aviallon/nixos-lib
1
0
Fork 0
mirror of https://github.com/aviallon/nixos-lib.git synced 2026-04-06 01:38:06 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Compare commits

base: aviallon:5be1c37d3cede53a5f196b726a97b3a81bbe84a8
Branches Tags
aviallon:main
aviallon:feature/attrset-merge-with-prio
..
compare: aviallon:9737dfe1c0c49b470c9e61731cdb7d985a312be9
Branches Tags
aviallon:main
aviallon:feature/attrset-merge-with-prio

No commits in common. "5be1c37d3cede53a5f196b726a97b3a81bbe84a8" and "9737dfe1c0c49b470c9e61731cdb7d985a312be9" have entirely different histories.
5be1c37d3c ... 9737dfe1c0

71 changed files with 1845 additions and 2774 deletions
Download patch file Download diff file Expand all files Collapse all files

1
.git-blame-ignore-revs
View file

@ -1 +0,0 @@
bf219a30c29cf3ce35a2d4f1a34ddf17aec32be1

216
boot.nix
View file

@ -1,11 +1,4 @@
{ { config, pkgs, lib, myLib, options, ... }:
config,
pkgs,
lib,
myLib,
options,
...
}:
with lib; with lib;
let let
customKernelPatches = { customKernelPatches = {
@ -48,81 +41,43 @@ let
patch = ./remove-kernel-drm.patch; patch = ./remove-kernel-drm.patch;
}; };
backports = { backports = {
}; };
optimizeForCPUArch = optimizeForCPUArch = arch: let
arch:
let
archConfigMap = { archConfigMap = {
"k8" = "K8"; "k8" = "K8"; "opteron" = "K8"; "athlon64" = "K8"; "athlon-fx" = "K8";
"opteron" = "K8"; "k8-sse3" = "K8SSE3"; "opteron-sse3" = "K8SSE3"; "athlon64-sse3" = "K8SSE3";
"athlon64" = "K8"; "znver1" = "ZEN"; "znver2" = "ZEN2"; "znver3" = "ZEN3"; "znver4" = "ZEN3";
"athlon-fx" = "K8"; "bdver1" = "BULLDOZER"; "bdver2" = "PILEDRIVER"; "bdver3" = "STEAMROLLER"; "bdver4" = "EXCAVATOR";
"k8-sse3" = "K8SSE3"; "barcelona" = "BARCELONA"; "amdfam10" = "BARCELONA";
"opteron-sse3" = "K8SSE3"; "btver1" = "BOBCAT"; "btver2" = "JAGUAR";
"athlon64-sse3" = "K8SSE3";
"znver1" = "ZEN";
"znver2" = "ZEN2";
"znver3" = "ZEN3";
"znver4" = "ZEN3";
"bdver1" = "BULLDOZER";
"bdver2" = "PILEDRIVER";
"bdver3" = "STEAMROLLER";
"bdver4" = "EXCAVATOR";
"barcelona" = "BARCELONA";
"amdfam10" = "BARCELONA";
"btver1" = "BOBCAT";
"btver2" = "JAGUAR";
"rocketlake" = "ROCKETLAKE"; "rocketlake" = "ROCKETLAKE"; "alderlake" = "ALDERLAKE";
"alderlake" = "ALDERLAKE"; "sapphirerapids" = "SAPPHIRERAPIDS"; "tigerlake" = "TIGERLAKE"; "cooperlake" = "COOPERLAKE";
"sapphirerapids" = "SAPPHIRERAPIDS"; "cascadelake" = "CASCADELAKE"; "icelake-server" = "ICELAKE"; "icelake-client" = "ICELAKE";
"tigerlake" = "TIGERLAKE"; "cannonlake" = "CANNONLAKE"; "skylake-avx512" = "SKYLAKEX";
"cooperlake" = "COOPERLAKE"; "tremont" = "GOLDMONTPLUS"; "goldmont-plus" = "GOLDMONTPLUS"; "goldmont" = "GOLDMONT";
"cascadelake" = "CASCADELAKE"; "silvermont" = "SILVERMONT"; "bonnel" = "GENERIC_CPU"; "skylake" = "SKYLAKE";
"icelake-server" = "ICELAKE"; "broadwell" = "BROADWELL"; "haswell" = "HASWELL";
"icelake-client" = "ICELAKE"; "ivybridge" = "IVYBRIDGE"; "sandybridge" = "SANDYBRIDGE";
"cannonlake" = "CANNONLAKE"; "westmere" = "WESTMERE"; "nehalem" = "NEHALEM";
"skylake-avx512" = "SKYLAKEX";
"tremont" = "GOLDMONTPLUS";
"goldmont-plus" = "GOLDMONTPLUS";
"goldmont" = "GOLDMONT";
"silvermont" = "SILVERMONT";
"bonnel" = "GENERIC_CPU";
"skylake" = "SKYLAKE";
"broadwell" = "BROADWELL";
"haswell" = "HASWELL";
"ivybridge" = "IVYBRIDGE";
"sandybridge" = "SANDYBRIDGE";
"westmere" = "WESTMERE";
"nehalem" = "NEHALEM";
"core2" = "CORE2"; "core2" = "CORE2";
"nocona" = "PSC"; "nocona" = "PSC"; "prescott" = "PSC"; "pentium4m" = "PSC"; "pentium4" = "PSC";
"prescott" = "PSC";
"pentium4m" = "PSC";
"pentium4" = "PSC";
"nano-3000" = "GENERIC_CPU2"; "nano-3000" = "GENERIC_CPU2"; "nano-x2" = "GENERIC_CPU2"; "nano-x4" = "GENERIC_CPU2";
"nano-x2" = "GENERIC_CPU2";
"nano-x4" = "GENERIC_CPU2";
"lujiazui" = "GENERIC_CPU2"; "lujiazui" = "GENERIC_CPU2";
"native" = "NATIVE_INTEL"; "native" = "NATIVE_INTEL"; "x86-64-v2" = "GENERIC_CPU2"; "x86-64-v3" = "GENERIC_CPU3"; "x86-64-v4" = "GENERIC_CPU4";
"x86-64-v2" = "GENERIC_CPU2";
"x86-64-v3" = "GENERIC_CPU3";
"x86-64-v4" = "GENERIC_CPU4";
}; };
archToConfig = archToConfig = arch:
arch: if (hasAttr arch archConfigMap) then archConfigMap."${arch}"
if (hasAttr arch archConfigMap) then else trace "Warning: '${arch}' not recognized, building for generic CPU" "GENERIC_CPU"
archConfigMap."${arch}" ;
else in {
trace "Warning: '${arch}' not recognized, building for generic CPU" "GENERIC_CPU";
in
{
name = "optimize-for-${arch}"; name = "optimize-for-${arch}";
patch = null; patch = null;
extraConfig = '' extraConfig = ''
@ -131,21 +86,13 @@ let
}; };
}; };
toCmdlineValue = toCmdlineValue = v: if (isBool v) then (if v then "y" else "n")
v: else if (isInt v || isString v) then (toString v)
if (isBool v) then else if (isList v) then (concatStringsSep "," v)
(if v then "y" else "n") else throw "Invalid value for kernel cmdline parameter";
else if (isInt v || isString v) then
(toString v)
else if (isList v) then
(concatStringsSep "," v)
else
throw "Invalid value for kernel cmdline parameter";
toCmdlineList = toCmdlineList = set: mapAttrsToList
set: (key: value:
mapAttrsToList (
key: value:
if (isNull value) then if (isNull value) then
null null
else if (value == "") then else if (value == "") then
@ -160,14 +107,12 @@ let
cfg = config.aviallon.boot; cfg = config.aviallon.boot;
generalCfg = config.aviallon.general; generalCfg = config.aviallon.general;
allowUnfree = allowUnfree = (types.isType types.attrs config.nixpkgs.config)
(types.isType types.attrs config.nixpkgs.config)
&& (hasAttr "allowUnfree" config.nixpkgs.config) && (hasAttr "allowUnfree" config.nixpkgs.config)
&& (getAttr "allowUnfree" config.nixpkgs.config); && (getAttr "allowUnfree" config.nixpkgs.config);
cpuConfig = config.aviallon.general.cpu; cpuConfig = config.aviallon.general.cpu;
in in {
{
options.aviallon.boot = { options.aviallon.boot = {
enable = mkOption { enable = mkOption {
@ -183,6 +128,7 @@ in
type = types.bool; type = types.bool;
}; };
x32abi.enable = mkEnableOption "X32 kernel ABI"; x32abi.enable = mkEnableOption "X32 kernel ABI";
kvdo.enable = mkEnableOption "dm-kvdo kernel module"; kvdo.enable = mkEnableOption "dm-kvdo kernel module";
rtGroupSched.enable = mkEnableOption "RT cgroups"; # Breaks standard way of setting RT sched policy to processes rtGroupSched.enable = mkEnableOption "RT cgroups"; # Breaks standard way of setting RT sched policy to processes
@ -215,18 +161,11 @@ in
cmdline = mkOption { cmdline = mkOption {
description = "Kernel params as attributes (instead of list). Set a parameter to `null` to remove it."; description = "Kernel params as attributes (instead of list). Set a parameter to `null` to remove it.";
default = { }; default = { };
example = { example = { "i915.fastboot" = true; };
"i915.fastboot" = true; type = with types; lazyAttrsOf (
}; nullOr (
type = oneOf [ bool int str (listOf str) ]
with types; )
lazyAttrsOf (
nullOr (oneOf [
bool
int
str
(listOf str)
])
); );
}; };
@ -242,18 +181,14 @@ in
description = "Merge specified attributes to kernel derivation (via special overideAttrs)"; description = "Merge specified attributes to kernel derivation (via special overideAttrs)";
default = {}; default = {};
type = with types; attrs; type = with types; attrs;
example = { example = { KCFLAGS = "-Wall"; };
KCFLAGS = "-Wall";
};
}; };
addOptimizationAttributes = mkOption { addOptimizationAttributes = mkOption {
description = "Merge specified attributes to kernel derivation IF aviallon.optimizations.enabled is true"; description = "Merge specified attributes to kernel derivation IF aviallon.optimizations.enabled is true";
default = {}; default = {};
type = with types; attrs; type = with types; attrs;
example = { example = { KCFLAGS = "-O3 -fipa-pta"; };
KCFLAGS = "-O3 -fipa-pta";
};
}; };
}; };
@ -261,23 +196,17 @@ in
}; };
imports = [ imports = [
(mkRemovedOptionModule [ ( mkRemovedOptionModule [ "aviallon" "boot" "extraKCflags" ] "Replaced by aviallon.boot.kernel.addOptimizationAttributes attrset" )
"aviallon"
"boot"
"extraKCflags"
] "Replaced by aviallon.boot.kernel.addOptimizationAttributes attrset")
( mkRemovedOptionModule [ "aviallon" "boot" "loops_per_jiffies" ] "Actually unused by the kernel" ) ( mkRemovedOptionModule [ "aviallon" "boot" "loops_per_jiffies" ] "Actually unused by the kernel" )
]; ];
config = mkMerge [ config = mkMerge [
{ {
assertions = [ assertions = [
{ { assertion = cfg.efi -> !cfg.legacy;
assertion = cfg.efi -> !cfg.legacy;
message = "exactly one of aviallon.boot.efi and aviallon.boot.legacy must be set"; message = "exactly one of aviallon.boot.efi and aviallon.boot.legacy must be set";
} }
{ { assertion = cfg.legacy -> cfg.useGrub;
assertion = cfg.legacy -> cfg.useGrub;
message = "Using GRUB is mandatory for legacy BIOS"; message = "Using GRUB is mandatory for legacy BIOS";
} }
]; ];
@ -307,18 +236,17 @@ in
else if config.boot.consoleLogLevel == 4 then else if config.boot.consoleLogLevel == 4 then
"auto" "auto"
else else
"yes"; "yes"
;
# 'quiet' is required to silence systemd-efi-stub messages # 'quiet' is required to silence systemd-efi-stub messages
"quiet" = mkIf (config.boot.consoleLogLevel <= 4) true; "quiet" = mkIf (config.boot.consoleLogLevel <= 4) true;
}; };
nixpkgs.overlays = [ nixpkgs.overlays = [(final: prev: {
(final: prev: {
# Use bleeding-edge linux firmware # Use bleeding-edge linux firmware
linux-firmware = prev.unstable.linux-firmware; linux-firmware = prev.unstable.linux-firmware;
}) })];
];
boot = { boot = {
bootspec.enableValidation = true; bootspec.enableValidation = true;
@ -330,14 +258,9 @@ in
initrd.systemd.enable = true; initrd.systemd.enable = true;
initrd.compressor = "zstd"; initrd.compressor = "zstd";
initrd.compressorArgs = [ initrd.compressorArgs = [ "-T0" "-9" ];
"-T0"
"-9"
];
kernelPackages = kernelPackages = with myLib.debug; let
with myLib.debug;
let
baseKernel = traceValWithPrefix "aviallon.boot.kernel.package" cfg.kernel.package; baseKernel = traceValWithPrefix "aviallon.boot.kernel.package" cfg.kernel.package;
# Possible CFLAGS source : (myLib.optimizations.makeOptimizationFlags {}).CFLAGS # Possible CFLAGS source : (myLib.optimizations.makeOptimizationFlags {}).CFLAGS
@ -346,15 +269,15 @@ in
"-march=${cpuConfig.arch}" "-march=${cpuConfig.arch}"
"-mtune=${cpuConfig.tune or cpuConfig.arch}" "-mtune=${cpuConfig.tune or cpuConfig.arch}"
] ]
++ optional ( ++ optional (! isNull cpuConfig.caches.lastLevel ) "--param l2-cache-size=${toString cpuConfig.caches.lastLevel}"
!isNull cpuConfig.caches.lastLevel
) "--param l2-cache-size=${toString cpuConfig.caches.lastLevel}"
++ optional (! isNull cpuConfig.caches.l1d ) "--param l1-cache-size=${toString cpuConfig.caches.l1d}" ++ optional (! isNull cpuConfig.caches.l1d ) "--param l1-cache-size=${toString cpuConfig.caches.l1d}"
); );
kRustflags = traceValWithPrefix "kRustflags" ([ kRustflags = traceValWithPrefix "kRustflags" (
[
"-Ctarget-cpu=${cpuConfig.arch}" "-Ctarget-cpu=${cpuConfig.arch}"
"-Ctune-cpu=${cpuConfig.tune or cpuConfig.arch}" "-Ctune-cpu=${cpuConfig.tune or cpuConfig.arch}"
]); ]
);
optimizedKernelAttrs = traceValWithPrefix "optimizedKernelAttrs" ( optimizedKernelAttrs = traceValWithPrefix "optimizedKernelAttrs" (
optionalAttrs config.aviallon.optimizations.enable ( optionalAttrs config.aviallon.optimizations.enable (
@ -365,9 +288,7 @@ in
KRUSTFLAGS = kRustflags; KRUSTFLAGS = kRustflags;
}; };
} }
( (traceValWithPrefix "aviallon.boot.kernel.addOptimizationAttributes" cfg.kernel.addOptimizationAttributes)
traceValWithPrefix "aviallon.boot.kernel.addOptimizationAttributes" cfg.kernel.addOptimizationAttributes
)
) )
); );
moddedKernelAttrs = traceValWithPrefix "moddedKernelAttrs" ( moddedKernelAttrs = traceValWithPrefix "moddedKernelAttrs" (
@ -384,7 +305,9 @@ in
''; '';
}) })
else else
baseKernel; baseKernel
;
moddedKernel = myLib.optimizations.addAttrs noDRMKernel moddedKernelAttrs; moddedKernel = myLib.optimizations.addAttrs noDRMKernel moddedKernelAttrs;
@ -397,18 +320,15 @@ in
# moddedKernel # moddedKernel
# ; # ;
in in mkOverride 2 (pkgs.linuxPackagesFor noDRMKernel);
mkOverride 2 (pkgs.linuxPackagesFor noDRMKernel);
kernelPatches = kernelPatches = []
[ ]
++ optional cfg.x32abi.enable customKernelPatches.enableX32ABI ++ optional cfg.x32abi.enable customKernelPatches.enableX32ABI
++ optional cfg.rtGroupSched.enable customKernelPatches.enableRTGroupSched ++ optional cfg.rtGroupSched.enable customKernelPatches.enableRTGroupSched
++ optional cfg.energyModel.enable customKernelPatches.enableEnergyModel ++ optional cfg.energyModel.enable customKernelPatches.enableEnergyModel
++ optional (isXanmod cfg.kernel.package && config.aviallon.optimizations.enable) ( ++ optional (isXanmod cfg.kernel.package && config.aviallon.optimizations.enable) (customKernelPatches.optimizeForCPUArch config.aviallon.general.cpu.arch)
customKernelPatches.optimizeForCPUArch config.aviallon.general.cpu.arch ++ optional config.aviallon.optimizations.enable customKernelPatches.zstd
) ;
++ optional config.aviallon.optimizations.enable customKernelPatches.zstd;
# Hide boot menu for systemd-boot by default # Hide boot menu for systemd-boot by default
loader.timeout = mkIf (!cfg.useGrub) 0; loader.timeout = mkIf (!cfg.useGrub) 0;
@ -425,11 +345,9 @@ in
enable = cfg.efi && (!cfg.useGrub); enable = cfg.efi && (!cfg.useGrub);
configurationLimit = cfg.configurationLimit; configurationLimit = cfg.configurationLimit;
consoleMode = mkDefault "max"; consoleMode = mkDefault "max";
extraInstallCommands = extraInstallCommands = let
let
efiDir = config.boot.loader.efi.efiSysMountPoint; efiDir = config.boot.loader.efi.efiSysMountPoint;
in in ''
''
export PATH="$PATH:${getBin pkgs.coreutils-full}/bin:${getBin pkgs.gnused}/bin" export PATH="$PATH:${getBin pkgs.coreutils-full}/bin:${getBin pkgs.gnused}/bin"
rpath= rpath=
generation= generation=

48
desktop/browser.nix
View file

@ -1,26 +1,16 @@
{ { config, pkgs, lib, myLib, options, ... }:
config,
pkgs,
lib,
myLib,
options,
...
}:
with lib; with lib;
let let
cfg = config.aviallon.desktop; cfg = config.aviallon.desktop;
generalCfg = config.aviallon.general; generalCfg = config.aviallon.general;
in in {
{
options.aviallon.desktop.browser = { options.aviallon.desktop.browser = {
firefox.overrides = mkOption { firefox.overrides = mkOption {
internal = true; internal = true;
description = "Override firefox package settings"; description = "Override firefox package settings";
type = types.attrs; type = types.attrs;
default = {}; default = {};
example = { example = { enablePlasmaIntegration = true; };
enablePlasmaIntegration = true;
};
}; };
chromium = { chromium = {
package = mkOption { package = mkOption {
@ -34,21 +24,13 @@ in
description = "Override chromium package settings"; description = "Override chromium package settings";
type = types.attrs; type = types.attrs;
default = {}; default = {};
example = { example = { commandLineArgs = [ "--enable-features=UseOzonePlatform" "--ozone-platform=wayland" ]; };
commandLineArgs = [
"--enable-features=UseOzonePlatform"
"--ozone-platform=wayland"
];
};
}; };
commandLineArgs = mkOption { commandLineArgs = mkOption {
description = "Override chromium flags"; description = "Override chromium flags";
type = with types; listOf str; type = with types; listOf str;
default = [ "--ozone-platform-hint=auto" ]; default = [ "--ozone-platform-hint=auto" ];
example = [ example = [ "--ozone-platform-hint=auto" "--ignore-gpu-blacklist" ];
"--ozone-platform-hint=auto"
"--ignore-gpu-blacklist"
];
}; };
}; };
}; };
@ -59,19 +41,16 @@ in
# firefox is added by plasma or gnome # firefox is added by plasma or gnome
]; ];
nixpkgs.overlays = [
(final: prev: { nixpkgs.overlays = [(final: prev: {
myFirefox = (final.callPackage ../packages/firefox.nix cfg.browser.firefox.overrides); myFirefox = (final.callPackage ../packages/firefox.nix cfg.browser.firefox.overrides);
}) })];
];
aviallon.desktop.browser.chromium.overrides.enableWideVine = true; aviallon.desktop.browser.chromium.overrides.enableWideVine = true;
aviallon.programs.allowUnfreeList = [ aviallon.programs.allowUnfreeList = [
"chromium-unwrapped" "chromium-unwrapped" "chrome-widevine-cdm"
"chrome-widevine-cdm" "ungoogled-chromium" "chromium" # because of widevine
"ungoogled-chromium"
"chromium" # because of widevine
]; ];
environment.variables = { environment.variables = {
@ -79,9 +58,7 @@ in
}; };
aviallon.desktop.browser.chromium.overrides.commandLineArgs = cfg.browser.chromium.commandLineArgs; aviallon.desktop.browser.chromium.overrides.commandLineArgs = cfg.browser.chromium.commandLineArgs;
aviallon.desktop.browser.chromium.commandLineArgs = mkIf generalCfg.unsafeOptimizations ( aviallon.desktop.browser.chromium.commandLineArgs = mkIf generalCfg.unsafeOptimizations (options.aviallon.desktop.browser.chromium.commandLineArgs.default ++ [
options.aviallon.desktop.browser.chromium.commandLineArgs.default
++ [
"--flag-switches-begin" "--flag-switches-begin"
"--ignore-gpu-blacklist" "--ignore-gpu-blacklist"
"--enable-gpu-rasterization" "--enable-gpu-rasterization"
@ -92,8 +69,7 @@ in
"--enable-features=VaapiVideoDecoder,VaapiVideoEncoder,WebRTCPipeWireCapturer" "--enable-features=VaapiVideoDecoder,VaapiVideoEncoder,WebRTCPipeWireCapturer"
"--disable-features=UseChromeOSDirectVideoDecoder" "--disable-features=UseChromeOSDirectVideoDecoder"
"--flag-switches-end" "--flag-switches-end"
] ]);
);
programs.chromium = { programs.chromium = {
enable = true; enable = true;

26
desktop/console.nix
View file

@ -1,25 +1,23 @@
{ { config, pkgs, lib, ... }:
config,
pkgs,
lib,
...
}:
with lib; with lib;
let let
xcfg = config.services.xserver; xcfg = config.services.xserver;
generalCfg = config.aviallon.general; generalCfg = config.aviallon.general;
in in {
{
config = { config = {
services.kmscon = { services.kmscon = {
hwRender = mkDefault xcfg.enable; hwRender = mkDefault xcfg.enable;
extraConfig = extraConfig = ""
"" + optionalString ( ! isNull xcfg.layout )
+ optionalString (!isNull xcfg.layout) "xkb-layout=${xcfg.layout}" "xkb-layout=${xcfg.layout}"
+ optionalString (!isNull xcfg.xkbVariant) "xkb-variant=${xcfg.xkbVariant}" + optionalString ( ! isNull xcfg.xkbVariant )
+ optionalString (!isNull xcfg.xkbOptions) "xkb-options=${xcfg.xkbOptions}" "xkb-variant=${xcfg.xkbVariant}"
+ "font-dpi=${toString (xcfg.dpi or 96)}"; + optionalString ( ! isNull xcfg.xkbOptions )
"xkb-options=${xcfg.xkbOptions}"
+ "font-dpi=${toString (xcfg.dpi or 96)}"
;
enable = mkDefault (! generalCfg.minimal ); enable = mkDefault (! generalCfg.minimal );
}; };
}; };
} }

7
desktop/default.nix
View file

@ -1,9 +1,4 @@
{ { config, pkgs, lib, ... }:
config,
pkgs,
lib,
...
}:
with lib; with lib;
{ {
imports = [ imports = [

57
desktop/developer.nix
View file

@ -1,20 +1,12 @@
{ { config, pkgs, lib, ... }:
config,
pkgs,
lib,
...
}:
with lib; with lib;
let let
cfg = config.aviallon.developer; cfg = config.aviallon.developer;
generalCfg = config.aviallon.general; generalCfg = config.aviallon.general;
in in {
{
options.aviallon.developer = { options.aviallon.developer = {
enable = mkEnableOption "enable developer mode on this machine"; enable = mkEnableOption "enable developer mode on this machine";
virtualization.host.enable = (mkEnableOption "hypervisor virtualization services") // { virtualization.host.enable = (mkEnableOption "hypervisor virtualization services") // { default = true; };
default = true;
};
virtualbox.unstable = mkEnableOption "use unstable virtualbox"; virtualbox.unstable = mkEnableOption "use unstable virtualbox";
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
@ -74,9 +66,7 @@ in
gnumake gnumake
cmake cmake
linux-manual linux-manual man-pages man-pages-posix
man-pages
man-pages-posix
linuxHeaders linuxHeaders
@ -109,6 +99,7 @@ in
}; };
}; };
virtualisation.spiceUSBRedirection.enable = true; # Quality of life virtualisation.spiceUSBRedirection.enable = true; # Quality of life
security.virtualisation.flushL1DataCache = "never"; # We do not care, we are on a dev platform security.virtualisation.flushL1DataCache = "never"; # We do not care, we are on a dev platform
@ -118,25 +109,19 @@ in
host.enableHardening = false; # Causes kernel build failures host.enableHardening = false; # Causes kernel build failures
}; };
nixpkgs.overlays = nixpkgs.overlays = []
[ ] ++ optional cfg.virtualbox.unstable (final: prev: {
++ optional cfg.virtualbox.unstable (
final: prev: {
virtualbox = final.unstable.virtualbox; virtualbox = final.unstable.virtualbox;
virtualboxExtpack = final.unstable.virtualboxExtpack; virtualboxExtpack = final.unstable.virtualboxExtpack;
} })
); ;
console.enable = true; console.enable = true;
boot.initrd.systemd.emergencyAccess = mkIf ( boot.initrd.systemd.emergencyAccess = mkIf (config.users.users.root.hashedPassword != null) config.users.users.root.hashedPassword;
config.users.users.root.hashedPassword != null
) config.users.users.root.hashedPassword;
environment.extraOutputsToInstall = [ environment.extraOutputsToInstall = [
"doc" "doc" "info" "dev"
"info"
"dev"
]; ];
services.ollama = { services.ollama = {
@ -145,14 +130,12 @@ in
group = "ollama"; group = "ollama";
user = "ollama"; user = "ollama";
package = package =
if config.aviallon.hardware.amd.enable then if config.aviallon.hardware.amd.enable
pkgs.unstable.ollama-rocm then pkgs.unstable.ollama-rocm
else if else if (config.aviallon.hardware.nvidia.enable && config.aviallon.hardware.nvidia.variant != "nouveau")
(config.aviallon.hardware.nvidia.enable && config.aviallon.hardware.nvidia.variant != "nouveau") then pkgs.unstable.ollama-cuda
then else pkgs.unstable.ollama
pkgs.unstable.ollama-cuda ;
else
pkgs.unstable.ollama;
}; };
aviallon.services.journald.extraConfig = { aviallon.services.journald.extraConfig = {
@ -162,10 +145,8 @@ in
aviallon.boot.configurationLimit = mkDefault 10; aviallon.boot.configurationLimit = mkDefault 10;
aviallon.programs.allowUnfreeList = [ aviallon.programs.allowUnfreeList = [
"tabnine" "tabnine" "clion"
"clion" "Oracle_VM_VirtualBox_Extension_Pack" "virtualbox"
"Oracle_VM_VirtualBox_Extension_Pack"
"virtualbox"
"intelephense" "intelephense"
]; ];
}; };

25
desktop/flatpak.nix
View file

@ -1,14 +1,8 @@
{ { config, pkgs, lib, ...}:
config,
pkgs,
lib,
...
}:
with lib; with lib;
let let
cfg = config.aviallon.desktop; cfg = config.aviallon.desktop;
in in {
{
config = mkIf cfg.enable { config = mkIf cfg.enable {
services.flatpak.enable = mkDefault true; services.flatpak.enable = mkDefault true;
systemd.services.flatpak-add-flathub = { systemd.services.flatpak-add-flathub = {
@ -38,19 +32,14 @@ in
}; };
fileSystems = fileSystems =
let let mkRoSymBind = path: {
mkRoSymBind = path: {
device = path; device = path;
fsType = "none"; fsType = "none";
options = [ options = [ "rbind" "ro" "x-gvfs-hide" ];
"rbind"
"ro"
"x-gvfs-hide"
];
}; };
in in {
{
"/usr/share/icons" = mkRoSymBind "/run/current-system/sw/share/icons"; "/usr/share/icons" = mkRoSymBind "/run/current-system/sw/share/icons";
}; };
}; }
;
} }

42
desktop/games.nix
View file

@ -1,19 +1,11 @@
{ { config, pkgs, lib, myLib, suyu, ... }:
config,
pkgs,
lib,
myLib,
suyu,
...
}:
with lib; with lib;
let let
cfg = config.aviallon.desktop; cfg = config.aviallon.desktop;
generalCfg = config.aviallon.general; generalCfg = config.aviallon.general;
optimizePkg = config.aviallon.optimizations.optimizePkg; optimizePkg = config.aviallon.optimizations.optimizePkg;
mkTmpDir = dirpath: cleanup: "D ${dirpath} 777 root root ${cleanup}"; mkTmpDir = dirpath: cleanup: "D ${dirpath} 777 root root ${cleanup}";
in in {
{
options = { options = {
aviallon.desktop.gaming = { aviallon.desktop.gaming = {
@ -35,37 +27,24 @@ in
config = mkIf cfg.gaming.enable { config = mkIf cfg.gaming.enable {
assertions = [ assertions = [
{ { assertion = cfg.gaming.enable -> cfg.enable; message = "Gaming features requires desktop to be enabled"; }
assertion = cfg.gaming.enable -> cfg.enable; { assertion = cfg.gaming.enable -> !generalCfg.minimal; message = "Gaming features are incompatible with minimal mode"; }
message = "Gaming features requires desktop to be enabled";
}
{
assertion = cfg.gaming.enable -> !generalCfg.minimal;
message = "Gaming features are incompatible with minimal mode";
}
]; ];
environment.systemPackages = environment.systemPackages = let
let
my_yuzu = cfg.gaming.yuzu.package.overrideAttrs (old: { my_yuzu = cfg.gaming.yuzu.package.overrideAttrs (old: {
cmakeFlags = old.cmakeFlags ++ [ cmakeFlags = old.cmakeFlags ++ [
#"-DYUZU_USE_PRECOMPILED_HEADERS=OFF" #"-DYUZU_USE_PRECOMPILED_HEADERS=OFF"
#"-DDYNARMIC_USE_PRECOMPILED_HEADERS=OFF" #"-DDYNARMIC_USE_PRECOMPILED_HEADERS=OFF"
]; ];
}); });
in in with pkgs; [
with pkgs;
[
gamescope gamescope
mangohud mangohud
lutris lutris
bottles bottles
] ] ++ optionals cfg.gaming.emulation [
++ optionals cfg.gaming.emulation [ (optimizePkg { recursive = 0; lto = false; } my_yuzu)
(optimizePkg {
recursive = 0;
lto = false;
} my_yuzu)
(optimizePkg { } cfg.gaming.ryujinx.package) (optimizePkg { } cfg.gaming.ryujinx.package)
]; ];
@ -125,10 +104,7 @@ in
}; };
aviallon.programs.allowUnfreeList = [ aviallon.programs.allowUnfreeList = [
"steam" "steam" "steam-original" "steam-runtime" "steam-run"
"steam-original"
"steam-runtime"
"steam-run"
]; ];
}; };

39
desktop/general.nix
View file

@ -1,16 +1,9 @@
{ { config, pkgs, lib, myLib, ... }:
config,
pkgs,
lib,
myLib,
...
}:
with lib; with lib;
let let
cfg = config.aviallon.desktop; cfg = config.aviallon.desktop;
generalCfg = config.aviallon.general; generalCfg = config.aviallon.general;
in in {
{
options.aviallon.desktop = { options.aviallon.desktop = {
enable = mkOption { enable = mkOption {
default = true; default = true;
@ -21,13 +14,7 @@ in
environment = mkOption { environment = mkOption {
default = "plasma"; default = "plasma";
example = "gnome"; example = "gnome";
type = type = with types; enum [ "plasma" "plasma6" "gnome" ];
with types;
enum [
"plasma"
"plasma6"
"gnome"
];
description = "What Desktop Environment to use"; description = "What Desktop Environment to use";
}; };
layout = mkOption { layout = mkOption {
@ -64,13 +51,7 @@ in
}; };
imports = [ imports = [
(mkRemovedOptionModule [ (mkRemovedOptionModule [ "aviallon" "desktop" "graphics" "shaderCache" "path" ] "Now always relative to $XDG_CACHE_HOME" )
"aviallon"
"desktop"
"graphics"
"shaderCache"
"path"
] "Now always relative to $XDG_CACHE_HOME")
]; ];
config = mkIf cfg.enable (mkMerge [ config = mkIf cfg.enable (mkMerge [
@ -90,6 +71,7 @@ in
services.xserver.xkb.layout = cfg.layout; services.xserver.xkb.layout = cfg.layout;
services.xserver.xkb.options = "eurosign:e"; services.xserver.xkb.options = "eurosign:e";
aviallon.boot.cmdline = { aviallon.boot.cmdline = {
splash = mkIf (!generalCfg.debug) ""; splash = mkIf (!generalCfg.debug) "";
"udev.log_level" = mkIf (!generalCfg.debug) 3; "udev.log_level" = mkIf (!generalCfg.debug) 3;
@ -122,7 +104,9 @@ in
p7zip p7zip
]; ];
security.sudo.extraConfig = ''
security.sudo.extraConfig =
''
# Keep X and Wayland related variables for better GUI integration # Keep X and Wayland related variables for better GUI integration
Defaults:root,%wheel env_keep+=DISPLAY Defaults:root,%wheel env_keep+=DISPLAY
Defaults:root,%wheel env_keep+=XAUTHORITY Defaults:root,%wheel env_keep+=XAUTHORITY
@ -130,7 +114,8 @@ in
Defaults:root,%wheel env_keep+=WAYLAND_DISPLAY Defaults:root,%wheel env_keep+=WAYLAND_DISPLAY
Defaults:root,%wheel env_keep+=WAYLAND_SOCKET Defaults:root,%wheel env_keep+=WAYLAND_SOCKET
Defaults:root,%wheel env_keep+=XDG_RUNTIME_DIR Defaults:root,%wheel env_keep+=XDG_RUNTIME_DIR
''; ''
;
} }
(mkIf (!generalCfg.minimal) { (mkIf (!generalCfg.minimal) {
@ -189,12 +174,12 @@ in
}; };
aviallon.programs.allowUnfreeList = [ aviallon.programs.allowUnfreeList = [
"spotify" "spotify" "spotify-unwrapped"
"spotify-unwrapped"
"veracrypt" "veracrypt"
]; ];
aviallon.programs.libreoffice.enable = true; aviallon.programs.libreoffice.enable = true;
services.packagekit.enable = mkDefault true; services.packagekit.enable = mkDefault true;

17
desktop/gnome.nix
View file

@ -1,14 +1,8 @@
{ {config, pkgs, lib, ...}:
config,
pkgs,
lib,
...
}:
with lib; with lib;
let let
cfg = config.aviallon.desktop; cfg = config.aviallon.desktop;
in in {
{
config = mkIf (cfg.enable && (cfg.environment == "gnome")) { config = mkIf (cfg.enable && (cfg.environment == "gnome")) {
services.xserver.desktopManager.gnome = { services.xserver.desktopManager.gnome = {
enable = true; enable = true;
@ -49,9 +43,7 @@ in
aviallon.programs.libreoffice.enable = true; aviallon.programs.libreoffice.enable = true;
environment.systemPackages = environment.systemPackages = with pkgs; [ guake ]
with pkgs;
[ guake ]
++ (with gnome; [ ++ (with gnome; [
gnome-software gnome-software
]) ])
@ -61,7 +53,8 @@ in
dash-to-dock-toggle dash-to-dock-toggle
dash-to-dock-animator dash-to-dock-animator
tray-icons-reloaded tray-icons-reloaded
]); ])
;
systemd.packages = with pkgs; [ systemd.packages = with pkgs; [
gnomeExtensions.gamemode gnomeExtensions.gamemode
gnomeExtensions.dash-to-dock gnomeExtensions.dash-to-dock

67
desktop/multimedia.nix
View file

@ -1,9 +1,4 @@
{ { config, lib, pkgs, ... }:
config,
lib,
pkgs,
...
}:
with lib; with lib;
let let
cfg = config.aviallon.desktop; cfg = config.aviallon.desktop;
@ -17,26 +12,21 @@ let
# Multimedia Packages # Multimedia Packages
ffmpeg-full-unfree = ffmpeg-full-unfree = let
let
withUnfree = pkgs.unstable.ffmpeg-full.override { withUnfree = pkgs.unstable.ffmpeg-full.override {
withUnfree = true; withUnfree = true;
withTensorflow = false; withTensorflow = false;
}; };
in in withUnfree;
withUnfree;
in in {
{
config = mkIf (cfg.enable && !generalCfg.minimal) { config = mkIf (cfg.enable && !generalCfg.minimal) {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
ffmpeg-full-unfree ffmpeg-full-unfree
krita krita
(pkgs.wrapOBS { (pkgs.wrapOBS { plugins = with obs-studio-plugins; [
plugins = with obs-studio-plugins; [
obs-pipewire-audio-capture obs-pipewire-audio-capture
]; ]; })
})
#scribus #scribus
yt-dlp yt-dlp
@ -46,11 +36,10 @@ in
#jamesdsp # Audio post-processing #jamesdsp # Audio post-processing
]; ];
nixpkgs.overlays = [ nixpkgs.overlays = [(final: prev: {
(final: prev: {
inherit ffmpeg-full-unfree; inherit ffmpeg-full-unfree;
}) })];
];
# Enable sound. # Enable sound.
services.pulseaudio.enable = false; services.pulseaudio.enable = false;
@ -87,10 +76,7 @@ in
"node.description" = "Sortie combinée"; "node.description" = "Sortie combinée";
"combine.latency-compensate" = true; "combine.latency-compensate" = true;
"combine.props" = { "combine.props" = {
"audio.position" = [ "audio.position" = [ "FL" "FR" ];
"FL"
"FR"
];
}; };
"stream.props" = {}; "stream.props" = {};
"stream.rules" = [ "stream.rules" = [
@ -119,27 +105,21 @@ in
"bluez5.enable-sbc-xq" = true; # Should be default now "bluez5.enable-sbc-xq" = true; # Should be default now
"bluez5.enable-msbc" = true; # Default "bluez5.enable-msbc" = true; # Default
"bluez5.enable-hw-volume" = true; # Default "bluez5.enable-hw-volume" = true; # Default
"bluez5.headset-roles" = [ "bluez5.headset-roles" = [ "hsp_hs" "hsp_ag" "hfp_hf" "hfp_ag" ];
"hsp_hs"
"hsp_ag"
"hfp_hf"
"hfp_ag"
];
}; };
}; };
security.rtkit.enable = true; # Real-time support for pipewire security.rtkit.enable = true; # Real-time support for pipewire
aviallon.programs.allowUnfreeList = [ aviallon.programs.allowUnfreeList = [
"ffmpeg-full" # Because of unfree codecs "ffmpeg-full" # Because of unfree codecs
]; ];
# Hardware-agnostic audio denoising # Hardware-agnostic audio denoising
systemd.user.services = systemd.user.services = let
let mkPipewireModule = {conf, description}: {
mkPipewireModule =
{ conf, description }:
{
unitConfig = { unitConfig = {
Slice = "session.slice"; Slice = "session.slice";
}; };
@ -158,21 +138,16 @@ in
wantedBy = [ "pipewire.service" ]; wantedBy = [ "pipewire.service" ];
inherit description; inherit description;
}; };
in in {
{
pipewire-noise-filter = mkIf cfg.audio.noise-filter.enable ( pipewire-noise-filter = mkIf cfg.audio.noise-filter.enable (
(mkPipewireModule { (mkPipewireModule { conf = filterConfig; description = "Pipewire Noise Filter"; }) //
conf = filterConfig; {
description = "Pipewire Noise Filter";
})
// {
enable = cfg.audio.noise-filter.strength > 0.0; enable = cfg.audio.noise-filter.strength > 0.0;
} }
); );
pipewire-airplay-sink = mkIf cfg.audio.airplay.enable (mkPipewireModule { pipewire-airplay-sink = mkIf cfg.audio.airplay.enable (
conf = airplayConfig; mkPipewireModule { conf = airplayConfig; description = "Pipewire Airplay Sink"; }
description = "Pipewire Airplay Sink"; );
});
}; };
}; };

5
desktop/pipewire/pipewire-airplay.conf.nix
View file

@ -1,6 +1,5 @@
{ { lib
lib, , writeText
writeText,
}: }:
writeText "pipewire-airplay.conf" '' writeText "pipewire-airplay.conf" ''

9
desktop/pipewire/pipewire-noise-filter.conf.nix
View file

@ -1,8 +1,7 @@
{ { lib
lib, , writeText
writeText, , rnnoise-plugin
rnnoise-plugin, , noiseFilterStrength
noiseFilterStrength,
}: }:
writeText "pipewire-noise-filter.conf" '' writeText "pipewire-noise-filter.conf" ''

11
desktop/plasma/default.nix
View file

@ -1,16 +1,9 @@
{ {config, pkgs, nixpkgs-unstable, lib, ...}:
config,
pkgs,
nixpkgs-unstable,
lib,
...
}:
with lib; with lib;
let let
cfg = config.aviallon.desktop; cfg = config.aviallon.desktop;
optimizeCfg = config.aviallon.optimizations; optimizeCfg = config.aviallon.optimizations;
in in {
{
imports = [ imports = [
./plasma6.nix ./plasma6.nix

10
desktop/plasma/plasma6.nix
View file

@ -1,17 +1,11 @@
{ { config, pkgs, lib, ... }:
config,
pkgs,
lib,
...
}:
with lib; with lib;
let let
cfg = config.aviallon.desktop; cfg = config.aviallon.desktop;
generic = import ./generic.nix { generic = import ./generic.nix {
kdePackages = pkgs.kdePackages; kdePackages = pkgs.kdePackages;
}; };
in in {
{
config = mkIf (cfg.enable && (cfg.environment == "plasma6")) { config = mkIf (cfg.enable && (cfg.environment == "plasma6")) {
# Enable the Plasma 6 Desktop Environment. # Enable the Plasma 6 Desktop Environment.
services.desktopManager.plasma6 = { services.desktopManager.plasma6 = {

21
desktop/printing.nix
View file

@ -1,24 +1,16 @@
{ { config, pkgs, lib, ... }:
config,
pkgs,
lib,
...
}:
with lib; with lib;
let let
cfg = config.aviallon.desktop; cfg = config.aviallon.desktop;
generalCfg = config.aviallon.general; generalCfg = config.aviallon.general;
in in {
{
config = mkIf (cfg.enable && !generalCfg.minimal) { config = mkIf (cfg.enable && !generalCfg.minimal) {
services.printing = { services.printing = {
enable = true; enable = true;
defaultShared = mkDefault true; defaultShared = mkDefault true;
browsing = mkDefault true; browsing = mkDefault true;
listenAddresses = [ "0.0.0.0:631" ]; listenAddresses = [ "0.0.0.0:631" ];
drivers = drivers = with pkgs; []
with pkgs;
[ ]
++ (optionals (!generalCfg.minimal) [ ++ (optionals (!generalCfg.minimal) [
hplipWithPlugin hplipWithPlugin
gutenprint gutenprint
@ -54,13 +46,10 @@ in
brscan4.enable = true; brscan4.enable = true;
}; };
networking.firewall.allowedTCPPorts = optionals config.services.printing.enable [ networking.firewall.allowedTCPPorts = optionals config.services.printing.enable [ 631 139 445 ];
631
139
445
];
networking.firewall.allowedUDPPorts = optionals config.services.printing.enable [ 137 ]; networking.firewall.allowedUDPPorts = optionals config.services.printing.enable [ 137 ];
aviallon.programs.allowUnfreeList = [ aviallon.programs.allowUnfreeList = [
"hplip" "hplip"
"hplipWithPlugin" "hplipWithPlugin"

10
desktop/sddm.nix
View file

@ -1,15 +1,9 @@
{ { config, pkgs, lib, ... }:
config,
pkgs,
lib,
...
}:
with lib; with lib;
let let
cfg = config.aviallon.desktop; cfg = config.aviallon.desktop;
sddmCfg = config.services.displayManager.sddm; sddmCfg = config.services.displayManager.sddm;
in in {
{
options.aviallon.desktop.sddm.unstable = mkEnableOption "bleeding-edge SDDM"; options.aviallon.desktop.sddm.unstable = mkEnableOption "bleeding-edge SDDM";
options.aviallon.desktop.sddm.enable = mkEnableOption "custom SDDM configuration"; options.aviallon.desktop.sddm.enable = mkEnableOption "custom SDDM configuration";

58
filesystems.nix
View file

@ -1,20 +1,9 @@
{ { config, pkgs, lib, ... }:
config,
pkgs,
lib,
...
}:
with lib; with lib;
let let
cfg = config.aviallon.filesystems; cfg = config.aviallon.filesystems;
ioSchedType = types.enum [ ioSchedType = types.enum [ "bfq" "kyber" "mq-deadline" "none" null ];
"bfq"
"kyber"
"mq-deadline"
"none"
null
];
in in
{ {
imports = [ imports = [
@ -70,39 +59,22 @@ in
boot.vdo.enable = config.aviallon.boot.kvdo.enable; boot.vdo.enable = config.aviallon.boot.kvdo.enable;
}; };
boot.initrd.kernelModules = ifEnable cfg.lvm [ boot.initrd.kernelModules = ifEnable cfg.lvm [
"dm-cache" "dm-cache" "dm-cache-smq" "dm-cache-mq" "dm-cache-cleaner"
"dm-cache-smq"
"dm-cache-mq"
"dm-cache-cleaner"
]; ];
boot.kernelModules = boot.kernelModules = []
[ ] ++ optionals cfg.lvm [ "dm-cache" "dm-cache-smq" "dm-persistent-data" "dm-bio-prison" "dm-clone" "dm-crypt" "dm-writecache" "dm-mirror" "dm-snapshot" ]
++ optionals cfg.lvm [ ++ optionals config.aviallon.boot.kvdo.enable [ "kvdo" ]
"dm-cache" ;
"dm-cache-smq"
"dm-persistent-data"
"dm-bio-prison"
"dm-clone"
"dm-crypt"
"dm-writecache"
"dm-mirror"
"dm-snapshot"
]
++ optionals config.aviallon.boot.kvdo.enable [ "kvdo" ];
boot.supportedFilesystems = [ boot.supportedFilesystems = [ "ntfs" "ext4" "vfat" "exfat" ];
"ntfs"
"ext4"
"vfat"
"exfat"
];
hardware.block.defaultSchedulerRotational = mkDefault cfg.hddScheduler; hardware.block.defaultSchedulerRotational = mkDefault cfg.hddScheduler;
aviallon.filesystems.udevRules = mkBefore (concatLists [ aviallon.filesystems.udevRules = mkBefore (concatLists [
(optional (!(builtins.isNull cfg.hddScheduler)) (optional (!(builtins.isNull cfg.hddScheduler))
''ACTION!="remove", SUBSYSTEM=="block", KERNEL=="sd[a-z]", ATTR{queue/rotational}=="1", ATTR{queue/scheduler}="${cfg.hddScheduler}"'' ''ACTION!="remove", SUBSYSTEM=="block", KERNEL=="sd[a-z]", ATTR{queue/rotational}=="1", ATTR{queue/scheduler}="${cfg.hddScheduler}"''
) )
(optional (!(builtins.isNull cfg.slowFlashScheduler)) '' (optional (!(builtins.isNull cfg.slowFlashScheduler))
''
SUBSYSTEM!="block", GOTO="aviallon_slowflash_end" SUBSYSTEM!="block", GOTO="aviallon_slowflash_end"
KERNEL!="sd[a-z]|nvme[0-9]*n[0-9]|mmcblk[0-9]", GOTO="aviallon_slowflash_end" KERNEL!="sd[a-z]|nvme[0-9]*n[0-9]|mmcblk[0-9]", GOTO="aviallon_slowflash_end"
ATTR{queue/rotational}=="1", GOTO="aviallon_slowflash_end" ATTR{queue/rotational}=="1", GOTO="aviallon_slowflash_end"
@ -125,11 +97,14 @@ in
# END: NCQ disabled # END: NCQ disabled
LABEL="aviallon_slowflash_end" LABEL="aviallon_slowflash_end"
'') ''
)
(optional (!(builtins.isNull cfg.nvmeScheduler)) (optional (!(builtins.isNull cfg.nvmeScheduler))
''ACTION!="remove", SUBSYSTEM=="block", KERNEL=="nvme[0-9]*n[0-9]", ATTR{queue/scheduler}="${cfg.nvmeScheduler}"'' ''ACTION!="remove", SUBSYSTEM=="block", KERNEL=="nvme[0-9]*n[0-9]", ATTR{queue/scheduler}="${cfg.nvmeScheduler}"''
) )
(optional cfg.queuePriority ''ACTION!="remove", SUBSYSTEM=="block", KERNEL=="sd[a-z]", ATTR{device/ncq_prio_supported}=="1", ATTR{device/ncq_prio_enable}="1"'') (optional cfg.queuePriority
''ACTION!="remove", SUBSYSTEM=="block", KERNEL=="sd[a-z]", ATTR{device/ncq_prio_supported}=="1", ATTR{device/ncq_prio_enable}="1"''
)
]); ]);
boot.initrd.services.udev.rules = concatStringsSep "\n" cfg.udevRules; boot.initrd.services.udev.rules = concatStringsSep "\n" cfg.udevRules;
@ -143,7 +118,8 @@ in
let let
hasSwap = length config.swapDevices > 0; hasSwap = length config.swapDevices > 0;
in in
if hasSwap then "150%" else "75%"; if hasSwap then "150%" else "75%"
;
services.smartd = { services.smartd = {
enable = mkDefault true; enable = mkDefault true;

11
filesystems/btrfs.nix
View file

@ -1,10 +1,4 @@
{ { config, pkgs, lib, myLib, ... }:
config,
pkgs,
lib,
myLib,
...
}:
with lib; with lib;
let let
cfg = config.aviallon.filesystems.btrfs; cfg = config.aviallon.filesystems.btrfs;
@ -12,8 +6,7 @@ let
btrfsPaths = [ "/" ]; btrfsPaths = [ "/" ];
# btrfsPaths = filterAttrs (n: v: v.fsType == "btrfs") fsCfg; # btrfsPaths = filterAttrs (n: v: v.fsType == "btrfs") fsCfg;
generalCfg = config.aviallon.general; generalCfg = config.aviallon.general;
in in {
{
options.aviallon.filesystems.btrfs = { options.aviallon.filesystems.btrfs = {
enable = mkEnableOption "BTRFS support"; enable = mkEnableOption "BTRFS support";
autoScrub = { autoScrub = {

10
filesystems/zfs.nix
View file

@ -1,14 +1,8 @@
{ {config, lib, pkgs, ...}:
config,
lib,
pkgs,
...
}:
with lib; with lib;
let let
cfg = config.aviallon.filesystems.zfs; cfg = config.aviallon.filesystems.zfs;
in in {
{
options.aviallon.filesystems.zfs = { options.aviallon.filesystems.zfs = {
enable = mkEnableOption "ZFS support"; enable = mkEnableOption "ZFS support";
}; };

45
flake.nix
View file

@ -19,34 +19,31 @@
}; };
outputs = outputs =
inputs@{ inputs@{ self
self, , nixpkgs
nixpkgs, , nur
nur, , nixpkgs-unstable
nixpkgs-unstable, , fps
fps, , suyu
suyu, , ...
... }: let
}:
let
lib = nixpkgs.lib; lib = nixpkgs.lib;
myLib = import ./lib { myLib = import ./lib {
inherit lib; inherit lib;
}; };
mkPkgs = mkPkgs = pkgs: { system ? system
pkgs: , config
{ , overlays ? [ ]
system ? system, , ...
config, }: import pkgs { inherit system config overlays; };
overlays ? [ ], in {
...
}:
import pkgs { inherit system config overlays; };
in
{
inherit self inputs myLib; inherit self inputs myLib;
overlays.default = final: prev: self.overlay final (nur.overlay final prev); overlays.default = final: prev:
self.overlay
final
(nur.overlay final prev)
;
overlay = (final: prev: {}); overlay = (final: prev: {});
@ -57,8 +54,6 @@
nixpkgsConfig = self.nixosModules.aviallon.aviallon.programs.config; nixpkgsConfig = self.nixosModules.aviallon.aviallon.programs.config;
specialArgs = inputs // { specialArgs = inputs // { inherit myLib; };
inherit myLib;
};
}; };
} }

26
general.nix
View file

@ -1,10 +1,4 @@
{ { config, pkgs, lib, myLib, ... }:
config,
pkgs,
lib,
myLib,
...
}:
with lib; with lib;
let let
cfg = config.aviallon.general; cfg = config.aviallon.general;
@ -14,12 +8,7 @@ let
in in
{ {
imports = [ imports = [
(mkRemovedOptionModule [ (mkRemovedOptionModule [ "aviallon" "general" "flakes" "enable" ] "Flakes are now enabled by default")
"aviallon"
"general"
"flakes"
"enable"
] "Flakes are now enabled by default")
(mkRenamedOptionModule [ "aviallon" "general" "cpuVendor" ] [ "aviallon" "general" "cpu" "vendor" ]) (mkRenamedOptionModule [ "aviallon" "general" "cpuVendor" ] [ "aviallon" "general" "cpu" "vendor" ])
(mkRenamedOptionModule [ "aviallon" "general" "cpuArch" ] [ "aviallon" "general" "cpu" "arch" ]) (mkRenamedOptionModule [ "aviallon" "general" "cpuArch" ] [ "aviallon" "general" "cpu" "arch" ])
(mkRenamedOptionModule [ "aviallon" "general" "cpuTune" ] [ "aviallon" "general" "cpu" "tune" ]) (mkRenamedOptionModule [ "aviallon" "general" "cpuTune" ] [ "aviallon" "general" "cpu" "tune" ])
@ -52,7 +41,12 @@ in
}; };
arch = mkOption { arch = mkOption {
default = if cfg.cpu.x86.level >= 2 then "x86-64-v${toString cfg.cpu.x86.level}" else "x86-64"; default =
if cfg.cpu.x86.level >= 2 then
"x86-64-v${toString cfg.cpu.x86.level}"
else
"x86-64"
;
example = "x86-64-v2"; example = "x86-64-v2";
description = "Set CPU arch used in overlays, ..."; description = "Set CPU arch used in overlays, ...";
type = types.str; type = types.str;
@ -119,9 +113,7 @@ in
font = "Lat2-Terminus16"; font = "Lat2-Terminus16";
}; };
boot.initrd.systemd.contents = boot.initrd.systemd.contents = mkIf (config.boot.initrd.systemd.enable && !config.console.earlySetup) {
mkIf (config.boot.initrd.systemd.enable && !config.console.earlySetup)
{
"/etc/kbd/consolefonts".source = "${pkgs.kbd}/share/consolefonts"; "/etc/kbd/consolefonts".source = "${pkgs.kbd}/share/consolefonts";
}; };

14
hardware/amd/amdgpu.nix
View file

@ -1,16 +1,10 @@
{ { config, pkgs, lib, ... }:
config,
pkgs,
lib,
...
}:
with lib; with lib;
let let
cfg = config.aviallon.hardware.amd; cfg = config.aviallon.hardware.amd;
devCfg = config.aviallon.developer; devCfg = config.aviallon.developer;
generalCfg = config.aviallon.general; generalCfg = config.aviallon.general;
in in {
{
config = mkIf (cfg.enable && cfg.kernelDriver == "amdgpu") { config = mkIf (cfg.enable && cfg.kernelDriver == "amdgpu") {
boot.initrd.kernelModules = [ "amdgpu" ]; boot.initrd.kernelModules = [ "amdgpu" ];
@ -28,7 +22,9 @@ in
SUBSYSTEM=="pci", DRIVER=="amdgpu", ATTR{power_dpm_force_performance_level}="auto" SUBSYSTEM=="pci", DRIVER=="amdgpu", ATTR{power_dpm_force_performance_level}="auto"
''; '';
services.xserver.videoDrivers = optional cfg.useProprietary "amdgpu-pro" ++ [ "modesetting" ]; services.xserver.videoDrivers =
optional cfg.useProprietary "amdgpu-pro"
++ [ "modesetting" ];
hardware.amdgpu.opencl.enable = true; hardware.amdgpu.opencl.enable = true;

38
hardware/amd/cpu.nix
View file

@ -1,25 +1,16 @@
{ {config, pkgs, lib, ...}:
config,
pkgs,
lib,
...
}:
with lib; with lib;
let let
generalCfg = config.aviallon.general; generalCfg = config.aviallon.general;
enableZenpower = enableZenpower = (! isNull (builtins.match "znver[1-3]" generalCfg.cpu.arch)) && (versionOlder kernelVersion "6.13");
(!isNull (builtins.match "znver[1-3]" generalCfg.cpu.arch)) && (versionOlder kernelVersion "6.13");
kernelVersion = getVersion config.boot.kernelPackages.kernel; kernelVersion = getVersion config.boot.kernelPackages.kernel;
in in {
{
config = mkIf (generalCfg.cpu.vendor == "amd") { config = mkIf (generalCfg.cpu.vendor == "amd") {
boot.kernel.sysctl = { boot.kernel.sysctl = {
# Why: https://www.phoronix.com/news/Ryzen-Segv-Response # Why: https://www.phoronix.com/news/Ryzen-Segv-Response
# Workaround: https://forums.gentoo.org/viewtopic-p-2605135.html#2605135 # Workaround: https://forums.gentoo.org/viewtopic-p-2605135.html#2605135
"kernel.randomize_va_space" = mkIf (generalCfg.cpu.arch == "znver1") ( "kernel.randomize_va_space" = mkIf (generalCfg.cpu.arch == "znver1" ) (warn "Disable Adress Space Layout Randomization on Ryzen 1 CPU" 0);
warn "Disable Adress Space Layout Randomization on Ryzen 1 CPU" 0
);
}; };
aviallon.boot.cmdline = { aviallon.boot.cmdline = {
@ -29,23 +20,26 @@ in
else if versionAtLeast kernelVersion "6.3" then else if versionAtLeast kernelVersion "6.3" then
"active" "active"
else else
"passive"; "passive"
} ;
// optionalAttrs (generalCfg.cpu.arch == "znver2") { } // optionalAttrs (generalCfg.cpu.arch == "znver2") {
# Required for Zen 2 # Required for Zen 2
"amd_pstate.shared_memory" = 1; "amd_pstate.shared_memory" = 1;
}; };
aviallon.boot.patches = mkIf config.aviallon.optimizations.enable {}; aviallon.boot.patches = mkIf config.aviallon.optimizations.enable {};
boot.extraModulePackages = boot.extraModulePackages = with config.boot.kernelPackages; []
with config.boot.kernelPackages; ++ optional enableZenpower (info "enable zenpower for Ryzen [1-3] CPU" zenpower)
[ ] ++ optional enableZenpower (info "enable zenpower for Ryzen [1-3] CPU" zenpower); ;
boot.kernelModules = [ ] ++ optional enableZenpower "zenpower"; boot.kernelModules = []
++ optional enableZenpower "zenpower"
;
boot.blacklistedKernelModules = boot.blacklistedKernelModules = []
[ ] ++ optional enableZenpower "k10-temp" # Superseded by zenpower ++ optional enableZenpower "k10-temp" # Superseded by zenpower
; ;
}; };
} }

17
hardware/amd/default.nix
View file

@ -1,15 +1,9 @@
{ { config, pkgs, lib, ... }:
config,
pkgs,
lib,
...
}:
with lib; with lib;
let let
cfg = config.aviallon.hardware.amd; cfg = config.aviallon.hardware.amd;
generalCfg = config.aviallon.general; generalCfg = config.aviallon.general;
in in {
{
options.aviallon.hardware.amd = { options.aviallon.hardware.amd = {
enable = mkEnableOption "AMD gpus"; enable = mkEnableOption "AMD gpus";
useProprietary = mkEnableOption "Use proprietary AMDGPU Pro"; useProprietary = mkEnableOption "Use proprietary AMDGPU Pro";
@ -20,12 +14,7 @@ in
}; };
kernelDriver = mkOption { kernelDriver = mkOption {
description = "wether to use radeon or amdgpu kernel driver"; description = "wether to use radeon or amdgpu kernel driver";
type = type = with types; enum [ "radeon" "amdgpu" ];
with types;
enum [
"radeon"
"amdgpu"
];
default = "amdgpu"; default = "amdgpu";
}; };
}; };

10
hardware/amd/radeon.nix
View file

@ -1,16 +1,10 @@
{ { config, pkgs, lib, ... }:
config,
pkgs,
lib,
...
}:
with lib; with lib;
let let
cfg = config.aviallon.hardware.amd; cfg = config.aviallon.hardware.amd;
devCfg = config.aviallon.developer; devCfg = config.aviallon.developer;
generalCfg = config.aviallon.general; generalCfg = config.aviallon.general;
in in {
{
config = mkIf (cfg.enable && cfg.kernelDriver == "radeon") { config = mkIf (cfg.enable && cfg.kernelDriver == "radeon") {
boot.initrd.kernelModules = [ "radeon" ]; boot.initrd.kernelModules = [ "radeon" ];

63
hardware/amd/rocm.nix
View file

@ -1,9 +1,4 @@
{ { config, pkgs, lib, ... }:
config,
pkgs,
lib,
...
}:
with lib; with lib;
let let
cfg = config.aviallon.hardware.amd; cfg = config.aviallon.hardware.amd;
@ -27,8 +22,7 @@ let
gxf1036 = "10.3.0"; gxf1036 = "10.3.0";
}; };
/* /*autoDetectGPU = pkgs: pkgs.callPackage (
autoDetectGPU = pkgs: pkgs.callPackage (
{ runCommandLocal, { runCommandLocal,
gnugrep, gnugrep,
rocmPackages, rocmPackages,
@ -40,18 +34,13 @@ let
rocminfo &>/dev/stderr rocminfo &>/dev/stderr
rocminfo | grep --only-matching --perl-regexp '^\s*Name:\s+\Kgfx[0-9a-f]+' | tee $out/output rocminfo | grep --only-matching --perl-regexp '^\s*Name:\s+\Kgfx[0-9a-f]+' | tee $out/output
'' ''
) { }; ) { };*/
*/
gfxToCompatible = gfxToCompatible = gfxISA: if (hasAttr gfxISA gfxToCompatibleMap) then (getAttr gfxISA gfxToCompatibleMap) else "";
gfxISA: if (hasAttr gfxISA gfxToCompatibleMap) then (getAttr gfxISA gfxToCompatibleMap) else ""; in {
in
{
options.aviallon.hardware.amd.rocm = { options.aviallon.hardware.amd.rocm = {
enable = (mkEnableOption "ROCm configuration") // { enable = (mkEnableOption "ROCm configuration") // { default = true; };
default = true;
};
gfxISA = mkOption { gfxISA = mkOption {
description = "What is the GFX ISA of your system. Leave blank if you have several GPUs of incompatible ISAs"; description = "What is the GFX ISA of your system. Leave blank if you have several GPUs of incompatible ISAs";
default = ""; default = "";
@ -60,13 +49,11 @@ in
}; };
gpuTargets = mkOption { gpuTargets = mkOption {
description = "Override supported GPU ISAs in some ROCm packages."; description = "Override supported GPU ISAs in some ROCm packages.";
default = [ default = [ "803"
"803"
"900" "900"
"906:xnack-" "906:xnack-"
"908:xnack-" "908:xnack-"
"90a:xnack+" "90a:xnack+" "90a:xnack-"
"90a:xnack-"
"940" "940"
"941" "941"
"942" "942"
@ -76,29 +63,24 @@ in
"1031" "1031"
"1100" "1100"
"1101" "1101"
"1102" "1102" ];
]; example = [ "900" "1031" ];
example = [
"900"
"1031"
];
type = with types; nullOr (listOf str); type = with types; nullOr (listOf str);
}; };
}; };
config = mkIf (cfg.enable && localCfg.enable) { config = mkIf (cfg.enable && localCfg.enable) {
environment.systemPackages = environment.systemPackages = with pkgs;
with pkgs;
[ [
rocmPackages.rocm-smi rocmPackages.rocm-smi
#rocmPackages.meta.rocm-ml-libraries #rocmPackages.meta.rocm-ml-libraries
#rocmPackages.meta.rocm-hip-runtime #rocmPackages.meta.rocm-hip-runtime
#pkgs.autoDetectGPU #pkgs.autoDetectGPU
] ] ++ optionals devCfg.enable [
++ optionals devCfg.enable [
rocmPackages.rocminfo rocmPackages.rocminfo
]; ]
;
#systemd.tmpfiles.rules = [ #systemd.tmpfiles.rules = [
# "L+ /opt/rocm/hip - - - - ${pkgs.rocmPackages.meta.rocm-hip-runtime}" # "L+ /opt/rocm/hip - - - - ${pkgs.rocmPackages.meta.rocm-hip-runtime}"
@ -107,8 +89,7 @@ in
environment.variables = { environment.variables = {
ROC_ENABLE_PRE_VEGA = "1"; # Enable OpenCL with Polaris GPUs ROC_ENABLE_PRE_VEGA = "1"; # Enable OpenCL with Polaris GPUs
} } // (mkIf (gfxToCompatible cfg.rocm.gfxISA != "") {
// (mkIf (gfxToCompatible cfg.rocm.gfxISA != "") {
HSA_OVERRIDE_GFX_VERSION = gfxToCompatible cfg.rocm.gfxISA; HSA_OVERRIDE_GFX_VERSION = gfxToCompatible cfg.rocm.gfxISA;
}); });
@ -120,19 +101,14 @@ in
]; ];
nix.settings.substituters = [ "https://nixos-rocm.cachix.org" ]; nix.settings.substituters = [ "https://nixos-rocm.cachix.org" ];
nix.settings.trusted-public-keys = [ nix.settings.trusted-public-keys = [ "nixos-rocm.cachix.org-1:VEpsf7pRIijjd8csKjFNBGzkBqOmw8H9PRmgAq14LnE=" ];
"nixos-rocm.cachix.org-1:VEpsf7pRIijjd8csKjFNBGzkBqOmw8H9PRmgAq14LnE="
];
nixpkgs.config.rocmSupport = true; nixpkgs.config.rocmSupport = true;
nixpkgs.overlays = mkIf (!isNull localCfg.gpuTargets) (mkBefore [ nixpkgs.overlays = mkIf (! isNull localCfg.gpuTargets) (mkBefore [(final: prev: {
(final: prev: {
#rocmPackages_5 = final.rocmPackages; #rocmPackages_5 = final.rocmPackages;
rocmPackages = prev.rocmPackages // { rocmPackages = prev.rocmPackages // {
clr = prev.rocmPackages.clr.override { clr = prev.rocmPackages.clr.override { localGpuTargets = lib.forEach localCfg.gpuTargets (target: "gfx${target}"); };
localGpuTargets = lib.forEach localCfg.gpuTargets (target: "gfx${target}");
};
rocdbgapi = prev.rocmPackages.rocdbgapi.override { buildDocs = false; }; rocdbgapi = prev.rocmPackages.rocdbgapi.override { buildDocs = false; };
# (oldAttrs: { # (oldAttrs: {
# passthru = oldAttrs.passthru // { # passthru = oldAttrs.passthru // {
@ -146,7 +122,6 @@ in
# gpuTargets = lib.forEach localCfg.gpuTargets (target: "gfx${target}"); # gpuTargets = lib.forEach localCfg.gpuTargets (target: "gfx${target}");
#}; #};
}; };
}) })]);
]);
}; };
} }

7
hardware/default.nix
View file

@ -1,9 +1,4 @@
{ { config, pkgs, lib, ... }:
config,
pkgs,
lib,
...
}:
with lib; with lib;
let let
cfg = config.aviallon.hardware; cfg = config.aviallon.hardware;

10
hardware/intel/cpu.nix
View file

@ -1,15 +1,9 @@
{ {config, pkgs, lib, ...}:
config,
pkgs,
lib,
...
}:
with lib; with lib;
let let
generalCfg = config.aviallon.general; generalCfg = config.aviallon.general;
throttledService = "throttled"; throttledService = "throttled";
in in {
{
config = mkIf (generalCfg.cpu.vendor == "intel") { config = mkIf (generalCfg.cpu.vendor == "intel") {
aviallon.boot.cmdline = { aviallon.boot.cmdline = {
"intel_pstate" = "passive"; "intel_pstate" = "passive";

14
hardware/intel/default.nix
View file

@ -1,9 +1,4 @@
{ { config, pkgs, lib, ... }:
config,
pkgs,
lib,
...
}:
with lib; with lib;
let let
cfg = config.aviallon.hardware.intel; cfg = config.aviallon.hardware.intel;
@ -30,9 +25,7 @@ in
boot.initrd.kernelModules = [ "i915" ]; boot.initrd.kernelModules = [ "i915" ];
hardware.graphics = { hardware.graphics = {
enable = true; enable = true;
extraPackages = extraPackages = with pkgs; []
with pkgs;
[ ]
++ [ ++ [
vaapiVdpau vaapiVdpau
libvdpau-va-gl libvdpau-va-gl
@ -45,8 +38,7 @@ in
; ;
}; };
aviallon.boot.cmdline = aviallon.boot.cmdline = {}
{ }
// optionalAttrs generalCfg.unsafeOptimizations { // optionalAttrs generalCfg.unsafeOptimizations {
"i915.mitigations" = "off"; "i915.mitigations" = "off";
"i915.enable_fbc" = 1; "i915.enable_fbc" = 1;

31
hardware/mesa.nix
View file

@ -1,10 +1,4 @@
{ { config, pkgs, lib, options, ... }:
config,
pkgs,
lib,
options,
...
}:
with lib; with lib;
let let
cfg = config.aviallon.hardware.mesa; cfg = config.aviallon.hardware.mesa;
@ -13,18 +7,13 @@ let
optimizationsCfg = config.aviallon.optimizations; optimizationsCfg = config.aviallon.optimizations;
optimizePkg = optimizationsCfg.optimizePkg; optimizePkg = optimizationsCfg.optimizePkg;
packageWithDefaults = types.package // { packageWithDefaults = types.package // {
merge = merge = loc: defs:
loc: defs: let res = mergeDefaultOption loc defs;
let in if builtins.isPath res || (builtins.isString res && ! builtins.hasContext res)
res = mergeDefaultOption loc defs; then toDerivation res
in else res;
if builtins.isPath res || (builtins.isString res && !builtins.hasContext res) then
toDerivation res
else
res;
}; };
in in {
{
options.aviallon.hardware.mesa = { options.aviallon.hardware.mesa = {
enable = mkOption { enable = mkOption {
default = false; default = false;
@ -76,8 +65,10 @@ in
aviallon.hardware.mesa.package32 = mkIf cfg.unstable pkgs.unstable.driversi686Linux.mesa; aviallon.hardware.mesa.package32 = mkIf cfg.unstable pkgs.unstable.driversi686Linux.mesa;
aviallon.hardware.mesa.internal = mkIf cfg.optimized { aviallon.hardware.mesa.internal = mkIf cfg.optimized {
package = mkDefault (optimizePkg { lto = false; } cfg.package); package = mkDefault (
package32 = mkDefault (optimizePkg { lto = false; } cfg.package32); optimizePkg { lto = false; } cfg.package);
package32 = mkDefault (
optimizePkg { lto = false; } cfg.package32);
}; };
hardware.graphics = { hardware.graphics = {

23
hardware/nvidia/default.nix
View file

@ -1,22 +1,13 @@
{ {config, pkgs, lib, ...}:
config,
pkgs,
lib,
...
}:
with lib; with lib;
let let
cfg = config.aviallon.hardware.nvidia; cfg = config.aviallon.hardware.nvidia;
in in {
{
imports = [ imports = [
./proprietary.nix ./proprietary.nix
./opensource.nix ./opensource.nix
(mkRenamedOptionModule ( mkRenamedOptionModule [ "aviallon" "hardware" "nvidia" "saveAllVram" ] [ "aviallon" "hardware" "nvidia" "proprietary" "saveAllVram" ] )
[ "aviallon" "hardware" "nvidia" "saveAllVram" ]
[ "aviallon" "hardware" "nvidia" "proprietary" "saveAllVram" ]
)
]; ];
options.aviallon.hardware.nvidia = { options.aviallon.hardware.nvidia = {
@ -25,13 +16,7 @@ in
default = (cfg.variant == "proprietary"); default = (cfg.variant == "proprietary");
}; };
variant = mkOption { variant = mkOption {
type = type = with types; enum [ "proprietary" "open" "nouveau" ];
with types;
enum [
"proprietary"
"open"
"nouveau"
];
description = "What driver variant to use"; description = "What driver variant to use";
default = "proprietary"; default = "proprietary";
example = "nouveau"; example = "nouveau";

35
hardware/nvidia/opensource.nix
View file

@ -1,29 +1,13 @@
{ { config, pkgs, lib, ... }:
config,
pkgs,
lib,
...
}:
with lib; with lib;
let let
cfg = config.aviallon.hardware.nvidia; cfg = config.aviallon.hardware.nvidia;
in in {
{
options.aviallon.hardware.nvidia.nouveau = { options.aviallon.hardware.nvidia.nouveau = {
config = mkOption { config = mkOption {
description = "nouveau boot config"; description = "nouveau boot config";
type = type = with types; attrsOf (nullOr (oneOf [ int str bool ]));
with types; example = { NvBoost = 1; };
attrsOf (
nullOr (oneOf [
int
str
bool
])
);
example = {
NvBoost = 1;
};
default = {}; default = {};
}; };
}; };
@ -35,14 +19,15 @@ in
"nouveau.pstate" = 1; "nouveau.pstate" = 1;
"nouveau.runpm" = 1; "nouveau.runpm" = 1;
"nouveau.modeset" = 1; "nouveau.modeset" = 1;
"nouveau.config" = "nouveau.config" = let
let toValue = v:
toValue = v: if isBool v then toString (if v then 1 else 0) else toString v; if isBool v
then toString (if v then 1 else 0)
else toString v;
filteredConfig = filterAttrs (n: v: ! isNull v) cfg.nouveau.config; filteredConfig = filterAttrs (n: v: ! isNull v) cfg.nouveau.config;
configList = mapAttrsToList (n: v: "${n}=${toValue v}") filteredConfig; configList = mapAttrsToList (n: v: "${n}=${toValue v}") filteredConfig;
configString = concatStringsSep "," configList; configString = concatStringsSep "," configList;
in in trace "Nouveau config: ${configString}" configString;
trace "Nouveau config: ${configString}" configString;
}; };
aviallon.hardware.mesa.enable = mkDefault true; aviallon.hardware.mesa.enable = mkDefault true;

66
hardware/nvidia/proprietary.nix
View file

@ -1,11 +1,4 @@
{ { config, pkgs, lib, options, nixpkgs-unstable, ... }:
config,
pkgs,
lib,
options,
nixpkgs-unstable,
...
}:
with lib; with lib;
let let
cfg = config.aviallon.hardware.nvidia; cfg = config.aviallon.hardware.nvidia;
@ -16,14 +9,9 @@ let
exec ${options.programs.xwayland.package.default}/bin/xwayland -eglstream "$@" exec ${options.programs.xwayland.package.default}/bin/xwayland -eglstream "$@"
''; '';
nvidiaUnstable = config.boot.kernelPackages.callPackage ( nvidiaUnstable = config.boot.kernelPackages.callPackage (nixpkgs-unstable + /pkgs/os-specific/linux/nvidia-x11/default.nix) {};
nixpkgs-unstable + /pkgs/os-specific/linux/nvidia-x11/default.nix cudaUnstable = pkgs: cudaVersion: pkgs.callPackages (nixpkgs-unstable + /pkgs/top-level/cuda-packages.nix) { inherit cudaVersion; };
) { }; in {
cudaUnstable =
pkgs: cudaVersion:
pkgs.callPackages (nixpkgs-unstable + /pkgs/top-level/cuda-packages.nix) { inherit cudaVersion; };
in
{
options = { options = {
aviallon.hardware.nvidia.proprietary = { aviallon.hardware.nvidia.proprietary = {
gsync = mkEnableOption "Screen is GSYNC monitor"; gsync = mkEnableOption "Screen is GSYNC monitor";
@ -51,12 +39,7 @@ in
saveAllVram = mkEnableOption "back up all VRAM in /var/tmp before going to sleep. May reduce artifacts after resuming"; saveAllVram = mkEnableOption "back up all VRAM in /var/tmp before going to sleep. May reduce artifacts after resuming";
version = mkOption { version = mkOption {
description = "What Nvidia version variant to use"; description = "What Nvidia version variant to use";
type = types.enum [ type = types.enum [ "production" "stable" "beta" "unstable_beta" ];
"production"
"stable"
"beta"
"unstable_beta"
];
default = if generalCfg.unsafeOptimizations then "beta" else "stable"; default = if generalCfg.unsafeOptimizations then "beta" else "stable";
example = "unstable_beta"; example = "unstable_beta";
}; };
@ -66,12 +49,7 @@ in
# Very useful resource. # Very useful resource.
# https://forums.developer.nvidia.com/t/power-mizer-difference-between-powermizerdefault-and-powermizerlevel/46884/3 # https://forums.developer.nvidia.com/t/power-mizer-difference-between-powermizerdefault-and-powermizerlevel/46884/3
example = [ "PerfLevelSrc=0x2222" ]; example = [ "PerfLevelSrc=0x2222" ];
default = [ default = [ "PowerMizerEnable=0x1" "OverrideMaxPerf=0x1" "PowerMizerDefault=0x3" "PowerMizerDefaultAC=0x3" ];
"PowerMizerEnable=0x1"
"OverrideMaxPerf=0x1"
"PowerMizerDefault=0x3"
"PowerMizerDefaultAC=0x3"
];
type = with types; listOf str; type = with types; listOf str;
}; };
}; };
@ -99,9 +77,7 @@ in
services.xserver.exportConfiguration = true; services.xserver.exportConfiguration = true;
services.xserver.displayManager.sddm.wayland.enable = mkIf ( services.xserver.displayManager.sddm.wayland.enable = mkIf (!config.aviallon.hardware.intel.enable) (mkDefault false); # Frequent issues with Nvidia GPUs
!config.aviallon.hardware.intel.enable
) (mkDefault false); # Frequent issues with Nvidia GPUs
# Fix hybrid sleep with Nvidia GPU # Fix hybrid sleep with Nvidia GPU
systemd.services.nvidia-suspend = { systemd.services.nvidia-suspend = {
@ -109,9 +85,7 @@ in
before = [ "systemd-hybrid-sleep.service" ]; before = [ "systemd-hybrid-sleep.service" ];
}; };
hardware.nvidia = { hardware.nvidia = {
powerManagement = powerManagement = mkIf (config.hardware.nvidia.prime.offload.enable || cfg.proprietary.saveAllVram) {
mkIf (config.hardware.nvidia.prime.offload.enable || cfg.proprietary.saveAllVram)
{
enable = true; enable = true;
finegrained = mkIf config.hardware.nvidia.prime.offload.enable true; finegrained = mkIf config.hardware.nvidia.prime.offload.enable true;
}; };
@ -121,7 +95,8 @@ in
if cfg.proprietary.version == "unstable_beta" then if cfg.proprietary.version == "unstable_beta" then
nvidiaUnstable.beta # Use bleeding edge version nvidiaUnstable.beta # Use bleeding edge version
else else
config.boot.kernelPackages.nvidiaPackages.${cfg.proprietary.version}; config.boot.kernelPackages.nvidiaPackages.${cfg.proprietary.version}
;
}; };
aviallon.hardware.nvidia.proprietary.EGLStream = mkDefault ( aviallon.hardware.nvidia.proprietary.EGLStream = mkDefault (
@ -133,8 +108,7 @@ in
boot.extraModprobeConfig = '' boot.extraModprobeConfig = ''
options nvidia NVreg_RegistryDwords="${concatStringsSep ";" cfg.proprietary.registryDwords}" options nvidia NVreg_RegistryDwords="${concatStringsSep ";" cfg.proprietary.registryDwords}"
''; '';
aviallon.boot.cmdline = aviallon.boot.cmdline = {}
{ }
// { // {
"nvidia-drm.modeset" = 1; "nvidia-drm.modeset" = 1;
"nvidia-drm.fbdev" = 1; "nvidia-drm.fbdev" = 1;
@ -146,7 +120,8 @@ in
"nvidia.NVreg_DynamicPowerManagement" = "0x02"; "nvidia.NVreg_DynamicPowerManagement" = "0x02";
"nvidia.NVreg_EnableS0ixPowerManagement" = 1; "nvidia.NVreg_EnableS0ixPowerManagement" = 1;
"nvidia.NVreg_TemporaryFilePath" = "/var/tmp"; "nvidia.NVreg_TemporaryFilePath" = "/var/tmp";
}; }
;
programs.xwayland.package = mkIf cfg.proprietary.EGLStream xwaylandEGLStream; programs.xwayland.package = mkIf cfg.proprietary.EGLStream xwaylandEGLStream;
aviallon.programs.allowUnfreeList = [ aviallon.programs.allowUnfreeList = [
@ -189,6 +164,7 @@ in
# "__GL_THREADED_OPTIMIZATIONS" = toValue generalCfg.unsafeOptimizations; # "__GL_THREADED_OPTIMIZATIONS" = toValue generalCfg.unsafeOptimizations;
"KWIN_DRM_USE_EGL_STREAMS" = toValue cfg.proprietary.EGLStream; # Make KWin use EGL Streams if needed, because otherwise performance will be horrible. "KWIN_DRM_USE_EGL_STREAMS" = toValue cfg.proprietary.EGLStream; # Make KWin use EGL Streams if needed, because otherwise performance will be horrible.
# Undocumented, fix for EGL not being found by Nvidia driver: https://github.com/NVIDIA/egl-wayland/issues/39#issuecomment-927288015 # Undocumented, fix for EGL not being found by Nvidia driver: https://github.com/NVIDIA/egl-wayland/issues/39#issuecomment-927288015
__EGL_EXTERNAL_PLATFORM_CONFIG_DIRS = "/run/opengl-driver/share/egl/egl_external_platform.d"; __EGL_EXTERNAL_PLATFORM_CONFIG_DIRS = "/run/opengl-driver/share/egl/egl_external_platform.d";
@ -200,19 +176,15 @@ in
}; };
nix.settings.substituters = [ "https://cuda-maintainers.cachix.org" ]; nix.settings.substituters = [ "https://cuda-maintainers.cachix.org" ];
nix.settings.trusted-public-keys = [ nix.settings.trusted-public-keys = [ "cuda-maintainers.cachix.org-1:0dq3bujKpuEPMCX6U4WylrUDZ9JyUG0VpVZa7CNfq5E=" ];
"cuda-maintainers.cachix.org-1:0dq3bujKpuEPMCX6U4WylrUDZ9JyUG0VpVZa7CNfq5E="
];
nixpkgs.overlays = nixpkgs.overlays = []
[ ] ++ optional (cfg.proprietary.version == "unstable_beta") (final: prev: {
++ optional (cfg.proprietary.version == "unstable_beta") (
final: prev: {
cudaPackages_11 = final.unstable.cudaPackages_11; cudaPackages_11 = final.unstable.cudaPackages_11;
cudaPackages_12 = final.unstable.cudaPackages_12; cudaPackages_12 = final.unstable.cudaPackages_12;
cudaPackages = final.unstable.cudaPackages; cudaPackages = final.unstable.cudaPackages;
} })
); ;
}; };
} }

29
laptop.nix
View file

@ -1,14 +1,8 @@
{ { config, pkgs, lib, ... }:
config,
pkgs,
lib,
...
}:
with lib; with lib;
let let
cfg = config.aviallon.laptop; cfg = config.aviallon.laptop;
in in {
{
options.aviallon.laptop = { options.aviallon.laptop = {
enable = mkOption { enable = mkOption {
default = false; default = false;
@ -20,11 +14,7 @@ in
default = "tlp"; default = "tlp";
example = "power-profiles-daemon"; example = "power-profiles-daemon";
description = "Change service used to manage power consumption on laptop"; description = "Change service used to manage power consumption on laptop";
type = types.enum [ type = types.enum [ "tlp" "power-profiles-daemon" false ];
"tlp"
"power-profiles-daemon"
false
];
}; };
tweaks = { tweaks = {
pcieAspmForce = mkEnableOption "hardcore tweaks to power consumption. Warning: Might be dangerous to use."; pcieAspmForce = mkEnableOption "hardcore tweaks to power consumption. Warning: Might be dangerous to use.";
@ -65,11 +55,10 @@ in
}; };
}; };
systemd.services.aspm-force-enable =
let systemd.services.aspm-force-enable = let
aspm_enable = pkgs.callPackage ./packages/aspm_enable { }; aspm_enable = pkgs.callPackage ./packages/aspm_enable { };
in in {
{
serviceConfig = { serviceConfig = {
ExecStart = [ ExecStart = [
"${aspm_enable}/bin/aspm_enable" "${aspm_enable}/bin/aspm_enable"
@ -85,8 +74,7 @@ in
services.power-profiles-daemon.enable = (cfg.power-manager == "power-profiles-daemon"); services.power-profiles-daemon.enable = (cfg.power-manager == "power-profiles-daemon");
powerManagement.powertop.enable = mkDefault true; powerManagement.powertop.enable = mkDefault true;
systemd.services.powertop = mkIf config.powerManagement.powertop.enable { systemd.services.powertop = mkIf config.powerManagement.powertop.enable {
serviceConfig.ExecStart = serviceConfig.ExecStart = let
let
script = pkgs.writeShellScriptBin "powertop-auto-tune" '' script = pkgs.writeShellScriptBin "powertop-auto-tune" ''
${pkgs.powertop}/bin/powertop --auto-tune ${pkgs.powertop}/bin/powertop --auto-tune
@ -97,8 +85,7 @@ in
echo 'on' > /sys/bus/usb/devices/$i/power/control echo 'on' > /sys/bus/usb/devices/$i/power/control
done done
''; '';
in in mkOverride 10 "${script}/bin/powertop-auto-tune";
mkOverride 10 "${script}/bin/powertop-auto-tune";
}; };
}; };
} }

20
lib/attrsets.nix
View file

@ -1,25 +1,17 @@
{lib, myLib, ...}: {lib, myLib, ...}:
with lib; with lib;
rec { rec {
mergeAttrsRecursive = mergeAttrsRecursive = a: b: foldAttrs (item: acc:
a: b:
foldAttrs
(
item: acc:
if (isNull acc) then if (isNull acc) then
item item
else if (isList item) then else if (isList item) then
if isList acc then acc ++ item else [ acc ] ++ item if isList acc then
acc ++ item
else [ acc ] ++ item
else if (isString item) then else if (isString item) then
acc + item acc + item
else if (isAttrs item) then else if (isAttrs item) then
mergeAttrsRecursive acc item mergeAttrsRecursive acc item
else else item
item ) null [ b a ];
)
null
[
b
a
];
} }

20
lib/config.nix
View file

@ -1,24 +1,18 @@
{lib, myLib}: {lib, myLib}:
with lib; with lib;
let let
mkListToString = mkListToString = { sep ? " " }: list: concatStringsSep sep (
{ forEach list (v: toString v)
sep ? " ", );
}: in rec {
list: concatStringsSep sep (forEach list (v: toString v));
in
rec {
mkValueString = mkValueString =
let let
gen = generators.mkValueStringDefault {}; gen = generators.mkValueStringDefault {};
listToString = mkListToString {}; listToString = mkListToString {};
in in v: if isList v then listToString v
v: if isList v then listToString v else gen v; else gen v;
mkKeyValue = mkKeyValue = { sep }: with generators; toKeyValue {
{ sep }:
with generators;
toKeyValue {
mkKeyValue = mkKeyValueDefault { mkKeyValue = mkKeyValueDefault {
mkValueString = mkValueString; mkValueString = mkValueString;
} sep; } sep;

43
lib/debug.nix
View file

@ -1,37 +1,22 @@
{ lib, myLib }: { lib, myLib }:
with lib; with lib;
rec { rec {
toPretty = toPretty = depth: x:
depth: x:
# Stolen from: https://github.com/teto/nixpkgs/blob/6f098631f6f06b93c17f49abdf677790e017778d/lib/debug.nix#L109C5-L117C30 # Stolen from: https://github.com/teto/nixpkgs/blob/6f098631f6f06b93c17f49abdf677790e017778d/lib/debug.nix#L109C5-L117C30
let let
snip = snip = v: if isList v then noQuotes "[]" v
v: else if isAttrs v then noQuotes "{}" v
if isList v then else v;
noQuotes "[]" v noQuotes = str: v: { __pretty = const str; val = v; };
else if isAttrs v then modify = n: fn: v: if (n == 0) then fn v
noQuotes "{}" v else if isList v then map (modify (n - 1) fn) v
else else if isAttrs v then mapAttrs
v; (const (modify (n - 1) fn)) v
noQuotes = str: v: { else v;
__pretty = const str; in lib.generators.toPretty { allowPrettyValues = true; } (modify depth snip x);
val = v;
};
modify =
n: fn: v:
if (n == 0) then
fn v
else if isList v then
map (modify (n - 1) fn) v
else if isAttrs v then
mapAttrs (const (modify (n - 1) fn)) v
else
v;
in
lib.generators.toPretty { allowPrettyValues = true; } (modify depth snip x);
traceValWithPrefix = traceValWithPrefix = prefix: value:
prefix: value:
#trace "traceValWithPrefix 'prefix': ${prefix}" value #trace "traceValWithPrefix 'prefix': ${prefix}" value
trace "${prefix}: ${toPretty 2 value}" value; trace "${prefix}: ${toPretty 2 value}" value
;
} }

22
lib/default.nix
View file

@ -1,19 +1,11 @@
{ { lib ? import <nixpkgs/lib, ... }:
lib ? import < nixpkgs/lib,
...
}:
let let
myLib = lib.makeExtensible ( myLib = lib.makeExtensible (self: let
self: callLibs = file: import file {
let
callLibs =
file:
import file {
inherit lib; inherit lib;
myLib = self; myLib = self;
}; };
in in {
{
math = callLibs ./math.nix; math = callLibs ./math.nix;
config = callLibs ./config.nix; config = callLibs ./config.nix;
optimizations = callLibs ./optimizations.nix; optimizations = callLibs ./optimizations.nix;
@ -21,7 +13,5 @@ let
types = callLibs ./types.nix; types = callLibs ./types.nix;
debug = callLibs ./debug.nix; debug = callLibs ./debug.nix;
derivations = callLibs ./derivations.nix; derivations = callLibs ./derivations.nix;
} });
); in myLib
in
myLib

10
lib/derivations.nix
View file

@ -1,13 +1,15 @@
{lib, myLib, ...}: {lib, myLib, ...}:
with lib; with lib;
rec { rec {
isBroken = isBroken = x:
x:
let let
tryX = builtins.tryEval x; tryX = builtins.tryEval x;
in in
if tryX.success && (isDerivation tryX.value) then if
tryX.success && (isDerivation tryX.value)
then
tryX.value.meta.insecure || tryX.value.meta.broken tryX.value.meta.insecure || tryX.value.meta.broken
else else
true; true
;
} }

16
lib/math.nix
View file

@ -1,16 +1,12 @@
{ {lib
lib, , myLib
myLib,
}: }:
rec { rec {
log2 = log2 = let
let
mylog = x: y: if (x >= 2) then mylog (x / 2) (y + 1) else y; mylog = x: y: if (x >= 2) then mylog (x / 2) (y + 1) else y;
in in x: mylog x 0;
x: mylog x 0;
clamp = clamp = min_x: max_x: x: lib.min ( lib.max x min_x ) max_x;
min_x: max_x: x:
lib.min (lib.max x min_x) max_x;
} }

265
lib/optimizations.nix
View file

@ -33,12 +33,7 @@ let
"-Wl,-sort-common" "-Wl,-sort-common"
"-Wl,--gc-sections" "-Wl,--gc-sections"
]; ];
ltoFlags = ltoFlags = { threads ? 1, thin ? false }: [
{
threads ? 1,
thin ? false,
}:
[
# Fat LTO objects are object files that contain both the intermediate language and the object code. This makes them usable for both LTO linking and normal linking. # Fat LTO objects are object files that contain both the intermediate language and the object code. This makes them usable for both LTO linking and normal linking.
"-flto=${toString threads}" # Use -flto=auto to use GNU makes job server, if available, or otherwise fall back to autodetection of the number of CPU threads present in your system. "-flto=${toString threads}" # Use -flto=auto to use GNU makes job server, if available, or otherwise fall back to autodetection of the number of CPU threads present in your system.
(optionalString (!thin) "-ffat-lto-objects") (optionalString (!thin) "-ffat-lto-objects")
@ -109,11 +104,9 @@ let
"-floop-nest-optimize" # "Calculates a loop structure optimized for data-locality and parallelism." "-floop-nest-optimize" # "Calculates a loop structure optimized for data-locality and parallelism."
]; ];
archToX86Level = archToX86Level = arch:
arch:
let let
_map = _map = { }
{ }
// genAttrs [ // genAttrs [
"nehalem" "nehalem"
"westmere" "westmere"
@ -129,7 +122,8 @@ let
"bdver2" # Piledriver "bdver2" # Piledriver
"bdver3" # Steamroller "bdver3" # Steamroller
"x86-64-v2" "x86-64-v2"
] (name: 2) ]
(name: 2)
// genAttrs [ // genAttrs [
"haswell" "haswell"
"broadwell" "broadwell"
@ -140,7 +134,8 @@ let
"znver2" "znver2"
"znver3" "znver3"
"x86-64-v3" "x86-64-v3"
] (name: 3) ]
(name: 3)
// genAttrs [ // genAttrs [
"knl" "knl"
"knm" "knm"
@ -155,16 +150,20 @@ let
"rocketlake" "rocketlake"
"znver4" "znver4"
"x86-64-v4" "x86-64-v4"
] (name: 4); ]
(name: 4)
;
in in
if (hasAttr arch _map) then _map.${arch} else 1; if (hasAttr arch _map) then _map.${arch} else 1
;
getARMLevel = getARMLevel = arch:
arch: if (!isNull arch) then toInt (elemAt (builtins.match "armv([0-9]).+") 0) else null; if (! isNull arch) then
toInt (elemAt (builtins.match "armv([0-9]).+") 0)
else null;
# https://go.dev/doc/install/source#environment # https://go.dev/doc/install/source#environment
getGOARM = getGOARM = armLevel: if (isNull armLevel) || (armLevel < 5) || (armLevel > 7) then null else armLevel;
armLevel: if (isNull armLevel) || (armLevel < 5) || (armLevel > 7) then null else armLevel;
workarounds = { workarounds = {
# https://www.intel.com/content/dam/support/us/en/documents/processors/mitigations-jump-conditional-code-erratum.pdf # https://www.intel.com/content/dam/support/us/en/documents/processors/mitigations-jump-conditional-code-erratum.pdf
@ -178,8 +177,7 @@ let
}; };
}; };
addMarchSpecific = addMarchSpecific = march:
march:
let let
_map = { _map = {
skylake = workarounds.intel-jump-conditional-code; skylake = workarounds.intel-jump-conditional-code;
@ -190,22 +188,16 @@ let
in in
attrByPath [ march ] { } _map; attrByPath [ march ] { } _map;
cacheTuning =
{ cacheTuning = { compiler, l1d ? null, l1i ? null, l1Line ? null, lastLevel ? null }:
compiler, if compiler == "gcc" then [ ]
l1d ? null,
l1i ? null,
l1Line ? null,
lastLevel ? null,
}:
if compiler == "gcc" then
[ ]
++ optional (! isNull l1d) "--param l1-cache-size=${toString l1d}" ++ optional (! isNull l1d) "--param l1-cache-size=${toString l1d}"
++ optional (! isNull l1Line) "--param l1-cache-line-size=${toString l1Line}" ++ optional (! isNull l1Line) "--param l1-cache-line-size=${toString l1Line}"
++ optional (! isNull lastLevel) "--param l2-cache-size=${toString lastLevel}" ++ optional (! isNull lastLevel) "--param l2-cache-size=${toString lastLevel}"
else else
[ ]; [ ];
in in
rec { rec {
@ -217,30 +209,23 @@ rec {
"very-unsafe" = 5; "very-unsafe" = 5;
}; };
addAttrs = addAttrs = pkg: attrs: pkg.overrideAttrs (old:
pkg: attrs: (myLib.attrsets.mergeAttrsRecursive old attrs) // {
pkg.overrideAttrs (
old:
(myLib.attrsets.mergeAttrsRecursive old attrs)
// {
passthru = (pkg.passthru or {}) // (attrs.passtru or {}); passthru = (pkg.passthru or {}) // (attrs.passtru or {});
} }
); );
optimizePkg = optimizePkg = pkg: { level ? "normal"
pkg: , recursive ? 0
{ , optimizeFlags ? (guessOptimizationFlags pkg)
level ? "normal", , blacklist ? [ ]
recursive ? 0, , ltoBlacklist ? [ ]
optimizeFlags ? (guessOptimizationFlags pkg), , overrideMap ? { }
blacklist ? [ ], , stdenv ? null
ltoBlacklist ? [ ], , lto ? false
overrideMap ? { }, , attributes ? null
stdenv ? null, , _depth ? 0
lto ? false, , ...
attributes ? null,
_depth ? 0,
...
}@attrs: }@attrs:
if _depth > recursive then if _depth > recursive then
pkg # Max depth reached, return un-modified pkg pkg # Max depth reached, return un-modified pkg
@ -252,28 +237,23 @@ rec {
let let
_pkgStdenvCC = attrByPath [ "stdenv" "cc" ] null pkg; _pkgStdenvCC = attrByPath [ "stdenv" "cc" ] null pkg;
_ltoBlacklisted = any (p: p == getName pkg) ltoBlacklist; _ltoBlacklisted = any (p: p == getName pkg) ltoBlacklist;
_lto = if (lto && _ltoBlacklisted) then warn "LTO-blacklisted '${getName pkg}'" false else lto; _lto =
if (lto && _ltoBlacklisted) then warn "LTO-blacklisted '${getName pkg}'" false
else lto;
_stdenvCC = if isNull stdenv then _pkgStdenvCC else stdenv.cc; _stdenvCC = if isNull stdenv then _pkgStdenvCC else stdenv.cc;
optimizedAttrs = optimizeFlags ( optimizedAttrs = optimizeFlags (attrs // {
attrs
// {
inherit level; inherit level;
compiler = compiler =
if isNull _pkgStdenvCC then if isNull _pkgStdenvCC then null
null else if pkg.stdenv.cc.isGNU then "gcc"
else if pkg.stdenv.cc.isGNU then else if pkg.stdenv.cc.isClang then "clang"
"gcc" else throw "Unknown compiler '${getName pkg.stdenv.cc}'" null
else if pkg.stdenv.cc.isClang then ;
"clang"
else
throw "Unknown compiler '${getName pkg.stdenv.cc}'" null;
lto = _lto; lto = _lto;
stdenvCC = _stdenvCC; stdenvCC = _stdenvCC;
} });
);
_nativeBuildInputs = filter (p: ! isNull p) (pkg.nativeBuildInputs or [ ]); _nativeBuildInputs = filter (p: ! isNull p) (pkg.nativeBuildInputs or [ ]);
_nativeBuildInputsOverriden = forEach _nativeBuildInputs ( _nativeBuildInputsOverriden = forEach _nativeBuildInputs (_pkg:
_pkg:
let let
_pkgName = myGetName _pkg; _pkgName = myGetName _pkg;
hasOverride = any (n: n == _pkgName) (attrNames overrideMap); hasOverride = any (n: n == _pkgName) (attrNames overrideMap);
@ -286,35 +266,23 @@ rec {
); );
_buildInputs = filter (p: (! isNull p) && (isDerivation p)) (pkg.buildInputs or [ ]); _buildInputs = filter (p: (! isNull p) && (isDerivation p)) (pkg.buildInputs or [ ]);
_buildInputsOverriden = forEach _buildInputs ( _buildInputsOverriden = forEach _buildInputs (_pkg:
_pkg:
if (any (n: n == myGetName _pkg) blacklist) then if (any (n: n == myGetName _pkg) blacklist) then
warn "Skipping blacklisted '${myGetName _pkg}'" _pkg warn "Skipping blacklisted '${myGetName _pkg}'" _pkg
else else
optimizePkg _pkg ( optimizePkg _pkg (attrs // {
attrs inherit level recursive blacklist optimizeFlags stdenv;
// {
inherit
level
recursive
blacklist
optimizeFlags
stdenv
;
parallelize = null; parallelize = null;
_depth = _depth + 1; _depth = _depth + 1;
} })
)
); );
_pkgStdenvOverridable = attrByPath [ "override" "__functionArgs" "stdenv" ] null pkg; _pkgStdenvOverridable = attrByPath [ "override" "__functionArgs" "stdenv" ] null pkg;
_pkgWithStdenv = _pkgWithStdenv =
if (isNull _pkgStdenvOverridable) || (isNull stdenv) then if (isNull _pkgStdenvOverridable) || (isNull stdenv)
pkg then pkg
else else warn "Replacing stdenv for '${myGetName pkg}'" (pkg.override { inherit stdenv; });
warn "Replacing stdenv for '${myGetName pkg}'" (pkg.override { inherit stdenv; });
_pkg = _pkgWithStdenv.overrideAttrs ( _pkg = _pkgWithStdenv.overrideAttrs (old:
old:
{ {
buildInputs = _buildInputsOverriden; buildInputs = _buildInputsOverriden;
nativeBuildInputs = _nativeBuildInputsOverriden; nativeBuildInputs = _nativeBuildInputsOverriden;
@ -332,79 +300,72 @@ rec {
); );
_pkgOptimized = addAttrs _pkg optimizedAttrs; _pkgOptimized = addAttrs _pkg optimizedAttrs;
_pkgFinal = _pkgFinal =
if isAttrs attributes then addAttrs _pkgOptimized (traceVal attributes) else _pkgOptimized; if isAttrs attributes then
addAttrs _pkgOptimized (traceVal attributes)
else
_pkgOptimized
;
in in
trace "Optimized ${myGetName pkg} with overrideAttrs at level '${level}' (depth: ${toString _depth}, lto: ${if lto then "true" else "false"})" _pkgFinal trace "Optimized ${myGetName pkg} with overrideAttrs at level '${level}' (depth: ${toString _depth}, lto: ${if lto then "true" else "false"})" _pkgFinal
else if (hasAttr "name" pkg) then else if (hasAttr "name" pkg) then
warn "Can't optimize ${myGetName pkg} (depth: ${toString _depth})" pkg warn "Can't optimize ${myGetName pkg} (depth: ${toString _depth})" pkg
else else
throw "Not a pkg: ${builtins.toJSON pkg} (depth: ${toString _depth})" pkg; throw "Not a pkg: ${builtins.toJSON pkg} (depth: ${toString _depth})" pkg
;
myGetName = pkg: if isDerivation pkg then getName pkg else null; myGetName = pkg:
if isDerivation pkg
then getName pkg
else null;
#else warn "getName input is not a derivation: '${toString pkg}'" null; #else warn "getName input is not a derivation: '${toString pkg}'" null;
guessOptimizationFlags = guessOptimizationFlags = pkg: { ... }@attrs: makeOptimizationFlags ({
pkg:
{ ... }@attrs:
makeOptimizationFlags (
{
rust = any (p: (myGetName p) == "rustc") pkg.nativeBuildInputs; rust = any (p: (myGetName p) == "rustc") pkg.nativeBuildInputs;
cmake = any (p: (myGetName p) == "cmake") pkg.nativeBuildInputs; cmake = any (p: (myGetName p) == "cmake") pkg.nativeBuildInputs;
go = any (p: (myGetName p) == "go") pkg.nativeBuildInputs; go = any (p: (myGetName p) == "go") pkg.nativeBuildInputs;
ninja = any (p: (myGetName p) == "ninja") pkg.nativeBuildInputs; ninja = any (p: (myGetName p) == "ninja") pkg.nativeBuildInputs;
autotools = any (p: (myGetName p) == "autoreconf-hook") pkg.nativeBuildInputs; autotools = any (p: (myGetName p) == "autoreconf-hook") pkg.nativeBuildInputs;
} } // attrs);
// attrs
);
makeOptimizationFlags = makeOptimizationFlags =
{ { level ? "normal"
level ? "normal", , extraCFlags ? null
extraCFlags ? null, , lto ? false
lto ? false, , parallelize ? null
parallelize ? null, , cpuArch ? null
cpuArch ? null, , cpuTune ? null
cpuTune ? null, , ISA ? "amd64"
ISA ? "amd64", , armLevel ? (getARMLevel cpuArch)
armLevel ? (getARMLevel cpuArch), , x86Level ? (archToX86Level cpuArch)
x86Level ? (archToX86Level cpuArch), , check ? false
check ? false, , compiler ? "gcc"
compiler ? "gcc", , stdenvCC ? null
stdenvCC ? null, , cpuCores ? 4
cpuCores ? 4, , go ? false
go ? false, , rust ? false
rust ? false, , cmake ? false
cmake ? false, , ninja ? false
ninja ? false, , autotools ? false
autotools ? false, , l1LineCache ? null
l1LineCache ? null, , l1iCache ? null
l1iCache ? null, , l1dCache ? null
l1dCache ? null, , lastLevelCache ? null
lastLevelCache ? null, , ...
...
}: }:
let let
levelN = levelNames.${level}; levelN = levelNames.${level};
march = march =
if (!isNull cpuArch) then if (! isNull cpuArch) then cpuArch
cpuArch else if (! isNull cpuTune) then cpuTune
else if (!isNull cpuTune) then else "generic";
cpuTune
else
"generic";
uarchTune = uarchTune =
if (!isNull cpuTune) then if (! isNull cpuTune) then cpuTune
cpuTune else if (! isNull cpuArch) then cpuArch
else if (!isNull cpuArch) then else "generic";
cpuArch in myLib.debug.traceValWithPrefix "optimizations" (foldl' myLib.attrsets.mergeAttrsRecursive {} [
else
"generic";
in
myLib.debug.traceValWithPrefix "optimizations" (
foldl' myLib.attrsets.mergeAttrsRecursive { } [
(rec { (rec {
CFLAGS = unique ( CFLAGS = unique
[ ] ([ ]
++ requiredFlags ++ requiredFlags
++ optionals (compiler == "clang") clangSpecificFlags ++ optionals (compiler == "clang") clangSpecificFlags
++ optionals (levelN >= 1) genericCompileFlags ++ optionals (levelN >= 1) genericCompileFlags
@ -412,9 +373,7 @@ rec {
++ optionals (levelN >= 3) moderatelyUnsafeOptimizationFlags ++ optionals (levelN >= 3) moderatelyUnsafeOptimizationFlags
++ optionals (levelN >= 4) unsafeOptimizationFlags ++ optionals (levelN >= 4) unsafeOptimizationFlags
++ optionals (levelN >= 5) veryUnsafeOptimizationFlags ++ optionals (levelN >= 5) veryUnsafeOptimizationFlags
++ optionals lto (ltoFlags { ++ optionals lto (ltoFlags { threads = myLib.math.log2 cpuCores; })
threads = myLib.math.log2 cpuCores;
})
++ optionals (! isNull parallelize) (automaticallyParallelizeFlags parallelize) ++ optionals (! isNull parallelize) (automaticallyParallelizeFlags parallelize)
++ optionals (! isNull extraCFlags) extraCFlags ++ optionals (! isNull extraCFlags) extraCFlags
++ optionals (! isNull cpuArch) [ "-march=${cpuArch}" ] ++ optionals (! isNull cpuArch) [ "-march=${cpuArch}" ]
@ -425,11 +384,12 @@ rec {
l1i = l1iCache; l1i = l1iCache;
l1d = l1dCache; l1d = l1dCache;
lastLevel = lastLevelCache; lastLevel = lastLevelCache;
} });
);
CXXFLAGS = CFLAGS; CXXFLAGS = CFLAGS;
CPPFLAGS = [ ] ++ optionals (levelN >= 1) genericPreprocessorFlags; CPPFLAGS = []
LDFLAGS = [ ] ++ optionals (levelN >= 3) genericLinkerFlags; ++ optionals (levelN >= 1) genericPreprocessorFlags;
LDFLAGS = []
++ optionals (levelN >= 3) genericLinkerFlags;
preConfigure = '' preConfigure = ''
@ -459,7 +419,8 @@ rec {
''} ''}
) )
''; ''
;
}) })
(optionalAttrs ninja { (optionalAttrs ninja {
preConfigure = '' preConfigure = ''
@ -470,13 +431,9 @@ rec {
''; '';
}) })
(optionalAttrs rust { (optionalAttrs rust {
RUSTFLAGS = RUSTFLAGS = [ ]
[ ]
++ optionals (levelN >= 2) [ "-C opt-level=3" ] ++ optionals (levelN >= 2) [ "-C opt-level=3" ]
++ optionals lto [ ++ optionals lto [ "-C lto=fat" "-C embed-bitcode=on" ]
"-C lto=fat"
"-C embed-bitcode=on"
]
++ optionals (! isNull cpuArch) [ "-C target-cpu=${cpuArch}" ] ++ optionals (! isNull cpuArch) [ "-C target-cpu=${cpuArch}" ]
#++ [ "-C embed-bitcode=off" "-C lto=off" ] # Not needed since rust 1.45 #++ [ "-C embed-bitcode=off" "-C lto=off" ] # Not needed since rust 1.45
#++ optionals lto [ "-Clinker-plugin-lto" "-Clto" ] #++ optionals lto [ "-Clinker-plugin-lto" "-Clto" ]
@ -503,6 +460,6 @@ rec {
CGO_LDFLAGS_ALLOW = "-Wl.*"; CGO_LDFLAGS_ALLOW = "-Wl.*";
}) })
(addMarchSpecific march) (addMarchSpecific march)
] ])
); ;
} }

14
lib/types.nix
View file

@ -2,14 +2,10 @@
with lib; with lib;
{ {
package' = types.package // { package' = types.package // {
merge = merge = loc: defs:
loc: defs: let res = mergeDefaultOption loc defs;
let in if builtins.isPath res || (builtins.isString res && ! builtins.hasContext res)
res = mergeDefaultOption loc defs; then toDerivation res
in else res;
if builtins.isPath res || (builtins.isString res && !builtins.hasContext res) then
toDerivation res
else
res;
}; };
} }

40
network.nix
View file

@ -1,10 +1,4 @@
{ { config, pkgs, lib, myLib, ... }:
config,
pkgs,
lib,
myLib,
...
}:
with lib; with lib;
let let
cfg = config.aviallon.network; cfg = config.aviallon.network;
@ -22,27 +16,15 @@ in
default = "systemd-networkd"; default = "systemd-networkd";
example = "NetworkManager"; example = "NetworkManager";
description = "Set network backend"; description = "Set network backend";
type = types.enum [ type = types.enum [ "systemd-networkd" "NetworkManager" "dhcpcd" ];
"systemd-networkd"
"NetworkManager"
"dhcpcd"
];
}; };
dns = mkOption { dns = mkOption {
default = "systemd-resolved"; default = "systemd-resolved";
example = "dnsmasq"; example = "dnsmasq";
description = "Set network DNS"; description = "Set network DNS";
type = types.enum [ type = types.enum [ "systemd-resolved" "dnsmasq" "unbound" "none" "default" ];
"systemd-resolved"
"dnsmasq"
"unbound"
"none"
"default"
];
};
vpnSupport = mkEnableOption "VPN support of many kinds in NetworkManager" // {
default = desktopCfg.enable;
}; };
vpnSupport = mkEnableOption "VPN support of many kinds in NetworkManager" // { default = desktopCfg.enable; };
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
@ -50,10 +32,11 @@ in
networking.networkmanager.enable = (cfg.backend == "NetworkManager"); networking.networkmanager.enable = (cfg.backend == "NetworkManager");
networking.dhcpcd.enable = (cfg.backend == "dhcpcd"); networking.dhcpcd.enable = (cfg.backend == "dhcpcd");
services.resolved = { services.resolved = {
enable = (cfg.dns == "systemd-resolved"); enable = (cfg.dns == "systemd-resolved");
settings.Resolve = { settings.Resolve = {
LLMNR = mkForce false; # https://www.blackhillsinfosec.com/how-to-disable-llmnr-why-you-want-to/ LLMNR = mkForce false; # https://www.blackhillsinfosec.com/how-to-disable-llmnr-why-you-want-to/
DNSSEC = false; DNSSEC = false;
DNS = [ DNS = [
# cloudflare-dns.com # cloudflare-dns.com
@ -76,9 +59,7 @@ in
networking.networkmanager = { networking.networkmanager = {
wifi.backend = mkDefault "iwd"; wifi.backend = mkDefault "iwd";
dns = mkDefault cfg.dns; dns = mkDefault cfg.dns;
plugins = plugins = with pkgs; []
with pkgs;
[ ]
++ optional (cfg.dns == "dnsmasq") dnsmasq ++ optional (cfg.dns == "dnsmasq") dnsmasq
++ optionals cfg.vpnSupport [ ++ optionals cfg.vpnSupport [
networkmanager_strongswan networkmanager_strongswan
@ -86,7 +67,8 @@ in
networkmanager-openconnect networkmanager-openconnect
networkmanager-sstp networkmanager-sstp
networkmanager-l2tp networkmanager-l2tp
]; ]
;
}; };
networking.wireless.enable = (cfg.backend != "NetworkManager"); networking.wireless.enable = (cfg.backend != "NetworkManager");
networking.wireless.iwd.enable = true; networking.wireless.iwd.enable = true;
@ -96,9 +78,7 @@ in
# Must always be false # Must always be false
networking.useDHCP = false; networking.useDHCP = false;
networking.hostId = mkDefault ( networking.hostId = mkDefault (substring 0 8 (builtins.hashString "sha256" config.networking.hostName));
substring 0 8 (builtins.hashString "sha256" config.networking.hostName)
);
networking.hostName = mkDefault (builtins.abort "Default hostname not changed" null); networking.hostName = mkDefault (builtins.abort "Default hostname not changed" null);
# Needed for proper WiFi support in some countries (like France, for instance) # Needed for proper WiFi support in some countries (like France, for instance)

80
nix/builder.nix
View file

@ -1,10 +1,4 @@
{ { config, pkgs, lib, myLib, ... }:
config,
pkgs,
lib,
myLib,
...
}:
with lib; with lib;
let let
cfg = config.aviallon.nix; cfg = config.aviallon.nix;
@ -16,8 +10,7 @@ let
getSpeed = cores: threads: cores + (threads - cores) / 2; getSpeed = cores: threads: cores + (threads - cores) / 2;
mkBuildMachine = mkBuildMachine = {
{
hostName, hostName,
cores, cores,
systems ? [ "x86_64-linux" ] , systems ? [ "x86_64-linux" ] ,
@ -25,31 +18,27 @@ let
features ? [ ], features ? [ ],
x86ver ? 1 , x86ver ? 1 ,
... ...
}@attrs: }@attrs: let
let
speedFactor = getSpeed cores threads; speedFactor = getSpeed cores threads;
in in {
{
inherit hostName speedFactor; inherit hostName speedFactor;
systems = systems ++ optional (any (s: s == "x86_64-linux") systems) "i686-linux"; systems = systems
++ optional (any (s: s == "x86_64-linux") systems) "i686-linux"
;
sshUser = "builder"; sshUser = "builder";
sshKey = buildUserKeyFilePath; sshKey = buildUserKeyFilePath;
maxJobs = myLib.math.log2 cores; maxJobs = myLib.math.log2 cores;
supportedFeatures = [ supportedFeatures = [ "kvm" "benchmark" ]
"kvm"
"benchmark"
]
++ optional (speedFactor > 8) "big-parallel" ++ optional (speedFactor > 8) "big-parallel"
++ optional (x86ver >= 2) "gccarch-x86-64-v2" ++ optional (x86ver >= 2) "gccarch-x86-64-v2"
++ optional (x86ver >= 3) "gccarch-x86-64-v3" ++ optional (x86ver >= 3) "gccarch-x86-64-v3"
++ optional (x86ver >= 4) "gccarch-x86-64-v4" ++ optional (x86ver >= 4) "gccarch-x86-64-v4"
++ features; ++ features
;
}; };
machineList = filterAttrs ( machineList = filterAttrs (name: value: config.networking.hostName != name && value.enable) cfg.builder.buildMachines;
name: value: config.networking.hostName != name && value.enable
) cfg.builder.buildMachines;
in in
{ {
imports = [ imports = [
@ -70,16 +59,9 @@ in
}; };
buildMachines = mkOption { buildMachines = mkOption {
type = types.attrsOf ( type = types.attrsOf (types.submoduleWith {
types.submoduleWith {
modules = [ modules = [
( ({ config, options, name, ...}:
{
config,
options,
name,
...
}:
{ {
options = { options = {
enable = mkOption { enable = mkOption {
@ -122,13 +104,10 @@ in
}; };
}; };
} })]; });
)
];
}
);
default = {}; default = {};
example = literalExpression '' example = literalExpression
''
{ {
luke-skywalker-nixos = { luke-skywalker-nixos = {
hostName = "2aXX:e0a:18e:8670::"; hostName = "2aXX:e0a:18e:8670::";
@ -143,29 +122,20 @@ in
}; };
config = { config = {
nix.buildMachines = traceValSeqN 3 ( nix.buildMachines = traceValSeqN 3 (mapAttrsToList (name: value:
mapAttrsToList (
name: value:
mkBuildMachine { mkBuildMachine {
inherit (value) inherit (value) hostName cores threads x86ver;
hostName
cores
threads
x86ver
;
} }
) machineList ) machineList);
);
programs.ssh.extraConfig = concatStringsSep "\n" ( programs.ssh.extraConfig = concatStringsSep "\n" (mapAttrsToList (name: value:
mapAttrsToList ( (optionalString (value.sshConfig != "")
name: value: ''
(optionalString (value.sshConfig != "") ''
Host ${value.hostName} Host ${value.hostName}
${value.sshConfig} ${value.sshConfig}
'') ''
) machineList )
); ) machineList);
users.users.builder = { users.users.builder = {
isSystemUser = true; isSystemUser = true;

57
nix/nix.nix
View file

@ -1,12 +1,4 @@
{ {config, pkgs, lib, myLib, nixpkgs, nixpkgs-unstable, ...}:
config,
pkgs,
lib,
myLib,
nixpkgs,
nixpkgs-unstable,
...
}:
with lib; with lib;
with myLib; with myLib;
let let
@ -34,8 +26,7 @@ in
upper = "05:00"; upper = "05:00";
}; };
system.build.nixos-rebuild = system.build.nixos-rebuild = let
let
nixos-rebuild = pkgs.nixos-rebuild.override { nix = config.nix.package.out; }; nixos-rebuild = pkgs.nixos-rebuild.override { nix = config.nix.package.out; };
nixos-rebuild-inhibit = pkgs.writeShellScriptBin "nixos-rebuild" '' nixos-rebuild-inhibit = pkgs.writeShellScriptBin "nixos-rebuild" ''
exec ${config.systemd.package}/bin/systemd-inhibit --what=idle:shutdown --mode=block \ exec ${config.systemd.package}/bin/systemd-inhibit --what=idle:shutdown --mode=block \
@ -44,8 +35,7 @@ in
-- \ -- \
${pkgs.coreutils}/bin/nice -n 19 -- ${nixos-rebuild}/bin/nixos-rebuild "$@" ${pkgs.coreutils}/bin/nice -n 19 -- ${nixos-rebuild}/bin/nixos-rebuild "$@"
''; '';
in in mkOverride 20 nixos-rebuild-inhibit;
mkOverride 20 nixos-rebuild-inhibit;
environment.systemPackages = [ environment.systemPackages = [
(hiPrio config.system.build.nixos-rebuild) (hiPrio config.system.build.nixos-rebuild)
@ -73,6 +63,8 @@ in
}; };
}; };
nix.gc.automatic = mkDefault true; nix.gc.automatic = mkDefault true;
nix.gc.dates = mkDefault "Monday,Wednesday,Friday,Sunday 03:00:00"; nix.gc.dates = mkDefault "Monday,Wednesday,Friday,Sunday 03:00:00";
nix.gc.randomizedDelaySec = "3h"; nix.gc.randomizedDelaySec = "3h";
@ -92,40 +84,31 @@ in
}; };
}; };
nix.package = optimizePkg {
stdenv = pkgs.fastStdenv;
level = "slower";
} pkgs.nixVersions.latest;
nix.settings.system-features = [ nix.package = optimizePkg { stdenv = pkgs.fastStdenv; level = "slower"; } pkgs.nixVersions.latest;
"big-parallel"
"kvm" nix.settings.system-features = [ "big-parallel" "kvm" "benchmark" ]
"benchmark"
]
++ optional ( ! isNull generalCfg.cpu.arch ) "gccarch-${generalCfg.cpu.arch}" ++ optional ( ! isNull generalCfg.cpu.arch ) "gccarch-${generalCfg.cpu.arch}"
++ optional ( generalCfg.cpu.x86.level >= 2 ) "gccarch-x86-64-v2" ++ optional ( generalCfg.cpu.x86.level >= 2 ) "gccarch-x86-64-v2"
++ optional ( generalCfg.cpu.x86.level >= 3 ) "gccarch-x86-64-v3" ++ optional ( generalCfg.cpu.x86.level >= 3 ) "gccarch-x86-64-v3"
++ optional (generalCfg.cpu.x86.level >= 4) "gccarch-x86-64-v4"; ++ optional ( generalCfg.cpu.x86.level >= 4 ) "gccarch-x86-64-v4"
;
nix.settings.builders-use-substitutes = true; nix.settings.builders-use-substitutes = true;
nix.settings.substitute = true; nix.settings.substitute = true;
nix.settings.experimental-features = [ nix.settings.experimental-features = [ "nix-command" "flakes" ]
"nix-command"
"flakes"
]
++ optional (versionOlder config.nix.package.version "2.19") "repl-flake" ++ optional (versionOlder config.nix.package.version "2.19") "repl-flake"
++ optional cfg.contentAddressed "ca-derivations"; ++ optional cfg.contentAddressed "ca-derivations"
;
nix.settings.download-attempts = 5; nix.settings.download-attempts = 5;
nix.settings.stalled-download-timeout = 20; nix.settings.stalled-download-timeout = 20;
nix.settings.substituters = mkBefore ( nix.settings.substituters = mkBefore ([]
[ ]
++ optional cfg.enableCustomSubstituter "https://nix-cache.lesviallon.fr" ++ optional cfg.enableCustomSubstituter "https://nix-cache.lesviallon.fr"
++ optional cfg.contentAddressed "https://cache.ngi0.nixos.org/" ++ optional cfg.contentAddressed "https://cache.ngi0.nixos.org/"
); );
nix.settings.trusted-public-keys = mkBefore ( nix.settings.trusted-public-keys = mkBefore ([]
[ ]
++ optional cfg.enableCustomSubstituter "nix-cache.lesviallon.fr-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" ++ optional cfg.enableCustomSubstituter "nix-cache.lesviallon.fr-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
++ optional cfg.contentAddressed "cache.ngi0.nixos.org-1:KqH5CBLNSyX184S9BKZJo1LxrxJ9ltnY2uAs5c/f1MA=" ++ optional cfg.contentAddressed "cache.ngi0.nixos.org-1:KqH5CBLNSyX184S9BKZJo1LxrxJ9ltnY2uAs5c/f1MA="
); );
@ -135,15 +118,9 @@ in
nix.settings.cores = mkIf (generalCfg.cpu.threads != null) generalCfg.cpu.threads; nix.settings.cores = mkIf (generalCfg.cpu.threads != null) generalCfg.cpu.threads;
nix.settings.max-jobs = mkIf (generalCfg.cpu.threads != null) (math.log2 generalCfg.cpu.threads); nix.settings.max-jobs = mkIf (generalCfg.cpu.threads != null) (math.log2 generalCfg.cpu.threads);
nix.settings.trusted-users = [ nix.settings.trusted-users = [ "root" "@wheel" ];
"root"
"@wheel"
];
nix.settings.hashed-mirrors = [ nix.settings.hashed-mirrors = [ "https://tarballs.nixos.org" "https://nixpkgs-unfree.cachix.org" ];
"https://tarballs.nixos.org"
"https://nixpkgs-unfree.cachix.org"
];
nix.registry = { nix.registry = {
nixpkgs.flake = nixpkgs; nixpkgs.flake = nixpkgs;

95
optimizations/optimizations.nix
View file

@ -1,11 +1,4 @@
{ { config, pkgs, options, lib, myLib, ... }:
config,
pkgs,
options,
lib,
myLib,
...
}:
with lib; with lib;
let let
cfg = config.aviallon.optimizations; cfg = config.aviallon.optimizations;
@ -31,18 +24,18 @@ let
lto = cfg.lto.enable; lto = cfg.lto.enable;
}; };
optimizePkg = optimizePkg = {
{
attributes ? {}, attributes ? {},
stdenv ? null, stdenv ? null,
... ...
}@attrs: }@attrs: pkg:
pkg:
myLib.optimizations.optimizePkg pkg ( myLib.optimizations.optimizePkg pkg (
defaultOptimizeAttrs // cfg.defaultSettings // { inherit stdenv attributes; } // attrs defaultOptimizeAttrs
// cfg.defaultSettings
// { inherit stdenv attributes; }
// attrs
); );
in in {
{
options.aviallon.optimizations = { options.aviallon.optimizations = {
enable = mkOption { enable = mkOption {
default = true; default = true;
@ -59,22 +52,12 @@ in
blacklist = mkOption { blacklist = mkOption {
description = "Packages to blacklist from LTO"; description = "Packages to blacklist from LTO";
type = types.listOf types.str; type = types.listOf types.str;
default = [ default = [ "x265" "cpio" "cups" "gtk+3" "which" "openssh" ];
"x265"
"cpio"
"cups"
"gtk+3"
"which"
"openssh"
];
}; };
}; };
extraCompileFlags = mkOption { extraCompileFlags = mkOption {
default = [ ]; default = [ ];
example = [ example = [ "-O2" "-mavx" ];
"-O2"
"-mavx"
];
description = "Add specific compile flags"; description = "Add specific compile flags";
type = types.listOf types.str; type = types.listOf types.str;
}; };
@ -83,10 +66,7 @@ in
recursive = 0; recursive = 0;
level = "slower"; level = "slower";
}; };
example = { example = { level = "unsafe"; recursive = 0; };
level = "unsafe";
recursive = 0;
};
description = "Specify default options passed to optimizePkg"; description = "Specify default options passed to optimizePkg";
}; };
optimizePkg = mkOption { optimizePkg = mkOption {
@ -98,22 +78,11 @@ in
trace = mkEnableOption "trace attributes in overriden derivations"; trace = mkEnableOption "trace attributes in overriden derivations";
runtimeOverrides.enable = mkEnableOption "runtime overrides for performance sensitive libraries (glibc, ...)"; runtimeOverrides.enable = mkEnableOption "runtime overrides for performance sensitive libraries (glibc, ...)";
blacklist = mkOption { blacklist = mkOption {
default = [ default = [ # Broken
# Broken "alsa-lib" "glib" "lcms2" "gconf" "gnome-vfs"
"alsa-lib"
"glib"
"lcms2"
"gconf"
"gnome-vfs"
# Very slow # Very slow
"llvm" "llvm" "clang" "clang-wrapper" "valgrind" "rustc" "tensorflow" "qtwebengine"
"clang"
"clang-wrapper"
"valgrind"
"rustc"
"tensorflow"
"qtwebengine"
# Fixable with work, but slow for now # Fixable with work, but slow for now
"rapidjson" "rapidjson"
@ -126,7 +95,8 @@ in
type = with types; attrsOf package; type = with types; attrsOf package;
default = { default = {
}; };
example = literalExpression '' example = literalExpression
''
{ {
ninja = pkgs.ninja-samurai; ninja = pkgs.ninja-samurai;
cmake = pkgs.my-cmake-override; cmake = pkgs.my-cmake-override;
@ -142,12 +112,9 @@ in
options.aviallon.optimizations.blacklist.default options.aviallon.optimizations.blacklist.default
++ (traceValSeq (forEach config.system.replaceRuntimeDependencies (x: lib.getName x.oldDependency ))) ++ (traceValSeq (forEach config.system.replaceRuntimeDependencies (x: lib.getName x.oldDependency )))
); );
system.replaceDependencies.replacements = system.replaceDependencies.replacements = mkIf (!lib.inPureEvalMode && cfg.runtimeOverrides.enable) [
mkIf (!lib.inPureEvalMode && cfg.runtimeOverrides.enable)
[
# glibc usually represents 20% of the userland CPU time. It is therefore very much worth optimizing. # glibc usually represents 20% of the userland CPU time. It is therefore very much worth optimizing.
/* /*{
{
original = pkgs.glibc; original = pkgs.glibc;
replacement = let replacement = let
optimizedFlags = [ "-fipa-pta" ]; optimizedFlags = [ "-fipa-pta" ];
@ -158,8 +125,7 @@ in
NIX_CFLAGS_COMPILE = (attrs.env.NIX_CFLAGS_COMPILE or "") + (toString optimizedFlags.CFLAGS); NIX_CFLAGS_COMPILE = (attrs.env.NIX_CFLAGS_COMPILE or "") + (toString optimizedFlags.CFLAGS);
}; };
}); });
} }*/
*/
# zlib is in second place, given how often it is used # zlib is in second place, given how often it is used
#{ #{
# original = pkgs.zlib; # original = pkgs.zlib;
@ -169,27 +135,22 @@ in
nixpkgs.overlays = mkAfter [ nixpkgs.overlays = mkAfter [
(self: super: { (self: super: {
veryFastStdenv = super.overrideCC super.gccStdenv ( veryFastStdenv = super.overrideCC super.gccStdenv (super.buildPackages.gcc_latest.overrideAttrs (old:
super.buildPackages.gcc_latest.overrideAttrs (
old:
let let
optimizedAttrs = { } // { optimizedAttrs = {}
// {
configureFlags = [ configureFlags = [
"--with-cpu-64=${generalCfg.cpu.arch}" "--with-cpu-64=${generalCfg.cpu.arch}" "--with-arch-64=${generalCfg.cpu.arch}"
"--with-arch-64=${generalCfg.cpu.arch}"
"--with-tune-64=${generalCfg.cpu.tune}" "--with-tune-64=${generalCfg.cpu.tune}"
"--with-build-config=bootstrap-lto-lean" "--with-build-config=bootstrap-lto-lean"
]; ];
}; }
ccWithProfiling = old.cc.overrideAttrs (_: { ;
buildFlags = [ "profiledbootstrap" ]; ccWithProfiling = old.cc.overrideAttrs (_: { buildFlags = [ "profiledbootstrap" ]; } );
}); in {
in
{
cc = addAttrs ccWithProfiling optimizedAttrs; cc = addAttrs ccWithProfiling optimizedAttrs;
} }
) ));
);
}) })
(self: super: { (self: super: {

11
optimizations/services.nix
View file

@ -1,10 +1,4 @@
{ { config, options, pkgs, lib, ... }:
config,
options,
pkgs,
lib,
...
}:
with lib; with lib;
let let
cfg = config.aviallon.optimizations; cfg = config.aviallon.optimizations;
@ -14,8 +8,7 @@ let
}; };
man-db = optimizePkg { level = "moderately-unsafe"; } pkgs.man-db; man-db = optimizePkg { level = "moderately-unsafe"; } pkgs.man-db;
mandoc = optimizePkg { level = "moderately-unsafe"; } pkgs.mandoc; mandoc = optimizePkg { level = "moderately-unsafe"; } pkgs.mandoc;
in in {
{
config = mkIf cfg.enable { config = mkIf cfg.enable {
documentation.man.man-db.package = man-db; documentation.man.man-db.package = man-db;
documentation.man.mandoc.package = mandoc; documentation.man.mandoc.package = mandoc;

127
overlays.nix
View file

@ -1,11 +1,4 @@
{ {config, pkgs, options, lib, myLib, ...}:
config,
pkgs,
options,
lib,
myLib,
...
}:
with builtins; with builtins;
with lib; with lib;
let let
@ -15,10 +8,7 @@ in
{ {
imports = [ imports = [
(mkRenamedOptionModule (mkRenamedOptionModule [ "aviallon" "overlays" "optimizations" ] [ "aviallon" "optimizations" "enable" ])
[ "aviallon" "overlays" "optimizations" ]
[ "aviallon" "optimizations" "enable" ]
)
]; ];
options.aviallon.overlays = { options.aviallon.overlays = {
@ -33,23 +23,20 @@ in
config = mkIf cfg.enable { config = mkIf cfg.enable {
nix.nixPath = nix.nixPath =
# Append our nixpkgs-overlays. # Append our nixpkgs-overlays.
[ "nixpkgs-overlays=/etc/nixos/overlays-compat/" ]; [ "nixpkgs-overlays=/etc/nixos/overlays-compat/" ]
;
nixpkgs.overlays =
[ ] nixpkgs.overlays = []
++ optional cfg.traceCallPackage ( ++ optional cfg.traceCallPackage (self: super: {
self: super: { callPackage = path: overrides:
callPackage =
path: overrides:
let let
_pkg = super.callPackage path overrides; _pkg = super.callPackage path overrides;
_name = _pkg.name or _pkg.pname or "<unknown>"; _name = _pkg.name or _pkg.pname or "<unknown>";
in in trace "callPackage ${_name}" _pkg
trace "callPackage ${_name}" _pkg; ;
} })
) ++ [(self: super: {
++ [
(self: super: {
htop = super.htop.overrideAttrs (old: { htop = super.htop.overrideAttrs (old: {
configureFlags = old.configureFlags ++ [ configureFlags = old.configureFlags ++ [
"--enable-affinity" "--enable-affinity"
@ -57,14 +44,10 @@ in
"--enable-capabilities" "--enable-capabilities"
]; ];
nativeBuildInputs = nativeBuildInputs = old.nativeBuildInputs ++ (with super; [
old.nativeBuildInputs
++ (with super; [
pkg-config pkg-config
]); ]);
buildInputs = buildInputs = old.buildInputs ++ (with super; [
old.buildInputs
++ (with super; [
libcap libcap
libunwind libunwind
libnl libnl
@ -75,24 +58,17 @@ in
}; };
}) })
# (final: prev: { (final: prev: {
# # linux-manual requires scripts/split-man.pl from the kernel source, but # Use our kernel for generating linux man pages
# # neither xanmod 6.19.7 nor vanilla 6.18.x ship it yet. Mark broken so linux-manual = prev.linux-manual.override { linuxPackages_latest = config.boot.kernelPackages; };
# # the build doesn't fail; man-pages and man-pages-posix still build fine. })
# linux-manual = prev.linux-manual.overrideAttrs (_: {
# meta = (prev.linux-manual.meta or { }) // {
# broken = true;
# };
# });
# })
(final: prev: { (final: prev: {
lutris-fhs = ( lutris-fhs =
prev.buildFHSUserEnv { (prev.buildFHSUserEnv {
name = "lutris"; name = "lutris";
targetPkgs = targetPkgs = pkgs: (with pkgs;
pkgs: [
(with pkgs; [
glibc glibc
bashInteractive bashInteractive
@ -100,9 +76,10 @@ in
lutris lutris
gamescope gamescope
wineWow64Packages.waylandFull wineWowPackages.waylandFull
flatpak flatpak
]); ]
);
# symlink shared assets, including icons and desktop entries # symlink shared assets, including icons and desktop entries
extraInstallCommands = '' extraInstallCommands = ''
@ -110,25 +87,17 @@ in
''; '';
runScript = "/usr/bin/lutris"; runScript = "/usr/bin/lutris";
} });
);
}) })
( (final: prev: let
final: prev: pycharm-common = pkg:
let
pycharm-common =
pkg:
let let
myIsDerivation = x: !(myLib.derivations.isBroken x); myIsDerivation = x: !(myLib.derivations.isBroken x);
interpreters = pkgs: filter (x: myIsDerivation x) (attrValues pkgs.pythonInterpreters); interpreters = pkgs: filter (x: myIsDerivation x) (attrValues pkgs.pythonInterpreters);
in in prev.buildFHSUserEnv rec {
prev.buildFHSUserEnv rec {
name = pkg.pname; name = pkg.pname;
targetPkgs = targetPkgs = pkgs: (with pkgs;
pkgs:
(
with pkgs;
[ [
glibc glibc
bashInteractive bashInteractive
@ -138,9 +107,7 @@ in
pkg pkg
] ]
++ trace "Using the following interpreters: ${toString (pkgNames (interpreters pkgs))}" ( ++ trace "Using the following interpreters: ${toString (pkgNames (interpreters pkgs))}" (interpreters pkgs)
interpreters pkgs
)
); );
# symlink shared assets, including icons and desktop entries # symlink shared assets, including icons and desktop entries
@ -150,31 +117,21 @@ in
runScript = "/usr/bin/${pkg.pname}"; runScript = "/usr/bin/${pkg.pname}";
}; };
in in {
{
jetbrains = prev.jetbrains // { jetbrains = prev.jetbrains // {
pycharm-community-fhs = pycharm-common prev.jetbrains.pycharm-community; pycharm-community-fhs = pycharm-common prev.jetbrains.pycharm-community;
pycharm-professional-fhs = pycharm-common prev.jetbrains.pycharm-professional; pycharm-professional-fhs = pycharm-common prev.jetbrains.pycharm-professional;
clion-fhs = clion-fhs = let
let compilers = pkgs: with pkgs; with llvmPackages_17; [
compilers =
pkgs:
with pkgs;
with llvmPackages_17;
[
(setPrio (-9) gcc13) (setPrio (-9) gcc13)
(hiPrio clang) (hiPrio clang)
clang-unwrapped clang-unwrapped
libcxx libcxx
]; ];
in in prev.buildFHSUserEnv rec {
prev.buildFHSUserEnv rec {
name = "clion"; name = "clion";
targetPkgs = targetPkgs = pkgs: (with pkgs;
pkgs:
(
with pkgs;
[ [
jetbrains.clion jetbrains.clion
(hiPrio cmake) (hiPrio cmake)
@ -188,22 +145,16 @@ in
extraInstallCommands = '' extraInstallCommands = ''
ln -s "${prev.jetbrains.clion}/share" "$out/" ln -s "${prev.jetbrains.clion}/share" "$out/"
''; '';
extraOutputsToInstall = [ extraOutputsToInstall = [ "include" "dev" "doc" ];
"include"
"dev"
"doc"
];
runScript = "/usr/bin/clion"; runScript = "/usr/bin/clion";
}; };
}; };
} })
)
]; ];
aviallon.programs.allowUnfreeList = [ aviallon.programs.allowUnfreeList = [
"unrar" "unrar" "ark"
"ark"
]; ];
}; };
} }

29
packages.nix
View file

@ -1,10 +1,4 @@
{ { config, pkgs, lib, myLib, ... }:
config,
pkgs,
lib,
myLib,
...
}:
with lib; with lib;
let let
cfg = config.aviallon.programs; cfg = config.aviallon.programs;
@ -17,10 +11,7 @@ in
{ {
imports = [ imports = [
./programs ./programs
(mkRenamedOptionModule (mkRenamedOptionModule [ "aviallon" "programs" "compileFlags" ] [ "aviallon" "optimizations" "extraCompileFlags" ])
[ "aviallon" "programs" "compileFlags" ]
[ "aviallon" "optimizations" "extraCompileFlags" ]
)
]; ];
options.aviallon.programs = { options.aviallon.programs = {
@ -32,19 +23,14 @@ in
}; };
allowUnfreeList = mkOption { allowUnfreeList = mkOption {
default = [ ]; default = [ ];
example = [ example = [ "nvidia-x11" "steam" ];
"nvidia-x11"
"steam"
];
description = "Allow specific unfree software to be installed"; description = "Allow specific unfree software to be installed";
type = types.listOf types.str; type = types.listOf types.str;
}; };
config = mkOption { config = mkOption {
default = {}; default = {};
type = types.attrs; type = types.attrs;
example = { example = { cudaSupport = true; };
cudaSupport = true;
};
description = "nixpkgs config settings to be applied to all nixpkgs instances"; description = "nixpkgs config settings to be applied to all nixpkgs instances";
}; };
}; };
@ -53,12 +39,9 @@ in
programs.java.enable = mkDefault (!generalCfg.minimal); programs.java.enable = mkDefault (!generalCfg.minimal);
aviallon.programs.config.allowUnfreePredicate = aviallon.programs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) cfg.allowUnfreeList;
pkg: builtins.elem (lib.getName pkg) cfg.allowUnfreeList;
environment.systemPackages = environment.systemPackages = with pkgs; []
with pkgs;
[ ]
++ [ ++ [
vim vim
wget wget

33
packages/aspm_enable/default.nix
View file

@ -1,13 +1,12 @@
{ {lib
lib, ,bc
bc, ,pciutils
pciutils, ,gnugrep
gnugrep, ,coreutils
coreutils, ,bash
bash, ,writeText
writeText, ,stdenv
stdenv, ,substituteAll
substituteAll,
}: }:
with lib; with lib;
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
@ -27,23 +26,13 @@ stdenv.mkDerivation rec {
substituteAllInPlace $out/bin/aspm_enable; substituteAllInPlace $out/bin/aspm_enable;
''; '';
buildInputs = [ buildInputs = [ pciutils bc coreutils gnugrep ];
pciutils
bc
coreutils
gnugrep
];
meta = { meta = {
description = "A program to forcibly enable PCIe ASPM for compatible devices"; description = "A program to forcibly enable PCIe ASPM for compatible devices";
homepage = "https://wireless.wiki.kernel.org/en/users/Documentation/ASPM"; homepage = "https://wireless.wiki.kernel.org/en/users/Documentation/ASPM";
license = licenses.gpl3Plus; license = licenses.gpl3Plus;
patforms = [ patforms = [ "x86_64-linux" "i686-linux" "aarch64-linux" "mipsel-linux" ];
"x86_64-linux"
"i686-linux"
"aarch64-linux"
"mipsel-linux"
];
maintainers = with maintainers; [ ]; maintainers = with maintainers; [ ];
}; };
} }

1
packages/pinentry.nix
View file

@ -33,3 +33,4 @@ writeShellScriptBin "pinentry" ''
exec ''${pinentryFlavors[$flavor]}/bin/pinentry exec ''${pinentryFlavors[$flavor]}/bin/pinentry
'' ''

62
power.nix
View file

@ -1,17 +1,10 @@
{ { config, pkgs, lib, myLib, ... }:
config,
pkgs,
lib,
myLib,
...
}:
with lib; with lib;
let let
generalCfg = config.aviallon.general; generalCfg = config.aviallon.general;
cfg = config.aviallon.power; cfg = config.aviallon.power;
undervoltType = with types; nullOr (addCheck int (x: (x < 0 && x > -200))); undervoltType = with types; nullOr (addCheck int (x: (x < 0 && x > -200)));
in in {
{
options.aviallon.power = { options.aviallon.power = {
enable = mkOption { enable = mkOption {
default = true; default = true;
@ -23,10 +16,7 @@ in
default = "performance"; default = "performance";
example = "efficiency"; example = "efficiency";
description = "What to optimize towards"; description = "What to optimize towards";
type = types.enum [ type = types.enum [ "performance" "efficiency" ];
"performance"
"efficiency"
];
}; };
powerLimit = { powerLimit = {
enable = mkEnableOption "power limiting"; enable = mkEnableOption "power limiting";
@ -133,18 +123,12 @@ in
users.groups.power = {}; users.groups.power = {};
systemd.services.undervolt-intel = { systemd.services.undervolt-intel = {
script = script = ""
""
+ "${pkgs.undervolt}/bin/undervolt" + "${pkgs.undervolt}/bin/undervolt"
+ (optionalString ( + (optionalString (! isNull cfg.undervolt.cpu.coreOffset ) " --core ${toString cfg.undervolt.cpu.coreOffset}")
!isNull cfg.undervolt.cpu.coreOffset + (optionalString (! isNull cfg.undervolt.cpu.cacheOffset ) " --cache ${toString cfg.undervolt.cpu.cacheOffset}")
) " --core ${toString cfg.undervolt.cpu.coreOffset}") + (optionalString (! isNull cfg.undervolt.cpu.iGPUOffset ) " --gpu ${toString cfg.undervolt.cpu.iGPUOffset}")
+ (optionalString ( ;
!isNull cfg.undervolt.cpu.cacheOffset
) " --cache ${toString cfg.undervolt.cpu.cacheOffset}")
+ (optionalString (
!isNull cfg.undervolt.cpu.iGPUOffset
) " --gpu ${toString cfg.undervolt.cpu.iGPUOffset}");
serviceConfig = { serviceConfig = {
RemainAfterExit = true; RemainAfterExit = true;
}; };
@ -154,15 +138,11 @@ in
}; };
systemd.services.intel-powerlimit-ac = { systemd.services.intel-powerlimit-ac = {
script = script = "${pkgs.undervolt}/bin/undervolt"
"${pkgs.undervolt}/bin/undervolt" + optionalString (! isNull cfg.powerLimit.ac.cpu ) " --power-limit-long ${toString cfg.powerLimit.ac.cpu} 28"
+ optionalString ( + optionalString (! isNull cfg.powerLimit.ac.cpuBoost ) " --power-limit-short ${toString cfg.powerLimit.ac.cpuBoost} 0.1"
!isNull cfg.powerLimit.ac.cpu + optionalString (! isNull cfg.temperature.ac.cpu ) " --temp ${toString cfg.temperature.ac.cpu}"
) " --power-limit-long ${toString cfg.powerLimit.ac.cpu} 28" ;
+ optionalString (
!isNull cfg.powerLimit.ac.cpuBoost
) " --power-limit-short ${toString cfg.powerLimit.ac.cpuBoost} 0.1"
+ optionalString (!isNull cfg.temperature.ac.cpu) " --temp ${toString cfg.temperature.ac.cpu}";
unitConfig = { unitConfig = {
ConditionACPower = true; ConditionACPower = true;
}; };
@ -176,17 +156,11 @@ in
}; };
systemd.services.intel-powerlimit-battery = { systemd.services.intel-powerlimit-battery = {
script = script = "${pkgs.undervolt}/bin/undervolt"
"${pkgs.undervolt}/bin/undervolt" + optionalString (! isNull cfg.powerLimit.battery.cpu ) " --power-limit-long ${toString cfg.powerLimit.battery.cpu} 28"
+ optionalString ( + optionalString (! isNull cfg.powerLimit.battery.cpuBoost ) " --power-limit-short ${toString cfg.powerLimit.battery.cpuBoost} 0.1"
!isNull cfg.powerLimit.battery.cpu + optionalString (! isNull cfg.temperature.battery.cpu ) " --temp ${toString cfg.temperature.battery.cpu}"
) " --power-limit-long ${toString cfg.powerLimit.battery.cpu} 28" ;
+ optionalString (
!isNull cfg.powerLimit.battery.cpuBoost
) " --power-limit-short ${toString cfg.powerLimit.battery.cpuBoost} 0.1"
+ optionalString (
!isNull cfg.temperature.battery.cpu
) " --temp ${toString cfg.temperature.battery.cpu}";
unitConfig = { unitConfig = {
ConditionACPower = false; ConditionACPower = false;
}; };

7
programs/bash.nix
View file

@ -1,9 +1,4 @@
{ { config, pkgs, lib, ... }:
config,
pkgs,
lib,
...
}:
with lib; with lib;
{ {
options.aviallon.programs.bash = { options.aviallon.programs.bash = {

25
programs/firefox.nix
View file

@ -1,27 +1,17 @@
{ {config, pkgs, lib, ...}:
config,
pkgs,
lib,
...
}:
with lib; with lib;
let let
genPrefList = genPrefList = {locked ? false}: prefs:
{
locked ? false,
}:
prefs:
let let
prefFuncName = if locked then "lockPref" else "defaultPref"; prefFuncName = if locked then "lockPref" else "defaultPref";
in in
concatStringsSep "\n" ( concatStringsSep "\n" (
mapAttrsToList ( mapAttrsToList
key: value: ''${prefFuncName}(${builtins.toJSON key}, ${builtins.toJSON value});'' (key: value: ''${prefFuncName}(${builtins.toJSON key}, ${builtins.toJSON value});'' )
) prefs prefs
); );
cfg = config.programs.firefox; cfg = config.programs.firefox;
in in {
{
config = mkIf cfg.enable { config = mkIf cfg.enable {
programs.firefox.wrapperConfig = { programs.firefox.wrapperConfig = {
smartcardSupport = true; smartcardSupport = true;
@ -136,8 +126,7 @@ in
#"privacy.trackingprotection.origin_telemetry.enabled" = false; #"privacy.trackingprotection.origin_telemetry.enabled" = false;
} } // {
// {
"intl.accept_languages" = "fr-fr,en-us,en"; "intl.accept_languages" = "fr-fr,en-us,en";
"intl.locale.requested" = "fr,en-US"; "intl.locale.requested" = "fr,en-US";
"media.eme.enabled" = true; # DRM "media.eme.enabled" = true; # DRM

8
programs/git.nix
View file

@ -1,10 +1,4 @@
{ {config, pkgs, lib, myLib, ...}:
config,
pkgs,
lib,
myLib,
...
}:
with lib; with lib;
{ {
programs.git = { programs.git = {

35
programs/htop.nix
View file

@ -1,9 +1,4 @@
{ {config, pkgs, lib, ...}:
config,
pkgs,
lib,
...
}:
{ {
programs.htop.enable = true; programs.htop.enable = true;
programs.htop.settings = { programs.htop.settings = {
@ -43,29 +38,9 @@
delay = 10; delay = 10;
hide_function_bar = 0; hide_function_bar = 0;
header_layout = "two_50_50"; header_layout = "two_50_50";
column_meters_0 = [ column_meters_0 = [ "AllCPUs" "Memory" "Swap" ];
"AllCPUs" column_meter_modes_0 = [ 1 1 1 ];
"Memory" column_meters_1 = [ "Tasks" "LoadAverage" "Uptime" "DiskIO" "NetworkIO" ];
"Swap" column_meter_modes_1 = [ 2 2 2 2 2 ];
];
column_meter_modes_0 = [
1
1
1
];
column_meters_1 = [
"Tasks"
"LoadAverage"
"Uptime"
"DiskIO"
"NetworkIO"
];
column_meter_modes_1 = [
2
2
2
2
2
];
}; };
} }

42
programs/libreoffice.nix
View file

@ -1,26 +1,14 @@
{ { config, pkgs, lib, myLib, ... }:
config,
pkgs,
lib,
myLib,
...
}:
with lib; with lib;
let let
cfg = config.aviallon.programs.libreoffice; cfg = config.aviallon.programs.libreoffice;
applyOverrides = overrides: pkg: pipe pkg overrides; applyOverrides = overrides: pkg: pipe pkg overrides;
in in {
{
options.aviallon.programs.libreoffice = { options.aviallon.programs.libreoffice = {
enable = mkEnableOption "LibreOffice"; enable = mkEnableOption "LibreOffice";
variant = mkOption { variant = mkOption {
type = type = with types; types.enum [ "still" "fresh" ];
with types;
types.enum [
"still"
"fresh"
];
default = "fresh"; default = "fresh";
description = "Which LibreOffice variant to use"; description = "Which LibreOffice variant to use";
}; };
@ -47,27 +35,19 @@ in
config = mkIf cfg.enable { config = mkIf cfg.enable {
aviallon.programs.libreoffice.package = aviallon.programs.libreoffice.package =
let let
overridesList = overridesList = []
[ ] ++ [(pkg: pkg.override {
++ [
(
pkg:
pkg.override {
variant = cfg.variant; variant = cfg.variant;
} })]
) ++ optional cfg.opencl (pkg: pkg.overrideAttrs (old: {
]
++ optional cfg.opencl (
pkg:
pkg.overrideAttrs (old: {
buildInputs = old.buildInputs ++ [ pkgs.ocl-icd ]; buildInputs = old.buildInputs ++ [ pkgs.ocl-icd ];
}) }))
); ;
in in pkgs.libreoffice.override {
pkgs.libreoffice.override {
unwrapped = applyOverrides overridesList cfg.package'; unwrapped = applyOverrides overridesList cfg.package';
}; };
environment.systemPackages = [ environment.systemPackages = [
cfg.package cfg.package
]; ];

25
programs/nvtop.nix
View file

@ -1,29 +1,13 @@
{ { config, pkgs, lib, myLib, ... }:
config,
pkgs,
lib,
myLib,
...
}:
with lib; with lib;
let let
cfg = config.aviallon.programs.nvtop; cfg = config.aviallon.programs.nvtop;
in in {
{
options.aviallon.programs.nvtop = { options.aviallon.programs.nvtop = {
enable = mkEnableOption "nvtop"; enable = mkEnableOption "nvtop";
backend = mkOption { backend = mkOption {
description = "Which backend to enable"; description = "Which backend to enable";
type = type = with types; listOf (enum [ "nvidia" "amd" "intel" "panthor" "panfrost" "msm" ]);
with types;
listOf (enum [
"nvidia"
"amd"
"intel"
"panthor"
"panfrost"
"msm"
]);
default = [ "amd" ]; default = [ "amd" ];
}; };
@ -41,8 +25,7 @@ in
aviallon.programs.nvtop.package = mkDefault ( aviallon.programs.nvtop.package = mkDefault (
if (length cfg.backend > 1) then if (length cfg.backend > 1) then
pkgs.nvtopPackages.full pkgs.nvtopPackages.full
else else pkgs.nvtopPackages.${elemAt cfg.backend 0}
pkgs.nvtopPackages.${elemAt cfg.backend 0}
); );
environment.systemPackages = [ environment.systemPackages = [

10
security/encryption.nix
View file

@ -1,14 +1,8 @@
{ { config, pkgs, lib, ... }:
config,
pkgs,
lib,
...
}:
with lib; with lib;
let let
cfg = config.aviallon.security.encryption; cfg = config.aviallon.security.encryption;
in in {
{
options.aviallon.security.encryption = { options.aviallon.security.encryption = {
enable = mkEnableOption "encryption-related tools and programs"; enable = mkEnableOption "encryption-related tools and programs";
cryptsetup.package = mkOption { cryptsetup.package = mkOption {

45
security/hardening.nix
View file

@ -1,9 +1,4 @@
{ { config, pkgs, lib, ... }:
config,
pkgs,
lib,
...
}:
with lib; with lib;
let let
cfg = config.aviallon.hardening; cfg = config.aviallon.hardening;
@ -37,18 +32,11 @@ in
}; };
imports = [ imports = [
(mkRemovedOptionModule [ (mkRemovedOptionModule [ "aviallon" "hardening" "services" "dbus" ] "dbus should use AppArmor hardening instead")
"aviallon"
"hardening"
"services"
"dbus"
] "dbus should use AppArmor hardening instead")
]; ];
config = mkIf cfg.enable { config = mkIf cfg.enable {
aviallon.boot.kernel.package = mkIf cfg.hardcore ( aviallon.boot.kernel.package = mkIf cfg.hardcore (mkDefault pkgs.linuxKernel.kernels.linux_hardened);
mkDefault pkgs.linuxKernel.kernels.linux_hardened
);
security.lockKernelModules = mkIf cfg.hardcore (mkQuasiForce true); security.lockKernelModules = mkIf cfg.hardcore (mkQuasiForce true);
# security.protectKernelImage = mkIf cfg.hardcore (mkOverride 500 false); # needed for kexec # security.protectKernelImage = mkIf cfg.hardcore (mkOverride 500 false); # needed for kexec
@ -56,26 +44,27 @@ in
security.sudo.execWheelOnly = true; security.sudo.execWheelOnly = true;
services.openssh.settings.PermitRootLogin = if cfg.hardcore then "no" else "prohibit-password"; services.openssh.settings.PermitRootLogin =
if cfg.hardcore then
"no"
else "prohibit-password";
security.apparmor.enable = true; security.apparmor.enable = true;
services.dbus.apparmor = "enabled"; services.dbus.apparmor = "enabled";
aviallon.boot.cmdline = { aviallon.boot.cmdline = {
"lsm" = [ "lsm" = [ "landlock" ]
"landlock"
]
++ optional cfg.hardcore "lockdown" ++ optional cfg.hardcore "lockdown"
++ [ "yama" ] ++ [ "yama" ]
# Apparmor https://wiki.archlinux.org/title/AppArmor#Installation # Apparmor https://wiki.archlinux.org/title/AppArmor#Installation
++ optionals config.security.apparmor.enable [ "apparmor" ] ++ optionals config.security.apparmor.enable [ "apparmor" ]
++ [ "bpf" ]; ++ [ "bpf" ]
;
"lockdown" = if cfg.hardcore then "confidentiality" else "integrity"; "lockdown" = if cfg.hardcore then "confidentiality" else "integrity";
# Vsyscall page not readable (default is "emulate". "none" might break statically-linked binaries.) # Vsyscall page not readable (default is "emulate". "none" might break statically-linked binaries.)
vsyscall = mkIf cfg.hardcore "xonly"; vsyscall = mkIf cfg.hardcore "xonly";
} } // (ifEnable cfg.expensive {
// (ifEnable cfg.expensive {
# Slab/slub sanity checks, redzoning, and poisoning # Slab/slub sanity checks, redzoning, and poisoning
"init_on_alloc" = 1; "init_on_alloc" = 1;
"init_on_free" = 1; "init_on_free" = 1;
@ -113,11 +102,9 @@ in
security.audit.enable = mkDefault true; security.audit.enable = mkDefault true;
security.auditd.enable = mkQuasiForce false; security.auditd.enable = mkQuasiForce false;
systemd.services.systemd-journald = systemd.services.systemd-journald = let
let
rules = pkgs.writeText "audit.rules" (concatStringsSep "\n" config.security.audit.rules); rules = pkgs.writeText "audit.rules" (concatStringsSep "\n" config.security.audit.rules);
in in mkIf config.security.audit.enable {
mkIf config.security.audit.enable {
serviceConfig = { serviceConfig = {
#ExecStartPre = "-${pkgs.audit}/bin/augenrules --load"; #ExecStartPre = "-${pkgs.audit}/bin/augenrules --load";
ExecStartPre = ''-${pkgs.audit}/bin/auditctl -R ${rules} -e 1 -f 1 -r 1000 -b 64''; ExecStartPre = ''-${pkgs.audit}/bin/auditctl -R ${rules} -e 1 -f 1 -r 1000 -b 64'';
@ -127,8 +114,7 @@ in
path = [ pkgs.audit ]; path = [ pkgs.audit ];
}; };
security.audit.rules = security.audit.rules = []
[ ]
++ [ ++ [
"-A exclude,always -F msgtype=SERVICE_START" "-A exclude,always -F msgtype=SERVICE_START"
"-A exclude,always -F msgtype=SERVICE_STOP" "-A exclude,always -F msgtype=SERVICE_STOP"
@ -141,7 +127,8 @@ in
"-a exit,always -F arch=b64 -C auid!=euid -F auid!=unset -F euid=0 -S execve -k privesc_execve" "-a exit,always -F arch=b64 -C auid!=euid -F auid!=unset -F euid=0 -S execve -k privesc_execve"
"-a exit,always -F arch=b32 -C auid!=euid -F auid!=unset -F euid=0 -S execve -k privesc_execve" "-a exit,always -F arch=b32 -C auid!=euid -F auid!=unset -F euid=0 -S execve -k privesc_execve"
] ]
++ optional cfg.expensive "-a exit,always -F arch=b64 -S execve -k execve_calls"; ++ optional cfg.expensive "-a exit,always -F arch=b64 -S execve -k execve_calls"
;
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
sbctl # Secure Boot keys generation sbctl # Secure Boot keys generation

20
security/tpm.nix
View file

@ -1,18 +1,10 @@
{ {config, pkgs, lib, ...}:
config,
pkgs,
lib,
...
}:
with lib; with lib;
let let
cfg = config.aviallon.security.tpm; cfg = config.aviallon.security.tpm;
in in {
{
options.aviallon.security.tpm = { options.aviallon.security.tpm = {
enable = (mkEnableOption "TPM") // { enable = (mkEnableOption "TPM") // { default = true; };
default = true;
};
tpm1_2.enable = mkEnableOption "TPM 1.2 support"; tpm1_2.enable = mkEnableOption "TPM 1.2 support";
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
@ -24,16 +16,14 @@ in
environment.systemPackages = [ environment.systemPackages = [
pkgs.tpm2-tools pkgs.tpm2-tools
] ] ++ optional cfg.tpm1_2.enable pkgs.tpm-tools;
++ optional cfg.tpm1_2.enable pkgs.tpm-tools;
services.tcsd = mkIf cfg.tpm1_2.enable { services.tcsd = mkIf cfg.tpm1_2.enable {
enable = true; enable = true;
}; };
boot.initrd.availableKernelModules = [ boot.initrd.availableKernelModules = [
"tpm_tis" "tpm_tis" "tpm_crb"
"tpm_crb"
]; ];
}; };
} }

107
services/general.nix
View file

@ -1,9 +1,4 @@
{ { config, pkgs, lib, ... }:
config,
pkgs,
lib,
...
}:
with lib; with lib;
let let
cfg = config.aviallon.services; cfg = config.aviallon.services;
@ -11,28 +6,23 @@ let
laptopCfg = config.aviallon.laptop; laptopCfg = config.aviallon.laptop;
generalCfg = config.aviallon.general; generalCfg = config.aviallon.general;
journaldConfigValue = journaldConfigValue = value:
value: if value == true then "true"
if value == true then else if value == false then "false"
"true" else if isList value then toString value
else if value == false then else generators.mkValueStringDefault { } value;
"false"
else if isList value then
toString value
else
generators.mkValueStringDefault { } value;
isNullOrEmpty = v: (v == null) || (isList v && (length v == 0)); isNullOrEmpty = v: (v == null) ||
(isList v && (length v == 0));
journaldConfig = journaldConfig = settings: (generators.toKeyValue {
settings:
(generators.toKeyValue {
mkKeyValue = generators.mkKeyValueDefault { mkKeyValue = generators.mkKeyValueDefault {
mkValueString = journaldConfigValue; mkValueString = journaldConfigValue;
} "="; } "=";
} (filterAttrs (n: v: !(isNullOrEmpty v)) settings)); } (filterAttrs (n: v: !(isNullOrEmpty v))
in settings)
{ );
in {
options.aviallon.services = { options.aviallon.services = {
enable = mkOption { enable = mkOption {
@ -45,13 +35,7 @@ in
journald.extraConfig = mkOption { journald.extraConfig = mkOption {
default = {}; default = {};
example = {}; example = {};
type = type = with types; attrsOf (oneOf [ bool int str ]);
with types;
attrsOf (oneOf [
bool
int
str
]);
description = "Add extra config to journald with Nix language"; description = "Add extra config to journald with Nix language";
}; };
}; };
@ -87,22 +71,21 @@ in
environment.systemPackages = with pkgs; [ waypipe ]; environment.systemPackages = with pkgs; [ waypipe ];
# Better reliability and performance # Better reliability and performance
services.dbus.implementation = "broker"; services.dbus.implementation = "broker";
networking.firewall.allowedTCPPorts = [ 22 ]; networking.firewall.allowedTCPPorts = [ 22 ];
networking.firewall.allowedUDPPorts = [ networking.firewall.allowedUDPPorts = [ 22 5353 ];
22
5353
];
services.rsyncd.enable = !desktopCfg.enable; services.rsyncd.enable = !desktopCfg.enable;
services.fstrim.enable = true; services.fstrim.enable = true;
services.haveged.enable = ( services.haveged.enable = (builtins.compareVersions config.boot.kernelPackages.kernel.version "5.6" < 0);
builtins.compareVersions config.boot.kernelPackages.kernel.version "5.6" < 0
);
services.irqbalance.enable = true; services.irqbalance.enable = true;
@ -120,38 +103,23 @@ in
loglevel = "info"; loglevel = "info";
cgroup_realtime_workaround = false; cgroup_realtime_workaround = false;
}; };
services.ananicy.extraRules = concatStringsSep "\n" ( services.ananicy.extraRules = concatStringsSep "\n" ( forEach [
forEach [ { name = "cp";
{ type = "BG_CPUIO"; }
name = "cp"; { name = "nix-build";
type = "BG_CPUIO"; type = "BG_CPUIO"; }
} { name = "nix-store";
{ type = "BG_CPUIO"; }
name = "nix-build"; { name = "nix-collect-garbage";
type = "BG_CPUIO"; type = "BG_CPUIO"; }
} { name = "nix";
{ type = "BG_CPUIO"; }
name = "nix-store"; { name = "X";
type = "BG_CPUIO"; type = "LowLatency_RT"; }
} { name = "htop";
{ type = "LowLatency_RT"; }
name = "nix-collect-garbage"; ] (x: builtins.toJSON x));
type = "BG_CPUIO";
}
{
name = "nix";
type = "BG_CPUIO";
}
{
name = "X";
type = "LowLatency_RT";
}
{
name = "htop";
type = "LowLatency_RT";
}
] (x: builtins.toJSON x)
);
# Enusre low-latency response for this time-critical service # Enusre low-latency response for this time-critical service
systemd.services."hdapsd@" = { systemd.services."hdapsd@" = {
@ -190,6 +158,7 @@ in
MulticastDNS = false; MulticastDNS = false;
}; };
services.nginx = { services.nginx = {
recommendedProxySettings = true; recommendedProxySettings = true;
recommendedGzipSettings = true; recommendedGzipSettings = true;

10
services/gnupg.nix
View file

@ -1,17 +1,11 @@
{ { config, pkgs, lib, ... }:
config,
pkgs,
lib,
...
}:
with lib; with lib;
let let
gpgNoTTY = pkgs.writeShellScriptBin "gpg-no-tty" '' gpgNoTTY = pkgs.writeShellScriptBin "gpg-no-tty" ''
exec ${pkgs.gnupg}/bin/gpg --batch --no-tty "$@" exec ${pkgs.gnupg}/bin/gpg --batch --no-tty "$@"
''; '';
pinentrySwitcher = pkgs.callPackage ../packages/pinentry.nix {}; pinentrySwitcher = pkgs.callPackage ../packages/pinentry.nix {};
in in {
{
config = { config = {
programs.gnupg = { programs.gnupg = {

28
services/jupyterhub.nix
View file

@ -1,9 +1,4 @@
{ {config, pkgs, lib, ...}:
config,
pkgs,
lib,
...
}:
with lib; with lib;
let let
cfg = config.aviallon.services.jupyterhub; cfg = config.aviallon.services.jupyterhub;
@ -16,11 +11,8 @@ in
config = mkIf cfg.enable { config = mkIf cfg.enable {
services.jupyterhub = { services.jupyterhub = {
enable = true; enable = true;
kernels.python3 = kernels.python3 = let
let env = (pkgs.python3.withPackages (pythonPackages: with pythonPackages; [
env = (
pkgs.python3.withPackages (
pythonPackages: with pythonPackages; [
ipykernel ipykernel
pandas pandas
scikit-learn scikit-learn
@ -28,11 +20,8 @@ in
matplotlib matplotlib
numpy numpy
pip pip
] ]));
) in {
);
in
{
displayName = "Python 3 for machine learning"; displayName = "Python 3 for machine learning";
argv = [ argv = [
"${env.interpreter}" "${env.interpreter}"
@ -52,12 +41,7 @@ in
}; };
services.nginx.virtualHosts = { services.nginx.virtualHosts = {
"jupyterhub.localhost" = { "jupyterhub.localhost" = {
listen = [ listen = [ { addr = "0.0.0.0"; port = 80; } ];
{
addr = "0.0.0.0";
port = 80;
}
];
locations."/" = { locations."/" = {
proxyPass = "http://localhost:${toString config.services.jupyterhub.port}"; proxyPass = "http://localhost:${toString config.services.jupyterhub.port}";
proxyWebsockets = true; proxyWebsockets = true;

12
windows/wine.nix
View file

@ -1,20 +1,14 @@
{ { config, pkgs, lib, ... }:
config,
pkgs,
lib,
...
}:
with lib; with lib;
let let
cfg = config.aviallon.windows.wine; cfg = config.aviallon.windows.wine;
in in {
{
options.aviallon.windows.wine = { options.aviallon.windows.wine = {
enable = mkEnableOption "windows executable support on Linux"; enable = mkEnableOption "windows executable support on Linux";
package = mkOption { package = mkOption {
description = "Wine package to use"; description = "Wine package to use";
type = types.package; type = types.package;
default = pkgs.wineWow64Packages.waylandFull; default = pkgs.wineWowPackages.waylandFull;
example = pkgs.winePackages.stable; example = pkgs.winePackages.stable;
}; };
}; };