||||
system.autoUpgrade.flags = [
|
|
||||||
"--recreate-lock-file" # fetch new inputs
|
|
||||||
#"--commit-lock-file" # commit new lock to local git repo
|
|
||||||
# TODO: can i somehow first do a git pull --rebase --autostash with proper abort handling ?
|
|
||||||
"-L" # print build logs
|
|
||||||
];
|
];
|
||||||
#assertions = [
|
|
||||||
# { assertion = builtins.pathExists "/etc/nixos/flake.nix"; message = "You have yet to test systems without a flake in /etc/nixos"; }
|
|
||||||
#];
|
|
||||||
/**/
|
|
||||||
# TODO: make /etc/nixos a symlink to the in-store flake? - bad idea, horrible error recovery
|
|
||||||
# TODO: make /etc/nixos a checkout of repo?
|
|
||||||
# TODO: update only nixpkgs and unstable
|
|
||||||
system.autoUpgrade.flake = inputs.self.outPath; # a nix store path
|
|
||||||
#system.autoUpgrade.flake = "github:pbsds/nix-config"; # TODO: use this instead?
|
|
||||||
system.autoUpgrade.flags = [
|
|
||||||
"--recreate-lock-file" # fetch new inputs
|
|
||||||
"--no-write-lock-file" # no write new flakelock, as the in-store flake is read-only
|
|
||||||
"-L" # print build logs
|
|
||||||
];
|
|
||||||
environment.etc."current-system-flake".source = inputs.self; # the plan was to allow me to locate the new flake.lock, but alas https://github.com/NixOS/nix/issues/6895
|
|
||||||
/**/
|
|
||||||
|
|
||||||
environment.shells = with pkgs; [ bashInteractive zsh ]; # TODO: needed?
|
|
||||||
programs.zsh.enable = true;
|
|
||||||
|
|
||||||
nix.settings.allowed-users = [ "*" ]; # default
|
nix.settings.allowed-users = [ "*" ]; # default
|
||||||
#nix.settings.allowed-users = [ "@nixbld" "@builders" ]; # TODO: this
|
#nix.settings.allowed-users = [ "@nixbld" "@builders" ]; # TODO: this
|
||||||
nix.settings.trusted-users = [ "root" "@wheel" ];
|
nix.settings.trusted-users = [ "root" "@wheel" ];
|
||||||
|
@ -59,13 +32,8 @@
|
||||||
nix.gc.automatic = true;
|
nix.gc.automatic = true;
|
||||||
nix.gc.dates = "weekly";
|
nix.gc.dates = "weekly";
|
||||||
nix.gc.options = "--delete-older-than 30d";
|
nix.gc.options = "--delete-older-than 30d";
|
||||||
# TODO: can i make this non-string?
|
|
||||||
nix.extraOptions = ''
|
|
||||||
experimental-features = nix-command flakes
|
|
||||||
'';
|
|
||||||
|
|
||||||
# TODO: only if x86_64?
|
services.thermald.enable = lib.mkIf (config.nixpkgs.system == "x86_64-linux") true;
|
||||||
services.thermald.enable = true;
|
|
||||||
|
|
||||||
# firewall
|
# firewall
|
||||||
services.fail2ban.enable = config.services.openssh.enable;
|
services.fail2ban.enable = config.services.openssh.enable;
|
||||||
|
|
18
flake.nix
18
flake.nix
|
@ -106,7 +106,7 @@
|
||||||
# TODO: move nixos-hardware imports to the nixos configs?
|
# TODO: move nixos-hardware imports to the nixos configs?
|
||||||
noximilien = mkConfig "noximilien" "pbsds.net" "x86_64-linux" (with nm; [ common-pc common-pc-ssd common-cpu-intel ]);
|
noximilien = mkConfig "noximilien" "pbsds.net" "x86_64-linux" (with nm; [ common-pc common-pc-ssd common-cpu-intel ]);
|
||||||
bolle = mkConfig "bolle" "pbsds.net" "x86_64-linux" (with nm; [ common-pc common-pc-ssd common-cpu-intel ]);
|
bolle = mkConfig "bolle" "pbsds.net" "x86_64-linux" (with nm; [ common-pc common-pc-ssd common-cpu-intel ]);
|
||||||
nord = mkConfig "nord" "pbsds.net" "x86_64-linux" (with nm; [ common-pc common-pc-ssd common-cpu-intel-cpu-only common-gpu-amd common-hidpi ]);
|
nord = mkConfig "nord" "pbsds.net" "x86_64-linux" (with nm; [ common-pc common-pc-ssd common-cpu-intel-cpu-only common-cpu-intel-sandy-bridge common-gpu-amd common-hidpi ]);
|
||||||
sopp = mkConfig "sopp" "pbsds.net" "x86_64-linux" (with nm; [ common-pc common-pc-ssd common-cpu-intel common-gpu-nvidia-nonprime ]);
|
sopp = mkConfig "sopp" "pbsds.net" "x86_64-linux" (with nm; [ common-pc common-pc-ssd common-cpu-intel common-gpu-nvidia-nonprime ]);
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -125,24 +125,24 @@
|
||||||
});
|
});
|
||||||
|
|
||||||
devShells = forAllSystems ({ system, pkgs, ... }: let
|
devShells = forAllSystems ({ system, pkgs, ... }: let
|
||||||
inherit (self.packages.${system}) remote-exec;
|
|
||||||
mkShell = packages: pkgs.mkShell { inherit packages; };
|
mkShell = packages: pkgs.mkShell { inherit packages; };
|
||||||
nixos-rebuild-nom = pkgs.writeScriptBin "nixos-rebuild" ''
|
nixos-rebuild-nom = pkgs.writeScriptBin "nixos-rebuild" ''
|
||||||
exec ${pkgs.nixos-rebuild}/bin/nixos-rebuild "$@" |& ${pkgs.nix-output-monitor}/bin/nom
|
exec ${pkgs.nixos-rebuild}/bin/nixos-rebuild "$@" |& ${pkgs.nix-output-monitor}/bin/nom
|
||||||
'';
|
'';
|
||||||
in {
|
envrc-pkgs = [
|
||||||
remoteenv = mkShell [
|
|
||||||
nixos-rebuild-nom
|
|
||||||
];
|
|
||||||
envrc = mkShell [
|
|
||||||
nixos-rebuild-nom
|
nixos-rebuild-nom
|
||||||
pkgs.home-manager
|
pkgs.home-manager
|
||||||
pkgs.nix-output-monitor
|
pkgs.nix-output-monitor
|
||||||
pkgs.cachix
|
pkgs.cachix
|
||||||
];
|
];
|
||||||
envrc-remote = mkShell [
|
in {
|
||||||
remote-exec
|
envrc-local = mkShell envrc-pkgs;
|
||||||
|
envrc-remote = mkShell(envrc-pkgs ++ [
|
||||||
|
self.packages.${system}.remote-exec
|
||||||
pkgs.yq
|
pkgs.yq
|
||||||
|
]);
|
||||||
|
remoteenv = mkShell [
|
||||||
|
nixos-rebuild-nom
|
||||||
];
|
];
|
||||||
});
|
});
|
||||||
|
|
||||||
|
|
|
@ -6,7 +6,7 @@
|
||||||
# https://nixos.wiki/wiki/Nvidia
|
# https://nixos.wiki/wiki/Nvidia
|
||||||
|
|
||||||
#nixpkgs.config.cudaSupport = true; # TODO: TOO SLOW, BREAKS
|
#nixpkgs.config.cudaSupport = true; # TODO: TOO SLOW, BREAKS
|
||||||
#nixpkgs.config.nvidiaSupport = true; # TODO: used only by zenith
|
#nixpkgs.config.nvidiaSupport = true; # TODO: slow? used only by zenith
|
||||||
nixpkgs.config.allowUnfreePredicate = pkg: lib.any (x: x) [
|
nixpkgs.config.allowUnfreePredicate = pkg: lib.any (x: x) [
|
||||||
(lib.hasInfix "nvidia" (lib.toLower (lib.getName pkg)))
|
(lib.hasInfix "nvidia" (lib.toLower (lib.getName pkg)))
|
||||||
(lib.hasInfix "cuda" (lib.toLower (lib.getName pkg)))
|
(lib.hasInfix "cuda" (lib.toLower (lib.getName pkg)))
|
||||||
|
@ -21,12 +21,11 @@
|
||||||
libvdpau-va-gl
|
libvdpau-va-gl
|
||||||
];
|
];
|
||||||
|
|
||||||
hardware.nvidia.modesetting.enable = true; # needed for most wayland compositors
|
hardware.nvidia.modesetting.enable = lib.mkDefault true; # needed for most wayland compositors
|
||||||
hardware.nvidia.nvidiaSettings = true;
|
hardware.nvidia.nvidiaSettings = true;
|
||||||
#hardware.nvidia.open = true; # open source version of kernel module, only on driver 515.43.04+
|
#hardware.nvidia.open = true; # open source version of kernel module, only on driver 515.43.04+
|
||||||
hardware.nvidia.package = config.boot.kernelPackages.nvidiaPackages.latest;
|
#hardware.nvidia.package = config.boot.kernelPackages.nvidiaPackages.latest; # only do this per-host
|
||||||
#hardware.nvidia.package = config.boot.kernelPackages.nvidiaPackages.stable;
|
hardware.nvidia.powerManagement.enable = true; # Fix graphical corruption on suspend/resume
|
||||||
#hardware.nvidia.powerManagement.enable = true; # Fix graphical corruption on suspend/resume
|
|
||||||
|
|
||||||
# add this to the host in question:
|
# add this to the host in question:
|
||||||
#hardware.nvidia.prime = {
|
#hardware.nvidia.prime = {
|
||||||
|
@ -40,7 +39,7 @@
|
||||||
environment.systemPackages = with pkgs; ([
|
environment.systemPackages = with pkgs; ([
|
||||||
nvtop-nvidia
|
nvtop-nvidia
|
||||||
|
|
||||||
] ++ lib.optional config.hardware.nvidia.prime.offload.enable [
|
] ++ lib.optionals config.hardware.nvidia.prime.offload.enable [
|
||||||
(writeShellScriptBin "prime-run" ''
|
(writeShellScriptBin "prime-run" ''
|
||||||
export __NV_PRIME_RENDER_OFFLOAD=1
|
export __NV_PRIME_RENDER_OFFLOAD=1
|
||||||
export __NV_PRIME_RENDER_OFFLOAD_PROVIDER=NVIDIA-G0
|
export __NV_PRIME_RENDER_OFFLOAD_PROVIDER=NVIDIA-G0
|
||||||
|
|
|
@ -8,6 +8,7 @@
|
||||||
imports = [
|
imports = [
|
||||||
./hardware-configuration.nix
|
./hardware-configuration.nix
|
||||||
../../hardware/opengl-intel.nix
|
../../hardware/opengl-intel.nix
|
||||||
|
../../profiles/auto-upgrade.nix
|
||||||
|
|
||||||
../../users # home-manager
|
../../users # home-manager
|
||||||
../../users/pbsds
|
../../users/pbsds
|
||||||
|
@ -22,7 +23,7 @@
|
||||||
#../../profiles/remote-builders
|
#../../profiles/remote-builders
|
||||||
#../../profiles/autossh-reverse-tunnels
|
#../../profiles/autossh-reverse-tunnels
|
||||||
];
|
];
|
||||||
#services.domeneshop-updater.target = "bolle.pbsds.net"; # default?
|
#services.domeneshop-updater.target = [ "bolle.pbsds.net" ]; # TODO: secrets
|
||||||
|
|
||||||
services.thermald.enable = true;
|
services.thermald.enable = true;
|
||||||
|
|
||||||
|
|
|
@ -17,6 +17,7 @@
|
||||||
./hardware-configuration.nix
|
./hardware-configuration.nix
|
||||||
../../hardware/gpu/rocm.nix
|
../../hardware/gpu/rocm.nix
|
||||||
../../hardware/gpu/intel.nix
|
../../hardware/gpu/intel.nix
|
||||||
|
../../profiles/auto-upgrade.nix
|
||||||
|
|
||||||
../../users # home-manager
|
../../users # home-manager
|
||||||
../../users/pbsds
|
../../users/pbsds
|
||||||
|
|
|
@ -7,6 +7,7 @@
|
||||||
imports = [
|
imports = [
|
||||||
./hardware-configuration.nix
|
./hardware-configuration.nix
|
||||||
../../hardware/gpu/intel.nix
|
../../hardware/gpu/intel.nix
|
||||||
|
../../profiles/auto-upgrade.nix
|
||||||
|
|
||||||
../../users # home-manager
|
../../users # home-manager
|
||||||
../../users/pbsds
|
../../users/pbsds
|
||||||
|
|
|
@ -10,12 +10,19 @@
|
||||||
systemd.services."getty@tty1".enable = false;
|
systemd.services."getty@tty1".enable = false;
|
||||||
systemd.services."autovt@tty1".enable = false;
|
systemd.services."autovt@tty1".enable = false;
|
||||||
|
|
||||||
#boot.kernelPackages = pkgs.linuxPackages_latest; # amdgpu audio fix when at 4k@60fps
|
#boot.kernelPackages = pkgs.linuxPackages_latest;
|
||||||
|
#hardware.nvidia.package = config.boot.kernelPackages.nvidiaPackages.latest;
|
||||||
|
#hardware.nvidia.modesetting.enable = false; # makes atom behave, but mpv refuses to start
|
||||||
|
|
||||||
|
# PRIME:
|
||||||
|
#hardware.nvidia.prime.intelBusId = "PCI:0:02:0";
|
||||||
|
#hardware.nvidia.prime.nvidiaBusId = "PCI:1:00:0";
|
||||||
|
|
||||||
imports = [
|
imports = [
|
||||||
./hardware-configuration.nix
|
./hardware-configuration.nix
|
||||||
../../hardware/gpu/cuda.nix
|
../../hardware/gpu/cuda.nix
|
||||||
../../hardware/gpu/intel.nix
|
../../hardware/gpu/intel.nix
|
||||||
|
../../profiles/auto-upgrade.nix
|
||||||
|
|
||||||
../../users # home-manager
|
../../users # home-manager
|
||||||
../../users/pbsds
|
../../users/pbsds
|
||||||
|
|
|
@ -0,0 +1,35 @@
|
||||||
|
{ config, pkgs, lib, inputs, ... }:
|
||||||
|
{
|
||||||
|
# 'nixos-rebuild switch --upgrade', by default daily with no reboot
|
||||||
|
system.autoUpgrade.enable = true;
|
||||||
|
#system.autoUpgrade.allowReboot = true; # reboot after a kernel (module) or initrd upgrade, consider also setting `rebootWindow`
|
||||||
|
|
||||||
|
/** /
|
||||||
|
# TODO: this doesn't work during 'nix eval' on a non-nixos machine
|
||||||
|
system.autoUpgrade.flake = "/etc/nixos";
|
||||||
|
system.autoUpgrade.flags = [
|
||||||
|
"--recreate-lock-file" # fetch new inputs
|
||||||
|
#"--commit-lock-file" # commit new lock to local git repo
|
||||||
|
# TODO: can i somehow first do a git pull --rebase --autostash with proper abort handling ?
|
||||||
|
"-L" # print build logs
|
||||||
|
];
|
||||||
|
#assertions = [
|
||||||
|
# { assertion = builtins.pathExists "/etc/nixos/flake.nix"; message = "You have yet to test systems without a flake in /etc/nixos"; }
|
||||||
|
#];
|
||||||
|
/**/
|
||||||
|
|
||||||
|
/**/
|
||||||
|
# TODO: make /etc/nixos a symlink to the in-store flake? - bad idea, horrible error recovery
|
||||||
|
# TODO: make /etc/nixos a checkout of repo?
|
||||||
|
# TODO: update only nixpkgs and unstable
|
||||||
|
system.autoUpgrade.flake = inputs.self.outPath; # a nix store path
|
||||||
|
#system.autoUpgrade.flake = "github:pbsds/nix-config"; # TODO: use this instead?
|
||||||
|
system.autoUpgrade.flags = [
|
||||||
|
"--recreate-lock-file" # fetch new inputs
|
||||||
|
"--no-write-lock-file" # no write new flakelock, as the in-store flake is read-only
|
||||||
|
"-L" # print build logs
|
||||||
|
];
|
||||||
|
environment.etc."current-system-flake".source = inputs.self; # the plan was to allow me to locate the new flake.lock, but alas https://github.com/NixOS/nix/issues/6895
|
||||||
|
/**/
|
||||||
|
|
||||||
|
}
|
Loading…
Reference in New Issue