From bf219a30c29cf3ce35a2d4f1a34ddf17aec32be1 Mon Sep 17 00:00:00 2001 From: Antoine VIALLON Date: Sun, 22 Mar 2026 21:56:13 +0100 Subject: [PATCH] fix(lint): nixfmt the whole tree --- boot.nix | 620 ++++++++++-------- default.nix | 2 +- desktop/browser.nix | 66 +- desktop/console.nix | 28 +- desktop/default.nix | 7 +- desktop/developer.nix | 69 +- desktop/flatpak.nix | 77 ++- desktop/games.nix | 58 +- desktop/general.nix | 47 +- desktop/gnome.nix | 131 ++-- desktop/multimedia.nix | 133 ++-- desktop/pipewire/pipewire-airplay.conf.nix | 117 ++-- .../pipewire/pipewire-noise-filter.conf.nix | 121 ++-- desktop/plasma/default.nix | 29 +- desktop/plasma/plasma6.nix | 10 +- desktop/printing.nix | 65 +- desktop/sddm.nix | 12 +- filesystems.nix | 70 +- filesystems/btrfs.nix | 23 +- filesystems/zfs.nix | 14 +- flake.nix | 47 +- general.nix | 40 +- hardware/amd/amdgpu.nix | 16 +- hardware/amd/cpu.nix | 40 +- hardware/amd/default.nix | 19 +- hardware/amd/radeon.nix | 14 +- hardware/amd/rocm.nix | 115 ++-- hardware/default.nix | 11 +- hardware/intel/cpu.nix | 10 +- hardware/intel/default.nix | 52 +- hardware/mesa.nix | 33 +- hardware/nvidia/default.nix | 25 +- hardware/nvidia/opensource.nix | 45 +- hardware/nvidia/proprietary.nix | 92 ++- laptop.nix | 67 +- lib/attrsets.nix | 36 +- lib/config.nix | 36 +- lib/debug.nix | 45 +- lib/default.nix | 42 +- lib/derivations.nix | 16 +- lib/math.nix | 18 +- lib/optimizations.nix | 563 ++++++++-------- lib/types.nix | 14 +- network.nix | 42 +- nix/builder.nix | 226 ++++--- nix/nix.nix | 87 ++- optimizations/optimizations.nix | 167 +++-- optimizations/services.nix | 11 +- packages.nix | 83 ++- packages/aspm_enable/default.nix | 33 +- packages/pinentry.nix | 1 - power.nix | 74 ++- programs/bash.nix | 7 +- programs/firefox.nix | 31 +- programs/git.nix | 8 +- programs/htop.nix | 45 +- programs/libreoffice.nix | 50 +- programs/nano.nix | 2 +- programs/nvtop.nix | 27 +- security/default.nix | 2 +- security/encryption.nix | 12 +- security/hardening.nix | 97 +-- security/tpm.nix | 22 +- services/default.nix | 2 +- services/general.nix | 125 ++-- services/gnupg.nix | 16 +- services/jupyterhub.nix | 54 +- windows/default.nix | 2 +- windows/wine.nix | 10 +- 69 files changed, 2605 insertions(+), 1726 deletions(-) diff --git a/boot.nix b/boot.nix index 9f2e189..d06331d 100644 --- a/boot.nix +++ b/boot.nix @@ -1,4 +1,11 @@ -{ config, pkgs, lib, myLib, options, ... }: +{ + config, + pkgs, + lib, + myLib, + options, + ... +}: with lib; let customKernelPatches = { @@ -14,7 +21,7 @@ let ZRAM_DEF_COMP_ZSTD y ''; }; - + enableX32ABI = { name = "enable-x32"; patch = null; @@ -41,78 +48,126 @@ let patch = ./remove-kernel-drm.patch; }; - backports = { }; - - optimizeForCPUArch = arch: let - archConfigMap = { - "k8" = "K8"; "opteron" = "K8"; "athlon64" = "K8"; "athlon-fx" = "K8"; - "k8-sse3" = "K8SSE3"; "opteron-sse3" = "K8SSE3"; "athlon64-sse3" = "K8SSE3"; - "znver1" = "ZEN"; "znver2" = "ZEN2"; "znver3" = "ZEN3"; "znver4" = "ZEN3"; - "bdver1" = "BULLDOZER"; "bdver2" = "PILEDRIVER"; "bdver3" = "STEAMROLLER"; "bdver4" = "EXCAVATOR"; - "barcelona" = "BARCELONA"; "amdfam10" = "BARCELONA"; - "btver1" = "BOBCAT"; "btver2" = "JAGUAR"; - "rocketlake" = "ROCKETLAKE"; "alderlake" = "ALDERLAKE"; - "sapphirerapids" = "SAPPHIRERAPIDS"; "tigerlake" = "TIGERLAKE"; "cooperlake" = "COOPERLAKE"; - "cascadelake" = "CASCADELAKE"; "icelake-server" = "ICELAKE"; "icelake-client" = "ICELAKE"; - "cannonlake" = "CANNONLAKE"; "skylake-avx512" = "SKYLAKEX"; - "tremont" = "GOLDMONTPLUS"; "goldmont-plus" = "GOLDMONTPLUS"; "goldmont" = "GOLDMONT"; - "silvermont" = "SILVERMONT"; "bonnel" = "GENERIC_CPU"; "skylake" = "SKYLAKE"; - "broadwell" = "BROADWELL"; "haswell" = "HASWELL"; - "ivybridge" = "IVYBRIDGE"; "sandybridge" = "SANDYBRIDGE"; - "westmere" = "WESTMERE"; "nehalem" = "NEHALEM"; - "core2" = "CORE2"; - "nocona" = "PSC"; "prescott" = "PSC"; "pentium4m" = "PSC"; "pentium4" = "PSC"; + optimizeForCPUArch = + arch: + let + archConfigMap = { + "k8" = "K8"; + "opteron" = "K8"; + "athlon64" = "K8"; + "athlon-fx" = "K8"; + "k8-sse3" = "K8SSE3"; + "opteron-sse3" = "K8SSE3"; + "athlon64-sse3" = "K8SSE3"; + "znver1" = "ZEN"; + "znver2" = "ZEN2"; + "znver3" = "ZEN3"; + "znver4" = "ZEN3"; + "bdver1" = "BULLDOZER"; + "bdver2" = "PILEDRIVER"; + "bdver3" = "STEAMROLLER"; + "bdver4" = "EXCAVATOR"; + "barcelona" = "BARCELONA"; + "amdfam10" = "BARCELONA"; + "btver1" = "BOBCAT"; + "btver2" = "JAGUAR"; - "nano-3000" = "GENERIC_CPU2"; "nano-x2" = "GENERIC_CPU2"; "nano-x4" = "GENERIC_CPU2"; - - "lujiazui" = "GENERIC_CPU2"; - - "native" = "NATIVE_INTEL"; "x86-64-v2" = "GENERIC_CPU2"; "x86-64-v3" = "GENERIC_CPU3"; "x86-64-v4" = "GENERIC_CPU4"; + "rocketlake" = "ROCKETLAKE"; + "alderlake" = "ALDERLAKE"; + "sapphirerapids" = "SAPPHIRERAPIDS"; + "tigerlake" = "TIGERLAKE"; + "cooperlake" = "COOPERLAKE"; + "cascadelake" = "CASCADELAKE"; + "icelake-server" = "ICELAKE"; + "icelake-client" = "ICELAKE"; + "cannonlake" = "CANNONLAKE"; + "skylake-avx512" = "SKYLAKEX"; + "tremont" = "GOLDMONTPLUS"; + "goldmont-plus" = "GOLDMONTPLUS"; + "goldmont" = "GOLDMONT"; + "silvermont" = "SILVERMONT"; + "bonnel" = "GENERIC_CPU"; + "skylake" = "SKYLAKE"; + "broadwell" = "BROADWELL"; + "haswell" = "HASWELL"; + "ivybridge" = "IVYBRIDGE"; + "sandybridge" = "SANDYBRIDGE"; + "westmere" = "WESTMERE"; + "nehalem" = "NEHALEM"; + "core2" = "CORE2"; + "nocona" = "PSC"; + "prescott" = "PSC"; + "pentium4m" = "PSC"; + "pentium4" = "PSC"; + + "nano-3000" = "GENERIC_CPU2"; + "nano-x2" = "GENERIC_CPU2"; + "nano-x4" = "GENERIC_CPU2"; + + "lujiazui" = "GENERIC_CPU2"; + + "native" = "NATIVE_INTEL"; + "x86-64-v2" = "GENERIC_CPU2"; + "x86-64-v3" = "GENERIC_CPU3"; + "x86-64-v4" = "GENERIC_CPU4"; + }; + + archToConfig = + arch: + if (hasAttr arch archConfigMap) then + archConfigMap."${arch}" + else + trace "Warning: '${arch}' not recognized, building for generic CPU" "GENERIC_CPU"; + in + { + name = "optimize-for-${arch}"; + patch = null; + extraConfig = '' + M${archToConfig arch} y + ''; }; - - archToConfig = arch: - if (hasAttr arch archConfigMap) then archConfigMap."${arch}" - else trace "Warning: '${arch}' not recognized, building for generic CPU" "GENERIC_CPU" - ; - in { - name = "optimize-for-${arch}"; - patch = null; - extraConfig = '' - M${archToConfig arch} y - ''; - }; }; - toCmdlineValue = v: if (isBool v) then (if v then "y" else "n") - else if (isInt v || isString v) then (toString v) - else if (isList v) then (concatStringsSep "," v) - else throw "Invalid value for kernel cmdline parameter"; + toCmdlineValue = + v: + if (isBool v) then + (if v then "y" else "n") + else if (isInt v || isString v) then + (toString v) + else if (isList v) then + (concatStringsSep "," v) + else + throw "Invalid value for kernel cmdline parameter"; - toCmdlineList = set: mapAttrsToList - (key: value: - if (isNull value) then - null - else if (value == "") then - "${key}" - else - "${key}=${toCmdlineValue value}" - ) set; + toCmdlineList = + set: + mapAttrsToList ( + key: value: + if (isNull value) then + null + else if (value == "") then + "${key}" + else + "${key}=${toCmdlineValue value}" + ) set; - isXanmod = kernel: ! isNull (strings.match ".*(xanmod).*" kernel.modDirVersion); + isXanmod = kernel: !isNull (strings.match ".*(xanmod).*" kernel.modDirVersion); kernelVersionOlder = ver: versionOlder cfg.kernel.package.version ver; - + cfg = config.aviallon.boot; generalCfg = config.aviallon.general; - allowUnfree = (types.isType types.attrs config.nixpkgs.config) - && (hasAttr "allowUnfree" config.nixpkgs.config) - && (getAttr "allowUnfree" config.nixpkgs.config); + allowUnfree = + (types.isType types.attrs config.nixpkgs.config) + && (hasAttr "allowUnfree" config.nixpkgs.config) + && (getAttr "allowUnfree" config.nixpkgs.config); cpuConfig = config.aviallon.general.cpu; -in { +in +{ options.aviallon.boot = { enable = mkOption { @@ -128,29 +183,28 @@ in { type = types.bool; }; - x32abi.enable = mkEnableOption "X32 kernel ABI"; kvdo.enable = mkEnableOption "dm-kvdo kernel module"; rtGroupSched.enable = mkEnableOption "RT cgroups"; # Breaks standard way of setting RT sched policy to processes energyModel.enable = mkEnableOption "Energy Model"; - + patches = { amdClusterId.enable = mkEnableOption "Energy Model"; }; - + efi = mkOption rec { description = "Use EFI bootloader"; example = true; type = with types; bool; }; - + legacy = mkOption rec { description = "Use legacy bootloader"; default = !cfg.efi; example = true; type = with types; bool; }; - + configurationLimit = mkOption { description = "Maximum number of generations in the boot menu"; default = 3; @@ -161,12 +215,19 @@ in { cmdline = mkOption { description = "Kernel params as attributes (instead of list). Set a parameter to `null` to remove it."; default = { }; - example = { "i915.fastboot" = true; }; - type = with types; lazyAttrsOf ( - nullOr ( - oneOf [ bool int str (listOf str) ] - ) - ); + example = { + "i915.fastboot" = true; + }; + type = + with types; + lazyAttrsOf ( + nullOr (oneOf [ + bool + int + str + (listOf str) + ]) + ); }; kernel = { @@ -179,16 +240,20 @@ in { addAttributes = mkOption { description = "Merge specified attributes to kernel derivation (via special overideAttrs)"; - default = {}; + default = { }; type = with types; attrs; - example = { KCFLAGS = "-Wall"; }; + example = { + KCFLAGS = "-Wall"; + }; }; addOptimizationAttributes = mkOption { description = "Merge specified attributes to kernel derivation IF aviallon.optimizations.enabled is true"; - default = {}; + default = { }; type = with types; attrs; - example = { KCFLAGS = "-O3 -fipa-pta"; }; + example = { + KCFLAGS = "-O3 -fipa-pta"; + }; }; }; @@ -196,216 +261,233 @@ in { }; imports = [ - ( mkRemovedOptionModule [ "aviallon" "boot" "extraKCflags" ] "Replaced by aviallon.boot.kernel.addOptimizationAttributes attrset" ) - ( mkRemovedOptionModule [ "aviallon" "boot" "loops_per_jiffies" ] "Actually unused by the kernel" ) + (mkRemovedOptionModule [ + "aviallon" + "boot" + "extraKCflags" + ] "Replaced by aviallon.boot.kernel.addOptimizationAttributes attrset") + (mkRemovedOptionModule [ "aviallon" "boot" "loops_per_jiffies" ] "Actually unused by the kernel") ]; config = mkMerge [ - { - assertions = [ - { assertion = cfg.efi -> !cfg.legacy; - message = "exactly one of aviallon.boot.efi and aviallon.boot.legacy must be set"; - } - { assertion = cfg.legacy -> cfg.useGrub; - message = "Using GRUB is mandatory for legacy BIOS"; - } - ]; + { + assertions = [ + { + assertion = cfg.efi -> !cfg.legacy; + message = "exactly one of aviallon.boot.efi and aviallon.boot.legacy must be set"; + } + { + assertion = cfg.legacy -> cfg.useGrub; + message = "Using GRUB is mandatory for legacy BIOS"; + } + ]; - boot.kernelParams = filter (v: ! (isNull v)) (toCmdlineList cfg.cmdline); - } - (mkIf cfg.enable { - - hardware.enableAllFirmware = allowUnfree; - hardware.enableRedistributableFirmware = true; + boot.kernelParams = filter (v: !(isNull v)) (toCmdlineList cfg.cmdline); + } + (mkIf cfg.enable { - aviallon.boot.cmdline = { - "syscall.x32" = mkIf cfg.x32abi.enable true; + hardware.enableAllFirmware = allowUnfree; + hardware.enableRedistributableFirmware = true; - # Reboot after 5 seconds on panic (prevent system lockup) - "panic" = 5; + aviallon.boot.cmdline = { + "syscall.x32" = mkIf cfg.x32abi.enable true; - # From systemd(1): systemd.show_status - # Takes a boolean argument or the constants error and auto. Can be also specified without an argument, with the same effect as a positive boolean. If enabled, the systemd manager (PID 1) shows - # terse service status updates on the console during bootup. With error, only messages about failures are shown, but boot is otherwise quiet. auto behaves like false until there is a significant - # delay in boot. Defaults to enabled, unless quiet is passed as kernel command line option, in which case it defaults to error. - "systemd.show_status" = - if config.boot.consoleLogLevel <= 1 then - "no" - else if config.boot.consoleLogLevel < 4 then - "error" - else if config.boot.consoleLogLevel == 4 then - "auto" - else - "yes" - ; + # Reboot after 5 seconds on panic (prevent system lockup) + "panic" = 5; - # 'quiet' is required to silence systemd-efi-stub messages - "quiet" = mkIf (config.boot.consoleLogLevel <= 4) true; - }; - - nixpkgs.overlays = [(final: prev: { - # Use bleeding-edge linux firmware - linux-firmware = prev.unstable.linux-firmware; - })]; - - boot = { - bootspec.enableValidation = true; - - initrd.kernelModules = [ ]; - initrd.availableKernelModules = [ "ehci_pci" ]; - - # Required for many features, like rootluks TPM-unlock, etc. - initrd.systemd.enable = true; - - initrd.compressor = "zstd"; - initrd.compressorArgs = [ "-T0" "-9" ]; - - kernelPackages = with myLib.debug; let - baseKernel = traceValWithPrefix "aviallon.boot.kernel.package" cfg.kernel.package; - - # Possible CFLAGS source : (myLib.optimizations.makeOptimizationFlags {}).CFLAGS - kCflags = traceValWithPrefix "kCflags" ( - [ - "-march=${cpuConfig.arch}" - "-mtune=${cpuConfig.tune or cpuConfig.arch}" - ] - ++ optional (! isNull cpuConfig.caches.lastLevel ) "--param l2-cache-size=${toString cpuConfig.caches.lastLevel}" - ++ optional (! isNull cpuConfig.caches.l1d ) "--param l1-cache-size=${toString cpuConfig.caches.l1d}" - ); - kRustflags = traceValWithPrefix "kRustflags" ( - [ - "-Ctarget-cpu=${cpuConfig.arch}" - "-Ctune-cpu=${cpuConfig.tune or cpuConfig.arch}" - ] - ); - - optimizedKernelAttrs = traceValWithPrefix "optimizedKernelAttrs" ( - optionalAttrs config.aviallon.optimizations.enable ( - myLib.attrsets.mergeAttrsRecursive - { - env = { - KCFLAGS = kCflags; - KRUSTFLAGS = kRustflags; - }; - } - (traceValWithPrefix "aviallon.boot.kernel.addOptimizationAttributes" cfg.kernel.addOptimizationAttributes) - ) - ); - moddedKernelAttrs = traceValWithPrefix "moddedKernelAttrs" ( - myLib.attrsets.mergeAttrsRecursive (traceValWithPrefix "aviallon.boot.kernel.addAttributes" cfg.kernel.addAttributes) optimizedKernelAttrs - ); - - noDRMKernel = - if cfg.removeKernelDRM then - baseKernel.overrideAttrs (old: { - passthru = baseKernel.passthru; - nativeBuildInputs = old.nativeBuildInputs ++ [ pkgs.gnused ]; - postPatch = (old.postPatch or "") + '' - sed -i -e 's/_EXPORT_SYMBOL(sym, "_gpl")/_EXPORT_SYMBOL(sym, "")/g' -e 's/__EXPORT_SYMBOL(sym, "_gpl", __stringify(ns))/__EXPORT_SYMBOL(sym, "", __stringify(ns))/g' include/linux/export.h - ''; - }) + # From systemd(1): systemd.show_status + # Takes a boolean argument or the constants error and auto. Can be also specified without an argument, with the same effect as a positive boolean. If enabled, the systemd manager (PID 1) shows + # terse service status updates on the console during bootup. With error, only messages about failures are shown, but boot is otherwise quiet. auto behaves like false until there is a significant + # delay in boot. Defaults to enabled, unless quiet is passed as kernel command line option, in which case it defaults to error. + "systemd.show_status" = + if config.boot.consoleLogLevel <= 1 then + "no" + else if config.boot.consoleLogLevel < 4 then + "error" + else if config.boot.consoleLogLevel == 4 then + "auto" else - baseKernel - ; - + "yes"; - moddedKernel = myLib.optimizations.addAttrs noDRMKernel moddedKernelAttrs; - - #patchedKernel = - # if (length config.boot.kernelPatches > 0) then - # moddedKernel.override (old: { - # structuredExtraConfig = mergeAttrs [ (old.structuredExtraConfig or {}) config.boot.kernelPatches.extraStructuredConfig ]; - # }) - # else - # moddedKernel - # ; - - in mkOverride 2 (pkgs.linuxPackagesFor noDRMKernel); - - kernelPatches = [] - ++ optional cfg.x32abi.enable customKernelPatches.enableX32ABI - ++ optional cfg.rtGroupSched.enable customKernelPatches.enableRTGroupSched - ++ optional cfg.energyModel.enable customKernelPatches.enableEnergyModel - ++ optional (isXanmod cfg.kernel.package && config.aviallon.optimizations.enable) (customKernelPatches.optimizeForCPUArch config.aviallon.general.cpu.arch) - ++ optional config.aviallon.optimizations.enable customKernelPatches.zstd - ; - - # Hide boot menu for systemd-boot by default - loader.timeout = mkIf (!cfg.useGrub) 0; - - loader.grub.enable = cfg.useGrub; - loader.grub = { - device = mkIf cfg.efi "nodev"; - efiSupport = cfg.efi; - configurationLimit = cfg.configurationLimit; - gfxpayloadBios = "keep"; + # 'quiet' is required to silence systemd-efi-stub messages + "quiet" = mkIf (config.boot.consoleLogLevel <= 4) true; }; - loader.systemd-boot = { - enable = cfg.efi && (!cfg.useGrub); - configurationLimit = cfg.configurationLimit; - consoleMode = mkDefault "max"; - extraInstallCommands = let - efiDir = config.boot.loader.efi.efiSysMountPoint; - in '' - export PATH="$PATH:${getBin pkgs.coreutils-full}/bin:${getBin pkgs.gnused}/bin" - rpath= - generation= - specialization= - boot_generation_path=$(realpath /run/booted-system) - for path in /nix/var/nix/profiles/system-*-link; do - rpath=$(realpath "$path") - ok=false - if [ "$rpath" = "$boot_generation_path" ]; then - echo "Good path: $path" - ok=true - fi - for spec in "$path"/specialisation/*; do - if [ "$(realpath $spec)" = "$boot_generation_path" ]; then - ok=true - specialization="$spec" - echo "Good specialization: $specialization" - break + nixpkgs.overlays = [ + (final: prev: { + # Use bleeding-edge linux firmware + linux-firmware = prev.unstable.linux-firmware; + }) + ]; + + boot = { + bootspec.enableValidation = true; + + initrd.kernelModules = [ ]; + initrd.availableKernelModules = [ "ehci_pci" ]; + + # Required for many features, like rootluks TPM-unlock, etc. + initrd.systemd.enable = true; + + initrd.compressor = "zstd"; + initrd.compressorArgs = [ + "-T0" + "-9" + ]; + + kernelPackages = + with myLib.debug; + let + baseKernel = traceValWithPrefix "aviallon.boot.kernel.package" cfg.kernel.package; + + # Possible CFLAGS source : (myLib.optimizations.makeOptimizationFlags {}).CFLAGS + kCflags = traceValWithPrefix "kCflags" ( + [ + "-march=${cpuConfig.arch}" + "-mtune=${cpuConfig.tune or cpuConfig.arch}" + ] + ++ optional ( + !isNull cpuConfig.caches.lastLevel + ) "--param l2-cache-size=${toString cpuConfig.caches.lastLevel}" + ++ optional (!isNull cpuConfig.caches.l1d) "--param l1-cache-size=${toString cpuConfig.caches.l1d}" + ); + kRustflags = traceValWithPrefix "kRustflags" ([ + "-Ctarget-cpu=${cpuConfig.arch}" + "-Ctune-cpu=${cpuConfig.tune or cpuConfig.arch}" + ]); + + optimizedKernelAttrs = traceValWithPrefix "optimizedKernelAttrs" ( + optionalAttrs config.aviallon.optimizations.enable ( + myLib.attrsets.mergeAttrsRecursive + { + env = { + KCFLAGS = kCflags; + KRUSTFLAGS = kRustflags; + }; + } + ( + traceValWithPrefix "aviallon.boot.kernel.addOptimizationAttributes" cfg.kernel.addOptimizationAttributes + ) + ) + ); + moddedKernelAttrs = traceValWithPrefix "moddedKernelAttrs" ( + myLib.attrsets.mergeAttrsRecursive (traceValWithPrefix "aviallon.boot.kernel.addAttributes" cfg.kernel.addAttributes) optimizedKernelAttrs + ); + + noDRMKernel = + if cfg.removeKernelDRM then + baseKernel.overrideAttrs (old: { + passthru = baseKernel.passthru; + nativeBuildInputs = old.nativeBuildInputs ++ [ pkgs.gnused ]; + postPatch = (old.postPatch or "") + '' + sed -i -e 's/_EXPORT_SYMBOL(sym, "_gpl")/_EXPORT_SYMBOL(sym, "")/g' -e 's/__EXPORT_SYMBOL(sym, "_gpl", __stringify(ns))/__EXPORT_SYMBOL(sym, "", __stringify(ns))/g' include/linux/export.h + ''; + }) + else + baseKernel; + + moddedKernel = myLib.optimizations.addAttrs noDRMKernel moddedKernelAttrs; + + #patchedKernel = + # if (length config.boot.kernelPatches > 0) then + # moddedKernel.override (old: { + # structuredExtraConfig = mergeAttrs [ (old.structuredExtraConfig or {}) config.boot.kernelPatches.extraStructuredConfig ]; + # }) + # else + # moddedKernel + # ; + + in + mkOverride 2 (pkgs.linuxPackagesFor noDRMKernel); + + kernelPatches = + [ ] + ++ optional cfg.x32abi.enable customKernelPatches.enableX32ABI + ++ optional cfg.rtGroupSched.enable customKernelPatches.enableRTGroupSched + ++ optional cfg.energyModel.enable customKernelPatches.enableEnergyModel + ++ optional (isXanmod cfg.kernel.package && config.aviallon.optimizations.enable) ( + customKernelPatches.optimizeForCPUArch config.aviallon.general.cpu.arch + ) + ++ optional config.aviallon.optimizations.enable customKernelPatches.zstd; + + # Hide boot menu for systemd-boot by default + loader.timeout = mkIf (!cfg.useGrub) 0; + + loader.grub.enable = cfg.useGrub; + loader.grub = { + device = mkIf cfg.efi "nodev"; + efiSupport = cfg.efi; + configurationLimit = cfg.configurationLimit; + gfxpayloadBios = "keep"; + }; + + loader.systemd-boot = { + enable = cfg.efi && (!cfg.useGrub); + configurationLimit = cfg.configurationLimit; + consoleMode = mkDefault "max"; + extraInstallCommands = + let + efiDir = config.boot.loader.efi.efiSysMountPoint; + in + '' + export PATH="$PATH:${getBin pkgs.coreutils-full}/bin:${getBin pkgs.gnused}/bin" + rpath= + generation= + specialization= + boot_generation_path=$(realpath /run/booted-system) + for path in /nix/var/nix/profiles/system-*-link; do + rpath=$(realpath "$path") + ok=false + if [ "$rpath" = "$boot_generation_path" ]; then + echo "Good path: $path" + ok=true + fi + for spec in "$path"/specialisation/*; do + if [ "$(realpath $spec)" = "$boot_generation_path" ]; then + ok=true + specialization="$spec" + echo "Good specialization: $specialization" + break + fi + done + if $ok; then + generation="''${path##*/system-}" + generation="''${generation%%-link}" + break + fi + done + if [ -z "$generation" ]; then + echo "Failed to find current boot's generation!" + exit 1 fi - done - if $ok; then - generation="''${path##*/system-}" - generation="''${generation%%-link}" - break - fi - done - if [ -z "$generation" ]; then - echo "Failed to find current boot's generation!" - exit 1 - fi - loader_entry="${efiDir}/loader/entries/nixos-generation-''${generation}.conf" - if ! [ -z "$specialization" ]; then - specialization_name=$(basename -- "$specialization") - echo "Specialization is: $specialization_name" - loader_entry="${efiDir}/loader/entries/nixos-generation-''${generation}-specialisation-''${specialization_name}.conf" - fi - - if ! [ -f "$loader_entry" ]; then - echo "Failed to find corresponding loader generation entry:" ''${loader_entry} "not found" - echo -e "\e[33mWARNING:\e[0m This may mean that your aviallon.boot.configurationLimit is set too low!" - exit 1 - fi + loader_entry="${efiDir}/loader/entries/nixos-generation-''${generation}.conf" + if ! [ -z "$specialization" ]; then + specialization_name=$(basename -- "$specialization") + echo "Specialization is: $specialization_name" + loader_entry="${efiDir}/loader/entries/nixos-generation-''${generation}-specialisation-''${specialization_name}.conf" + fi - sed -i 's/version /version /' "$loader_entry" && - echo "Marked generation $generation as last sucessfully booted" - ''; + if ! [ -f "$loader_entry" ]; then + echo "Failed to find corresponding loader generation entry:" ''${loader_entry} "not found" + echo -e "\e[33mWARNING:\e[0m This may mean that your aviallon.boot.configurationLimit is set too low!" + exit 1 + fi + + sed -i 's/version /version /' "$loader_entry" && + echo "Marked generation $generation as last sucessfully booted" + ''; + }; + + loader.generic-extlinux-compatible = { + configurationLimit = cfg.configurationLimit; + }; + + loader = { + efi.efiSysMountPoint = mkDefault "/boot/efi"; + efi.canTouchEfiVariables = mkDefault true; + }; }; - - loader.generic-extlinux-compatible = { - configurationLimit = cfg.configurationLimit; - }; - - loader = { - efi.efiSysMountPoint = mkDefault "/boot/efi"; - efi.canTouchEfiVariables = mkDefault true; - }; - }; - }) + }) ]; } diff --git a/default.nix b/default.nix index 9036995..1af9ce9 100644 --- a/default.nix +++ b/default.nix @@ -1,4 +1,4 @@ -{config, ...}: +{ config, ... }: { imports = [ ./general.nix diff --git a/desktop/browser.nix b/desktop/browser.nix index 110e995..9b577a6 100644 --- a/desktop/browser.nix +++ b/desktop/browser.nix @@ -1,56 +1,77 @@ -{ config, pkgs, lib, myLib, options, ... }: +{ + config, + pkgs, + lib, + myLib, + options, + ... +}: with lib; let cfg = config.aviallon.desktop; generalCfg = config.aviallon.general; -in { +in +{ options.aviallon.desktop.browser = { firefox.overrides = mkOption { internal = true; description = "Override firefox package settings"; type = types.attrs; - default = {}; - example = { enablePlasmaIntegration = true; }; + default = { }; + example = { + enablePlasmaIntegration = true; + }; }; chromium = { package = mkOption { internal = true; type = myLib.types.package'; default = pkgs.chromium; - example = literalExpression '' pkgs.ungoogled-chromium ''; + example = literalExpression ''pkgs.ungoogled-chromium ''; }; overrides = mkOption { internal = true; description = "Override chromium package settings"; type = types.attrs; - default = {}; - example = { commandLineArgs = [ "--enable-features=UseOzonePlatform" "--ozone-platform=wayland" ]; }; + default = { }; + example = { + commandLineArgs = [ + "--enable-features=UseOzonePlatform" + "--ozone-platform=wayland" + ]; + }; }; commandLineArgs = mkOption { description = "Override chromium flags"; type = with types; listOf str; default = [ "--ozone-platform-hint=auto" ]; - example = [ "--ozone-platform-hint=auto" "--ignore-gpu-blacklist" ]; + example = [ + "--ozone-platform-hint=auto" + "--ignore-gpu-blacklist" + ]; }; }; }; config = mkIf (cfg.enable && !generalCfg.minimal) { environment.systemPackages = with pkgs; [ - (cfg.browser.chromium.package.override cfg.browser.chromium.overrides) - # firefox is added by plasma or gnome - ]; + (cfg.browser.chromium.package.override cfg.browser.chromium.overrides) + # firefox is added by plasma or gnome + ]; - - nixpkgs.overlays = [(final: prev: { - myFirefox = (final.callPackage ../packages/firefox.nix cfg.browser.firefox.overrides); - })]; + nixpkgs.overlays = [ + (final: prev: { + myFirefox = (final.callPackage ../packages/firefox.nix cfg.browser.firefox.overrides); + }) + ]; aviallon.desktop.browser.chromium.overrides.enableWideVine = true; aviallon.programs.allowUnfreeList = [ - "chromium-unwrapped" "chrome-widevine-cdm" - "ungoogled-chromium" "chromium" # because of widevine + "chromium-unwrapped" + "chrome-widevine-cdm" + "ungoogled-chromium" + "chromium" # because of widevine ]; environment.variables = { @@ -58,8 +79,10 @@ in { }; aviallon.desktop.browser.chromium.overrides.commandLineArgs = cfg.browser.chromium.commandLineArgs; - aviallon.desktop.browser.chromium.commandLineArgs = mkIf generalCfg.unsafeOptimizations (options.aviallon.desktop.browser.chromium.commandLineArgs.default ++ [ - "--flag-switches-begin" + aviallon.desktop.browser.chromium.commandLineArgs = mkIf generalCfg.unsafeOptimizations ( + options.aviallon.desktop.browser.chromium.commandLineArgs.default + ++ [ + "--flag-switches-begin" "--ignore-gpu-blacklist" "--enable-gpu-rasterization" "--enable-quic" @@ -68,8 +91,9 @@ in { "--canvas-oop-rasterization" "--enable-features=VaapiVideoDecoder,VaapiVideoEncoder,WebRTCPipeWireCapturer" "--disable-features=UseChromeOSDirectVideoDecoder" - "--flag-switches-end" - ]); + "--flag-switches-end" + ] + ); programs.chromium = { enable = true; diff --git a/desktop/console.nix b/desktop/console.nix index 959de72..b56faf0 100644 --- a/desktop/console.nix +++ b/desktop/console.nix @@ -1,23 +1,25 @@ -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: with lib; let xcfg = config.services.xserver; generalCfg = config.aviallon.general; -in { +in +{ config = { services.kmscon = { hwRender = mkDefault xcfg.enable; - extraConfig = "" - + optionalString ( ! isNull xcfg.layout ) - "xkb-layout=${xcfg.layout}" - + optionalString ( ! isNull xcfg.xkbVariant ) - "xkb-variant=${xcfg.xkbVariant}" - + optionalString ( ! isNull xcfg.xkbOptions ) - "xkb-options=${xcfg.xkbOptions}" - + "font-dpi=${toString (xcfg.dpi or 96)}" - ; - enable = mkDefault (! generalCfg.minimal ); + extraConfig = + "" + + optionalString (!isNull xcfg.layout) "xkb-layout=${xcfg.layout}" + + optionalString (!isNull xcfg.xkbVariant) "xkb-variant=${xcfg.xkbVariant}" + + optionalString (!isNull xcfg.xkbOptions) "xkb-options=${xcfg.xkbOptions}" + + "font-dpi=${toString (xcfg.dpi or 96)}"; + enable = mkDefault (!generalCfg.minimal); }; }; } - diff --git a/desktop/default.nix b/desktop/default.nix index e5e7a62..c90314e 100644 --- a/desktop/default.nix +++ b/desktop/default.nix @@ -1,4 +1,9 @@ -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: with lib; { imports = [ diff --git a/desktop/developer.nix b/desktop/developer.nix index da313aa..468b1ec 100644 --- a/desktop/developer.nix +++ b/desktop/developer.nix @@ -1,12 +1,20 @@ -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: with lib; let cfg = config.aviallon.developer; generalCfg = config.aviallon.general; -in { +in +{ options.aviallon.developer = { enable = mkEnableOption "enable developer mode on this machine"; - virtualization.host.enable = (mkEnableOption "hypervisor virtualization services") // { default = true; }; + virtualization.host.enable = (mkEnableOption "hypervisor virtualization services") // { + default = true; + }; virtualbox.unstable = mkEnableOption "use unstable virtualbox"; }; config = mkIf cfg.enable { @@ -26,7 +34,7 @@ in { PROMPT_COMMAND="_direnv_hook''${PROMPT_COMMAND:+;$PROMPT_COMMAND}" fi ''; - + environment.systemPackages = with pkgs; [ #tabnine numactl @@ -54,20 +62,22 @@ in { ccls # C/C++ lua-language-server # Lua nil # Nix - + nixfmt-rfc-style (hiPrio clinfo) # hiPrio to override HIP's clinfo binutils cpuset gptfdisk # gdisk - + gcc gnumake cmake - linux-manual man-pages man-pages-posix - + linux-manual + man-pages + man-pages-posix + linuxHeaders # Virtualization tools @@ -99,7 +109,6 @@ in { }; }; - virtualisation.spiceUSBRedirection.enable = true; # Quality of life security.virtualisation.flushL1DataCache = "never"; # We do not care, we are on a dev platform @@ -109,19 +118,25 @@ in { host.enableHardening = false; # Causes kernel build failures }; - nixpkgs.overlays = [] - ++ optional cfg.virtualbox.unstable (final: prev: { - virtualbox = final.unstable.virtualbox; - virtualboxExtpack = final.unstable.virtualboxExtpack; - }) - ; + nixpkgs.overlays = + [ ] + ++ optional cfg.virtualbox.unstable ( + final: prev: { + virtualbox = final.unstable.virtualbox; + virtualboxExtpack = final.unstable.virtualboxExtpack; + } + ); console.enable = true; - boot.initrd.systemd.emergencyAccess = mkIf (config.users.users.root.hashedPassword != null) config.users.users.root.hashedPassword; + boot.initrd.systemd.emergencyAccess = mkIf ( + config.users.users.root.hashedPassword != null + ) config.users.users.root.hashedPassword; environment.extraOutputsToInstall = [ - "doc" "info" "dev" + "doc" + "info" + "dev" ]; services.ollama = { @@ -130,12 +145,14 @@ in { group = "ollama"; user = "ollama"; package = - if config.aviallon.hardware.amd.enable - then pkgs.unstable.ollama-rocm - else if (config.aviallon.hardware.nvidia.enable && config.aviallon.hardware.nvidia.variant != "nouveau") - then pkgs.unstable.ollama-cuda - else pkgs.unstable.ollama - ; + if config.aviallon.hardware.amd.enable then + pkgs.unstable.ollama-rocm + else if + (config.aviallon.hardware.nvidia.enable && config.aviallon.hardware.nvidia.variant != "nouveau") + then + pkgs.unstable.ollama-cuda + else + pkgs.unstable.ollama; }; aviallon.services.journald.extraConfig = { @@ -145,8 +162,10 @@ in { aviallon.boot.configurationLimit = mkDefault 10; aviallon.programs.allowUnfreeList = [ - "tabnine" "clion" - "Oracle_VM_VirtualBox_Extension_Pack" "virtualbox" + "tabnine" + "clion" + "Oracle_VM_VirtualBox_Extension_Pack" + "virtualbox" "intelephense" ]; }; diff --git a/desktop/flatpak.nix b/desktop/flatpak.nix index db95eba..785051c 100644 --- a/desktop/flatpak.nix +++ b/desktop/flatpak.nix @@ -1,45 +1,56 @@ -{ config, pkgs, lib, ...}: +{ + config, + pkgs, + lib, + ... +}: with lib; let cfg = config.aviallon.desktop; -in { +in +{ config = mkIf cfg.enable { - services.flatpak.enable = mkDefault true; - systemd.services.flatpak-add-flathub = { - script = '' - exec ${pkgs.flatpak}/bin/flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo - ''; - serviceConfig.Type = "oneshot"; - requires = [ - "network-online.target" - ]; - after = [ - "network-online.target" - ]; - wantedBy = [ - "graphical.target" - ]; - }; + services.flatpak.enable = mkDefault true; + systemd.services.flatpak-add-flathub = { + script = '' + exec ${pkgs.flatpak}/bin/flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo + ''; + serviceConfig.Type = "oneshot"; + requires = [ + "network-online.target" + ]; + after = [ + "network-online.target" + ]; + wantedBy = [ + "graphical.target" + ]; + }; - systemd.services.flatpak-workaround-cursors = { - script = '' - exec ${pkgs.flatpak}/bin/flatpak override --filesystem=/usr/share/icons/:ro - ''; - serviceConfig.Type = "oneshot"; - wantedBy = [ - "graphical.target" - ]; - }; + systemd.services.flatpak-workaround-cursors = { + script = '' + exec ${pkgs.flatpak}/bin/flatpak override --filesystem=/usr/share/icons/:ro + ''; + serviceConfig.Type = "oneshot"; + wantedBy = [ + "graphical.target" + ]; + }; - fileSystems = - let mkRoSymBind = path: { + fileSystems = + let + mkRoSymBind = path: { device = path; fsType = "none"; - options = [ "rbind" "ro" "x-gvfs-hide" ]; + options = [ + "rbind" + "ro" + "x-gvfs-hide" + ]; }; - in { + in + { "/usr/share/icons" = mkRoSymBind "/run/current-system/sw/share/icons"; }; - } - ; + }; } diff --git a/desktop/games.nix b/desktop/games.nix index e67e765..669ccba 100644 --- a/desktop/games.nix +++ b/desktop/games.nix @@ -1,11 +1,19 @@ -{ config, pkgs, lib, myLib, suyu, ... }: +{ + config, + pkgs, + lib, + myLib, + suyu, + ... +}: with lib; let cfg = config.aviallon.desktop; generalCfg = config.aviallon.general; optimizePkg = config.aviallon.optimizations.optimizePkg; mkTmpDir = dirpath: cleanup: "D ${dirpath} 777 root root ${cleanup}"; -in { +in +{ options = { aviallon.desktop.gaming = { @@ -24,27 +32,40 @@ in { }; }; }; - + config = mkIf cfg.gaming.enable { assertions = [ - { assertion = cfg.gaming.enable -> cfg.enable; message = "Gaming features requires desktop to be enabled"; } - { assertion = cfg.gaming.enable -> !generalCfg.minimal; message = "Gaming features are incompatible with minimal mode"; } + { + assertion = cfg.gaming.enable -> cfg.enable; + message = "Gaming features requires desktop to be enabled"; + } + { + assertion = cfg.gaming.enable -> !generalCfg.minimal; + message = "Gaming features are incompatible with minimal mode"; + } ]; - - environment.systemPackages = let - my_yuzu = cfg.gaming.yuzu.package.overrideAttrs (old: { - cmakeFlags = old.cmakeFlags ++ [ - #"-DYUZU_USE_PRECOMPILED_HEADERS=OFF" - #"-DDYNARMIC_USE_PRECOMPILED_HEADERS=OFF" - ]; - }); - in with pkgs; [ + + environment.systemPackages = + let + my_yuzu = cfg.gaming.yuzu.package.overrideAttrs (old: { + cmakeFlags = old.cmakeFlags ++ [ + #"-DYUZU_USE_PRECOMPILED_HEADERS=OFF" + #"-DDYNARMIC_USE_PRECOMPILED_HEADERS=OFF" + ]; + }); + in + with pkgs; + [ gamescope mangohud lutris bottles - ] ++ optionals cfg.gaming.emulation [ - (optimizePkg { recursive = 0; lto = false; } my_yuzu) + ] + ++ optionals cfg.gaming.emulation [ + (optimizePkg { + recursive = 0; + lto = false; + } my_yuzu) (optimizePkg { } cfg.gaming.ryujinx.package) ]; @@ -104,7 +125,10 @@ in { }; aviallon.programs.allowUnfreeList = [ - "steam" "steam-original" "steam-runtime" "steam-run" + "steam" + "steam-original" + "steam-runtime" + "steam-run" ]; }; diff --git a/desktop/general.nix b/desktop/general.nix index 7dfd8a6..4f46b9c 100644 --- a/desktop/general.nix +++ b/desktop/general.nix @@ -1,9 +1,16 @@ -{ config, pkgs, lib, myLib, ... }: +{ + config, + pkgs, + lib, + myLib, + ... +}: with lib; let cfg = config.aviallon.desktop; generalCfg = config.aviallon.general; -in { +in +{ options.aviallon.desktop = { enable = mkOption { default = true; @@ -14,7 +21,13 @@ in { environment = mkOption { default = "plasma"; example = "gnome"; - type = with types; enum [ "plasma" "plasma6" "gnome" ]; + type = + with types; + enum [ + "plasma" + "plasma6" + "gnome" + ]; description = "What Desktop Environment to use"; }; layout = mkOption { @@ -51,7 +64,13 @@ in { }; imports = [ - (mkRemovedOptionModule [ "aviallon" "desktop" "graphics" "shaderCache" "path" ] "Now always relative to $XDG_CACHE_HOME" ) + (mkRemovedOptionModule [ + "aviallon" + "desktop" + "graphics" + "shaderCache" + "path" + ] "Now always relative to $XDG_CACHE_HOME") ]; config = mkIf cfg.enable (mkMerge [ @@ -71,7 +90,6 @@ in { services.xserver.xkb.layout = cfg.layout; services.xserver.xkb.options = "eurosign:e"; - aviallon.boot.cmdline = { splash = mkIf (!generalCfg.debug) ""; "udev.log_level" = mkIf (!generalCfg.debug) 3; @@ -93,7 +111,7 @@ in { # Enable running X11 apps on Wayland programs.xwayland.enable = true; - + # Enable touchpad support (enabled default in most desktopManager). services.libinput.enable = true; @@ -104,9 +122,7 @@ in { p7zip ]; - - security.sudo.extraConfig = - '' + security.sudo.extraConfig = '' # Keep X and Wayland related variables for better GUI integration Defaults:root,%wheel env_keep+=DISPLAY Defaults:root,%wheel env_keep+=XAUTHORITY @@ -114,8 +130,7 @@ in { Defaults:root,%wheel env_keep+=WAYLAND_DISPLAY Defaults:root,%wheel env_keep+=WAYLAND_SOCKET Defaults:root,%wheel env_keep+=XDG_RUNTIME_DIR - '' - ; + ''; } (mkIf (!generalCfg.minimal) { @@ -135,7 +150,7 @@ in { programs.thunderbird.enable = true; hardware.graphics.enable32Bit = mkDefault cfg.gaming.enable; - + environment.systemPackages = with pkgs; [ mesa-demos vdpauinfo @@ -174,16 +189,16 @@ in { }; aviallon.programs.allowUnfreeList = [ - "spotify" "spotify-unwrapped" + "spotify" + "spotify-unwrapped" "veracrypt" ]; - aviallon.programs.libreoffice.enable = true; - + services.packagekit.enable = mkDefault true; - + # SmartCards #services.pcscd.enable = mkDefault true; diff --git a/desktop/gnome.nix b/desktop/gnome.nix index 2fe3f63..d542589 100644 --- a/desktop/gnome.nix +++ b/desktop/gnome.nix @@ -1,66 +1,73 @@ -{config, pkgs, lib, ...}: +{ + config, + pkgs, + lib, + ... +}: with lib; let - cfg = config.aviallon.desktop; -in { - config = mkIf (cfg.enable && (cfg.environment == "gnome")) { - services.xserver.desktopManager.gnome = { - enable = true; - }; - services.xserver.displayManager.gdm = { - enable = true; - }; - - services.gnome = { - sushi.enable = true; - tracker.enable = true; - tracker-miners.enable = true; - core-shell.enable = true; - gnome-keyring.enable = true; - glib-networking.enable = true; - gnome-user-share.enable = true; - core-os-services.enable = true; - gnome-remote-desktop.enable = true; - gnome-online-miners.enable = true; - gnome-initial-setup.enable = true; - gnome-settings-daemon.enable = true; - gnome-online-accounts.enable = true; - gnome-browser-connector.enable = true; - }; - - qt5.platformTheme = "gnome"; # Force Gnome theme for better UX - - xdg.portal = { - enable = mkDefault true; - }; - - programs.chromium.extensions = [ - "gphhapmejobijbbhgpjhcjognlahblep" # Gnome Shell integration - ]; - - programs.firefox.enable = true; - programs.firefox.nativeMessagingHosts.packages = [ pkgs.gnomeExtensions.bowser-gnome-extension ]; - - aviallon.programs.libreoffice.enable = true; - - environment.systemPackages = with pkgs; [ guake ] - ++ (with gnome; [ - gnome-software - ]) - ++ (with gnomeExtensions; [ - gamemode - dash-to-dock - dash-to-dock-toggle - dash-to-dock-animator - tray-icons-reloaded - ]) - ; - systemd.packages = with pkgs; [ - gnomeExtensions.gamemode - gnomeExtensions.dash-to-dock - gnomeExtensions.dash-to-dock-animator - gnomeExtensions.dash-to-dock-toggle - gnomeExtensions.tray-icons-reloaded - ]; + cfg = config.aviallon.desktop; +in +{ + config = mkIf (cfg.enable && (cfg.environment == "gnome")) { + services.xserver.desktopManager.gnome = { + enable = true; }; + services.xserver.displayManager.gdm = { + enable = true; + }; + + services.gnome = { + sushi.enable = true; + tracker.enable = true; + tracker-miners.enable = true; + core-shell.enable = true; + gnome-keyring.enable = true; + glib-networking.enable = true; + gnome-user-share.enable = true; + core-os-services.enable = true; + gnome-remote-desktop.enable = true; + gnome-online-miners.enable = true; + gnome-initial-setup.enable = true; + gnome-settings-daemon.enable = true; + gnome-online-accounts.enable = true; + gnome-browser-connector.enable = true; + }; + + qt5.platformTheme = "gnome"; # Force Gnome theme for better UX + + xdg.portal = { + enable = mkDefault true; + }; + + programs.chromium.extensions = [ + "gphhapmejobijbbhgpjhcjognlahblep" # Gnome Shell integration + ]; + + programs.firefox.enable = true; + programs.firefox.nativeMessagingHosts.packages = [ pkgs.gnomeExtensions.bowser-gnome-extension ]; + + aviallon.programs.libreoffice.enable = true; + + environment.systemPackages = + with pkgs; + [ guake ] + ++ (with gnome; [ + gnome-software + ]) + ++ (with gnomeExtensions; [ + gamemode + dash-to-dock + dash-to-dock-toggle + dash-to-dock-animator + tray-icons-reloaded + ]); + systemd.packages = with pkgs; [ + gnomeExtensions.gamemode + gnomeExtensions.dash-to-dock + gnomeExtensions.dash-to-dock-animator + gnomeExtensions.dash-to-dock-toggle + gnomeExtensions.tray-icons-reloaded + ]; + }; } diff --git a/desktop/multimedia.nix b/desktop/multimedia.nix index 4a6cd2a..e582149 100644 --- a/desktop/multimedia.nix +++ b/desktop/multimedia.nix @@ -1,4 +1,9 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: with lib; let cfg = config.aviallon.desktop; @@ -8,26 +13,31 @@ let noiseFilterStrength = cfg.audio.noise-filter.strength; }; - airplayConfig = pkgs.callPackage ./pipewire/pipewire-airplay.conf.nix {}; + airplayConfig = pkgs.callPackage ./pipewire/pipewire-airplay.conf.nix { }; # Multimedia Packages - ffmpeg-full-unfree = let - withUnfree = pkgs.unstable.ffmpeg-full.override { - withUnfree = true; - withTensorflow = false; - }; - in withUnfree; - -in { + ffmpeg-full-unfree = + let + withUnfree = pkgs.unstable.ffmpeg-full.override { + withUnfree = true; + withTensorflow = false; + }; + in + withUnfree; + +in +{ config = mkIf (cfg.enable && !generalCfg.minimal) { environment.systemPackages = with pkgs; [ ffmpeg-full-unfree krita - (pkgs.wrapOBS { plugins = with obs-studio-plugins; [ - obs-pipewire-audio-capture - ]; }) - + (pkgs.wrapOBS { + plugins = with obs-studio-plugins; [ + obs-pipewire-audio-capture + ]; + }) + #scribus yt-dlp #jellyfin-media-player # https://github.com/NixOS/nixpkgs/issues/437865 https://github.com/jellyfin/jellyfin-media-player/issues/282 @@ -36,10 +46,11 @@ in { #jamesdsp # Audio post-processing ]; - nixpkgs.overlays = [(final: prev: { - inherit ffmpeg-full-unfree; - })]; - + nixpkgs.overlays = [ + (final: prev: { + inherit ffmpeg-full-unfree; + }) + ]; # Enable sound. services.pulseaudio.enable = false; @@ -76,9 +87,12 @@ in { "node.description" = "Sortie combinée"; "combine.latency-compensate" = true; "combine.props" = { - "audio.position" = [ "FL" "FR" ]; + "audio.position" = [ + "FL" + "FR" + ]; }; - "stream.props" = {}; + "stream.props" = { }; "stream.rules" = [ { matches = [ @@ -90,7 +104,7 @@ in { "media.class" = "Audio/Sink"; } ]; - actions.create-stream = {}; + actions.create-stream = { }; } ]; }; @@ -105,50 +119,61 @@ in { "bluez5.enable-sbc-xq" = true; # Should be default now "bluez5.enable-msbc" = true; # Default "bluez5.enable-hw-volume" = true; # Default - "bluez5.headset-roles" = [ "hsp_hs" "hsp_ag" "hfp_hf" "hfp_ag" ]; + "bluez5.headset-roles" = [ + "hsp_hs" + "hsp_ag" + "hfp_hf" + "hfp_ag" + ]; }; }; - security.rtkit.enable = true; # Real-time support for pipewire aviallon.programs.allowUnfreeList = [ "ffmpeg-full" # Because of unfree codecs ]; - # Hardware-agnostic audio denoising - systemd.user.services = let - mkPipewireModule = {conf, description}: { - unitConfig = { - Slice = "session.slice"; - }; - serviceConfig = { - ExecStart = [ - "${getBin config.services.pipewire.package}/bin/pipewire -c ${conf}" - ]; - Type = "simple"; - Restart = "on-failure"; - }; - bindsTo = [ "pipewire.service" ]; - after = [ "pipewire.service" ]; - environment = { - PIPEWIRE_DEBUG = "3"; - }; - wantedBy = [ "pipewire.service" ]; - inherit description; + systemd.user.services = + let + mkPipewireModule = + { conf, description }: + { + unitConfig = { + Slice = "session.slice"; + }; + serviceConfig = { + ExecStart = [ + "${getBin config.services.pipewire.package}/bin/pipewire -c ${conf}" + ]; + Type = "simple"; + Restart = "on-failure"; + }; + bindsTo = [ "pipewire.service" ]; + after = [ "pipewire.service" ]; + environment = { + PIPEWIRE_DEBUG = "3"; + }; + wantedBy = [ "pipewire.service" ]; + inherit description; + }; + in + { + pipewire-noise-filter = mkIf cfg.audio.noise-filter.enable ( + (mkPipewireModule { + conf = filterConfig; + description = "Pipewire Noise Filter"; + }) + // { + enable = cfg.audio.noise-filter.strength > 0.0; + } + ); + pipewire-airplay-sink = mkIf cfg.audio.airplay.enable (mkPipewireModule { + conf = airplayConfig; + description = "Pipewire Airplay Sink"; + }); }; - in { - pipewire-noise-filter = mkIf cfg.audio.noise-filter.enable ( - (mkPipewireModule { conf = filterConfig; description = "Pipewire Noise Filter"; }) // - { - enable = cfg.audio.noise-filter.strength > 0.0; - } - ); - pipewire-airplay-sink = mkIf cfg.audio.airplay.enable ( - mkPipewireModule { conf = airplayConfig; description = "Pipewire Airplay Sink"; } - ); - }; }; } diff --git a/desktop/pipewire/pipewire-airplay.conf.nix b/desktop/pipewire/pipewire-airplay.conf.nix index b36e979..aacc279 100644 --- a/desktop/pipewire/pipewire-airplay.conf.nix +++ b/desktop/pipewire/pipewire-airplay.conf.nix @@ -1,63 +1,64 @@ -{ lib -, writeText +{ + lib, + writeText, }: -writeText "pipewire-airplay.conf" '' -# Noise canceling source -# -# start with pipewire -c filter-chain/source-rnnoise.conf -# -context.properties = { - log.level = 3 -} +writeText "pipewire-airplay.conf" '' + # Noise canceling source + # + # start with pipewire -c filter-chain/source-rnnoise.conf + # + context.properties = { + log.level = 3 + } -#context.spa-libs = { -# audio.convert.* = audioconvert/libspa-audioconvert -# support.* = support/libspa-support -#} + #context.spa-libs = { + # audio.convert.* = audioconvert/libspa-audioconvert + # support.* = support/libspa-support + #} -context.modules = [ - { name = libpipewire-module-rtkit - args = { - nice.level = -11 - } - flags = [ ifexists nofail ] - } - { name = libpipewire-module-protocol-native } - { name = libpipewire-module-client-node } - { name = libpipewire-module-adapter } + context.modules = [ + { name = libpipewire-module-rtkit + args = { + nice.level = -11 + } + flags = [ ifexists nofail ] + } + { name = libpipewire-module-protocol-native } + { name = libpipewire-module-client-node } + { name = libpipewire-module-adapter } - { name = libpipewire-raop-discover - args = { - #raop.latency.ms = 1000 - stream.rules = [ - { matches = [ - { raop.ip = "~.*" - #raop.port = 1000 - #raop.name = "" - #raop.hostname = "" - #raop.domain = "" - #raop.device = "" - #raop.transport = "udp" | "tcp" - #raop.encryption.type = "RSA" | "auth_setup" | "none" - #raop.audio.codec = "PCM" | "ALAC" | "AAC" | "AAC-ELD" - #audio.channels = 2 - #audio.format = "S16" | "S24" | "S32" - #audio.rate = 44100 - #device.model = "" - } - ] - actions = { - create-stream = { - #raop.password = "" - stream.props = { - #target.object = "" - media.class = "Audio/Sink" - } - } - } - } - ] # stream.rules - } # args - } -}]'' + { name = libpipewire-raop-discover + args = { + #raop.latency.ms = 1000 + stream.rules = [ + { matches = [ + { raop.ip = "~.*" + #raop.port = 1000 + #raop.name = "" + #raop.hostname = "" + #raop.domain = "" + #raop.device = "" + #raop.transport = "udp" | "tcp" + #raop.encryption.type = "RSA" | "auth_setup" | "none" + #raop.audio.codec = "PCM" | "ALAC" | "AAC" | "AAC-ELD" + #audio.channels = 2 + #audio.format = "S16" | "S24" | "S32" + #audio.rate = 44100 + #device.model = "" + } + ] + actions = { + create-stream = { + #raop.password = "" + stream.props = { + #target.object = "" + media.class = "Audio/Sink" + } + } + } + } + ] # stream.rules + } # args + } + }]'' diff --git a/desktop/pipewire/pipewire-noise-filter.conf.nix b/desktop/pipewire/pipewire-noise-filter.conf.nix index 2ea0eed..d9a065e 100644 --- a/desktop/pipewire/pipewire-noise-filter.conf.nix +++ b/desktop/pipewire/pipewire-noise-filter.conf.nix @@ -1,65 +1,66 @@ -{ lib -, writeText -, rnnoise-plugin -, noiseFilterStrength +{ + lib, + writeText, + rnnoise-plugin, + noiseFilterStrength, }: -writeText "pipewire-noise-filter.conf" '' -# Noise canceling source -# -# start with pipewire -c filter-chain/source-rnnoise.conf -# -context.properties = { - log.level = 3 -} +writeText "pipewire-noise-filter.conf" '' + # Noise canceling source + # + # start with pipewire -c filter-chain/source-rnnoise.conf + # + context.properties = { + log.level = 3 + } -context.spa-libs = { - audio.convert.* = audioconvert/libspa-audioconvert - support.* = support/libspa-support -} + context.spa-libs = { + audio.convert.* = audioconvert/libspa-audioconvert + support.* = support/libspa-support + } -context.modules = [ - { name = libpipewire-module-rtkit - args = { - nice.level = -11 - } - flags = [ ifexists nofail ] - } - { name = libpipewire-module-protocol-native } - { name = libpipewire-module-client-node } - { name = libpipewire-module-adapter } + context.modules = [ + { name = libpipewire-module-rtkit + args = { + nice.level = -11 + } + flags = [ ifexists nofail ] + } + { name = libpipewire-module-protocol-native } + { name = libpipewire-module-client-node } + { name = libpipewire-module-adapter } - { name = libpipewire-module-filter-chain - args = { - node.name = "rnnoise_source" - node.description = "Noise Canceling source" - media.name = "Noise Canceling source" - filter.graph = { - nodes = [ - { - type = ladspa - name = rnnoise - plugin = ${rnnoise-plugin}/lib/ladspa/librnnoise_ladspa.so - label = noise_suppressor_stereo - control = { - "VAD Threshold (%)" = ${toString noiseFilterStrength} - "VAD Grace Period (ms)" = 200 - "Retroactive VAD Grace (ms)" = 0 - } - } - ] - } - capture.props = { - node.name = "capture.rnnoise_source" - node.passive = true - audio.rate = 48000 - } - playback.props = { - node.name = "rnnoise_source.output" - media.class = Audio/Source - node.virtual = false - audio.rate = 48000 - } - } - } -]'' + { name = libpipewire-module-filter-chain + args = { + node.name = "rnnoise_source" + node.description = "Noise Canceling source" + media.name = "Noise Canceling source" + filter.graph = { + nodes = [ + { + type = ladspa + name = rnnoise + plugin = ${rnnoise-plugin}/lib/ladspa/librnnoise_ladspa.so + label = noise_suppressor_stereo + control = { + "VAD Threshold (%)" = ${toString noiseFilterStrength} + "VAD Grace Period (ms)" = 200 + "Retroactive VAD Grace (ms)" = 0 + } + } + ] + } + capture.props = { + node.name = "capture.rnnoise_source" + node.passive = true + audio.rate = 48000 + } + playback.props = { + node.name = "rnnoise_source.output" + media.class = Audio/Source + node.virtual = false + audio.rate = 48000 + } + } + } + ]'' diff --git a/desktop/plasma/default.nix b/desktop/plasma/default.nix index eae9279..b2f6d7b 100644 --- a/desktop/plasma/default.nix +++ b/desktop/plasma/default.nix @@ -1,16 +1,23 @@ -{config, pkgs, nixpkgs-unstable, lib, ...}: +{ + config, + pkgs, + nixpkgs-unstable, + lib, + ... +}: with lib; let cfg = config.aviallon.desktop; optimizeCfg = config.aviallon.optimizations; -in { +in +{ imports = [ ./plasma6.nix ]; - config = mkIf (cfg.enable && (cfg.environment == "plasma" || cfg.environment == "plasma6" )) { - programs.firefox.enable = true; + config = mkIf (cfg.enable && (cfg.environment == "plasma" || cfg.environment == "plasma6")) { + programs.firefox.enable = true; programs.firefox.policies.Extensions.Install = [ "plasma-browser-integration@kde.org" ]; programs.chromium.extensions = [ @@ -28,17 +35,17 @@ in { }; #environment.systemPackages = [ - #config.programs.gnupg.agent.pinentryPackage + #config.programs.gnupg.agent.pinentryPackage #]; systemd.user.services.setup-xdg-cursors = mkIf config.xdg.icons.enable { script = '' - [ -d "$HOME/.icons/default" ] || mkdir -p "$HOME/.icons/default" - cat >"$HOME/.icons/default/index.theme" <"$HOME/.icons/default/index.theme" < 0; in - if hasSwap then "150%" else "75%" - ; + if hasSwap then "150%" else "75%"; services.smartd = { enable = mkDefault true; @@ -137,4 +161,4 @@ in notifications.systembus-notify.enable = config.aviallon.desktop.enable; }; }; -} +} diff --git a/filesystems/btrfs.nix b/filesystems/btrfs.nix index 9340c4e..2de7c0c 100644 --- a/filesystems/btrfs.nix +++ b/filesystems/btrfs.nix @@ -1,12 +1,19 @@ -{ config, pkgs, lib, myLib, ... }: +{ + config, + pkgs, + lib, + myLib, + ... +}: with lib; let cfg = config.aviallon.filesystems.btrfs; #fsCfg = config.fileSystems; btrfsPaths = [ "/" ]; -# btrfsPaths = filterAttrs (n: v: v.fsType == "btrfs") fsCfg; + # btrfsPaths = filterAttrs (n: v: v.fsType == "btrfs") fsCfg; generalCfg = config.aviallon.general; -in { +in +{ options.aviallon.filesystems.btrfs = { enable = mkEnableOption "BTRFS support"; autoScrub = { @@ -57,11 +64,11 @@ in { }; systemd.services.duperemove = { script = '' - mkdir -p $DATA_DIR - exec ${pkgs.duperemove}/bin/duperemove \ - --io-threads=${toString cfg.autoDedup.ioThreads} --cpu-threads=${toString cfg.autoDedup.cpuThreads} \ - --dedupe-options=same \ - --hashfile=$DATA_DIR/hashes.db -h -v -rd "$@" + mkdir -p $DATA_DIR + exec ${pkgs.duperemove}/bin/duperemove \ + --io-threads=${toString cfg.autoDedup.ioThreads} --cpu-threads=${toString cfg.autoDedup.cpuThreads} \ + --dedupe-options=same \ + --hashfile=$DATA_DIR/hashes.db -h -v -rd "$@" ''; scriptArgs = concatStringsSep " " cfg.autoDedup.paths; # %S : state diff --git a/filesystems/zfs.nix b/filesystems/zfs.nix index f47b698..cecb08e 100644 --- a/filesystems/zfs.nix +++ b/filesystems/zfs.nix @@ -1,21 +1,27 @@ -{config, lib, pkgs, ...}: +{ + config, + lib, + pkgs, + ... +}: with lib; let cfg = config.aviallon.filesystems.zfs; -in { +in +{ options.aviallon.filesystems.zfs = { enable = mkEnableOption "ZFS support"; }; config = mkIf cfg.enable { - boot.initrd.supportedFilesystems = ["zfs"]; # boot from zfs + boot.initrd.supportedFilesystems = [ "zfs" ]; # boot from zfs boot.supportedFilesystems = [ "zfs" ]; aviallon.filesystems.udevRules = mkAfter [ # ZFS doesn't like additional schedulers ''SUBSYSTEM=="block", ACTION!="remove", KERNEL=="sd[a-z]*[0-9]*|mmcblk[0-9]*p[0-9]*|nvme[0-9]*n[0-9]*p[0-9]*", ENV{ID_FS_TYPE}=="zfs_member", ATTR{../queue/scheduler}="none"'' ]; - + services.zfs.autoScrub.enable = true; services.zfs.autoSnapshot.enable = true; diff --git a/flake.nix b/flake.nix index 02ef3b7..eb9a8c0 100644 --- a/flake.nix +++ b/flake.nix @@ -19,33 +19,36 @@ }; outputs = - inputs@{ self - , nixpkgs - , nur - , nixpkgs-unstable - , fps - , suyu - , ... - }: let + inputs@{ + self, + nixpkgs, + nur, + nixpkgs-unstable, + fps, + suyu, + ... + }: + let lib = nixpkgs.lib; myLib = import ./lib { inherit lib; }; - mkPkgs = pkgs: { system ? system - , config - , overlays ? [ ] - , ... - }: import pkgs { inherit system config overlays; }; - in { + mkPkgs = + pkgs: + { + system ? system, + config, + overlays ? [ ], + ... + }: + import pkgs { inherit system config overlays; }; + in + { inherit self inputs myLib; - overlays.default = final: prev: - self.overlay - final - (nur.overlay final prev) - ; + overlays.default = final: prev: self.overlay final (nur.overlay final prev); - overlay = (final: prev: {}); + overlay = (final: prev: { }); nixosModules = rec { aviallon = import ./default.nix; @@ -54,6 +57,8 @@ nixpkgsConfig = self.nixosModules.aviallon.aviallon.programs.config; - specialArgs = inputs // { inherit myLib; }; + specialArgs = inputs // { + inherit myLib; + }; }; } diff --git a/general.nix b/general.nix index a213e9d..939aeb8 100644 --- a/general.nix +++ b/general.nix @@ -1,4 +1,10 @@ -{ config, pkgs, lib, myLib, ... }: +{ + config, + pkgs, + lib, + myLib, + ... +}: with lib; let cfg = config.aviallon.general; @@ -8,7 +14,12 @@ let in { imports = [ - (mkRemovedOptionModule [ "aviallon" "general" "flakes" "enable" ] "Flakes are now enabled by default") + (mkRemovedOptionModule [ + "aviallon" + "general" + "flakes" + "enable" + ] "Flakes are now enabled by default") (mkRenamedOptionModule [ "aviallon" "general" "cpuVendor" ] [ "aviallon" "general" "cpu" "vendor" ]) (mkRenamedOptionModule [ "aviallon" "general" "cpuArch" ] [ "aviallon" "general" "cpu" "arch" ]) (mkRenamedOptionModule [ "aviallon" "general" "cpuTune" ] [ "aviallon" "general" "cpu" "tune" ]) @@ -24,7 +35,7 @@ in }; minimal = mkEnableOption "minimal installation"; - + cpu = { threads = mkOption { default = null; @@ -32,21 +43,16 @@ in description = "Number of physical threads of the machine"; type = with types; nullOr ints.positive; }; - + vendor = mkOption { default = null; example = "amd"; description = "Vendor of you CPU. Either AMD or Intel"; type = types.str; }; - + arch = mkOption { - default = - if cfg.cpu.x86.level >= 2 then - "x86-64-v${toString cfg.cpu.x86.level}" - else - "x86-64" - ; + default = if cfg.cpu.x86.level >= 2 then "x86-64-v${toString cfg.cpu.x86.level}" else "x86-64"; example = "x86-64-v2"; description = "Set CPU arch used in overlays, ..."; type = types.str; @@ -57,7 +63,7 @@ in description = "Set CPU tuning for compilers"; type = types.str; }; - + caches = { l1d = mkOption { default = null; @@ -84,7 +90,7 @@ in type = with types; nullOr ints.positive; }; }; - + x86 = { level = mkOption { default = 1; @@ -113,9 +119,11 @@ in font = "Lat2-Terminus16"; }; - boot.initrd.systemd.contents = mkIf (config.boot.initrd.systemd.enable && !config.console.earlySetup) { - "/etc/kbd/consolefonts".source = "${pkgs.kbd}/share/consolefonts"; - }; + boot.initrd.systemd.contents = + mkIf (config.boot.initrd.systemd.enable && !config.console.earlySetup) + { + "/etc/kbd/consolefonts".source = "${pkgs.kbd}/share/consolefonts"; + }; aviallon.boot.cmdline = mkIf cfg.unsafeOptimizations { mitigations = "off"; diff --git a/hardware/amd/amdgpu.nix b/hardware/amd/amdgpu.nix index b48cff8..c9dd588 100644 --- a/hardware/amd/amdgpu.nix +++ b/hardware/amd/amdgpu.nix @@ -1,11 +1,17 @@ -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: with lib; let cfg = config.aviallon.hardware.amd; devCfg = config.aviallon.developer; generalCfg = config.aviallon.general; -in { - config = mkIf (cfg.enable && cfg.kernelDriver == "amdgpu") { +in +{ + config = mkIf (cfg.enable && cfg.kernelDriver == "amdgpu") { boot.initrd.kernelModules = [ "amdgpu" ]; hardware.amdgpu.legacySupport.enable = true; @@ -22,9 +28,7 @@ in { SUBSYSTEM=="pci", DRIVER=="amdgpu", ATTR{power_dpm_force_performance_level}="auto" ''; - services.xserver.videoDrivers = - optional cfg.useProprietary "amdgpu-pro" - ++ [ "modesetting" ]; + services.xserver.videoDrivers = optional cfg.useProprietary "amdgpu-pro" ++ [ "modesetting" ]; hardware.amdgpu.opencl.enable = true; diff --git a/hardware/amd/cpu.nix b/hardware/amd/cpu.nix index c6a97a0..41a0d8b 100644 --- a/hardware/amd/cpu.nix +++ b/hardware/amd/cpu.nix @@ -1,16 +1,25 @@ -{config, pkgs, lib, ...}: +{ + config, + pkgs, + lib, + ... +}: with lib; let generalCfg = config.aviallon.general; - enableZenpower = (! isNull (builtins.match "znver[1-3]" generalCfg.cpu.arch)) && (versionOlder kernelVersion "6.13"); + enableZenpower = + (!isNull (builtins.match "znver[1-3]" generalCfg.cpu.arch)) && (versionOlder kernelVersion "6.13"); kernelVersion = getVersion config.boot.kernelPackages.kernel; -in { +in +{ config = mkIf (generalCfg.cpu.vendor == "amd") { boot.kernel.sysctl = { # Why: https://www.phoronix.com/news/Ryzen-Segv-Response # Workaround: https://forums.gentoo.org/viewtopic-p-2605135.html#2605135 - "kernel.randomize_va_space" = mkIf (generalCfg.cpu.arch == "znver1" ) (warn "Disable Adress Space Layout Randomization on Ryzen 1 CPU" 0); + "kernel.randomize_va_space" = mkIf (generalCfg.cpu.arch == "znver1") ( + warn "Disable Adress Space Layout Randomization on Ryzen 1 CPU" 0 + ); }; aviallon.boot.cmdline = { @@ -20,26 +29,23 @@ in { else if versionAtLeast kernelVersion "6.3" then "active" else - "passive" - ; - } // optionalAttrs (generalCfg.cpu.arch == "znver2") { + "passive"; + } + // optionalAttrs (generalCfg.cpu.arch == "znver2") { # Required for Zen 2 "amd_pstate.shared_memory" = 1; }; - aviallon.boot.patches = mkIf config.aviallon.optimizations.enable {}; + aviallon.boot.patches = mkIf config.aviallon.optimizations.enable { }; - boot.extraModulePackages = with config.boot.kernelPackages; [] - ++ optional enableZenpower (info "enable zenpower for Ryzen [1-3] CPU" zenpower) - ; + boot.extraModulePackages = + with config.boot.kernelPackages; + [ ] ++ optional enableZenpower (info "enable zenpower for Ryzen [1-3] CPU" zenpower); - boot.kernelModules = [] - ++ optional enableZenpower "zenpower" - ; + boot.kernelModules = [ ] ++ optional enableZenpower "zenpower"; - boot.blacklistedKernelModules = [] - ++ optional enableZenpower "k10-temp" # Superseded by zenpower + boot.blacklistedKernelModules = + [ ] ++ optional enableZenpower "k10-temp" # Superseded by zenpower ; }; } - diff --git a/hardware/amd/default.nix b/hardware/amd/default.nix index bc80fdc..853baf0 100644 --- a/hardware/amd/default.nix +++ b/hardware/amd/default.nix @@ -1,9 +1,15 @@ -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: with lib; let cfg = config.aviallon.hardware.amd; generalCfg = config.aviallon.general; -in { +in +{ options.aviallon.hardware.amd = { enable = mkEnableOption "AMD gpus"; useProprietary = mkEnableOption "Use proprietary AMDGPU Pro"; @@ -14,7 +20,12 @@ in { }; kernelDriver = mkOption { description = "wether to use radeon or amdgpu kernel driver"; - type = with types; enum [ "radeon" "amdgpu" ]; + type = + with types; + enum [ + "radeon" + "amdgpu" + ]; default = "amdgpu"; }; }; @@ -25,7 +36,7 @@ in { ./radeon.nix ./rocm.nix ]; - + config = mkIf cfg.enable { aviallon.programs.nvtop = { diff --git a/hardware/amd/radeon.nix b/hardware/amd/radeon.nix index 671cc1e..efd1372 100644 --- a/hardware/amd/radeon.nix +++ b/hardware/amd/radeon.nix @@ -1,10 +1,16 @@ -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: with lib; let cfg = config.aviallon.hardware.amd; devCfg = config.aviallon.developer; generalCfg = config.aviallon.general; -in { +in +{ config = mkIf (cfg.enable && cfg.kernelDriver == "radeon") { boot.initrd.kernelModules = [ "radeon" ]; @@ -12,13 +18,13 @@ in { }; environment.systemPackages = with pkgs; [ - + ]; services.xserver.videoDrivers = [ "modesetting" ]; - environment.variables = {}; + environment.variables = { }; }; } diff --git a/hardware/amd/rocm.nix b/hardware/amd/rocm.nix index cc56b0f..56ce312 100644 --- a/hardware/amd/rocm.nix +++ b/hardware/amd/rocm.nix @@ -1,4 +1,9 @@ -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: with lib; let cfg = config.aviallon.hardware.amd; @@ -22,25 +27,31 @@ let gxf1036 = "10.3.0"; }; - /*autoDetectGPU = pkgs: pkgs.callPackage ( - { runCommandLocal, - gnugrep, - rocmPackages, - }: runCommandLocal "hsa-version" { nativeBuildInputs = [ gnugrep rocmPackages.rocminfo ]; } '' - set +e - mkdir -p $out/ - echo "Computing HSA version" &>/dev/stderr - ls -l /dev/kfd - rocminfo &>/dev/stderr - rocminfo | grep --only-matching --perl-regexp '^\s*Name:\s+\Kgfx[0-9a-f]+' | tee $out/output - '' - ) { };*/ + /* + autoDetectGPU = pkgs: pkgs.callPackage ( + { runCommandLocal, + gnugrep, + rocmPackages, + }: runCommandLocal "hsa-version" { nativeBuildInputs = [ gnugrep rocmPackages.rocminfo ]; } '' + set +e + mkdir -p $out/ + echo "Computing HSA version" &>/dev/stderr + ls -l /dev/kfd + rocminfo &>/dev/stderr + rocminfo | grep --only-matching --perl-regexp '^\s*Name:\s+\Kgfx[0-9a-f]+' | tee $out/output + '' + ) { }; + */ - gfxToCompatible = gfxISA: if (hasAttr gfxISA gfxToCompatibleMap) then (getAttr gfxISA gfxToCompatibleMap) else ""; -in { + gfxToCompatible = + gfxISA: if (hasAttr gfxISA gfxToCompatibleMap) then (getAttr gfxISA gfxToCompatibleMap) else ""; +in +{ options.aviallon.hardware.amd.rocm = { - enable = (mkEnableOption "ROCm configuration") // { default = true; }; + enable = (mkEnableOption "ROCm configuration") // { + default = true; + }; gfxISA = mkOption { description = "What is the GFX ISA of your system. Leave blank if you have several GPUs of incompatible ISAs"; default = ""; @@ -49,47 +60,55 @@ in { }; gpuTargets = mkOption { description = "Override supported GPU ISAs in some ROCm packages."; - default = [ "803" - "900" - "906:xnack-" - "908:xnack-" - "90a:xnack+" "90a:xnack-" - "940" - "941" - "942" - "1010" - "1012" - "1030" - "1031" - "1100" - "1101" - "1102" ]; - example = [ "900" "1031" ]; + default = [ + "803" + "900" + "906:xnack-" + "908:xnack-" + "90a:xnack+" + "90a:xnack-" + "940" + "941" + "942" + "1010" + "1012" + "1030" + "1031" + "1100" + "1101" + "1102" + ]; + example = [ + "900" + "1031" + ]; type = with types; nullOr (listOf str); }; }; - config = mkIf (cfg.enable && localCfg.enable) { - environment.systemPackages = with pkgs; + config = mkIf (cfg.enable && localCfg.enable) { + environment.systemPackages = + with pkgs; [ rocmPackages.rocm-smi #rocmPackages.meta.rocm-ml-libraries #rocmPackages.meta.rocm-hip-runtime #pkgs.autoDetectGPU - ] ++ optionals devCfg.enable [ - rocmPackages.rocminfo ] - ; + ++ optionals devCfg.enable [ + rocmPackages.rocminfo + ]; #systemd.tmpfiles.rules = [ # "L+ /opt/rocm/hip - - - - ${pkgs.rocmPackages.meta.rocm-hip-runtime}" - #"L+ /tmp/hsa-version - - - - ${pkgs.autoDetectGPU}" + #"L+ /tmp/hsa-version - - - - ${pkgs.autoDetectGPU}" #]; environment.variables = { - ROC_ENABLE_PRE_VEGA = "1"; # Enable OpenCL with Polaris GPUs - } // (mkIf (gfxToCompatible cfg.rocm.gfxISA != "") { + ROC_ENABLE_PRE_VEGA = "1"; # Enable OpenCL with Polaris GPUs + } + // (mkIf (gfxToCompatible cfg.rocm.gfxISA != "") { HSA_OVERRIDE_GFX_VERSION = gfxToCompatible cfg.rocm.gfxISA; }); @@ -101,14 +120,19 @@ in { ]; nix.settings.substituters = [ "https://nixos-rocm.cachix.org" ]; - nix.settings.trusted-public-keys = [ "nixos-rocm.cachix.org-1:VEpsf7pRIijjd8csKjFNBGzkBqOmw8H9PRmgAq14LnE=" ]; + nix.settings.trusted-public-keys = [ + "nixos-rocm.cachix.org-1:VEpsf7pRIijjd8csKjFNBGzkBqOmw8H9PRmgAq14LnE=" + ]; nixpkgs.config.rocmSupport = true; - nixpkgs.overlays = mkIf (! isNull localCfg.gpuTargets) (mkBefore [(final: prev: { + nixpkgs.overlays = mkIf (!isNull localCfg.gpuTargets) (mkBefore [ + (final: prev: { #rocmPackages_5 = final.rocmPackages; rocmPackages = prev.rocmPackages // { - clr = prev.rocmPackages.clr.override { localGpuTargets = lib.forEach localCfg.gpuTargets (target: "gfx${target}"); }; + clr = prev.rocmPackages.clr.override { + localGpuTargets = lib.forEach localCfg.gpuTargets (target: "gfx${target}"); + }; rocdbgapi = prev.rocmPackages.rocdbgapi.override { buildDocs = false; }; # (oldAttrs: { # passthru = oldAttrs.passthru // { @@ -122,6 +146,7 @@ in { # gpuTargets = lib.forEach localCfg.gpuTargets (target: "gfx${target}"); #}; }; - })]); + }) + ]); }; } diff --git a/hardware/default.nix b/hardware/default.nix index bfa3d03..5af2c59 100644 --- a/hardware/default.nix +++ b/hardware/default.nix @@ -1,4 +1,9 @@ -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: with lib; let cfg = config.aviallon.hardware; @@ -6,7 +11,7 @@ let generalCfg = config.aviallon.general; in { - options.aviallon.hardware = { }; + options.aviallon.hardware = { }; imports = [ ./amd @@ -15,6 +20,6 @@ in ./mesa.nix ]; - config = {}; + config = { }; } diff --git a/hardware/intel/cpu.nix b/hardware/intel/cpu.nix index 4467997..ecf4b2f 100644 --- a/hardware/intel/cpu.nix +++ b/hardware/intel/cpu.nix @@ -1,9 +1,15 @@ -{config, pkgs, lib, ...}: +{ + config, + pkgs, + lib, + ... +}: with lib; let generalCfg = config.aviallon.general; throttledService = "throttled"; -in { +in +{ config = mkIf (generalCfg.cpu.vendor == "intel") { aviallon.boot.cmdline = { "intel_pstate" = "passive"; diff --git a/hardware/intel/default.nix b/hardware/intel/default.nix index de7ba0f..fea8739 100644 --- a/hardware/intel/default.nix +++ b/hardware/intel/default.nix @@ -1,4 +1,9 @@ -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: with lib; let cfg = config.aviallon.hardware.intel; @@ -15,17 +20,19 @@ in imports = [ ./cpu.nix ]; - + config = mkIf cfg.enable { aviallon.programs.nvtop = { enable = true; backend = [ "intel" ]; }; - + boot.initrd.kernelModules = [ "i915" ]; hardware.graphics = { enable = true; - extraPackages = with pkgs; [] + extraPackages = + with pkgs; + [ ] ++ [ vaapiVdpau libvdpau-va-gl @@ -38,24 +45,25 @@ in ; }; - aviallon.boot.cmdline = {} - // optionalAttrs generalCfg.unsafeOptimizations { - "i915.mitigations" = "off"; - "i915.enable_fbc" = 1; - } - // optionalAttrs laptopCfg.enable { - "i915.enable_fbc" = 1; - "i915.enable_dc" = 4; - } - // optionalAttrs (generalCfg.unsafeOptimizations && laptopCfg.enable) { - "i915.enable_psr" = 1; - } - // optionalAttrs devCfg.enable { - "i915.enable_gvt" = 1; - } - // { - "i915.fastboot" = 1; - }; + aviallon.boot.cmdline = + { } + // optionalAttrs generalCfg.unsafeOptimizations { + "i915.mitigations" = "off"; + "i915.enable_fbc" = 1; + } + // optionalAttrs laptopCfg.enable { + "i915.enable_fbc" = 1; + "i915.enable_dc" = 4; + } + // optionalAttrs (generalCfg.unsafeOptimizations && laptopCfg.enable) { + "i915.enable_psr" = 1; + } + // optionalAttrs devCfg.enable { + "i915.enable_gvt" = 1; + } + // { + "i915.fastboot" = 1; + }; aviallon.hardware.mesa.enable = mkDefault true; }; } diff --git a/hardware/mesa.nix b/hardware/mesa.nix index a2cba06..513555e 100644 --- a/hardware/mesa.nix +++ b/hardware/mesa.nix @@ -1,4 +1,10 @@ -{ config, pkgs, lib, options, ... }: +{ + config, + pkgs, + lib, + options, + ... +}: with lib; let cfg = config.aviallon.hardware.mesa; @@ -7,13 +13,18 @@ let optimizationsCfg = config.aviallon.optimizations; optimizePkg = optimizationsCfg.optimizePkg; packageWithDefaults = types.package // { - merge = loc: defs: - let res = mergeDefaultOption loc defs; - in if builtins.isPath res || (builtins.isString res && ! builtins.hasContext res) - then toDerivation res - else res; + merge = + loc: defs: + let + res = mergeDefaultOption loc defs; + in + if builtins.isPath res || (builtins.isString res && !builtins.hasContext res) then + toDerivation res + else + res; }; -in { +in +{ options.aviallon.hardware.mesa = { enable = mkOption { default = false; @@ -50,7 +61,7 @@ in { type = packageWithDefaults; default = cfg.package; }; - + internal.package32 = mkOption { internal = true; type = packageWithDefaults; @@ -65,10 +76,8 @@ in { aviallon.hardware.mesa.package32 = mkIf cfg.unstable pkgs.unstable.driversi686Linux.mesa; aviallon.hardware.mesa.internal = mkIf cfg.optimized { - package = mkDefault ( - optimizePkg { lto = false; } cfg.package); - package32 = mkDefault ( - optimizePkg { lto = false; } cfg.package32); + package = mkDefault (optimizePkg { lto = false; } cfg.package); + package32 = mkDefault (optimizePkg { lto = false; } cfg.package32); }; hardware.graphics = { diff --git a/hardware/nvidia/default.nix b/hardware/nvidia/default.nix index 8fdaa24..be647bb 100644 --- a/hardware/nvidia/default.nix +++ b/hardware/nvidia/default.nix @@ -1,13 +1,22 @@ -{config, pkgs, lib, ...}: +{ + config, + pkgs, + lib, + ... +}: with lib; let cfg = config.aviallon.hardware.nvidia; -in { +in +{ imports = [ ./proprietary.nix ./opensource.nix - ( mkRenamedOptionModule [ "aviallon" "hardware" "nvidia" "saveAllVram" ] [ "aviallon" "hardware" "nvidia" "proprietary" "saveAllVram" ] ) + (mkRenamedOptionModule + [ "aviallon" "hardware" "nvidia" "saveAllVram" ] + [ "aviallon" "hardware" "nvidia" "proprietary" "saveAllVram" ] + ) ]; options.aviallon.hardware.nvidia = { @@ -16,7 +25,13 @@ in { default = (cfg.variant == "proprietary"); }; variant = mkOption { - type = with types; enum [ "proprietary" "open" "nouveau" ]; + type = + with types; + enum [ + "proprietary" + "open" + "nouveau" + ]; description = "What driver variant to use"; default = "proprietary"; example = "nouveau"; @@ -28,7 +43,7 @@ in { enable = true; }; - aviallon.hardware.nvidia.useProprietary = mkForce ( cfg.variant == "proprietary" ); + aviallon.hardware.nvidia.useProprietary = mkForce (cfg.variant == "proprietary"); }; } diff --git a/hardware/nvidia/opensource.nix b/hardware/nvidia/opensource.nix index cb07c04..44bdef8 100644 --- a/hardware/nvidia/opensource.nix +++ b/hardware/nvidia/opensource.nix @@ -1,17 +1,33 @@ -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: with lib; let cfg = config.aviallon.hardware.nvidia; -in { +in +{ options.aviallon.hardware.nvidia.nouveau = { config = mkOption { description = "nouveau boot config"; - type = with types; attrsOf (nullOr (oneOf [ int str bool ])); - example = { NvBoost = 1; }; - default = {}; + type = + with types; + attrsOf ( + nullOr (oneOf [ + int + str + bool + ]) + ); + example = { + NvBoost = 1; + }; + default = { }; }; }; - + config = mkIf (cfg.enable && cfg.variant == "nouveau") { boot.initrd.kernelModules = [ "nouveau" ]; @@ -19,15 +35,14 @@ in { "nouveau.pstate" = 1; "nouveau.runpm" = 1; "nouveau.modeset" = 1; - "nouveau.config" = let - toValue = v: - if isBool v - then toString (if v then 1 else 0) - else toString v; - filteredConfig = filterAttrs (n: v: ! isNull v) cfg.nouveau.config; - configList = mapAttrsToList (n: v: "${n}=${toValue v}") filteredConfig; - configString = concatStringsSep "," configList; - in trace "Nouveau config: ${configString}" configString; + "nouveau.config" = + let + toValue = v: if isBool v then toString (if v then 1 else 0) else toString v; + filteredConfig = filterAttrs (n: v: !isNull v) cfg.nouveau.config; + configList = mapAttrsToList (n: v: "${n}=${toValue v}") filteredConfig; + configString = concatStringsSep "," configList; + in + trace "Nouveau config: ${configString}" configString; }; aviallon.hardware.mesa.enable = mkDefault true; diff --git a/hardware/nvidia/proprietary.nix b/hardware/nvidia/proprietary.nix index 62d79b1..2943deb 100644 --- a/hardware/nvidia/proprietary.nix +++ b/hardware/nvidia/proprietary.nix @@ -1,4 +1,11 @@ -{ config, pkgs, lib, options, nixpkgs-unstable, ... }: +{ + config, + pkgs, + lib, + options, + nixpkgs-unstable, + ... +}: with lib; let cfg = config.aviallon.hardware.nvidia; @@ -9,9 +16,14 @@ let exec ${options.programs.xwayland.package.default}/bin/xwayland -eglstream "$@" ''; - nvidiaUnstable = config.boot.kernelPackages.callPackage (nixpkgs-unstable + /pkgs/os-specific/linux/nvidia-x11/default.nix) {}; - cudaUnstable = pkgs: cudaVersion: pkgs.callPackages (nixpkgs-unstable + /pkgs/top-level/cuda-packages.nix) { inherit cudaVersion; }; -in { + nvidiaUnstable = config.boot.kernelPackages.callPackage ( + nixpkgs-unstable + /pkgs/os-specific/linux/nvidia-x11/default.nix + ) { }; + cudaUnstable = + pkgs: cudaVersion: + pkgs.callPackages (nixpkgs-unstable + /pkgs/top-level/cuda-packages.nix) { inherit cudaVersion; }; +in +{ options = { aviallon.hardware.nvidia.proprietary = { gsync = mkEnableOption "Screen is GSYNC monitor"; @@ -39,7 +51,12 @@ in { saveAllVram = mkEnableOption "back up all VRAM in /var/tmp before going to sleep. May reduce artifacts after resuming"; version = mkOption { description = "What Nvidia version variant to use"; - type = types.enum [ "production" "stable" "beta" "unstable_beta" ]; + type = types.enum [ + "production" + "stable" + "beta" + "unstable_beta" + ]; default = if generalCfg.unsafeOptimizations then "beta" else "stable"; example = "unstable_beta"; }; @@ -49,16 +66,21 @@ in { # Very useful resource. # https://forums.developer.nvidia.com/t/power-mizer-difference-between-powermizerdefault-and-powermizerlevel/46884/3 example = [ "PerfLevelSrc=0x2222" ]; - default = [ "PowerMizerEnable=0x1" "OverrideMaxPerf=0x1" "PowerMizerDefault=0x3" "PowerMizerDefaultAC=0x3" ]; + default = [ + "PowerMizerEnable=0x1" + "OverrideMaxPerf=0x1" + "PowerMizerDefault=0x3" + "PowerMizerDefaultAC=0x3" + ]; type = with types; listOf str; }; }; }; - + config = mkIf (cfg.enable && cfg.variant == "proprietary") { - assertions = []; - + assertions = [ ]; + boot.initrd.kernelModules = [ "nvidia" "nvidia_drm" @@ -71,13 +93,15 @@ in { ]; services.xserver.screenSection = '' - Option "Coolbits" "${toString cfg.proprietary.coolbits}" - Option "InbandStereoSignaling" "true" + Option "Coolbits" "${toString cfg.proprietary.coolbits}" + Option "InbandStereoSignaling" "true" ''; services.xserver.exportConfiguration = true; - services.xserver.displayManager.sddm.wayland.enable = mkIf (!config.aviallon.hardware.intel.enable) (mkDefault false); # Frequent issues with Nvidia GPUs + services.xserver.displayManager.sddm.wayland.enable = mkIf ( + !config.aviallon.hardware.intel.enable + ) (mkDefault false); # Frequent issues with Nvidia GPUs # Fix hybrid sleep with Nvidia GPU systemd.services.nvidia-suspend = { @@ -85,18 +109,19 @@ in { before = [ "systemd-hybrid-sleep.service" ]; }; hardware.nvidia = { - powerManagement = mkIf (config.hardware.nvidia.prime.offload.enable || cfg.proprietary.saveAllVram) { - enable = true; - finegrained = mkIf config.hardware.nvidia.prime.offload.enable true; - }; + powerManagement = + mkIf (config.hardware.nvidia.prime.offload.enable || cfg.proprietary.saveAllVram) + { + enable = true; + finegrained = mkIf config.hardware.nvidia.prime.offload.enable true; + }; modesetting.enable = true; nvidiaSettings = true; package = if cfg.proprietary.version == "unstable_beta" then nvidiaUnstable.beta # Use bleeding edge version else - config.boot.kernelPackages.nvidiaPackages.${cfg.proprietary.version} - ; + config.boot.kernelPackages.nvidiaPackages.${cfg.proprietary.version}; }; aviallon.hardware.nvidia.proprietary.EGLStream = mkDefault ( @@ -108,7 +133,8 @@ in { boot.extraModprobeConfig = '' options nvidia NVreg_RegistryDwords="${concatStringsSep ";" cfg.proprietary.registryDwords}" ''; - aviallon.boot.cmdline = {} + aviallon.boot.cmdline = + { } // { "nvidia-drm.modeset" = 1; "nvidia-drm.fbdev" = 1; @@ -120,14 +146,13 @@ in { "nvidia.NVreg_DynamicPowerManagement" = "0x02"; "nvidia.NVreg_EnableS0ixPowerManagement" = 1; "nvidia.NVreg_TemporaryFilePath" = "/var/tmp"; - } - ; + }; programs.xwayland.package = mkIf cfg.proprietary.EGLStream xwaylandEGLStream; aviallon.programs.allowUnfreeList = [ "nvidia-x11" "nvidia-settings" - + "cudatoolkit" "cuda_cccl" "libnpp" @@ -157,14 +182,13 @@ in { "__GL_YIELD" = "USLEEP"; # use usleep(0) instead of sched_yield() -> better performance in most cases "__GL_ALLOW_UNOFFICIAL_PROTOCOL" = "1"; # allow unofficial GLX protocol if also set in Xorg conf "__GL_VRR_ALLOWED" = "1"; # Try to enable G-SYNC VRR if screen AND app is compatible - "__GL_SYNC_TO_VBLANK" = mkIf (!cfg.proprietary.vsync) (toValue cfg.proprietary.vsync); + "__GL_SYNC_TO_VBLANK" = mkIf (!cfg.proprietary.vsync) (toValue cfg.proprietary.vsync); # Causes Kwin to fail # https://github.com/ValveSoftware/gamescope/issues/526#issuecomment-1733739097 # "__GL_THREADED_OPTIMIZATIONS" = toValue generalCfg.unsafeOptimizations; "KWIN_DRM_USE_EGL_STREAMS" = toValue cfg.proprietary.EGLStream; # Make KWin use EGL Streams if needed, because otherwise performance will be horrible. - # Undocumented, fix for EGL not being found by Nvidia driver: https://github.com/NVIDIA/egl-wayland/issues/39#issuecomment-927288015 __EGL_EXTERNAL_PLATFORM_CONFIG_DIRS = "/run/opengl-driver/share/egl/egl_external_platform.d"; @@ -176,15 +200,19 @@ in { }; nix.settings.substituters = [ "https://cuda-maintainers.cachix.org" ]; - nix.settings.trusted-public-keys = [ "cuda-maintainers.cachix.org-1:0dq3bujKpuEPMCX6U4WylrUDZ9JyUG0VpVZa7CNfq5E=" ]; + nix.settings.trusted-public-keys = [ + "cuda-maintainers.cachix.org-1:0dq3bujKpuEPMCX6U4WylrUDZ9JyUG0VpVZa7CNfq5E=" + ]; - nixpkgs.overlays = [] - ++ optional (cfg.proprietary.version == "unstable_beta") (final: prev: { - cudaPackages_11 = final.unstable.cudaPackages_11; - cudaPackages_12 = final.unstable.cudaPackages_12; - cudaPackages = final.unstable.cudaPackages; + nixpkgs.overlays = + [ ] + ++ optional (cfg.proprietary.version == "unstable_beta") ( + final: prev: { + cudaPackages_11 = final.unstable.cudaPackages_11; + cudaPackages_12 = final.unstable.cudaPackages_12; + cudaPackages = final.unstable.cudaPackages; - }) - ; + } + ); }; } diff --git a/laptop.nix b/laptop.nix index abce30e..3daba9f 100644 --- a/laptop.nix +++ b/laptop.nix @@ -1,8 +1,14 @@ -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: with lib; let cfg = config.aviallon.laptop; -in { +in +{ options.aviallon.laptop = { enable = mkOption { default = false; @@ -14,7 +20,11 @@ in { default = "tlp"; example = "power-profiles-daemon"; description = "Change service used to manage power consumption on laptop"; - type = types.enum [ "tlp" "power-profiles-daemon" false ]; + type = types.enum [ + "tlp" + "power-profiles-daemon" + false + ]; }; tweaks = { pcieAspmForce = mkEnableOption "hardcore tweaks to power consumption. Warning: Might be dangerous to use."; @@ -55,37 +65,40 @@ in { }; }; - - systemd.services.aspm-force-enable = let - aspm_enable = pkgs.callPackage ./packages/aspm_enable { }; - in { - serviceConfig = { - ExecStart = [ - "${aspm_enable}/bin/aspm_enable" - ]; - Type = "simple"; + systemd.services.aspm-force-enable = + let + aspm_enable = pkgs.callPackage ./packages/aspm_enable { }; + in + { + serviceConfig = { + ExecStart = [ + "${aspm_enable}/bin/aspm_enable" + ]; + Type = "simple"; + }; + wantedBy = [ "multi-user.target" ]; + description = "Force-enable PCIe ASPM"; + enable = cfg.tweaks.pcieAspmForce; }; - wantedBy = [ "multi-user.target" ]; - description = "Force-enable PCIe ASPM"; - enable = cfg.tweaks.pcieAspmForce; - }; services.tlp.enable = (cfg.power-manager == "tlp"); services.power-profiles-daemon.enable = (cfg.power-manager == "power-profiles-daemon"); powerManagement.powertop.enable = mkDefault true; systemd.services.powertop = mkIf config.powerManagement.powertop.enable { - serviceConfig.ExecStart = let - script = pkgs.writeShellScriptBin "powertop-auto-tune" '' - ${pkgs.powertop}/bin/powertop --auto-tune + serviceConfig.ExecStart = + let + script = pkgs.writeShellScriptBin "powertop-auto-tune" '' + ${pkgs.powertop}/bin/powertop --auto-tune - # Disable power-saving for HID devices (i.e., keyboard and mouse, as it is makes them frustrating to use) - HIDDEVICES=$(ls /sys/bus/usb/drivers/usbhid | grep -oE '^[0-9]+-[0-9\.]+' | sort -u) - for i in $HIDDEVICES; do - echo -n "Enabling " | cat - /sys/bus/usb/devices/$i/product - echo 'on' > /sys/bus/usb/devices/$i/power/control - done - ''; - in mkOverride 10 "${script}/bin/powertop-auto-tune"; + # Disable power-saving for HID devices (i.e., keyboard and mouse, as it is makes them frustrating to use) + HIDDEVICES=$(ls /sys/bus/usb/drivers/usbhid | grep -oE '^[0-9]+-[0-9\.]+' | sort -u) + for i in $HIDDEVICES; do + echo -n "Enabling " | cat - /sys/bus/usb/devices/$i/product + echo 'on' > /sys/bus/usb/devices/$i/power/control + done + ''; + in + mkOverride 10 "${script}/bin/powertop-auto-tune"; }; }; } diff --git a/lib/attrsets.nix b/lib/attrsets.nix index c46e853..575c387 100644 --- a/lib/attrsets.nix +++ b/lib/attrsets.nix @@ -1,17 +1,25 @@ -{lib, myLib, ...}: +{ lib, myLib, ... }: with lib; rec { - mergeAttrsRecursive = a: b: foldAttrs (item: acc: - if (isNull acc) then - item - else if (isList item) then - if isList acc then - acc ++ item - else [ acc ] ++ item - else if (isString item) then - acc + item - else if (isAttrs item) then - mergeAttrsRecursive acc item - else item - ) null [ b a ]; + mergeAttrsRecursive = + a: b: + foldAttrs + ( + item: acc: + if (isNull acc) then + item + else if (isList item) then + if isList acc then acc ++ item else [ acc ] ++ item + else if (isString item) then + acc + item + else if (isAttrs item) then + mergeAttrsRecursive acc item + else + item + ) + null + [ + b + a + ]; } diff --git a/lib/config.nix b/lib/config.nix index 83eacf2..8c1c174 100644 --- a/lib/config.nix +++ b/lib/config.nix @@ -1,22 +1,28 @@ -{lib, myLib}: +{ lib, myLib }: with lib; let - mkListToString = { sep ? " " }: list: concatStringsSep sep ( - forEach list (v: toString v) - ); -in rec { + mkListToString = + { + sep ? " ", + }: + list: concatStringsSep sep (forEach list (v: toString v)); +in +rec { mkValueString = let - gen = generators.mkValueStringDefault {}; - listToString = mkListToString {}; - in v: if isList v then listToString v - else gen v; - - mkKeyValue = { sep }: with generators; toKeyValue { - mkKeyValue = mkKeyValueDefault { - mkValueString = mkValueString; - } sep; - }; + gen = generators.mkValueStringDefault { }; + listToString = mkListToString { }; + in + v: if isList v then listToString v else gen v; + + mkKeyValue = + { sep }: + with generators; + toKeyValue { + mkKeyValue = mkKeyValueDefault { + mkValueString = mkValueString; + } sep; + }; toSystemd = mkKeyValue { sep = "="; diff --git a/lib/debug.nix b/lib/debug.nix index 1145ada..b9f4257 100644 --- a/lib/debug.nix +++ b/lib/debug.nix @@ -1,22 +1,37 @@ { lib, myLib }: with lib; rec { - toPretty = depth: x: + toPretty = + depth: x: # Stolen from: https://github.com/teto/nixpkgs/blob/6f098631f6f06b93c17f49abdf677790e017778d/lib/debug.nix#L109C5-L117C30 let - snip = v: if isList v then noQuotes "[…]" v - else if isAttrs v then noQuotes "{…}" v - else v; - noQuotes = str: v: { __pretty = const str; val = v; }; - modify = n: fn: v: if (n == 0) then fn v - else if isList v then map (modify (n - 1) fn) v - else if isAttrs v then mapAttrs - (const (modify (n - 1) fn)) v - else v; - in lib.generators.toPretty { allowPrettyValues = true; } (modify depth snip x); - - traceValWithPrefix = prefix: value: + snip = + v: + if isList v then + noQuotes "[…]" v + else if isAttrs v then + noQuotes "{…}" v + else + v; + noQuotes = str: v: { + __pretty = const str; + val = v; + }; + modify = + n: fn: v: + if (n == 0) then + fn v + else if isList v then + map (modify (n - 1) fn) v + else if isAttrs v then + mapAttrs (const (modify (n - 1) fn)) v + else + v; + in + lib.generators.toPretty { allowPrettyValues = true; } (modify depth snip x); + + traceValWithPrefix = + prefix: value: #trace "traceValWithPrefix 'prefix': ${prefix}" value - trace "${prefix}: ${toPretty 2 value}" value - ; + trace "${prefix}: ${toPretty 2 value}" value; } diff --git a/lib/default.nix b/lib/default.nix index b6525f1..5882ee7 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -1,17 +1,27 @@ -{ lib ? import = 2) then mylog (x / 2) (y + 1) else y; - in x: mylog x 0; + log2 = + let + mylog = x: y: if (x >= 2) then mylog (x / 2) (y + 1) else y; + in + x: mylog x 0; - clamp = min_x: max_x: x: lib.min ( lib.max x min_x ) max_x; + clamp = + min_x: max_x: x: + lib.min (lib.max x min_x) max_x; } - diff --git a/lib/optimizations.nix b/lib/optimizations.nix index 88e74a0..fad3873 100644 --- a/lib/optimizations.nix +++ b/lib/optimizations.nix @@ -33,15 +33,20 @@ let "-Wl,-sort-common" "-Wl,--gc-sections" ]; - ltoFlags = { threads ? 1, thin ? false }: [ - # Fat LTO objects are object files that contain both the intermediate language and the object code. This makes them usable for both LTO linking and normal linking. - "-flto=${toString threads}" # Use -flto=auto to use GNU make’s job server, if available, or otherwise fall back to autodetection of the number of CPU threads present in your system. - (optionalString (!thin) "-ffat-lto-objects") - "-fuse-linker-plugin" + ltoFlags = + { + threads ? 1, + thin ? false, + }: + [ + # Fat LTO objects are object files that contain both the intermediate language and the object code. This makes them usable for both LTO linking and normal linking. + "-flto=${toString threads}" # Use -flto=auto to use GNU make’s job server, if available, or otherwise fall back to autodetection of the number of CPU threads present in your system. + (optionalString (!thin) "-ffat-lto-objects") + "-fuse-linker-plugin" - # Stream extra information needed for aggressive devirtualization when running the link-time optimizer in local transformation mode. - "-fdevirtualize-at-ltrans" - ]; + # Stream extra information needed for aggressive devirtualization when running the link-time optimizer in local transformation mode. + "-fdevirtualize-at-ltrans" + ]; expensiveOptimizationFlags = [ "-O3" # Perform interprocedural pointer analysis and interprocedural modification and reference analysis. This option can cause excessive memory and compile-time usage on large compilation units. @@ -104,66 +109,62 @@ let "-floop-nest-optimize" # "Calculates a loop structure optimized for data-locality and parallelism." ]; - archToX86Level = arch: + archToX86Level = + arch: let - _map = { } + _map = + { } // genAttrs [ - "nehalem" - "westmere" - "sandybridge" - "ivybridge" - "silvermont" - "goldmont" - "goldmont-plus" - "tremont" - "lujiazui" - "btver2" # Jaguar - "bdver1" # Bulldozer and Piledriver (AMD FX family) - "bdver2" # Piledriver - "bdver3" # Steamroller - "x86-64-v2" - ] - (name: 2) + "nehalem" + "westmere" + "sandybridge" + "ivybridge" + "silvermont" + "goldmont" + "goldmont-plus" + "tremont" + "lujiazui" + "btver2" # Jaguar + "bdver1" # Bulldozer and Piledriver (AMD FX family) + "bdver2" # Piledriver + "bdver3" # Steamroller + "x86-64-v2" + ] (name: 2) // genAttrs [ - "haswell" - "broadwell" - "skylake" - "alderlake" - "bdver4" # Excavator - "znver1" - "znver2" - "znver3" - "x86-64-v3" - ] - (name: 3) + "haswell" + "broadwell" + "skylake" + "alderlake" + "bdver4" # Excavator + "znver1" + "znver2" + "znver3" + "x86-64-v3" + ] (name: 3) // genAttrs [ - "knl" - "knm" - "skylake-avx512" - "cannonlake" - "icelake-client" - "icelake-server" - "cascadelake" - "cooperlake" - "tigerlake" - "sapphirerapids" - "rocketlake" - "znver4" - "x86-64-v4" - ] - (name: 4) - ; + "knl" + "knm" + "skylake-avx512" + "cannonlake" + "icelake-client" + "icelake-server" + "cascadelake" + "cooperlake" + "tigerlake" + "sapphirerapids" + "rocketlake" + "znver4" + "x86-64-v4" + ] (name: 4); in - if (hasAttr arch _map) then _map.${arch} else 1 - ; + if (hasAttr arch _map) then _map.${arch} else 1; - getARMLevel = arch: - if (! isNull arch) then - toInt (elemAt (builtins.match "armv([0-9]).+") 0) - else null; + getARMLevel = + arch: if (!isNull arch) then toInt (elemAt (builtins.match "armv([0-9]).+") 0) else null; # https://go.dev/doc/install/source#environment - getGOARM = armLevel: if (isNull armLevel) || (armLevel < 5) || (armLevel > 7) then null else armLevel; + getGOARM = + armLevel: if (isNull armLevel) || (armLevel < 5) || (armLevel > 7) then null else armLevel; workarounds = { # https://www.intel.com/content/dam/support/us/en/documents/processors/mitigations-jump-conditional-code-erratum.pdf @@ -177,7 +178,8 @@ let }; }; - addMarchSpecific = march: + addMarchSpecific = + march: let _map = { skylake = workarounds.intel-jump-conditional-code; @@ -188,16 +190,22 @@ let in attrByPath [ march ] { } _map; - - cacheTuning = { compiler, l1d ? null, l1i ? null, l1Line ? null, lastLevel ? null }: - if compiler == "gcc" then [ ] - ++ optional (! isNull l1d) "--param l1-cache-size=${toString l1d}" - ++ optional (! isNull l1Line) "--param l1-cache-line-size=${toString l1Line}" - ++ optional (! isNull lastLevel) "--param l2-cache-size=${toString lastLevel}" + cacheTuning = + { + compiler, + l1d ? null, + l1i ? null, + l1Line ? null, + lastLevel ? null, + }: + if compiler == "gcc" then + [ ] + ++ optional (!isNull l1d) "--param l1-cache-size=${toString l1d}" + ++ optional (!isNull l1Line) "--param l1-cache-line-size=${toString l1Line}" + ++ optional (!isNull lastLevel) "--param l2-cache-size=${toString lastLevel}" else [ ]; - in rec { @@ -209,51 +217,63 @@ rec { "very-unsafe" = 5; }; - addAttrs = pkg: attrs: pkg.overrideAttrs (old: - (myLib.attrsets.mergeAttrsRecursive old attrs) // { - passthru = (pkg.passthru or {}) // (attrs.passtru or {}); - } - ); + addAttrs = + pkg: attrs: + pkg.overrideAttrs ( + old: + (myLib.attrsets.mergeAttrsRecursive old attrs) + // { + passthru = (pkg.passthru or { }) // (attrs.passtru or { }); + } + ); - optimizePkg = pkg: { level ? "normal" - , recursive ? 0 - , optimizeFlags ? (guessOptimizationFlags pkg) - , blacklist ? [ ] - , ltoBlacklist ? [ ] - , overrideMap ? { } - , stdenv ? null - , lto ? false - , attributes ? null - , _depth ? 0 - , ... - }@attrs: + optimizePkg = + pkg: + { + level ? "normal", + recursive ? 0, + optimizeFlags ? (guessOptimizationFlags pkg), + blacklist ? [ ], + ltoBlacklist ? [ ], + overrideMap ? { }, + stdenv ? null, + lto ? false, + attributes ? null, + _depth ? 0, + ... + }@attrs: if _depth > recursive then pkg # Max depth reached, return un-modified pkg else if isNull pkg then pkg # Pkg is null, ignore - else if ! isDerivation pkg then + else if !isDerivation pkg then pkg # Pkg is not a derivation, nothing to override/optimize else if (hasAttr "overrideAttrs" pkg) then let _pkgStdenvCC = attrByPath [ "stdenv" "cc" ] null pkg; _ltoBlacklisted = any (p: p == getName pkg) ltoBlacklist; - _lto = - if (lto && _ltoBlacklisted) then warn "LTO-blacklisted '${getName pkg}'" false - else lto; + _lto = if (lto && _ltoBlacklisted) then warn "LTO-blacklisted '${getName pkg}'" false else lto; _stdenvCC = if isNull stdenv then _pkgStdenvCC else stdenv.cc; - optimizedAttrs = optimizeFlags (attrs // { - inherit level; - compiler = - if isNull _pkgStdenvCC then null - else if pkg.stdenv.cc.isGNU then "gcc" - else if pkg.stdenv.cc.isClang then "clang" - else throw "Unknown compiler '${getName pkg.stdenv.cc}'" null - ; - lto = _lto; - stdenvCC = _stdenvCC; - }); - _nativeBuildInputs = filter (p: ! isNull p) (pkg.nativeBuildInputs or [ ]); - _nativeBuildInputsOverriden = forEach _nativeBuildInputs (_pkg: + optimizedAttrs = optimizeFlags ( + attrs + // { + inherit level; + compiler = + if isNull _pkgStdenvCC then + null + else if pkg.stdenv.cc.isGNU then + "gcc" + else if pkg.stdenv.cc.isClang then + "clang" + else + throw "Unknown compiler '${getName pkg.stdenv.cc}'" null; + lto = _lto; + stdenvCC = _stdenvCC; + } + ); + _nativeBuildInputs = filter (p: !isNull p) (pkg.nativeBuildInputs or [ ]); + _nativeBuildInputsOverriden = forEach _nativeBuildInputs ( + _pkg: let _pkgName = myGetName _pkg; hasOverride = any (n: n == _pkgName) (attrNames overrideMap); @@ -265,201 +285,224 @@ rec { _pkg ); - _buildInputs = filter (p: (! isNull p) && (isDerivation p)) (pkg.buildInputs or [ ]); - _buildInputsOverriden = forEach _buildInputs (_pkg: + _buildInputs = filter (p: (!isNull p) && (isDerivation p)) (pkg.buildInputs or [ ]); + _buildInputsOverriden = forEach _buildInputs ( + _pkg: if (any (n: n == myGetName _pkg) blacklist) then warn "Skipping blacklisted '${myGetName _pkg}'" _pkg else - optimizePkg _pkg (attrs // { - inherit level recursive blacklist optimizeFlags stdenv; - parallelize = null; - _depth = _depth + 1; - }) + optimizePkg _pkg ( + attrs + // { + inherit + level + recursive + blacklist + optimizeFlags + stdenv + ; + parallelize = null; + _depth = _depth + 1; + } + ) ); _pkgStdenvOverridable = attrByPath [ "override" "__functionArgs" "stdenv" ] null pkg; _pkgWithStdenv = - if (isNull _pkgStdenvOverridable) || (isNull stdenv) - then pkg - else warn "Replacing stdenv for '${myGetName pkg}'" (pkg.override { inherit stdenv; }); + if (isNull _pkgStdenvOverridable) || (isNull stdenv) then + pkg + else + warn "Replacing stdenv for '${myGetName pkg}'" (pkg.override { inherit stdenv; }); - _pkg = _pkgWithStdenv.overrideAttrs (old: + _pkg = _pkgWithStdenv.overrideAttrs ( + old: { buildInputs = _buildInputsOverriden; nativeBuildInputs = _nativeBuildInputsOverriden; } - // optionalAttrs (! isNull _stdenvCC && _stdenvCC.isGNU) ({ + // optionalAttrs (!isNull _stdenvCC && _stdenvCC.isGNU) ({ AR = "${_stdenvCC.cc}/bin/gcc-ar"; RANLIB = "${_stdenvCC.cc}/bin/gcc-ranlib"; NM = "${_stdenvCC.cc}/bin/gcc-nm"; }) # Fix issue when CFLAGS is a string // optionalAttrs (hasAttr "CFLAGS" old) { - CFLAGS = if (! isList old.CFLAGS) then [ old.CFLAGS ] else old.CFLAGS; + CFLAGS = if (!isList old.CFLAGS) then [ old.CFLAGS ] else old.CFLAGS; } ); _pkgOptimized = addAttrs _pkg optimizedAttrs; _pkgFinal = - if isAttrs attributes then - addAttrs _pkgOptimized (traceVal attributes) - else - _pkgOptimized - ; + if isAttrs attributes then addAttrs _pkgOptimized (traceVal attributes) else _pkgOptimized; in trace "Optimized ${myGetName pkg} with overrideAttrs at level '${level}' (depth: ${toString _depth}, lto: ${if lto then "true" else "false"})" _pkgFinal else if (hasAttr "name" pkg) then warn "Can't optimize ${myGetName pkg} (depth: ${toString _depth})" pkg else - throw "Not a pkg: ${builtins.toJSON pkg} (depth: ${toString _depth})" pkg - ; + throw "Not a pkg: ${builtins.toJSON pkg} (depth: ${toString _depth})" pkg; - myGetName = pkg: - if isDerivation pkg - then getName pkg - else null; + myGetName = pkg: if isDerivation pkg then getName pkg else null; #else warn "getName input is not a derivation: '${toString pkg}'" null; - guessOptimizationFlags = pkg: { ... }@attrs: makeOptimizationFlags ({ - rust = any (p: (myGetName p) == "rustc") pkg.nativeBuildInputs; - cmake = any (p: (myGetName p) == "cmake") pkg.nativeBuildInputs; - go = any (p: (myGetName p) == "go") pkg.nativeBuildInputs; - ninja = any (p: (myGetName p) == "ninja") pkg.nativeBuildInputs; - autotools = any (p: (myGetName p) == "autoreconf-hook") pkg.nativeBuildInputs; - } // attrs); + guessOptimizationFlags = + pkg: + { ... }@attrs: + makeOptimizationFlags ( + { + rust = any (p: (myGetName p) == "rustc") pkg.nativeBuildInputs; + cmake = any (p: (myGetName p) == "cmake") pkg.nativeBuildInputs; + go = any (p: (myGetName p) == "go") pkg.nativeBuildInputs; + ninja = any (p: (myGetName p) == "ninja") pkg.nativeBuildInputs; + autotools = any (p: (myGetName p) == "autoreconf-hook") pkg.nativeBuildInputs; + } + // attrs + ); makeOptimizationFlags = - { level ? "normal" - , extraCFlags ? null - , lto ? false - , parallelize ? null - , cpuArch ? null - , cpuTune ? null - , ISA ? "amd64" - , armLevel ? (getARMLevel cpuArch) - , x86Level ? (archToX86Level cpuArch) - , check ? false - , compiler ? "gcc" - , stdenvCC ? null - , cpuCores ? 4 - , go ? false - , rust ? false - , cmake ? false - , ninja ? false - , autotools ? false - , l1LineCache ? null - , l1iCache ? null - , l1dCache ? null - , lastLevelCache ? null - , ... + { + level ? "normal", + extraCFlags ? null, + lto ? false, + parallelize ? null, + cpuArch ? null, + cpuTune ? null, + ISA ? "amd64", + armLevel ? (getARMLevel cpuArch), + x86Level ? (archToX86Level cpuArch), + check ? false, + compiler ? "gcc", + stdenvCC ? null, + cpuCores ? 4, + go ? false, + rust ? false, + cmake ? false, + ninja ? false, + autotools ? false, + l1LineCache ? null, + l1iCache ? null, + l1dCache ? null, + lastLevelCache ? null, + ... }: let levelN = levelNames.${level}; march = - if (! isNull cpuArch) then cpuArch - else if (! isNull cpuTune) then cpuTune - else "generic"; + if (!isNull cpuArch) then + cpuArch + else if (!isNull cpuTune) then + cpuTune + else + "generic"; uarchTune = - if (! isNull cpuTune) then cpuTune - else if (! isNull cpuArch) then cpuArch - else "generic"; - in myLib.debug.traceValWithPrefix "optimizations" (foldl' myLib.attrsets.mergeAttrsRecursive {} [ - (rec { - CFLAGS = unique - ([ ] - ++ requiredFlags - ++ optionals (compiler == "clang") clangSpecificFlags - ++ optionals (levelN >= 1) genericCompileFlags - ++ optionals (levelN >= 2) expensiveOptimizationFlags - ++ optionals (levelN >= 3) moderatelyUnsafeOptimizationFlags - ++ optionals (levelN >= 4) unsafeOptimizationFlags - ++ optionals (levelN >= 5) veryUnsafeOptimizationFlags - ++ optionals lto (ltoFlags { threads = myLib.math.log2 cpuCores; }) - ++ optionals (! isNull parallelize) (automaticallyParallelizeFlags parallelize) - ++ optionals (! isNull extraCFlags) extraCFlags - ++ optionals (! isNull cpuArch) [ "-march=${cpuArch}" ] - ++ optionals (! isNull cpuTune) [ "-mtune=${uarchTune}" ] - ++ cacheTuning { - inherit compiler; - l1Line = l1LineCache; - l1i = l1iCache; - l1d = l1dCache; - lastLevel = lastLevelCache; - }); - CXXFLAGS = CFLAGS; - CPPFLAGS = [] - ++ optionals (levelN >= 1) genericPreprocessorFlags; - LDFLAGS = [] - ++ optionals (levelN >= 3) genericLinkerFlags; + if (!isNull cpuTune) then + cpuTune + else if (!isNull cpuArch) then + cpuArch + else + "generic"; + in + myLib.debug.traceValWithPrefix "optimizations" ( + foldl' myLib.attrsets.mergeAttrsRecursive { } [ + (rec { + CFLAGS = unique ( + [ ] + ++ requiredFlags + ++ optionals (compiler == "clang") clangSpecificFlags + ++ optionals (levelN >= 1) genericCompileFlags + ++ optionals (levelN >= 2) expensiveOptimizationFlags + ++ optionals (levelN >= 3) moderatelyUnsafeOptimizationFlags + ++ optionals (levelN >= 4) unsafeOptimizationFlags + ++ optionals (levelN >= 5) veryUnsafeOptimizationFlags + ++ optionals lto (ltoFlags { + threads = myLib.math.log2 cpuCores; + }) + ++ optionals (!isNull parallelize) (automaticallyParallelizeFlags parallelize) + ++ optionals (!isNull extraCFlags) extraCFlags + ++ optionals (!isNull cpuArch) [ "-march=${cpuArch}" ] + ++ optionals (!isNull cpuTune) [ "-mtune=${uarchTune}" ] + ++ cacheTuning { + inherit compiler; + l1Line = l1LineCache; + l1i = l1iCache; + l1d = l1dCache; + lastLevel = lastLevelCache; + } + ); + CXXFLAGS = CFLAGS; + CPPFLAGS = [ ] ++ optionals (levelN >= 1) genericPreprocessorFlags; + LDFLAGS = [ ] ++ optionals (levelN >= 3) genericLinkerFlags; - preConfigure = '' - - _maxLoad=$(($NIX_BUILD_CORES * 2)) - makeFlagsArray+=("-l''${_maxLoad}") - - ''; - }) - (optionalAttrs autotools { - preConfigure = '' + preConfigure = '' - configureFlagsArray+=( - "CFLAGS=$CFLAGS" - "CXXFLAGS=$CXXFLAGS" - ) - - ''; - }) - (optionalAttrs cmake { - preConfigure = '' - - cmakeFlagsArray+=( - "-DCMAKE_CXX_FLAGS=$CXXFLAGS" - "-DCMAKE_C_FLAGS=$CFLAGS" - ${optionalString lto '' - "-DCMAKE_INTERPROCEDURAL_OPTIMIZATION=true" - ''} - ) - - '' - ; - }) - (optionalAttrs ninja { - preConfigure = '' - - _maxLoad=$(($NIX_BUILD_CORES * 2)) - ninjaFlagsArray+=("-l''${_maxLoad}") - - ''; - }) - (optionalAttrs rust { - RUSTFLAGS = [ ] - ++ optionals (levelN >= 2) [ "-C opt-level=3" ] - ++ optionals lto [ "-C lto=fat" "-C embed-bitcode=on" ] - ++ optionals (! isNull cpuArch) [ "-C target-cpu=${cpuArch}" ] - #++ [ "-C embed-bitcode=off" "-C lto=off" ] # Not needed since rust 1.45 - #++ optionals lto [ "-Clinker-plugin-lto" "-Clto" ] - ; - }) - (optionalAttrs (!check) { - doCheck = false; - doInstallCheck = false; - }) - (optionalAttrs (go && ISA == "amd64") { - GOAMD64 = "v${toString x86Level}"; - }) - (optionalAttrs (go && ISA == "arm") { - GOARM = toString (getGOARM armLevel); - }) - (optionalAttrs (go && ISA == "i686") { - GO386 = "sse2"; - }) - (optionalAttrs go { - GCCGO = "gccgo"; - CGO_CFLAGS_ALLOW = "-f.*"; - CGO_CXXFLAGS_ALLOW = "-f.*"; - CGO_CPPFLAGS_ALLOW = "-D.*"; - CGO_LDFLAGS_ALLOW = "-Wl.*"; - }) - (addMarchSpecific march) - ]) - ; + _maxLoad=$(($NIX_BUILD_CORES * 2)) + makeFlagsArray+=("-l''${_maxLoad}") + + ''; + }) + (optionalAttrs autotools { + preConfigure = '' + + configureFlagsArray+=( + "CFLAGS=$CFLAGS" + "CXXFLAGS=$CXXFLAGS" + ) + + ''; + }) + (optionalAttrs cmake { + preConfigure = '' + + cmakeFlagsArray+=( + "-DCMAKE_CXX_FLAGS=$CXXFLAGS" + "-DCMAKE_C_FLAGS=$CFLAGS" + ${optionalString lto '' + "-DCMAKE_INTERPROCEDURAL_OPTIMIZATION=true" + ''} + ) + + ''; + }) + (optionalAttrs ninja { + preConfigure = '' + + _maxLoad=$(($NIX_BUILD_CORES * 2)) + ninjaFlagsArray+=("-l''${_maxLoad}") + + ''; + }) + (optionalAttrs rust { + RUSTFLAGS = + [ ] + ++ optionals (levelN >= 2) [ "-C opt-level=3" ] + ++ optionals lto [ + "-C lto=fat" + "-C embed-bitcode=on" + ] + ++ optionals (!isNull cpuArch) [ "-C target-cpu=${cpuArch}" ] + #++ [ "-C embed-bitcode=off" "-C lto=off" ] # Not needed since rust 1.45 + #++ optionals lto [ "-Clinker-plugin-lto" "-Clto" ] + ; + }) + (optionalAttrs (!check) { + doCheck = false; + doInstallCheck = false; + }) + (optionalAttrs (go && ISA == "amd64") { + GOAMD64 = "v${toString x86Level}"; + }) + (optionalAttrs (go && ISA == "arm") { + GOARM = toString (getGOARM armLevel); + }) + (optionalAttrs (go && ISA == "i686") { + GO386 = "sse2"; + }) + (optionalAttrs go { + GCCGO = "gccgo"; + CGO_CFLAGS_ALLOW = "-f.*"; + CGO_CXXFLAGS_ALLOW = "-f.*"; + CGO_CPPFLAGS_ALLOW = "-D.*"; + CGO_LDFLAGS_ALLOW = "-Wl.*"; + }) + (addMarchSpecific march) + ] + ); } diff --git a/lib/types.nix b/lib/types.nix index c562f3f..3f47a19 100644 --- a/lib/types.nix +++ b/lib/types.nix @@ -2,10 +2,14 @@ with lib; { package' = types.package // { - merge = loc: defs: - let res = mergeDefaultOption loc defs; - in if builtins.isPath res || (builtins.isString res && ! builtins.hasContext res) - then toDerivation res - else res; + merge = + loc: defs: + let + res = mergeDefaultOption loc defs; + in + if builtins.isPath res || (builtins.isString res && !builtins.hasContext res) then + toDerivation res + else + res; }; } diff --git a/network.nix b/network.nix index 1b1c6db..385dff7 100644 --- a/network.nix +++ b/network.nix @@ -1,4 +1,10 @@ -{ config, pkgs, lib, myLib, ... }: +{ + config, + pkgs, + lib, + myLib, + ... +}: with lib; let cfg = config.aviallon.network; @@ -16,15 +22,27 @@ in default = "systemd-networkd"; example = "NetworkManager"; description = "Set network backend"; - type = types.enum [ "systemd-networkd" "NetworkManager" "dhcpcd" ]; + type = types.enum [ + "systemd-networkd" + "NetworkManager" + "dhcpcd" + ]; }; dns = mkOption { default = "systemd-resolved"; example = "dnsmasq"; description = "Set network DNS"; - type = types.enum [ "systemd-resolved" "dnsmasq" "unbound" "none" "default" ]; + type = types.enum [ + "systemd-resolved" + "dnsmasq" + "unbound" + "none" + "default" + ]; + }; + vpnSupport = mkEnableOption "VPN support of many kinds in NetworkManager" // { + default = desktopCfg.enable; }; - vpnSupport = mkEnableOption "VPN support of many kinds in NetworkManager" // { default = desktopCfg.enable; }; }; config = mkIf cfg.enable { @@ -32,11 +50,10 @@ in networking.networkmanager.enable = (cfg.backend == "NetworkManager"); networking.dhcpcd.enable = (cfg.backend == "dhcpcd"); - services.resolved = { enable = (cfg.dns == "systemd-resolved"); settings.Resolve = { - LLMNR = mkForce false; # https://www.blackhillsinfosec.com/how-to-disable-llmnr-why-you-want-to/ + LLMNR = mkForce false; # https://www.blackhillsinfosec.com/how-to-disable-llmnr-why-you-want-to/ DNSSEC = false; DNS = [ # cloudflare-dns.com @@ -50,7 +67,7 @@ in services.udev.extraRules = concatStringsSep "\n" [ (optionalString (!config.aviallon.laptop.enable) '' - ACTION=="add", SUBSYSTEM=="net", NAME=="enp*", RUN+="${pkgs.ethtool}/bin/ethtool -s $name wol gu" + ACTION=="add", SUBSYSTEM=="net", NAME=="enp*", RUN+="${pkgs.ethtool}/bin/ethtool -s $name wol gu" '') ]; @@ -59,7 +76,9 @@ in networking.networkmanager = { wifi.backend = mkDefault "iwd"; dns = mkDefault cfg.dns; - plugins = with pkgs; [] + plugins = + with pkgs; + [ ] ++ optional (cfg.dns == "dnsmasq") dnsmasq ++ optionals cfg.vpnSupport [ networkmanager_strongswan @@ -67,8 +86,7 @@ in networkmanager-openconnect networkmanager-sstp networkmanager-l2tp - ] - ; + ]; }; networking.wireless.enable = (cfg.backend != "NetworkManager"); networking.wireless.iwd.enable = true; @@ -78,7 +96,9 @@ in # Must always be false networking.useDHCP = false; - networking.hostId = mkDefault (substring 0 8 (builtins.hashString "sha256" config.networking.hostName)); + networking.hostId = mkDefault ( + substring 0 8 (builtins.hashString "sha256" config.networking.hostName) + ); networking.hostName = mkDefault (builtins.abort "Default hostname not changed" null); # Needed for proper WiFi support in some countries (like France, for instance) diff --git a/nix/builder.nix b/nix/builder.nix index 9962d2e..d148abd 100644 --- a/nix/builder.nix +++ b/nix/builder.nix @@ -1,4 +1,10 @@ -{ config, pkgs, lib, myLib, ... }: +{ + config, + pkgs, + lib, + myLib, + ... +}: with lib; let cfg = config.aviallon.nix; @@ -10,35 +16,40 @@ let getSpeed = cores: threads: cores + (threads - cores) / 2; - mkBuildMachine = { - hostName, - cores, - systems ? [ "x86_64-linux" ] , - threads ? (cores * 2), - features ? [ ], - x86ver ? 1 , - ... - }@attrs: let - speedFactor = getSpeed cores threads; - in { - inherit hostName speedFactor; - systems = systems - ++ optional (any (s: s == "x86_64-linux") systems) "i686-linux" - ; - sshUser = "builder"; - sshKey = buildUserKeyFilePath; - maxJobs = myLib.math.log2 cores; - supportedFeatures = [ "kvm" "benchmark" ] + mkBuildMachine = + { + hostName, + cores, + systems ? [ "x86_64-linux" ], + threads ? (cores * 2), + features ? [ ], + x86ver ? 1, + ... + }@attrs: + let + speedFactor = getSpeed cores threads; + in + { + inherit hostName speedFactor; + systems = systems ++ optional (any (s: s == "x86_64-linux") systems) "i686-linux"; + sshUser = "builder"; + sshKey = buildUserKeyFilePath; + maxJobs = myLib.math.log2 cores; + supportedFeatures = [ + "kvm" + "benchmark" + ] ++ optional (speedFactor > 8) "big-parallel" ++ optional (x86ver >= 2) "gccarch-x86-64-v2" ++ optional (x86ver >= 3) "gccarch-x86-64-v3" ++ optional (x86ver >= 4) "gccarch-x86-64-v4" - ++ features - ; - - }; + ++ features; - machineList = filterAttrs (name: value: config.networking.hostName != name && value.enable) cfg.builder.buildMachines; + }; + + machineList = filterAttrs ( + name: value: config.networking.hostName != name && value.enable + ) cfg.builder.buildMachines; in { imports = [ @@ -57,85 +68,104 @@ in example = "/path/to/id_builder"; description = "Path to the private key nix builder user will use"; }; - - buildMachines = mkOption { - type = types.attrsOf (types.submoduleWith { - modules = [ - ({ config, options, name, ...}: - { - options = { - enable = mkOption { - type = types.bool; - default = true; - description = "Wether to enable or to disable this builder"; - example = false; - }; - hostName = mkOption { - type = types.str; - example = "luke-skywalker-nixos"; - description = '' - Builder's host name - ''; - }; - sshConfig = mkOption { - type = types.str; - default = ""; - example = '' - ProxyJump example.com - Port 2222 - ''; - description = "Extra ssh config for the builder."; - }; - cores = mkOption { - type = with types; ints.unsigned; - example = 8; - description = "How many physical cores the builder has."; - }; - threads = mkOption { - type = with types; addCheck ints.unsigned (n: n >= config.cores); - example = 16; - description = "How many physical _threads_ the builder has."; - }; - x86ver = mkOption { - default = 1; - type = with types; addCheck ints.positive (n: n >= 1 && n <= 4); - example = 3; - description = "Maximum x86-64 feature level supported."; - }; - }; - })]; }); - default = {}; - example = literalExpression - '' - { - luke-skywalker-nixos = { - hostName = "2aXX:e0a:18e:8670::"; - cores = 16; - threads = 32; - x86ver = 3; - }; - } - ''; + buildMachines = mkOption { + type = types.attrsOf ( + types.submoduleWith { + modules = [ + ( + { + config, + options, + name, + ... + }: + { + options = { + enable = mkOption { + type = types.bool; + default = true; + description = "Wether to enable or to disable this builder"; + example = false; + }; + hostName = mkOption { + type = types.str; + example = "luke-skywalker-nixos"; + description = '' + Builder's host name + ''; + }; + sshConfig = mkOption { + type = types.str; + default = ""; + example = '' + ProxyJump example.com + Port 2222 + ''; + description = "Extra ssh config for the builder."; + }; + cores = mkOption { + type = with types; ints.unsigned; + example = 8; + description = "How many physical cores the builder has."; + }; + threads = mkOption { + type = with types; addCheck ints.unsigned (n: n >= config.cores); + example = 16; + description = "How many physical _threads_ the builder has."; + }; + x86ver = mkOption { + default = 1; + type = with types; addCheck ints.positive (n: n >= 1 && n <= 4); + example = 3; + description = "Maximum x86-64 feature level supported."; + }; + }; + + } + ) + ]; + } + ); + default = { }; + example = literalExpression '' + { + luke-skywalker-nixos = { + hostName = "2aXX:e0a:18e:8670::"; + cores = 16; + threads = 32; + x86ver = 3; + }; + } + ''; description = "NixOS builders"; }; }; config = { - nix.buildMachines = traceValSeqN 3 (mapAttrsToList (name: value: - mkBuildMachine { - inherit (value) hostName cores threads x86ver; - } - ) machineList); + nix.buildMachines = traceValSeqN 3 ( + mapAttrsToList ( + name: value: + mkBuildMachine { + inherit (value) + hostName + cores + threads + x86ver + ; + } + ) machineList + ); - programs.ssh.extraConfig = concatStringsSep "\n" (mapAttrsToList (name: value: - (optionalString (value.sshConfig != "") - '' - Host ${value.hostName} - ${value.sshConfig} - '' - ) - ) machineList); + programs.ssh.extraConfig = concatStringsSep "\n" ( + mapAttrsToList ( + name: value: + (optionalString (value.sshConfig != "") '' + Host ${value.hostName} + ${value.sshConfig} + '') + ) machineList + ); users.users.builder = { isSystemUser = true; @@ -146,7 +176,7 @@ in ]; shell = pkgs.bashInteractive; }; - users.groups.builder = {}; + users.groups.builder = { }; nix.settings.trusted-users = [ "builder" ]; boot.enableContainers = mkForce true; diff --git a/nix/nix.nix b/nix/nix.nix index 0905261..3d46e20 100644 --- a/nix/nix.nix +++ b/nix/nix.nix @@ -1,4 +1,12 @@ -{config, pkgs, lib, myLib, nixpkgs, nixpkgs-unstable, ...}: +{ + config, + pkgs, + lib, + myLib, + nixpkgs, + nixpkgs-unstable, + ... +}: with lib; with myLib; let @@ -13,7 +21,7 @@ in enableCustomSubstituter = mkEnableOption "custom substituter using nix-cache.lesviallon.fr"; contentAddressed = mkEnableOption "experimental content-addressed derivations"; }; - + config = { system.autoUpgrade.enable = mkDefault true; @@ -26,16 +34,18 @@ in upper = "05:00"; }; - system.build.nixos-rebuild = let - nixos-rebuild = pkgs.nixos-rebuild.override { nix = config.nix.package.out; }; - nixos-rebuild-inhibit = pkgs.writeShellScriptBin "nixos-rebuild" '' - exec ${config.systemd.package}/bin/systemd-inhibit --what=idle:shutdown --mode=block \ - --who="NixOS rebuild" \ - --why="NixOS must finish rebuilding configuration or work would be lost." \ - -- \ - ${pkgs.coreutils}/bin/nice -n 19 -- ${nixos-rebuild}/bin/nixos-rebuild "$@" + system.build.nixos-rebuild = + let + nixos-rebuild = pkgs.nixos-rebuild.override { nix = config.nix.package.out; }; + nixos-rebuild-inhibit = pkgs.writeShellScriptBin "nixos-rebuild" '' + exec ${config.systemd.package}/bin/systemd-inhibit --what=idle:shutdown --mode=block \ + --who="NixOS rebuild" \ + --why="NixOS must finish rebuilding configuration or work would be lost." \ + -- \ + ${pkgs.coreutils}/bin/nice -n 19 -- ${nixos-rebuild}/bin/nixos-rebuild "$@" ''; - in mkOverride 20 nixos-rebuild-inhibit; + in + mkOverride 20 nixos-rebuild-inhibit; environment.systemPackages = [ (hiPrio config.system.build.nixos-rebuild) @@ -44,7 +54,7 @@ in environment.variables = { NIX_REMOTE = "daemon"; # Use the nix daemon by default }; - + systemd.services.nixos-upgrade = { unitConfig = { ConditionCPUPressure = "user.slice:15%"; @@ -63,14 +73,12 @@ in }; }; - - nix.gc.automatic = mkDefault true; nix.gc.dates = mkDefault "Monday,Wednesday,Friday,Sunday 03:00:00"; nix.gc.randomizedDelaySec = "3h"; nix.optimise.automatic = mkDefault (!config.nix.settings.auto-optimise-store); nix.optimise.dates = mkDefault [ "Tuesday,Thursday,Saturday 03:00:00" ]; - nix.settings.auto-optimise-store = mkDefault true; + nix.settings.auto-optimise-store = mkDefault true; systemd.services.nix-daemon = { serviceConfig = { @@ -84,31 +92,40 @@ in }; }; - - nix.package = optimizePkg { stdenv = pkgs.fastStdenv; level = "slower"; } pkgs.nixVersions.latest; + nix.package = optimizePkg { + stdenv = pkgs.fastStdenv; + level = "slower"; + } pkgs.nixVersions.latest; - nix.settings.system-features = [ "big-parallel" "kvm" "benchmark" ] - ++ optional ( ! isNull generalCfg.cpu.arch ) "gccarch-${generalCfg.cpu.arch}" - ++ optional ( generalCfg.cpu.x86.level >= 2 ) "gccarch-x86-64-v2" - ++ optional ( generalCfg.cpu.x86.level >= 3 ) "gccarch-x86-64-v3" - ++ optional ( generalCfg.cpu.x86.level >= 4 ) "gccarch-x86-64-v4" - ; + nix.settings.system-features = [ + "big-parallel" + "kvm" + "benchmark" + ] + ++ optional (!isNull generalCfg.cpu.arch) "gccarch-${generalCfg.cpu.arch}" + ++ optional (generalCfg.cpu.x86.level >= 2) "gccarch-x86-64-v2" + ++ optional (generalCfg.cpu.x86.level >= 3) "gccarch-x86-64-v3" + ++ optional (generalCfg.cpu.x86.level >= 4) "gccarch-x86-64-v4"; nix.settings.builders-use-substitutes = true; nix.settings.substitute = true; - nix.settings.experimental-features = [ "nix-command" "flakes" ] - ++ optional (versionOlder config.nix.package.version "2.19") "repl-flake" - ++ optional cfg.contentAddressed "ca-derivations" - ; - + nix.settings.experimental-features = [ + "nix-command" + "flakes" + ] + ++ optional (versionOlder config.nix.package.version "2.19") "repl-flake" + ++ optional cfg.contentAddressed "ca-derivations"; + nix.settings.download-attempts = 5; nix.settings.stalled-download-timeout = 20; - nix.settings.substituters = mkBefore ([] + nix.settings.substituters = mkBefore ( + [ ] ++ optional cfg.enableCustomSubstituter "https://nix-cache.lesviallon.fr" ++ optional cfg.contentAddressed "https://cache.ngi0.nixos.org/" ); - nix.settings.trusted-public-keys = mkBefore ([] + nix.settings.trusted-public-keys = mkBefore ( + [ ] ++ optional cfg.enableCustomSubstituter "nix-cache.lesviallon.fr-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" ++ optional cfg.contentAddressed "cache.ngi0.nixos.org-1:KqH5CBLNSyX184S9BKZJo1LxrxJ9ltnY2uAs5c/f1MA=" ); @@ -118,9 +135,15 @@ in nix.settings.cores = mkIf (generalCfg.cpu.threads != null) generalCfg.cpu.threads; nix.settings.max-jobs = mkIf (generalCfg.cpu.threads != null) (math.log2 generalCfg.cpu.threads); - nix.settings.trusted-users = [ "root" "@wheel" ]; + nix.settings.trusted-users = [ + "root" + "@wheel" + ]; - nix.settings.hashed-mirrors = [ "https://tarballs.nixos.org" "https://nixpkgs-unfree.cachix.org" ]; + nix.settings.hashed-mirrors = [ + "https://tarballs.nixos.org" + "https://nixpkgs-unfree.cachix.org" + ]; nix.registry = { nixpkgs.flake = nixpkgs; diff --git a/optimizations/optimizations.nix b/optimizations/optimizations.nix index 808f175..a1b9a32 100644 --- a/optimizations/optimizations.nix +++ b/optimizations/optimizations.nix @@ -1,4 +1,11 @@ -{ config, pkgs, options, lib, myLib, ... }: +{ + config, + pkgs, + options, + lib, + myLib, + ... +}: with lib; let cfg = config.aviallon.optimizations; @@ -24,18 +31,18 @@ let lto = cfg.lto.enable; }; - optimizePkg = { - attributes ? {}, + optimizePkg = + { + attributes ? { }, stdenv ? null, ... - }@attrs: pkg: - myLib.optimizations.optimizePkg pkg ( - defaultOptimizeAttrs - // cfg.defaultSettings - // { inherit stdenv attributes; } - // attrs - ); -in { + }@attrs: + pkg: + myLib.optimizations.optimizePkg pkg ( + defaultOptimizeAttrs // cfg.defaultSettings // { inherit stdenv attributes; } // attrs + ); +in +{ options.aviallon.optimizations = { enable = mkOption { default = true; @@ -52,12 +59,22 @@ in { blacklist = mkOption { description = "Packages to blacklist from LTO"; type = types.listOf types.str; - default = [ "x265" "cpio" "cups" "gtk+3" "which" "openssh" ]; + default = [ + "x265" + "cpio" + "cups" + "gtk+3" + "which" + "openssh" + ]; }; }; extraCompileFlags = mkOption { default = [ ]; - example = [ "-O2" "-mavx" ]; + example = [ + "-O2" + "-mavx" + ]; description = "Add specific compile flags"; type = types.listOf types.str; }; @@ -66,11 +83,14 @@ in { recursive = 0; level = "slower"; }; - example = { level = "unsafe"; recursive = 0; }; + example = { + level = "unsafe"; + recursive = 0; + }; description = "Specify default options passed to optimizePkg"; }; optimizePkg = mkOption { - default = if cfg.enable then optimizePkg else ({...}: pkg: pkg); + default = if cfg.enable then optimizePkg else ({ ... }: pkg: pkg); example = "pkg: pkg.override { stdenv = pkgs.fastStdenv; }"; description = "Function used for optimizing packages"; type = with types; functionTo (functionTo package); @@ -78,15 +98,26 @@ in { trace = mkEnableOption "trace attributes in overriden derivations"; runtimeOverrides.enable = mkEnableOption "runtime overrides for performance sensitive libraries (glibc, ...)"; blacklist = mkOption { - default = [ # Broken - "alsa-lib" "glib" "lcms2" "gconf" "gnome-vfs" + default = [ + # Broken + "alsa-lib" + "glib" + "lcms2" + "gconf" + "gnome-vfs" - # Very slow - "llvm" "clang" "clang-wrapper" "valgrind" "rustc" "tensorflow" "qtwebengine" + # Very slow + "llvm" + "clang" + "clang-wrapper" + "valgrind" + "rustc" + "tensorflow" + "qtwebengine" - # Fixable with work, but slow for now - "rapidjson" - ]; + # Fixable with work, but slow for now + "rapidjson" + ]; example = [ "bash" ]; description = "Blacklist specific packages from optimizations"; type = types.listOf types.str; @@ -95,13 +126,12 @@ in { type = with types; attrsOf package; default = { }; - example = literalExpression - '' - { - ninja = pkgs.ninja-samurai; - cmake = pkgs.my-cmake-override; - } - ''; + example = literalExpression '' + { + ninja = pkgs.ninja-samurai; + cmake = pkgs.my-cmake-override; + } + ''; description = "Allow overriding packages found in `nativeBuildInputs` with custom packages."; }; }; @@ -109,50 +139,59 @@ in { config = mkIf cfg.enable { aviallon.optimizations.blacklist = mkDefault ( - options.aviallon.optimizations.blacklist.default - ++ (traceValSeq (forEach config.system.replaceRuntimeDependencies (x: lib.getName x.oldDependency ))) + options.aviallon.optimizations.blacklist.default + ++ (traceValSeq (forEach config.system.replaceRuntimeDependencies (x: lib.getName x.oldDependency))) ); - system.replaceDependencies.replacements = mkIf (!lib.inPureEvalMode && cfg.runtimeOverrides.enable) [ - # glibc usually represents 20% of the userland CPU time. It is therefore very much worth optimizing. - /*{ - original = pkgs.glibc; - replacement = let - optimizedFlags = [ "-fipa-pta" ]; - #optimizedFlags = myLib.optimizations.guessOptimizationsFlags pkgs.glibc (defaultOptimizeAttrs // { level = "slower"; recursive = 0; }); - in pkgs.glibc.overrideAttrs (attrs: myLib.debug.traceValWithPrefix "optimizations (glibc)" { - passthru = pkgs.glibc.passthru; - env = (attrs.env or {}) // { - NIX_CFLAGS_COMPILE = (attrs.env.NIX_CFLAGS_COMPILE or "") + (toString optimizedFlags.CFLAGS); - }; - }); - }*/ - # zlib is in second place, given how often it is used - #{ - # original = pkgs.zlib; - # replacement = optimizePkg { level = "slower"; } pkgs.zlib; - #} - ]; + system.replaceDependencies.replacements = + mkIf (!lib.inPureEvalMode && cfg.runtimeOverrides.enable) + [ + # glibc usually represents 20% of the userland CPU time. It is therefore very much worth optimizing. + /* + { + original = pkgs.glibc; + replacement = let + optimizedFlags = [ "-fipa-pta" ]; + #optimizedFlags = myLib.optimizations.guessOptimizationsFlags pkgs.glibc (defaultOptimizeAttrs // { level = "slower"; recursive = 0; }); + in pkgs.glibc.overrideAttrs (attrs: myLib.debug.traceValWithPrefix "optimizations (glibc)" { + passthru = pkgs.glibc.passthru; + env = (attrs.env or {}) // { + NIX_CFLAGS_COMPILE = (attrs.env.NIX_CFLAGS_COMPILE or "") + (toString optimizedFlags.CFLAGS); + }; + }); + } + */ + # zlib is in second place, given how often it is used + #{ + # original = pkgs.zlib; + # replacement = optimizePkg { level = "slower"; } pkgs.zlib; + #} + ]; nixpkgs.overlays = mkAfter [ (self: super: { - veryFastStdenv = super.overrideCC super.gccStdenv (super.buildPackages.gcc_latest.overrideAttrs (old: - let - optimizedAttrs = {} - // { + veryFastStdenv = super.overrideCC super.gccStdenv ( + super.buildPackages.gcc_latest.overrideAttrs ( + old: + let + optimizedAttrs = { } // { configureFlags = [ - "--with-cpu-64=${generalCfg.cpu.arch}" "--with-arch-64=${generalCfg.cpu.arch}" + "--with-cpu-64=${generalCfg.cpu.arch}" + "--with-arch-64=${generalCfg.cpu.arch}" "--with-tune-64=${generalCfg.cpu.tune}" "--with-build-config=bootstrap-lto-lean" ]; - } - ; - ccWithProfiling = old.cc.overrideAttrs (_: { buildFlags = [ "profiledbootstrap" ]; } ); - in { - cc = addAttrs ccWithProfiling optimizedAttrs; - } - )); + }; + ccWithProfiling = old.cc.overrideAttrs (_: { + buildFlags = [ "profiledbootstrap" ]; + }); + in + { + cc = addAttrs ccWithProfiling optimizedAttrs; + } + ) + ); }) - + (self: super: { #jetbrains = super.jetbrains // { # jdk = pipe super.jetbrains.jdk [ diff --git a/optimizations/services.nix b/optimizations/services.nix index d25eb50..7d7f286 100644 --- a/optimizations/services.nix +++ b/optimizations/services.nix @@ -1,4 +1,10 @@ -{ config, options, pkgs, lib, ... }: +{ + config, + options, + pkgs, + lib, + ... +}: with lib; let cfg = config.aviallon.optimizations; @@ -8,7 +14,8 @@ let }; man-db = optimizePkg { level = "moderately-unsafe"; } pkgs.man-db; mandoc = optimizePkg { level = "moderately-unsafe"; } pkgs.mandoc; -in { +in +{ config = mkIf cfg.enable { documentation.man.man-db.package = man-db; documentation.man.mandoc.package = mandoc; diff --git a/packages.nix b/packages.nix index 00a051b..b9de682 100644 --- a/packages.nix +++ b/packages.nix @@ -1,4 +1,10 @@ -{ config, pkgs, lib, myLib, ... }: +{ + config, + pkgs, + lib, + myLib, + ... +}: with lib; let cfg = config.aviallon.programs; @@ -6,12 +12,15 @@ let generalCfg = config.aviallon.general; optimizeCfg = config.aviallon.optimizations; - myOpenssh = if optimizeCfg.enable then (optimizeCfg.optimizePkg {} pkgs.openssh) else pkgs.openssh; + myOpenssh = if optimizeCfg.enable then (optimizeCfg.optimizePkg { } pkgs.openssh) else pkgs.openssh; in { imports = [ ./programs - (mkRenamedOptionModule [ "aviallon" "programs" "compileFlags" ] [ "aviallon" "optimizations" "extraCompileFlags" ]) + (mkRenamedOptionModule + [ "aviallon" "programs" "compileFlags" ] + [ "aviallon" "optimizations" "extraCompileFlags" ] + ) ]; options.aviallon.programs = { @@ -23,14 +32,19 @@ in }; allowUnfreeList = mkOption { default = [ ]; - example = [ "nvidia-x11" "steam" ]; + example = [ + "nvidia-x11" + "steam" + ]; description = "Allow specific unfree software to be installed"; type = types.listOf types.str; }; config = mkOption { - default = {}; + default = { }; type = types.attrs; - example = { cudaSupport = true; }; + example = { + cudaSupport = true; + }; description = "nixpkgs config settings to be applied to all nixpkgs instances"; }; }; @@ -39,33 +53,36 @@ in programs.java.enable = mkDefault (!generalCfg.minimal); - aviallon.programs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) cfg.allowUnfreeList; + aviallon.programs.config.allowUnfreePredicate = + pkg: builtins.elem (lib.getName pkg) cfg.allowUnfreeList; - environment.systemPackages = with pkgs; [] - ++ [ - vim - wget - nano - myOpenssh - psmisc - pciutils - ripgrep - fd - htop - unstable.cachix - usbutils - ] - ++ optionals (!generalCfg.minimal) [ - rsync - par2cmdline # .par2 archive verification - python3 - parallel - coreutils-full - nmap - pv - xxHash - unzip - ]; + environment.systemPackages = + with pkgs; + [ ] + ++ [ + vim + wget + nano + myOpenssh + psmisc + pciutils + ripgrep + fd + htop + unstable.cachix + usbutils + ] + ++ optionals (!generalCfg.minimal) [ + rsync + par2cmdline # .par2 archive verification + python3 + parallel + coreutils-full + nmap + pv + xxHash + unzip + ]; programs.ssh.package = myOpenssh; @@ -77,7 +94,7 @@ in }; programs.ccache.enable = true; - + nix.settings.extra-sandbox-paths = [ (toString config.programs.ccache.cacheDir) ]; diff --git a/packages/aspm_enable/default.nix b/packages/aspm_enable/default.nix index 67e26db..5c13750 100644 --- a/packages/aspm_enable/default.nix +++ b/packages/aspm_enable/default.nix @@ -1,12 +1,13 @@ -{lib -,bc -,pciutils -,gnugrep -,coreutils -,bash -,writeText -,stdenv -,substituteAll +{ + lib, + bc, + pciutils, + gnugrep, + coreutils, + bash, + writeText, + stdenv, + substituteAll, }: with lib; stdenv.mkDerivation rec { @@ -26,13 +27,23 @@ stdenv.mkDerivation rec { substituteAllInPlace $out/bin/aspm_enable; ''; - buildInputs = [ pciutils bc coreutils gnugrep ]; + buildInputs = [ + pciutils + bc + coreutils + gnugrep + ]; meta = { description = "A program to forcibly enable PCIe ASPM for compatible devices"; homepage = "https://wireless.wiki.kernel.org/en/users/Documentation/ASPM"; license = licenses.gpl3Plus; - patforms = [ "x86_64-linux" "i686-linux" "aarch64-linux" "mipsel-linux" ]; + patforms = [ + "x86_64-linux" + "i686-linux" + "aarch64-linux" + "mipsel-linux" + ]; maintainers = with maintainers; [ ]; }; } diff --git a/packages/pinentry.nix b/packages/pinentry.nix index 01d3a58..8898835 100644 --- a/packages/pinentry.nix +++ b/packages/pinentry.nix @@ -33,4 +33,3 @@ writeShellScriptBin "pinentry" '' exec ''${pinentryFlavors[$flavor]}/bin/pinentry '' - diff --git a/power.nix b/power.nix index 64e23bb..3cf6f79 100644 --- a/power.nix +++ b/power.nix @@ -1,10 +1,17 @@ -{ config, pkgs, lib, myLib, ... }: +{ + config, + pkgs, + lib, + myLib, + ... +}: with lib; let generalCfg = config.aviallon.general; cfg = config.aviallon.power; undervoltType = with types; nullOr (addCheck int (x: (x < 0 && x > -200))); -in { +in +{ options.aviallon.power = { enable = mkOption { default = true; @@ -16,7 +23,10 @@ in { default = "performance"; example = "efficiency"; description = "What to optimize towards"; - type = types.enum [ "performance" "efficiency" ]; + type = types.enum [ + "performance" + "efficiency" + ]; }; powerLimit = { enable = mkEnableOption "power limiting"; @@ -101,7 +111,7 @@ in { ConditionACPower = true; }; }; - + systemd.targets.battery-power = { description = "Target is active when power is drawn from a battery."; conflicts = [ "ac-power.target" ]; @@ -113,22 +123,28 @@ in { services.udev.extraRules = '' ACTION!="remove", KERNEL=="AC*", SUBSYSTEM=="power_supply", ATTR{online}=="0", RUN+="${pkgs.systemd}/bin/systemctl stop ac-power.target" ACTION!="remove", KERNEL=="AC*", SUBSYSTEM=="power_supply", ATTR{online}=="1", RUN+="${pkgs.systemd}/bin/systemctl start ac-power.target" - + ACTION!="remove", KERNEL=="BAT*", SUBSYSTEM=="power_supply", ATTR{status}=="Discharging", RUN+="${pkgs.systemd}/bin/systemctl start battery-power.target" ACTION!="remove", KERNEL=="BAT*", SUBSYSTEM=="power_supply", ATTR{status}=="Charging", RUN+="${pkgs.systemd}/bin/systemctl stop battery-power.target" ACTION!="remove", DEVPATH=="*intel-rapl:*", SUBSYSTEM=="powercap", RUN+="${pkgs.coreutils}/bin/chmod g+r '/sys%p/energy_uj'" ''; - users.groups.power = {}; - + users.groups.power = { }; + systemd.services.undervolt-intel = { - script = "" + script = + "" + "${pkgs.undervolt}/bin/undervolt" - + (optionalString (! isNull cfg.undervolt.cpu.coreOffset ) " --core ${toString cfg.undervolt.cpu.coreOffset}") - + (optionalString (! isNull cfg.undervolt.cpu.cacheOffset ) " --cache ${toString cfg.undervolt.cpu.cacheOffset}") - + (optionalString (! isNull cfg.undervolt.cpu.iGPUOffset ) " --gpu ${toString cfg.undervolt.cpu.iGPUOffset}") - ; + + (optionalString ( + !isNull cfg.undervolt.cpu.coreOffset + ) " --core ${toString cfg.undervolt.cpu.coreOffset}") + + (optionalString ( + !isNull cfg.undervolt.cpu.cacheOffset + ) " --cache ${toString cfg.undervolt.cpu.cacheOffset}") + + (optionalString ( + !isNull cfg.undervolt.cpu.iGPUOffset + ) " --gpu ${toString cfg.undervolt.cpu.iGPUOffset}"); serviceConfig = { RemainAfterExit = true; }; @@ -138,11 +154,15 @@ in { }; systemd.services.intel-powerlimit-ac = { - script = "${pkgs.undervolt}/bin/undervolt" - + optionalString (! isNull cfg.powerLimit.ac.cpu ) " --power-limit-long ${toString cfg.powerLimit.ac.cpu} 28" - + optionalString (! isNull cfg.powerLimit.ac.cpuBoost ) " --power-limit-short ${toString cfg.powerLimit.ac.cpuBoost} 0.1" - + optionalString (! isNull cfg.temperature.ac.cpu ) " --temp ${toString cfg.temperature.ac.cpu}" - ; + script = + "${pkgs.undervolt}/bin/undervolt" + + optionalString ( + !isNull cfg.powerLimit.ac.cpu + ) " --power-limit-long ${toString cfg.powerLimit.ac.cpu} 28" + + optionalString ( + !isNull cfg.powerLimit.ac.cpuBoost + ) " --power-limit-short ${toString cfg.powerLimit.ac.cpuBoost} 0.1" + + optionalString (!isNull cfg.temperature.ac.cpu) " --temp ${toString cfg.temperature.ac.cpu}"; unitConfig = { ConditionACPower = true; }; @@ -154,13 +174,19 @@ in { partOf = [ "ac-power.target" ]; enable = (cfg.powerLimit.enable || cfg.temperature.enable) && (generalCfg.cpu.vendor == "intel"); }; - + systemd.services.intel-powerlimit-battery = { - script = "${pkgs.undervolt}/bin/undervolt" - + optionalString (! isNull cfg.powerLimit.battery.cpu ) " --power-limit-long ${toString cfg.powerLimit.battery.cpu} 28" - + optionalString (! isNull cfg.powerLimit.battery.cpuBoost ) " --power-limit-short ${toString cfg.powerLimit.battery.cpuBoost} 0.1" - + optionalString (! isNull cfg.temperature.battery.cpu ) " --temp ${toString cfg.temperature.battery.cpu}" - ; + script = + "${pkgs.undervolt}/bin/undervolt" + + optionalString ( + !isNull cfg.powerLimit.battery.cpu + ) " --power-limit-long ${toString cfg.powerLimit.battery.cpu} 28" + + optionalString ( + !isNull cfg.powerLimit.battery.cpuBoost + ) " --power-limit-short ${toString cfg.powerLimit.battery.cpuBoost} 0.1" + + optionalString ( + !isNull cfg.temperature.battery.cpu + ) " --temp ${toString cfg.temperature.battery.cpu}"; unitConfig = { ConditionACPower = false; }; @@ -172,6 +198,6 @@ in { partOf = [ "battery-power.target" ]; enable = (cfg.powerLimit.enable || cfg.temperature.enable) && (generalCfg.cpu.vendor == "intel"); }; - + }; } diff --git a/programs/bash.nix b/programs/bash.nix index 4396711..ed07da5 100644 --- a/programs/bash.nix +++ b/programs/bash.nix @@ -1,4 +1,9 @@ -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: with lib; { options.aviallon.programs.bash = { diff --git a/programs/firefox.nix b/programs/firefox.nix index 1c2f233..835c9e2 100644 --- a/programs/firefox.nix +++ b/programs/firefox.nix @@ -1,17 +1,27 @@ -{config, pkgs, lib, ...}: +{ + config, + pkgs, + lib, + ... +}: with lib; let - genPrefList = {locked ? false}: prefs: + genPrefList = + { + locked ? false, + }: + prefs: let prefFuncName = if locked then "lockPref" else "defaultPref"; in concatStringsSep "\n" ( - mapAttrsToList - (key: value: ''${prefFuncName}(${builtins.toJSON key}, ${builtins.toJSON value});'' ) - prefs - ); + mapAttrsToList ( + key: value: ''${prefFuncName}(${builtins.toJSON key}, ${builtins.toJSON value});'' + ) prefs + ); cfg = config.programs.firefox; -in { +in +{ config = mkIf cfg.enable { programs.firefox.wrapperConfig = { smartcardSupport = true; @@ -60,7 +70,7 @@ in { Install = [ "uBlock0@raymondhill.net" "magnolia@12.34" - ]; + ]; }; ExtensionSettings = { "uBlock0@raymondhill.net" = { @@ -126,8 +136,9 @@ in { #"privacy.trackingprotection.origin_telemetry.enabled" = false; - } // { - "intl.accept_languages" = "fr-fr,en-us,en"; + } + // { + "intl.accept_languages" = "fr-fr,en-us,en"; "intl.locale.requested" = "fr,en-US"; "media.eme.enabled" = true; # DRM "general.autoScroll" = true; # Middleclick scrolling diff --git a/programs/git.nix b/programs/git.nix index 45203dd..631a292 100644 --- a/programs/git.nix +++ b/programs/git.nix @@ -1,4 +1,10 @@ -{config, pkgs, lib, myLib, ...}: +{ + config, + pkgs, + lib, + myLib, + ... +}: with lib; { programs.git = { diff --git a/programs/htop.nix b/programs/htop.nix index 06915e2..a2b1be3 100644 --- a/programs/htop.nix +++ b/programs/htop.nix @@ -1,12 +1,17 @@ -{config, pkgs, lib, ...}: +{ + config, + pkgs, + lib, + ... +}: { programs.htop.enable = true; programs.htop.settings = { -# fields=0 48 17 18 38 39 40 2 46 47 49 1 -# sort_key=46 -# sort_direction=-1 -# tree_sort_key=0 -# tree_sort_direction=1 + # fields=0 48 17 18 38 39 40 2 46 47 49 1 + # sort_key=46 + # sort_direction=-1 + # tree_sort_key=0 + # tree_sort_direction=1 hide_kernel_threads = true; hide_userland_threads = true; shadow_other_users = 0; @@ -38,9 +43,29 @@ delay = 10; hide_function_bar = 0; header_layout = "two_50_50"; - column_meters_0 = [ "AllCPUs" "Memory" "Swap" ]; - column_meter_modes_0 = [ 1 1 1 ]; - column_meters_1 = [ "Tasks" "LoadAverage" "Uptime" "DiskIO" "NetworkIO" ]; - column_meter_modes_1 = [ 2 2 2 2 2 ]; + column_meters_0 = [ + "AllCPUs" + "Memory" + "Swap" + ]; + column_meter_modes_0 = [ + 1 + 1 + 1 + ]; + column_meters_1 = [ + "Tasks" + "LoadAverage" + "Uptime" + "DiskIO" + "NetworkIO" + ]; + column_meter_modes_1 = [ + 2 + 2 + 2 + 2 + 2 + ]; }; } diff --git a/programs/libreoffice.nix b/programs/libreoffice.nix index 6e11e79..d8706eb 100644 --- a/programs/libreoffice.nix +++ b/programs/libreoffice.nix @@ -1,14 +1,26 @@ -{ config, pkgs, lib, myLib, ... }: +{ + config, + pkgs, + lib, + myLib, + ... +}: with lib; let cfg = config.aviallon.programs.libreoffice; - + applyOverrides = overrides: pkg: pipe pkg overrides; -in { +in +{ options.aviallon.programs.libreoffice = { enable = mkEnableOption "LibreOffice"; variant = mkOption { - type = with types; types.enum [ "still" "fresh" ]; + type = + with types; + types.enum [ + "still" + "fresh" + ]; default = "fresh"; description = "Which LibreOffice variant to use"; }; @@ -35,18 +47,26 @@ in { config = mkIf cfg.enable { aviallon.programs.libreoffice.package = let - overridesList = [] - ++ [(pkg: pkg.override { - variant = cfg.variant; - })] - ++ optional cfg.opencl (pkg: pkg.overrideAttrs (old: { + overridesList = + [ ] + ++ [ + ( + pkg: + pkg.override { + variant = cfg.variant; + } + ) + ] + ++ optional cfg.opencl ( + pkg: + pkg.overrideAttrs (old: { buildInputs = old.buildInputs ++ [ pkgs.ocl-icd ]; - })) - ; - in pkgs.libreoffice.override { - unwrapped = applyOverrides overridesList cfg.package'; - }; - + }) + ); + in + pkgs.libreoffice.override { + unwrapped = applyOverrides overridesList cfg.package'; + }; environment.systemPackages = [ cfg.package diff --git a/programs/nano.nix b/programs/nano.nix index 4190607..8a0ef1d 100644 --- a/programs/nano.nix +++ b/programs/nano.nix @@ -1,4 +1,4 @@ -{config, pkgs, ...}: +{ config, pkgs, ... }: { environment.systemPackages = [ pkgs.nanorc ]; programs.nano.syntaxHighlight = false; diff --git a/programs/nvtop.nix b/programs/nvtop.nix index 09961c8..2c0468b 100644 --- a/programs/nvtop.nix +++ b/programs/nvtop.nix @@ -1,16 +1,32 @@ -{ config, pkgs, lib, myLib, ... }: +{ + config, + pkgs, + lib, + myLib, + ... +}: with lib; let cfg = config.aviallon.programs.nvtop; -in { +in +{ options.aviallon.programs.nvtop = { enable = mkEnableOption "nvtop"; backend = mkOption { description = "Which backend to enable"; - type = with types; listOf (enum [ "nvidia" "amd" "intel" "panthor" "panfrost" "msm" ]); + type = + with types; + listOf (enum [ + "nvidia" + "amd" + "intel" + "panthor" + "panfrost" + "msm" + ]); default = [ "amd" ]; }; - + nvidia = mkEnableOption "Nvidia GPU with proprietary drivers is used"; package = mkOption { internal = true; @@ -25,7 +41,8 @@ in { aviallon.programs.nvtop.package = mkDefault ( if (length cfg.backend > 1) then pkgs.nvtopPackages.full - else pkgs.nvtopPackages.${elemAt cfg.backend 0} + else + pkgs.nvtopPackages.${elemAt cfg.backend 0} ); environment.systemPackages = [ diff --git a/security/default.nix b/security/default.nix index 0f7843b..7e6dcec 100644 --- a/security/default.nix +++ b/security/default.nix @@ -1,4 +1,4 @@ -{config, ...}: +{ config, ... }: { imports = [ ./hardening.nix diff --git a/security/encryption.nix b/security/encryption.nix index e165bd9..56ce971 100644 --- a/security/encryption.nix +++ b/security/encryption.nix @@ -1,8 +1,14 @@ -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: with lib; let cfg = config.aviallon.security.encryption; -in { +in +{ options.aviallon.security.encryption = { enable = mkEnableOption "encryption-related tools and programs"; cryptsetup.package = mkOption { @@ -24,7 +30,7 @@ in { }; boot.initrd.systemd.enable = mkOverride 10 true; - + boot.initrd.availableKernelModules = [ "cryptd" ]; boot.initrd.kernelModules = [ "jitterentropy_rng" ]; }; diff --git a/security/hardening.nix b/security/hardening.nix index 70eef0e..c6220e2 100644 --- a/security/hardening.nix +++ b/security/hardening.nix @@ -1,4 +1,9 @@ -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: with lib; let cfg = config.aviallon.hardening; @@ -32,11 +37,18 @@ in }; imports = [ - (mkRemovedOptionModule [ "aviallon" "hardening" "services" "dbus" ] "dbus should use AppArmor hardening instead") + (mkRemovedOptionModule [ + "aviallon" + "hardening" + "services" + "dbus" + ] "dbus should use AppArmor hardening instead") ]; config = mkIf cfg.enable { - aviallon.boot.kernel.package = mkIf cfg.hardcore (mkDefault pkgs.linuxKernel.kernels.linux_hardened); + aviallon.boot.kernel.package = mkIf cfg.hardcore ( + mkDefault pkgs.linuxKernel.kernels.linux_hardened + ); security.lockKernelModules = mkIf cfg.hardcore (mkQuasiForce true); # security.protectKernelImage = mkIf cfg.hardcore (mkOverride 500 false); # needed for kexec @@ -44,27 +56,26 @@ in security.sudo.execWheelOnly = true; - services.openssh.settings.PermitRootLogin = - if cfg.hardcore then - "no" - else "prohibit-password"; + services.openssh.settings.PermitRootLogin = if cfg.hardcore then "no" else "prohibit-password"; security.apparmor.enable = true; services.dbus.apparmor = "enabled"; aviallon.boot.cmdline = { - "lsm" = [ "landlock" ] - ++ optional cfg.hardcore "lockdown" - ++ [ "yama" ] - # Apparmor https://wiki.archlinux.org/title/AppArmor#Installation - ++ optionals config.security.apparmor.enable [ "apparmor" ] - ++ [ "bpf" ] - ; + "lsm" = [ + "landlock" + ] + ++ optional cfg.hardcore "lockdown" + ++ [ "yama" ] + # Apparmor https://wiki.archlinux.org/title/AppArmor#Installation + ++ optionals config.security.apparmor.enable [ "apparmor" ] + ++ [ "bpf" ]; "lockdown" = if cfg.hardcore then "confidentiality" else "integrity"; # Vsyscall page not readable (default is "emulate". "none" might break statically-linked binaries.) vsyscall = mkIf cfg.hardcore "xonly"; - } // (ifEnable cfg.expensive { + } + // (ifEnable cfg.expensive { # Slab/slub sanity checks, redzoning, and poisoning "init_on_alloc" = 1; "init_on_free" = 1; @@ -93,7 +104,7 @@ in # Is used in podman containers, for instance security.allowUserNamespaces = mkDefault true; -# boot.blacklistedKernelModules = mkForce [ ]; + # boot.blacklistedKernelModules = mkForce [ ]; # Only authorize admins to use nix in hardcore mode nix.allowedUsers = mkIf cfg.hardcore (mkQuasiForce [ "@wheel" ]); @@ -101,34 +112,36 @@ in # Can really badly affect performance in some occasions. security.audit.enable = mkDefault true; security.auditd.enable = mkQuasiForce false; - - systemd.services.systemd-journald = let - rules = pkgs.writeText "audit.rules" (concatStringsSep "\n" config.security.audit.rules); - in mkIf config.security.audit.enable { - serviceConfig = { - #ExecStartPre = "-${pkgs.audit}/bin/augenrules --load"; - ExecStartPre = ''-${pkgs.audit}/bin/auditctl -R ${rules} -e 1 -f 1 -r 1000 -b 64''; - Sockets = [ "systemd-journald-audit.socket" ]; - }; - aliases = [ "auditd.service" ]; - path = [ pkgs.audit ]; - }; - security.audit.rules = [] + systemd.services.systemd-journald = + let + rules = pkgs.writeText "audit.rules" (concatStringsSep "\n" config.security.audit.rules); + in + mkIf config.security.audit.enable { + serviceConfig = { + #ExecStartPre = "-${pkgs.audit}/bin/augenrules --load"; + ExecStartPre = ''-${pkgs.audit}/bin/auditctl -R ${rules} -e 1 -f 1 -r 1000 -b 64''; + Sockets = [ "systemd-journald-audit.socket" ]; + }; + aliases = [ "auditd.service" ]; + path = [ pkgs.audit ]; + }; + + security.audit.rules = + [ ] ++ [ - "-A exclude,always -F msgtype=SERVICE_START" - "-A exclude,always -F msgtype=SERVICE_STOP" - "-A exclude,always -F msgtype=BPF" - "-w /etc/apparmor/ -p wa -k apparmor_changes" - "-w /etc/apparmor.d/ -p wa -k apparmor_changes" - - "-a exit,always -F arch=b64 -S init_module -S finit_module -k module_insertion" - "-a exit,always -F arch=b32 -S init_module -S finit_module -k module_insertion" - "-a exit,always -F arch=b64 -C auid!=euid -F auid!=unset -F euid=0 -S execve -k privesc_execve" - "-a exit,always -F arch=b32 -C auid!=euid -F auid!=unset -F euid=0 -S execve -k privesc_execve" - ] - ++ optional cfg.expensive "-a exit,always -F arch=b64 -S execve -k execve_calls" - ; + "-A exclude,always -F msgtype=SERVICE_START" + "-A exclude,always -F msgtype=SERVICE_STOP" + "-A exclude,always -F msgtype=BPF" + "-w /etc/apparmor/ -p wa -k apparmor_changes" + "-w /etc/apparmor.d/ -p wa -k apparmor_changes" + + "-a exit,always -F arch=b64 -S init_module -S finit_module -k module_insertion" + "-a exit,always -F arch=b32 -S init_module -S finit_module -k module_insertion" + "-a exit,always -F arch=b64 -C auid!=euid -F auid!=unset -F euid=0 -S execve -k privesc_execve" + "-a exit,always -F arch=b32 -C auid!=euid -F auid!=unset -F euid=0 -S execve -k privesc_execve" + ] + ++ optional cfg.expensive "-a exit,always -F arch=b64 -S execve -k execve_calls"; environment.systemPackages = with pkgs; [ sbctl # Secure Boot keys generation diff --git a/security/tpm.nix b/security/tpm.nix index 1b9c77c..6491d49 100644 --- a/security/tpm.nix +++ b/security/tpm.nix @@ -1,10 +1,18 @@ -{config, pkgs, lib, ...}: +{ + config, + pkgs, + lib, + ... +}: with lib; let cfg = config.aviallon.security.tpm; -in { +in +{ options.aviallon.security.tpm = { - enable = (mkEnableOption "TPM") // { default = true; }; + enable = (mkEnableOption "TPM") // { + default = true; + }; tpm1_2.enable = mkEnableOption "TPM 1.2 support"; }; config = mkIf cfg.enable { @@ -12,18 +20,20 @@ in { enable = true; tctiEnvironment.enable = true; pkcs11.enable = true; - }; + }; environment.systemPackages = [ pkgs.tpm2-tools - ] ++ optional cfg.tpm1_2.enable pkgs.tpm-tools; + ] + ++ optional cfg.tpm1_2.enable pkgs.tpm-tools; services.tcsd = mkIf cfg.tpm1_2.enable { enable = true; }; boot.initrd.availableKernelModules = [ - "tpm_tis" "tpm_crb" + "tpm_tis" + "tpm_crb" ]; }; } diff --git a/services/default.nix b/services/default.nix index 6699b3f..0b36735 100644 --- a/services/default.nix +++ b/services/default.nix @@ -1,4 +1,4 @@ -{ config, pkgs, ...}: +{ config, pkgs, ... }: { imports = [ ./jupyterhub.nix diff --git a/services/general.nix b/services/general.nix index 2b39d70..57d664a 100644 --- a/services/general.nix +++ b/services/general.nix @@ -1,4 +1,9 @@ -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: with lib; let cfg = config.aviallon.services; @@ -6,23 +11,28 @@ let laptopCfg = config.aviallon.laptop; generalCfg = config.aviallon.general; - journaldConfigValue = value: - if value == true then "true" - else if value == false then "false" - else if isList value then toString value - else generators.mkValueStringDefault { } value; + journaldConfigValue = + value: + if value == true then + "true" + else if value == false then + "false" + else if isList value then + toString value + else + generators.mkValueStringDefault { } value; - isNullOrEmpty = v: (v == null) || - (isList v && (length v == 0)); + isNullOrEmpty = v: (v == null) || (isList v && (length v == 0)); - journaldConfig = settings: (generators.toKeyValue { - mkKeyValue = generators.mkKeyValueDefault { - mkValueString = journaldConfigValue; - } "="; - } (filterAttrs (n: v: !(isNullOrEmpty v)) - settings) - ); -in { + journaldConfig = + settings: + (generators.toKeyValue { + mkKeyValue = generators.mkKeyValueDefault { + mkValueString = journaldConfigValue; + } "="; + } (filterAttrs (n: v: !(isNullOrEmpty v)) settings)); +in +{ options.aviallon.services = { enable = mkOption { @@ -33,9 +43,15 @@ in { }; journald.extraConfig = mkOption { - default = {}; - example = {}; - type = with types; attrsOf (oneOf [ bool int str ]); + default = { }; + example = { }; + type = + with types; + attrsOf (oneOf [ + bool + int + str + ]); description = "Add extra config to journald with Nix language"; }; }; @@ -64,28 +80,29 @@ in { scriptArgs = "%I"; wantedBy = [ "sshd@.service" ]; }; - + programs.ssh.setXAuthLocation = config.services.xserver.enable; programs.ssh.forwardX11 = mkDefault config.services.xserver.enable; security.pam.services.sudo.forwardXAuth = mkDefault true; # Easier to start GUI programs as root environment.systemPackages = with pkgs; [ waypipe ]; - # Better reliability and performance services.dbus.implementation = "broker"; - - - networking.firewall.allowedTCPPorts = [ 22 ]; - networking.firewall.allowedUDPPorts = [ 22 5353 ]; + networking.firewall.allowedUDPPorts = [ + 22 + 5353 + ]; services.rsyncd.enable = !desktopCfg.enable; services.fstrim.enable = true; - services.haveged.enable = (builtins.compareVersions config.boot.kernelPackages.kernel.version "5.6" < 0); + services.haveged.enable = ( + builtins.compareVersions config.boot.kernelPackages.kernel.version "5.6" < 0 + ); services.irqbalance.enable = true; @@ -103,23 +120,38 @@ in { loglevel = "info"; cgroup_realtime_workaround = false; }; - services.ananicy.extraRules = concatStringsSep "\n" ( forEach [ - { name = "cp"; - type = "BG_CPUIO"; } - { name = "nix-build"; - type = "BG_CPUIO"; } - { name = "nix-store"; - type = "BG_CPUIO"; } - { name = "nix-collect-garbage"; - type = "BG_CPUIO"; } - { name = "nix"; - type = "BG_CPUIO"; } - { name = "X"; - type = "LowLatency_RT"; } - { name = "htop"; - type = "LowLatency_RT"; } - ] (x: builtins.toJSON x)); - + services.ananicy.extraRules = concatStringsSep "\n" ( + forEach [ + { + name = "cp"; + type = "BG_CPUIO"; + } + { + name = "nix-build"; + type = "BG_CPUIO"; + } + { + name = "nix-store"; + type = "BG_CPUIO"; + } + { + name = "nix-collect-garbage"; + type = "BG_CPUIO"; + } + { + name = "nix"; + type = "BG_CPUIO"; + } + { + name = "X"; + type = "LowLatency_RT"; + } + { + name = "htop"; + type = "LowLatency_RT"; + } + ] (x: builtins.toJSON x) + ); # Enusre low-latency response for this time-critical service systemd.services."hdapsd@" = { @@ -148,9 +180,9 @@ in { hinfo = true; # Whether to register a mDNS HINFO record which contains information about the local operating system and CPU. }; extraConfig = mkIf config.services.resolved.enable '' - [server] - enable-dbus=warn - #disallow-other-stacks=yes + [server] + enable-dbus=warn + #disallow-other-stacks=yes ''; }; @@ -158,7 +190,6 @@ in { MulticastDNS = false; }; - services.nginx = { recommendedProxySettings = true; recommendedGzipSettings = true; diff --git a/services/gnupg.nix b/services/gnupg.nix index f0045d3..bdddd0f 100644 --- a/services/gnupg.nix +++ b/services/gnupg.nix @@ -1,17 +1,23 @@ -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: with lib; let gpgNoTTY = pkgs.writeShellScriptBin "gpg-no-tty" '' exec ${pkgs.gnupg}/bin/gpg --batch --no-tty "$@" ''; - pinentrySwitcher = pkgs.callPackage ../packages/pinentry.nix {}; -in { + pinentrySwitcher = pkgs.callPackage ../packages/pinentry.nix { }; +in +{ config = { programs.gnupg = { agent.enable = true; dirmngr.enable = true; - + agent.pinentryPackage = pkgs.pinentry-all; agent.enableSSHSupport = true; agent.enableExtraSocket = true; @@ -29,6 +35,6 @@ in { environment.systemPackages = [ gpgNoTTY ]; - + }; } diff --git a/services/jupyterhub.nix b/services/jupyterhub.nix index a259c09..b84e7ed 100644 --- a/services/jupyterhub.nix +++ b/services/jupyterhub.nix @@ -1,4 +1,9 @@ -{config, pkgs, lib, ...}: +{ + config, + pkgs, + lib, + ... +}: with lib; let cfg = config.aviallon.services.jupyterhub; @@ -7,12 +12,15 @@ in options.aviallon.services.jupyterhub = { enable = mkEnableOption "Jupyterhub server with Python 3 kernel"; }; - + config = mkIf cfg.enable { services.jupyterhub = { enable = true; - kernels.python3 = let - env = (pkgs.python3.withPackages (pythonPackages: with pythonPackages; [ + kernels.python3 = + let + env = ( + pkgs.python3.withPackages ( + pythonPackages: with pythonPackages; [ ipykernel pandas scikit-learn @@ -20,20 +28,23 @@ in matplotlib numpy pip - ])); - in { - displayName = "Python 3 for machine learning"; - argv = [ - "${env.interpreter}" - "-m" - "ipykernel_launcher" - "-f" - "{connection_file}" - ]; - language = "python"; - logo32 = "${env}/${env.sitePackages}/ipykernel/resources/logo-32x32.png"; - logo64 = "${env}/${env.sitePackages}/ipykernel/resources/logo-64x64.png"; - }; + ] + ) + ); + in + { + displayName = "Python 3 for machine learning"; + argv = [ + "${env.interpreter}" + "-m" + "ipykernel_launcher" + "-f" + "{connection_file}" + ]; + language = "python"; + logo32 = "${env}/${env.sitePackages}/ipykernel/resources/logo-32x32.png"; + logo64 = "${env}/${env.sitePackages}/ipykernel/resources/logo-64x64.png"; + }; }; services.nginx = { @@ -41,7 +52,12 @@ in }; services.nginx.virtualHosts = { "jupyterhub.localhost" = { - listen = [ { addr = "0.0.0.0"; port = 80; } ]; + listen = [ + { + addr = "0.0.0.0"; + port = 80; + } + ]; locations."/" = { proxyPass = "http://localhost:${toString config.services.jupyterhub.port}"; proxyWebsockets = true; diff --git a/windows/default.nix b/windows/default.nix index 48769c6..f1fe43d 100644 --- a/windows/default.nix +++ b/windows/default.nix @@ -1,4 +1,4 @@ -{...}: +{ ... }: { imports = [ ./wine.nix diff --git a/windows/wine.nix b/windows/wine.nix index 6e05e9a..f1c00e1 100644 --- a/windows/wine.nix +++ b/windows/wine.nix @@ -1,8 +1,14 @@ -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: with lib; let cfg = config.aviallon.windows.wine; -in { +in +{ options.aviallon.windows.wine = { enable = mkEnableOption "windows executable support on Linux"; package = mkOption {