diff --git a/.git-blame-ignore-revs b/.git-blame-ignore-revs deleted file mode 100644 index 689330a..0000000 --- a/.git-blame-ignore-revs +++ /dev/null @@ -1 +0,0 @@ -bf219a30c29cf3ce35a2d4f1a34ddf17aec32be1 diff --git a/boot.nix b/boot.nix index d06331d..9f2e189 100644 --- a/boot.nix +++ b/boot.nix @@ -1,11 +1,4 @@ -{ - config, - pkgs, - lib, - myLib, - options, - ... -}: +{ config, pkgs, lib, myLib, options, ... }: with lib; let customKernelPatches = { @@ -21,7 +14,7 @@ let ZRAM_DEF_COMP_ZSTD y ''; }; - + enableX32ABI = { name = "enable-x32"; patch = null; @@ -48,126 +41,78 @@ let patch = ./remove-kernel-drm.patch; }; + backports = { }; + + optimizeForCPUArch = arch: let + archConfigMap = { + "k8" = "K8"; "opteron" = "K8"; "athlon64" = "K8"; "athlon-fx" = "K8"; + "k8-sse3" = "K8SSE3"; "opteron-sse3" = "K8SSE3"; "athlon64-sse3" = "K8SSE3"; + "znver1" = "ZEN"; "znver2" = "ZEN2"; "znver3" = "ZEN3"; "znver4" = "ZEN3"; + "bdver1" = "BULLDOZER"; "bdver2" = "PILEDRIVER"; "bdver3" = "STEAMROLLER"; "bdver4" = "EXCAVATOR"; + "barcelona" = "BARCELONA"; "amdfam10" = "BARCELONA"; + "btver1" = "BOBCAT"; "btver2" = "JAGUAR"; - optimizeForCPUArch = - arch: - let - archConfigMap = { - "k8" = "K8"; - "opteron" = "K8"; - "athlon64" = "K8"; - "athlon-fx" = "K8"; - "k8-sse3" = "K8SSE3"; - "opteron-sse3" = "K8SSE3"; - "athlon64-sse3" = "K8SSE3"; - "znver1" = "ZEN"; - "znver2" = "ZEN2"; - "znver3" = "ZEN3"; - "znver4" = "ZEN3"; - "bdver1" = "BULLDOZER"; - "bdver2" = "PILEDRIVER"; - "bdver3" = "STEAMROLLER"; - "bdver4" = "EXCAVATOR"; - "barcelona" = "BARCELONA"; - "amdfam10" = "BARCELONA"; - "btver1" = "BOBCAT"; - "btver2" = "JAGUAR"; + "rocketlake" = "ROCKETLAKE"; "alderlake" = "ALDERLAKE"; + "sapphirerapids" = "SAPPHIRERAPIDS"; "tigerlake" = "TIGERLAKE"; "cooperlake" = "COOPERLAKE"; + "cascadelake" = "CASCADELAKE"; "icelake-server" = "ICELAKE"; "icelake-client" = "ICELAKE"; + "cannonlake" = "CANNONLAKE"; "skylake-avx512" = "SKYLAKEX"; + "tremont" = "GOLDMONTPLUS"; "goldmont-plus" = "GOLDMONTPLUS"; "goldmont" = "GOLDMONT"; + "silvermont" = "SILVERMONT"; "bonnel" = "GENERIC_CPU"; "skylake" = "SKYLAKE"; + "broadwell" = "BROADWELL"; "haswell" = "HASWELL"; + "ivybridge" = "IVYBRIDGE"; "sandybridge" = "SANDYBRIDGE"; + "westmere" = "WESTMERE"; "nehalem" = "NEHALEM"; + "core2" = "CORE2"; + "nocona" = "PSC"; "prescott" = "PSC"; "pentium4m" = "PSC"; "pentium4" = "PSC"; - "rocketlake" = "ROCKETLAKE"; - "alderlake" = "ALDERLAKE"; - "sapphirerapids" = "SAPPHIRERAPIDS"; - "tigerlake" = "TIGERLAKE"; - "cooperlake" = "COOPERLAKE"; - "cascadelake" = "CASCADELAKE"; - "icelake-server" = "ICELAKE"; - "icelake-client" = "ICELAKE"; - "cannonlake" = "CANNONLAKE"; - "skylake-avx512" = "SKYLAKEX"; - "tremont" = "GOLDMONTPLUS"; - "goldmont-plus" = "GOLDMONTPLUS"; - "goldmont" = "GOLDMONT"; - "silvermont" = "SILVERMONT"; - "bonnel" = "GENERIC_CPU"; - "skylake" = "SKYLAKE"; - "broadwell" = "BROADWELL"; - "haswell" = "HASWELL"; - "ivybridge" = "IVYBRIDGE"; - "sandybridge" = "SANDYBRIDGE"; - "westmere" = "WESTMERE"; - "nehalem" = "NEHALEM"; - "core2" = "CORE2"; - "nocona" = "PSC"; - "prescott" = "PSC"; - "pentium4m" = "PSC"; - "pentium4" = "PSC"; - - "nano-3000" = "GENERIC_CPU2"; - "nano-x2" = "GENERIC_CPU2"; - "nano-x4" = "GENERIC_CPU2"; - - "lujiazui" = "GENERIC_CPU2"; - - "native" = "NATIVE_INTEL"; - "x86-64-v2" = "GENERIC_CPU2"; - "x86-64-v3" = "GENERIC_CPU3"; - "x86-64-v4" = "GENERIC_CPU4"; - }; - - archToConfig = - arch: - if (hasAttr arch archConfigMap) then - archConfigMap."${arch}" - else - trace "Warning: '${arch}' not recognized, building for generic CPU" "GENERIC_CPU"; - in - { - name = "optimize-for-${arch}"; - patch = null; - extraConfig = '' - M${archToConfig arch} y - ''; + "nano-3000" = "GENERIC_CPU2"; "nano-x2" = "GENERIC_CPU2"; "nano-x4" = "GENERIC_CPU2"; + + "lujiazui" = "GENERIC_CPU2"; + + "native" = "NATIVE_INTEL"; "x86-64-v2" = "GENERIC_CPU2"; "x86-64-v3" = "GENERIC_CPU3"; "x86-64-v4" = "GENERIC_CPU4"; }; + + archToConfig = arch: + if (hasAttr arch archConfigMap) then archConfigMap."${arch}" + else trace "Warning: '${arch}' not recognized, building for generic CPU" "GENERIC_CPU" + ; + in { + name = "optimize-for-${arch}"; + patch = null; + extraConfig = '' + M${archToConfig arch} y + ''; + }; }; - toCmdlineValue = - v: - if (isBool v) then - (if v then "y" else "n") - else if (isInt v || isString v) then - (toString v) - else if (isList v) then - (concatStringsSep "," v) - else - throw "Invalid value for kernel cmdline parameter"; + toCmdlineValue = v: if (isBool v) then (if v then "y" else "n") + else if (isInt v || isString v) then (toString v) + else if (isList v) then (concatStringsSep "," v) + else throw "Invalid value for kernel cmdline parameter"; - toCmdlineList = - set: - mapAttrsToList ( - key: value: - if (isNull value) then - null - else if (value == "") then - "${key}" - else - "${key}=${toCmdlineValue value}" - ) set; + toCmdlineList = set: mapAttrsToList + (key: value: + if (isNull value) then + null + else if (value == "") then + "${key}" + else + "${key}=${toCmdlineValue value}" + ) set; - isXanmod = kernel: !isNull (strings.match ".*(xanmod).*" kernel.modDirVersion); + isXanmod = kernel: ! isNull (strings.match ".*(xanmod).*" kernel.modDirVersion); kernelVersionOlder = ver: versionOlder cfg.kernel.package.version ver; - + cfg = config.aviallon.boot; generalCfg = config.aviallon.general; - allowUnfree = - (types.isType types.attrs config.nixpkgs.config) - && (hasAttr "allowUnfree" config.nixpkgs.config) - && (getAttr "allowUnfree" config.nixpkgs.config); + allowUnfree = (types.isType types.attrs config.nixpkgs.config) + && (hasAttr "allowUnfree" config.nixpkgs.config) + && (getAttr "allowUnfree" config.nixpkgs.config); cpuConfig = config.aviallon.general.cpu; -in -{ +in { options.aviallon.boot = { enable = mkOption { @@ -183,28 +128,29 @@ in type = types.bool; }; + x32abi.enable = mkEnableOption "X32 kernel ABI"; kvdo.enable = mkEnableOption "dm-kvdo kernel module"; rtGroupSched.enable = mkEnableOption "RT cgroups"; # Breaks standard way of setting RT sched policy to processes energyModel.enable = mkEnableOption "Energy Model"; - + patches = { amdClusterId.enable = mkEnableOption "Energy Model"; }; - + efi = mkOption rec { description = "Use EFI bootloader"; example = true; type = with types; bool; }; - + legacy = mkOption rec { description = "Use legacy bootloader"; default = !cfg.efi; example = true; type = with types; bool; }; - + configurationLimit = mkOption { description = "Maximum number of generations in the boot menu"; default = 3; @@ -215,19 +161,12 @@ in cmdline = mkOption { description = "Kernel params as attributes (instead of list). Set a parameter to `null` to remove it."; default = { }; - example = { - "i915.fastboot" = true; - }; - type = - with types; - lazyAttrsOf ( - nullOr (oneOf [ - bool - int - str - (listOf str) - ]) - ); + example = { "i915.fastboot" = true; }; + type = with types; lazyAttrsOf ( + nullOr ( + oneOf [ bool int str (listOf str) ] + ) + ); }; kernel = { @@ -240,20 +179,16 @@ in addAttributes = mkOption { description = "Merge specified attributes to kernel derivation (via special overideAttrs)"; - default = { }; + default = {}; type = with types; attrs; - example = { - KCFLAGS = "-Wall"; - }; + example = { KCFLAGS = "-Wall"; }; }; addOptimizationAttributes = mkOption { description = "Merge specified attributes to kernel derivation IF aviallon.optimizations.enabled is true"; - default = { }; + default = {}; type = with types; attrs; - example = { - KCFLAGS = "-O3 -fipa-pta"; - }; + example = { KCFLAGS = "-O3 -fipa-pta"; }; }; }; @@ -261,233 +196,216 @@ in }; imports = [ - (mkRemovedOptionModule [ - "aviallon" - "boot" - "extraKCflags" - ] "Replaced by aviallon.boot.kernel.addOptimizationAttributes attrset") - (mkRemovedOptionModule [ "aviallon" "boot" "loops_per_jiffies" ] "Actually unused by the kernel") + ( mkRemovedOptionModule [ "aviallon" "boot" "extraKCflags" ] "Replaced by aviallon.boot.kernel.addOptimizationAttributes attrset" ) + ( mkRemovedOptionModule [ "aviallon" "boot" "loops_per_jiffies" ] "Actually unused by the kernel" ) ]; config = mkMerge [ - { - assertions = [ - { - assertion = cfg.efi -> !cfg.legacy; - message = "exactly one of aviallon.boot.efi and aviallon.boot.legacy must be set"; - } - { - assertion = cfg.legacy -> cfg.useGrub; - message = "Using GRUB is mandatory for legacy BIOS"; - } - ]; + { + assertions = [ + { assertion = cfg.efi -> !cfg.legacy; + message = "exactly one of aviallon.boot.efi and aviallon.boot.legacy must be set"; + } + { assertion = cfg.legacy -> cfg.useGrub; + message = "Using GRUB is mandatory for legacy BIOS"; + } + ]; - boot.kernelParams = filter (v: !(isNull v)) (toCmdlineList cfg.cmdline); - } - (mkIf cfg.enable { + boot.kernelParams = filter (v: ! (isNull v)) (toCmdlineList cfg.cmdline); + } + (mkIf cfg.enable { + + hardware.enableAllFirmware = allowUnfree; + hardware.enableRedistributableFirmware = true; - hardware.enableAllFirmware = allowUnfree; - hardware.enableRedistributableFirmware = true; + aviallon.boot.cmdline = { + "syscall.x32" = mkIf cfg.x32abi.enable true; - aviallon.boot.cmdline = { - "syscall.x32" = mkIf cfg.x32abi.enable true; + # Reboot after 5 seconds on panic (prevent system lockup) + "panic" = 5; - # Reboot after 5 seconds on panic (prevent system lockup) - "panic" = 5; + # From systemd(1): systemd.show_status + # Takes a boolean argument or the constants error and auto. Can be also specified without an argument, with the same effect as a positive boolean. If enabled, the systemd manager (PID 1) shows + # terse service status updates on the console during bootup. With error, only messages about failures are shown, but boot is otherwise quiet. auto behaves like false until there is a significant + # delay in boot. Defaults to enabled, unless quiet is passed as kernel command line option, in which case it defaults to error. + "systemd.show_status" = + if config.boot.consoleLogLevel <= 1 then + "no" + else if config.boot.consoleLogLevel < 4 then + "error" + else if config.boot.consoleLogLevel == 4 then + "auto" + else + "yes" + ; - # From systemd(1): systemd.show_status - # Takes a boolean argument or the constants error and auto. Can be also specified without an argument, with the same effect as a positive boolean. If enabled, the systemd manager (PID 1) shows - # terse service status updates on the console during bootup. With error, only messages about failures are shown, but boot is otherwise quiet. auto behaves like false until there is a significant - # delay in boot. Defaults to enabled, unless quiet is passed as kernel command line option, in which case it defaults to error. - "systemd.show_status" = - if config.boot.consoleLogLevel <= 1 then - "no" - else if config.boot.consoleLogLevel < 4 then - "error" - else if config.boot.consoleLogLevel == 4 then - "auto" - else - "yes"; + # 'quiet' is required to silence systemd-efi-stub messages + "quiet" = mkIf (config.boot.consoleLogLevel <= 4) true; + }; - # 'quiet' is required to silence systemd-efi-stub messages - "quiet" = mkIf (config.boot.consoleLogLevel <= 4) true; - }; + nixpkgs.overlays = [(final: prev: { + # Use bleeding-edge linux firmware + linux-firmware = prev.unstable.linux-firmware; + })]; - nixpkgs.overlays = [ - (final: prev: { - # Use bleeding-edge linux firmware - linux-firmware = prev.unstable.linux-firmware; - }) - ]; + boot = { + bootspec.enableValidation = true; + + initrd.kernelModules = [ ]; + initrd.availableKernelModules = [ "ehci_pci" ]; - boot = { - bootspec.enableValidation = true; + # Required for many features, like rootluks TPM-unlock, etc. + initrd.systemd.enable = true; - initrd.kernelModules = [ ]; - initrd.availableKernelModules = [ "ehci_pci" ]; + initrd.compressor = "zstd"; + initrd.compressorArgs = [ "-T0" "-9" ]; - # Required for many features, like rootluks TPM-unlock, etc. - initrd.systemd.enable = true; - - initrd.compressor = "zstd"; - initrd.compressorArgs = [ - "-T0" - "-9" - ]; - - kernelPackages = - with myLib.debug; - let - baseKernel = traceValWithPrefix "aviallon.boot.kernel.package" cfg.kernel.package; - - # Possible CFLAGS source : (myLib.optimizations.makeOptimizationFlags {}).CFLAGS - kCflags = traceValWithPrefix "kCflags" ( - [ - "-march=${cpuConfig.arch}" - "-mtune=${cpuConfig.tune or cpuConfig.arch}" - ] - ++ optional ( - !isNull cpuConfig.caches.lastLevel - ) "--param l2-cache-size=${toString cpuConfig.caches.lastLevel}" - ++ optional (!isNull cpuConfig.caches.l1d) "--param l1-cache-size=${toString cpuConfig.caches.l1d}" - ); - kRustflags = traceValWithPrefix "kRustflags" ([ - "-Ctarget-cpu=${cpuConfig.arch}" - "-Ctune-cpu=${cpuConfig.tune or cpuConfig.arch}" - ]); - - optimizedKernelAttrs = traceValWithPrefix "optimizedKernelAttrs" ( - optionalAttrs config.aviallon.optimizations.enable ( - myLib.attrsets.mergeAttrsRecursive - { - env = { - KCFLAGS = kCflags; - KRUSTFLAGS = kRustflags; - }; - } - ( - traceValWithPrefix "aviallon.boot.kernel.addOptimizationAttributes" cfg.kernel.addOptimizationAttributes - ) - ) - ); - moddedKernelAttrs = traceValWithPrefix "moddedKernelAttrs" ( - myLib.attrsets.mergeAttrsRecursive (traceValWithPrefix "aviallon.boot.kernel.addAttributes" cfg.kernel.addAttributes) optimizedKernelAttrs - ); - - noDRMKernel = - if cfg.removeKernelDRM then - baseKernel.overrideAttrs (old: { - passthru = baseKernel.passthru; - nativeBuildInputs = old.nativeBuildInputs ++ [ pkgs.gnused ]; - postPatch = (old.postPatch or "") + '' - sed -i -e 's/_EXPORT_SYMBOL(sym, "_gpl")/_EXPORT_SYMBOL(sym, "")/g' -e 's/__EXPORT_SYMBOL(sym, "_gpl", __stringify(ns))/__EXPORT_SYMBOL(sym, "", __stringify(ns))/g' include/linux/export.h - ''; - }) - else - baseKernel; - - moddedKernel = myLib.optimizations.addAttrs noDRMKernel moddedKernelAttrs; - - #patchedKernel = - # if (length config.boot.kernelPatches > 0) then - # moddedKernel.override (old: { - # structuredExtraConfig = mergeAttrs [ (old.structuredExtraConfig or {}) config.boot.kernelPatches.extraStructuredConfig ]; - # }) - # else - # moddedKernel - # ; - - in - mkOverride 2 (pkgs.linuxPackagesFor noDRMKernel); - - kernelPatches = - [ ] - ++ optional cfg.x32abi.enable customKernelPatches.enableX32ABI - ++ optional cfg.rtGroupSched.enable customKernelPatches.enableRTGroupSched - ++ optional cfg.energyModel.enable customKernelPatches.enableEnergyModel - ++ optional (isXanmod cfg.kernel.package && config.aviallon.optimizations.enable) ( - customKernelPatches.optimizeForCPUArch config.aviallon.general.cpu.arch + kernelPackages = with myLib.debug; let + baseKernel = traceValWithPrefix "aviallon.boot.kernel.package" cfg.kernel.package; + + # Possible CFLAGS source : (myLib.optimizations.makeOptimizationFlags {}).CFLAGS + kCflags = traceValWithPrefix "kCflags" ( + [ + "-march=${cpuConfig.arch}" + "-mtune=${cpuConfig.tune or cpuConfig.arch}" + ] + ++ optional (! isNull cpuConfig.caches.lastLevel ) "--param l2-cache-size=${toString cpuConfig.caches.lastLevel}" + ++ optional (! isNull cpuConfig.caches.l1d ) "--param l1-cache-size=${toString cpuConfig.caches.l1d}" + ); + kRustflags = traceValWithPrefix "kRustflags" ( + [ + "-Ctarget-cpu=${cpuConfig.arch}" + "-Ctune-cpu=${cpuConfig.tune or cpuConfig.arch}" + ] + ); + + optimizedKernelAttrs = traceValWithPrefix "optimizedKernelAttrs" ( + optionalAttrs config.aviallon.optimizations.enable ( + myLib.attrsets.mergeAttrsRecursive + { + env = { + KCFLAGS = kCflags; + KRUSTFLAGS = kRustflags; + }; + } + (traceValWithPrefix "aviallon.boot.kernel.addOptimizationAttributes" cfg.kernel.addOptimizationAttributes) ) - ++ optional config.aviallon.optimizations.enable customKernelPatches.zstd; + ); + moddedKernelAttrs = traceValWithPrefix "moddedKernelAttrs" ( + myLib.attrsets.mergeAttrsRecursive (traceValWithPrefix "aviallon.boot.kernel.addAttributes" cfg.kernel.addAttributes) optimizedKernelAttrs + ); - # Hide boot menu for systemd-boot by default - loader.timeout = mkIf (!cfg.useGrub) 0; + noDRMKernel = + if cfg.removeKernelDRM then + baseKernel.overrideAttrs (old: { + passthru = baseKernel.passthru; + nativeBuildInputs = old.nativeBuildInputs ++ [ pkgs.gnused ]; + postPatch = (old.postPatch or "") + '' + sed -i -e 's/_EXPORT_SYMBOL(sym, "_gpl")/_EXPORT_SYMBOL(sym, "")/g' -e 's/__EXPORT_SYMBOL(sym, "_gpl", __stringify(ns))/__EXPORT_SYMBOL(sym, "", __stringify(ns))/g' include/linux/export.h + ''; + }) + else + baseKernel + ; + - loader.grub.enable = cfg.useGrub; - loader.grub = { - device = mkIf cfg.efi "nodev"; - efiSupport = cfg.efi; - configurationLimit = cfg.configurationLimit; - gfxpayloadBios = "keep"; - }; + moddedKernel = myLib.optimizations.addAttrs noDRMKernel moddedKernelAttrs; - loader.systemd-boot = { - enable = cfg.efi && (!cfg.useGrub); - configurationLimit = cfg.configurationLimit; - consoleMode = mkDefault "max"; - extraInstallCommands = - let - efiDir = config.boot.loader.efi.efiSysMountPoint; - in - '' - export PATH="$PATH:${getBin pkgs.coreutils-full}/bin:${getBin pkgs.gnused}/bin" - rpath= - generation= - specialization= - boot_generation_path=$(realpath /run/booted-system) - for path in /nix/var/nix/profiles/system-*-link; do - rpath=$(realpath "$path") - ok=false - if [ "$rpath" = "$boot_generation_path" ]; then - echo "Good path: $path" - ok=true - fi - for spec in "$path"/specialisation/*; do - if [ "$(realpath $spec)" = "$boot_generation_path" ]; then - ok=true - specialization="$spec" - echo "Good specialization: $specialization" - break - fi - done - if $ok; then - generation="''${path##*/system-}" - generation="''${generation%%-link}" - break - fi - done - if [ -z "$generation" ]; then - echo "Failed to find current boot's generation!" - exit 1 - fi + #patchedKernel = + # if (length config.boot.kernelPatches > 0) then + # moddedKernel.override (old: { + # structuredExtraConfig = mergeAttrs [ (old.structuredExtraConfig or {}) config.boot.kernelPatches.extraStructuredConfig ]; + # }) + # else + # moddedKernel + # ; + + in mkOverride 2 (pkgs.linuxPackagesFor noDRMKernel); - loader_entry="${efiDir}/loader/entries/nixos-generation-''${generation}.conf" - if ! [ -z "$specialization" ]; then - specialization_name=$(basename -- "$specialization") - echo "Specialization is: $specialization_name" - loader_entry="${efiDir}/loader/entries/nixos-generation-''${generation}-specialisation-''${specialization_name}.conf" - fi + kernelPatches = [] + ++ optional cfg.x32abi.enable customKernelPatches.enableX32ABI + ++ optional cfg.rtGroupSched.enable customKernelPatches.enableRTGroupSched + ++ optional cfg.energyModel.enable customKernelPatches.enableEnergyModel + ++ optional (isXanmod cfg.kernel.package && config.aviallon.optimizations.enable) (customKernelPatches.optimizeForCPUArch config.aviallon.general.cpu.arch) + ++ optional config.aviallon.optimizations.enable customKernelPatches.zstd + ; - if ! [ -f "$loader_entry" ]; then - echo "Failed to find corresponding loader generation entry:" ''${loader_entry} "not found" - echo -e "\e[33mWARNING:\e[0m This may mean that your aviallon.boot.configurationLimit is set too low!" - exit 1 - fi + # Hide boot menu for systemd-boot by default + loader.timeout = mkIf (!cfg.useGrub) 0; - sed -i 's/version /version /' "$loader_entry" && - echo "Marked generation $generation as last sucessfully booted" - ''; - }; - - loader.generic-extlinux-compatible = { - configurationLimit = cfg.configurationLimit; - }; - - loader = { - efi.efiSysMountPoint = mkDefault "/boot/efi"; - efi.canTouchEfiVariables = mkDefault true; - }; + loader.grub.enable = cfg.useGrub; + loader.grub = { + device = mkIf cfg.efi "nodev"; + efiSupport = cfg.efi; + configurationLimit = cfg.configurationLimit; + gfxpayloadBios = "keep"; }; - }) + + loader.systemd-boot = { + enable = cfg.efi && (!cfg.useGrub); + configurationLimit = cfg.configurationLimit; + consoleMode = mkDefault "max"; + extraInstallCommands = let + efiDir = config.boot.loader.efi.efiSysMountPoint; + in '' + export PATH="$PATH:${getBin pkgs.coreutils-full}/bin:${getBin pkgs.gnused}/bin" + rpath= + generation= + specialization= + boot_generation_path=$(realpath /run/booted-system) + for path in /nix/var/nix/profiles/system-*-link; do + rpath=$(realpath "$path") + ok=false + if [ "$rpath" = "$boot_generation_path" ]; then + echo "Good path: $path" + ok=true + fi + for spec in "$path"/specialisation/*; do + if [ "$(realpath $spec)" = "$boot_generation_path" ]; then + ok=true + specialization="$spec" + echo "Good specialization: $specialization" + break + fi + done + if $ok; then + generation="''${path##*/system-}" + generation="''${generation%%-link}" + break + fi + done + if [ -z "$generation" ]; then + echo "Failed to find current boot's generation!" + exit 1 + fi + + loader_entry="${efiDir}/loader/entries/nixos-generation-''${generation}.conf" + if ! [ -z "$specialization" ]; then + specialization_name=$(basename -- "$specialization") + echo "Specialization is: $specialization_name" + loader_entry="${efiDir}/loader/entries/nixos-generation-''${generation}-specialisation-''${specialization_name}.conf" + fi + + if ! [ -f "$loader_entry" ]; then + echo "Failed to find corresponding loader generation entry:" ''${loader_entry} "not found" + echo -e "\e[33mWARNING:\e[0m This may mean that your aviallon.boot.configurationLimit is set too low!" + exit 1 + fi + + sed -i 's/version /version /' "$loader_entry" && + echo "Marked generation $generation as last sucessfully booted" + ''; + }; + + loader.generic-extlinux-compatible = { + configurationLimit = cfg.configurationLimit; + }; + + loader = { + efi.efiSysMountPoint = mkDefault "/boot/efi"; + efi.canTouchEfiVariables = mkDefault true; + }; + }; + }) ]; } diff --git a/default.nix b/default.nix index 1af9ce9..9036995 100644 --- a/default.nix +++ b/default.nix @@ -1,4 +1,4 @@ -{ config, ... }: +{config, ...}: { imports = [ ./general.nix diff --git a/desktop/browser.nix b/desktop/browser.nix index 9b577a6..110e995 100644 --- a/desktop/browser.nix +++ b/desktop/browser.nix @@ -1,77 +1,56 @@ -{ - config, - pkgs, - lib, - myLib, - options, - ... -}: +{ config, pkgs, lib, myLib, options, ... }: with lib; let cfg = config.aviallon.desktop; generalCfg = config.aviallon.general; -in -{ +in { options.aviallon.desktop.browser = { firefox.overrides = mkOption { internal = true; description = "Override firefox package settings"; type = types.attrs; - default = { }; - example = { - enablePlasmaIntegration = true; - }; + default = {}; + example = { enablePlasmaIntegration = true; }; }; chromium = { package = mkOption { internal = true; type = myLib.types.package'; default = pkgs.chromium; - example = literalExpression ''pkgs.ungoogled-chromium ''; + example = literalExpression '' pkgs.ungoogled-chromium ''; }; overrides = mkOption { internal = true; description = "Override chromium package settings"; type = types.attrs; - default = { }; - example = { - commandLineArgs = [ - "--enable-features=UseOzonePlatform" - "--ozone-platform=wayland" - ]; - }; + default = {}; + example = { commandLineArgs = [ "--enable-features=UseOzonePlatform" "--ozone-platform=wayland" ]; }; }; commandLineArgs = mkOption { description = "Override chromium flags"; type = with types; listOf str; default = [ "--ozone-platform-hint=auto" ]; - example = [ - "--ozone-platform-hint=auto" - "--ignore-gpu-blacklist" - ]; + example = [ "--ozone-platform-hint=auto" "--ignore-gpu-blacklist" ]; }; }; }; config = mkIf (cfg.enable && !generalCfg.minimal) { environment.systemPackages = with pkgs; [ - (cfg.browser.chromium.package.override cfg.browser.chromium.overrides) - # firefox is added by plasma or gnome - ]; + (cfg.browser.chromium.package.override cfg.browser.chromium.overrides) + # firefox is added by plasma or gnome + ]; - nixpkgs.overlays = [ - (final: prev: { - myFirefox = (final.callPackage ../packages/firefox.nix cfg.browser.firefox.overrides); - }) - ]; + + nixpkgs.overlays = [(final: prev: { + myFirefox = (final.callPackage ../packages/firefox.nix cfg.browser.firefox.overrides); + })]; aviallon.desktop.browser.chromium.overrides.enableWideVine = true; aviallon.programs.allowUnfreeList = [ - "chromium-unwrapped" - "chrome-widevine-cdm" - "ungoogled-chromium" - "chromium" # because of widevine + "chromium-unwrapped" "chrome-widevine-cdm" + "ungoogled-chromium" "chromium" # because of widevine ]; environment.variables = { @@ -79,10 +58,8 @@ in }; aviallon.desktop.browser.chromium.overrides.commandLineArgs = cfg.browser.chromium.commandLineArgs; - aviallon.desktop.browser.chromium.commandLineArgs = mkIf generalCfg.unsafeOptimizations ( - options.aviallon.desktop.browser.chromium.commandLineArgs.default - ++ [ - "--flag-switches-begin" + aviallon.desktop.browser.chromium.commandLineArgs = mkIf generalCfg.unsafeOptimizations (options.aviallon.desktop.browser.chromium.commandLineArgs.default ++ [ + "--flag-switches-begin" "--ignore-gpu-blacklist" "--enable-gpu-rasterization" "--enable-quic" @@ -91,9 +68,8 @@ in "--canvas-oop-rasterization" "--enable-features=VaapiVideoDecoder,VaapiVideoEncoder,WebRTCPipeWireCapturer" "--disable-features=UseChromeOSDirectVideoDecoder" - "--flag-switches-end" - ] - ); + "--flag-switches-end" + ]); programs.chromium = { enable = true; diff --git a/desktop/console.nix b/desktop/console.nix index b56faf0..959de72 100644 --- a/desktop/console.nix +++ b/desktop/console.nix @@ -1,25 +1,23 @@ -{ - config, - pkgs, - lib, - ... -}: +{ config, pkgs, lib, ... }: with lib; let xcfg = config.services.xserver; generalCfg = config.aviallon.general; -in -{ +in { config = { services.kmscon = { hwRender = mkDefault xcfg.enable; - extraConfig = - "" - + optionalString (!isNull xcfg.layout) "xkb-layout=${xcfg.layout}" - + optionalString (!isNull xcfg.xkbVariant) "xkb-variant=${xcfg.xkbVariant}" - + optionalString (!isNull xcfg.xkbOptions) "xkb-options=${xcfg.xkbOptions}" - + "font-dpi=${toString (xcfg.dpi or 96)}"; - enable = mkDefault (!generalCfg.minimal); + extraConfig = "" + + optionalString ( ! isNull xcfg.layout ) + "xkb-layout=${xcfg.layout}" + + optionalString ( ! isNull xcfg.xkbVariant ) + "xkb-variant=${xcfg.xkbVariant}" + + optionalString ( ! isNull xcfg.xkbOptions ) + "xkb-options=${xcfg.xkbOptions}" + + "font-dpi=${toString (xcfg.dpi or 96)}" + ; + enable = mkDefault (! generalCfg.minimal ); }; }; } + diff --git a/desktop/default.nix b/desktop/default.nix index c90314e..e5e7a62 100644 --- a/desktop/default.nix +++ b/desktop/default.nix @@ -1,9 +1,4 @@ -{ - config, - pkgs, - lib, - ... -}: +{ config, pkgs, lib, ... }: with lib; { imports = [ diff --git a/desktop/developer.nix b/desktop/developer.nix index 468b1ec..da313aa 100644 --- a/desktop/developer.nix +++ b/desktop/developer.nix @@ -1,20 +1,12 @@ -{ - config, - pkgs, - lib, - ... -}: +{ config, pkgs, lib, ... }: with lib; let cfg = config.aviallon.developer; generalCfg = config.aviallon.general; -in -{ +in { options.aviallon.developer = { enable = mkEnableOption "enable developer mode on this machine"; - virtualization.host.enable = (mkEnableOption "hypervisor virtualization services") // { - default = true; - }; + virtualization.host.enable = (mkEnableOption "hypervisor virtualization services") // { default = true; }; virtualbox.unstable = mkEnableOption "use unstable virtualbox"; }; config = mkIf cfg.enable { @@ -34,7 +26,7 @@ in PROMPT_COMMAND="_direnv_hook''${PROMPT_COMMAND:+;$PROMPT_COMMAND}" fi ''; - + environment.systemPackages = with pkgs; [ #tabnine numactl @@ -62,22 +54,20 @@ in ccls # C/C++ lua-language-server # Lua nil # Nix - + nixfmt-rfc-style (hiPrio clinfo) # hiPrio to override HIP's clinfo binutils cpuset gptfdisk # gdisk - + gcc gnumake cmake - linux-manual - man-pages - man-pages-posix - + linux-manual man-pages man-pages-posix + linuxHeaders # Virtualization tools @@ -109,6 +99,7 @@ in }; }; + virtualisation.spiceUSBRedirection.enable = true; # Quality of life security.virtualisation.flushL1DataCache = "never"; # We do not care, we are on a dev platform @@ -118,25 +109,19 @@ in host.enableHardening = false; # Causes kernel build failures }; - nixpkgs.overlays = - [ ] - ++ optional cfg.virtualbox.unstable ( - final: prev: { - virtualbox = final.unstable.virtualbox; - virtualboxExtpack = final.unstable.virtualboxExtpack; - } - ); + nixpkgs.overlays = [] + ++ optional cfg.virtualbox.unstable (final: prev: { + virtualbox = final.unstable.virtualbox; + virtualboxExtpack = final.unstable.virtualboxExtpack; + }) + ; console.enable = true; - boot.initrd.systemd.emergencyAccess = mkIf ( - config.users.users.root.hashedPassword != null - ) config.users.users.root.hashedPassword; + boot.initrd.systemd.emergencyAccess = mkIf (config.users.users.root.hashedPassword != null) config.users.users.root.hashedPassword; environment.extraOutputsToInstall = [ - "doc" - "info" - "dev" + "doc" "info" "dev" ]; services.ollama = { @@ -145,14 +130,12 @@ in group = "ollama"; user = "ollama"; package = - if config.aviallon.hardware.amd.enable then - pkgs.unstable.ollama-rocm - else if - (config.aviallon.hardware.nvidia.enable && config.aviallon.hardware.nvidia.variant != "nouveau") - then - pkgs.unstable.ollama-cuda - else - pkgs.unstable.ollama; + if config.aviallon.hardware.amd.enable + then pkgs.unstable.ollama-rocm + else if (config.aviallon.hardware.nvidia.enable && config.aviallon.hardware.nvidia.variant != "nouveau") + then pkgs.unstable.ollama-cuda + else pkgs.unstable.ollama + ; }; aviallon.services.journald.extraConfig = { @@ -162,10 +145,8 @@ in aviallon.boot.configurationLimit = mkDefault 10; aviallon.programs.allowUnfreeList = [ - "tabnine" - "clion" - "Oracle_VM_VirtualBox_Extension_Pack" - "virtualbox" + "tabnine" "clion" + "Oracle_VM_VirtualBox_Extension_Pack" "virtualbox" "intelephense" ]; }; diff --git a/desktop/flatpak.nix b/desktop/flatpak.nix index 785051c..db95eba 100644 --- a/desktop/flatpak.nix +++ b/desktop/flatpak.nix @@ -1,56 +1,45 @@ -{ - config, - pkgs, - lib, - ... -}: +{ config, pkgs, lib, ...}: with lib; let cfg = config.aviallon.desktop; -in -{ +in { config = mkIf cfg.enable { - services.flatpak.enable = mkDefault true; - systemd.services.flatpak-add-flathub = { - script = '' - exec ${pkgs.flatpak}/bin/flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo - ''; - serviceConfig.Type = "oneshot"; - requires = [ - "network-online.target" - ]; - after = [ - "network-online.target" - ]; - wantedBy = [ - "graphical.target" - ]; - }; + services.flatpak.enable = mkDefault true; + systemd.services.flatpak-add-flathub = { + script = '' + exec ${pkgs.flatpak}/bin/flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo + ''; + serviceConfig.Type = "oneshot"; + requires = [ + "network-online.target" + ]; + after = [ + "network-online.target" + ]; + wantedBy = [ + "graphical.target" + ]; + }; - systemd.services.flatpak-workaround-cursors = { - script = '' - exec ${pkgs.flatpak}/bin/flatpak override --filesystem=/usr/share/icons/:ro - ''; - serviceConfig.Type = "oneshot"; - wantedBy = [ - "graphical.target" - ]; - }; + systemd.services.flatpak-workaround-cursors = { + script = '' + exec ${pkgs.flatpak}/bin/flatpak override --filesystem=/usr/share/icons/:ro + ''; + serviceConfig.Type = "oneshot"; + wantedBy = [ + "graphical.target" + ]; + }; - fileSystems = - let - mkRoSymBind = path: { + fileSystems = + let mkRoSymBind = path: { device = path; fsType = "none"; - options = [ - "rbind" - "ro" - "x-gvfs-hide" - ]; + options = [ "rbind" "ro" "x-gvfs-hide" ]; }; - in - { + in { "/usr/share/icons" = mkRoSymBind "/run/current-system/sw/share/icons"; }; - }; + } + ; } diff --git a/desktop/games.nix b/desktop/games.nix index 669ccba..e67e765 100644 --- a/desktop/games.nix +++ b/desktop/games.nix @@ -1,19 +1,11 @@ -{ - config, - pkgs, - lib, - myLib, - suyu, - ... -}: +{ config, pkgs, lib, myLib, suyu, ... }: with lib; let cfg = config.aviallon.desktop; generalCfg = config.aviallon.general; optimizePkg = config.aviallon.optimizations.optimizePkg; mkTmpDir = dirpath: cleanup: "D ${dirpath} 777 root root ${cleanup}"; -in -{ +in { options = { aviallon.desktop.gaming = { @@ -32,40 +24,27 @@ in }; }; }; - + config = mkIf cfg.gaming.enable { assertions = [ - { - assertion = cfg.gaming.enable -> cfg.enable; - message = "Gaming features requires desktop to be enabled"; - } - { - assertion = cfg.gaming.enable -> !generalCfg.minimal; - message = "Gaming features are incompatible with minimal mode"; - } + { assertion = cfg.gaming.enable -> cfg.enable; message = "Gaming features requires desktop to be enabled"; } + { assertion = cfg.gaming.enable -> !generalCfg.minimal; message = "Gaming features are incompatible with minimal mode"; } ]; - - environment.systemPackages = - let - my_yuzu = cfg.gaming.yuzu.package.overrideAttrs (old: { - cmakeFlags = old.cmakeFlags ++ [ - #"-DYUZU_USE_PRECOMPILED_HEADERS=OFF" - #"-DDYNARMIC_USE_PRECOMPILED_HEADERS=OFF" - ]; - }); - in - with pkgs; - [ + + environment.systemPackages = let + my_yuzu = cfg.gaming.yuzu.package.overrideAttrs (old: { + cmakeFlags = old.cmakeFlags ++ [ + #"-DYUZU_USE_PRECOMPILED_HEADERS=OFF" + #"-DDYNARMIC_USE_PRECOMPILED_HEADERS=OFF" + ]; + }); + in with pkgs; [ gamescope mangohud lutris bottles - ] - ++ optionals cfg.gaming.emulation [ - (optimizePkg { - recursive = 0; - lto = false; - } my_yuzu) + ] ++ optionals cfg.gaming.emulation [ + (optimizePkg { recursive = 0; lto = false; } my_yuzu) (optimizePkg { } cfg.gaming.ryujinx.package) ]; @@ -125,10 +104,7 @@ in }; aviallon.programs.allowUnfreeList = [ - "steam" - "steam-original" - "steam-runtime" - "steam-run" + "steam" "steam-original" "steam-runtime" "steam-run" ]; }; diff --git a/desktop/general.nix b/desktop/general.nix index 4f46b9c..7dfd8a6 100644 --- a/desktop/general.nix +++ b/desktop/general.nix @@ -1,16 +1,9 @@ -{ - config, - pkgs, - lib, - myLib, - ... -}: +{ config, pkgs, lib, myLib, ... }: with lib; let cfg = config.aviallon.desktop; generalCfg = config.aviallon.general; -in -{ +in { options.aviallon.desktop = { enable = mkOption { default = true; @@ -21,13 +14,7 @@ in environment = mkOption { default = "plasma"; example = "gnome"; - type = - with types; - enum [ - "plasma" - "plasma6" - "gnome" - ]; + type = with types; enum [ "plasma" "plasma6" "gnome" ]; description = "What Desktop Environment to use"; }; layout = mkOption { @@ -64,13 +51,7 @@ in }; imports = [ - (mkRemovedOptionModule [ - "aviallon" - "desktop" - "graphics" - "shaderCache" - "path" - ] "Now always relative to $XDG_CACHE_HOME") + (mkRemovedOptionModule [ "aviallon" "desktop" "graphics" "shaderCache" "path" ] "Now always relative to $XDG_CACHE_HOME" ) ]; config = mkIf cfg.enable (mkMerge [ @@ -90,6 +71,7 @@ in services.xserver.xkb.layout = cfg.layout; services.xserver.xkb.options = "eurosign:e"; + aviallon.boot.cmdline = { splash = mkIf (!generalCfg.debug) ""; "udev.log_level" = mkIf (!generalCfg.debug) 3; @@ -111,7 +93,7 @@ in # Enable running X11 apps on Wayland programs.xwayland.enable = true; - + # Enable touchpad support (enabled default in most desktopManager). services.libinput.enable = true; @@ -122,7 +104,9 @@ in p7zip ]; - security.sudo.extraConfig = '' + + security.sudo.extraConfig = + '' # Keep X and Wayland related variables for better GUI integration Defaults:root,%wheel env_keep+=DISPLAY Defaults:root,%wheel env_keep+=XAUTHORITY @@ -130,7 +114,8 @@ in Defaults:root,%wheel env_keep+=WAYLAND_DISPLAY Defaults:root,%wheel env_keep+=WAYLAND_SOCKET Defaults:root,%wheel env_keep+=XDG_RUNTIME_DIR - ''; + '' + ; } (mkIf (!generalCfg.minimal) { @@ -150,7 +135,7 @@ in programs.thunderbird.enable = true; hardware.graphics.enable32Bit = mkDefault cfg.gaming.enable; - + environment.systemPackages = with pkgs; [ mesa-demos vdpauinfo @@ -189,16 +174,16 @@ in }; aviallon.programs.allowUnfreeList = [ - "spotify" - "spotify-unwrapped" + "spotify" "spotify-unwrapped" "veracrypt" ]; + aviallon.programs.libreoffice.enable = true; - + services.packagekit.enable = mkDefault true; - + # SmartCards #services.pcscd.enable = mkDefault true; diff --git a/desktop/gnome.nix b/desktop/gnome.nix index d542589..2fe3f63 100644 --- a/desktop/gnome.nix +++ b/desktop/gnome.nix @@ -1,73 +1,66 @@ -{ - config, - pkgs, - lib, - ... -}: +{config, pkgs, lib, ...}: with lib; let - cfg = config.aviallon.desktop; -in -{ - config = mkIf (cfg.enable && (cfg.environment == "gnome")) { - services.xserver.desktopManager.gnome = { - enable = true; + cfg = config.aviallon.desktop; +in { + config = mkIf (cfg.enable && (cfg.environment == "gnome")) { + services.xserver.desktopManager.gnome = { + enable = true; + }; + services.xserver.displayManager.gdm = { + enable = true; + }; + + services.gnome = { + sushi.enable = true; + tracker.enable = true; + tracker-miners.enable = true; + core-shell.enable = true; + gnome-keyring.enable = true; + glib-networking.enable = true; + gnome-user-share.enable = true; + core-os-services.enable = true; + gnome-remote-desktop.enable = true; + gnome-online-miners.enable = true; + gnome-initial-setup.enable = true; + gnome-settings-daemon.enable = true; + gnome-online-accounts.enable = true; + gnome-browser-connector.enable = true; + }; + + qt5.platformTheme = "gnome"; # Force Gnome theme for better UX + + xdg.portal = { + enable = mkDefault true; + }; + + programs.chromium.extensions = [ + "gphhapmejobijbbhgpjhcjognlahblep" # Gnome Shell integration + ]; + + programs.firefox.enable = true; + programs.firefox.nativeMessagingHosts.packages = [ pkgs.gnomeExtensions.bowser-gnome-extension ]; + + aviallon.programs.libreoffice.enable = true; + + environment.systemPackages = with pkgs; [ guake ] + ++ (with gnome; [ + gnome-software + ]) + ++ (with gnomeExtensions; [ + gamemode + dash-to-dock + dash-to-dock-toggle + dash-to-dock-animator + tray-icons-reloaded + ]) + ; + systemd.packages = with pkgs; [ + gnomeExtensions.gamemode + gnomeExtensions.dash-to-dock + gnomeExtensions.dash-to-dock-animator + gnomeExtensions.dash-to-dock-toggle + gnomeExtensions.tray-icons-reloaded + ]; }; - services.xserver.displayManager.gdm = { - enable = true; - }; - - services.gnome = { - sushi.enable = true; - tracker.enable = true; - tracker-miners.enable = true; - core-shell.enable = true; - gnome-keyring.enable = true; - glib-networking.enable = true; - gnome-user-share.enable = true; - core-os-services.enable = true; - gnome-remote-desktop.enable = true; - gnome-online-miners.enable = true; - gnome-initial-setup.enable = true; - gnome-settings-daemon.enable = true; - gnome-online-accounts.enable = true; - gnome-browser-connector.enable = true; - }; - - qt5.platformTheme = "gnome"; # Force Gnome theme for better UX - - xdg.portal = { - enable = mkDefault true; - }; - - programs.chromium.extensions = [ - "gphhapmejobijbbhgpjhcjognlahblep" # Gnome Shell integration - ]; - - programs.firefox.enable = true; - programs.firefox.nativeMessagingHosts.packages = [ pkgs.gnomeExtensions.bowser-gnome-extension ]; - - aviallon.programs.libreoffice.enable = true; - - environment.systemPackages = - with pkgs; - [ guake ] - ++ (with gnome; [ - gnome-software - ]) - ++ (with gnomeExtensions; [ - gamemode - dash-to-dock - dash-to-dock-toggle - dash-to-dock-animator - tray-icons-reloaded - ]); - systemd.packages = with pkgs; [ - gnomeExtensions.gamemode - gnomeExtensions.dash-to-dock - gnomeExtensions.dash-to-dock-animator - gnomeExtensions.dash-to-dock-toggle - gnomeExtensions.tray-icons-reloaded - ]; - }; } diff --git a/desktop/multimedia.nix b/desktop/multimedia.nix index e582149..4a6cd2a 100644 --- a/desktop/multimedia.nix +++ b/desktop/multimedia.nix @@ -1,9 +1,4 @@ -{ - config, - lib, - pkgs, - ... -}: +{ config, lib, pkgs, ... }: with lib; let cfg = config.aviallon.desktop; @@ -13,31 +8,26 @@ let noiseFilterStrength = cfg.audio.noise-filter.strength; }; - airplayConfig = pkgs.callPackage ./pipewire/pipewire-airplay.conf.nix { }; + airplayConfig = pkgs.callPackage ./pipewire/pipewire-airplay.conf.nix {}; # Multimedia Packages - ffmpeg-full-unfree = - let - withUnfree = pkgs.unstable.ffmpeg-full.override { - withUnfree = true; - withTensorflow = false; - }; - in - withUnfree; - -in -{ + ffmpeg-full-unfree = let + withUnfree = pkgs.unstable.ffmpeg-full.override { + withUnfree = true; + withTensorflow = false; + }; + in withUnfree; + +in { config = mkIf (cfg.enable && !generalCfg.minimal) { environment.systemPackages = with pkgs; [ ffmpeg-full-unfree krita - (pkgs.wrapOBS { - plugins = with obs-studio-plugins; [ - obs-pipewire-audio-capture - ]; - }) - + (pkgs.wrapOBS { plugins = with obs-studio-plugins; [ + obs-pipewire-audio-capture + ]; }) + #scribus yt-dlp #jellyfin-media-player # https://github.com/NixOS/nixpkgs/issues/437865 https://github.com/jellyfin/jellyfin-media-player/issues/282 @@ -46,11 +36,10 @@ in #jamesdsp # Audio post-processing ]; - nixpkgs.overlays = [ - (final: prev: { - inherit ffmpeg-full-unfree; - }) - ]; + nixpkgs.overlays = [(final: prev: { + inherit ffmpeg-full-unfree; + })]; + # Enable sound. services.pulseaudio.enable = false; @@ -87,12 +76,9 @@ in "node.description" = "Sortie combinée"; "combine.latency-compensate" = true; "combine.props" = { - "audio.position" = [ - "FL" - "FR" - ]; + "audio.position" = [ "FL" "FR" ]; }; - "stream.props" = { }; + "stream.props" = {}; "stream.rules" = [ { matches = [ @@ -104,7 +90,7 @@ in "media.class" = "Audio/Sink"; } ]; - actions.create-stream = { }; + actions.create-stream = {}; } ]; }; @@ -119,61 +105,50 @@ in "bluez5.enable-sbc-xq" = true; # Should be default now "bluez5.enable-msbc" = true; # Default "bluez5.enable-hw-volume" = true; # Default - "bluez5.headset-roles" = [ - "hsp_hs" - "hsp_ag" - "hfp_hf" - "hfp_ag" - ]; + "bluez5.headset-roles" = [ "hsp_hs" "hsp_ag" "hfp_hf" "hfp_ag" ]; }; }; + security.rtkit.enable = true; # Real-time support for pipewire aviallon.programs.allowUnfreeList = [ "ffmpeg-full" # Because of unfree codecs ]; + # Hardware-agnostic audio denoising - systemd.user.services = - let - mkPipewireModule = - { conf, description }: - { - unitConfig = { - Slice = "session.slice"; - }; - serviceConfig = { - ExecStart = [ - "${getBin config.services.pipewire.package}/bin/pipewire -c ${conf}" - ]; - Type = "simple"; - Restart = "on-failure"; - }; - bindsTo = [ "pipewire.service" ]; - after = [ "pipewire.service" ]; - environment = { - PIPEWIRE_DEBUG = "3"; - }; - wantedBy = [ "pipewire.service" ]; - inherit description; - }; - in - { - pipewire-noise-filter = mkIf cfg.audio.noise-filter.enable ( - (mkPipewireModule { - conf = filterConfig; - description = "Pipewire Noise Filter"; - }) - // { - enable = cfg.audio.noise-filter.strength > 0.0; - } - ); - pipewire-airplay-sink = mkIf cfg.audio.airplay.enable (mkPipewireModule { - conf = airplayConfig; - description = "Pipewire Airplay Sink"; - }); + systemd.user.services = let + mkPipewireModule = {conf, description}: { + unitConfig = { + Slice = "session.slice"; + }; + serviceConfig = { + ExecStart = [ + "${getBin config.services.pipewire.package}/bin/pipewire -c ${conf}" + ]; + Type = "simple"; + Restart = "on-failure"; + }; + bindsTo = [ "pipewire.service" ]; + after = [ "pipewire.service" ]; + environment = { + PIPEWIRE_DEBUG = "3"; + }; + wantedBy = [ "pipewire.service" ]; + inherit description; }; + in { + pipewire-noise-filter = mkIf cfg.audio.noise-filter.enable ( + (mkPipewireModule { conf = filterConfig; description = "Pipewire Noise Filter"; }) // + { + enable = cfg.audio.noise-filter.strength > 0.0; + } + ); + pipewire-airplay-sink = mkIf cfg.audio.airplay.enable ( + mkPipewireModule { conf = airplayConfig; description = "Pipewire Airplay Sink"; } + ); + }; }; } diff --git a/desktop/pipewire/pipewire-airplay.conf.nix b/desktop/pipewire/pipewire-airplay.conf.nix index aacc279..b36e979 100644 --- a/desktop/pipewire/pipewire-airplay.conf.nix +++ b/desktop/pipewire/pipewire-airplay.conf.nix @@ -1,64 +1,63 @@ -{ - lib, - writeText, +{ lib +, writeText }: -writeText "pipewire-airplay.conf" '' - # Noise canceling source - # - # start with pipewire -c filter-chain/source-rnnoise.conf - # - context.properties = { - log.level = 3 - } +writeText "pipewire-airplay.conf" '' +# Noise canceling source +# +# start with pipewire -c filter-chain/source-rnnoise.conf +# +context.properties = { + log.level = 3 +} - #context.spa-libs = { - # audio.convert.* = audioconvert/libspa-audioconvert - # support.* = support/libspa-support - #} +#context.spa-libs = { +# audio.convert.* = audioconvert/libspa-audioconvert +# support.* = support/libspa-support +#} - context.modules = [ - { name = libpipewire-module-rtkit - args = { - nice.level = -11 - } - flags = [ ifexists nofail ] - } - { name = libpipewire-module-protocol-native } - { name = libpipewire-module-client-node } - { name = libpipewire-module-adapter } +context.modules = [ + { name = libpipewire-module-rtkit + args = { + nice.level = -11 + } + flags = [ ifexists nofail ] + } + { name = libpipewire-module-protocol-native } + { name = libpipewire-module-client-node } + { name = libpipewire-module-adapter } - { name = libpipewire-raop-discover - args = { - #raop.latency.ms = 1000 - stream.rules = [ - { matches = [ - { raop.ip = "~.*" - #raop.port = 1000 - #raop.name = "" - #raop.hostname = "" - #raop.domain = "" - #raop.device = "" - #raop.transport = "udp" | "tcp" - #raop.encryption.type = "RSA" | "auth_setup" | "none" - #raop.audio.codec = "PCM" | "ALAC" | "AAC" | "AAC-ELD" - #audio.channels = 2 - #audio.format = "S16" | "S24" | "S32" - #audio.rate = 44100 - #device.model = "" - } - ] - actions = { - create-stream = { - #raop.password = "" - stream.props = { - #target.object = "" - media.class = "Audio/Sink" - } - } - } - } - ] # stream.rules - } # args - } - }]'' + { name = libpipewire-raop-discover + args = { + #raop.latency.ms = 1000 + stream.rules = [ + { matches = [ + { raop.ip = "~.*" + #raop.port = 1000 + #raop.name = "" + #raop.hostname = "" + #raop.domain = "" + #raop.device = "" + #raop.transport = "udp" | "tcp" + #raop.encryption.type = "RSA" | "auth_setup" | "none" + #raop.audio.codec = "PCM" | "ALAC" | "AAC" | "AAC-ELD" + #audio.channels = 2 + #audio.format = "S16" | "S24" | "S32" + #audio.rate = 44100 + #device.model = "" + } + ] + actions = { + create-stream = { + #raop.password = "" + stream.props = { + #target.object = "" + media.class = "Audio/Sink" + } + } + } + } + ] # stream.rules + } # args + } +}]'' diff --git a/desktop/pipewire/pipewire-noise-filter.conf.nix b/desktop/pipewire/pipewire-noise-filter.conf.nix index d9a065e..2ea0eed 100644 --- a/desktop/pipewire/pipewire-noise-filter.conf.nix +++ b/desktop/pipewire/pipewire-noise-filter.conf.nix @@ -1,66 +1,65 @@ -{ - lib, - writeText, - rnnoise-plugin, - noiseFilterStrength, +{ lib +, writeText +, rnnoise-plugin +, noiseFilterStrength }: -writeText "pipewire-noise-filter.conf" '' - # Noise canceling source - # - # start with pipewire -c filter-chain/source-rnnoise.conf - # - context.properties = { - log.level = 3 - } +writeText "pipewire-noise-filter.conf" '' +# Noise canceling source +# +# start with pipewire -c filter-chain/source-rnnoise.conf +# +context.properties = { + log.level = 3 +} - context.spa-libs = { - audio.convert.* = audioconvert/libspa-audioconvert - support.* = support/libspa-support - } +context.spa-libs = { + audio.convert.* = audioconvert/libspa-audioconvert + support.* = support/libspa-support +} - context.modules = [ - { name = libpipewire-module-rtkit - args = { - nice.level = -11 - } - flags = [ ifexists nofail ] - } - { name = libpipewire-module-protocol-native } - { name = libpipewire-module-client-node } - { name = libpipewire-module-adapter } +context.modules = [ + { name = libpipewire-module-rtkit + args = { + nice.level = -11 + } + flags = [ ifexists nofail ] + } + { name = libpipewire-module-protocol-native } + { name = libpipewire-module-client-node } + { name = libpipewire-module-adapter } - { name = libpipewire-module-filter-chain - args = { - node.name = "rnnoise_source" - node.description = "Noise Canceling source" - media.name = "Noise Canceling source" - filter.graph = { - nodes = [ - { - type = ladspa - name = rnnoise - plugin = ${rnnoise-plugin}/lib/ladspa/librnnoise_ladspa.so - label = noise_suppressor_stereo - control = { - "VAD Threshold (%)" = ${toString noiseFilterStrength} - "VAD Grace Period (ms)" = 200 - "Retroactive VAD Grace (ms)" = 0 - } - } - ] - } - capture.props = { - node.name = "capture.rnnoise_source" - node.passive = true - audio.rate = 48000 - } - playback.props = { - node.name = "rnnoise_source.output" - media.class = Audio/Source - node.virtual = false - audio.rate = 48000 - } - } - } - ]'' + { name = libpipewire-module-filter-chain + args = { + node.name = "rnnoise_source" + node.description = "Noise Canceling source" + media.name = "Noise Canceling source" + filter.graph = { + nodes = [ + { + type = ladspa + name = rnnoise + plugin = ${rnnoise-plugin}/lib/ladspa/librnnoise_ladspa.so + label = noise_suppressor_stereo + control = { + "VAD Threshold (%)" = ${toString noiseFilterStrength} + "VAD Grace Period (ms)" = 200 + "Retroactive VAD Grace (ms)" = 0 + } + } + ] + } + capture.props = { + node.name = "capture.rnnoise_source" + node.passive = true + audio.rate = 48000 + } + playback.props = { + node.name = "rnnoise_source.output" + media.class = Audio/Source + node.virtual = false + audio.rate = 48000 + } + } + } +]'' diff --git a/desktop/plasma/default.nix b/desktop/plasma/default.nix index b2f6d7b..eae9279 100644 --- a/desktop/plasma/default.nix +++ b/desktop/plasma/default.nix @@ -1,23 +1,16 @@ -{ - config, - pkgs, - nixpkgs-unstable, - lib, - ... -}: +{config, pkgs, nixpkgs-unstable, lib, ...}: with lib; let cfg = config.aviallon.desktop; optimizeCfg = config.aviallon.optimizations; -in -{ +in { imports = [ ./plasma6.nix ]; - config = mkIf (cfg.enable && (cfg.environment == "plasma" || cfg.environment == "plasma6")) { - programs.firefox.enable = true; + config = mkIf (cfg.enable && (cfg.environment == "plasma" || cfg.environment == "plasma6" )) { + programs.firefox.enable = true; programs.firefox.policies.Extensions.Install = [ "plasma-browser-integration@kde.org" ]; programs.chromium.extensions = [ @@ -35,17 +28,17 @@ in }; #environment.systemPackages = [ - #config.programs.gnupg.agent.pinentryPackage + #config.programs.gnupg.agent.pinentryPackage #]; systemd.user.services.setup-xdg-cursors = mkIf config.xdg.icons.enable { script = '' - [ -d "$HOME/.icons/default" ] || mkdir -p "$HOME/.icons/default" - cat >"$HOME/.icons/default/index.theme" <"$HOME/.icons/default/index.theme" < 0; in - if hasSwap then "150%" else "75%"; + if hasSwap then "150%" else "75%" + ; services.smartd = { enable = mkDefault true; @@ -161,4 +137,4 @@ in notifications.systembus-notify.enable = config.aviallon.desktop.enable; }; }; -} +} diff --git a/filesystems/btrfs.nix b/filesystems/btrfs.nix index 2de7c0c..9340c4e 100644 --- a/filesystems/btrfs.nix +++ b/filesystems/btrfs.nix @@ -1,19 +1,12 @@ -{ - config, - pkgs, - lib, - myLib, - ... -}: +{ config, pkgs, lib, myLib, ... }: with lib; let cfg = config.aviallon.filesystems.btrfs; #fsCfg = config.fileSystems; btrfsPaths = [ "/" ]; - # btrfsPaths = filterAttrs (n: v: v.fsType == "btrfs") fsCfg; +# btrfsPaths = filterAttrs (n: v: v.fsType == "btrfs") fsCfg; generalCfg = config.aviallon.general; -in -{ +in { options.aviallon.filesystems.btrfs = { enable = mkEnableOption "BTRFS support"; autoScrub = { @@ -64,11 +57,11 @@ in }; systemd.services.duperemove = { script = '' - mkdir -p $DATA_DIR - exec ${pkgs.duperemove}/bin/duperemove \ - --io-threads=${toString cfg.autoDedup.ioThreads} --cpu-threads=${toString cfg.autoDedup.cpuThreads} \ - --dedupe-options=same \ - --hashfile=$DATA_DIR/hashes.db -h -v -rd "$@" + mkdir -p $DATA_DIR + exec ${pkgs.duperemove}/bin/duperemove \ + --io-threads=${toString cfg.autoDedup.ioThreads} --cpu-threads=${toString cfg.autoDedup.cpuThreads} \ + --dedupe-options=same \ + --hashfile=$DATA_DIR/hashes.db -h -v -rd "$@" ''; scriptArgs = concatStringsSep " " cfg.autoDedup.paths; # %S : state diff --git a/filesystems/zfs.nix b/filesystems/zfs.nix index cecb08e..f47b698 100644 --- a/filesystems/zfs.nix +++ b/filesystems/zfs.nix @@ -1,27 +1,21 @@ -{ - config, - lib, - pkgs, - ... -}: +{config, lib, pkgs, ...}: with lib; let cfg = config.aviallon.filesystems.zfs; -in -{ +in { options.aviallon.filesystems.zfs = { enable = mkEnableOption "ZFS support"; }; config = mkIf cfg.enable { - boot.initrd.supportedFilesystems = [ "zfs" ]; # boot from zfs + boot.initrd.supportedFilesystems = ["zfs"]; # boot from zfs boot.supportedFilesystems = [ "zfs" ]; aviallon.filesystems.udevRules = mkAfter [ # ZFS doesn't like additional schedulers ''SUBSYSTEM=="block", ACTION!="remove", KERNEL=="sd[a-z]*[0-9]*|mmcblk[0-9]*p[0-9]*|nvme[0-9]*n[0-9]*p[0-9]*", ENV{ID_FS_TYPE}=="zfs_member", ATTR{../queue/scheduler}="none"'' ]; - + services.zfs.autoScrub.enable = true; services.zfs.autoSnapshot.enable = true; diff --git a/flake.nix b/flake.nix index eb9a8c0..02ef3b7 100644 --- a/flake.nix +++ b/flake.nix @@ -19,36 +19,33 @@ }; outputs = - inputs@{ - self, - nixpkgs, - nur, - nixpkgs-unstable, - fps, - suyu, - ... - }: - let + inputs@{ self + , nixpkgs + , nur + , nixpkgs-unstable + , fps + , suyu + , ... + }: let lib = nixpkgs.lib; myLib = import ./lib { inherit lib; }; - mkPkgs = - pkgs: - { - system ? system, - config, - overlays ? [ ], - ... - }: - import pkgs { inherit system config overlays; }; - in - { + mkPkgs = pkgs: { system ? system + , config + , overlays ? [ ] + , ... + }: import pkgs { inherit system config overlays; }; + in { inherit self inputs myLib; - overlays.default = final: prev: self.overlay final (nur.overlay final prev); + overlays.default = final: prev: + self.overlay + final + (nur.overlay final prev) + ; - overlay = (final: prev: { }); + overlay = (final: prev: {}); nixosModules = rec { aviallon = import ./default.nix; @@ -57,8 +54,6 @@ nixpkgsConfig = self.nixosModules.aviallon.aviallon.programs.config; - specialArgs = inputs // { - inherit myLib; - }; + specialArgs = inputs // { inherit myLib; }; }; } diff --git a/general.nix b/general.nix index 939aeb8..a213e9d 100644 --- a/general.nix +++ b/general.nix @@ -1,10 +1,4 @@ -{ - config, - pkgs, - lib, - myLib, - ... -}: +{ config, pkgs, lib, myLib, ... }: with lib; let cfg = config.aviallon.general; @@ -14,12 +8,7 @@ let in { imports = [ - (mkRemovedOptionModule [ - "aviallon" - "general" - "flakes" - "enable" - ] "Flakes are now enabled by default") + (mkRemovedOptionModule [ "aviallon" "general" "flakes" "enable" ] "Flakes are now enabled by default") (mkRenamedOptionModule [ "aviallon" "general" "cpuVendor" ] [ "aviallon" "general" "cpu" "vendor" ]) (mkRenamedOptionModule [ "aviallon" "general" "cpuArch" ] [ "aviallon" "general" "cpu" "arch" ]) (mkRenamedOptionModule [ "aviallon" "general" "cpuTune" ] [ "aviallon" "general" "cpu" "tune" ]) @@ -35,7 +24,7 @@ in }; minimal = mkEnableOption "minimal installation"; - + cpu = { threads = mkOption { default = null; @@ -43,16 +32,21 @@ in description = "Number of physical threads of the machine"; type = with types; nullOr ints.positive; }; - + vendor = mkOption { default = null; example = "amd"; description = "Vendor of you CPU. Either AMD or Intel"; type = types.str; }; - + arch = mkOption { - default = if cfg.cpu.x86.level >= 2 then "x86-64-v${toString cfg.cpu.x86.level}" else "x86-64"; + default = + if cfg.cpu.x86.level >= 2 then + "x86-64-v${toString cfg.cpu.x86.level}" + else + "x86-64" + ; example = "x86-64-v2"; description = "Set CPU arch used in overlays, ..."; type = types.str; @@ -63,7 +57,7 @@ in description = "Set CPU tuning for compilers"; type = types.str; }; - + caches = { l1d = mkOption { default = null; @@ -90,7 +84,7 @@ in type = with types; nullOr ints.positive; }; }; - + x86 = { level = mkOption { default = 1; @@ -119,11 +113,9 @@ in font = "Lat2-Terminus16"; }; - boot.initrd.systemd.contents = - mkIf (config.boot.initrd.systemd.enable && !config.console.earlySetup) - { - "/etc/kbd/consolefonts".source = "${pkgs.kbd}/share/consolefonts"; - }; + boot.initrd.systemd.contents = mkIf (config.boot.initrd.systemd.enable && !config.console.earlySetup) { + "/etc/kbd/consolefonts".source = "${pkgs.kbd}/share/consolefonts"; + }; aviallon.boot.cmdline = mkIf cfg.unsafeOptimizations { mitigations = "off"; diff --git a/hardware/amd/amdgpu.nix b/hardware/amd/amdgpu.nix index c9dd588..b48cff8 100644 --- a/hardware/amd/amdgpu.nix +++ b/hardware/amd/amdgpu.nix @@ -1,17 +1,11 @@ -{ - config, - pkgs, - lib, - ... -}: +{ config, pkgs, lib, ... }: with lib; let cfg = config.aviallon.hardware.amd; devCfg = config.aviallon.developer; generalCfg = config.aviallon.general; -in -{ - config = mkIf (cfg.enable && cfg.kernelDriver == "amdgpu") { +in { + config = mkIf (cfg.enable && cfg.kernelDriver == "amdgpu") { boot.initrd.kernelModules = [ "amdgpu" ]; hardware.amdgpu.legacySupport.enable = true; @@ -28,7 +22,9 @@ in SUBSYSTEM=="pci", DRIVER=="amdgpu", ATTR{power_dpm_force_performance_level}="auto" ''; - services.xserver.videoDrivers = optional cfg.useProprietary "amdgpu-pro" ++ [ "modesetting" ]; + services.xserver.videoDrivers = + optional cfg.useProprietary "amdgpu-pro" + ++ [ "modesetting" ]; hardware.amdgpu.opencl.enable = true; diff --git a/hardware/amd/cpu.nix b/hardware/amd/cpu.nix index 41a0d8b..c6a97a0 100644 --- a/hardware/amd/cpu.nix +++ b/hardware/amd/cpu.nix @@ -1,25 +1,16 @@ -{ - config, - pkgs, - lib, - ... -}: +{config, pkgs, lib, ...}: with lib; let generalCfg = config.aviallon.general; - enableZenpower = - (!isNull (builtins.match "znver[1-3]" generalCfg.cpu.arch)) && (versionOlder kernelVersion "6.13"); + enableZenpower = (! isNull (builtins.match "znver[1-3]" generalCfg.cpu.arch)) && (versionOlder kernelVersion "6.13"); kernelVersion = getVersion config.boot.kernelPackages.kernel; -in -{ +in { config = mkIf (generalCfg.cpu.vendor == "amd") { boot.kernel.sysctl = { # Why: https://www.phoronix.com/news/Ryzen-Segv-Response # Workaround: https://forums.gentoo.org/viewtopic-p-2605135.html#2605135 - "kernel.randomize_va_space" = mkIf (generalCfg.cpu.arch == "znver1") ( - warn "Disable Adress Space Layout Randomization on Ryzen 1 CPU" 0 - ); + "kernel.randomize_va_space" = mkIf (generalCfg.cpu.arch == "znver1" ) (warn "Disable Adress Space Layout Randomization on Ryzen 1 CPU" 0); }; aviallon.boot.cmdline = { @@ -29,23 +20,26 @@ in else if versionAtLeast kernelVersion "6.3" then "active" else - "passive"; - } - // optionalAttrs (generalCfg.cpu.arch == "znver2") { + "passive" + ; + } // optionalAttrs (generalCfg.cpu.arch == "znver2") { # Required for Zen 2 "amd_pstate.shared_memory" = 1; }; - aviallon.boot.patches = mkIf config.aviallon.optimizations.enable { }; + aviallon.boot.patches = mkIf config.aviallon.optimizations.enable {}; - boot.extraModulePackages = - with config.boot.kernelPackages; - [ ] ++ optional enableZenpower (info "enable zenpower for Ryzen [1-3] CPU" zenpower); + boot.extraModulePackages = with config.boot.kernelPackages; [] + ++ optional enableZenpower (info "enable zenpower for Ryzen [1-3] CPU" zenpower) + ; - boot.kernelModules = [ ] ++ optional enableZenpower "zenpower"; + boot.kernelModules = [] + ++ optional enableZenpower "zenpower" + ; - boot.blacklistedKernelModules = - [ ] ++ optional enableZenpower "k10-temp" # Superseded by zenpower + boot.blacklistedKernelModules = [] + ++ optional enableZenpower "k10-temp" # Superseded by zenpower ; }; } + diff --git a/hardware/amd/default.nix b/hardware/amd/default.nix index 853baf0..bc80fdc 100644 --- a/hardware/amd/default.nix +++ b/hardware/amd/default.nix @@ -1,15 +1,9 @@ -{ - config, - pkgs, - lib, - ... -}: +{ config, pkgs, lib, ... }: with lib; let cfg = config.aviallon.hardware.amd; generalCfg = config.aviallon.general; -in -{ +in { options.aviallon.hardware.amd = { enable = mkEnableOption "AMD gpus"; useProprietary = mkEnableOption "Use proprietary AMDGPU Pro"; @@ -20,12 +14,7 @@ in }; kernelDriver = mkOption { description = "wether to use radeon or amdgpu kernel driver"; - type = - with types; - enum [ - "radeon" - "amdgpu" - ]; + type = with types; enum [ "radeon" "amdgpu" ]; default = "amdgpu"; }; }; @@ -36,7 +25,7 @@ in ./radeon.nix ./rocm.nix ]; - + config = mkIf cfg.enable { aviallon.programs.nvtop = { diff --git a/hardware/amd/radeon.nix b/hardware/amd/radeon.nix index efd1372..671cc1e 100644 --- a/hardware/amd/radeon.nix +++ b/hardware/amd/radeon.nix @@ -1,16 +1,10 @@ -{ - config, - pkgs, - lib, - ... -}: +{ config, pkgs, lib, ... }: with lib; let cfg = config.aviallon.hardware.amd; devCfg = config.aviallon.developer; generalCfg = config.aviallon.general; -in -{ +in { config = mkIf (cfg.enable && cfg.kernelDriver == "radeon") { boot.initrd.kernelModules = [ "radeon" ]; @@ -18,13 +12,13 @@ in }; environment.systemPackages = with pkgs; [ - + ]; services.xserver.videoDrivers = [ "modesetting" ]; - environment.variables = { }; + environment.variables = {}; }; } diff --git a/hardware/amd/rocm.nix b/hardware/amd/rocm.nix index 56ce312..cc56b0f 100644 --- a/hardware/amd/rocm.nix +++ b/hardware/amd/rocm.nix @@ -1,9 +1,4 @@ -{ - config, - pkgs, - lib, - ... -}: +{ config, pkgs, lib, ... }: with lib; let cfg = config.aviallon.hardware.amd; @@ -27,31 +22,25 @@ let gxf1036 = "10.3.0"; }; - /* - autoDetectGPU = pkgs: pkgs.callPackage ( - { runCommandLocal, - gnugrep, - rocmPackages, - }: runCommandLocal "hsa-version" { nativeBuildInputs = [ gnugrep rocmPackages.rocminfo ]; } '' - set +e - mkdir -p $out/ - echo "Computing HSA version" &>/dev/stderr - ls -l /dev/kfd - rocminfo &>/dev/stderr - rocminfo | grep --only-matching --perl-regexp '^\s*Name:\s+\Kgfx[0-9a-f]+' | tee $out/output - '' - ) { }; - */ + /*autoDetectGPU = pkgs: pkgs.callPackage ( + { runCommandLocal, + gnugrep, + rocmPackages, + }: runCommandLocal "hsa-version" { nativeBuildInputs = [ gnugrep rocmPackages.rocminfo ]; } '' + set +e + mkdir -p $out/ + echo "Computing HSA version" &>/dev/stderr + ls -l /dev/kfd + rocminfo &>/dev/stderr + rocminfo | grep --only-matching --perl-regexp '^\s*Name:\s+\Kgfx[0-9a-f]+' | tee $out/output + '' + ) { };*/ - gfxToCompatible = - gfxISA: if (hasAttr gfxISA gfxToCompatibleMap) then (getAttr gfxISA gfxToCompatibleMap) else ""; -in -{ + gfxToCompatible = gfxISA: if (hasAttr gfxISA gfxToCompatibleMap) then (getAttr gfxISA gfxToCompatibleMap) else ""; +in { options.aviallon.hardware.amd.rocm = { - enable = (mkEnableOption "ROCm configuration") // { - default = true; - }; + enable = (mkEnableOption "ROCm configuration") // { default = true; }; gfxISA = mkOption { description = "What is the GFX ISA of your system. Leave blank if you have several GPUs of incompatible ISAs"; default = ""; @@ -60,55 +49,47 @@ in }; gpuTargets = mkOption { description = "Override supported GPU ISAs in some ROCm packages."; - default = [ - "803" - "900" - "906:xnack-" - "908:xnack-" - "90a:xnack+" - "90a:xnack-" - "940" - "941" - "942" - "1010" - "1012" - "1030" - "1031" - "1100" - "1101" - "1102" - ]; - example = [ - "900" - "1031" - ]; + default = [ "803" + "900" + "906:xnack-" + "908:xnack-" + "90a:xnack+" "90a:xnack-" + "940" + "941" + "942" + "1010" + "1012" + "1030" + "1031" + "1100" + "1101" + "1102" ]; + example = [ "900" "1031" ]; type = with types; nullOr (listOf str); }; }; - config = mkIf (cfg.enable && localCfg.enable) { - environment.systemPackages = - with pkgs; + config = mkIf (cfg.enable && localCfg.enable) { + environment.systemPackages = with pkgs; [ rocmPackages.rocm-smi #rocmPackages.meta.rocm-ml-libraries #rocmPackages.meta.rocm-hip-runtime #pkgs.autoDetectGPU - ] - ++ optionals devCfg.enable [ + ] ++ optionals devCfg.enable [ rocmPackages.rocminfo - ]; + ] + ; #systemd.tmpfiles.rules = [ # "L+ /opt/rocm/hip - - - - ${pkgs.rocmPackages.meta.rocm-hip-runtime}" - #"L+ /tmp/hsa-version - - - - ${pkgs.autoDetectGPU}" + #"L+ /tmp/hsa-version - - - - ${pkgs.autoDetectGPU}" #]; environment.variables = { - ROC_ENABLE_PRE_VEGA = "1"; # Enable OpenCL with Polaris GPUs - } - // (mkIf (gfxToCompatible cfg.rocm.gfxISA != "") { + ROC_ENABLE_PRE_VEGA = "1"; # Enable OpenCL with Polaris GPUs + } // (mkIf (gfxToCompatible cfg.rocm.gfxISA != "") { HSA_OVERRIDE_GFX_VERSION = gfxToCompatible cfg.rocm.gfxISA; }); @@ -120,19 +101,14 @@ in ]; nix.settings.substituters = [ "https://nixos-rocm.cachix.org" ]; - nix.settings.trusted-public-keys = [ - "nixos-rocm.cachix.org-1:VEpsf7pRIijjd8csKjFNBGzkBqOmw8H9PRmgAq14LnE=" - ]; + nix.settings.trusted-public-keys = [ "nixos-rocm.cachix.org-1:VEpsf7pRIijjd8csKjFNBGzkBqOmw8H9PRmgAq14LnE=" ]; nixpkgs.config.rocmSupport = true; - nixpkgs.overlays = mkIf (!isNull localCfg.gpuTargets) (mkBefore [ - (final: prev: { + nixpkgs.overlays = mkIf (! isNull localCfg.gpuTargets) (mkBefore [(final: prev: { #rocmPackages_5 = final.rocmPackages; rocmPackages = prev.rocmPackages // { - clr = prev.rocmPackages.clr.override { - localGpuTargets = lib.forEach localCfg.gpuTargets (target: "gfx${target}"); - }; + clr = prev.rocmPackages.clr.override { localGpuTargets = lib.forEach localCfg.gpuTargets (target: "gfx${target}"); }; rocdbgapi = prev.rocmPackages.rocdbgapi.override { buildDocs = false; }; # (oldAttrs: { # passthru = oldAttrs.passthru // { @@ -146,7 +122,6 @@ in # gpuTargets = lib.forEach localCfg.gpuTargets (target: "gfx${target}"); #}; }; - }) - ]); + })]); }; } diff --git a/hardware/default.nix b/hardware/default.nix index 5af2c59..bfa3d03 100644 --- a/hardware/default.nix +++ b/hardware/default.nix @@ -1,9 +1,4 @@ -{ - config, - pkgs, - lib, - ... -}: +{ config, pkgs, lib, ... }: with lib; let cfg = config.aviallon.hardware; @@ -11,7 +6,7 @@ let generalCfg = config.aviallon.general; in { - options.aviallon.hardware = { }; + options.aviallon.hardware = { }; imports = [ ./amd @@ -20,6 +15,6 @@ in ./mesa.nix ]; - config = { }; + config = {}; } diff --git a/hardware/intel/cpu.nix b/hardware/intel/cpu.nix index ecf4b2f..4467997 100644 --- a/hardware/intel/cpu.nix +++ b/hardware/intel/cpu.nix @@ -1,15 +1,9 @@ -{ - config, - pkgs, - lib, - ... -}: +{config, pkgs, lib, ...}: with lib; let generalCfg = config.aviallon.general; throttledService = "throttled"; -in -{ +in { config = mkIf (generalCfg.cpu.vendor == "intel") { aviallon.boot.cmdline = { "intel_pstate" = "passive"; diff --git a/hardware/intel/default.nix b/hardware/intel/default.nix index fea8739..de7ba0f 100644 --- a/hardware/intel/default.nix +++ b/hardware/intel/default.nix @@ -1,9 +1,4 @@ -{ - config, - pkgs, - lib, - ... -}: +{ config, pkgs, lib, ... }: with lib; let cfg = config.aviallon.hardware.intel; @@ -20,19 +15,17 @@ in imports = [ ./cpu.nix ]; - + config = mkIf cfg.enable { aviallon.programs.nvtop = { enable = true; backend = [ "intel" ]; }; - + boot.initrd.kernelModules = [ "i915" ]; hardware.graphics = { enable = true; - extraPackages = - with pkgs; - [ ] + extraPackages = with pkgs; [] ++ [ vaapiVdpau libvdpau-va-gl @@ -45,25 +38,24 @@ in ; }; - aviallon.boot.cmdline = - { } - // optionalAttrs generalCfg.unsafeOptimizations { - "i915.mitigations" = "off"; - "i915.enable_fbc" = 1; - } - // optionalAttrs laptopCfg.enable { - "i915.enable_fbc" = 1; - "i915.enable_dc" = 4; - } - // optionalAttrs (generalCfg.unsafeOptimizations && laptopCfg.enable) { - "i915.enable_psr" = 1; - } - // optionalAttrs devCfg.enable { - "i915.enable_gvt" = 1; - } - // { - "i915.fastboot" = 1; - }; + aviallon.boot.cmdline = {} + // optionalAttrs generalCfg.unsafeOptimizations { + "i915.mitigations" = "off"; + "i915.enable_fbc" = 1; + } + // optionalAttrs laptopCfg.enable { + "i915.enable_fbc" = 1; + "i915.enable_dc" = 4; + } + // optionalAttrs (generalCfg.unsafeOptimizations && laptopCfg.enable) { + "i915.enable_psr" = 1; + } + // optionalAttrs devCfg.enable { + "i915.enable_gvt" = 1; + } + // { + "i915.fastboot" = 1; + }; aviallon.hardware.mesa.enable = mkDefault true; }; } diff --git a/hardware/mesa.nix b/hardware/mesa.nix index 513555e..a2cba06 100644 --- a/hardware/mesa.nix +++ b/hardware/mesa.nix @@ -1,10 +1,4 @@ -{ - config, - pkgs, - lib, - options, - ... -}: +{ config, pkgs, lib, options, ... }: with lib; let cfg = config.aviallon.hardware.mesa; @@ -13,18 +7,13 @@ let optimizationsCfg = config.aviallon.optimizations; optimizePkg = optimizationsCfg.optimizePkg; packageWithDefaults = types.package // { - merge = - loc: defs: - let - res = mergeDefaultOption loc defs; - in - if builtins.isPath res || (builtins.isString res && !builtins.hasContext res) then - toDerivation res - else - res; + merge = loc: defs: + let res = mergeDefaultOption loc defs; + in if builtins.isPath res || (builtins.isString res && ! builtins.hasContext res) + then toDerivation res + else res; }; -in -{ +in { options.aviallon.hardware.mesa = { enable = mkOption { default = false; @@ -61,7 +50,7 @@ in type = packageWithDefaults; default = cfg.package; }; - + internal.package32 = mkOption { internal = true; type = packageWithDefaults; @@ -76,8 +65,10 @@ in aviallon.hardware.mesa.package32 = mkIf cfg.unstable pkgs.unstable.driversi686Linux.mesa; aviallon.hardware.mesa.internal = mkIf cfg.optimized { - package = mkDefault (optimizePkg { lto = false; } cfg.package); - package32 = mkDefault (optimizePkg { lto = false; } cfg.package32); + package = mkDefault ( + optimizePkg { lto = false; } cfg.package); + package32 = mkDefault ( + optimizePkg { lto = false; } cfg.package32); }; hardware.graphics = { diff --git a/hardware/nvidia/default.nix b/hardware/nvidia/default.nix index be647bb..8fdaa24 100644 --- a/hardware/nvidia/default.nix +++ b/hardware/nvidia/default.nix @@ -1,22 +1,13 @@ -{ - config, - pkgs, - lib, - ... -}: +{config, pkgs, lib, ...}: with lib; let cfg = config.aviallon.hardware.nvidia; -in -{ +in { imports = [ ./proprietary.nix ./opensource.nix - (mkRenamedOptionModule - [ "aviallon" "hardware" "nvidia" "saveAllVram" ] - [ "aviallon" "hardware" "nvidia" "proprietary" "saveAllVram" ] - ) + ( mkRenamedOptionModule [ "aviallon" "hardware" "nvidia" "saveAllVram" ] [ "aviallon" "hardware" "nvidia" "proprietary" "saveAllVram" ] ) ]; options.aviallon.hardware.nvidia = { @@ -25,13 +16,7 @@ in default = (cfg.variant == "proprietary"); }; variant = mkOption { - type = - with types; - enum [ - "proprietary" - "open" - "nouveau" - ]; + type = with types; enum [ "proprietary" "open" "nouveau" ]; description = "What driver variant to use"; default = "proprietary"; example = "nouveau"; @@ -43,7 +28,7 @@ in enable = true; }; - aviallon.hardware.nvidia.useProprietary = mkForce (cfg.variant == "proprietary"); + aviallon.hardware.nvidia.useProprietary = mkForce ( cfg.variant == "proprietary" ); }; } diff --git a/hardware/nvidia/opensource.nix b/hardware/nvidia/opensource.nix index 44bdef8..cb07c04 100644 --- a/hardware/nvidia/opensource.nix +++ b/hardware/nvidia/opensource.nix @@ -1,33 +1,17 @@ -{ - config, - pkgs, - lib, - ... -}: +{ config, pkgs, lib, ... }: with lib; let cfg = config.aviallon.hardware.nvidia; -in -{ +in { options.aviallon.hardware.nvidia.nouveau = { config = mkOption { description = "nouveau boot config"; - type = - with types; - attrsOf ( - nullOr (oneOf [ - int - str - bool - ]) - ); - example = { - NvBoost = 1; - }; - default = { }; + type = with types; attrsOf (nullOr (oneOf [ int str bool ])); + example = { NvBoost = 1; }; + default = {}; }; }; - + config = mkIf (cfg.enable && cfg.variant == "nouveau") { boot.initrd.kernelModules = [ "nouveau" ]; @@ -35,14 +19,15 @@ in "nouveau.pstate" = 1; "nouveau.runpm" = 1; "nouveau.modeset" = 1; - "nouveau.config" = - let - toValue = v: if isBool v then toString (if v then 1 else 0) else toString v; - filteredConfig = filterAttrs (n: v: !isNull v) cfg.nouveau.config; - configList = mapAttrsToList (n: v: "${n}=${toValue v}") filteredConfig; - configString = concatStringsSep "," configList; - in - trace "Nouveau config: ${configString}" configString; + "nouveau.config" = let + toValue = v: + if isBool v + then toString (if v then 1 else 0) + else toString v; + filteredConfig = filterAttrs (n: v: ! isNull v) cfg.nouveau.config; + configList = mapAttrsToList (n: v: "${n}=${toValue v}") filteredConfig; + configString = concatStringsSep "," configList; + in trace "Nouveau config: ${configString}" configString; }; aviallon.hardware.mesa.enable = mkDefault true; diff --git a/hardware/nvidia/proprietary.nix b/hardware/nvidia/proprietary.nix index 2943deb..62d79b1 100644 --- a/hardware/nvidia/proprietary.nix +++ b/hardware/nvidia/proprietary.nix @@ -1,11 +1,4 @@ -{ - config, - pkgs, - lib, - options, - nixpkgs-unstable, - ... -}: +{ config, pkgs, lib, options, nixpkgs-unstable, ... }: with lib; let cfg = config.aviallon.hardware.nvidia; @@ -16,14 +9,9 @@ let exec ${options.programs.xwayland.package.default}/bin/xwayland -eglstream "$@" ''; - nvidiaUnstable = config.boot.kernelPackages.callPackage ( - nixpkgs-unstable + /pkgs/os-specific/linux/nvidia-x11/default.nix - ) { }; - cudaUnstable = - pkgs: cudaVersion: - pkgs.callPackages (nixpkgs-unstable + /pkgs/top-level/cuda-packages.nix) { inherit cudaVersion; }; -in -{ + nvidiaUnstable = config.boot.kernelPackages.callPackage (nixpkgs-unstable + /pkgs/os-specific/linux/nvidia-x11/default.nix) {}; + cudaUnstable = pkgs: cudaVersion: pkgs.callPackages (nixpkgs-unstable + /pkgs/top-level/cuda-packages.nix) { inherit cudaVersion; }; +in { options = { aviallon.hardware.nvidia.proprietary = { gsync = mkEnableOption "Screen is GSYNC monitor"; @@ -51,12 +39,7 @@ in saveAllVram = mkEnableOption "back up all VRAM in /var/tmp before going to sleep. May reduce artifacts after resuming"; version = mkOption { description = "What Nvidia version variant to use"; - type = types.enum [ - "production" - "stable" - "beta" - "unstable_beta" - ]; + type = types.enum [ "production" "stable" "beta" "unstable_beta" ]; default = if generalCfg.unsafeOptimizations then "beta" else "stable"; example = "unstable_beta"; }; @@ -66,21 +49,16 @@ in # Very useful resource. # https://forums.developer.nvidia.com/t/power-mizer-difference-between-powermizerdefault-and-powermizerlevel/46884/3 example = [ "PerfLevelSrc=0x2222" ]; - default = [ - "PowerMizerEnable=0x1" - "OverrideMaxPerf=0x1" - "PowerMizerDefault=0x3" - "PowerMizerDefaultAC=0x3" - ]; + default = [ "PowerMizerEnable=0x1" "OverrideMaxPerf=0x1" "PowerMizerDefault=0x3" "PowerMizerDefaultAC=0x3" ]; type = with types; listOf str; }; }; }; - + config = mkIf (cfg.enable && cfg.variant == "proprietary") { - assertions = [ ]; - + assertions = []; + boot.initrd.kernelModules = [ "nvidia" "nvidia_drm" @@ -93,15 +71,13 @@ in ]; services.xserver.screenSection = '' - Option "Coolbits" "${toString cfg.proprietary.coolbits}" - Option "InbandStereoSignaling" "true" + Option "Coolbits" "${toString cfg.proprietary.coolbits}" + Option "InbandStereoSignaling" "true" ''; services.xserver.exportConfiguration = true; - services.xserver.displayManager.sddm.wayland.enable = mkIf ( - !config.aviallon.hardware.intel.enable - ) (mkDefault false); # Frequent issues with Nvidia GPUs + services.xserver.displayManager.sddm.wayland.enable = mkIf (!config.aviallon.hardware.intel.enable) (mkDefault false); # Frequent issues with Nvidia GPUs # Fix hybrid sleep with Nvidia GPU systemd.services.nvidia-suspend = { @@ -109,19 +85,18 @@ in before = [ "systemd-hybrid-sleep.service" ]; }; hardware.nvidia = { - powerManagement = - mkIf (config.hardware.nvidia.prime.offload.enable || cfg.proprietary.saveAllVram) - { - enable = true; - finegrained = mkIf config.hardware.nvidia.prime.offload.enable true; - }; + powerManagement = mkIf (config.hardware.nvidia.prime.offload.enable || cfg.proprietary.saveAllVram) { + enable = true; + finegrained = mkIf config.hardware.nvidia.prime.offload.enable true; + }; modesetting.enable = true; nvidiaSettings = true; package = if cfg.proprietary.version == "unstable_beta" then nvidiaUnstable.beta # Use bleeding edge version else - config.boot.kernelPackages.nvidiaPackages.${cfg.proprietary.version}; + config.boot.kernelPackages.nvidiaPackages.${cfg.proprietary.version} + ; }; aviallon.hardware.nvidia.proprietary.EGLStream = mkDefault ( @@ -133,8 +108,7 @@ in boot.extraModprobeConfig = '' options nvidia NVreg_RegistryDwords="${concatStringsSep ";" cfg.proprietary.registryDwords}" ''; - aviallon.boot.cmdline = - { } + aviallon.boot.cmdline = {} // { "nvidia-drm.modeset" = 1; "nvidia-drm.fbdev" = 1; @@ -146,13 +120,14 @@ in "nvidia.NVreg_DynamicPowerManagement" = "0x02"; "nvidia.NVreg_EnableS0ixPowerManagement" = 1; "nvidia.NVreg_TemporaryFilePath" = "/var/tmp"; - }; + } + ; programs.xwayland.package = mkIf cfg.proprietary.EGLStream xwaylandEGLStream; aviallon.programs.allowUnfreeList = [ "nvidia-x11" "nvidia-settings" - + "cudatoolkit" "cuda_cccl" "libnpp" @@ -182,13 +157,14 @@ in "__GL_YIELD" = "USLEEP"; # use usleep(0) instead of sched_yield() -> better performance in most cases "__GL_ALLOW_UNOFFICIAL_PROTOCOL" = "1"; # allow unofficial GLX protocol if also set in Xorg conf "__GL_VRR_ALLOWED" = "1"; # Try to enable G-SYNC VRR if screen AND app is compatible - "__GL_SYNC_TO_VBLANK" = mkIf (!cfg.proprietary.vsync) (toValue cfg.proprietary.vsync); + "__GL_SYNC_TO_VBLANK" = mkIf (!cfg.proprietary.vsync) (toValue cfg.proprietary.vsync); # Causes Kwin to fail # https://github.com/ValveSoftware/gamescope/issues/526#issuecomment-1733739097 # "__GL_THREADED_OPTIMIZATIONS" = toValue generalCfg.unsafeOptimizations; "KWIN_DRM_USE_EGL_STREAMS" = toValue cfg.proprietary.EGLStream; # Make KWin use EGL Streams if needed, because otherwise performance will be horrible. + # Undocumented, fix for EGL not being found by Nvidia driver: https://github.com/NVIDIA/egl-wayland/issues/39#issuecomment-927288015 __EGL_EXTERNAL_PLATFORM_CONFIG_DIRS = "/run/opengl-driver/share/egl/egl_external_platform.d"; @@ -200,19 +176,15 @@ in }; nix.settings.substituters = [ "https://cuda-maintainers.cachix.org" ]; - nix.settings.trusted-public-keys = [ - "cuda-maintainers.cachix.org-1:0dq3bujKpuEPMCX6U4WylrUDZ9JyUG0VpVZa7CNfq5E=" - ]; + nix.settings.trusted-public-keys = [ "cuda-maintainers.cachix.org-1:0dq3bujKpuEPMCX6U4WylrUDZ9JyUG0VpVZa7CNfq5E=" ]; - nixpkgs.overlays = - [ ] - ++ optional (cfg.proprietary.version == "unstable_beta") ( - final: prev: { - cudaPackages_11 = final.unstable.cudaPackages_11; - cudaPackages_12 = final.unstable.cudaPackages_12; - cudaPackages = final.unstable.cudaPackages; + nixpkgs.overlays = [] + ++ optional (cfg.proprietary.version == "unstable_beta") (final: prev: { + cudaPackages_11 = final.unstable.cudaPackages_11; + cudaPackages_12 = final.unstable.cudaPackages_12; + cudaPackages = final.unstable.cudaPackages; - } - ); + }) + ; }; } diff --git a/laptop.nix b/laptop.nix index 3daba9f..abce30e 100644 --- a/laptop.nix +++ b/laptop.nix @@ -1,14 +1,8 @@ -{ - config, - pkgs, - lib, - ... -}: +{ config, pkgs, lib, ... }: with lib; let cfg = config.aviallon.laptop; -in -{ +in { options.aviallon.laptop = { enable = mkOption { default = false; @@ -20,11 +14,7 @@ in default = "tlp"; example = "power-profiles-daemon"; description = "Change service used to manage power consumption on laptop"; - type = types.enum [ - "tlp" - "power-profiles-daemon" - false - ]; + type = types.enum [ "tlp" "power-profiles-daemon" false ]; }; tweaks = { pcieAspmForce = mkEnableOption "hardcore tweaks to power consumption. Warning: Might be dangerous to use."; @@ -65,40 +55,37 @@ in }; }; - systemd.services.aspm-force-enable = - let - aspm_enable = pkgs.callPackage ./packages/aspm_enable { }; - in - { - serviceConfig = { - ExecStart = [ - "${aspm_enable}/bin/aspm_enable" - ]; - Type = "simple"; - }; - wantedBy = [ "multi-user.target" ]; - description = "Force-enable PCIe ASPM"; - enable = cfg.tweaks.pcieAspmForce; + + systemd.services.aspm-force-enable = let + aspm_enable = pkgs.callPackage ./packages/aspm_enable { }; + in { + serviceConfig = { + ExecStart = [ + "${aspm_enable}/bin/aspm_enable" + ]; + Type = "simple"; }; + wantedBy = [ "multi-user.target" ]; + description = "Force-enable PCIe ASPM"; + enable = cfg.tweaks.pcieAspmForce; + }; services.tlp.enable = (cfg.power-manager == "tlp"); services.power-profiles-daemon.enable = (cfg.power-manager == "power-profiles-daemon"); powerManagement.powertop.enable = mkDefault true; systemd.services.powertop = mkIf config.powerManagement.powertop.enable { - serviceConfig.ExecStart = - let - script = pkgs.writeShellScriptBin "powertop-auto-tune" '' - ${pkgs.powertop}/bin/powertop --auto-tune + serviceConfig.ExecStart = let + script = pkgs.writeShellScriptBin "powertop-auto-tune" '' + ${pkgs.powertop}/bin/powertop --auto-tune - # Disable power-saving for HID devices (i.e., keyboard and mouse, as it is makes them frustrating to use) - HIDDEVICES=$(ls /sys/bus/usb/drivers/usbhid | grep -oE '^[0-9]+-[0-9\.]+' | sort -u) - for i in $HIDDEVICES; do - echo -n "Enabling " | cat - /sys/bus/usb/devices/$i/product - echo 'on' > /sys/bus/usb/devices/$i/power/control - done - ''; - in - mkOverride 10 "${script}/bin/powertop-auto-tune"; + # Disable power-saving for HID devices (i.e., keyboard and mouse, as it is makes them frustrating to use) + HIDDEVICES=$(ls /sys/bus/usb/drivers/usbhid | grep -oE '^[0-9]+-[0-9\.]+' | sort -u) + for i in $HIDDEVICES; do + echo -n "Enabling " | cat - /sys/bus/usb/devices/$i/product + echo 'on' > /sys/bus/usb/devices/$i/power/control + done + ''; + in mkOverride 10 "${script}/bin/powertop-auto-tune"; }; }; } diff --git a/lib/attrsets.nix b/lib/attrsets.nix index 575c387..c46e853 100644 --- a/lib/attrsets.nix +++ b/lib/attrsets.nix @@ -1,25 +1,17 @@ -{ lib, myLib, ... }: +{lib, myLib, ...}: with lib; rec { - mergeAttrsRecursive = - a: b: - foldAttrs - ( - item: acc: - if (isNull acc) then - item - else if (isList item) then - if isList acc then acc ++ item else [ acc ] ++ item - else if (isString item) then - acc + item - else if (isAttrs item) then - mergeAttrsRecursive acc item - else - item - ) - null - [ - b - a - ]; + mergeAttrsRecursive = a: b: foldAttrs (item: acc: + if (isNull acc) then + item + else if (isList item) then + if isList acc then + acc ++ item + else [ acc ] ++ item + else if (isString item) then + acc + item + else if (isAttrs item) then + mergeAttrsRecursive acc item + else item + ) null [ b a ]; } diff --git a/lib/config.nix b/lib/config.nix index 8c1c174..83eacf2 100644 --- a/lib/config.nix +++ b/lib/config.nix @@ -1,28 +1,22 @@ -{ lib, myLib }: +{lib, myLib}: with lib; let - mkListToString = - { - sep ? " ", - }: - list: concatStringsSep sep (forEach list (v: toString v)); -in -rec { + mkListToString = { sep ? " " }: list: concatStringsSep sep ( + forEach list (v: toString v) + ); +in rec { mkValueString = let - gen = generators.mkValueStringDefault { }; - listToString = mkListToString { }; - in - v: if isList v then listToString v else gen v; - - mkKeyValue = - { sep }: - with generators; - toKeyValue { - mkKeyValue = mkKeyValueDefault { - mkValueString = mkValueString; - } sep; - }; + gen = generators.mkValueStringDefault {}; + listToString = mkListToString {}; + in v: if isList v then listToString v + else gen v; + + mkKeyValue = { sep }: with generators; toKeyValue { + mkKeyValue = mkKeyValueDefault { + mkValueString = mkValueString; + } sep; + }; toSystemd = mkKeyValue { sep = "="; diff --git a/lib/debug.nix b/lib/debug.nix index b9f4257..1145ada 100644 --- a/lib/debug.nix +++ b/lib/debug.nix @@ -1,37 +1,22 @@ { lib, myLib }: with lib; rec { - toPretty = - depth: x: + toPretty = depth: x: # Stolen from: https://github.com/teto/nixpkgs/blob/6f098631f6f06b93c17f49abdf677790e017778d/lib/debug.nix#L109C5-L117C30 let - snip = - v: - if isList v then - noQuotes "[…]" v - else if isAttrs v then - noQuotes "{…}" v - else - v; - noQuotes = str: v: { - __pretty = const str; - val = v; - }; - modify = - n: fn: v: - if (n == 0) then - fn v - else if isList v then - map (modify (n - 1) fn) v - else if isAttrs v then - mapAttrs (const (modify (n - 1) fn)) v - else - v; - in - lib.generators.toPretty { allowPrettyValues = true; } (modify depth snip x); - - traceValWithPrefix = - prefix: value: + snip = v: if isList v then noQuotes "[…]" v + else if isAttrs v then noQuotes "{…}" v + else v; + noQuotes = str: v: { __pretty = const str; val = v; }; + modify = n: fn: v: if (n == 0) then fn v + else if isList v then map (modify (n - 1) fn) v + else if isAttrs v then mapAttrs + (const (modify (n - 1) fn)) v + else v; + in lib.generators.toPretty { allowPrettyValues = true; } (modify depth snip x); + + traceValWithPrefix = prefix: value: #trace "traceValWithPrefix 'prefix': ${prefix}" value - trace "${prefix}: ${toPretty 2 value}" value; + trace "${prefix}: ${toPretty 2 value}" value + ; } diff --git a/lib/default.nix b/lib/default.nix index 5882ee7..b6525f1 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -1,27 +1,17 @@ -{ - lib ? import < nixpkgs/lib, - ... -}: +{ lib ? import = 2) then mylog (x / 2) (y + 1) else y; - in - x: mylog x 0; + log2 = let + mylog = x: y: if (x >= 2) then mylog (x / 2) (y + 1) else y; + in x: mylog x 0; - clamp = - min_x: max_x: x: - lib.min (lib.max x min_x) max_x; + clamp = min_x: max_x: x: lib.min ( lib.max x min_x ) max_x; } + diff --git a/lib/optimizations.nix b/lib/optimizations.nix index fad3873..88e74a0 100644 --- a/lib/optimizations.nix +++ b/lib/optimizations.nix @@ -33,20 +33,15 @@ let "-Wl,-sort-common" "-Wl,--gc-sections" ]; - ltoFlags = - { - threads ? 1, - thin ? false, - }: - [ - # Fat LTO objects are object files that contain both the intermediate language and the object code. This makes them usable for both LTO linking and normal linking. - "-flto=${toString threads}" # Use -flto=auto to use GNU make’s job server, if available, or otherwise fall back to autodetection of the number of CPU threads present in your system. - (optionalString (!thin) "-ffat-lto-objects") - "-fuse-linker-plugin" + ltoFlags = { threads ? 1, thin ? false }: [ + # Fat LTO objects are object files that contain both the intermediate language and the object code. This makes them usable for both LTO linking and normal linking. + "-flto=${toString threads}" # Use -flto=auto to use GNU make’s job server, if available, or otherwise fall back to autodetection of the number of CPU threads present in your system. + (optionalString (!thin) "-ffat-lto-objects") + "-fuse-linker-plugin" - # Stream extra information needed for aggressive devirtualization when running the link-time optimizer in local transformation mode. - "-fdevirtualize-at-ltrans" - ]; + # Stream extra information needed for aggressive devirtualization when running the link-time optimizer in local transformation mode. + "-fdevirtualize-at-ltrans" + ]; expensiveOptimizationFlags = [ "-O3" # Perform interprocedural pointer analysis and interprocedural modification and reference analysis. This option can cause excessive memory and compile-time usage on large compilation units. @@ -109,62 +104,66 @@ let "-floop-nest-optimize" # "Calculates a loop structure optimized for data-locality and parallelism." ]; - archToX86Level = - arch: + archToX86Level = arch: let - _map = - { } + _map = { } // genAttrs [ - "nehalem" - "westmere" - "sandybridge" - "ivybridge" - "silvermont" - "goldmont" - "goldmont-plus" - "tremont" - "lujiazui" - "btver2" # Jaguar - "bdver1" # Bulldozer and Piledriver (AMD FX family) - "bdver2" # Piledriver - "bdver3" # Steamroller - "x86-64-v2" - ] (name: 2) + "nehalem" + "westmere" + "sandybridge" + "ivybridge" + "silvermont" + "goldmont" + "goldmont-plus" + "tremont" + "lujiazui" + "btver2" # Jaguar + "bdver1" # Bulldozer and Piledriver (AMD FX family) + "bdver2" # Piledriver + "bdver3" # Steamroller + "x86-64-v2" + ] + (name: 2) // genAttrs [ - "haswell" - "broadwell" - "skylake" - "alderlake" - "bdver4" # Excavator - "znver1" - "znver2" - "znver3" - "x86-64-v3" - ] (name: 3) + "haswell" + "broadwell" + "skylake" + "alderlake" + "bdver4" # Excavator + "znver1" + "znver2" + "znver3" + "x86-64-v3" + ] + (name: 3) // genAttrs [ - "knl" - "knm" - "skylake-avx512" - "cannonlake" - "icelake-client" - "icelake-server" - "cascadelake" - "cooperlake" - "tigerlake" - "sapphirerapids" - "rocketlake" - "znver4" - "x86-64-v4" - ] (name: 4); + "knl" + "knm" + "skylake-avx512" + "cannonlake" + "icelake-client" + "icelake-server" + "cascadelake" + "cooperlake" + "tigerlake" + "sapphirerapids" + "rocketlake" + "znver4" + "x86-64-v4" + ] + (name: 4) + ; in - if (hasAttr arch _map) then _map.${arch} else 1; + if (hasAttr arch _map) then _map.${arch} else 1 + ; - getARMLevel = - arch: if (!isNull arch) then toInt (elemAt (builtins.match "armv([0-9]).+") 0) else null; + getARMLevel = arch: + if (! isNull arch) then + toInt (elemAt (builtins.match "armv([0-9]).+") 0) + else null; # https://go.dev/doc/install/source#environment - getGOARM = - armLevel: if (isNull armLevel) || (armLevel < 5) || (armLevel > 7) then null else armLevel; + getGOARM = armLevel: if (isNull armLevel) || (armLevel < 5) || (armLevel > 7) then null else armLevel; workarounds = { # https://www.intel.com/content/dam/support/us/en/documents/processors/mitigations-jump-conditional-code-erratum.pdf @@ -178,8 +177,7 @@ let }; }; - addMarchSpecific = - march: + addMarchSpecific = march: let _map = { skylake = workarounds.intel-jump-conditional-code; @@ -190,22 +188,16 @@ let in attrByPath [ march ] { } _map; - cacheTuning = - { - compiler, - l1d ? null, - l1i ? null, - l1Line ? null, - lastLevel ? null, - }: - if compiler == "gcc" then - [ ] - ++ optional (!isNull l1d) "--param l1-cache-size=${toString l1d}" - ++ optional (!isNull l1Line) "--param l1-cache-line-size=${toString l1Line}" - ++ optional (!isNull lastLevel) "--param l2-cache-size=${toString lastLevel}" + + cacheTuning = { compiler, l1d ? null, l1i ? null, l1Line ? null, lastLevel ? null }: + if compiler == "gcc" then [ ] + ++ optional (! isNull l1d) "--param l1-cache-size=${toString l1d}" + ++ optional (! isNull l1Line) "--param l1-cache-line-size=${toString l1Line}" + ++ optional (! isNull lastLevel) "--param l2-cache-size=${toString lastLevel}" else [ ]; + in rec { @@ -217,63 +209,51 @@ rec { "very-unsafe" = 5; }; - addAttrs = - pkg: attrs: - pkg.overrideAttrs ( - old: - (myLib.attrsets.mergeAttrsRecursive old attrs) - // { - passthru = (pkg.passthru or { }) // (attrs.passtru or { }); - } - ); + addAttrs = pkg: attrs: pkg.overrideAttrs (old: + (myLib.attrsets.mergeAttrsRecursive old attrs) // { + passthru = (pkg.passthru or {}) // (attrs.passtru or {}); + } + ); - optimizePkg = - pkg: - { - level ? "normal", - recursive ? 0, - optimizeFlags ? (guessOptimizationFlags pkg), - blacklist ? [ ], - ltoBlacklist ? [ ], - overrideMap ? { }, - stdenv ? null, - lto ? false, - attributes ? null, - _depth ? 0, - ... - }@attrs: + optimizePkg = pkg: { level ? "normal" + , recursive ? 0 + , optimizeFlags ? (guessOptimizationFlags pkg) + , blacklist ? [ ] + , ltoBlacklist ? [ ] + , overrideMap ? { } + , stdenv ? null + , lto ? false + , attributes ? null + , _depth ? 0 + , ... + }@attrs: if _depth > recursive then pkg # Max depth reached, return un-modified pkg else if isNull pkg then pkg # Pkg is null, ignore - else if !isDerivation pkg then + else if ! isDerivation pkg then pkg # Pkg is not a derivation, nothing to override/optimize else if (hasAttr "overrideAttrs" pkg) then let _pkgStdenvCC = attrByPath [ "stdenv" "cc" ] null pkg; _ltoBlacklisted = any (p: p == getName pkg) ltoBlacklist; - _lto = if (lto && _ltoBlacklisted) then warn "LTO-blacklisted '${getName pkg}'" false else lto; + _lto = + if (lto && _ltoBlacklisted) then warn "LTO-blacklisted '${getName pkg}'" false + else lto; _stdenvCC = if isNull stdenv then _pkgStdenvCC else stdenv.cc; - optimizedAttrs = optimizeFlags ( - attrs - // { - inherit level; - compiler = - if isNull _pkgStdenvCC then - null - else if pkg.stdenv.cc.isGNU then - "gcc" - else if pkg.stdenv.cc.isClang then - "clang" - else - throw "Unknown compiler '${getName pkg.stdenv.cc}'" null; - lto = _lto; - stdenvCC = _stdenvCC; - } - ); - _nativeBuildInputs = filter (p: !isNull p) (pkg.nativeBuildInputs or [ ]); - _nativeBuildInputsOverriden = forEach _nativeBuildInputs ( - _pkg: + optimizedAttrs = optimizeFlags (attrs // { + inherit level; + compiler = + if isNull _pkgStdenvCC then null + else if pkg.stdenv.cc.isGNU then "gcc" + else if pkg.stdenv.cc.isClang then "clang" + else throw "Unknown compiler '${getName pkg.stdenv.cc}'" null + ; + lto = _lto; + stdenvCC = _stdenvCC; + }); + _nativeBuildInputs = filter (p: ! isNull p) (pkg.nativeBuildInputs or [ ]); + _nativeBuildInputsOverriden = forEach _nativeBuildInputs (_pkg: let _pkgName = myGetName _pkg; hasOverride = any (n: n == _pkgName) (attrNames overrideMap); @@ -285,224 +265,201 @@ rec { _pkg ); - _buildInputs = filter (p: (!isNull p) && (isDerivation p)) (pkg.buildInputs or [ ]); - _buildInputsOverriden = forEach _buildInputs ( - _pkg: + _buildInputs = filter (p: (! isNull p) && (isDerivation p)) (pkg.buildInputs or [ ]); + _buildInputsOverriden = forEach _buildInputs (_pkg: if (any (n: n == myGetName _pkg) blacklist) then warn "Skipping blacklisted '${myGetName _pkg}'" _pkg else - optimizePkg _pkg ( - attrs - // { - inherit - level - recursive - blacklist - optimizeFlags - stdenv - ; - parallelize = null; - _depth = _depth + 1; - } - ) + optimizePkg _pkg (attrs // { + inherit level recursive blacklist optimizeFlags stdenv; + parallelize = null; + _depth = _depth + 1; + }) ); _pkgStdenvOverridable = attrByPath [ "override" "__functionArgs" "stdenv" ] null pkg; _pkgWithStdenv = - if (isNull _pkgStdenvOverridable) || (isNull stdenv) then - pkg - else - warn "Replacing stdenv for '${myGetName pkg}'" (pkg.override { inherit stdenv; }); + if (isNull _pkgStdenvOverridable) || (isNull stdenv) + then pkg + else warn "Replacing stdenv for '${myGetName pkg}'" (pkg.override { inherit stdenv; }); - _pkg = _pkgWithStdenv.overrideAttrs ( - old: + _pkg = _pkgWithStdenv.overrideAttrs (old: { buildInputs = _buildInputsOverriden; nativeBuildInputs = _nativeBuildInputsOverriden; } - // optionalAttrs (!isNull _stdenvCC && _stdenvCC.isGNU) ({ + // optionalAttrs (! isNull _stdenvCC && _stdenvCC.isGNU) ({ AR = "${_stdenvCC.cc}/bin/gcc-ar"; RANLIB = "${_stdenvCC.cc}/bin/gcc-ranlib"; NM = "${_stdenvCC.cc}/bin/gcc-nm"; }) # Fix issue when CFLAGS is a string // optionalAttrs (hasAttr "CFLAGS" old) { - CFLAGS = if (!isList old.CFLAGS) then [ old.CFLAGS ] else old.CFLAGS; + CFLAGS = if (! isList old.CFLAGS) then [ old.CFLAGS ] else old.CFLAGS; } ); _pkgOptimized = addAttrs _pkg optimizedAttrs; _pkgFinal = - if isAttrs attributes then addAttrs _pkgOptimized (traceVal attributes) else _pkgOptimized; + if isAttrs attributes then + addAttrs _pkgOptimized (traceVal attributes) + else + _pkgOptimized + ; in trace "Optimized ${myGetName pkg} with overrideAttrs at level '${level}' (depth: ${toString _depth}, lto: ${if lto then "true" else "false"})" _pkgFinal else if (hasAttr "name" pkg) then warn "Can't optimize ${myGetName pkg} (depth: ${toString _depth})" pkg else - throw "Not a pkg: ${builtins.toJSON pkg} (depth: ${toString _depth})" pkg; + throw "Not a pkg: ${builtins.toJSON pkg} (depth: ${toString _depth})" pkg + ; - myGetName = pkg: if isDerivation pkg then getName pkg else null; + myGetName = pkg: + if isDerivation pkg + then getName pkg + else null; #else warn "getName input is not a derivation: '${toString pkg}'" null; - guessOptimizationFlags = - pkg: - { ... }@attrs: - makeOptimizationFlags ( - { - rust = any (p: (myGetName p) == "rustc") pkg.nativeBuildInputs; - cmake = any (p: (myGetName p) == "cmake") pkg.nativeBuildInputs; - go = any (p: (myGetName p) == "go") pkg.nativeBuildInputs; - ninja = any (p: (myGetName p) == "ninja") pkg.nativeBuildInputs; - autotools = any (p: (myGetName p) == "autoreconf-hook") pkg.nativeBuildInputs; - } - // attrs - ); + guessOptimizationFlags = pkg: { ... }@attrs: makeOptimizationFlags ({ + rust = any (p: (myGetName p) == "rustc") pkg.nativeBuildInputs; + cmake = any (p: (myGetName p) == "cmake") pkg.nativeBuildInputs; + go = any (p: (myGetName p) == "go") pkg.nativeBuildInputs; + ninja = any (p: (myGetName p) == "ninja") pkg.nativeBuildInputs; + autotools = any (p: (myGetName p) == "autoreconf-hook") pkg.nativeBuildInputs; + } // attrs); makeOptimizationFlags = - { - level ? "normal", - extraCFlags ? null, - lto ? false, - parallelize ? null, - cpuArch ? null, - cpuTune ? null, - ISA ? "amd64", - armLevel ? (getARMLevel cpuArch), - x86Level ? (archToX86Level cpuArch), - check ? false, - compiler ? "gcc", - stdenvCC ? null, - cpuCores ? 4, - go ? false, - rust ? false, - cmake ? false, - ninja ? false, - autotools ? false, - l1LineCache ? null, - l1iCache ? null, - l1dCache ? null, - lastLevelCache ? null, - ... + { level ? "normal" + , extraCFlags ? null + , lto ? false + , parallelize ? null + , cpuArch ? null + , cpuTune ? null + , ISA ? "amd64" + , armLevel ? (getARMLevel cpuArch) + , x86Level ? (archToX86Level cpuArch) + , check ? false + , compiler ? "gcc" + , stdenvCC ? null + , cpuCores ? 4 + , go ? false + , rust ? false + , cmake ? false + , ninja ? false + , autotools ? false + , l1LineCache ? null + , l1iCache ? null + , l1dCache ? null + , lastLevelCache ? null + , ... }: let levelN = levelNames.${level}; march = - if (!isNull cpuArch) then - cpuArch - else if (!isNull cpuTune) then - cpuTune - else - "generic"; + if (! isNull cpuArch) then cpuArch + else if (! isNull cpuTune) then cpuTune + else "generic"; uarchTune = - if (!isNull cpuTune) then - cpuTune - else if (!isNull cpuArch) then - cpuArch - else - "generic"; - in - myLib.debug.traceValWithPrefix "optimizations" ( - foldl' myLib.attrsets.mergeAttrsRecursive { } [ - (rec { - CFLAGS = unique ( - [ ] - ++ requiredFlags - ++ optionals (compiler == "clang") clangSpecificFlags - ++ optionals (levelN >= 1) genericCompileFlags - ++ optionals (levelN >= 2) expensiveOptimizationFlags - ++ optionals (levelN >= 3) moderatelyUnsafeOptimizationFlags - ++ optionals (levelN >= 4) unsafeOptimizationFlags - ++ optionals (levelN >= 5) veryUnsafeOptimizationFlags - ++ optionals lto (ltoFlags { - threads = myLib.math.log2 cpuCores; - }) - ++ optionals (!isNull parallelize) (automaticallyParallelizeFlags parallelize) - ++ optionals (!isNull extraCFlags) extraCFlags - ++ optionals (!isNull cpuArch) [ "-march=${cpuArch}" ] - ++ optionals (!isNull cpuTune) [ "-mtune=${uarchTune}" ] - ++ cacheTuning { - inherit compiler; - l1Line = l1LineCache; - l1i = l1iCache; - l1d = l1dCache; - lastLevel = lastLevelCache; - } - ); - CXXFLAGS = CFLAGS; - CPPFLAGS = [ ] ++ optionals (levelN >= 1) genericPreprocessorFlags; - LDFLAGS = [ ] ++ optionals (levelN >= 3) genericLinkerFlags; + if (! isNull cpuTune) then cpuTune + else if (! isNull cpuArch) then cpuArch + else "generic"; + in myLib.debug.traceValWithPrefix "optimizations" (foldl' myLib.attrsets.mergeAttrsRecursive {} [ + (rec { + CFLAGS = unique + ([ ] + ++ requiredFlags + ++ optionals (compiler == "clang") clangSpecificFlags + ++ optionals (levelN >= 1) genericCompileFlags + ++ optionals (levelN >= 2) expensiveOptimizationFlags + ++ optionals (levelN >= 3) moderatelyUnsafeOptimizationFlags + ++ optionals (levelN >= 4) unsafeOptimizationFlags + ++ optionals (levelN >= 5) veryUnsafeOptimizationFlags + ++ optionals lto (ltoFlags { threads = myLib.math.log2 cpuCores; }) + ++ optionals (! isNull parallelize) (automaticallyParallelizeFlags parallelize) + ++ optionals (! isNull extraCFlags) extraCFlags + ++ optionals (! isNull cpuArch) [ "-march=${cpuArch}" ] + ++ optionals (! isNull cpuTune) [ "-mtune=${uarchTune}" ] + ++ cacheTuning { + inherit compiler; + l1Line = l1LineCache; + l1i = l1iCache; + l1d = l1dCache; + lastLevel = lastLevelCache; + }); + CXXFLAGS = CFLAGS; + CPPFLAGS = [] + ++ optionals (levelN >= 1) genericPreprocessorFlags; + LDFLAGS = [] + ++ optionals (levelN >= 3) genericLinkerFlags; - preConfigure = '' + preConfigure = '' + + _maxLoad=$(($NIX_BUILD_CORES * 2)) + makeFlagsArray+=("-l''${_maxLoad}") + + ''; + }) + (optionalAttrs autotools { + preConfigure = '' - _maxLoad=$(($NIX_BUILD_CORES * 2)) - makeFlagsArray+=("-l''${_maxLoad}") - - ''; - }) - (optionalAttrs autotools { - preConfigure = '' - - configureFlagsArray+=( - "CFLAGS=$CFLAGS" - "CXXFLAGS=$CXXFLAGS" - ) - - ''; - }) - (optionalAttrs cmake { - preConfigure = '' - - cmakeFlagsArray+=( - "-DCMAKE_CXX_FLAGS=$CXXFLAGS" - "-DCMAKE_C_FLAGS=$CFLAGS" - ${optionalString lto '' - "-DCMAKE_INTERPROCEDURAL_OPTIMIZATION=true" - ''} - ) - - ''; - }) - (optionalAttrs ninja { - preConfigure = '' - - _maxLoad=$(($NIX_BUILD_CORES * 2)) - ninjaFlagsArray+=("-l''${_maxLoad}") - - ''; - }) - (optionalAttrs rust { - RUSTFLAGS = - [ ] - ++ optionals (levelN >= 2) [ "-C opt-level=3" ] - ++ optionals lto [ - "-C lto=fat" - "-C embed-bitcode=on" - ] - ++ optionals (!isNull cpuArch) [ "-C target-cpu=${cpuArch}" ] - #++ [ "-C embed-bitcode=off" "-C lto=off" ] # Not needed since rust 1.45 - #++ optionals lto [ "-Clinker-plugin-lto" "-Clto" ] - ; - }) - (optionalAttrs (!check) { - doCheck = false; - doInstallCheck = false; - }) - (optionalAttrs (go && ISA == "amd64") { - GOAMD64 = "v${toString x86Level}"; - }) - (optionalAttrs (go && ISA == "arm") { - GOARM = toString (getGOARM armLevel); - }) - (optionalAttrs (go && ISA == "i686") { - GO386 = "sse2"; - }) - (optionalAttrs go { - GCCGO = "gccgo"; - CGO_CFLAGS_ALLOW = "-f.*"; - CGO_CXXFLAGS_ALLOW = "-f.*"; - CGO_CPPFLAGS_ALLOW = "-D.*"; - CGO_LDFLAGS_ALLOW = "-Wl.*"; - }) - (addMarchSpecific march) - ] - ); + configureFlagsArray+=( + "CFLAGS=$CFLAGS" + "CXXFLAGS=$CXXFLAGS" + ) + + ''; + }) + (optionalAttrs cmake { + preConfigure = '' + + cmakeFlagsArray+=( + "-DCMAKE_CXX_FLAGS=$CXXFLAGS" + "-DCMAKE_C_FLAGS=$CFLAGS" + ${optionalString lto '' + "-DCMAKE_INTERPROCEDURAL_OPTIMIZATION=true" + ''} + ) + + '' + ; + }) + (optionalAttrs ninja { + preConfigure = '' + + _maxLoad=$(($NIX_BUILD_CORES * 2)) + ninjaFlagsArray+=("-l''${_maxLoad}") + + ''; + }) + (optionalAttrs rust { + RUSTFLAGS = [ ] + ++ optionals (levelN >= 2) [ "-C opt-level=3" ] + ++ optionals lto [ "-C lto=fat" "-C embed-bitcode=on" ] + ++ optionals (! isNull cpuArch) [ "-C target-cpu=${cpuArch}" ] + #++ [ "-C embed-bitcode=off" "-C lto=off" ] # Not needed since rust 1.45 + #++ optionals lto [ "-Clinker-plugin-lto" "-Clto" ] + ; + }) + (optionalAttrs (!check) { + doCheck = false; + doInstallCheck = false; + }) + (optionalAttrs (go && ISA == "amd64") { + GOAMD64 = "v${toString x86Level}"; + }) + (optionalAttrs (go && ISA == "arm") { + GOARM = toString (getGOARM armLevel); + }) + (optionalAttrs (go && ISA == "i686") { + GO386 = "sse2"; + }) + (optionalAttrs go { + GCCGO = "gccgo"; + CGO_CFLAGS_ALLOW = "-f.*"; + CGO_CXXFLAGS_ALLOW = "-f.*"; + CGO_CPPFLAGS_ALLOW = "-D.*"; + CGO_LDFLAGS_ALLOW = "-Wl.*"; + }) + (addMarchSpecific march) + ]) + ; } diff --git a/lib/types.nix b/lib/types.nix index 3f47a19..c562f3f 100644 --- a/lib/types.nix +++ b/lib/types.nix @@ -2,14 +2,10 @@ with lib; { package' = types.package // { - merge = - loc: defs: - let - res = mergeDefaultOption loc defs; - in - if builtins.isPath res || (builtins.isString res && !builtins.hasContext res) then - toDerivation res - else - res; + merge = loc: defs: + let res = mergeDefaultOption loc defs; + in if builtins.isPath res || (builtins.isString res && ! builtins.hasContext res) + then toDerivation res + else res; }; } diff --git a/network.nix b/network.nix index 385dff7..1b1c6db 100644 --- a/network.nix +++ b/network.nix @@ -1,10 +1,4 @@ -{ - config, - pkgs, - lib, - myLib, - ... -}: +{ config, pkgs, lib, myLib, ... }: with lib; let cfg = config.aviallon.network; @@ -22,27 +16,15 @@ in default = "systemd-networkd"; example = "NetworkManager"; description = "Set network backend"; - type = types.enum [ - "systemd-networkd" - "NetworkManager" - "dhcpcd" - ]; + type = types.enum [ "systemd-networkd" "NetworkManager" "dhcpcd" ]; }; dns = mkOption { default = "systemd-resolved"; example = "dnsmasq"; description = "Set network DNS"; - type = types.enum [ - "systemd-resolved" - "dnsmasq" - "unbound" - "none" - "default" - ]; - }; - vpnSupport = mkEnableOption "VPN support of many kinds in NetworkManager" // { - default = desktopCfg.enable; + type = types.enum [ "systemd-resolved" "dnsmasq" "unbound" "none" "default" ]; }; + vpnSupport = mkEnableOption "VPN support of many kinds in NetworkManager" // { default = desktopCfg.enable; }; }; config = mkIf cfg.enable { @@ -50,10 +32,11 @@ in networking.networkmanager.enable = (cfg.backend == "NetworkManager"); networking.dhcpcd.enable = (cfg.backend == "dhcpcd"); + services.resolved = { enable = (cfg.dns == "systemd-resolved"); settings.Resolve = { - LLMNR = mkForce false; # https://www.blackhillsinfosec.com/how-to-disable-llmnr-why-you-want-to/ + LLMNR = mkForce false; # https://www.blackhillsinfosec.com/how-to-disable-llmnr-why-you-want-to/ DNSSEC = false; DNS = [ # cloudflare-dns.com @@ -67,7 +50,7 @@ in services.udev.extraRules = concatStringsSep "\n" [ (optionalString (!config.aviallon.laptop.enable) '' - ACTION=="add", SUBSYSTEM=="net", NAME=="enp*", RUN+="${pkgs.ethtool}/bin/ethtool -s $name wol gu" + ACTION=="add", SUBSYSTEM=="net", NAME=="enp*", RUN+="${pkgs.ethtool}/bin/ethtool -s $name wol gu" '') ]; @@ -76,9 +59,7 @@ in networking.networkmanager = { wifi.backend = mkDefault "iwd"; dns = mkDefault cfg.dns; - plugins = - with pkgs; - [ ] + plugins = with pkgs; [] ++ optional (cfg.dns == "dnsmasq") dnsmasq ++ optionals cfg.vpnSupport [ networkmanager_strongswan @@ -86,7 +67,8 @@ in networkmanager-openconnect networkmanager-sstp networkmanager-l2tp - ]; + ] + ; }; networking.wireless.enable = (cfg.backend != "NetworkManager"); networking.wireless.iwd.enable = true; @@ -96,9 +78,7 @@ in # Must always be false networking.useDHCP = false; - networking.hostId = mkDefault ( - substring 0 8 (builtins.hashString "sha256" config.networking.hostName) - ); + networking.hostId = mkDefault (substring 0 8 (builtins.hashString "sha256" config.networking.hostName)); networking.hostName = mkDefault (builtins.abort "Default hostname not changed" null); # Needed for proper WiFi support in some countries (like France, for instance) diff --git a/nix/builder.nix b/nix/builder.nix index d148abd..9962d2e 100644 --- a/nix/builder.nix +++ b/nix/builder.nix @@ -1,10 +1,4 @@ -{ - config, - pkgs, - lib, - myLib, - ... -}: +{ config, pkgs, lib, myLib, ... }: with lib; let cfg = config.aviallon.nix; @@ -16,40 +10,35 @@ let getSpeed = cores: threads: cores + (threads - cores) / 2; - mkBuildMachine = - { - hostName, - cores, - systems ? [ "x86_64-linux" ], - threads ? (cores * 2), - features ? [ ], - x86ver ? 1, - ... - }@attrs: - let - speedFactor = getSpeed cores threads; - in - { - inherit hostName speedFactor; - systems = systems ++ optional (any (s: s == "x86_64-linux") systems) "i686-linux"; - sshUser = "builder"; - sshKey = buildUserKeyFilePath; - maxJobs = myLib.math.log2 cores; - supportedFeatures = [ - "kvm" - "benchmark" - ] + mkBuildMachine = { + hostName, + cores, + systems ? [ "x86_64-linux" ] , + threads ? (cores * 2), + features ? [ ], + x86ver ? 1 , + ... + }@attrs: let + speedFactor = getSpeed cores threads; + in { + inherit hostName speedFactor; + systems = systems + ++ optional (any (s: s == "x86_64-linux") systems) "i686-linux" + ; + sshUser = "builder"; + sshKey = buildUserKeyFilePath; + maxJobs = myLib.math.log2 cores; + supportedFeatures = [ "kvm" "benchmark" ] ++ optional (speedFactor > 8) "big-parallel" ++ optional (x86ver >= 2) "gccarch-x86-64-v2" ++ optional (x86ver >= 3) "gccarch-x86-64-v3" ++ optional (x86ver >= 4) "gccarch-x86-64-v4" - ++ features; + ++ features + ; + + }; - }; - - machineList = filterAttrs ( - name: value: config.networking.hostName != name && value.enable - ) cfg.builder.buildMachines; + machineList = filterAttrs (name: value: config.networking.hostName != name && value.enable) cfg.builder.buildMachines; in { imports = [ @@ -68,104 +57,85 @@ in example = "/path/to/id_builder"; description = "Path to the private key nix builder user will use"; }; - + buildMachines = mkOption { - type = types.attrsOf ( - types.submoduleWith { - modules = [ - ( - { - config, - options, - name, - ... - }: - { - options = { - enable = mkOption { - type = types.bool; - default = true; - description = "Wether to enable or to disable this builder"; - example = false; - }; - hostName = mkOption { - type = types.str; - example = "luke-skywalker-nixos"; - description = '' - Builder's host name - ''; - }; - sshConfig = mkOption { - type = types.str; - default = ""; - example = '' - ProxyJump example.com - Port 2222 - ''; - description = "Extra ssh config for the builder."; - }; - cores = mkOption { - type = with types; ints.unsigned; - example = 8; - description = "How many physical cores the builder has."; - }; - threads = mkOption { - type = with types; addCheck ints.unsigned (n: n >= config.cores); - example = 16; - description = "How many physical _threads_ the builder has."; - }; - x86ver = mkOption { - default = 1; - type = with types; addCheck ints.positive (n: n >= 1 && n <= 4); - example = 3; - description = "Maximum x86-64 feature level supported."; - }; - }; - - } - ) - ]; - } - ); - default = { }; - example = literalExpression '' + type = types.attrsOf (types.submoduleWith { + modules = [ + ({ config, options, name, ...}: { - luke-skywalker-nixos = { - hostName = "2aXX:e0a:18e:8670::"; - cores = 16; - threads = 32; - x86ver = 3; + options = { + enable = mkOption { + type = types.bool; + default = true; + description = "Wether to enable or to disable this builder"; + example = false; + }; + hostName = mkOption { + type = types.str; + example = "luke-skywalker-nixos"; + description = '' + Builder's host name + ''; + }; + sshConfig = mkOption { + type = types.str; + default = ""; + example = '' + ProxyJump example.com + Port 2222 + ''; + description = "Extra ssh config for the builder."; + }; + cores = mkOption { + type = with types; ints.unsigned; + example = 8; + description = "How many physical cores the builder has."; + }; + threads = mkOption { + type = with types; addCheck ints.unsigned (n: n >= config.cores); + example = 16; + description = "How many physical _threads_ the builder has."; + }; + x86ver = mkOption { + default = 1; + type = with types; addCheck ints.positive (n: n >= 1 && n <= 4); + example = 3; + description = "Maximum x86-64 feature level supported."; + }; }; - } - ''; + + })]; }); + default = {}; + example = literalExpression + '' + { + luke-skywalker-nixos = { + hostName = "2aXX:e0a:18e:8670::"; + cores = 16; + threads = 32; + x86ver = 3; + }; + } + ''; description = "NixOS builders"; }; }; config = { - nix.buildMachines = traceValSeqN 3 ( - mapAttrsToList ( - name: value: - mkBuildMachine { - inherit (value) - hostName - cores - threads - x86ver - ; - } - ) machineList - ); + nix.buildMachines = traceValSeqN 3 (mapAttrsToList (name: value: + mkBuildMachine { + inherit (value) hostName cores threads x86ver; + } + ) machineList); - programs.ssh.extraConfig = concatStringsSep "\n" ( - mapAttrsToList ( - name: value: - (optionalString (value.sshConfig != "") '' - Host ${value.hostName} - ${value.sshConfig} - '') - ) machineList - ); + programs.ssh.extraConfig = concatStringsSep "\n" (mapAttrsToList (name: value: + (optionalString (value.sshConfig != "") + '' + Host ${value.hostName} + ${value.sshConfig} + '' + ) + ) machineList); users.users.builder = { isSystemUser = true; @@ -176,7 +146,7 @@ in ]; shell = pkgs.bashInteractive; }; - users.groups.builder = { }; + users.groups.builder = {}; nix.settings.trusted-users = [ "builder" ]; boot.enableContainers = mkForce true; diff --git a/nix/nix.nix b/nix/nix.nix index 3d46e20..0905261 100644 --- a/nix/nix.nix +++ b/nix/nix.nix @@ -1,12 +1,4 @@ -{ - config, - pkgs, - lib, - myLib, - nixpkgs, - nixpkgs-unstable, - ... -}: +{config, pkgs, lib, myLib, nixpkgs, nixpkgs-unstable, ...}: with lib; with myLib; let @@ -21,7 +13,7 @@ in enableCustomSubstituter = mkEnableOption "custom substituter using nix-cache.lesviallon.fr"; contentAddressed = mkEnableOption "experimental content-addressed derivations"; }; - + config = { system.autoUpgrade.enable = mkDefault true; @@ -34,18 +26,16 @@ in upper = "05:00"; }; - system.build.nixos-rebuild = - let - nixos-rebuild = pkgs.nixos-rebuild.override { nix = config.nix.package.out; }; - nixos-rebuild-inhibit = pkgs.writeShellScriptBin "nixos-rebuild" '' - exec ${config.systemd.package}/bin/systemd-inhibit --what=idle:shutdown --mode=block \ - --who="NixOS rebuild" \ - --why="NixOS must finish rebuilding configuration or work would be lost." \ - -- \ - ${pkgs.coreutils}/bin/nice -n 19 -- ${nixos-rebuild}/bin/nixos-rebuild "$@" + system.build.nixos-rebuild = let + nixos-rebuild = pkgs.nixos-rebuild.override { nix = config.nix.package.out; }; + nixos-rebuild-inhibit = pkgs.writeShellScriptBin "nixos-rebuild" '' + exec ${config.systemd.package}/bin/systemd-inhibit --what=idle:shutdown --mode=block \ + --who="NixOS rebuild" \ + --why="NixOS must finish rebuilding configuration or work would be lost." \ + -- \ + ${pkgs.coreutils}/bin/nice -n 19 -- ${nixos-rebuild}/bin/nixos-rebuild "$@" ''; - in - mkOverride 20 nixos-rebuild-inhibit; + in mkOverride 20 nixos-rebuild-inhibit; environment.systemPackages = [ (hiPrio config.system.build.nixos-rebuild) @@ -54,7 +44,7 @@ in environment.variables = { NIX_REMOTE = "daemon"; # Use the nix daemon by default }; - + systemd.services.nixos-upgrade = { unitConfig = { ConditionCPUPressure = "user.slice:15%"; @@ -73,12 +63,14 @@ in }; }; + + nix.gc.automatic = mkDefault true; nix.gc.dates = mkDefault "Monday,Wednesday,Friday,Sunday 03:00:00"; nix.gc.randomizedDelaySec = "3h"; nix.optimise.automatic = mkDefault (!config.nix.settings.auto-optimise-store); nix.optimise.dates = mkDefault [ "Tuesday,Thursday,Saturday 03:00:00" ]; - nix.settings.auto-optimise-store = mkDefault true; + nix.settings.auto-optimise-store = mkDefault true; systemd.services.nix-daemon = { serviceConfig = { @@ -92,40 +84,31 @@ in }; }; - nix.package = optimizePkg { - stdenv = pkgs.fastStdenv; - level = "slower"; - } pkgs.nixVersions.latest; + + nix.package = optimizePkg { stdenv = pkgs.fastStdenv; level = "slower"; } pkgs.nixVersions.latest; - nix.settings.system-features = [ - "big-parallel" - "kvm" - "benchmark" - ] - ++ optional (!isNull generalCfg.cpu.arch) "gccarch-${generalCfg.cpu.arch}" - ++ optional (generalCfg.cpu.x86.level >= 2) "gccarch-x86-64-v2" - ++ optional (generalCfg.cpu.x86.level >= 3) "gccarch-x86-64-v3" - ++ optional (generalCfg.cpu.x86.level >= 4) "gccarch-x86-64-v4"; + nix.settings.system-features = [ "big-parallel" "kvm" "benchmark" ] + ++ optional ( ! isNull generalCfg.cpu.arch ) "gccarch-${generalCfg.cpu.arch}" + ++ optional ( generalCfg.cpu.x86.level >= 2 ) "gccarch-x86-64-v2" + ++ optional ( generalCfg.cpu.x86.level >= 3 ) "gccarch-x86-64-v3" + ++ optional ( generalCfg.cpu.x86.level >= 4 ) "gccarch-x86-64-v4" + ; nix.settings.builders-use-substitutes = true; nix.settings.substitute = true; - nix.settings.experimental-features = [ - "nix-command" - "flakes" - ] - ++ optional (versionOlder config.nix.package.version "2.19") "repl-flake" - ++ optional cfg.contentAddressed "ca-derivations"; - + nix.settings.experimental-features = [ "nix-command" "flakes" ] + ++ optional (versionOlder config.nix.package.version "2.19") "repl-flake" + ++ optional cfg.contentAddressed "ca-derivations" + ; + nix.settings.download-attempts = 5; nix.settings.stalled-download-timeout = 20; - nix.settings.substituters = mkBefore ( - [ ] + nix.settings.substituters = mkBefore ([] ++ optional cfg.enableCustomSubstituter "https://nix-cache.lesviallon.fr" ++ optional cfg.contentAddressed "https://cache.ngi0.nixos.org/" ); - nix.settings.trusted-public-keys = mkBefore ( - [ ] + nix.settings.trusted-public-keys = mkBefore ([] ++ optional cfg.enableCustomSubstituter "nix-cache.lesviallon.fr-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" ++ optional cfg.contentAddressed "cache.ngi0.nixos.org-1:KqH5CBLNSyX184S9BKZJo1LxrxJ9ltnY2uAs5c/f1MA=" ); @@ -135,15 +118,9 @@ in nix.settings.cores = mkIf (generalCfg.cpu.threads != null) generalCfg.cpu.threads; nix.settings.max-jobs = mkIf (generalCfg.cpu.threads != null) (math.log2 generalCfg.cpu.threads); - nix.settings.trusted-users = [ - "root" - "@wheel" - ]; + nix.settings.trusted-users = [ "root" "@wheel" ]; - nix.settings.hashed-mirrors = [ - "https://tarballs.nixos.org" - "https://nixpkgs-unfree.cachix.org" - ]; + nix.settings.hashed-mirrors = [ "https://tarballs.nixos.org" "https://nixpkgs-unfree.cachix.org" ]; nix.registry = { nixpkgs.flake = nixpkgs; diff --git a/optimizations/optimizations.nix b/optimizations/optimizations.nix index a1b9a32..808f175 100644 --- a/optimizations/optimizations.nix +++ b/optimizations/optimizations.nix @@ -1,11 +1,4 @@ -{ - config, - pkgs, - options, - lib, - myLib, - ... -}: +{ config, pkgs, options, lib, myLib, ... }: with lib; let cfg = config.aviallon.optimizations; @@ -31,18 +24,18 @@ let lto = cfg.lto.enable; }; - optimizePkg = - { - attributes ? { }, + optimizePkg = { + attributes ? {}, stdenv ? null, ... - }@attrs: - pkg: - myLib.optimizations.optimizePkg pkg ( - defaultOptimizeAttrs // cfg.defaultSettings // { inherit stdenv attributes; } // attrs - ); -in -{ + }@attrs: pkg: + myLib.optimizations.optimizePkg pkg ( + defaultOptimizeAttrs + // cfg.defaultSettings + // { inherit stdenv attributes; } + // attrs + ); +in { options.aviallon.optimizations = { enable = mkOption { default = true; @@ -59,22 +52,12 @@ in blacklist = mkOption { description = "Packages to blacklist from LTO"; type = types.listOf types.str; - default = [ - "x265" - "cpio" - "cups" - "gtk+3" - "which" - "openssh" - ]; + default = [ "x265" "cpio" "cups" "gtk+3" "which" "openssh" ]; }; }; extraCompileFlags = mkOption { default = [ ]; - example = [ - "-O2" - "-mavx" - ]; + example = [ "-O2" "-mavx" ]; description = "Add specific compile flags"; type = types.listOf types.str; }; @@ -83,14 +66,11 @@ in recursive = 0; level = "slower"; }; - example = { - level = "unsafe"; - recursive = 0; - }; + example = { level = "unsafe"; recursive = 0; }; description = "Specify default options passed to optimizePkg"; }; optimizePkg = mkOption { - default = if cfg.enable then optimizePkg else ({ ... }: pkg: pkg); + default = if cfg.enable then optimizePkg else ({...}: pkg: pkg); example = "pkg: pkg.override { stdenv = pkgs.fastStdenv; }"; description = "Function used for optimizing packages"; type = with types; functionTo (functionTo package); @@ -98,26 +78,15 @@ in trace = mkEnableOption "trace attributes in overriden derivations"; runtimeOverrides.enable = mkEnableOption "runtime overrides for performance sensitive libraries (glibc, ...)"; blacklist = mkOption { - default = [ - # Broken - "alsa-lib" - "glib" - "lcms2" - "gconf" - "gnome-vfs" + default = [ # Broken + "alsa-lib" "glib" "lcms2" "gconf" "gnome-vfs" - # Very slow - "llvm" - "clang" - "clang-wrapper" - "valgrind" - "rustc" - "tensorflow" - "qtwebengine" + # Very slow + "llvm" "clang" "clang-wrapper" "valgrind" "rustc" "tensorflow" "qtwebengine" - # Fixable with work, but slow for now - "rapidjson" - ]; + # Fixable with work, but slow for now + "rapidjson" + ]; example = [ "bash" ]; description = "Blacklist specific packages from optimizations"; type = types.listOf types.str; @@ -126,12 +95,13 @@ in type = with types; attrsOf package; default = { }; - example = literalExpression '' - { - ninja = pkgs.ninja-samurai; - cmake = pkgs.my-cmake-override; - } - ''; + example = literalExpression + '' + { + ninja = pkgs.ninja-samurai; + cmake = pkgs.my-cmake-override; + } + ''; description = "Allow overriding packages found in `nativeBuildInputs` with custom packages."; }; }; @@ -139,59 +109,50 @@ in config = mkIf cfg.enable { aviallon.optimizations.blacklist = mkDefault ( - options.aviallon.optimizations.blacklist.default - ++ (traceValSeq (forEach config.system.replaceRuntimeDependencies (x: lib.getName x.oldDependency))) + options.aviallon.optimizations.blacklist.default + ++ (traceValSeq (forEach config.system.replaceRuntimeDependencies (x: lib.getName x.oldDependency ))) ); - system.replaceDependencies.replacements = - mkIf (!lib.inPureEvalMode && cfg.runtimeOverrides.enable) - [ - # glibc usually represents 20% of the userland CPU time. It is therefore very much worth optimizing. - /* - { - original = pkgs.glibc; - replacement = let - optimizedFlags = [ "-fipa-pta" ]; - #optimizedFlags = myLib.optimizations.guessOptimizationsFlags pkgs.glibc (defaultOptimizeAttrs // { level = "slower"; recursive = 0; }); - in pkgs.glibc.overrideAttrs (attrs: myLib.debug.traceValWithPrefix "optimizations (glibc)" { - passthru = pkgs.glibc.passthru; - env = (attrs.env or {}) // { - NIX_CFLAGS_COMPILE = (attrs.env.NIX_CFLAGS_COMPILE or "") + (toString optimizedFlags.CFLAGS); - }; - }); - } - */ - # zlib is in second place, given how often it is used - #{ - # original = pkgs.zlib; - # replacement = optimizePkg { level = "slower"; } pkgs.zlib; - #} - ]; + system.replaceDependencies.replacements = mkIf (!lib.inPureEvalMode && cfg.runtimeOverrides.enable) [ + # glibc usually represents 20% of the userland CPU time. It is therefore very much worth optimizing. + /*{ + original = pkgs.glibc; + replacement = let + optimizedFlags = [ "-fipa-pta" ]; + #optimizedFlags = myLib.optimizations.guessOptimizationsFlags pkgs.glibc (defaultOptimizeAttrs // { level = "slower"; recursive = 0; }); + in pkgs.glibc.overrideAttrs (attrs: myLib.debug.traceValWithPrefix "optimizations (glibc)" { + passthru = pkgs.glibc.passthru; + env = (attrs.env or {}) // { + NIX_CFLAGS_COMPILE = (attrs.env.NIX_CFLAGS_COMPILE or "") + (toString optimizedFlags.CFLAGS); + }; + }); + }*/ + # zlib is in second place, given how often it is used + #{ + # original = pkgs.zlib; + # replacement = optimizePkg { level = "slower"; } pkgs.zlib; + #} + ]; nixpkgs.overlays = mkAfter [ (self: super: { - veryFastStdenv = super.overrideCC super.gccStdenv ( - super.buildPackages.gcc_latest.overrideAttrs ( - old: - let - optimizedAttrs = { } // { + veryFastStdenv = super.overrideCC super.gccStdenv (super.buildPackages.gcc_latest.overrideAttrs (old: + let + optimizedAttrs = {} + // { configureFlags = [ - "--with-cpu-64=${generalCfg.cpu.arch}" - "--with-arch-64=${generalCfg.cpu.arch}" + "--with-cpu-64=${generalCfg.cpu.arch}" "--with-arch-64=${generalCfg.cpu.arch}" "--with-tune-64=${generalCfg.cpu.tune}" "--with-build-config=bootstrap-lto-lean" ]; - }; - ccWithProfiling = old.cc.overrideAttrs (_: { - buildFlags = [ "profiledbootstrap" ]; - }); - in - { - cc = addAttrs ccWithProfiling optimizedAttrs; - } - ) - ); + } + ; + ccWithProfiling = old.cc.overrideAttrs (_: { buildFlags = [ "profiledbootstrap" ]; } ); + in { + cc = addAttrs ccWithProfiling optimizedAttrs; + } + )); }) - + (self: super: { #jetbrains = super.jetbrains // { # jdk = pipe super.jetbrains.jdk [ diff --git a/optimizations/services.nix b/optimizations/services.nix index 7d7f286..d25eb50 100644 --- a/optimizations/services.nix +++ b/optimizations/services.nix @@ -1,10 +1,4 @@ -{ - config, - options, - pkgs, - lib, - ... -}: +{ config, options, pkgs, lib, ... }: with lib; let cfg = config.aviallon.optimizations; @@ -14,8 +8,7 @@ let }; man-db = optimizePkg { level = "moderately-unsafe"; } pkgs.man-db; mandoc = optimizePkg { level = "moderately-unsafe"; } pkgs.mandoc; -in -{ +in { config = mkIf cfg.enable { documentation.man.man-db.package = man-db; documentation.man.mandoc.package = mandoc; diff --git a/overlays.nix b/overlays.nix index 1b2820b..c485704 100644 --- a/overlays.nix +++ b/overlays.nix @@ -1,11 +1,4 @@ -{ - config, - pkgs, - options, - lib, - myLib, - ... -}: +{config, pkgs, options, lib, myLib, ...}: with builtins; with lib; let @@ -15,10 +8,7 @@ in { imports = [ - (mkRenamedOptionModule - [ "aviallon" "overlays" "optimizations" ] - [ "aviallon" "optimizations" "enable" ] - ) + (mkRenamedOptionModule [ "aviallon" "overlays" "optimizations" ] [ "aviallon" "optimizations" "enable" ]) ]; options.aviallon.overlays = { @@ -31,179 +21,140 @@ in traceCallPackage = mkEnableOption "printing package names each time callPackage is evaluated"; }; config = mkIf cfg.enable { - nix.nixPath = + nix.nixPath = # Append our nixpkgs-overlays. - [ "nixpkgs-overlays=/etc/nixos/overlays-compat/" ]; + [ "nixpkgs-overlays=/etc/nixos/overlays-compat/" ] + ; - nixpkgs.overlays = - [ ] - ++ optional cfg.traceCallPackage ( - self: super: { - callPackage = - path: overrides: - let - _pkg = super.callPackage path overrides; - _name = _pkg.name or _pkg.pname or ""; - in - trace "callPackage ${_name}" _pkg; - } - ) - ++ [ - (self: super: { - htop = super.htop.overrideAttrs (old: { - configureFlags = old.configureFlags ++ [ - "--enable-affinity" - "--enable-delayacct" - "--enable-capabilities" - ]; - nativeBuildInputs = - old.nativeBuildInputs - ++ (with super; [ - pkg-config - ]); - buildInputs = - old.buildInputs - ++ (with super; [ - libcap - libunwind - libnl - ]); - }); - ark = super.ark.override { - unfreeEnableUnrar = true; - }; - - }) - # (final: prev: { - # # linux-manual requires scripts/split-man.pl from the kernel source, but - # # neither xanmod 6.19.7 nor vanilla 6.18.x ship it yet. Mark broken so - # # the build doesn't fail; man-pages and man-pages-posix still build fine. - # linux-manual = prev.linux-manual.overrideAttrs (_: { - # meta = (prev.linux-manual.meta or { }) // { - # broken = true; - # }; - # }); - # }) - - (final: prev: { - lutris-fhs = ( - prev.buildFHSUserEnv { - name = "lutris"; - targetPkgs = - pkgs: - (with pkgs; [ - glibc - bashInteractive - - python3Full - - lutris - gamescope - wineWow64Packages.waylandFull - flatpak - ]); - - # symlink shared assets, including icons and desktop entries - extraInstallCommands = '' - ln -s "${pkgs.lutris}/share" "$out/" - ''; - - runScript = "/usr/bin/lutris"; - } - ); - }) - - ( - final: prev: + nixpkgs.overlays = [] + ++ optional cfg.traceCallPackage (self: super: { + callPackage = path: overrides: let - pycharm-common = - pkg: - let - myIsDerivation = x: !(myLib.derivations.isBroken x); - interpreters = pkgs: filter (x: myIsDerivation x) (attrValues pkgs.pythonInterpreters); - in - prev.buildFHSUserEnv rec { - name = pkg.pname; - targetPkgs = - pkgs: - ( - with pkgs; - [ - glibc - bashInteractive - zlib + _pkg = super.callPackage path overrides; + _name = _pkg.name or _pkg.pname or ""; + in trace "callPackage ${_name}" _pkg + ; + }) + ++ [(self: super: { + htop = super.htop.overrideAttrs (old: { + configureFlags = old.configureFlags ++ [ + "--enable-affinity" + "--enable-delayacct" + "--enable-capabilities" + ]; + + nativeBuildInputs = old.nativeBuildInputs ++ (with super; [ + pkg-config + ]); + buildInputs = old.buildInputs ++ (with super; [ + libcap + libunwind + libnl + ]); + }); + ark = super.ark.override { + unfreeEnableUnrar = true; + }; - python3Full + }) + (final: prev: { + # Use our kernel for generating linux man pages + linux-manual = prev.linux-manual.override { linuxPackages_latest = config.boot.kernelPackages; }; + }) - pkg - ] - ++ trace "Using the following interpreters: ${toString (pkgNames (interpreters pkgs))}" ( - interpreters pkgs - ) - ); + (final: prev: { + lutris-fhs = + (prev.buildFHSUserEnv { + name = "lutris"; + targetPkgs = pkgs: (with pkgs; + [ + glibc + bashInteractive - # symlink shared assets, including icons and desktop entries - extraInstallCommands = '' - ln -s "${pkg}/share" "$out/" - ''; + python3Full - runScript = "/usr/bin/${pkg.pname}"; - }; - in - { - jetbrains = prev.jetbrains // { - pycharm-community-fhs = pycharm-common prev.jetbrains.pycharm-community; - pycharm-professional-fhs = pycharm-common prev.jetbrains.pycharm-professional; + lutris + gamescope + wineWowPackages.waylandFull + flatpak + ] + ); - clion-fhs = - let - compilers = - pkgs: - with pkgs; - with llvmPackages_17; - [ - (setPrio (-9) gcc13) - (hiPrio clang) - clang-unwrapped - libcxx - ]; - in - prev.buildFHSUserEnv rec { - name = "clion"; - targetPkgs = - pkgs: - ( - with pkgs; - [ - jetbrains.clion - (hiPrio cmake) - (hiPrio ninja) - gnumake - extra-cmake-modules - ] - ++ trace "Using the following compilers: ${toString (pkgNames (compilers pkgs))}" (compilers pkgs) - ); - # symlink shared assets, including icons and desktop entries - extraInstallCommands = '' - ln -s "${prev.jetbrains.clion}/share" "$out/" - ''; - extraOutputsToInstall = [ - "include" - "dev" - "doc" - ]; + # symlink shared assets, including icons and desktop entries + extraInstallCommands = '' + ln -s "${pkgs.lutris}/share" "$out/" + ''; - runScript = "/usr/bin/clion"; - }; - }; - } - ) + runScript = "/usr/bin/lutris"; + }); + }) + + (final: prev: let + pycharm-common = pkg: + let + myIsDerivation = x: !(myLib.derivations.isBroken x); + interpreters = pkgs: filter (x: myIsDerivation x) (attrValues pkgs.pythonInterpreters); + in prev.buildFHSUserEnv rec { + name = pkg.pname; + targetPkgs = pkgs: (with pkgs; + [ + glibc + bashInteractive + zlib + + python3Full + + pkg + ] + ++ trace "Using the following interpreters: ${toString (pkgNames (interpreters pkgs))}" (interpreters pkgs) + ); + + # symlink shared assets, including icons and desktop entries + extraInstallCommands = '' + ln -s "${pkg}/share" "$out/" + ''; + + runScript = "/usr/bin/${pkg.pname}"; + }; + in { + jetbrains = prev.jetbrains // { + pycharm-community-fhs = pycharm-common prev.jetbrains.pycharm-community; + pycharm-professional-fhs = pycharm-common prev.jetbrains.pycharm-professional; + + clion-fhs = let + compilers = pkgs: with pkgs; with llvmPackages_17; [ + (setPrio (-9) gcc13) + (hiPrio clang) + clang-unwrapped + libcxx + ]; + in prev.buildFHSUserEnv rec { + name = "clion"; + targetPkgs = pkgs: (with pkgs; + [ + jetbrains.clion + (hiPrio cmake) + (hiPrio ninja) + gnumake + extra-cmake-modules + ] + ++ trace "Using the following compilers: ${toString (pkgNames (compilers pkgs))}" (compilers pkgs) + ); + # symlink shared assets, including icons and desktop entries + extraInstallCommands = '' + ln -s "${prev.jetbrains.clion}/share" "$out/" + ''; + extraOutputsToInstall = [ "include" "dev" "doc" ]; + + runScript = "/usr/bin/clion"; + }; + }; + }) - ]; - aviallon.programs.allowUnfreeList = [ - "unrar" - "ark" ]; - }; + aviallon.programs.allowUnfreeList = [ + "unrar" "ark" + ]; + }; } diff --git a/packages.nix b/packages.nix index b9de682..00a051b 100644 --- a/packages.nix +++ b/packages.nix @@ -1,10 +1,4 @@ -{ - config, - pkgs, - lib, - myLib, - ... -}: +{ config, pkgs, lib, myLib, ... }: with lib; let cfg = config.aviallon.programs; @@ -12,15 +6,12 @@ let generalCfg = config.aviallon.general; optimizeCfg = config.aviallon.optimizations; - myOpenssh = if optimizeCfg.enable then (optimizeCfg.optimizePkg { } pkgs.openssh) else pkgs.openssh; + myOpenssh = if optimizeCfg.enable then (optimizeCfg.optimizePkg {} pkgs.openssh) else pkgs.openssh; in { imports = [ ./programs - (mkRenamedOptionModule - [ "aviallon" "programs" "compileFlags" ] - [ "aviallon" "optimizations" "extraCompileFlags" ] - ) + (mkRenamedOptionModule [ "aviallon" "programs" "compileFlags" ] [ "aviallon" "optimizations" "extraCompileFlags" ]) ]; options.aviallon.programs = { @@ -32,19 +23,14 @@ in }; allowUnfreeList = mkOption { default = [ ]; - example = [ - "nvidia-x11" - "steam" - ]; + example = [ "nvidia-x11" "steam" ]; description = "Allow specific unfree software to be installed"; type = types.listOf types.str; }; config = mkOption { - default = { }; + default = {}; type = types.attrs; - example = { - cudaSupport = true; - }; + example = { cudaSupport = true; }; description = "nixpkgs config settings to be applied to all nixpkgs instances"; }; }; @@ -53,36 +39,33 @@ in programs.java.enable = mkDefault (!generalCfg.minimal); - aviallon.programs.config.allowUnfreePredicate = - pkg: builtins.elem (lib.getName pkg) cfg.allowUnfreeList; + aviallon.programs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) cfg.allowUnfreeList; - environment.systemPackages = - with pkgs; - [ ] - ++ [ - vim - wget - nano - myOpenssh - psmisc - pciutils - ripgrep - fd - htop - unstable.cachix - usbutils - ] - ++ optionals (!generalCfg.minimal) [ - rsync - par2cmdline # .par2 archive verification - python3 - parallel - coreutils-full - nmap - pv - xxHash - unzip - ]; + environment.systemPackages = with pkgs; [] + ++ [ + vim + wget + nano + myOpenssh + psmisc + pciutils + ripgrep + fd + htop + unstable.cachix + usbutils + ] + ++ optionals (!generalCfg.minimal) [ + rsync + par2cmdline # .par2 archive verification + python3 + parallel + coreutils-full + nmap + pv + xxHash + unzip + ]; programs.ssh.package = myOpenssh; @@ -94,7 +77,7 @@ in }; programs.ccache.enable = true; - + nix.settings.extra-sandbox-paths = [ (toString config.programs.ccache.cacheDir) ]; diff --git a/packages/aspm_enable/default.nix b/packages/aspm_enable/default.nix index 5c13750..67e26db 100644 --- a/packages/aspm_enable/default.nix +++ b/packages/aspm_enable/default.nix @@ -1,13 +1,12 @@ -{ - lib, - bc, - pciutils, - gnugrep, - coreutils, - bash, - writeText, - stdenv, - substituteAll, +{lib +,bc +,pciutils +,gnugrep +,coreutils +,bash +,writeText +,stdenv +,substituteAll }: with lib; stdenv.mkDerivation rec { @@ -27,23 +26,13 @@ stdenv.mkDerivation rec { substituteAllInPlace $out/bin/aspm_enable; ''; - buildInputs = [ - pciutils - bc - coreutils - gnugrep - ]; + buildInputs = [ pciutils bc coreutils gnugrep ]; meta = { description = "A program to forcibly enable PCIe ASPM for compatible devices"; homepage = "https://wireless.wiki.kernel.org/en/users/Documentation/ASPM"; license = licenses.gpl3Plus; - patforms = [ - "x86_64-linux" - "i686-linux" - "aarch64-linux" - "mipsel-linux" - ]; + patforms = [ "x86_64-linux" "i686-linux" "aarch64-linux" "mipsel-linux" ]; maintainers = with maintainers; [ ]; }; } diff --git a/packages/pinentry.nix b/packages/pinentry.nix index 8898835..01d3a58 100644 --- a/packages/pinentry.nix +++ b/packages/pinentry.nix @@ -33,3 +33,4 @@ writeShellScriptBin "pinentry" '' exec ''${pinentryFlavors[$flavor]}/bin/pinentry '' + diff --git a/power.nix b/power.nix index 3cf6f79..64e23bb 100644 --- a/power.nix +++ b/power.nix @@ -1,17 +1,10 @@ -{ - config, - pkgs, - lib, - myLib, - ... -}: +{ config, pkgs, lib, myLib, ... }: with lib; let generalCfg = config.aviallon.general; cfg = config.aviallon.power; undervoltType = with types; nullOr (addCheck int (x: (x < 0 && x > -200))); -in -{ +in { options.aviallon.power = { enable = mkOption { default = true; @@ -23,10 +16,7 @@ in default = "performance"; example = "efficiency"; description = "What to optimize towards"; - type = types.enum [ - "performance" - "efficiency" - ]; + type = types.enum [ "performance" "efficiency" ]; }; powerLimit = { enable = mkEnableOption "power limiting"; @@ -111,7 +101,7 @@ in ConditionACPower = true; }; }; - + systemd.targets.battery-power = { description = "Target is active when power is drawn from a battery."; conflicts = [ "ac-power.target" ]; @@ -123,28 +113,22 @@ in services.udev.extraRules = '' ACTION!="remove", KERNEL=="AC*", SUBSYSTEM=="power_supply", ATTR{online}=="0", RUN+="${pkgs.systemd}/bin/systemctl stop ac-power.target" ACTION!="remove", KERNEL=="AC*", SUBSYSTEM=="power_supply", ATTR{online}=="1", RUN+="${pkgs.systemd}/bin/systemctl start ac-power.target" - + ACTION!="remove", KERNEL=="BAT*", SUBSYSTEM=="power_supply", ATTR{status}=="Discharging", RUN+="${pkgs.systemd}/bin/systemctl start battery-power.target" ACTION!="remove", KERNEL=="BAT*", SUBSYSTEM=="power_supply", ATTR{status}=="Charging", RUN+="${pkgs.systemd}/bin/systemctl stop battery-power.target" ACTION!="remove", DEVPATH=="*intel-rapl:*", SUBSYSTEM=="powercap", RUN+="${pkgs.coreutils}/bin/chmod g+r '/sys%p/energy_uj'" ''; - users.groups.power = { }; - + users.groups.power = {}; + systemd.services.undervolt-intel = { - script = - "" + script = "" + "${pkgs.undervolt}/bin/undervolt" - + (optionalString ( - !isNull cfg.undervolt.cpu.coreOffset - ) " --core ${toString cfg.undervolt.cpu.coreOffset}") - + (optionalString ( - !isNull cfg.undervolt.cpu.cacheOffset - ) " --cache ${toString cfg.undervolt.cpu.cacheOffset}") - + (optionalString ( - !isNull cfg.undervolt.cpu.iGPUOffset - ) " --gpu ${toString cfg.undervolt.cpu.iGPUOffset}"); + + (optionalString (! isNull cfg.undervolt.cpu.coreOffset ) " --core ${toString cfg.undervolt.cpu.coreOffset}") + + (optionalString (! isNull cfg.undervolt.cpu.cacheOffset ) " --cache ${toString cfg.undervolt.cpu.cacheOffset}") + + (optionalString (! isNull cfg.undervolt.cpu.iGPUOffset ) " --gpu ${toString cfg.undervolt.cpu.iGPUOffset}") + ; serviceConfig = { RemainAfterExit = true; }; @@ -154,15 +138,11 @@ in }; systemd.services.intel-powerlimit-ac = { - script = - "${pkgs.undervolt}/bin/undervolt" - + optionalString ( - !isNull cfg.powerLimit.ac.cpu - ) " --power-limit-long ${toString cfg.powerLimit.ac.cpu} 28" - + optionalString ( - !isNull cfg.powerLimit.ac.cpuBoost - ) " --power-limit-short ${toString cfg.powerLimit.ac.cpuBoost} 0.1" - + optionalString (!isNull cfg.temperature.ac.cpu) " --temp ${toString cfg.temperature.ac.cpu}"; + script = "${pkgs.undervolt}/bin/undervolt" + + optionalString (! isNull cfg.powerLimit.ac.cpu ) " --power-limit-long ${toString cfg.powerLimit.ac.cpu} 28" + + optionalString (! isNull cfg.powerLimit.ac.cpuBoost ) " --power-limit-short ${toString cfg.powerLimit.ac.cpuBoost} 0.1" + + optionalString (! isNull cfg.temperature.ac.cpu ) " --temp ${toString cfg.temperature.ac.cpu}" + ; unitConfig = { ConditionACPower = true; }; @@ -174,19 +154,13 @@ in partOf = [ "ac-power.target" ]; enable = (cfg.powerLimit.enable || cfg.temperature.enable) && (generalCfg.cpu.vendor == "intel"); }; - + systemd.services.intel-powerlimit-battery = { - script = - "${pkgs.undervolt}/bin/undervolt" - + optionalString ( - !isNull cfg.powerLimit.battery.cpu - ) " --power-limit-long ${toString cfg.powerLimit.battery.cpu} 28" - + optionalString ( - !isNull cfg.powerLimit.battery.cpuBoost - ) " --power-limit-short ${toString cfg.powerLimit.battery.cpuBoost} 0.1" - + optionalString ( - !isNull cfg.temperature.battery.cpu - ) " --temp ${toString cfg.temperature.battery.cpu}"; + script = "${pkgs.undervolt}/bin/undervolt" + + optionalString (! isNull cfg.powerLimit.battery.cpu ) " --power-limit-long ${toString cfg.powerLimit.battery.cpu} 28" + + optionalString (! isNull cfg.powerLimit.battery.cpuBoost ) " --power-limit-short ${toString cfg.powerLimit.battery.cpuBoost} 0.1" + + optionalString (! isNull cfg.temperature.battery.cpu ) " --temp ${toString cfg.temperature.battery.cpu}" + ; unitConfig = { ConditionACPower = false; }; @@ -198,6 +172,6 @@ in partOf = [ "battery-power.target" ]; enable = (cfg.powerLimit.enable || cfg.temperature.enable) && (generalCfg.cpu.vendor == "intel"); }; - + }; } diff --git a/programs/bash.nix b/programs/bash.nix index ed07da5..4396711 100644 --- a/programs/bash.nix +++ b/programs/bash.nix @@ -1,9 +1,4 @@ -{ - config, - pkgs, - lib, - ... -}: +{ config, pkgs, lib, ... }: with lib; { options.aviallon.programs.bash = { diff --git a/programs/firefox.nix b/programs/firefox.nix index 835c9e2..1c2f233 100644 --- a/programs/firefox.nix +++ b/programs/firefox.nix @@ -1,27 +1,17 @@ -{ - config, - pkgs, - lib, - ... -}: +{config, pkgs, lib, ...}: with lib; let - genPrefList = - { - locked ? false, - }: - prefs: + genPrefList = {locked ? false}: prefs: let prefFuncName = if locked then "lockPref" else "defaultPref"; in concatStringsSep "\n" ( - mapAttrsToList ( - key: value: ''${prefFuncName}(${builtins.toJSON key}, ${builtins.toJSON value});'' - ) prefs - ); + mapAttrsToList + (key: value: ''${prefFuncName}(${builtins.toJSON key}, ${builtins.toJSON value});'' ) + prefs + ); cfg = config.programs.firefox; -in -{ +in { config = mkIf cfg.enable { programs.firefox.wrapperConfig = { smartcardSupport = true; @@ -70,7 +60,7 @@ in Install = [ "uBlock0@raymondhill.net" "magnolia@12.34" - ]; + ]; }; ExtensionSettings = { "uBlock0@raymondhill.net" = { @@ -136,9 +126,8 @@ in #"privacy.trackingprotection.origin_telemetry.enabled" = false; - } - // { - "intl.accept_languages" = "fr-fr,en-us,en"; + } // { + "intl.accept_languages" = "fr-fr,en-us,en"; "intl.locale.requested" = "fr,en-US"; "media.eme.enabled" = true; # DRM "general.autoScroll" = true; # Middleclick scrolling diff --git a/programs/git.nix b/programs/git.nix index 631a292..45203dd 100644 --- a/programs/git.nix +++ b/programs/git.nix @@ -1,10 +1,4 @@ -{ - config, - pkgs, - lib, - myLib, - ... -}: +{config, pkgs, lib, myLib, ...}: with lib; { programs.git = { diff --git a/programs/htop.nix b/programs/htop.nix index a2b1be3..06915e2 100644 --- a/programs/htop.nix +++ b/programs/htop.nix @@ -1,17 +1,12 @@ -{ - config, - pkgs, - lib, - ... -}: +{config, pkgs, lib, ...}: { programs.htop.enable = true; programs.htop.settings = { - # fields=0 48 17 18 38 39 40 2 46 47 49 1 - # sort_key=46 - # sort_direction=-1 - # tree_sort_key=0 - # tree_sort_direction=1 +# fields=0 48 17 18 38 39 40 2 46 47 49 1 +# sort_key=46 +# sort_direction=-1 +# tree_sort_key=0 +# tree_sort_direction=1 hide_kernel_threads = true; hide_userland_threads = true; shadow_other_users = 0; @@ -43,29 +38,9 @@ delay = 10; hide_function_bar = 0; header_layout = "two_50_50"; - column_meters_0 = [ - "AllCPUs" - "Memory" - "Swap" - ]; - column_meter_modes_0 = [ - 1 - 1 - 1 - ]; - column_meters_1 = [ - "Tasks" - "LoadAverage" - "Uptime" - "DiskIO" - "NetworkIO" - ]; - column_meter_modes_1 = [ - 2 - 2 - 2 - 2 - 2 - ]; + column_meters_0 = [ "AllCPUs" "Memory" "Swap" ]; + column_meter_modes_0 = [ 1 1 1 ]; + column_meters_1 = [ "Tasks" "LoadAverage" "Uptime" "DiskIO" "NetworkIO" ]; + column_meter_modes_1 = [ 2 2 2 2 2 ]; }; } diff --git a/programs/libreoffice.nix b/programs/libreoffice.nix index d8706eb..6e11e79 100644 --- a/programs/libreoffice.nix +++ b/programs/libreoffice.nix @@ -1,26 +1,14 @@ -{ - config, - pkgs, - lib, - myLib, - ... -}: +{ config, pkgs, lib, myLib, ... }: with lib; let cfg = config.aviallon.programs.libreoffice; - + applyOverrides = overrides: pkg: pipe pkg overrides; -in -{ +in { options.aviallon.programs.libreoffice = { enable = mkEnableOption "LibreOffice"; variant = mkOption { - type = - with types; - types.enum [ - "still" - "fresh" - ]; + type = with types; types.enum [ "still" "fresh" ]; default = "fresh"; description = "Which LibreOffice variant to use"; }; @@ -47,26 +35,18 @@ in config = mkIf cfg.enable { aviallon.programs.libreoffice.package = let - overridesList = - [ ] - ++ [ - ( - pkg: - pkg.override { - variant = cfg.variant; - } - ) - ] - ++ optional cfg.opencl ( - pkg: - pkg.overrideAttrs (old: { + overridesList = [] + ++ [(pkg: pkg.override { + variant = cfg.variant; + })] + ++ optional cfg.opencl (pkg: pkg.overrideAttrs (old: { buildInputs = old.buildInputs ++ [ pkgs.ocl-icd ]; - }) - ); - in - pkgs.libreoffice.override { - unwrapped = applyOverrides overridesList cfg.package'; - }; + })) + ; + in pkgs.libreoffice.override { + unwrapped = applyOverrides overridesList cfg.package'; + }; + environment.systemPackages = [ cfg.package diff --git a/programs/nano.nix b/programs/nano.nix index 8a0ef1d..4190607 100644 --- a/programs/nano.nix +++ b/programs/nano.nix @@ -1,4 +1,4 @@ -{ config, pkgs, ... }: +{config, pkgs, ...}: { environment.systemPackages = [ pkgs.nanorc ]; programs.nano.syntaxHighlight = false; diff --git a/programs/nvtop.nix b/programs/nvtop.nix index 2c0468b..09961c8 100644 --- a/programs/nvtop.nix +++ b/programs/nvtop.nix @@ -1,32 +1,16 @@ -{ - config, - pkgs, - lib, - myLib, - ... -}: +{ config, pkgs, lib, myLib, ... }: with lib; let cfg = config.aviallon.programs.nvtop; -in -{ +in { options.aviallon.programs.nvtop = { enable = mkEnableOption "nvtop"; backend = mkOption { description = "Which backend to enable"; - type = - with types; - listOf (enum [ - "nvidia" - "amd" - "intel" - "panthor" - "panfrost" - "msm" - ]); + type = with types; listOf (enum [ "nvidia" "amd" "intel" "panthor" "panfrost" "msm" ]); default = [ "amd" ]; }; - + nvidia = mkEnableOption "Nvidia GPU with proprietary drivers is used"; package = mkOption { internal = true; @@ -41,8 +25,7 @@ in aviallon.programs.nvtop.package = mkDefault ( if (length cfg.backend > 1) then pkgs.nvtopPackages.full - else - pkgs.nvtopPackages.${elemAt cfg.backend 0} + else pkgs.nvtopPackages.${elemAt cfg.backend 0} ); environment.systemPackages = [ diff --git a/security/default.nix b/security/default.nix index 7e6dcec..0f7843b 100644 --- a/security/default.nix +++ b/security/default.nix @@ -1,4 +1,4 @@ -{ config, ... }: +{config, ...}: { imports = [ ./hardening.nix diff --git a/security/encryption.nix b/security/encryption.nix index 56ce971..e165bd9 100644 --- a/security/encryption.nix +++ b/security/encryption.nix @@ -1,14 +1,8 @@ -{ - config, - pkgs, - lib, - ... -}: +{ config, pkgs, lib, ... }: with lib; let cfg = config.aviallon.security.encryption; -in -{ +in { options.aviallon.security.encryption = { enable = mkEnableOption "encryption-related tools and programs"; cryptsetup.package = mkOption { @@ -30,7 +24,7 @@ in }; boot.initrd.systemd.enable = mkOverride 10 true; - + boot.initrd.availableKernelModules = [ "cryptd" ]; boot.initrd.kernelModules = [ "jitterentropy_rng" ]; }; diff --git a/security/hardening.nix b/security/hardening.nix index c6220e2..70eef0e 100644 --- a/security/hardening.nix +++ b/security/hardening.nix @@ -1,9 +1,4 @@ -{ - config, - pkgs, - lib, - ... -}: +{ config, pkgs, lib, ... }: with lib; let cfg = config.aviallon.hardening; @@ -37,18 +32,11 @@ in }; imports = [ - (mkRemovedOptionModule [ - "aviallon" - "hardening" - "services" - "dbus" - ] "dbus should use AppArmor hardening instead") + (mkRemovedOptionModule [ "aviallon" "hardening" "services" "dbus" ] "dbus should use AppArmor hardening instead") ]; config = mkIf cfg.enable { - aviallon.boot.kernel.package = mkIf cfg.hardcore ( - mkDefault pkgs.linuxKernel.kernels.linux_hardened - ); + aviallon.boot.kernel.package = mkIf cfg.hardcore (mkDefault pkgs.linuxKernel.kernels.linux_hardened); security.lockKernelModules = mkIf cfg.hardcore (mkQuasiForce true); # security.protectKernelImage = mkIf cfg.hardcore (mkOverride 500 false); # needed for kexec @@ -56,26 +44,27 @@ in security.sudo.execWheelOnly = true; - services.openssh.settings.PermitRootLogin = if cfg.hardcore then "no" else "prohibit-password"; + services.openssh.settings.PermitRootLogin = + if cfg.hardcore then + "no" + else "prohibit-password"; security.apparmor.enable = true; services.dbus.apparmor = "enabled"; aviallon.boot.cmdline = { - "lsm" = [ - "landlock" - ] - ++ optional cfg.hardcore "lockdown" - ++ [ "yama" ] - # Apparmor https://wiki.archlinux.org/title/AppArmor#Installation - ++ optionals config.security.apparmor.enable [ "apparmor" ] - ++ [ "bpf" ]; + "lsm" = [ "landlock" ] + ++ optional cfg.hardcore "lockdown" + ++ [ "yama" ] + # Apparmor https://wiki.archlinux.org/title/AppArmor#Installation + ++ optionals config.security.apparmor.enable [ "apparmor" ] + ++ [ "bpf" ] + ; "lockdown" = if cfg.hardcore then "confidentiality" else "integrity"; # Vsyscall page not readable (default is "emulate". "none" might break statically-linked binaries.) vsyscall = mkIf cfg.hardcore "xonly"; - } - // (ifEnable cfg.expensive { + } // (ifEnable cfg.expensive { # Slab/slub sanity checks, redzoning, and poisoning "init_on_alloc" = 1; "init_on_free" = 1; @@ -104,7 +93,7 @@ in # Is used in podman containers, for instance security.allowUserNamespaces = mkDefault true; - # boot.blacklistedKernelModules = mkForce [ ]; +# boot.blacklistedKernelModules = mkForce [ ]; # Only authorize admins to use nix in hardcore mode nix.allowedUsers = mkIf cfg.hardcore (mkQuasiForce [ "@wheel" ]); @@ -112,36 +101,34 @@ in # Can really badly affect performance in some occasions. security.audit.enable = mkDefault true; security.auditd.enable = mkQuasiForce false; - - systemd.services.systemd-journald = - let - rules = pkgs.writeText "audit.rules" (concatStringsSep "\n" config.security.audit.rules); - in - mkIf config.security.audit.enable { - serviceConfig = { - #ExecStartPre = "-${pkgs.audit}/bin/augenrules --load"; - ExecStartPre = ''-${pkgs.audit}/bin/auditctl -R ${rules} -e 1 -f 1 -r 1000 -b 64''; - Sockets = [ "systemd-journald-audit.socket" ]; - }; - aliases = [ "auditd.service" ]; - path = [ pkgs.audit ]; + + systemd.services.systemd-journald = let + rules = pkgs.writeText "audit.rules" (concatStringsSep "\n" config.security.audit.rules); + in mkIf config.security.audit.enable { + serviceConfig = { + #ExecStartPre = "-${pkgs.audit}/bin/augenrules --load"; + ExecStartPre = ''-${pkgs.audit}/bin/auditctl -R ${rules} -e 1 -f 1 -r 1000 -b 64''; + Sockets = [ "systemd-journald-audit.socket" ]; }; + aliases = [ "auditd.service" ]; + path = [ pkgs.audit ]; + }; - security.audit.rules = - [ ] + security.audit.rules = [] ++ [ - "-A exclude,always -F msgtype=SERVICE_START" - "-A exclude,always -F msgtype=SERVICE_STOP" - "-A exclude,always -F msgtype=BPF" - "-w /etc/apparmor/ -p wa -k apparmor_changes" - "-w /etc/apparmor.d/ -p wa -k apparmor_changes" - - "-a exit,always -F arch=b64 -S init_module -S finit_module -k module_insertion" - "-a exit,always -F arch=b32 -S init_module -S finit_module -k module_insertion" - "-a exit,always -F arch=b64 -C auid!=euid -F auid!=unset -F euid=0 -S execve -k privesc_execve" - "-a exit,always -F arch=b32 -C auid!=euid -F auid!=unset -F euid=0 -S execve -k privesc_execve" - ] - ++ optional cfg.expensive "-a exit,always -F arch=b64 -S execve -k execve_calls"; + "-A exclude,always -F msgtype=SERVICE_START" + "-A exclude,always -F msgtype=SERVICE_STOP" + "-A exclude,always -F msgtype=BPF" + "-w /etc/apparmor/ -p wa -k apparmor_changes" + "-w /etc/apparmor.d/ -p wa -k apparmor_changes" + + "-a exit,always -F arch=b64 -S init_module -S finit_module -k module_insertion" + "-a exit,always -F arch=b32 -S init_module -S finit_module -k module_insertion" + "-a exit,always -F arch=b64 -C auid!=euid -F auid!=unset -F euid=0 -S execve -k privesc_execve" + "-a exit,always -F arch=b32 -C auid!=euid -F auid!=unset -F euid=0 -S execve -k privesc_execve" + ] + ++ optional cfg.expensive "-a exit,always -F arch=b64 -S execve -k execve_calls" + ; environment.systemPackages = with pkgs; [ sbctl # Secure Boot keys generation diff --git a/security/tpm.nix b/security/tpm.nix index 6491d49..1b9c77c 100644 --- a/security/tpm.nix +++ b/security/tpm.nix @@ -1,18 +1,10 @@ -{ - config, - pkgs, - lib, - ... -}: +{config, pkgs, lib, ...}: with lib; let cfg = config.aviallon.security.tpm; -in -{ +in { options.aviallon.security.tpm = { - enable = (mkEnableOption "TPM") // { - default = true; - }; + enable = (mkEnableOption "TPM") // { default = true; }; tpm1_2.enable = mkEnableOption "TPM 1.2 support"; }; config = mkIf cfg.enable { @@ -20,20 +12,18 @@ in enable = true; tctiEnvironment.enable = true; pkcs11.enable = true; - }; + }; environment.systemPackages = [ pkgs.tpm2-tools - ] - ++ optional cfg.tpm1_2.enable pkgs.tpm-tools; + ] ++ optional cfg.tpm1_2.enable pkgs.tpm-tools; services.tcsd = mkIf cfg.tpm1_2.enable { enable = true; }; boot.initrd.availableKernelModules = [ - "tpm_tis" - "tpm_crb" + "tpm_tis" "tpm_crb" ]; }; } diff --git a/services/default.nix b/services/default.nix index 0b36735..6699b3f 100644 --- a/services/default.nix +++ b/services/default.nix @@ -1,4 +1,4 @@ -{ config, pkgs, ... }: +{ config, pkgs, ...}: { imports = [ ./jupyterhub.nix diff --git a/services/general.nix b/services/general.nix index 57d664a..2b39d70 100644 --- a/services/general.nix +++ b/services/general.nix @@ -1,9 +1,4 @@ -{ - config, - pkgs, - lib, - ... -}: +{ config, pkgs, lib, ... }: with lib; let cfg = config.aviallon.services; @@ -11,28 +6,23 @@ let laptopCfg = config.aviallon.laptop; generalCfg = config.aviallon.general; - journaldConfigValue = - value: - if value == true then - "true" - else if value == false then - "false" - else if isList value then - toString value - else - generators.mkValueStringDefault { } value; + journaldConfigValue = value: + if value == true then "true" + else if value == false then "false" + else if isList value then toString value + else generators.mkValueStringDefault { } value; - isNullOrEmpty = v: (v == null) || (isList v && (length v == 0)); + isNullOrEmpty = v: (v == null) || + (isList v && (length v == 0)); - journaldConfig = - settings: - (generators.toKeyValue { - mkKeyValue = generators.mkKeyValueDefault { - mkValueString = journaldConfigValue; - } "="; - } (filterAttrs (n: v: !(isNullOrEmpty v)) settings)); -in -{ + journaldConfig = settings: (generators.toKeyValue { + mkKeyValue = generators.mkKeyValueDefault { + mkValueString = journaldConfigValue; + } "="; + } (filterAttrs (n: v: !(isNullOrEmpty v)) + settings) + ); +in { options.aviallon.services = { enable = mkOption { @@ -43,15 +33,9 @@ in }; journald.extraConfig = mkOption { - default = { }; - example = { }; - type = - with types; - attrsOf (oneOf [ - bool - int - str - ]); + default = {}; + example = {}; + type = with types; attrsOf (oneOf [ bool int str ]); description = "Add extra config to journald with Nix language"; }; }; @@ -80,29 +64,28 @@ in scriptArgs = "%I"; wantedBy = [ "sshd@.service" ]; }; - + programs.ssh.setXAuthLocation = config.services.xserver.enable; programs.ssh.forwardX11 = mkDefault config.services.xserver.enable; security.pam.services.sudo.forwardXAuth = mkDefault true; # Easier to start GUI programs as root environment.systemPackages = with pkgs; [ waypipe ]; + # Better reliability and performance services.dbus.implementation = "broker"; + + + networking.firewall.allowedTCPPorts = [ 22 ]; - networking.firewall.allowedUDPPorts = [ - 22 - 5353 - ]; + networking.firewall.allowedUDPPorts = [ 22 5353 ]; services.rsyncd.enable = !desktopCfg.enable; services.fstrim.enable = true; - services.haveged.enable = ( - builtins.compareVersions config.boot.kernelPackages.kernel.version "5.6" < 0 - ); + services.haveged.enable = (builtins.compareVersions config.boot.kernelPackages.kernel.version "5.6" < 0); services.irqbalance.enable = true; @@ -120,38 +103,23 @@ in loglevel = "info"; cgroup_realtime_workaround = false; }; - services.ananicy.extraRules = concatStringsSep "\n" ( - forEach [ - { - name = "cp"; - type = "BG_CPUIO"; - } - { - name = "nix-build"; - type = "BG_CPUIO"; - } - { - name = "nix-store"; - type = "BG_CPUIO"; - } - { - name = "nix-collect-garbage"; - type = "BG_CPUIO"; - } - { - name = "nix"; - type = "BG_CPUIO"; - } - { - name = "X"; - type = "LowLatency_RT"; - } - { - name = "htop"; - type = "LowLatency_RT"; - } - ] (x: builtins.toJSON x) - ); + services.ananicy.extraRules = concatStringsSep "\n" ( forEach [ + { name = "cp"; + type = "BG_CPUIO"; } + { name = "nix-build"; + type = "BG_CPUIO"; } + { name = "nix-store"; + type = "BG_CPUIO"; } + { name = "nix-collect-garbage"; + type = "BG_CPUIO"; } + { name = "nix"; + type = "BG_CPUIO"; } + { name = "X"; + type = "LowLatency_RT"; } + { name = "htop"; + type = "LowLatency_RT"; } + ] (x: builtins.toJSON x)); + # Enusre low-latency response for this time-critical service systemd.services."hdapsd@" = { @@ -180,9 +148,9 @@ in hinfo = true; # Whether to register a mDNS HINFO record which contains information about the local operating system and CPU. }; extraConfig = mkIf config.services.resolved.enable '' - [server] - enable-dbus=warn - #disallow-other-stacks=yes + [server] + enable-dbus=warn + #disallow-other-stacks=yes ''; }; @@ -190,6 +158,7 @@ in MulticastDNS = false; }; + services.nginx = { recommendedProxySettings = true; recommendedGzipSettings = true; diff --git a/services/gnupg.nix b/services/gnupg.nix index bdddd0f..f0045d3 100644 --- a/services/gnupg.nix +++ b/services/gnupg.nix @@ -1,23 +1,17 @@ -{ - config, - pkgs, - lib, - ... -}: +{ config, pkgs, lib, ... }: with lib; let gpgNoTTY = pkgs.writeShellScriptBin "gpg-no-tty" '' exec ${pkgs.gnupg}/bin/gpg --batch --no-tty "$@" ''; - pinentrySwitcher = pkgs.callPackage ../packages/pinentry.nix { }; -in -{ + pinentrySwitcher = pkgs.callPackage ../packages/pinentry.nix {}; +in { config = { programs.gnupg = { agent.enable = true; dirmngr.enable = true; - + agent.pinentryPackage = pkgs.pinentry-all; agent.enableSSHSupport = true; agent.enableExtraSocket = true; @@ -35,6 +29,6 @@ in environment.systemPackages = [ gpgNoTTY ]; - + }; } diff --git a/services/jupyterhub.nix b/services/jupyterhub.nix index b84e7ed..a259c09 100644 --- a/services/jupyterhub.nix +++ b/services/jupyterhub.nix @@ -1,9 +1,4 @@ -{ - config, - pkgs, - lib, - ... -}: +{config, pkgs, lib, ...}: with lib; let cfg = config.aviallon.services.jupyterhub; @@ -12,15 +7,12 @@ in options.aviallon.services.jupyterhub = { enable = mkEnableOption "Jupyterhub server with Python 3 kernel"; }; - + config = mkIf cfg.enable { services.jupyterhub = { enable = true; - kernels.python3 = - let - env = ( - pkgs.python3.withPackages ( - pythonPackages: with pythonPackages; [ + kernels.python3 = let + env = (pkgs.python3.withPackages (pythonPackages: with pythonPackages; [ ipykernel pandas scikit-learn @@ -28,23 +20,20 @@ in matplotlib numpy pip - ] - ) - ); - in - { - displayName = "Python 3 for machine learning"; - argv = [ - "${env.interpreter}" - "-m" - "ipykernel_launcher" - "-f" - "{connection_file}" - ]; - language = "python"; - logo32 = "${env}/${env.sitePackages}/ipykernel/resources/logo-32x32.png"; - logo64 = "${env}/${env.sitePackages}/ipykernel/resources/logo-64x64.png"; - }; + ])); + in { + displayName = "Python 3 for machine learning"; + argv = [ + "${env.interpreter}" + "-m" + "ipykernel_launcher" + "-f" + "{connection_file}" + ]; + language = "python"; + logo32 = "${env}/${env.sitePackages}/ipykernel/resources/logo-32x32.png"; + logo64 = "${env}/${env.sitePackages}/ipykernel/resources/logo-64x64.png"; + }; }; services.nginx = { @@ -52,12 +41,7 @@ in }; services.nginx.virtualHosts = { "jupyterhub.localhost" = { - listen = [ - { - addr = "0.0.0.0"; - port = 80; - } - ]; + listen = [ { addr = "0.0.0.0"; port = 80; } ]; locations."/" = { proxyPass = "http://localhost:${toString config.services.jupyterhub.port}"; proxyWebsockets = true; diff --git a/windows/default.nix b/windows/default.nix index f1fe43d..48769c6 100644 --- a/windows/default.nix +++ b/windows/default.nix @@ -1,4 +1,4 @@ -{ ... }: +{...}: { imports = [ ./wine.nix diff --git a/windows/wine.nix b/windows/wine.nix index 09f53a0..6e05e9a 100644 --- a/windows/wine.nix +++ b/windows/wine.nix @@ -1,20 +1,14 @@ -{ - config, - pkgs, - lib, - ... -}: +{ config, pkgs, lib, ... }: with lib; let cfg = config.aviallon.windows.wine; -in -{ +in { options.aviallon.windows.wine = { enable = mkEnableOption "windows executable support on Linux"; package = mkOption { description = "Wine package to use"; type = types.package; - default = pkgs.wineWow64Packages.waylandFull; + default = pkgs.wineWowPackages.waylandFull; example = pkgs.winePackages.stable; }; };