aviallon/nixos-lib
1
0
Fork 0
mirror of https://github.com/aviallon/nixos-lib.git synced 2026-04-05 17:27:50 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Compare commits

base: aviallon:9737dfe1c0c49b470c9e61731cdb7d985a312be9
Branches Tags
aviallon:main
aviallon:feature/attrset-merge-with-prio
...
compare: aviallon:5be1c37d3cede53a5f196b726a97b3a81bbe84a8
Branches Tags
aviallon:main
aviallon:feature/attrset-merge-with-prio

4 commits
9737dfe1c0 ... 5be1c37d3c

Author SHA1 Message Date
Antoine VIALLON
5be1c37d3c
fix(windows): use wineWow64Packages as default, since wineWowPackages is removed 2026-03-22 21:58:01 +01:00
Antoine VIALLON
ae5764f2e6
dev(git): update git blame ignore revs 2026-03-22 21:56:58 +01:00
Antoine VIALLON
bf219a30c2
fix(lint): nixfmt the whole tree 2026-03-22 21:56:13 +01:00
Antoine VIALLON
643b136863
fix(overlays): comment-out linux-manual override as it was causing build failures + apply nixfmt 2026-03-22 21:54:37 +01:00
71 changed files with 2786 additions and 1857 deletions
Download patch file Download diff file Expand all files Collapse all files

1
.git-blame-ignore-revs Normal file
View file

@ -0,0 +1 @@
bf219a30c29cf3ce35a2d4f1a34ddf17aec32be1

620
boot.nix
View file

@ -1,4 +1,11 @@
{ config, pkgs, lib, myLib, options, ... }: {
config,
pkgs,
lib,
myLib,
options,
...
}:
with lib; with lib;
let let
customKernelPatches = { customKernelPatches = {
@ -14,7 +21,7 @@ let
ZRAM_DEF_COMP_ZSTD y ZRAM_DEF_COMP_ZSTD y
''; '';
}; };
enableX32ABI = { enableX32ABI = {
name = "enable-x32"; name = "enable-x32";
patch = null; patch = null;
@ -41,78 +48,126 @@ let
patch = ./remove-kernel-drm.patch; patch = ./remove-kernel-drm.patch;
}; };
backports = { backports = {
}; };
optimizeForCPUArch = arch: let
archConfigMap = {
"k8" = "K8"; "opteron" = "K8"; "athlon64" = "K8"; "athlon-fx" = "K8";
"k8-sse3" = "K8SSE3"; "opteron-sse3" = "K8SSE3"; "athlon64-sse3" = "K8SSE3";
"znver1" = "ZEN"; "znver2" = "ZEN2"; "znver3" = "ZEN3"; "znver4" = "ZEN3";
"bdver1" = "BULLDOZER"; "bdver2" = "PILEDRIVER"; "bdver3" = "STEAMROLLER"; "bdver4" = "EXCAVATOR";
"barcelona" = "BARCELONA"; "amdfam10" = "BARCELONA";
"btver1" = "BOBCAT"; "btver2" = "JAGUAR";
"rocketlake" = "ROCKETLAKE"; "alderlake" = "ALDERLAKE"; optimizeForCPUArch =
"sapphirerapids" = "SAPPHIRERAPIDS"; "tigerlake" = "TIGERLAKE"; "cooperlake" = "COOPERLAKE"; arch:
"cascadelake" = "CASCADELAKE"; "icelake-server" = "ICELAKE"; "icelake-client" = "ICELAKE"; let
"cannonlake" = "CANNONLAKE"; "skylake-avx512" = "SKYLAKEX"; archConfigMap = {
"tremont" = "GOLDMONTPLUS"; "goldmont-plus" = "GOLDMONTPLUS"; "goldmont" = "GOLDMONT"; "k8" = "K8";
"silvermont" = "SILVERMONT"; "bonnel" = "GENERIC_CPU"; "skylake" = "SKYLAKE"; "opteron" = "K8";
"broadwell" = "BROADWELL"; "haswell" = "HASWELL"; "athlon64" = "K8";
"ivybridge" = "IVYBRIDGE"; "sandybridge" = "SANDYBRIDGE"; "athlon-fx" = "K8";
"westmere" = "WESTMERE"; "nehalem" = "NEHALEM"; "k8-sse3" = "K8SSE3";
"core2" = "CORE2"; "opteron-sse3" = "K8SSE3";
"nocona" = "PSC"; "prescott" = "PSC"; "pentium4m" = "PSC"; "pentium4" = "PSC"; "athlon64-sse3" = "K8SSE3";
"znver1" = "ZEN";
"znver2" = "ZEN2";
"znver3" = "ZEN3";
"znver4" = "ZEN3";
"bdver1" = "BULLDOZER";
"bdver2" = "PILEDRIVER";
"bdver3" = "STEAMROLLER";
"bdver4" = "EXCAVATOR";
"barcelona" = "BARCELONA";
"amdfam10" = "BARCELONA";
"btver1" = "BOBCAT";
"btver2" = "JAGUAR";
"nano-3000" = "GENERIC_CPU2"; "nano-x2" = "GENERIC_CPU2"; "nano-x4" = "GENERIC_CPU2"; "rocketlake" = "ROCKETLAKE";
"alderlake" = "ALDERLAKE";
"lujiazui" = "GENERIC_CPU2"; "sapphirerapids" = "SAPPHIRERAPIDS";
"tigerlake" = "TIGERLAKE";
"native" = "NATIVE_INTEL"; "x86-64-v2" = "GENERIC_CPU2"; "x86-64-v3" = "GENERIC_CPU3"; "x86-64-v4" = "GENERIC_CPU4"; "cooperlake" = "COOPERLAKE";
"cascadelake" = "CASCADELAKE";
"icelake-server" = "ICELAKE";
"icelake-client" = "ICELAKE";
"cannonlake" = "CANNONLAKE";
"skylake-avx512" = "SKYLAKEX";
"tremont" = "GOLDMONTPLUS";
"goldmont-plus" = "GOLDMONTPLUS";
"goldmont" = "GOLDMONT";
"silvermont" = "SILVERMONT";
"bonnel" = "GENERIC_CPU";
"skylake" = "SKYLAKE";
"broadwell" = "BROADWELL";
"haswell" = "HASWELL";
"ivybridge" = "IVYBRIDGE";
"sandybridge" = "SANDYBRIDGE";
"westmere" = "WESTMERE";
"nehalem" = "NEHALEM";
"core2" = "CORE2";
"nocona" = "PSC";
"prescott" = "PSC";
"pentium4m" = "PSC";
"pentium4" = "PSC";
"nano-3000" = "GENERIC_CPU2";
"nano-x2" = "GENERIC_CPU2";
"nano-x4" = "GENERIC_CPU2";
"lujiazui" = "GENERIC_CPU2";
"native" = "NATIVE_INTEL";
"x86-64-v2" = "GENERIC_CPU2";
"x86-64-v3" = "GENERIC_CPU3";
"x86-64-v4" = "GENERIC_CPU4";
};
archToConfig =
arch:
if (hasAttr arch archConfigMap) then
archConfigMap."${arch}"
else
trace "Warning: '${arch}' not recognized, building for generic CPU" "GENERIC_CPU";
in
{
name = "optimize-for-${arch}";
patch = null;
extraConfig = ''
M${archToConfig arch} y
'';
}; };
archToConfig = arch:
if (hasAttr arch archConfigMap) then archConfigMap."${arch}"
else trace "Warning: '${arch}' not recognized, building for generic CPU" "GENERIC_CPU"
;
in {
name = "optimize-for-${arch}";
patch = null;
extraConfig = ''
M${archToConfig arch} y
'';
};
}; };
toCmdlineValue = v: if (isBool v) then (if v then "y" else "n") toCmdlineValue =
else if (isInt v || isString v) then (toString v) v:
else if (isList v) then (concatStringsSep "," v) if (isBool v) then
else throw "Invalid value for kernel cmdline parameter"; (if v then "y" else "n")
else if (isInt v || isString v) then
(toString v)
else if (isList v) then
(concatStringsSep "," v)
else
throw "Invalid value for kernel cmdline parameter";
toCmdlineList = set: mapAttrsToList toCmdlineList =
(key: value: set:
if (isNull value) then mapAttrsToList (
null key: value:
else if (value == "") then if (isNull value) then
"${key}" null
else else if (value == "") then
"${key}=${toCmdlineValue value}" "${key}"
) set; else
"${key}=${toCmdlineValue value}"
) set;
isXanmod = kernel: ! isNull (strings.match ".*(xanmod).*" kernel.modDirVersion); isXanmod = kernel: !isNull (strings.match ".*(xanmod).*" kernel.modDirVersion);
kernelVersionOlder = ver: versionOlder cfg.kernel.package.version ver; kernelVersionOlder = ver: versionOlder cfg.kernel.package.version ver;
cfg = config.aviallon.boot; cfg = config.aviallon.boot;
generalCfg = config.aviallon.general; generalCfg = config.aviallon.general;
allowUnfree = (types.isType types.attrs config.nixpkgs.config) allowUnfree =
&& (hasAttr "allowUnfree" config.nixpkgs.config) (types.isType types.attrs config.nixpkgs.config)
&& (getAttr "allowUnfree" config.nixpkgs.config); && (hasAttr "allowUnfree" config.nixpkgs.config)
&& (getAttr "allowUnfree" config.nixpkgs.config);
cpuConfig = config.aviallon.general.cpu; cpuConfig = config.aviallon.general.cpu;
in { in
{
options.aviallon.boot = { options.aviallon.boot = {
enable = mkOption { enable = mkOption {
@ -128,29 +183,28 @@ in {
type = types.bool; type = types.bool;
}; };
x32abi.enable = mkEnableOption "X32 kernel ABI"; x32abi.enable = mkEnableOption "X32 kernel ABI";
kvdo.enable = mkEnableOption "dm-kvdo kernel module"; kvdo.enable = mkEnableOption "dm-kvdo kernel module";
rtGroupSched.enable = mkEnableOption "RT cgroups"; # Breaks standard way of setting RT sched policy to processes rtGroupSched.enable = mkEnableOption "RT cgroups"; # Breaks standard way of setting RT sched policy to processes
energyModel.enable = mkEnableOption "Energy Model"; energyModel.enable = mkEnableOption "Energy Model";
patches = { patches = {
amdClusterId.enable = mkEnableOption "Energy Model"; amdClusterId.enable = mkEnableOption "Energy Model";
}; };
efi = mkOption rec { efi = mkOption rec {
description = "Use EFI bootloader"; description = "Use EFI bootloader";
example = true; example = true;
type = with types; bool; type = with types; bool;
}; };
legacy = mkOption rec { legacy = mkOption rec {
description = "Use legacy bootloader"; description = "Use legacy bootloader";
default = !cfg.efi; default = !cfg.efi;
example = true; example = true;
type = with types; bool; type = with types; bool;
}; };
configurationLimit = mkOption { configurationLimit = mkOption {
description = "Maximum number of generations in the boot menu"; description = "Maximum number of generations in the boot menu";
default = 3; default = 3;
@ -161,12 +215,19 @@ in {
cmdline = mkOption { cmdline = mkOption {
description = "Kernel params as attributes (instead of list). Set a parameter to `null` to remove it."; description = "Kernel params as attributes (instead of list). Set a parameter to `null` to remove it.";
default = { }; default = { };
example = { "i915.fastboot" = true; }; example = {
type = with types; lazyAttrsOf ( "i915.fastboot" = true;
nullOr ( };
oneOf [ bool int str (listOf str) ] type =
) with types;
); lazyAttrsOf (
nullOr (oneOf [
bool
int
str
(listOf str)
])
);
}; };
kernel = { kernel = {
@ -179,16 +240,20 @@ in {
addAttributes = mkOption { addAttributes = mkOption {
description = "Merge specified attributes to kernel derivation (via special overideAttrs)"; description = "Merge specified attributes to kernel derivation (via special overideAttrs)";
default = {}; default = { };
type = with types; attrs; type = with types; attrs;
example = { KCFLAGS = "-Wall"; }; example = {
KCFLAGS = "-Wall";
};
}; };
addOptimizationAttributes = mkOption { addOptimizationAttributes = mkOption {
description = "Merge specified attributes to kernel derivation IF aviallon.optimizations.enabled is true"; description = "Merge specified attributes to kernel derivation IF aviallon.optimizations.enabled is true";
default = {}; default = { };
type = with types; attrs; type = with types; attrs;
example = { KCFLAGS = "-O3 -fipa-pta"; }; example = {
KCFLAGS = "-O3 -fipa-pta";
};
}; };
}; };
@ -196,216 +261,233 @@ in {
}; };
imports = [ imports = [
( mkRemovedOptionModule [ "aviallon" "boot" "extraKCflags" ] "Replaced by aviallon.boot.kernel.addOptimizationAttributes attrset" ) (mkRemovedOptionModule [
( mkRemovedOptionModule [ "aviallon" "boot" "loops_per_jiffies" ] "Actually unused by the kernel" ) "aviallon"
"boot"
"extraKCflags"
] "Replaced by aviallon.boot.kernel.addOptimizationAttributes attrset")
(mkRemovedOptionModule [ "aviallon" "boot" "loops_per_jiffies" ] "Actually unused by the kernel")
]; ];
config = mkMerge [ config = mkMerge [
{ {
assertions = [ assertions = [
{ assertion = cfg.efi -> !cfg.legacy; {
message = "exactly one of aviallon.boot.efi and aviallon.boot.legacy must be set"; assertion = cfg.efi -> !cfg.legacy;
} message = "exactly one of aviallon.boot.efi and aviallon.boot.legacy must be set";
{ assertion = cfg.legacy -> cfg.useGrub; }
message = "Using GRUB is mandatory for legacy BIOS"; {
} assertion = cfg.legacy -> cfg.useGrub;
]; message = "Using GRUB is mandatory for legacy BIOS";
}
];
boot.kernelParams = filter (v: ! (isNull v)) (toCmdlineList cfg.cmdline); boot.kernelParams = filter (v: !(isNull v)) (toCmdlineList cfg.cmdline);
} }
(mkIf cfg.enable { (mkIf cfg.enable {
hardware.enableAllFirmware = allowUnfree;
hardware.enableRedistributableFirmware = true;
aviallon.boot.cmdline = { hardware.enableAllFirmware = allowUnfree;
"syscall.x32" = mkIf cfg.x32abi.enable true; hardware.enableRedistributableFirmware = true;
# Reboot after 5 seconds on panic (prevent system lockup) aviallon.boot.cmdline = {
"panic" = 5; "syscall.x32" = mkIf cfg.x32abi.enable true;
# From systemd(1): systemd.show_status # Reboot after 5 seconds on panic (prevent system lockup)
# Takes a boolean argument or the constants error and auto. Can be also specified without an argument, with the same effect as a positive boolean. If enabled, the systemd manager (PID 1) shows "panic" = 5;
# terse service status updates on the console during bootup. With error, only messages about failures are shown, but boot is otherwise quiet. auto behaves like false until there is a significant
# delay in boot. Defaults to enabled, unless quiet is passed as kernel command line option, in which case it defaults to error.
"systemd.show_status" =
if config.boot.consoleLogLevel <= 1 then
"no"
else if config.boot.consoleLogLevel < 4 then
"error"
else if config.boot.consoleLogLevel == 4 then
"auto"
else
"yes"
;
# 'quiet' is required to silence systemd-efi-stub messages # From systemd(1): systemd.show_status
"quiet" = mkIf (config.boot.consoleLogLevel <= 4) true; # Takes a boolean argument or the constants error and auto. Can be also specified without an argument, with the same effect as a positive boolean. If enabled, the systemd manager (PID 1) shows
}; # terse service status updates on the console during bootup. With error, only messages about failures are shown, but boot is otherwise quiet. auto behaves like false until there is a significant
# delay in boot. Defaults to enabled, unless quiet is passed as kernel command line option, in which case it defaults to error.
nixpkgs.overlays = [(final: prev: { "systemd.show_status" =
# Use bleeding-edge linux firmware if config.boot.consoleLogLevel <= 1 then
linux-firmware = prev.unstable.linux-firmware; "no"
})]; else if config.boot.consoleLogLevel < 4 then
"error"
boot = { else if config.boot.consoleLogLevel == 4 then
bootspec.enableValidation = true; "auto"
initrd.kernelModules = [ ];
initrd.availableKernelModules = [ "ehci_pci" ];
# Required for many features, like rootluks TPM-unlock, etc.
initrd.systemd.enable = true;
initrd.compressor = "zstd";
initrd.compressorArgs = [ "-T0" "-9" ];
kernelPackages = with myLib.debug; let
baseKernel = traceValWithPrefix "aviallon.boot.kernel.package" cfg.kernel.package;
# Possible CFLAGS source : (myLib.optimizations.makeOptimizationFlags {}).CFLAGS
kCflags = traceValWithPrefix "kCflags" (
[
"-march=${cpuConfig.arch}"
"-mtune=${cpuConfig.tune or cpuConfig.arch}"
]
++ optional (! isNull cpuConfig.caches.lastLevel ) "--param l2-cache-size=${toString cpuConfig.caches.lastLevel}"
++ optional (! isNull cpuConfig.caches.l1d ) "--param l1-cache-size=${toString cpuConfig.caches.l1d}"
);
kRustflags = traceValWithPrefix "kRustflags" (
[
"-Ctarget-cpu=${cpuConfig.arch}"
"-Ctune-cpu=${cpuConfig.tune or cpuConfig.arch}"
]
);
optimizedKernelAttrs = traceValWithPrefix "optimizedKernelAttrs" (
optionalAttrs config.aviallon.optimizations.enable (
myLib.attrsets.mergeAttrsRecursive
{
env = {
KCFLAGS = kCflags;
KRUSTFLAGS = kRustflags;
};
}
(traceValWithPrefix "aviallon.boot.kernel.addOptimizationAttributes" cfg.kernel.addOptimizationAttributes)
)
);
moddedKernelAttrs = traceValWithPrefix "moddedKernelAttrs" (
myLib.attrsets.mergeAttrsRecursive (traceValWithPrefix "aviallon.boot.kernel.addAttributes" cfg.kernel.addAttributes) optimizedKernelAttrs
);
noDRMKernel =
if cfg.removeKernelDRM then
baseKernel.overrideAttrs (old: {
passthru = baseKernel.passthru;
nativeBuildInputs = old.nativeBuildInputs ++ [ pkgs.gnused ];
postPatch = (old.postPatch or "") + ''
sed -i -e 's/_EXPORT_SYMBOL(sym, "_gpl")/_EXPORT_SYMBOL(sym, "")/g' -e 's/__EXPORT_SYMBOL(sym, "_gpl", __stringify(ns))/__EXPORT_SYMBOL(sym, "", __stringify(ns))/g' include/linux/export.h
'';
})
else else
baseKernel "yes";
;
moddedKernel = myLib.optimizations.addAttrs noDRMKernel moddedKernelAttrs; # 'quiet' is required to silence systemd-efi-stub messages
"quiet" = mkIf (config.boot.consoleLogLevel <= 4) true;
#patchedKernel =
# if (length config.boot.kernelPatches > 0) then
# moddedKernel.override (old: {
# structuredExtraConfig = mergeAttrs [ (old.structuredExtraConfig or {}) config.boot.kernelPatches.extraStructuredConfig ];
# })
# else
# moddedKernel
# ;
in mkOverride 2 (pkgs.linuxPackagesFor noDRMKernel);
kernelPatches = []
++ optional cfg.x32abi.enable customKernelPatches.enableX32ABI
++ optional cfg.rtGroupSched.enable customKernelPatches.enableRTGroupSched
++ optional cfg.energyModel.enable customKernelPatches.enableEnergyModel
++ optional (isXanmod cfg.kernel.package && config.aviallon.optimizations.enable) (customKernelPatches.optimizeForCPUArch config.aviallon.general.cpu.arch)
++ optional config.aviallon.optimizations.enable customKernelPatches.zstd
;
# Hide boot menu for systemd-boot by default
loader.timeout = mkIf (!cfg.useGrub) 0;
loader.grub.enable = cfg.useGrub;
loader.grub = {
device = mkIf cfg.efi "nodev";
efiSupport = cfg.efi;
configurationLimit = cfg.configurationLimit;
gfxpayloadBios = "keep";
}; };
loader.systemd-boot = { nixpkgs.overlays = [
enable = cfg.efi && (!cfg.useGrub); (final: prev: {
configurationLimit = cfg.configurationLimit; # Use bleeding-edge linux firmware
consoleMode = mkDefault "max"; linux-firmware = prev.unstable.linux-firmware;
extraInstallCommands = let })
efiDir = config.boot.loader.efi.efiSysMountPoint; ];
in ''
export PATH="$PATH:${getBin pkgs.coreutils-full}/bin:${getBin pkgs.gnused}/bin" boot = {
rpath= bootspec.enableValidation = true;
generation=
specialization= initrd.kernelModules = [ ];
boot_generation_path=$(realpath /run/booted-system) initrd.availableKernelModules = [ "ehci_pci" ];
for path in /nix/var/nix/profiles/system-*-link; do
rpath=$(realpath "$path") # Required for many features, like rootluks TPM-unlock, etc.
ok=false initrd.systemd.enable = true;
if [ "$rpath" = "$boot_generation_path" ]; then
echo "Good path: $path" initrd.compressor = "zstd";
ok=true initrd.compressorArgs = [
fi "-T0"
for spec in "$path"/specialisation/*; do "-9"
if [ "$(realpath $spec)" = "$boot_generation_path" ]; then ];
ok=true
specialization="$spec" kernelPackages =
echo "Good specialization: $specialization" with myLib.debug;
break let
baseKernel = traceValWithPrefix "aviallon.boot.kernel.package" cfg.kernel.package;
# Possible CFLAGS source : (myLib.optimizations.makeOptimizationFlags {}).CFLAGS
kCflags = traceValWithPrefix "kCflags" (
[
"-march=${cpuConfig.arch}"
"-mtune=${cpuConfig.tune or cpuConfig.arch}"
]
++ optional (
!isNull cpuConfig.caches.lastLevel
) "--param l2-cache-size=${toString cpuConfig.caches.lastLevel}"
++ optional (!isNull cpuConfig.caches.l1d) "--param l1-cache-size=${toString cpuConfig.caches.l1d}"
);
kRustflags = traceValWithPrefix "kRustflags" ([
"-Ctarget-cpu=${cpuConfig.arch}"
"-Ctune-cpu=${cpuConfig.tune or cpuConfig.arch}"
]);
optimizedKernelAttrs = traceValWithPrefix "optimizedKernelAttrs" (
optionalAttrs config.aviallon.optimizations.enable (
myLib.attrsets.mergeAttrsRecursive
{
env = {
KCFLAGS = kCflags;
KRUSTFLAGS = kRustflags;
};
}
(
traceValWithPrefix "aviallon.boot.kernel.addOptimizationAttributes" cfg.kernel.addOptimizationAttributes
)
)
);
moddedKernelAttrs = traceValWithPrefix "moddedKernelAttrs" (
myLib.attrsets.mergeAttrsRecursive (traceValWithPrefix "aviallon.boot.kernel.addAttributes" cfg.kernel.addAttributes) optimizedKernelAttrs
);
noDRMKernel =
if cfg.removeKernelDRM then
baseKernel.overrideAttrs (old: {
passthru = baseKernel.passthru;
nativeBuildInputs = old.nativeBuildInputs ++ [ pkgs.gnused ];
postPatch = (old.postPatch or "") + ''
sed -i -e 's/_EXPORT_SYMBOL(sym, "_gpl")/_EXPORT_SYMBOL(sym, "")/g' -e 's/__EXPORT_SYMBOL(sym, "_gpl", __stringify(ns))/__EXPORT_SYMBOL(sym, "", __stringify(ns))/g' include/linux/export.h
'';
})
else
baseKernel;
moddedKernel = myLib.optimizations.addAttrs noDRMKernel moddedKernelAttrs;
#patchedKernel =
# if (length config.boot.kernelPatches > 0) then
# moddedKernel.override (old: {
# structuredExtraConfig = mergeAttrs [ (old.structuredExtraConfig or {}) config.boot.kernelPatches.extraStructuredConfig ];
# })
# else
# moddedKernel
# ;
in
mkOverride 2 (pkgs.linuxPackagesFor noDRMKernel);
kernelPatches =
[ ]
++ optional cfg.x32abi.enable customKernelPatches.enableX32ABI
++ optional cfg.rtGroupSched.enable customKernelPatches.enableRTGroupSched
++ optional cfg.energyModel.enable customKernelPatches.enableEnergyModel
++ optional (isXanmod cfg.kernel.package && config.aviallon.optimizations.enable) (
customKernelPatches.optimizeForCPUArch config.aviallon.general.cpu.arch
)
++ optional config.aviallon.optimizations.enable customKernelPatches.zstd;
# Hide boot menu for systemd-boot by default
loader.timeout = mkIf (!cfg.useGrub) 0;
loader.grub.enable = cfg.useGrub;
loader.grub = {
device = mkIf cfg.efi "nodev";
efiSupport = cfg.efi;
configurationLimit = cfg.configurationLimit;
gfxpayloadBios = "keep";
};
loader.systemd-boot = {
enable = cfg.efi && (!cfg.useGrub);
configurationLimit = cfg.configurationLimit;
consoleMode = mkDefault "max";
extraInstallCommands =
let
efiDir = config.boot.loader.efi.efiSysMountPoint;
in
''
export PATH="$PATH:${getBin pkgs.coreutils-full}/bin:${getBin pkgs.gnused}/bin"
rpath=
generation=
specialization=
boot_generation_path=$(realpath /run/booted-system)
for path in /nix/var/nix/profiles/system-*-link; do
rpath=$(realpath "$path")
ok=false
if [ "$rpath" = "$boot_generation_path" ]; then
echo "Good path: $path"
ok=true
fi
for spec in "$path"/specialisation/*; do
if [ "$(realpath $spec)" = "$boot_generation_path" ]; then
ok=true
specialization="$spec"
echo "Good specialization: $specialization"
break
fi
done
if $ok; then
generation="''${path##*/system-}"
generation="''${generation%%-link}"
break
fi
done
if [ -z "$generation" ]; then
echo "Failed to find current boot's generation!"
exit 1
fi fi
done
if $ok; then
generation="''${path##*/system-}"
generation="''${generation%%-link}"
break
fi
done
if [ -z "$generation" ]; then
echo "Failed to find current boot's generation!"
exit 1
fi
loader_entry="${efiDir}/loader/entries/nixos-generation-''${generation}.conf" loader_entry="${efiDir}/loader/entries/nixos-generation-''${generation}.conf"
if ! [ -z "$specialization" ]; then if ! [ -z "$specialization" ]; then
specialization_name=$(basename -- "$specialization") specialization_name=$(basename -- "$specialization")
echo "Specialization is: $specialization_name" echo "Specialization is: $specialization_name"
loader_entry="${efiDir}/loader/entries/nixos-generation-''${generation}-specialisation-''${specialization_name}.conf" loader_entry="${efiDir}/loader/entries/nixos-generation-''${generation}-specialisation-''${specialization_name}.conf"
fi fi
if ! [ -f "$loader_entry" ]; then
echo "Failed to find corresponding loader generation entry:" ''${loader_entry} "not found"
echo -e "\e[33mWARNING:\e[0m This may mean that your aviallon.boot.configurationLimit is set too low!"
exit 1
fi
sed -i 's/version /version <LAST> /' "$loader_entry" && if ! [ -f "$loader_entry" ]; then
echo "Marked generation $generation as last sucessfully booted" echo "Failed to find corresponding loader generation entry:" ''${loader_entry} "not found"
''; echo -e "\e[33mWARNING:\e[0m This may mean that your aviallon.boot.configurationLimit is set too low!"
exit 1
fi
sed -i 's/version /version <LAST> /' "$loader_entry" &&
echo "Marked generation $generation as last sucessfully booted"
'';
};
loader.generic-extlinux-compatible = {
configurationLimit = cfg.configurationLimit;
};
loader = {
efi.efiSysMountPoint = mkDefault "/boot/efi";
efi.canTouchEfiVariables = mkDefault true;
};
}; };
})
loader.generic-extlinux-compatible = {
configurationLimit = cfg.configurationLimit;
};
loader = {
efi.efiSysMountPoint = mkDefault "/boot/efi";
efi.canTouchEfiVariables = mkDefault true;
};
};
})
]; ];
} }

2
default.nix
View file

@ -1,4 +1,4 @@
{config, ...}: { config, ... }:
{ {
imports = [ imports = [
./general.nix ./general.nix

66
desktop/browser.nix
View file

@ -1,56 +1,77 @@
{ config, pkgs, lib, myLib, options, ... }: {
config,
pkgs,
lib,
myLib,
options,
...
}:
with lib; with lib;
let let
cfg = config.aviallon.desktop; cfg = config.aviallon.desktop;
generalCfg = config.aviallon.general; generalCfg = config.aviallon.general;
in { in
{
options.aviallon.desktop.browser = { options.aviallon.desktop.browser = {
firefox.overrides = mkOption { firefox.overrides = mkOption {
internal = true; internal = true;
description = "Override firefox package settings"; description = "Override firefox package settings";
type = types.attrs; type = types.attrs;
default = {}; default = { };
example = { enablePlasmaIntegration = true; }; example = {
enablePlasmaIntegration = true;
};
}; };
chromium = { chromium = {
package = mkOption { package = mkOption {
internal = true; internal = true;
type = myLib.types.package'; type = myLib.types.package';
default = pkgs.chromium; default = pkgs.chromium;
example = literalExpression '' pkgs.ungoogled-chromium ''; example = literalExpression ''pkgs.ungoogled-chromium '';
}; };
overrides = mkOption { overrides = mkOption {
internal = true; internal = true;
description = "Override chromium package settings"; description = "Override chromium package settings";
type = types.attrs; type = types.attrs;
default = {}; default = { };
example = { commandLineArgs = [ "--enable-features=UseOzonePlatform" "--ozone-platform=wayland" ]; }; example = {
commandLineArgs = [
"--enable-features=UseOzonePlatform"
"--ozone-platform=wayland"
];
};
}; };
commandLineArgs = mkOption { commandLineArgs = mkOption {
description = "Override chromium flags"; description = "Override chromium flags";
type = with types; listOf str; type = with types; listOf str;
default = [ "--ozone-platform-hint=auto" ]; default = [ "--ozone-platform-hint=auto" ];
example = [ "--ozone-platform-hint=auto" "--ignore-gpu-blacklist" ]; example = [
"--ozone-platform-hint=auto"
"--ignore-gpu-blacklist"
];
}; };
}; };
}; };
config = mkIf (cfg.enable && !generalCfg.minimal) { config = mkIf (cfg.enable && !generalCfg.minimal) {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
(cfg.browser.chromium.package.override cfg.browser.chromium.overrides) (cfg.browser.chromium.package.override cfg.browser.chromium.overrides)
# firefox is added by plasma or gnome # firefox is added by plasma or gnome
]; ];
nixpkgs.overlays = [
nixpkgs.overlays = [(final: prev: { (final: prev: {
myFirefox = (final.callPackage ../packages/firefox.nix cfg.browser.firefox.overrides); myFirefox = (final.callPackage ../packages/firefox.nix cfg.browser.firefox.overrides);
})]; })
];
aviallon.desktop.browser.chromium.overrides.enableWideVine = true; aviallon.desktop.browser.chromium.overrides.enableWideVine = true;
aviallon.programs.allowUnfreeList = [ aviallon.programs.allowUnfreeList = [
"chromium-unwrapped" "chrome-widevine-cdm" "chromium-unwrapped"
"ungoogled-chromium" "chromium" # because of widevine "chrome-widevine-cdm"
"ungoogled-chromium"
"chromium" # because of widevine
]; ];
environment.variables = { environment.variables = {
@ -58,8 +79,10 @@ in {
}; };
aviallon.desktop.browser.chromium.overrides.commandLineArgs = cfg.browser.chromium.commandLineArgs; aviallon.desktop.browser.chromium.overrides.commandLineArgs = cfg.browser.chromium.commandLineArgs;
aviallon.desktop.browser.chromium.commandLineArgs = mkIf generalCfg.unsafeOptimizations (options.aviallon.desktop.browser.chromium.commandLineArgs.default ++ [ aviallon.desktop.browser.chromium.commandLineArgs = mkIf generalCfg.unsafeOptimizations (
"--flag-switches-begin" options.aviallon.desktop.browser.chromium.commandLineArgs.default
++ [
"--flag-switches-begin"
"--ignore-gpu-blacklist" "--ignore-gpu-blacklist"
"--enable-gpu-rasterization" "--enable-gpu-rasterization"
"--enable-quic" "--enable-quic"
@ -68,8 +91,9 @@ in {
"--canvas-oop-rasterization" "--canvas-oop-rasterization"
"--enable-features=VaapiVideoDecoder,VaapiVideoEncoder,WebRTCPipeWireCapturer" "--enable-features=VaapiVideoDecoder,VaapiVideoEncoder,WebRTCPipeWireCapturer"
"--disable-features=UseChromeOSDirectVideoDecoder" "--disable-features=UseChromeOSDirectVideoDecoder"
"--flag-switches-end" "--flag-switches-end"
]); ]
);
programs.chromium = { programs.chromium = {
enable = true; enable = true;

28
desktop/console.nix
View file

@ -1,23 +1,25 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
with lib; with lib;
let let
xcfg = config.services.xserver; xcfg = config.services.xserver;
generalCfg = config.aviallon.general; generalCfg = config.aviallon.general;
in { in
{
config = { config = {
services.kmscon = { services.kmscon = {
hwRender = mkDefault xcfg.enable; hwRender = mkDefault xcfg.enable;
extraConfig = "" extraConfig =
+ optionalString ( ! isNull xcfg.layout ) ""
"xkb-layout=${xcfg.layout}" + optionalString (!isNull xcfg.layout) "xkb-layout=${xcfg.layout}"
+ optionalString ( ! isNull xcfg.xkbVariant ) + optionalString (!isNull xcfg.xkbVariant) "xkb-variant=${xcfg.xkbVariant}"
"xkb-variant=${xcfg.xkbVariant}" + optionalString (!isNull xcfg.xkbOptions) "xkb-options=${xcfg.xkbOptions}"
+ optionalString ( ! isNull xcfg.xkbOptions ) + "font-dpi=${toString (xcfg.dpi or 96)}";
"xkb-options=${xcfg.xkbOptions}" enable = mkDefault (!generalCfg.minimal);
+ "font-dpi=${toString (xcfg.dpi or 96)}"
;
enable = mkDefault (! generalCfg.minimal );
}; };
}; };
} }

7
desktop/default.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
with lib; with lib;
{ {
imports = [ imports = [

69
desktop/developer.nix
View file

@ -1,12 +1,20 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
with lib; with lib;
let let
cfg = config.aviallon.developer; cfg = config.aviallon.developer;
generalCfg = config.aviallon.general; generalCfg = config.aviallon.general;
in { in
{
options.aviallon.developer = { options.aviallon.developer = {
enable = mkEnableOption "enable developer mode on this machine"; enable = mkEnableOption "enable developer mode on this machine";
virtualization.host.enable = (mkEnableOption "hypervisor virtualization services") // { default = true; }; virtualization.host.enable = (mkEnableOption "hypervisor virtualization services") // {
default = true;
};
virtualbox.unstable = mkEnableOption "use unstable virtualbox"; virtualbox.unstable = mkEnableOption "use unstable virtualbox";
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
@ -26,7 +34,7 @@ in {
PROMPT_COMMAND="_direnv_hook''${PROMPT_COMMAND:+;$PROMPT_COMMAND}" PROMPT_COMMAND="_direnv_hook''${PROMPT_COMMAND:+;$PROMPT_COMMAND}"
fi fi
''; '';
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
#tabnine #tabnine
numactl numactl
@ -54,20 +62,22 @@ in {
ccls # C/C++ ccls # C/C++
lua-language-server # Lua lua-language-server # Lua
nil # Nix nil # Nix
nixfmt-rfc-style nixfmt-rfc-style
(hiPrio clinfo) # hiPrio to override HIP's clinfo (hiPrio clinfo) # hiPrio to override HIP's clinfo
binutils binutils
cpuset cpuset
gptfdisk # gdisk gptfdisk # gdisk
gcc gcc
gnumake gnumake
cmake cmake
linux-manual man-pages man-pages-posix linux-manual
man-pages
man-pages-posix
linuxHeaders linuxHeaders
# Virtualization tools # Virtualization tools
@ -99,7 +109,6 @@ in {
}; };
}; };
virtualisation.spiceUSBRedirection.enable = true; # Quality of life virtualisation.spiceUSBRedirection.enable = true; # Quality of life
security.virtualisation.flushL1DataCache = "never"; # We do not care, we are on a dev platform security.virtualisation.flushL1DataCache = "never"; # We do not care, we are on a dev platform
@ -109,19 +118,25 @@ in {
host.enableHardening = false; # Causes kernel build failures host.enableHardening = false; # Causes kernel build failures
}; };
nixpkgs.overlays = [] nixpkgs.overlays =
++ optional cfg.virtualbox.unstable (final: prev: { [ ]
virtualbox = final.unstable.virtualbox; ++ optional cfg.virtualbox.unstable (
virtualboxExtpack = final.unstable.virtualboxExtpack; final: prev: {
}) virtualbox = final.unstable.virtualbox;
; virtualboxExtpack = final.unstable.virtualboxExtpack;
}
);
console.enable = true; console.enable = true;
boot.initrd.systemd.emergencyAccess = mkIf (config.users.users.root.hashedPassword != null) config.users.users.root.hashedPassword; boot.initrd.systemd.emergencyAccess = mkIf (
config.users.users.root.hashedPassword != null
) config.users.users.root.hashedPassword;
environment.extraOutputsToInstall = [ environment.extraOutputsToInstall = [
"doc" "info" "dev" "doc"
"info"
"dev"
]; ];
services.ollama = { services.ollama = {
@ -130,12 +145,14 @@ in {
group = "ollama"; group = "ollama";
user = "ollama"; user = "ollama";
package = package =
if config.aviallon.hardware.amd.enable if config.aviallon.hardware.amd.enable then
then pkgs.unstable.ollama-rocm pkgs.unstable.ollama-rocm
else if (config.aviallon.hardware.nvidia.enable && config.aviallon.hardware.nvidia.variant != "nouveau") else if
then pkgs.unstable.ollama-cuda (config.aviallon.hardware.nvidia.enable && config.aviallon.hardware.nvidia.variant != "nouveau")
else pkgs.unstable.ollama then
; pkgs.unstable.ollama-cuda
else
pkgs.unstable.ollama;
}; };
aviallon.services.journald.extraConfig = { aviallon.services.journald.extraConfig = {
@ -145,8 +162,10 @@ in {
aviallon.boot.configurationLimit = mkDefault 10; aviallon.boot.configurationLimit = mkDefault 10;
aviallon.programs.allowUnfreeList = [ aviallon.programs.allowUnfreeList = [
"tabnine" "clion" "tabnine"
"Oracle_VM_VirtualBox_Extension_Pack" "virtualbox" "clion"
"Oracle_VM_VirtualBox_Extension_Pack"
"virtualbox"
"intelephense" "intelephense"
]; ];
}; };

77
desktop/flatpak.nix
View file

@ -1,45 +1,56 @@
{ config, pkgs, lib, ...}: {
config,
pkgs,
lib,
...
}:
with lib; with lib;
let let
cfg = config.aviallon.desktop; cfg = config.aviallon.desktop;
in { in
{
config = mkIf cfg.enable { config = mkIf cfg.enable {
services.flatpak.enable = mkDefault true; services.flatpak.enable = mkDefault true;
systemd.services.flatpak-add-flathub = { systemd.services.flatpak-add-flathub = {
script = '' script = ''
exec ${pkgs.flatpak}/bin/flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo exec ${pkgs.flatpak}/bin/flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo
''; '';
serviceConfig.Type = "oneshot"; serviceConfig.Type = "oneshot";
requires = [ requires = [
"network-online.target" "network-online.target"
]; ];
after = [ after = [
"network-online.target" "network-online.target"
]; ];
wantedBy = [ wantedBy = [
"graphical.target" "graphical.target"
]; ];
}; };
systemd.services.flatpak-workaround-cursors = { systemd.services.flatpak-workaround-cursors = {
script = '' script = ''
exec ${pkgs.flatpak}/bin/flatpak override --filesystem=/usr/share/icons/:ro exec ${pkgs.flatpak}/bin/flatpak override --filesystem=/usr/share/icons/:ro
''; '';
serviceConfig.Type = "oneshot"; serviceConfig.Type = "oneshot";
wantedBy = [ wantedBy = [
"graphical.target" "graphical.target"
]; ];
}; };
fileSystems = fileSystems =
let mkRoSymBind = path: { let
mkRoSymBind = path: {
device = path; device = path;
fsType = "none"; fsType = "none";
options = [ "rbind" "ro" "x-gvfs-hide" ]; options = [
"rbind"
"ro"
"x-gvfs-hide"
];
}; };
in { in
{
"/usr/share/icons" = mkRoSymBind "/run/current-system/sw/share/icons"; "/usr/share/icons" = mkRoSymBind "/run/current-system/sw/share/icons";
}; };
} };
;
} }

58
desktop/games.nix
View file

@ -1,11 +1,19 @@
{ config, pkgs, lib, myLib, suyu, ... }: {
config,
pkgs,
lib,
myLib,
suyu,
...
}:
with lib; with lib;
let let
cfg = config.aviallon.desktop; cfg = config.aviallon.desktop;
generalCfg = config.aviallon.general; generalCfg = config.aviallon.general;
optimizePkg = config.aviallon.optimizations.optimizePkg; optimizePkg = config.aviallon.optimizations.optimizePkg;
mkTmpDir = dirpath: cleanup: "D ${dirpath} 777 root root ${cleanup}"; mkTmpDir = dirpath: cleanup: "D ${dirpath} 777 root root ${cleanup}";
in { in
{
options = { options = {
aviallon.desktop.gaming = { aviallon.desktop.gaming = {
@ -24,27 +32,40 @@ in {
}; };
}; };
}; };
config = mkIf cfg.gaming.enable { config = mkIf cfg.gaming.enable {
assertions = [ assertions = [
{ assertion = cfg.gaming.enable -> cfg.enable; message = "Gaming features requires desktop to be enabled"; } {
{ assertion = cfg.gaming.enable -> !generalCfg.minimal; message = "Gaming features are incompatible with minimal mode"; } assertion = cfg.gaming.enable -> cfg.enable;
message = "Gaming features requires desktop to be enabled";
}
{
assertion = cfg.gaming.enable -> !generalCfg.minimal;
message = "Gaming features are incompatible with minimal mode";
}
]; ];
environment.systemPackages = let environment.systemPackages =
my_yuzu = cfg.gaming.yuzu.package.overrideAttrs (old: { let
cmakeFlags = old.cmakeFlags ++ [ my_yuzu = cfg.gaming.yuzu.package.overrideAttrs (old: {
#"-DYUZU_USE_PRECOMPILED_HEADERS=OFF" cmakeFlags = old.cmakeFlags ++ [
#"-DDYNARMIC_USE_PRECOMPILED_HEADERS=OFF" #"-DYUZU_USE_PRECOMPILED_HEADERS=OFF"
]; #"-DDYNARMIC_USE_PRECOMPILED_HEADERS=OFF"
}); ];
in with pkgs; [ });
in
with pkgs;
[
gamescope gamescope
mangohud mangohud
lutris lutris
bottles bottles
] ++ optionals cfg.gaming.emulation [ ]
(optimizePkg { recursive = 0; lto = false; } my_yuzu) ++ optionals cfg.gaming.emulation [
(optimizePkg {
recursive = 0;
lto = false;
} my_yuzu)
(optimizePkg { } cfg.gaming.ryujinx.package) (optimizePkg { } cfg.gaming.ryujinx.package)
]; ];
@ -104,7 +125,10 @@ in {
}; };
aviallon.programs.allowUnfreeList = [ aviallon.programs.allowUnfreeList = [
"steam" "steam-original" "steam-runtime" "steam-run" "steam"
"steam-original"
"steam-runtime"
"steam-run"
]; ];
}; };

47
desktop/general.nix
View file

@ -1,9 +1,16 @@
{ config, pkgs, lib, myLib, ... }: {
config,
pkgs,
lib,
myLib,
...
}:
with lib; with lib;
let let
cfg = config.aviallon.desktop; cfg = config.aviallon.desktop;
generalCfg = config.aviallon.general; generalCfg = config.aviallon.general;
in { in
{
options.aviallon.desktop = { options.aviallon.desktop = {
enable = mkOption { enable = mkOption {
default = true; default = true;
@ -14,7 +21,13 @@ in {
environment = mkOption { environment = mkOption {
default = "plasma"; default = "plasma";
example = "gnome"; example = "gnome";
type = with types; enum [ "plasma" "plasma6" "gnome" ]; type =
with types;
enum [
"plasma"
"plasma6"
"gnome"
];
description = "What Desktop Environment to use"; description = "What Desktop Environment to use";
}; };
layout = mkOption { layout = mkOption {
@ -51,7 +64,13 @@ in {
}; };
imports = [ imports = [
(mkRemovedOptionModule [ "aviallon" "desktop" "graphics" "shaderCache" "path" ] "Now always relative to $XDG_CACHE_HOME" ) (mkRemovedOptionModule [
"aviallon"
"desktop"
"graphics"
"shaderCache"
"path"
] "Now always relative to $XDG_CACHE_HOME")
]; ];
config = mkIf cfg.enable (mkMerge [ config = mkIf cfg.enable (mkMerge [
@ -71,7 +90,6 @@ in {
services.xserver.xkb.layout = cfg.layout; services.xserver.xkb.layout = cfg.layout;
services.xserver.xkb.options = "eurosign:e"; services.xserver.xkb.options = "eurosign:e";
aviallon.boot.cmdline = { aviallon.boot.cmdline = {
splash = mkIf (!generalCfg.debug) ""; splash = mkIf (!generalCfg.debug) "";
"udev.log_level" = mkIf (!generalCfg.debug) 3; "udev.log_level" = mkIf (!generalCfg.debug) 3;
@ -93,7 +111,7 @@ in {
# Enable running X11 apps on Wayland # Enable running X11 apps on Wayland
programs.xwayland.enable = true; programs.xwayland.enable = true;
# Enable touchpad support (enabled default in most desktopManager). # Enable touchpad support (enabled default in most desktopManager).
services.libinput.enable = true; services.libinput.enable = true;
@ -104,9 +122,7 @@ in {
p7zip p7zip
]; ];
security.sudo.extraConfig = ''
security.sudo.extraConfig =
''
# Keep X and Wayland related variables for better GUI integration # Keep X and Wayland related variables for better GUI integration
Defaults:root,%wheel env_keep+=DISPLAY Defaults:root,%wheel env_keep+=DISPLAY
Defaults:root,%wheel env_keep+=XAUTHORITY Defaults:root,%wheel env_keep+=XAUTHORITY
@ -114,8 +130,7 @@ in {
Defaults:root,%wheel env_keep+=WAYLAND_DISPLAY Defaults:root,%wheel env_keep+=WAYLAND_DISPLAY
Defaults:root,%wheel env_keep+=WAYLAND_SOCKET Defaults:root,%wheel env_keep+=WAYLAND_SOCKET
Defaults:root,%wheel env_keep+=XDG_RUNTIME_DIR Defaults:root,%wheel env_keep+=XDG_RUNTIME_DIR
'' '';
;
} }
(mkIf (!generalCfg.minimal) { (mkIf (!generalCfg.minimal) {
@ -135,7 +150,7 @@ in {
programs.thunderbird.enable = true; programs.thunderbird.enable = true;
hardware.graphics.enable32Bit = mkDefault cfg.gaming.enable; hardware.graphics.enable32Bit = mkDefault cfg.gaming.enable;
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
mesa-demos mesa-demos
vdpauinfo vdpauinfo
@ -174,16 +189,16 @@ in {
}; };
aviallon.programs.allowUnfreeList = [ aviallon.programs.allowUnfreeList = [
"spotify" "spotify-unwrapped" "spotify"
"spotify-unwrapped"
"veracrypt" "veracrypt"
]; ];
aviallon.programs.libreoffice.enable = true; aviallon.programs.libreoffice.enable = true;
services.packagekit.enable = mkDefault true; services.packagekit.enable = mkDefault true;
# SmartCards # SmartCards
#services.pcscd.enable = mkDefault true; #services.pcscd.enable = mkDefault true;

131
desktop/gnome.nix
View file

@ -1,66 +1,73 @@
{config, pkgs, lib, ...}: {
config,
pkgs,
lib,
...
}:
with lib; with lib;
let let
cfg = config.aviallon.desktop; cfg = config.aviallon.desktop;
in { in
config = mkIf (cfg.enable && (cfg.environment == "gnome")) { {
services.xserver.desktopManager.gnome = { config = mkIf (cfg.enable && (cfg.environment == "gnome")) {
enable = true; services.xserver.desktopManager.gnome = {
}; enable = true;
services.xserver.displayManager.gdm = {
enable = true;
};
services.gnome = {
sushi.enable = true;
tracker.enable = true;
tracker-miners.enable = true;
core-shell.enable = true;
gnome-keyring.enable = true;
glib-networking.enable = true;
gnome-user-share.enable = true;
core-os-services.enable = true;
gnome-remote-desktop.enable = true;
gnome-online-miners.enable = true;
gnome-initial-setup.enable = true;
gnome-settings-daemon.enable = true;
gnome-online-accounts.enable = true;
gnome-browser-connector.enable = true;
};
qt5.platformTheme = "gnome"; # Force Gnome theme for better UX
xdg.portal = {
enable = mkDefault true;
};
programs.chromium.extensions = [
"gphhapmejobijbbhgpjhcjognlahblep" # Gnome Shell integration
];
programs.firefox.enable = true;
programs.firefox.nativeMessagingHosts.packages = [ pkgs.gnomeExtensions.bowser-gnome-extension ];
aviallon.programs.libreoffice.enable = true;
environment.systemPackages = with pkgs; [ guake ]
++ (with gnome; [
gnome-software
])
++ (with gnomeExtensions; [
gamemode
dash-to-dock
dash-to-dock-toggle
dash-to-dock-animator
tray-icons-reloaded
])
;
systemd.packages = with pkgs; [
gnomeExtensions.gamemode
gnomeExtensions.dash-to-dock
gnomeExtensions.dash-to-dock-animator
gnomeExtensions.dash-to-dock-toggle
gnomeExtensions.tray-icons-reloaded
];
}; };
services.xserver.displayManager.gdm = {
enable = true;
};
services.gnome = {
sushi.enable = true;
tracker.enable = true;
tracker-miners.enable = true;
core-shell.enable = true;
gnome-keyring.enable = true;
glib-networking.enable = true;
gnome-user-share.enable = true;
core-os-services.enable = true;
gnome-remote-desktop.enable = true;
gnome-online-miners.enable = true;
gnome-initial-setup.enable = true;
gnome-settings-daemon.enable = true;
gnome-online-accounts.enable = true;
gnome-browser-connector.enable = true;
};
qt5.platformTheme = "gnome"; # Force Gnome theme for better UX
xdg.portal = {
enable = mkDefault true;
};
programs.chromium.extensions = [
"gphhapmejobijbbhgpjhcjognlahblep" # Gnome Shell integration
];
programs.firefox.enable = true;
programs.firefox.nativeMessagingHosts.packages = [ pkgs.gnomeExtensions.bowser-gnome-extension ];
aviallon.programs.libreoffice.enable = true;
environment.systemPackages =
with pkgs;
[ guake ]
++ (with gnome; [
gnome-software
])
++ (with gnomeExtensions; [
gamemode
dash-to-dock
dash-to-dock-toggle
dash-to-dock-animator
tray-icons-reloaded
]);
systemd.packages = with pkgs; [
gnomeExtensions.gamemode
gnomeExtensions.dash-to-dock
gnomeExtensions.dash-to-dock-animator
gnomeExtensions.dash-to-dock-toggle
gnomeExtensions.tray-icons-reloaded
];
};
} }

133
desktop/multimedia.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
with lib; with lib;
let let
cfg = config.aviallon.desktop; cfg = config.aviallon.desktop;
@ -8,26 +13,31 @@ let
noiseFilterStrength = cfg.audio.noise-filter.strength; noiseFilterStrength = cfg.audio.noise-filter.strength;
}; };
airplayConfig = pkgs.callPackage ./pipewire/pipewire-airplay.conf.nix {}; airplayConfig = pkgs.callPackage ./pipewire/pipewire-airplay.conf.nix { };
# Multimedia Packages # Multimedia Packages
ffmpeg-full-unfree = let ffmpeg-full-unfree =
withUnfree = pkgs.unstable.ffmpeg-full.override { let
withUnfree = true; withUnfree = pkgs.unstable.ffmpeg-full.override {
withTensorflow = false; withUnfree = true;
}; withTensorflow = false;
in withUnfree; };
in
in { withUnfree;
in
{
config = mkIf (cfg.enable && !generalCfg.minimal) { config = mkIf (cfg.enable && !generalCfg.minimal) {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
ffmpeg-full-unfree ffmpeg-full-unfree
krita krita
(pkgs.wrapOBS { plugins = with obs-studio-plugins; [ (pkgs.wrapOBS {
obs-pipewire-audio-capture plugins = with obs-studio-plugins; [
]; }) obs-pipewire-audio-capture
];
})
#scribus #scribus
yt-dlp yt-dlp
#jellyfin-media-player # https://github.com/NixOS/nixpkgs/issues/437865 https://github.com/jellyfin/jellyfin-media-player/issues/282 #jellyfin-media-player # https://github.com/NixOS/nixpkgs/issues/437865 https://github.com/jellyfin/jellyfin-media-player/issues/282
@ -36,10 +46,11 @@ in {
#jamesdsp # Audio post-processing #jamesdsp # Audio post-processing
]; ];
nixpkgs.overlays = [(final: prev: { nixpkgs.overlays = [
inherit ffmpeg-full-unfree; (final: prev: {
})]; inherit ffmpeg-full-unfree;
})
];
# Enable sound. # Enable sound.
services.pulseaudio.enable = false; services.pulseaudio.enable = false;
@ -76,9 +87,12 @@ in {
"node.description" = "Sortie combinée"; "node.description" = "Sortie combinée";
"combine.latency-compensate" = true; "combine.latency-compensate" = true;
"combine.props" = { "combine.props" = {
"audio.position" = [ "FL" "FR" ]; "audio.position" = [
"FL"
"FR"
];
}; };
"stream.props" = {}; "stream.props" = { };
"stream.rules" = [ "stream.rules" = [
{ {
matches = [ matches = [
@ -90,7 +104,7 @@ in {
"media.class" = "Audio/Sink"; "media.class" = "Audio/Sink";
} }
]; ];
actions.create-stream = {}; actions.create-stream = { };
} }
]; ];
}; };
@ -105,50 +119,61 @@ in {
"bluez5.enable-sbc-xq" = true; # Should be default now "bluez5.enable-sbc-xq" = true; # Should be default now
"bluez5.enable-msbc" = true; # Default "bluez5.enable-msbc" = true; # Default
"bluez5.enable-hw-volume" = true; # Default "bluez5.enable-hw-volume" = true; # Default
"bluez5.headset-roles" = [ "hsp_hs" "hsp_ag" "hfp_hf" "hfp_ag" ]; "bluez5.headset-roles" = [
"hsp_hs"
"hsp_ag"
"hfp_hf"
"hfp_ag"
];
}; };
}; };
security.rtkit.enable = true; # Real-time support for pipewire security.rtkit.enable = true; # Real-time support for pipewire
aviallon.programs.allowUnfreeList = [ aviallon.programs.allowUnfreeList = [
"ffmpeg-full" # Because of unfree codecs "ffmpeg-full" # Because of unfree codecs
]; ];
# Hardware-agnostic audio denoising # Hardware-agnostic audio denoising
systemd.user.services = let systemd.user.services =
mkPipewireModule = {conf, description}: { let
unitConfig = { mkPipewireModule =
Slice = "session.slice"; { conf, description }:
}; {
serviceConfig = { unitConfig = {
ExecStart = [ Slice = "session.slice";
"${getBin config.services.pipewire.package}/bin/pipewire -c ${conf}" };
]; serviceConfig = {
Type = "simple"; ExecStart = [
Restart = "on-failure"; "${getBin config.services.pipewire.package}/bin/pipewire -c ${conf}"
}; ];
bindsTo = [ "pipewire.service" ]; Type = "simple";
after = [ "pipewire.service" ]; Restart = "on-failure";
environment = { };
PIPEWIRE_DEBUG = "3"; bindsTo = [ "pipewire.service" ];
}; after = [ "pipewire.service" ];
wantedBy = [ "pipewire.service" ]; environment = {
inherit description; PIPEWIRE_DEBUG = "3";
};
wantedBy = [ "pipewire.service" ];
inherit description;
};
in
{
pipewire-noise-filter = mkIf cfg.audio.noise-filter.enable (
(mkPipewireModule {
conf = filterConfig;
description = "Pipewire Noise Filter";
})
// {
enable = cfg.audio.noise-filter.strength > 0.0;
}
);
pipewire-airplay-sink = mkIf cfg.audio.airplay.enable (mkPipewireModule {
conf = airplayConfig;
description = "Pipewire Airplay Sink";
});
}; };
in {
pipewire-noise-filter = mkIf cfg.audio.noise-filter.enable (
(mkPipewireModule { conf = filterConfig; description = "Pipewire Noise Filter"; }) //
{
enable = cfg.audio.noise-filter.strength > 0.0;
}
);
pipewire-airplay-sink = mkIf cfg.audio.airplay.enable (
mkPipewireModule { conf = airplayConfig; description = "Pipewire Airplay Sink"; }
);
};
}; };
} }

117
desktop/pipewire/pipewire-airplay.conf.nix
View file

@ -1,63 +1,64 @@
{ lib {
, writeText lib,
writeText,
}: }:
writeText "pipewire-airplay.conf" '' writeText "pipewire-airplay.conf" ''
# Noise canceling source # Noise canceling source
# #
# start with pipewire -c filter-chain/source-rnnoise.conf # start with pipewire -c filter-chain/source-rnnoise.conf
# #
context.properties = { context.properties = {
log.level = 3 log.level = 3
} }
#context.spa-libs = { #context.spa-libs = {
# audio.convert.* = audioconvert/libspa-audioconvert # audio.convert.* = audioconvert/libspa-audioconvert
# support.* = support/libspa-support # support.* = support/libspa-support
#} #}
context.modules = [ context.modules = [
{ name = libpipewire-module-rtkit { name = libpipewire-module-rtkit
args = { args = {
nice.level = -11 nice.level = -11
} }
flags = [ ifexists nofail ] flags = [ ifexists nofail ]
} }
{ name = libpipewire-module-protocol-native } { name = libpipewire-module-protocol-native }
{ name = libpipewire-module-client-node } { name = libpipewire-module-client-node }
{ name = libpipewire-module-adapter } { name = libpipewire-module-adapter }
{ name = libpipewire-raop-discover { name = libpipewire-raop-discover
args = { args = {
#raop.latency.ms = 1000 #raop.latency.ms = 1000
stream.rules = [ stream.rules = [
{ matches = [ { matches = [
{ raop.ip = "~.*" { raop.ip = "~.*"
#raop.port = 1000 #raop.port = 1000
#raop.name = "" #raop.name = ""
#raop.hostname = "" #raop.hostname = ""
#raop.domain = "" #raop.domain = ""
#raop.device = "" #raop.device = ""
#raop.transport = "udp" | "tcp" #raop.transport = "udp" | "tcp"
#raop.encryption.type = "RSA" | "auth_setup" | "none" #raop.encryption.type = "RSA" | "auth_setup" | "none"
#raop.audio.codec = "PCM" | "ALAC" | "AAC" | "AAC-ELD" #raop.audio.codec = "PCM" | "ALAC" | "AAC" | "AAC-ELD"
#audio.channels = 2 #audio.channels = 2
#audio.format = "S16" | "S24" | "S32" #audio.format = "S16" | "S24" | "S32"
#audio.rate = 44100 #audio.rate = 44100
#device.model = "" #device.model = ""
} }
] ]
actions = { actions = {
create-stream = { create-stream = {
#raop.password = "" #raop.password = ""
stream.props = { stream.props = {
#target.object = "" #target.object = ""
media.class = "Audio/Sink" media.class = "Audio/Sink"
} }
} }
} }
} }
] # stream.rules ] # stream.rules
} # args } # args
} }
}]'' }]''

121
desktop/pipewire/pipewire-noise-filter.conf.nix
View file

@ -1,65 +1,66 @@
{ lib {
, writeText lib,
, rnnoise-plugin writeText,
, noiseFilterStrength rnnoise-plugin,
noiseFilterStrength,
}: }:
writeText "pipewire-noise-filter.conf" '' writeText "pipewire-noise-filter.conf" ''
# Noise canceling source # Noise canceling source
# #
# start with pipewire -c filter-chain/source-rnnoise.conf # start with pipewire -c filter-chain/source-rnnoise.conf
# #
context.properties = { context.properties = {
log.level = 3 log.level = 3
} }
context.spa-libs = { context.spa-libs = {
audio.convert.* = audioconvert/libspa-audioconvert audio.convert.* = audioconvert/libspa-audioconvert
support.* = support/libspa-support support.* = support/libspa-support
} }
context.modules = [ context.modules = [
{ name = libpipewire-module-rtkit { name = libpipewire-module-rtkit
args = { args = {
nice.level = -11 nice.level = -11
} }
flags = [ ifexists nofail ] flags = [ ifexists nofail ]
} }
{ name = libpipewire-module-protocol-native } { name = libpipewire-module-protocol-native }
{ name = libpipewire-module-client-node } { name = libpipewire-module-client-node }
{ name = libpipewire-module-adapter } { name = libpipewire-module-adapter }
{ name = libpipewire-module-filter-chain { name = libpipewire-module-filter-chain
args = { args = {
node.name = "rnnoise_source" node.name = "rnnoise_source"
node.description = "Noise Canceling source" node.description = "Noise Canceling source"
media.name = "Noise Canceling source" media.name = "Noise Canceling source"
filter.graph = { filter.graph = {
nodes = [ nodes = [
{ {
type = ladspa type = ladspa
name = rnnoise name = rnnoise
plugin = ${rnnoise-plugin}/lib/ladspa/librnnoise_ladspa.so plugin = ${rnnoise-plugin}/lib/ladspa/librnnoise_ladspa.so
label = noise_suppressor_stereo label = noise_suppressor_stereo
control = { control = {
"VAD Threshold (%)" = ${toString noiseFilterStrength} "VAD Threshold (%)" = ${toString noiseFilterStrength}
"VAD Grace Period (ms)" = 200 "VAD Grace Period (ms)" = 200
"Retroactive VAD Grace (ms)" = 0 "Retroactive VAD Grace (ms)" = 0
} }
} }
] ]
} }
capture.props = { capture.props = {
node.name = "capture.rnnoise_source" node.name = "capture.rnnoise_source"
node.passive = true node.passive = true
audio.rate = 48000 audio.rate = 48000
} }
playback.props = { playback.props = {
node.name = "rnnoise_source.output" node.name = "rnnoise_source.output"
media.class = Audio/Source media.class = Audio/Source
node.virtual = false node.virtual = false
audio.rate = 48000 audio.rate = 48000
} }
} }
} }
]'' ]''

29
desktop/plasma/default.nix
View file

@ -1,16 +1,23 @@
{config, pkgs, nixpkgs-unstable, lib, ...}: {
config,
pkgs,
nixpkgs-unstable,
lib,
...
}:
with lib; with lib;
let let
cfg = config.aviallon.desktop; cfg = config.aviallon.desktop;
optimizeCfg = config.aviallon.optimizations; optimizeCfg = config.aviallon.optimizations;
in { in
{
imports = [ imports = [
./plasma6.nix ./plasma6.nix
]; ];
config = mkIf (cfg.enable && (cfg.environment == "plasma" || cfg.environment == "plasma6" )) { config = mkIf (cfg.enable && (cfg.environment == "plasma" || cfg.environment == "plasma6")) {
programs.firefox.enable = true; programs.firefox.enable = true;
programs.firefox.policies.Extensions.Install = [ "plasma-browser-integration@kde.org" ]; programs.firefox.policies.Extensions.Install = [ "plasma-browser-integration@kde.org" ];
programs.chromium.extensions = [ programs.chromium.extensions = [
@ -28,17 +35,17 @@ in {
}; };
#environment.systemPackages = [ #environment.systemPackages = [
#config.programs.gnupg.agent.pinentryPackage #config.programs.gnupg.agent.pinentryPackage
#]; #];
systemd.user.services.setup-xdg-cursors = mkIf config.xdg.icons.enable { systemd.user.services.setup-xdg-cursors = mkIf config.xdg.icons.enable {
script = '' script = ''
[ -d "$HOME/.icons/default" ] || mkdir -p "$HOME/.icons/default" [ -d "$HOME/.icons/default" ] || mkdir -p "$HOME/.icons/default"
cat >"$HOME/.icons/default/index.theme" <<EOF cat >"$HOME/.icons/default/index.theme" <<EOF
[icon theme] [icon theme]
Inherits=''${XCURSOR_THEME:-breeze_cursors} Inherits=''${XCURSOR_THEME:-breeze_cursors}
EOF EOF
''; '';
serviceConfig = { serviceConfig = {
Type = "oneshot"; Type = "oneshot";
RemainAfterExit = true; RemainAfterExit = true;

10
desktop/plasma/plasma6.nix
View file

@ -1,11 +1,17 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
with lib; with lib;
let let
cfg = config.aviallon.desktop; cfg = config.aviallon.desktop;
generic = import ./generic.nix { generic = import ./generic.nix {
kdePackages = pkgs.kdePackages; kdePackages = pkgs.kdePackages;
}; };
in { in
{
config = mkIf (cfg.enable && (cfg.environment == "plasma6")) { config = mkIf (cfg.enable && (cfg.environment == "plasma6")) {
# Enable the Plasma 6 Desktop Environment. # Enable the Plasma 6 Desktop Environment.
services.desktopManager.plasma6 = { services.desktopManager.plasma6 = {

65
desktop/printing.nix
View file

@ -1,44 +1,52 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
with lib; with lib;
let let
cfg = config.aviallon.desktop; cfg = config.aviallon.desktop;
generalCfg = config.aviallon.general; generalCfg = config.aviallon.general;
in { in
{
config = mkIf (cfg.enable && !generalCfg.minimal) { config = mkIf (cfg.enable && !generalCfg.minimal) {
services.printing = { services.printing = {
enable = true; enable = true;
defaultShared = mkDefault true; defaultShared = mkDefault true;
browsing = mkDefault true; browsing = mkDefault true;
listenAddresses = [ "0.0.0.0:631" ]; listenAddresses = [ "0.0.0.0:631" ];
drivers = with pkgs; [] drivers =
with pkgs;
[ ]
++ (optionals (!generalCfg.minimal) [ ++ (optionals (!generalCfg.minimal) [
hplipWithPlugin hplipWithPlugin
gutenprint gutenprint
splix splix
brlaser brlaser
# cups-bjnp # cups-bjnp
# cups-dymo # cups-dymo
# cups-zj-58 # cups-zj-58
# cups-kyocera # cups-kyocera
cups-filters cups-filters
carps-cups carps-cups
# cups-kyodialog3 # cups-kyodialog3
cups-brother-hl1110 cups-brother-hl1110
cups-toshiba-estudio cups-toshiba-estudio
cups-brother-hl1210w cups-brother-hl1210w
cups-brother-hl3140cw cups-brother-hl3140cw
cups-brother-hll2340dw cups-brother-hll2340dw
cups-drv-rastertosag-gdi cups-drv-rastertosag-gdi
# cups-kyocera-ecosys-m552x-p502x # cups-kyocera-ecosys-m552x-p502x
canon-cups-ufr2 canon-cups-ufr2
]); ]);
webInterface = mkDefault true; webInterface = mkDefault true;
}; };
services.system-config-printer.enable = true; services.system-config-printer.enable = true;
hardware.sane = { hardware.sane = {
enable = true; enable = true;
netConf = "192.168.0.0/24"; netConf = "192.168.0.0/24";
extraBackends = with pkgs; [ extraBackends = with pkgs; [
hplipWithPlugin hplipWithPlugin
]; ];
@ -46,9 +54,12 @@ in {
brscan4.enable = true; brscan4.enable = true;
}; };
networking.firewall.allowedTCPPorts = optionals config.services.printing.enable [ 631 139 445 ]; networking.firewall.allowedTCPPorts = optionals config.services.printing.enable [
networking.firewall.allowedUDPPorts = optionals config.services.printing.enable [ 137 ]; 631
139
445
];
networking.firewall.allowedUDPPorts = optionals config.services.printing.enable [ 137 ];
aviallon.programs.allowUnfreeList = [ aviallon.programs.allowUnfreeList = [
"hplip" "hplip"

12
desktop/sddm.nix
View file

@ -1,9 +1,15 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
with lib; with lib;
let let
cfg = config.aviallon.desktop; cfg = config.aviallon.desktop;
sddmCfg = config.services.displayManager.sddm; sddmCfg = config.services.displayManager.sddm;
in { in
{
options.aviallon.desktop.sddm.unstable = mkEnableOption "bleeding-edge SDDM"; options.aviallon.desktop.sddm.unstable = mkEnableOption "bleeding-edge SDDM";
options.aviallon.desktop.sddm.enable = mkEnableOption "custom SDDM configuration"; options.aviallon.desktop.sddm.enable = mkEnableOption "custom SDDM configuration";
@ -20,7 +26,7 @@ in {
}; };
}; };
}; };
systemd.services.display-manager = { systemd.services.display-manager = {
serviceConfig = { serviceConfig = {
Restart = mkOverride 50 "on-failure"; Restart = mkOverride 50 "on-failure";

70
filesystems.nix
View file

@ -1,14 +1,25 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
with lib; with lib;
let let
cfg = config.aviallon.filesystems; cfg = config.aviallon.filesystems;
ioSchedType = types.enum [ "bfq" "kyber" "mq-deadline" "none" null ]; ioSchedType = types.enum [
"bfq"
"kyber"
"mq-deadline"
"none"
null
];
in in
{ {
imports = [ imports = [
./filesystems ./filesystems
(mkRemovedOptionModule [ "aviallon" "filesystems" "resumeDevice"] "Use boot.resumeDevice instead") (mkRemovedOptionModule [ "aviallon" "filesystems" "resumeDevice" ] "Use boot.resumeDevice instead")
]; ];
options.aviallon.filesystems = { options.aviallon.filesystems = {
@ -43,7 +54,7 @@ in
type = types.bool; type = types.bool;
}; };
udevRules = mkOption { udevRules = mkOption {
default = []; default = [ ];
example = [ ''ACTION!="remove", SUBSYSTEM=="block", KERNEL=="sda", ATTR{queue/scheduler}="none"'' ]; example = [ ''ACTION!="remove", SUBSYSTEM=="block", KERNEL=="sda", ATTR{queue/scheduler}="none"'' ];
description = "Additional udev rules"; description = "Additional udev rules";
type = types.listOf types.str; type = types.listOf types.str;
@ -59,26 +70,43 @@ in
boot.vdo.enable = config.aviallon.boot.kvdo.enable; boot.vdo.enable = config.aviallon.boot.kvdo.enable;
}; };
boot.initrd.kernelModules = ifEnable cfg.lvm [ boot.initrd.kernelModules = ifEnable cfg.lvm [
"dm-cache" "dm-cache-smq" "dm-cache-mq" "dm-cache-cleaner" "dm-cache"
"dm-cache-smq"
"dm-cache-mq"
"dm-cache-cleaner"
]; ];
boot.kernelModules = [] boot.kernelModules =
++ optionals cfg.lvm [ "dm-cache" "dm-cache-smq" "dm-persistent-data" "dm-bio-prison" "dm-clone" "dm-crypt" "dm-writecache" "dm-mirror" "dm-snapshot" ] [ ]
++ optionals config.aviallon.boot.kvdo.enable [ "kvdo" ] ++ optionals cfg.lvm [
; "dm-cache"
"dm-cache-smq"
"dm-persistent-data"
"dm-bio-prison"
"dm-clone"
"dm-crypt"
"dm-writecache"
"dm-mirror"
"dm-snapshot"
]
++ optionals config.aviallon.boot.kvdo.enable [ "kvdo" ];
boot.supportedFilesystems = [ "ntfs" "ext4" "vfat" "exfat" ]; boot.supportedFilesystems = [
"ntfs"
"ext4"
"vfat"
"exfat"
];
hardware.block.defaultSchedulerRotational = mkDefault cfg.hddScheduler; hardware.block.defaultSchedulerRotational = mkDefault cfg.hddScheduler;
aviallon.filesystems.udevRules = mkBefore (concatLists [ aviallon.filesystems.udevRules = mkBefore (concatLists [
(optional (!(builtins.isNull cfg.hddScheduler)) (optional (!(builtins.isNull cfg.hddScheduler))
''ACTION!="remove", SUBSYSTEM=="block", KERNEL=="sd[a-z]", ATTR{queue/rotational}=="1", ATTR{queue/scheduler}="${cfg.hddScheduler}"'' ''ACTION!="remove", SUBSYSTEM=="block", KERNEL=="sd[a-z]", ATTR{queue/rotational}=="1", ATTR{queue/scheduler}="${cfg.hddScheduler}"''
) )
(optional (!(builtins.isNull cfg.slowFlashScheduler)) (optional (!(builtins.isNull cfg.slowFlashScheduler)) ''
''
SUBSYSTEM!="block", GOTO="aviallon_slowflash_end" SUBSYSTEM!="block", GOTO="aviallon_slowflash_end"
KERNEL!="sd[a-z]|nvme[0-9]*n[0-9]|mmcblk[0-9]", GOTO="aviallon_slowflash_end" KERNEL!="sd[a-z]|nvme[0-9]*n[0-9]|mmcblk[0-9]", GOTO="aviallon_slowflash_end"
ATTR{queue/rotational}=="1", GOTO="aviallon_slowflash_end" ATTR{queue/rotational}=="1", GOTO="aviallon_slowflash_end"
ACTION!="remove", ATTR{queue/scheduler}="${cfg.slowFlashScheduler}" ACTION!="remove", ATTR{queue/scheduler}="${cfg.slowFlashScheduler}"
# If possible, disable back_seek_penalty as it is effectively null on SSDs # If possible, disable back_seek_penalty as it is effectively null on SSDs
@ -95,16 +123,13 @@ in
LABEL="aviallon_no_ncq_end" LABEL="aviallon_no_ncq_end"
# END: NCQ disabled # END: NCQ disabled
LABEL="aviallon_slowflash_end" LABEL="aviallon_slowflash_end"
'' '')
)
(optional (!(builtins.isNull cfg.nvmeScheduler)) (optional (!(builtins.isNull cfg.nvmeScheduler))
''ACTION!="remove", SUBSYSTEM=="block", KERNEL=="nvme[0-9]*n[0-9]", ATTR{queue/scheduler}="${cfg.nvmeScheduler}"'' ''ACTION!="remove", SUBSYSTEM=="block", KERNEL=="nvme[0-9]*n[0-9]", ATTR{queue/scheduler}="${cfg.nvmeScheduler}"''
) )
(optional cfg.queuePriority (optional cfg.queuePriority ''ACTION!="remove", SUBSYSTEM=="block", KERNEL=="sd[a-z]", ATTR{device/ncq_prio_supported}=="1", ATTR{device/ncq_prio_enable}="1"'')
''ACTION!="remove", SUBSYSTEM=="block", KERNEL=="sd[a-z]", ATTR{device/ncq_prio_supported}=="1", ATTR{device/ncq_prio_enable}="1"''
)
]); ]);
boot.initrd.services.udev.rules = concatStringsSep "\n" cfg.udevRules; boot.initrd.services.udev.rules = concatStringsSep "\n" cfg.udevRules;
@ -118,8 +143,7 @@ in
let let
hasSwap = length config.swapDevices > 0; hasSwap = length config.swapDevices > 0;
in in
if hasSwap then "150%" else "75%" if hasSwap then "150%" else "75%";
;
services.smartd = { services.smartd = {
enable = mkDefault true; enable = mkDefault true;
@ -137,4 +161,4 @@ in
notifications.systembus-notify.enable = config.aviallon.desktop.enable; notifications.systembus-notify.enable = config.aviallon.desktop.enable;
}; };
}; };
} }

23
filesystems/btrfs.nix
View file

@ -1,12 +1,19 @@
{ config, pkgs, lib, myLib, ... }: {
config,
pkgs,
lib,
myLib,
...
}:
with lib; with lib;
let let
cfg = config.aviallon.filesystems.btrfs; cfg = config.aviallon.filesystems.btrfs;
#fsCfg = config.fileSystems; #fsCfg = config.fileSystems;
btrfsPaths = [ "/" ]; btrfsPaths = [ "/" ];
# btrfsPaths = filterAttrs (n: v: v.fsType == "btrfs") fsCfg; # btrfsPaths = filterAttrs (n: v: v.fsType == "btrfs") fsCfg;
generalCfg = config.aviallon.general; generalCfg = config.aviallon.general;
in { in
{
options.aviallon.filesystems.btrfs = { options.aviallon.filesystems.btrfs = {
enable = mkEnableOption "BTRFS support"; enable = mkEnableOption "BTRFS support";
autoScrub = { autoScrub = {
@ -57,11 +64,11 @@ in {
}; };
systemd.services.duperemove = { systemd.services.duperemove = {
script = '' script = ''
mkdir -p $DATA_DIR mkdir -p $DATA_DIR
exec ${pkgs.duperemove}/bin/duperemove \ exec ${pkgs.duperemove}/bin/duperemove \
--io-threads=${toString cfg.autoDedup.ioThreads} --cpu-threads=${toString cfg.autoDedup.cpuThreads} \ --io-threads=${toString cfg.autoDedup.ioThreads} --cpu-threads=${toString cfg.autoDedup.cpuThreads} \
--dedupe-options=same \ --dedupe-options=same \
--hashfile=$DATA_DIR/hashes.db -h -v -rd "$@" --hashfile=$DATA_DIR/hashes.db -h -v -rd "$@"
''; '';
scriptArgs = concatStringsSep " " cfg.autoDedup.paths; scriptArgs = concatStringsSep " " cfg.autoDedup.paths;
# %S : state # %S : state

14
filesystems/zfs.nix
View file

@ -1,21 +1,27 @@
{config, lib, pkgs, ...}: {
config,
lib,
pkgs,
...
}:
with lib; with lib;
let let
cfg = config.aviallon.filesystems.zfs; cfg = config.aviallon.filesystems.zfs;
in { in
{
options.aviallon.filesystems.zfs = { options.aviallon.filesystems.zfs = {
enable = mkEnableOption "ZFS support"; enable = mkEnableOption "ZFS support";
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
boot.initrd.supportedFilesystems = ["zfs"]; # boot from zfs boot.initrd.supportedFilesystems = [ "zfs" ]; # boot from zfs
boot.supportedFilesystems = [ "zfs" ]; boot.supportedFilesystems = [ "zfs" ];
aviallon.filesystems.udevRules = mkAfter [ aviallon.filesystems.udevRules = mkAfter [
# ZFS doesn't like additional schedulers # ZFS doesn't like additional schedulers
''SUBSYSTEM=="block", ACTION!="remove", KERNEL=="sd[a-z]*[0-9]*|mmcblk[0-9]*p[0-9]*|nvme[0-9]*n[0-9]*p[0-9]*", ENV{ID_FS_TYPE}=="zfs_member", ATTR{../queue/scheduler}="none"'' ''SUBSYSTEM=="block", ACTION!="remove", KERNEL=="sd[a-z]*[0-9]*|mmcblk[0-9]*p[0-9]*|nvme[0-9]*n[0-9]*p[0-9]*", ENV{ID_FS_TYPE}=="zfs_member", ATTR{../queue/scheduler}="none"''
]; ];
services.zfs.autoScrub.enable = true; services.zfs.autoScrub.enable = true;
services.zfs.autoSnapshot.enable = true; services.zfs.autoSnapshot.enable = true;

47
flake.nix
View file

@ -19,33 +19,36 @@
}; };
outputs = outputs =
inputs@{ self inputs@{
, nixpkgs self,
, nur nixpkgs,
, nixpkgs-unstable nur,
, fps nixpkgs-unstable,
, suyu fps,
, ... suyu,
}: let ...
}:
let
lib = nixpkgs.lib; lib = nixpkgs.lib;
myLib = import ./lib { myLib = import ./lib {
inherit lib; inherit lib;
}; };
mkPkgs = pkgs: { system ? system mkPkgs =
, config pkgs:
, overlays ? [ ] {
, ... system ? system,
}: import pkgs { inherit system config overlays; }; config,
in { overlays ? [ ],
...
}:
import pkgs { inherit system config overlays; };
in
{
inherit self inputs myLib; inherit self inputs myLib;
overlays.default = final: prev: overlays.default = final: prev: self.overlay final (nur.overlay final prev);
self.overlay
final
(nur.overlay final prev)
;
overlay = (final: prev: {}); overlay = (final: prev: { });
nixosModules = rec { nixosModules = rec {
aviallon = import ./default.nix; aviallon = import ./default.nix;
@ -54,6 +57,8 @@
nixpkgsConfig = self.nixosModules.aviallon.aviallon.programs.config; nixpkgsConfig = self.nixosModules.aviallon.aviallon.programs.config;
specialArgs = inputs // { inherit myLib; }; specialArgs = inputs // {
inherit myLib;
};
}; };
} }

40
general.nix
View file

@ -1,4 +1,10 @@
{ config, pkgs, lib, myLib, ... }: {
config,
pkgs,
lib,
myLib,
...
}:
with lib; with lib;
let let
cfg = config.aviallon.general; cfg = config.aviallon.general;
@ -8,7 +14,12 @@ let
in in
{ {
imports = [ imports = [
(mkRemovedOptionModule [ "aviallon" "general" "flakes" "enable" ] "Flakes are now enabled by default") (mkRemovedOptionModule [
"aviallon"
"general"
"flakes"
"enable"
] "Flakes are now enabled by default")
(mkRenamedOptionModule [ "aviallon" "general" "cpuVendor" ] [ "aviallon" "general" "cpu" "vendor" ]) (mkRenamedOptionModule [ "aviallon" "general" "cpuVendor" ] [ "aviallon" "general" "cpu" "vendor" ])
(mkRenamedOptionModule [ "aviallon" "general" "cpuArch" ] [ "aviallon" "general" "cpu" "arch" ]) (mkRenamedOptionModule [ "aviallon" "general" "cpuArch" ] [ "aviallon" "general" "cpu" "arch" ])
(mkRenamedOptionModule [ "aviallon" "general" "cpuTune" ] [ "aviallon" "general" "cpu" "tune" ]) (mkRenamedOptionModule [ "aviallon" "general" "cpuTune" ] [ "aviallon" "general" "cpu" "tune" ])
@ -24,7 +35,7 @@ in
}; };
minimal = mkEnableOption "minimal installation"; minimal = mkEnableOption "minimal installation";
cpu = { cpu = {
threads = mkOption { threads = mkOption {
default = null; default = null;
@ -32,21 +43,16 @@ in
description = "Number of physical threads of the machine"; description = "Number of physical threads of the machine";
type = with types; nullOr ints.positive; type = with types; nullOr ints.positive;
}; };
vendor = mkOption { vendor = mkOption {
default = null; default = null;
example = "amd"; example = "amd";
description = "Vendor of you CPU. Either AMD or Intel"; description = "Vendor of you CPU. Either AMD or Intel";
type = types.str; type = types.str;
}; };
arch = mkOption { arch = mkOption {
default = default = if cfg.cpu.x86.level >= 2 then "x86-64-v${toString cfg.cpu.x86.level}" else "x86-64";
if cfg.cpu.x86.level >= 2 then
"x86-64-v${toString cfg.cpu.x86.level}"
else
"x86-64"
;
example = "x86-64-v2"; example = "x86-64-v2";
description = "Set CPU arch used in overlays, ..."; description = "Set CPU arch used in overlays, ...";
type = types.str; type = types.str;
@ -57,7 +63,7 @@ in
description = "Set CPU tuning for compilers"; description = "Set CPU tuning for compilers";
type = types.str; type = types.str;
}; };
caches = { caches = {
l1d = mkOption { l1d = mkOption {
default = null; default = null;
@ -84,7 +90,7 @@ in
type = with types; nullOr ints.positive; type = with types; nullOr ints.positive;
}; };
}; };
x86 = { x86 = {
level = mkOption { level = mkOption {
default = 1; default = 1;
@ -113,9 +119,11 @@ in
font = "Lat2-Terminus16"; font = "Lat2-Terminus16";
}; };
boot.initrd.systemd.contents = mkIf (config.boot.initrd.systemd.enable && !config.console.earlySetup) { boot.initrd.systemd.contents =
"/etc/kbd/consolefonts".source = "${pkgs.kbd}/share/consolefonts"; mkIf (config.boot.initrd.systemd.enable && !config.console.earlySetup)
}; {
"/etc/kbd/consolefonts".source = "${pkgs.kbd}/share/consolefonts";
};
aviallon.boot.cmdline = mkIf cfg.unsafeOptimizations { aviallon.boot.cmdline = mkIf cfg.unsafeOptimizations {
mitigations = "off"; mitigations = "off";

16
hardware/amd/amdgpu.nix
View file

@ -1,11 +1,17 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
with lib; with lib;
let let
cfg = config.aviallon.hardware.amd; cfg = config.aviallon.hardware.amd;
devCfg = config.aviallon.developer; devCfg = config.aviallon.developer;
generalCfg = config.aviallon.general; generalCfg = config.aviallon.general;
in { in
config = mkIf (cfg.enable && cfg.kernelDriver == "amdgpu") { {
config = mkIf (cfg.enable && cfg.kernelDriver == "amdgpu") {
boot.initrd.kernelModules = [ "amdgpu" ]; boot.initrd.kernelModules = [ "amdgpu" ];
hardware.amdgpu.legacySupport.enable = true; hardware.amdgpu.legacySupport.enable = true;
@ -22,9 +28,7 @@ in {
SUBSYSTEM=="pci", DRIVER=="amdgpu", ATTR{power_dpm_force_performance_level}="auto" SUBSYSTEM=="pci", DRIVER=="amdgpu", ATTR{power_dpm_force_performance_level}="auto"
''; '';
services.xserver.videoDrivers = services.xserver.videoDrivers = optional cfg.useProprietary "amdgpu-pro" ++ [ "modesetting" ];
optional cfg.useProprietary "amdgpu-pro"
++ [ "modesetting" ];
hardware.amdgpu.opencl.enable = true; hardware.amdgpu.opencl.enable = true;

40
hardware/amd/cpu.nix
View file

@ -1,16 +1,25 @@
{config, pkgs, lib, ...}: {
config,
pkgs,
lib,
...
}:
with lib; with lib;
let let
generalCfg = config.aviallon.general; generalCfg = config.aviallon.general;
enableZenpower = (! isNull (builtins.match "znver[1-3]" generalCfg.cpu.arch)) && (versionOlder kernelVersion "6.13"); enableZenpower =
(!isNull (builtins.match "znver[1-3]" generalCfg.cpu.arch)) && (versionOlder kernelVersion "6.13");
kernelVersion = getVersion config.boot.kernelPackages.kernel; kernelVersion = getVersion config.boot.kernelPackages.kernel;
in { in
{
config = mkIf (generalCfg.cpu.vendor == "amd") { config = mkIf (generalCfg.cpu.vendor == "amd") {
boot.kernel.sysctl = { boot.kernel.sysctl = {
# Why: https://www.phoronix.com/news/Ryzen-Segv-Response # Why: https://www.phoronix.com/news/Ryzen-Segv-Response
# Workaround: https://forums.gentoo.org/viewtopic-p-2605135.html#2605135 # Workaround: https://forums.gentoo.org/viewtopic-p-2605135.html#2605135
"kernel.randomize_va_space" = mkIf (generalCfg.cpu.arch == "znver1" ) (warn "Disable Adress Space Layout Randomization on Ryzen 1 CPU" 0); "kernel.randomize_va_space" = mkIf (generalCfg.cpu.arch == "znver1") (
warn "Disable Adress Space Layout Randomization on Ryzen 1 CPU" 0
);
}; };
aviallon.boot.cmdline = { aviallon.boot.cmdline = {
@ -20,26 +29,23 @@ in {
else if versionAtLeast kernelVersion "6.3" then else if versionAtLeast kernelVersion "6.3" then
"active" "active"
else else
"passive" "passive";
; }
} // optionalAttrs (generalCfg.cpu.arch == "znver2") { // optionalAttrs (generalCfg.cpu.arch == "znver2") {
# Required for Zen 2 # Required for Zen 2
"amd_pstate.shared_memory" = 1; "amd_pstate.shared_memory" = 1;
}; };
aviallon.boot.patches = mkIf config.aviallon.optimizations.enable {}; aviallon.boot.patches = mkIf config.aviallon.optimizations.enable { };
boot.extraModulePackages = with config.boot.kernelPackages; [] boot.extraModulePackages =
++ optional enableZenpower (info "enable zenpower for Ryzen [1-3] CPU" zenpower) with config.boot.kernelPackages;
; [ ] ++ optional enableZenpower (info "enable zenpower for Ryzen [1-3] CPU" zenpower);
boot.kernelModules = [] boot.kernelModules = [ ] ++ optional enableZenpower "zenpower";
++ optional enableZenpower "zenpower"
;
boot.blacklistedKernelModules = [] boot.blacklistedKernelModules =
++ optional enableZenpower "k10-temp" # Superseded by zenpower [ ] ++ optional enableZenpower "k10-temp" # Superseded by zenpower
; ;
}; };
} }

19
hardware/amd/default.nix
View file

@ -1,9 +1,15 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
with lib; with lib;
let let
cfg = config.aviallon.hardware.amd; cfg = config.aviallon.hardware.amd;
generalCfg = config.aviallon.general; generalCfg = config.aviallon.general;
in { in
{
options.aviallon.hardware.amd = { options.aviallon.hardware.amd = {
enable = mkEnableOption "AMD gpus"; enable = mkEnableOption "AMD gpus";
useProprietary = mkEnableOption "Use proprietary AMDGPU Pro"; useProprietary = mkEnableOption "Use proprietary AMDGPU Pro";
@ -14,7 +20,12 @@ in {
}; };
kernelDriver = mkOption { kernelDriver = mkOption {
description = "wether to use radeon or amdgpu kernel driver"; description = "wether to use radeon or amdgpu kernel driver";
type = with types; enum [ "radeon" "amdgpu" ]; type =
with types;
enum [
"radeon"
"amdgpu"
];
default = "amdgpu"; default = "amdgpu";
}; };
}; };
@ -25,7 +36,7 @@ in {
./radeon.nix ./radeon.nix
./rocm.nix ./rocm.nix
]; ];
config = mkIf cfg.enable { config = mkIf cfg.enable {
aviallon.programs.nvtop = { aviallon.programs.nvtop = {

14
hardware/amd/radeon.nix
View file

@ -1,10 +1,16 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
with lib; with lib;
let let
cfg = config.aviallon.hardware.amd; cfg = config.aviallon.hardware.amd;
devCfg = config.aviallon.developer; devCfg = config.aviallon.developer;
generalCfg = config.aviallon.general; generalCfg = config.aviallon.general;
in { in
{
config = mkIf (cfg.enable && cfg.kernelDriver == "radeon") { config = mkIf (cfg.enable && cfg.kernelDriver == "radeon") {
boot.initrd.kernelModules = [ "radeon" ]; boot.initrd.kernelModules = [ "radeon" ];
@ -12,13 +18,13 @@ in {
}; };
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
]; ];
services.xserver.videoDrivers = [ services.xserver.videoDrivers = [
"modesetting" "modesetting"
]; ];
environment.variables = {}; environment.variables = { };
}; };
} }

115
hardware/amd/rocm.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
with lib; with lib;
let let
cfg = config.aviallon.hardware.amd; cfg = config.aviallon.hardware.amd;
@ -22,25 +27,31 @@ let
gxf1036 = "10.3.0"; gxf1036 = "10.3.0";
}; };
/*autoDetectGPU = pkgs: pkgs.callPackage ( /*
{ runCommandLocal, autoDetectGPU = pkgs: pkgs.callPackage (
gnugrep, { runCommandLocal,
rocmPackages, gnugrep,
}: runCommandLocal "hsa-version" { nativeBuildInputs = [ gnugrep rocmPackages.rocminfo ]; } '' rocmPackages,
set +e }: runCommandLocal "hsa-version" { nativeBuildInputs = [ gnugrep rocmPackages.rocminfo ]; } ''
mkdir -p $out/ set +e
echo "Computing HSA version" &>/dev/stderr mkdir -p $out/
ls -l /dev/kfd echo "Computing HSA version" &>/dev/stderr
rocminfo &>/dev/stderr ls -l /dev/kfd
rocminfo | grep --only-matching --perl-regexp '^\s*Name:\s+\Kgfx[0-9a-f]+' | tee $out/output rocminfo &>/dev/stderr
'' rocminfo | grep --only-matching --perl-regexp '^\s*Name:\s+\Kgfx[0-9a-f]+' | tee $out/output
) { };*/ ''
) { };
*/
gfxToCompatible = gfxISA: if (hasAttr gfxISA gfxToCompatibleMap) then (getAttr gfxISA gfxToCompatibleMap) else ""; gfxToCompatible =
in { gfxISA: if (hasAttr gfxISA gfxToCompatibleMap) then (getAttr gfxISA gfxToCompatibleMap) else "";
in
{
options.aviallon.hardware.amd.rocm = { options.aviallon.hardware.amd.rocm = {
enable = (mkEnableOption "ROCm configuration") // { default = true; }; enable = (mkEnableOption "ROCm configuration") // {
default = true;
};
gfxISA = mkOption { gfxISA = mkOption {
description = "What is the GFX ISA of your system. Leave blank if you have several GPUs of incompatible ISAs"; description = "What is the GFX ISA of your system. Leave blank if you have several GPUs of incompatible ISAs";
default = ""; default = "";
@ -49,47 +60,55 @@ in {
}; };
gpuTargets = mkOption { gpuTargets = mkOption {
description = "Override supported GPU ISAs in some ROCm packages."; description = "Override supported GPU ISAs in some ROCm packages.";
default = [ "803" default = [
"900" "803"
"906:xnack-" "900"
"908:xnack-" "906:xnack-"
"90a:xnack+" "90a:xnack-" "908:xnack-"
"940" "90a:xnack+"
"941" "90a:xnack-"
"942" "940"
"1010" "941"
"1012" "942"
"1030" "1010"
"1031" "1012"
"1100" "1030"
"1101" "1031"
"1102" ]; "1100"
example = [ "900" "1031" ]; "1101"
"1102"
];
example = [
"900"
"1031"
];
type = with types; nullOr (listOf str); type = with types; nullOr (listOf str);
}; };
}; };
config = mkIf (cfg.enable && localCfg.enable) { config = mkIf (cfg.enable && localCfg.enable) {
environment.systemPackages = with pkgs; environment.systemPackages =
with pkgs;
[ [
rocmPackages.rocm-smi rocmPackages.rocm-smi
#rocmPackages.meta.rocm-ml-libraries #rocmPackages.meta.rocm-ml-libraries
#rocmPackages.meta.rocm-hip-runtime #rocmPackages.meta.rocm-hip-runtime
#pkgs.autoDetectGPU #pkgs.autoDetectGPU
] ++ optionals devCfg.enable [
rocmPackages.rocminfo
] ]
; ++ optionals devCfg.enable [
rocmPackages.rocminfo
];
#systemd.tmpfiles.rules = [ #systemd.tmpfiles.rules = [
# "L+ /opt/rocm/hip - - - - ${pkgs.rocmPackages.meta.rocm-hip-runtime}" # "L+ /opt/rocm/hip - - - - ${pkgs.rocmPackages.meta.rocm-hip-runtime}"
#"L+ /tmp/hsa-version - - - - ${pkgs.autoDetectGPU}" #"L+ /tmp/hsa-version - - - - ${pkgs.autoDetectGPU}"
#]; #];
environment.variables = { environment.variables = {
ROC_ENABLE_PRE_VEGA = "1"; # Enable OpenCL with Polaris GPUs ROC_ENABLE_PRE_VEGA = "1"; # Enable OpenCL with Polaris GPUs
} // (mkIf (gfxToCompatible cfg.rocm.gfxISA != "") { }
// (mkIf (gfxToCompatible cfg.rocm.gfxISA != "") {
HSA_OVERRIDE_GFX_VERSION = gfxToCompatible cfg.rocm.gfxISA; HSA_OVERRIDE_GFX_VERSION = gfxToCompatible cfg.rocm.gfxISA;
}); });
@ -101,14 +120,19 @@ in {
]; ];
nix.settings.substituters = [ "https://nixos-rocm.cachix.org" ]; nix.settings.substituters = [ "https://nixos-rocm.cachix.org" ];
nix.settings.trusted-public-keys = [ "nixos-rocm.cachix.org-1:VEpsf7pRIijjd8csKjFNBGzkBqOmw8H9PRmgAq14LnE=" ]; nix.settings.trusted-public-keys = [
"nixos-rocm.cachix.org-1:VEpsf7pRIijjd8csKjFNBGzkBqOmw8H9PRmgAq14LnE="
];
nixpkgs.config.rocmSupport = true; nixpkgs.config.rocmSupport = true;
nixpkgs.overlays = mkIf (! isNull localCfg.gpuTargets) (mkBefore [(final: prev: { nixpkgs.overlays = mkIf (!isNull localCfg.gpuTargets) (mkBefore [
(final: prev: {
#rocmPackages_5 = final.rocmPackages; #rocmPackages_5 = final.rocmPackages;
rocmPackages = prev.rocmPackages // { rocmPackages = prev.rocmPackages // {
clr = prev.rocmPackages.clr.override { localGpuTargets = lib.forEach localCfg.gpuTargets (target: "gfx${target}"); }; clr = prev.rocmPackages.clr.override {
localGpuTargets = lib.forEach localCfg.gpuTargets (target: "gfx${target}");
};
rocdbgapi = prev.rocmPackages.rocdbgapi.override { buildDocs = false; }; rocdbgapi = prev.rocmPackages.rocdbgapi.override { buildDocs = false; };
# (oldAttrs: { # (oldAttrs: {
# passthru = oldAttrs.passthru // { # passthru = oldAttrs.passthru // {
@ -122,6 +146,7 @@ in {
# gpuTargets = lib.forEach localCfg.gpuTargets (target: "gfx${target}"); # gpuTargets = lib.forEach localCfg.gpuTargets (target: "gfx${target}");
#}; #};
}; };
})]); })
]);
}; };
} }

11
hardware/default.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
with lib; with lib;
let let
cfg = config.aviallon.hardware; cfg = config.aviallon.hardware;
@ -6,7 +11,7 @@ let
generalCfg = config.aviallon.general; generalCfg = config.aviallon.general;
in in
{ {
options.aviallon.hardware = { }; options.aviallon.hardware = { };
imports = [ imports = [
./amd ./amd
@ -15,6 +20,6 @@ in
./mesa.nix ./mesa.nix
]; ];
config = {}; config = { };
} }

10
hardware/intel/cpu.nix
View file

@ -1,9 +1,15 @@
{config, pkgs, lib, ...}: {
config,
pkgs,
lib,
...
}:
with lib; with lib;
let let
generalCfg = config.aviallon.general; generalCfg = config.aviallon.general;
throttledService = "throttled"; throttledService = "throttled";
in { in
{
config = mkIf (generalCfg.cpu.vendor == "intel") { config = mkIf (generalCfg.cpu.vendor == "intel") {
aviallon.boot.cmdline = { aviallon.boot.cmdline = {
"intel_pstate" = "passive"; "intel_pstate" = "passive";

52
hardware/intel/default.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
with lib; with lib;
let let
cfg = config.aviallon.hardware.intel; cfg = config.aviallon.hardware.intel;
@ -15,17 +20,19 @@ in
imports = [ imports = [
./cpu.nix ./cpu.nix
]; ];
config = mkIf cfg.enable { config = mkIf cfg.enable {
aviallon.programs.nvtop = { aviallon.programs.nvtop = {
enable = true; enable = true;
backend = [ "intel" ]; backend = [ "intel" ];
}; };
boot.initrd.kernelModules = [ "i915" ]; boot.initrd.kernelModules = [ "i915" ];
hardware.graphics = { hardware.graphics = {
enable = true; enable = true;
extraPackages = with pkgs; [] extraPackages =
with pkgs;
[ ]
++ [ ++ [
vaapiVdpau vaapiVdpau
libvdpau-va-gl libvdpau-va-gl
@ -38,24 +45,25 @@ in
; ;
}; };
aviallon.boot.cmdline = {} aviallon.boot.cmdline =
// optionalAttrs generalCfg.unsafeOptimizations { { }
"i915.mitigations" = "off"; // optionalAttrs generalCfg.unsafeOptimizations {
"i915.enable_fbc" = 1; "i915.mitigations" = "off";
} "i915.enable_fbc" = 1;
// optionalAttrs laptopCfg.enable { }
"i915.enable_fbc" = 1; // optionalAttrs laptopCfg.enable {
"i915.enable_dc" = 4; "i915.enable_fbc" = 1;
} "i915.enable_dc" = 4;
// optionalAttrs (generalCfg.unsafeOptimizations && laptopCfg.enable) { }
"i915.enable_psr" = 1; // optionalAttrs (generalCfg.unsafeOptimizations && laptopCfg.enable) {
} "i915.enable_psr" = 1;
// optionalAttrs devCfg.enable { }
"i915.enable_gvt" = 1; // optionalAttrs devCfg.enable {
} "i915.enable_gvt" = 1;
// { }
"i915.fastboot" = 1; // {
}; "i915.fastboot" = 1;
};
aviallon.hardware.mesa.enable = mkDefault true; aviallon.hardware.mesa.enable = mkDefault true;
}; };
} }

33
hardware/mesa.nix
View file

@ -1,4 +1,10 @@
{ config, pkgs, lib, options, ... }: {
config,
pkgs,
lib,
options,
...
}:
with lib; with lib;
let let
cfg = config.aviallon.hardware.mesa; cfg = config.aviallon.hardware.mesa;
@ -7,13 +13,18 @@ let
optimizationsCfg = config.aviallon.optimizations; optimizationsCfg = config.aviallon.optimizations;
optimizePkg = optimizationsCfg.optimizePkg; optimizePkg = optimizationsCfg.optimizePkg;
packageWithDefaults = types.package // { packageWithDefaults = types.package // {
merge = loc: defs: merge =
let res = mergeDefaultOption loc defs; loc: defs:
in if builtins.isPath res || (builtins.isString res && ! builtins.hasContext res) let
then toDerivation res res = mergeDefaultOption loc defs;
else res; in
if builtins.isPath res || (builtins.isString res && !builtins.hasContext res) then
toDerivation res
else
res;
}; };
in { in
{
options.aviallon.hardware.mesa = { options.aviallon.hardware.mesa = {
enable = mkOption { enable = mkOption {
default = false; default = false;
@ -50,7 +61,7 @@ in {
type = packageWithDefaults; type = packageWithDefaults;
default = cfg.package; default = cfg.package;
}; };
internal.package32 = mkOption { internal.package32 = mkOption {
internal = true; internal = true;
type = packageWithDefaults; type = packageWithDefaults;
@ -65,10 +76,8 @@ in {
aviallon.hardware.mesa.package32 = mkIf cfg.unstable pkgs.unstable.driversi686Linux.mesa; aviallon.hardware.mesa.package32 = mkIf cfg.unstable pkgs.unstable.driversi686Linux.mesa;
aviallon.hardware.mesa.internal = mkIf cfg.optimized { aviallon.hardware.mesa.internal = mkIf cfg.optimized {
package = mkDefault ( package = mkDefault (optimizePkg { lto = false; } cfg.package);
optimizePkg { lto = false; } cfg.package); package32 = mkDefault (optimizePkg { lto = false; } cfg.package32);
package32 = mkDefault (
optimizePkg { lto = false; } cfg.package32);
}; };
hardware.graphics = { hardware.graphics = {

25
hardware/nvidia/default.nix
View file

@ -1,13 +1,22 @@
{config, pkgs, lib, ...}: {
config,
pkgs,
lib,
...
}:
with lib; with lib;
let let
cfg = config.aviallon.hardware.nvidia; cfg = config.aviallon.hardware.nvidia;
in { in
{
imports = [ imports = [
./proprietary.nix ./proprietary.nix
./opensource.nix ./opensource.nix
( mkRenamedOptionModule [ "aviallon" "hardware" "nvidia" "saveAllVram" ] [ "aviallon" "hardware" "nvidia" "proprietary" "saveAllVram" ] ) (mkRenamedOptionModule
[ "aviallon" "hardware" "nvidia" "saveAllVram" ]
[ "aviallon" "hardware" "nvidia" "proprietary" "saveAllVram" ]
)
]; ];
options.aviallon.hardware.nvidia = { options.aviallon.hardware.nvidia = {
@ -16,7 +25,13 @@ in {
default = (cfg.variant == "proprietary"); default = (cfg.variant == "proprietary");
}; };
variant = mkOption { variant = mkOption {
type = with types; enum [ "proprietary" "open" "nouveau" ]; type =
with types;
enum [
"proprietary"
"open"
"nouveau"
];
description = "What driver variant to use"; description = "What driver variant to use";
default = "proprietary"; default = "proprietary";
example = "nouveau"; example = "nouveau";
@ -28,7 +43,7 @@ in {
enable = true; enable = true;
}; };
aviallon.hardware.nvidia.useProprietary = mkForce ( cfg.variant == "proprietary" ); aviallon.hardware.nvidia.useProprietary = mkForce (cfg.variant == "proprietary");
}; };
} }

45
hardware/nvidia/opensource.nix
View file

@ -1,17 +1,33 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
with lib; with lib;
let let
cfg = config.aviallon.hardware.nvidia; cfg = config.aviallon.hardware.nvidia;
in { in
{
options.aviallon.hardware.nvidia.nouveau = { options.aviallon.hardware.nvidia.nouveau = {
config = mkOption { config = mkOption {
description = "nouveau boot config"; description = "nouveau boot config";
type = with types; attrsOf (nullOr (oneOf [ int str bool ])); type =
example = { NvBoost = 1; }; with types;
default = {}; attrsOf (
nullOr (oneOf [
int
str
bool
])
);
example = {
NvBoost = 1;
};
default = { };
}; };
}; };
config = mkIf (cfg.enable && cfg.variant == "nouveau") { config = mkIf (cfg.enable && cfg.variant == "nouveau") {
boot.initrd.kernelModules = [ "nouveau" ]; boot.initrd.kernelModules = [ "nouveau" ];
@ -19,15 +35,14 @@ in {
"nouveau.pstate" = 1; "nouveau.pstate" = 1;
"nouveau.runpm" = 1; "nouveau.runpm" = 1;
"nouveau.modeset" = 1; "nouveau.modeset" = 1;
"nouveau.config" = let "nouveau.config" =
toValue = v: let
if isBool v toValue = v: if isBool v then toString (if v then 1 else 0) else toString v;
then toString (if v then 1 else 0) filteredConfig = filterAttrs (n: v: !isNull v) cfg.nouveau.config;
else toString v; configList = mapAttrsToList (n: v: "${n}=${toValue v}") filteredConfig;
filteredConfig = filterAttrs (n: v: ! isNull v) cfg.nouveau.config; configString = concatStringsSep "," configList;
configList = mapAttrsToList (n: v: "${n}=${toValue v}") filteredConfig; in
configString = concatStringsSep "," configList; trace "Nouveau config: ${configString}" configString;
in trace "Nouveau config: ${configString}" configString;
}; };
aviallon.hardware.mesa.enable = mkDefault true; aviallon.hardware.mesa.enable = mkDefault true;

92
hardware/nvidia/proprietary.nix
View file

@ -1,4 +1,11 @@
{ config, pkgs, lib, options, nixpkgs-unstable, ... }: {
config,
pkgs,
lib,
options,
nixpkgs-unstable,
...
}:
with lib; with lib;
let let
cfg = config.aviallon.hardware.nvidia; cfg = config.aviallon.hardware.nvidia;
@ -9,9 +16,14 @@ let
exec ${options.programs.xwayland.package.default}/bin/xwayland -eglstream "$@" exec ${options.programs.xwayland.package.default}/bin/xwayland -eglstream "$@"
''; '';
nvidiaUnstable = config.boot.kernelPackages.callPackage (nixpkgs-unstable + /pkgs/os-specific/linux/nvidia-x11/default.nix) {}; nvidiaUnstable = config.boot.kernelPackages.callPackage (
cudaUnstable = pkgs: cudaVersion: pkgs.callPackages (nixpkgs-unstable + /pkgs/top-level/cuda-packages.nix) { inherit cudaVersion; }; nixpkgs-unstable + /pkgs/os-specific/linux/nvidia-x11/default.nix
in { ) { };
cudaUnstable =
pkgs: cudaVersion:
pkgs.callPackages (nixpkgs-unstable + /pkgs/top-level/cuda-packages.nix) { inherit cudaVersion; };
in
{
options = { options = {
aviallon.hardware.nvidia.proprietary = { aviallon.hardware.nvidia.proprietary = {
gsync = mkEnableOption "Screen is GSYNC monitor"; gsync = mkEnableOption "Screen is GSYNC monitor";
@ -39,7 +51,12 @@ in {
saveAllVram = mkEnableOption "back up all VRAM in /var/tmp before going to sleep. May reduce artifacts after resuming"; saveAllVram = mkEnableOption "back up all VRAM in /var/tmp before going to sleep. May reduce artifacts after resuming";
version = mkOption { version = mkOption {
description = "What Nvidia version variant to use"; description = "What Nvidia version variant to use";
type = types.enum [ "production" "stable" "beta" "unstable_beta" ]; type = types.enum [
"production"
"stable"
"beta"
"unstable_beta"
];
default = if generalCfg.unsafeOptimizations then "beta" else "stable"; default = if generalCfg.unsafeOptimizations then "beta" else "stable";
example = "unstable_beta"; example = "unstable_beta";
}; };
@ -49,16 +66,21 @@ in {
# Very useful resource. # Very useful resource.
# https://forums.developer.nvidia.com/t/power-mizer-difference-between-powermizerdefault-and-powermizerlevel/46884/3 # https://forums.developer.nvidia.com/t/power-mizer-difference-between-powermizerdefault-and-powermizerlevel/46884/3
example = [ "PerfLevelSrc=0x2222" ]; example = [ "PerfLevelSrc=0x2222" ];
default = [ "PowerMizerEnable=0x1" "OverrideMaxPerf=0x1" "PowerMizerDefault=0x3" "PowerMizerDefaultAC=0x3" ]; default = [
"PowerMizerEnable=0x1"
"OverrideMaxPerf=0x1"
"PowerMizerDefault=0x3"
"PowerMizerDefaultAC=0x3"
];
type = with types; listOf str; type = with types; listOf str;
}; };
}; };
}; };
config = mkIf (cfg.enable && cfg.variant == "proprietary") { config = mkIf (cfg.enable && cfg.variant == "proprietary") {
assertions = []; assertions = [ ];
boot.initrd.kernelModules = [ boot.initrd.kernelModules = [
"nvidia" "nvidia"
"nvidia_drm" "nvidia_drm"
@ -71,13 +93,15 @@ in {
]; ];
services.xserver.screenSection = '' services.xserver.screenSection = ''
Option "Coolbits" "${toString cfg.proprietary.coolbits}" Option "Coolbits" "${toString cfg.proprietary.coolbits}"
Option "InbandStereoSignaling" "true" Option "InbandStereoSignaling" "true"
''; '';
services.xserver.exportConfiguration = true; services.xserver.exportConfiguration = true;
services.xserver.displayManager.sddm.wayland.enable = mkIf (!config.aviallon.hardware.intel.enable) (mkDefault false); # Frequent issues with Nvidia GPUs services.xserver.displayManager.sddm.wayland.enable = mkIf (
!config.aviallon.hardware.intel.enable
) (mkDefault false); # Frequent issues with Nvidia GPUs
# Fix hybrid sleep with Nvidia GPU # Fix hybrid sleep with Nvidia GPU
systemd.services.nvidia-suspend = { systemd.services.nvidia-suspend = {
@ -85,18 +109,19 @@ in {
before = [ "systemd-hybrid-sleep.service" ]; before = [ "systemd-hybrid-sleep.service" ];
}; };
hardware.nvidia = { hardware.nvidia = {
powerManagement = mkIf (config.hardware.nvidia.prime.offload.enable || cfg.proprietary.saveAllVram) { powerManagement =
enable = true; mkIf (config.hardware.nvidia.prime.offload.enable || cfg.proprietary.saveAllVram)
finegrained = mkIf config.hardware.nvidia.prime.offload.enable true; {
}; enable = true;
finegrained = mkIf config.hardware.nvidia.prime.offload.enable true;
};
modesetting.enable = true; modesetting.enable = true;
nvidiaSettings = true; nvidiaSettings = true;
package = package =
if cfg.proprietary.version == "unstable_beta" then if cfg.proprietary.version == "unstable_beta" then
nvidiaUnstable.beta # Use bleeding edge version nvidiaUnstable.beta # Use bleeding edge version
else else
config.boot.kernelPackages.nvidiaPackages.${cfg.proprietary.version} config.boot.kernelPackages.nvidiaPackages.${cfg.proprietary.version};
;
}; };
aviallon.hardware.nvidia.proprietary.EGLStream = mkDefault ( aviallon.hardware.nvidia.proprietary.EGLStream = mkDefault (
@ -108,7 +133,8 @@ in {
boot.extraModprobeConfig = '' boot.extraModprobeConfig = ''
options nvidia NVreg_RegistryDwords="${concatStringsSep ";" cfg.proprietary.registryDwords}" options nvidia NVreg_RegistryDwords="${concatStringsSep ";" cfg.proprietary.registryDwords}"
''; '';
aviallon.boot.cmdline = {} aviallon.boot.cmdline =
{ }
// { // {
"nvidia-drm.modeset" = 1; "nvidia-drm.modeset" = 1;
"nvidia-drm.fbdev" = 1; "nvidia-drm.fbdev" = 1;
@ -120,14 +146,13 @@ in {
"nvidia.NVreg_DynamicPowerManagement" = "0x02"; "nvidia.NVreg_DynamicPowerManagement" = "0x02";
"nvidia.NVreg_EnableS0ixPowerManagement" = 1; "nvidia.NVreg_EnableS0ixPowerManagement" = 1;
"nvidia.NVreg_TemporaryFilePath" = "/var/tmp"; "nvidia.NVreg_TemporaryFilePath" = "/var/tmp";
} };
;
programs.xwayland.package = mkIf cfg.proprietary.EGLStream xwaylandEGLStream; programs.xwayland.package = mkIf cfg.proprietary.EGLStream xwaylandEGLStream;
aviallon.programs.allowUnfreeList = [ aviallon.programs.allowUnfreeList = [
"nvidia-x11" "nvidia-x11"
"nvidia-settings" "nvidia-settings"
"cudatoolkit" "cudatoolkit"
"cuda_cccl" "cuda_cccl"
"libnpp" "libnpp"
@ -157,14 +182,13 @@ in {
"__GL_YIELD" = "USLEEP"; # use usleep(0) instead of sched_yield() -> better performance in most cases "__GL_YIELD" = "USLEEP"; # use usleep(0) instead of sched_yield() -> better performance in most cases
"__GL_ALLOW_UNOFFICIAL_PROTOCOL" = "1"; # allow unofficial GLX protocol if also set in Xorg conf "__GL_ALLOW_UNOFFICIAL_PROTOCOL" = "1"; # allow unofficial GLX protocol if also set in Xorg conf
"__GL_VRR_ALLOWED" = "1"; # Try to enable G-SYNC VRR if screen AND app is compatible "__GL_VRR_ALLOWED" = "1"; # Try to enable G-SYNC VRR if screen AND app is compatible
"__GL_SYNC_TO_VBLANK" = mkIf (!cfg.proprietary.vsync) (toValue cfg.proprietary.vsync); "__GL_SYNC_TO_VBLANK" = mkIf (!cfg.proprietary.vsync) (toValue cfg.proprietary.vsync);
# Causes Kwin to fail # Causes Kwin to fail
# https://github.com/ValveSoftware/gamescope/issues/526#issuecomment-1733739097 # https://github.com/ValveSoftware/gamescope/issues/526#issuecomment-1733739097
# "__GL_THREADED_OPTIMIZATIONS" = toValue generalCfg.unsafeOptimizations; # "__GL_THREADED_OPTIMIZATIONS" = toValue generalCfg.unsafeOptimizations;
"KWIN_DRM_USE_EGL_STREAMS" = toValue cfg.proprietary.EGLStream; # Make KWin use EGL Streams if needed, because otherwise performance will be horrible. "KWIN_DRM_USE_EGL_STREAMS" = toValue cfg.proprietary.EGLStream; # Make KWin use EGL Streams if needed, because otherwise performance will be horrible.
# Undocumented, fix for EGL not being found by Nvidia driver: https://github.com/NVIDIA/egl-wayland/issues/39#issuecomment-927288015 # Undocumented, fix for EGL not being found by Nvidia driver: https://github.com/NVIDIA/egl-wayland/issues/39#issuecomment-927288015
__EGL_EXTERNAL_PLATFORM_CONFIG_DIRS = "/run/opengl-driver/share/egl/egl_external_platform.d"; __EGL_EXTERNAL_PLATFORM_CONFIG_DIRS = "/run/opengl-driver/share/egl/egl_external_platform.d";
@ -176,15 +200,19 @@ in {
}; };
nix.settings.substituters = [ "https://cuda-maintainers.cachix.org" ]; nix.settings.substituters = [ "https://cuda-maintainers.cachix.org" ];
nix.settings.trusted-public-keys = [ "cuda-maintainers.cachix.org-1:0dq3bujKpuEPMCX6U4WylrUDZ9JyUG0VpVZa7CNfq5E=" ]; nix.settings.trusted-public-keys = [
"cuda-maintainers.cachix.org-1:0dq3bujKpuEPMCX6U4WylrUDZ9JyUG0VpVZa7CNfq5E="
];
nixpkgs.overlays = [] nixpkgs.overlays =
++ optional (cfg.proprietary.version == "unstable_beta") (final: prev: { [ ]
cudaPackages_11 = final.unstable.cudaPackages_11; ++ optional (cfg.proprietary.version == "unstable_beta") (
cudaPackages_12 = final.unstable.cudaPackages_12; final: prev: {
cudaPackages = final.unstable.cudaPackages; cudaPackages_11 = final.unstable.cudaPackages_11;
cudaPackages_12 = final.unstable.cudaPackages_12;
cudaPackages = final.unstable.cudaPackages;
}) }
; );
}; };
} }

67
laptop.nix
View file

@ -1,8 +1,14 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
with lib; with lib;
let let
cfg = config.aviallon.laptop; cfg = config.aviallon.laptop;
in { in
{
options.aviallon.laptop = { options.aviallon.laptop = {
enable = mkOption { enable = mkOption {
default = false; default = false;
@ -14,7 +20,11 @@ in {
default = "tlp"; default = "tlp";
example = "power-profiles-daemon"; example = "power-profiles-daemon";
description = "Change service used to manage power consumption on laptop"; description = "Change service used to manage power consumption on laptop";
type = types.enum [ "tlp" "power-profiles-daemon" false ]; type = types.enum [
"tlp"
"power-profiles-daemon"
false
];
}; };
tweaks = { tweaks = {
pcieAspmForce = mkEnableOption "hardcore tweaks to power consumption. Warning: Might be dangerous to use."; pcieAspmForce = mkEnableOption "hardcore tweaks to power consumption. Warning: Might be dangerous to use.";
@ -55,37 +65,40 @@ in {
}; };
}; };
systemd.services.aspm-force-enable =
systemd.services.aspm-force-enable = let let
aspm_enable = pkgs.callPackage ./packages/aspm_enable { }; aspm_enable = pkgs.callPackage ./packages/aspm_enable { };
in { in
serviceConfig = { {
ExecStart = [ serviceConfig = {
"${aspm_enable}/bin/aspm_enable" ExecStart = [
]; "${aspm_enable}/bin/aspm_enable"
Type = "simple"; ];
Type = "simple";
};
wantedBy = [ "multi-user.target" ];
description = "Force-enable PCIe ASPM";
enable = cfg.tweaks.pcieAspmForce;
}; };
wantedBy = [ "multi-user.target" ];
description = "Force-enable PCIe ASPM";
enable = cfg.tweaks.pcieAspmForce;
};
services.tlp.enable = (cfg.power-manager == "tlp"); services.tlp.enable = (cfg.power-manager == "tlp");
services.power-profiles-daemon.enable = (cfg.power-manager == "power-profiles-daemon"); services.power-profiles-daemon.enable = (cfg.power-manager == "power-profiles-daemon");
powerManagement.powertop.enable = mkDefault true; powerManagement.powertop.enable = mkDefault true;
systemd.services.powertop = mkIf config.powerManagement.powertop.enable { systemd.services.powertop = mkIf config.powerManagement.powertop.enable {
serviceConfig.ExecStart = let serviceConfig.ExecStart =
script = pkgs.writeShellScriptBin "powertop-auto-tune" '' let
${pkgs.powertop}/bin/powertop --auto-tune script = pkgs.writeShellScriptBin "powertop-auto-tune" ''
${pkgs.powertop}/bin/powertop --auto-tune
# Disable power-saving for HID devices (i.e., keyboard and mouse, as it is makes them frustrating to use) # Disable power-saving for HID devices (i.e., keyboard and mouse, as it is makes them frustrating to use)
HIDDEVICES=$(ls /sys/bus/usb/drivers/usbhid | grep -oE '^[0-9]+-[0-9\.]+' | sort -u) HIDDEVICES=$(ls /sys/bus/usb/drivers/usbhid | grep -oE '^[0-9]+-[0-9\.]+' | sort -u)
for i in $HIDDEVICES; do for i in $HIDDEVICES; do
echo -n "Enabling " | cat - /sys/bus/usb/devices/$i/product echo -n "Enabling " | cat - /sys/bus/usb/devices/$i/product
echo 'on' > /sys/bus/usb/devices/$i/power/control echo 'on' > /sys/bus/usb/devices/$i/power/control
done done
''; '';
in mkOverride 10 "${script}/bin/powertop-auto-tune"; in
mkOverride 10 "${script}/bin/powertop-auto-tune";
}; };
}; };
} }

36
lib/attrsets.nix
View file

@ -1,17 +1,25 @@
{lib, myLib, ...}: { lib, myLib, ... }:
with lib; with lib;
rec { rec {
mergeAttrsRecursive = a: b: foldAttrs (item: acc: mergeAttrsRecursive =
if (isNull acc) then a: b:
item foldAttrs
else if (isList item) then (
if isList acc then item: acc:
acc ++ item if (isNull acc) then
else [ acc ] ++ item item
else if (isString item) then else if (isList item) then
acc + item if isList acc then acc ++ item else [ acc ] ++ item
else if (isAttrs item) then else if (isString item) then
mergeAttrsRecursive acc item acc + item
else item else if (isAttrs item) then
) null [ b a ]; mergeAttrsRecursive acc item
else
item
)
null
[
b
a
];
} }

36
lib/config.nix
View file

@ -1,22 +1,28 @@
{lib, myLib}: { lib, myLib }:
with lib; with lib;
let let
mkListToString = { sep ? " " }: list: concatStringsSep sep ( mkListToString =
forEach list (v: toString v) {
); sep ? " ",
in rec { }:
list: concatStringsSep sep (forEach list (v: toString v));
in
rec {
mkValueString = mkValueString =
let let
gen = generators.mkValueStringDefault {}; gen = generators.mkValueStringDefault { };
listToString = mkListToString {}; listToString = mkListToString { };
in v: if isList v then listToString v in
else gen v; v: if isList v then listToString v else gen v;
mkKeyValue = { sep }: with generators; toKeyValue { mkKeyValue =
mkKeyValue = mkKeyValueDefault { { sep }:
mkValueString = mkValueString; with generators;
} sep; toKeyValue {
}; mkKeyValue = mkKeyValueDefault {
mkValueString = mkValueString;
} sep;
};
toSystemd = mkKeyValue { toSystemd = mkKeyValue {
sep = "="; sep = "=";

45
lib/debug.nix
View file

@ -1,22 +1,37 @@
{ lib, myLib }: { lib, myLib }:
with lib; with lib;
rec { rec {
toPretty = depth: x: toPretty =
depth: x:
# Stolen from: https://github.com/teto/nixpkgs/blob/6f098631f6f06b93c17f49abdf677790e017778d/lib/debug.nix#L109C5-L117C30 # Stolen from: https://github.com/teto/nixpkgs/blob/6f098631f6f06b93c17f49abdf677790e017778d/lib/debug.nix#L109C5-L117C30
let let
snip = v: if isList v then noQuotes "[]" v snip =
else if isAttrs v then noQuotes "{}" v v:
else v; if isList v then
noQuotes = str: v: { __pretty = const str; val = v; }; noQuotes "[]" v
modify = n: fn: v: if (n == 0) then fn v else if isAttrs v then
else if isList v then map (modify (n - 1) fn) v noQuotes "{}" v
else if isAttrs v then mapAttrs else
(const (modify (n - 1) fn)) v v;
else v; noQuotes = str: v: {
in lib.generators.toPretty { allowPrettyValues = true; } (modify depth snip x); __pretty = const str;
val = v;
traceValWithPrefix = prefix: value: };
modify =
n: fn: v:
if (n == 0) then
fn v
else if isList v then
map (modify (n - 1) fn) v
else if isAttrs v then
mapAttrs (const (modify (n - 1) fn)) v
else
v;
in
lib.generators.toPretty { allowPrettyValues = true; } (modify depth snip x);
traceValWithPrefix =
prefix: value:
#trace "traceValWithPrefix 'prefix': ${prefix}" value #trace "traceValWithPrefix 'prefix': ${prefix}" value
trace "${prefix}: ${toPretty 2 value}" value trace "${prefix}: ${toPretty 2 value}" value;
;
} }

42
lib/default.nix
View file

@ -1,17 +1,27 @@
{ lib ? import <nixpkgs/lib, ... }: {
lib ? import < nixpkgs/lib,
...
}:
let let
myLib = lib.makeExtensible (self: let myLib = lib.makeExtensible (
callLibs = file: import file { self:
inherit lib; let
myLib = self; callLibs =
}; file:
in { import file {
math = callLibs ./math.nix; inherit lib;
config = callLibs ./config.nix; myLib = self;
optimizations = callLibs ./optimizations.nix; };
attrsets = callLibs ./attrsets.nix; in
types = callLibs ./types.nix; {
debug = callLibs ./debug.nix; math = callLibs ./math.nix;
derivations = callLibs ./derivations.nix; config = callLibs ./config.nix;
}); optimizations = callLibs ./optimizations.nix;
in myLib attrsets = callLibs ./attrsets.nix;
types = callLibs ./types.nix;
debug = callLibs ./debug.nix;
derivations = callLibs ./derivations.nix;
}
);
in
myLib

16
lib/derivations.nix
View file

@ -1,15 +1,13 @@
{lib, myLib, ...}: { lib, myLib, ... }:
with lib; with lib;
rec { rec {
isBroken = x: isBroken =
x:
let let
tryX = builtins.tryEval x; tryX = builtins.tryEval x;
in in
if if tryX.success && (isDerivation tryX.value) then
tryX.success && (isDerivation tryX.value) tryX.value.meta.insecure || tryX.value.meta.broken
then else
tryX.value.meta.insecure || tryX.value.meta.broken true;
else
true
;
} }

18
lib/math.nix
View file

@ -1,12 +1,16 @@
{lib {
, myLib lib,
myLib,
}: }:
rec { rec {
log2 = let log2 =
mylog = x: y: if (x >= 2) then mylog (x / 2) (y + 1) else y; let
in x: mylog x 0; mylog = x: y: if (x >= 2) then mylog (x / 2) (y + 1) else y;
in
x: mylog x 0;
clamp = min_x: max_x: x: lib.min ( lib.max x min_x ) max_x; clamp =
min_x: max_x: x:
lib.min (lib.max x min_x) max_x;
} }

563
lib/optimizations.nix
View file

@ -33,15 +33,20 @@ let
"-Wl,-sort-common" "-Wl,-sort-common"
"-Wl,--gc-sections" "-Wl,--gc-sections"
]; ];
ltoFlags = { threads ? 1, thin ? false }: [ ltoFlags =
# Fat LTO objects are object files that contain both the intermediate language and the object code. This makes them usable for both LTO linking and normal linking. {
"-flto=${toString threads}" # Use -flto=auto to use GNU makes job server, if available, or otherwise fall back to autodetection of the number of CPU threads present in your system. threads ? 1,
(optionalString (!thin) "-ffat-lto-objects") thin ? false,
"-fuse-linker-plugin" }:
[
# Fat LTO objects are object files that contain both the intermediate language and the object code. This makes them usable for both LTO linking and normal linking.
"-flto=${toString threads}" # Use -flto=auto to use GNU makes job server, if available, or otherwise fall back to autodetection of the number of CPU threads present in your system.
(optionalString (!thin) "-ffat-lto-objects")
"-fuse-linker-plugin"
# Stream extra information needed for aggressive devirtualization when running the link-time optimizer in local transformation mode. # Stream extra information needed for aggressive devirtualization when running the link-time optimizer in local transformation mode.
"-fdevirtualize-at-ltrans" "-fdevirtualize-at-ltrans"
]; ];
expensiveOptimizationFlags = [ expensiveOptimizationFlags = [
"-O3" "-O3"
# Perform interprocedural pointer analysis and interprocedural modification and reference analysis. This option can cause excessive memory and compile-time usage on large compilation units. # Perform interprocedural pointer analysis and interprocedural modification and reference analysis. This option can cause excessive memory and compile-time usage on large compilation units.
@ -104,66 +109,62 @@ let
"-floop-nest-optimize" # "Calculates a loop structure optimized for data-locality and parallelism." "-floop-nest-optimize" # "Calculates a loop structure optimized for data-locality and parallelism."
]; ];
archToX86Level = arch: archToX86Level =
arch:
let let
_map = { } _map =
{ }
// genAttrs [ // genAttrs [
"nehalem" "nehalem"
"westmere" "westmere"
"sandybridge" "sandybridge"
"ivybridge" "ivybridge"
"silvermont" "silvermont"
"goldmont" "goldmont"
"goldmont-plus" "goldmont-plus"
"tremont" "tremont"
"lujiazui" "lujiazui"
"btver2" # Jaguar "btver2" # Jaguar
"bdver1" # Bulldozer and Piledriver (AMD FX family) "bdver1" # Bulldozer and Piledriver (AMD FX family)
"bdver2" # Piledriver "bdver2" # Piledriver
"bdver3" # Steamroller "bdver3" # Steamroller
"x86-64-v2" "x86-64-v2"
] ] (name: 2)
(name: 2)
// genAttrs [ // genAttrs [
"haswell" "haswell"
"broadwell" "broadwell"
"skylake" "skylake"
"alderlake" "alderlake"
"bdver4" # Excavator "bdver4" # Excavator
"znver1" "znver1"
"znver2" "znver2"
"znver3" "znver3"
"x86-64-v3" "x86-64-v3"
] ] (name: 3)
(name: 3)
// genAttrs [ // genAttrs [
"knl" "knl"
"knm" "knm"
"skylake-avx512" "skylake-avx512"
"cannonlake" "cannonlake"
"icelake-client" "icelake-client"
"icelake-server" "icelake-server"
"cascadelake" "cascadelake"
"cooperlake" "cooperlake"
"tigerlake" "tigerlake"
"sapphirerapids" "sapphirerapids"
"rocketlake" "rocketlake"
"znver4" "znver4"
"x86-64-v4" "x86-64-v4"
] ] (name: 4);
(name: 4)
;
in in
if (hasAttr arch _map) then _map.${arch} else 1 if (hasAttr arch _map) then _map.${arch} else 1;
;
getARMLevel = arch: getARMLevel =
if (! isNull arch) then arch: if (!isNull arch) then toInt (elemAt (builtins.match "armv([0-9]).+") 0) else null;
toInt (elemAt (builtins.match "armv([0-9]).+") 0)
else null;
# https://go.dev/doc/install/source#environment # https://go.dev/doc/install/source#environment
getGOARM = armLevel: if (isNull armLevel) || (armLevel < 5) || (armLevel > 7) then null else armLevel; getGOARM =
armLevel: if (isNull armLevel) || (armLevel < 5) || (armLevel > 7) then null else armLevel;
workarounds = { workarounds = {
# https://www.intel.com/content/dam/support/us/en/documents/processors/mitigations-jump-conditional-code-erratum.pdf # https://www.intel.com/content/dam/support/us/en/documents/processors/mitigations-jump-conditional-code-erratum.pdf
@ -177,7 +178,8 @@ let
}; };
}; };
addMarchSpecific = march: addMarchSpecific =
march:
let let
_map = { _map = {
skylake = workarounds.intel-jump-conditional-code; skylake = workarounds.intel-jump-conditional-code;
@ -188,16 +190,22 @@ let
in in
attrByPath [ march ] { } _map; attrByPath [ march ] { } _map;
cacheTuning =
cacheTuning = { compiler, l1d ? null, l1i ? null, l1Line ? null, lastLevel ? null }: {
if compiler == "gcc" then [ ] compiler,
++ optional (! isNull l1d) "--param l1-cache-size=${toString l1d}" l1d ? null,
++ optional (! isNull l1Line) "--param l1-cache-line-size=${toString l1Line}" l1i ? null,
++ optional (! isNull lastLevel) "--param l2-cache-size=${toString lastLevel}" l1Line ? null,
lastLevel ? null,
}:
if compiler == "gcc" then
[ ]
++ optional (!isNull l1d) "--param l1-cache-size=${toString l1d}"
++ optional (!isNull l1Line) "--param l1-cache-line-size=${toString l1Line}"
++ optional (!isNull lastLevel) "--param l2-cache-size=${toString lastLevel}"
else else
[ ]; [ ];
in in
rec { rec {
@ -209,51 +217,63 @@ rec {
"very-unsafe" = 5; "very-unsafe" = 5;
}; };
addAttrs = pkg: attrs: pkg.overrideAttrs (old: addAttrs =
(myLib.attrsets.mergeAttrsRecursive old attrs) // { pkg: attrs:
passthru = (pkg.passthru or {}) // (attrs.passtru or {}); pkg.overrideAttrs (
} old:
); (myLib.attrsets.mergeAttrsRecursive old attrs)
// {
passthru = (pkg.passthru or { }) // (attrs.passtru or { });
}
);
optimizePkg = pkg: { level ? "normal" optimizePkg =
, recursive ? 0 pkg:
, optimizeFlags ? (guessOptimizationFlags pkg) {
, blacklist ? [ ] level ? "normal",
, ltoBlacklist ? [ ] recursive ? 0,
, overrideMap ? { } optimizeFlags ? (guessOptimizationFlags pkg),
, stdenv ? null blacklist ? [ ],
, lto ? false ltoBlacklist ? [ ],
, attributes ? null overrideMap ? { },
, _depth ? 0 stdenv ? null,
, ... lto ? false,
}@attrs: attributes ? null,
_depth ? 0,
...
}@attrs:
if _depth > recursive then if _depth > recursive then
pkg # Max depth reached, return un-modified pkg pkg # Max depth reached, return un-modified pkg
else if isNull pkg then else if isNull pkg then
pkg # Pkg is null, ignore pkg # Pkg is null, ignore
else if ! isDerivation pkg then else if !isDerivation pkg then
pkg # Pkg is not a derivation, nothing to override/optimize pkg # Pkg is not a derivation, nothing to override/optimize
else if (hasAttr "overrideAttrs" pkg) then else if (hasAttr "overrideAttrs" pkg) then
let let
_pkgStdenvCC = attrByPath [ "stdenv" "cc" ] null pkg; _pkgStdenvCC = attrByPath [ "stdenv" "cc" ] null pkg;
_ltoBlacklisted = any (p: p == getName pkg) ltoBlacklist; _ltoBlacklisted = any (p: p == getName pkg) ltoBlacklist;
_lto = _lto = if (lto && _ltoBlacklisted) then warn "LTO-blacklisted '${getName pkg}'" false else lto;
if (lto && _ltoBlacklisted) then warn "LTO-blacklisted '${getName pkg}'" false
else lto;
_stdenvCC = if isNull stdenv then _pkgStdenvCC else stdenv.cc; _stdenvCC = if isNull stdenv then _pkgStdenvCC else stdenv.cc;
optimizedAttrs = optimizeFlags (attrs // { optimizedAttrs = optimizeFlags (
inherit level; attrs
compiler = // {
if isNull _pkgStdenvCC then null inherit level;
else if pkg.stdenv.cc.isGNU then "gcc" compiler =
else if pkg.stdenv.cc.isClang then "clang" if isNull _pkgStdenvCC then
else throw "Unknown compiler '${getName pkg.stdenv.cc}'" null null
; else if pkg.stdenv.cc.isGNU then
lto = _lto; "gcc"
stdenvCC = _stdenvCC; else if pkg.stdenv.cc.isClang then
}); "clang"
_nativeBuildInputs = filter (p: ! isNull p) (pkg.nativeBuildInputs or [ ]); else
_nativeBuildInputsOverriden = forEach _nativeBuildInputs (_pkg: throw "Unknown compiler '${getName pkg.stdenv.cc}'" null;
lto = _lto;
stdenvCC = _stdenvCC;
}
);
_nativeBuildInputs = filter (p: !isNull p) (pkg.nativeBuildInputs or [ ]);
_nativeBuildInputsOverriden = forEach _nativeBuildInputs (
_pkg:
let let
_pkgName = myGetName _pkg; _pkgName = myGetName _pkg;
hasOverride = any (n: n == _pkgName) (attrNames overrideMap); hasOverride = any (n: n == _pkgName) (attrNames overrideMap);
@ -265,201 +285,224 @@ rec {
_pkg _pkg
); );
_buildInputs = filter (p: (! isNull p) && (isDerivation p)) (pkg.buildInputs or [ ]); _buildInputs = filter (p: (!isNull p) && (isDerivation p)) (pkg.buildInputs or [ ]);
_buildInputsOverriden = forEach _buildInputs (_pkg: _buildInputsOverriden = forEach _buildInputs (
_pkg:
if (any (n: n == myGetName _pkg) blacklist) then if (any (n: n == myGetName _pkg) blacklist) then
warn "Skipping blacklisted '${myGetName _pkg}'" _pkg warn "Skipping blacklisted '${myGetName _pkg}'" _pkg
else else
optimizePkg _pkg (attrs // { optimizePkg _pkg (
inherit level recursive blacklist optimizeFlags stdenv; attrs
parallelize = null; // {
_depth = _depth + 1; inherit
}) level
recursive
blacklist
optimizeFlags
stdenv
;
parallelize = null;
_depth = _depth + 1;
}
)
); );
_pkgStdenvOverridable = attrByPath [ "override" "__functionArgs" "stdenv" ] null pkg; _pkgStdenvOverridable = attrByPath [ "override" "__functionArgs" "stdenv" ] null pkg;
_pkgWithStdenv = _pkgWithStdenv =
if (isNull _pkgStdenvOverridable) || (isNull stdenv) if (isNull _pkgStdenvOverridable) || (isNull stdenv) then
then pkg pkg
else warn "Replacing stdenv for '${myGetName pkg}'" (pkg.override { inherit stdenv; }); else
warn "Replacing stdenv for '${myGetName pkg}'" (pkg.override { inherit stdenv; });
_pkg = _pkgWithStdenv.overrideAttrs (old: _pkg = _pkgWithStdenv.overrideAttrs (
old:
{ {
buildInputs = _buildInputsOverriden; buildInputs = _buildInputsOverriden;
nativeBuildInputs = _nativeBuildInputsOverriden; nativeBuildInputs = _nativeBuildInputsOverriden;
} }
// optionalAttrs (! isNull _stdenvCC && _stdenvCC.isGNU) ({ // optionalAttrs (!isNull _stdenvCC && _stdenvCC.isGNU) ({
AR = "${_stdenvCC.cc}/bin/gcc-ar"; AR = "${_stdenvCC.cc}/bin/gcc-ar";
RANLIB = "${_stdenvCC.cc}/bin/gcc-ranlib"; RANLIB = "${_stdenvCC.cc}/bin/gcc-ranlib";
NM = "${_stdenvCC.cc}/bin/gcc-nm"; NM = "${_stdenvCC.cc}/bin/gcc-nm";
}) })
# Fix issue when CFLAGS is a string # Fix issue when CFLAGS is a string
// optionalAttrs (hasAttr "CFLAGS" old) { // optionalAttrs (hasAttr "CFLAGS" old) {
CFLAGS = if (! isList old.CFLAGS) then [ old.CFLAGS ] else old.CFLAGS; CFLAGS = if (!isList old.CFLAGS) then [ old.CFLAGS ] else old.CFLAGS;
} }
); );
_pkgOptimized = addAttrs _pkg optimizedAttrs; _pkgOptimized = addAttrs _pkg optimizedAttrs;
_pkgFinal = _pkgFinal =
if isAttrs attributes then if isAttrs attributes then addAttrs _pkgOptimized (traceVal attributes) else _pkgOptimized;
addAttrs _pkgOptimized (traceVal attributes)
else
_pkgOptimized
;
in in
trace "Optimized ${myGetName pkg} with overrideAttrs at level '${level}' (depth: ${toString _depth}, lto: ${if lto then "true" else "false"})" _pkgFinal trace "Optimized ${myGetName pkg} with overrideAttrs at level '${level}' (depth: ${toString _depth}, lto: ${if lto then "true" else "false"})" _pkgFinal
else if (hasAttr "name" pkg) then else if (hasAttr "name" pkg) then
warn "Can't optimize ${myGetName pkg} (depth: ${toString _depth})" pkg warn "Can't optimize ${myGetName pkg} (depth: ${toString _depth})" pkg
else else
throw "Not a pkg: ${builtins.toJSON pkg} (depth: ${toString _depth})" pkg throw "Not a pkg: ${builtins.toJSON pkg} (depth: ${toString _depth})" pkg;
;
myGetName = pkg: myGetName = pkg: if isDerivation pkg then getName pkg else null;
if isDerivation pkg
then getName pkg
else null;
#else warn "getName input is not a derivation: '${toString pkg}'" null; #else warn "getName input is not a derivation: '${toString pkg}'" null;
guessOptimizationFlags = pkg: { ... }@attrs: makeOptimizationFlags ({ guessOptimizationFlags =
rust = any (p: (myGetName p) == "rustc") pkg.nativeBuildInputs; pkg:
cmake = any (p: (myGetName p) == "cmake") pkg.nativeBuildInputs; { ... }@attrs:
go = any (p: (myGetName p) == "go") pkg.nativeBuildInputs; makeOptimizationFlags (
ninja = any (p: (myGetName p) == "ninja") pkg.nativeBuildInputs; {
autotools = any (p: (myGetName p) == "autoreconf-hook") pkg.nativeBuildInputs; rust = any (p: (myGetName p) == "rustc") pkg.nativeBuildInputs;
} // attrs); cmake = any (p: (myGetName p) == "cmake") pkg.nativeBuildInputs;
go = any (p: (myGetName p) == "go") pkg.nativeBuildInputs;
ninja = any (p: (myGetName p) == "ninja") pkg.nativeBuildInputs;
autotools = any (p: (myGetName p) == "autoreconf-hook") pkg.nativeBuildInputs;
}
// attrs
);
makeOptimizationFlags = makeOptimizationFlags =
{ level ? "normal" {
, extraCFlags ? null level ? "normal",
, lto ? false extraCFlags ? null,
, parallelize ? null lto ? false,
, cpuArch ? null parallelize ? null,
, cpuTune ? null cpuArch ? null,
, ISA ? "amd64" cpuTune ? null,
, armLevel ? (getARMLevel cpuArch) ISA ? "amd64",
, x86Level ? (archToX86Level cpuArch) armLevel ? (getARMLevel cpuArch),
, check ? false x86Level ? (archToX86Level cpuArch),
, compiler ? "gcc" check ? false,
, stdenvCC ? null compiler ? "gcc",
, cpuCores ? 4 stdenvCC ? null,
, go ? false cpuCores ? 4,
, rust ? false go ? false,
, cmake ? false rust ? false,
, ninja ? false cmake ? false,
, autotools ? false ninja ? false,
, l1LineCache ? null autotools ? false,
, l1iCache ? null l1LineCache ? null,
, l1dCache ? null l1iCache ? null,
, lastLevelCache ? null l1dCache ? null,
, ... lastLevelCache ? null,
...
}: }:
let let
levelN = levelNames.${level}; levelN = levelNames.${level};
march = march =
if (! isNull cpuArch) then cpuArch if (!isNull cpuArch) then
else if (! isNull cpuTune) then cpuTune cpuArch
else "generic"; else if (!isNull cpuTune) then
cpuTune
else
"generic";
uarchTune = uarchTune =
if (! isNull cpuTune) then cpuTune if (!isNull cpuTune) then
else if (! isNull cpuArch) then cpuArch cpuTune
else "generic"; else if (!isNull cpuArch) then
in myLib.debug.traceValWithPrefix "optimizations" (foldl' myLib.attrsets.mergeAttrsRecursive {} [ cpuArch
(rec { else
CFLAGS = unique "generic";
([ ] in
++ requiredFlags myLib.debug.traceValWithPrefix "optimizations" (
++ optionals (compiler == "clang") clangSpecificFlags foldl' myLib.attrsets.mergeAttrsRecursive { } [
++ optionals (levelN >= 1) genericCompileFlags (rec {
++ optionals (levelN >= 2) expensiveOptimizationFlags CFLAGS = unique (
++ optionals (levelN >= 3) moderatelyUnsafeOptimizationFlags [ ]
++ optionals (levelN >= 4) unsafeOptimizationFlags ++ requiredFlags
++ optionals (levelN >= 5) veryUnsafeOptimizationFlags ++ optionals (compiler == "clang") clangSpecificFlags
++ optionals lto (ltoFlags { threads = myLib.math.log2 cpuCores; }) ++ optionals (levelN >= 1) genericCompileFlags
++ optionals (! isNull parallelize) (automaticallyParallelizeFlags parallelize) ++ optionals (levelN >= 2) expensiveOptimizationFlags
++ optionals (! isNull extraCFlags) extraCFlags ++ optionals (levelN >= 3) moderatelyUnsafeOptimizationFlags
++ optionals (! isNull cpuArch) [ "-march=${cpuArch}" ] ++ optionals (levelN >= 4) unsafeOptimizationFlags
++ optionals (! isNull cpuTune) [ "-mtune=${uarchTune}" ] ++ optionals (levelN >= 5) veryUnsafeOptimizationFlags
++ cacheTuning { ++ optionals lto (ltoFlags {
inherit compiler; threads = myLib.math.log2 cpuCores;
l1Line = l1LineCache; })
l1i = l1iCache; ++ optionals (!isNull parallelize) (automaticallyParallelizeFlags parallelize)
l1d = l1dCache; ++ optionals (!isNull extraCFlags) extraCFlags
lastLevel = lastLevelCache; ++ optionals (!isNull cpuArch) [ "-march=${cpuArch}" ]
}); ++ optionals (!isNull cpuTune) [ "-mtune=${uarchTune}" ]
CXXFLAGS = CFLAGS; ++ cacheTuning {
CPPFLAGS = [] inherit compiler;
++ optionals (levelN >= 1) genericPreprocessorFlags; l1Line = l1LineCache;
LDFLAGS = [] l1i = l1iCache;
++ optionals (levelN >= 3) genericLinkerFlags; l1d = l1dCache;
lastLevel = lastLevelCache;
}
);
CXXFLAGS = CFLAGS;
CPPFLAGS = [ ] ++ optionals (levelN >= 1) genericPreprocessorFlags;
LDFLAGS = [ ] ++ optionals (levelN >= 3) genericLinkerFlags;
preConfigure = '' preConfigure = ''
_maxLoad=$(($NIX_BUILD_CORES * 2))
makeFlagsArray+=("-l''${_maxLoad}")
'';
})
(optionalAttrs autotools {
preConfigure = ''
configureFlagsArray+=( _maxLoad=$(($NIX_BUILD_CORES * 2))
"CFLAGS=$CFLAGS" makeFlagsArray+=("-l''${_maxLoad}")
"CXXFLAGS=$CXXFLAGS"
) '';
})
''; (optionalAttrs autotools {
}) preConfigure = ''
(optionalAttrs cmake {
preConfigure = '' configureFlagsArray+=(
"CFLAGS=$CFLAGS"
cmakeFlagsArray+=( "CXXFLAGS=$CXXFLAGS"
"-DCMAKE_CXX_FLAGS=$CXXFLAGS" )
"-DCMAKE_C_FLAGS=$CFLAGS"
${optionalString lto '' '';
"-DCMAKE_INTERPROCEDURAL_OPTIMIZATION=true" })
''} (optionalAttrs cmake {
) preConfigure = ''
'' cmakeFlagsArray+=(
; "-DCMAKE_CXX_FLAGS=$CXXFLAGS"
}) "-DCMAKE_C_FLAGS=$CFLAGS"
(optionalAttrs ninja { ${optionalString lto ''
preConfigure = '' "-DCMAKE_INTERPROCEDURAL_OPTIMIZATION=true"
''}
_maxLoad=$(($NIX_BUILD_CORES * 2)) )
ninjaFlagsArray+=("-l''${_maxLoad}")
'';
''; })
}) (optionalAttrs ninja {
(optionalAttrs rust { preConfigure = ''
RUSTFLAGS = [ ]
++ optionals (levelN >= 2) [ "-C opt-level=3" ] _maxLoad=$(($NIX_BUILD_CORES * 2))
++ optionals lto [ "-C lto=fat" "-C embed-bitcode=on" ] ninjaFlagsArray+=("-l''${_maxLoad}")
++ optionals (! isNull cpuArch) [ "-C target-cpu=${cpuArch}" ]
#++ [ "-C embed-bitcode=off" "-C lto=off" ] # Not needed since rust 1.45 '';
#++ optionals lto [ "-Clinker-plugin-lto" "-Clto" ] })
; (optionalAttrs rust {
}) RUSTFLAGS =
(optionalAttrs (!check) { [ ]
doCheck = false; ++ optionals (levelN >= 2) [ "-C opt-level=3" ]
doInstallCheck = false; ++ optionals lto [
}) "-C lto=fat"
(optionalAttrs (go && ISA == "amd64") { "-C embed-bitcode=on"
GOAMD64 = "v${toString x86Level}"; ]
}) ++ optionals (!isNull cpuArch) [ "-C target-cpu=${cpuArch}" ]
(optionalAttrs (go && ISA == "arm") { #++ [ "-C embed-bitcode=off" "-C lto=off" ] # Not needed since rust 1.45
GOARM = toString (getGOARM armLevel); #++ optionals lto [ "-Clinker-plugin-lto" "-Clto" ]
}) ;
(optionalAttrs (go && ISA == "i686") { })
GO386 = "sse2"; (optionalAttrs (!check) {
}) doCheck = false;
(optionalAttrs go { doInstallCheck = false;
GCCGO = "gccgo"; })
CGO_CFLAGS_ALLOW = "-f.*"; (optionalAttrs (go && ISA == "amd64") {
CGO_CXXFLAGS_ALLOW = "-f.*"; GOAMD64 = "v${toString x86Level}";
CGO_CPPFLAGS_ALLOW = "-D.*"; })
CGO_LDFLAGS_ALLOW = "-Wl.*"; (optionalAttrs (go && ISA == "arm") {
}) GOARM = toString (getGOARM armLevel);
(addMarchSpecific march) })
]) (optionalAttrs (go && ISA == "i686") {
; GO386 = "sse2";
})
(optionalAttrs go {
GCCGO = "gccgo";
CGO_CFLAGS_ALLOW = "-f.*";
CGO_CXXFLAGS_ALLOW = "-f.*";
CGO_CPPFLAGS_ALLOW = "-D.*";
CGO_LDFLAGS_ALLOW = "-Wl.*";
})
(addMarchSpecific march)
]
);
} }

14
lib/types.nix
View file

@ -2,10 +2,14 @@
with lib; with lib;
{ {
package' = types.package // { package' = types.package // {
merge = loc: defs: merge =
let res = mergeDefaultOption loc defs; loc: defs:
in if builtins.isPath res || (builtins.isString res && ! builtins.hasContext res) let
then toDerivation res res = mergeDefaultOption loc defs;
else res; in
if builtins.isPath res || (builtins.isString res && !builtins.hasContext res) then
toDerivation res
else
res;
}; };
} }

42
network.nix
View file

@ -1,4 +1,10 @@
{ config, pkgs, lib, myLib, ... }: {
config,
pkgs,
lib,
myLib,
...
}:
with lib; with lib;
let let
cfg = config.aviallon.network; cfg = config.aviallon.network;
@ -16,15 +22,27 @@ in
default = "systemd-networkd"; default = "systemd-networkd";
example = "NetworkManager"; example = "NetworkManager";
description = "Set network backend"; description = "Set network backend";
type = types.enum [ "systemd-networkd" "NetworkManager" "dhcpcd" ]; type = types.enum [
"systemd-networkd"
"NetworkManager"
"dhcpcd"
];
}; };
dns = mkOption { dns = mkOption {
default = "systemd-resolved"; default = "systemd-resolved";
example = "dnsmasq"; example = "dnsmasq";
description = "Set network DNS"; description = "Set network DNS";
type = types.enum [ "systemd-resolved" "dnsmasq" "unbound" "none" "default" ]; type = types.enum [
"systemd-resolved"
"dnsmasq"
"unbound"
"none"
"default"
];
};
vpnSupport = mkEnableOption "VPN support of many kinds in NetworkManager" // {
default = desktopCfg.enable;
}; };
vpnSupport = mkEnableOption "VPN support of many kinds in NetworkManager" // { default = desktopCfg.enable; };
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
@ -32,11 +50,10 @@ in
networking.networkmanager.enable = (cfg.backend == "NetworkManager"); networking.networkmanager.enable = (cfg.backend == "NetworkManager");
networking.dhcpcd.enable = (cfg.backend == "dhcpcd"); networking.dhcpcd.enable = (cfg.backend == "dhcpcd");
services.resolved = { services.resolved = {
enable = (cfg.dns == "systemd-resolved"); enable = (cfg.dns == "systemd-resolved");
settings.Resolve = { settings.Resolve = {
LLMNR = mkForce false; # https://www.blackhillsinfosec.com/how-to-disable-llmnr-why-you-want-to/ LLMNR = mkForce false; # https://www.blackhillsinfosec.com/how-to-disable-llmnr-why-you-want-to/
DNSSEC = false; DNSSEC = false;
DNS = [ DNS = [
# cloudflare-dns.com # cloudflare-dns.com
@ -50,7 +67,7 @@ in
services.udev.extraRules = concatStringsSep "\n" [ services.udev.extraRules = concatStringsSep "\n" [
(optionalString (!config.aviallon.laptop.enable) '' (optionalString (!config.aviallon.laptop.enable) ''
ACTION=="add", SUBSYSTEM=="net", NAME=="enp*", RUN+="${pkgs.ethtool}/bin/ethtool -s $name wol gu" ACTION=="add", SUBSYSTEM=="net", NAME=="enp*", RUN+="${pkgs.ethtool}/bin/ethtool -s $name wol gu"
'') '')
]; ];
@ -59,7 +76,9 @@ in
networking.networkmanager = { networking.networkmanager = {
wifi.backend = mkDefault "iwd"; wifi.backend = mkDefault "iwd";
dns = mkDefault cfg.dns; dns = mkDefault cfg.dns;
plugins = with pkgs; [] plugins =
with pkgs;
[ ]
++ optional (cfg.dns == "dnsmasq") dnsmasq ++ optional (cfg.dns == "dnsmasq") dnsmasq
++ optionals cfg.vpnSupport [ ++ optionals cfg.vpnSupport [
networkmanager_strongswan networkmanager_strongswan
@ -67,8 +86,7 @@ in
networkmanager-openconnect networkmanager-openconnect
networkmanager-sstp networkmanager-sstp
networkmanager-l2tp networkmanager-l2tp
] ];
;
}; };
networking.wireless.enable = (cfg.backend != "NetworkManager"); networking.wireless.enable = (cfg.backend != "NetworkManager");
networking.wireless.iwd.enable = true; networking.wireless.iwd.enable = true;
@ -78,7 +96,9 @@ in
# Must always be false # Must always be false
networking.useDHCP = false; networking.useDHCP = false;
networking.hostId = mkDefault (substring 0 8 (builtins.hashString "sha256" config.networking.hostName)); networking.hostId = mkDefault (
substring 0 8 (builtins.hashString "sha256" config.networking.hostName)
);
networking.hostName = mkDefault (builtins.abort "Default hostname not changed" null); networking.hostName = mkDefault (builtins.abort "Default hostname not changed" null);
# Needed for proper WiFi support in some countries (like France, for instance) # Needed for proper WiFi support in some countries (like France, for instance)

226
nix/builder.nix
View file

@ -1,4 +1,10 @@
{ config, pkgs, lib, myLib, ... }: {
config,
pkgs,
lib,
myLib,
...
}:
with lib; with lib;
let let
cfg = config.aviallon.nix; cfg = config.aviallon.nix;
@ -10,35 +16,40 @@ let
getSpeed = cores: threads: cores + (threads - cores) / 2; getSpeed = cores: threads: cores + (threads - cores) / 2;
mkBuildMachine = { mkBuildMachine =
hostName, {
cores, hostName,
systems ? [ "x86_64-linux" ] , cores,
threads ? (cores * 2), systems ? [ "x86_64-linux" ],
features ? [ ], threads ? (cores * 2),
x86ver ? 1 , features ? [ ],
... x86ver ? 1,
}@attrs: let ...
speedFactor = getSpeed cores threads; }@attrs:
in { let
inherit hostName speedFactor; speedFactor = getSpeed cores threads;
systems = systems in
++ optional (any (s: s == "x86_64-linux") systems) "i686-linux" {
; inherit hostName speedFactor;
sshUser = "builder"; systems = systems ++ optional (any (s: s == "x86_64-linux") systems) "i686-linux";
sshKey = buildUserKeyFilePath; sshUser = "builder";
maxJobs = myLib.math.log2 cores; sshKey = buildUserKeyFilePath;
supportedFeatures = [ "kvm" "benchmark" ] maxJobs = myLib.math.log2 cores;
supportedFeatures = [
"kvm"
"benchmark"
]
++ optional (speedFactor > 8) "big-parallel" ++ optional (speedFactor > 8) "big-parallel"
++ optional (x86ver >= 2) "gccarch-x86-64-v2" ++ optional (x86ver >= 2) "gccarch-x86-64-v2"
++ optional (x86ver >= 3) "gccarch-x86-64-v3" ++ optional (x86ver >= 3) "gccarch-x86-64-v3"
++ optional (x86ver >= 4) "gccarch-x86-64-v4" ++ optional (x86ver >= 4) "gccarch-x86-64-v4"
++ features ++ features;
;
};
machineList = filterAttrs (name: value: config.networking.hostName != name && value.enable) cfg.builder.buildMachines; };
machineList = filterAttrs (
name: value: config.networking.hostName != name && value.enable
) cfg.builder.buildMachines;
in in
{ {
imports = [ imports = [
@ -57,85 +68,104 @@ in
example = "/path/to/id_builder"; example = "/path/to/id_builder";
description = "Path to the private key nix builder user will use"; description = "Path to the private key nix builder user will use";
}; };
buildMachines = mkOption {
type = types.attrsOf (types.submoduleWith {
modules = [
({ config, options, name, ...}:
{
options = {
enable = mkOption {
type = types.bool;
default = true;
description = "Wether to enable or to disable this builder";
example = false;
};
hostName = mkOption {
type = types.str;
example = "luke-skywalker-nixos";
description = ''
Builder's host name
'';
};
sshConfig = mkOption {
type = types.str;
default = "";
example = ''
ProxyJump example.com
Port 2222
'';
description = "Extra ssh config for the builder.";
};
cores = mkOption {
type = with types; ints.unsigned;
example = 8;
description = "How many physical cores the builder has.";
};
threads = mkOption {
type = with types; addCheck ints.unsigned (n: n >= config.cores);
example = 16;
description = "How many physical _threads_ the builder has.";
};
x86ver = mkOption {
default = 1;
type = with types; addCheck ints.positive (n: n >= 1 && n <= 4);
example = 3;
description = "Maximum x86-64 feature level supported.";
};
};
})]; }); buildMachines = mkOption {
default = {}; type = types.attrsOf (
example = literalExpression types.submoduleWith {
'' modules = [
{ (
luke-skywalker-nixos = { {
hostName = "2aXX:e0a:18e:8670::"; config,
cores = 16; options,
threads = 32; name,
x86ver = 3; ...
}; }:
} {
''; options = {
enable = mkOption {
type = types.bool;
default = true;
description = "Wether to enable or to disable this builder";
example = false;
};
hostName = mkOption {
type = types.str;
example = "luke-skywalker-nixos";
description = ''
Builder's host name
'';
};
sshConfig = mkOption {
type = types.str;
default = "";
example = ''
ProxyJump example.com
Port 2222
'';
description = "Extra ssh config for the builder.";
};
cores = mkOption {
type = with types; ints.unsigned;
example = 8;
description = "How many physical cores the builder has.";
};
threads = mkOption {
type = with types; addCheck ints.unsigned (n: n >= config.cores);
example = 16;
description = "How many physical _threads_ the builder has.";
};
x86ver = mkOption {
default = 1;
type = with types; addCheck ints.positive (n: n >= 1 && n <= 4);
example = 3;
description = "Maximum x86-64 feature level supported.";
};
};
}
)
];
}
);
default = { };
example = literalExpression ''
{
luke-skywalker-nixos = {
hostName = "2aXX:e0a:18e:8670::";
cores = 16;
threads = 32;
x86ver = 3;
};
}
'';
description = "NixOS builders"; description = "NixOS builders";
}; };
}; };
config = { config = {
nix.buildMachines = traceValSeqN 3 (mapAttrsToList (name: value: nix.buildMachines = traceValSeqN 3 (
mkBuildMachine { mapAttrsToList (
inherit (value) hostName cores threads x86ver; name: value:
} mkBuildMachine {
) machineList); inherit (value)
hostName
cores
threads
x86ver
;
}
) machineList
);
programs.ssh.extraConfig = concatStringsSep "\n" (mapAttrsToList (name: value: programs.ssh.extraConfig = concatStringsSep "\n" (
(optionalString (value.sshConfig != "") mapAttrsToList (
'' name: value:
Host ${value.hostName} (optionalString (value.sshConfig != "") ''
${value.sshConfig} Host ${value.hostName}
'' ${value.sshConfig}
) '')
) machineList); ) machineList
);
users.users.builder = { users.users.builder = {
isSystemUser = true; isSystemUser = true;
@ -146,7 +176,7 @@ in
]; ];
shell = pkgs.bashInteractive; shell = pkgs.bashInteractive;
}; };
users.groups.builder = {}; users.groups.builder = { };
nix.settings.trusted-users = [ "builder" ]; nix.settings.trusted-users = [ "builder" ];
boot.enableContainers = mkForce true; boot.enableContainers = mkForce true;

87
nix/nix.nix
View file

@ -1,4 +1,12 @@
{config, pkgs, lib, myLib, nixpkgs, nixpkgs-unstable, ...}: {
config,
pkgs,
lib,
myLib,
nixpkgs,
nixpkgs-unstable,
...
}:
with lib; with lib;
with myLib; with myLib;
let let
@ -13,7 +21,7 @@ in
enableCustomSubstituter = mkEnableOption "custom substituter using nix-cache.lesviallon.fr"; enableCustomSubstituter = mkEnableOption "custom substituter using nix-cache.lesviallon.fr";
contentAddressed = mkEnableOption "experimental content-addressed derivations"; contentAddressed = mkEnableOption "experimental content-addressed derivations";
}; };
config = { config = {
system.autoUpgrade.enable = mkDefault true; system.autoUpgrade.enable = mkDefault true;
@ -26,16 +34,18 @@ in
upper = "05:00"; upper = "05:00";
}; };
system.build.nixos-rebuild = let system.build.nixos-rebuild =
nixos-rebuild = pkgs.nixos-rebuild.override { nix = config.nix.package.out; }; let
nixos-rebuild-inhibit = pkgs.writeShellScriptBin "nixos-rebuild" '' nixos-rebuild = pkgs.nixos-rebuild.override { nix = config.nix.package.out; };
exec ${config.systemd.package}/bin/systemd-inhibit --what=idle:shutdown --mode=block \ nixos-rebuild-inhibit = pkgs.writeShellScriptBin "nixos-rebuild" ''
--who="NixOS rebuild" \ exec ${config.systemd.package}/bin/systemd-inhibit --what=idle:shutdown --mode=block \
--why="NixOS must finish rebuilding configuration or work would be lost." \ --who="NixOS rebuild" \
-- \ --why="NixOS must finish rebuilding configuration or work would be lost." \
${pkgs.coreutils}/bin/nice -n 19 -- ${nixos-rebuild}/bin/nixos-rebuild "$@" -- \
${pkgs.coreutils}/bin/nice -n 19 -- ${nixos-rebuild}/bin/nixos-rebuild "$@"
''; '';
in mkOverride 20 nixos-rebuild-inhibit; in
mkOverride 20 nixos-rebuild-inhibit;
environment.systemPackages = [ environment.systemPackages = [
(hiPrio config.system.build.nixos-rebuild) (hiPrio config.system.build.nixos-rebuild)
@ -44,7 +54,7 @@ in
environment.variables = { environment.variables = {
NIX_REMOTE = "daemon"; # Use the nix daemon by default NIX_REMOTE = "daemon"; # Use the nix daemon by default
}; };
systemd.services.nixos-upgrade = { systemd.services.nixos-upgrade = {
unitConfig = { unitConfig = {
ConditionCPUPressure = "user.slice:15%"; ConditionCPUPressure = "user.slice:15%";
@ -63,14 +73,12 @@ in
}; };
}; };
nix.gc.automatic = mkDefault true; nix.gc.automatic = mkDefault true;
nix.gc.dates = mkDefault "Monday,Wednesday,Friday,Sunday 03:00:00"; nix.gc.dates = mkDefault "Monday,Wednesday,Friday,Sunday 03:00:00";
nix.gc.randomizedDelaySec = "3h"; nix.gc.randomizedDelaySec = "3h";
nix.optimise.automatic = mkDefault (!config.nix.settings.auto-optimise-store); nix.optimise.automatic = mkDefault (!config.nix.settings.auto-optimise-store);
nix.optimise.dates = mkDefault [ "Tuesday,Thursday,Saturday 03:00:00" ]; nix.optimise.dates = mkDefault [ "Tuesday,Thursday,Saturday 03:00:00" ];
nix.settings.auto-optimise-store = mkDefault true; nix.settings.auto-optimise-store = mkDefault true;
systemd.services.nix-daemon = { systemd.services.nix-daemon = {
serviceConfig = { serviceConfig = {
@ -84,31 +92,40 @@ in
}; };
}; };
nix.package = optimizePkg {
nix.package = optimizePkg { stdenv = pkgs.fastStdenv; level = "slower"; } pkgs.nixVersions.latest; stdenv = pkgs.fastStdenv;
level = "slower";
} pkgs.nixVersions.latest;
nix.settings.system-features = [ "big-parallel" "kvm" "benchmark" ] nix.settings.system-features = [
++ optional ( ! isNull generalCfg.cpu.arch ) "gccarch-${generalCfg.cpu.arch}" "big-parallel"
++ optional ( generalCfg.cpu.x86.level >= 2 ) "gccarch-x86-64-v2" "kvm"
++ optional ( generalCfg.cpu.x86.level >= 3 ) "gccarch-x86-64-v3" "benchmark"
++ optional ( generalCfg.cpu.x86.level >= 4 ) "gccarch-x86-64-v4" ]
; ++ optional (!isNull generalCfg.cpu.arch) "gccarch-${generalCfg.cpu.arch}"
++ optional (generalCfg.cpu.x86.level >= 2) "gccarch-x86-64-v2"
++ optional (generalCfg.cpu.x86.level >= 3) "gccarch-x86-64-v3"
++ optional (generalCfg.cpu.x86.level >= 4) "gccarch-x86-64-v4";
nix.settings.builders-use-substitutes = true; nix.settings.builders-use-substitutes = true;
nix.settings.substitute = true; nix.settings.substitute = true;
nix.settings.experimental-features = [ "nix-command" "flakes" ] nix.settings.experimental-features = [
++ optional (versionOlder config.nix.package.version "2.19") "repl-flake" "nix-command"
++ optional cfg.contentAddressed "ca-derivations" "flakes"
; ]
++ optional (versionOlder config.nix.package.version "2.19") "repl-flake"
++ optional cfg.contentAddressed "ca-derivations";
nix.settings.download-attempts = 5; nix.settings.download-attempts = 5;
nix.settings.stalled-download-timeout = 20; nix.settings.stalled-download-timeout = 20;
nix.settings.substituters = mkBefore ([] nix.settings.substituters = mkBefore (
[ ]
++ optional cfg.enableCustomSubstituter "https://nix-cache.lesviallon.fr" ++ optional cfg.enableCustomSubstituter "https://nix-cache.lesviallon.fr"
++ optional cfg.contentAddressed "https://cache.ngi0.nixos.org/" ++ optional cfg.contentAddressed "https://cache.ngi0.nixos.org/"
); );
nix.settings.trusted-public-keys = mkBefore ([] nix.settings.trusted-public-keys = mkBefore (
[ ]
++ optional cfg.enableCustomSubstituter "nix-cache.lesviallon.fr-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" ++ optional cfg.enableCustomSubstituter "nix-cache.lesviallon.fr-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
++ optional cfg.contentAddressed "cache.ngi0.nixos.org-1:KqH5CBLNSyX184S9BKZJo1LxrxJ9ltnY2uAs5c/f1MA=" ++ optional cfg.contentAddressed "cache.ngi0.nixos.org-1:KqH5CBLNSyX184S9BKZJo1LxrxJ9ltnY2uAs5c/f1MA="
); );
@ -118,9 +135,15 @@ in
nix.settings.cores = mkIf (generalCfg.cpu.threads != null) generalCfg.cpu.threads; nix.settings.cores = mkIf (generalCfg.cpu.threads != null) generalCfg.cpu.threads;
nix.settings.max-jobs = mkIf (generalCfg.cpu.threads != null) (math.log2 generalCfg.cpu.threads); nix.settings.max-jobs = mkIf (generalCfg.cpu.threads != null) (math.log2 generalCfg.cpu.threads);
nix.settings.trusted-users = [ "root" "@wheel" ]; nix.settings.trusted-users = [
"root"
"@wheel"
];
nix.settings.hashed-mirrors = [ "https://tarballs.nixos.org" "https://nixpkgs-unfree.cachix.org" ]; nix.settings.hashed-mirrors = [
"https://tarballs.nixos.org"
"https://nixpkgs-unfree.cachix.org"
];
nix.registry = { nix.registry = {
nixpkgs.flake = nixpkgs; nixpkgs.flake = nixpkgs;

167
optimizations/optimizations.nix
View file

@ -1,4 +1,11 @@
{ config, pkgs, options, lib, myLib, ... }: {
config,
pkgs,
options,
lib,
myLib,
...
}:
with lib; with lib;
let let
cfg = config.aviallon.optimizations; cfg = config.aviallon.optimizations;
@ -24,18 +31,18 @@ let
lto = cfg.lto.enable; lto = cfg.lto.enable;
}; };
optimizePkg = { optimizePkg =
attributes ? {}, {
attributes ? { },
stdenv ? null, stdenv ? null,
... ...
}@attrs: pkg: }@attrs:
myLib.optimizations.optimizePkg pkg ( pkg:
defaultOptimizeAttrs myLib.optimizations.optimizePkg pkg (
// cfg.defaultSettings defaultOptimizeAttrs // cfg.defaultSettings // { inherit stdenv attributes; } // attrs
// { inherit stdenv attributes; } );
// attrs in
); {
in {
options.aviallon.optimizations = { options.aviallon.optimizations = {
enable = mkOption { enable = mkOption {
default = true; default = true;
@ -52,12 +59,22 @@ in {
blacklist = mkOption { blacklist = mkOption {
description = "Packages to blacklist from LTO"; description = "Packages to blacklist from LTO";
type = types.listOf types.str; type = types.listOf types.str;
default = [ "x265" "cpio" "cups" "gtk+3" "which" "openssh" ]; default = [
"x265"
"cpio"
"cups"
"gtk+3"
"which"
"openssh"
];
}; };
}; };
extraCompileFlags = mkOption { extraCompileFlags = mkOption {
default = [ ]; default = [ ];
example = [ "-O2" "-mavx" ]; example = [
"-O2"
"-mavx"
];
description = "Add specific compile flags"; description = "Add specific compile flags";
type = types.listOf types.str; type = types.listOf types.str;
}; };
@ -66,11 +83,14 @@ in {
recursive = 0; recursive = 0;
level = "slower"; level = "slower";
}; };
example = { level = "unsafe"; recursive = 0; }; example = {
level = "unsafe";
recursive = 0;
};
description = "Specify default options passed to optimizePkg"; description = "Specify default options passed to optimizePkg";
}; };
optimizePkg = mkOption { optimizePkg = mkOption {
default = if cfg.enable then optimizePkg else ({...}: pkg: pkg); default = if cfg.enable then optimizePkg else ({ ... }: pkg: pkg);
example = "pkg: pkg.override { stdenv = pkgs.fastStdenv; }"; example = "pkg: pkg.override { stdenv = pkgs.fastStdenv; }";
description = "Function used for optimizing packages"; description = "Function used for optimizing packages";
type = with types; functionTo (functionTo package); type = with types; functionTo (functionTo package);
@ -78,15 +98,26 @@ in {
trace = mkEnableOption "trace attributes in overriden derivations"; trace = mkEnableOption "trace attributes in overriden derivations";
runtimeOverrides.enable = mkEnableOption "runtime overrides for performance sensitive libraries (glibc, ...)"; runtimeOverrides.enable = mkEnableOption "runtime overrides for performance sensitive libraries (glibc, ...)";
blacklist = mkOption { blacklist = mkOption {
default = [ # Broken default = [
"alsa-lib" "glib" "lcms2" "gconf" "gnome-vfs" # Broken
"alsa-lib"
"glib"
"lcms2"
"gconf"
"gnome-vfs"
# Very slow # Very slow
"llvm" "clang" "clang-wrapper" "valgrind" "rustc" "tensorflow" "qtwebengine" "llvm"
"clang"
"clang-wrapper"
"valgrind"
"rustc"
"tensorflow"
"qtwebengine"
# Fixable with work, but slow for now # Fixable with work, but slow for now
"rapidjson" "rapidjson"
]; ];
example = [ "bash" ]; example = [ "bash" ];
description = "Blacklist specific packages from optimizations"; description = "Blacklist specific packages from optimizations";
type = types.listOf types.str; type = types.listOf types.str;
@ -95,13 +126,12 @@ in {
type = with types; attrsOf package; type = with types; attrsOf package;
default = { default = {
}; };
example = literalExpression example = literalExpression ''
'' {
{ ninja = pkgs.ninja-samurai;
ninja = pkgs.ninja-samurai; cmake = pkgs.my-cmake-override;
cmake = pkgs.my-cmake-override; }
} '';
'';
description = "Allow overriding packages found in `nativeBuildInputs` with custom packages."; description = "Allow overriding packages found in `nativeBuildInputs` with custom packages.";
}; };
}; };
@ -109,50 +139,59 @@ in {
config = mkIf cfg.enable { config = mkIf cfg.enable {
aviallon.optimizations.blacklist = mkDefault ( aviallon.optimizations.blacklist = mkDefault (
options.aviallon.optimizations.blacklist.default options.aviallon.optimizations.blacklist.default
++ (traceValSeq (forEach config.system.replaceRuntimeDependencies (x: lib.getName x.oldDependency ))) ++ (traceValSeq (forEach config.system.replaceRuntimeDependencies (x: lib.getName x.oldDependency)))
); );
system.replaceDependencies.replacements = mkIf (!lib.inPureEvalMode && cfg.runtimeOverrides.enable) [ system.replaceDependencies.replacements =
# glibc usually represents 20% of the userland CPU time. It is therefore very much worth optimizing. mkIf (!lib.inPureEvalMode && cfg.runtimeOverrides.enable)
/*{ [
original = pkgs.glibc; # glibc usually represents 20% of the userland CPU time. It is therefore very much worth optimizing.
replacement = let /*
optimizedFlags = [ "-fipa-pta" ]; {
#optimizedFlags = myLib.optimizations.guessOptimizationsFlags pkgs.glibc (defaultOptimizeAttrs // { level = "slower"; recursive = 0; }); original = pkgs.glibc;
in pkgs.glibc.overrideAttrs (attrs: myLib.debug.traceValWithPrefix "optimizations (glibc)" { replacement = let
passthru = pkgs.glibc.passthru; optimizedFlags = [ "-fipa-pta" ];
env = (attrs.env or {}) // { #optimizedFlags = myLib.optimizations.guessOptimizationsFlags pkgs.glibc (defaultOptimizeAttrs // { level = "slower"; recursive = 0; });
NIX_CFLAGS_COMPILE = (attrs.env.NIX_CFLAGS_COMPILE or "") + (toString optimizedFlags.CFLAGS); in pkgs.glibc.overrideAttrs (attrs: myLib.debug.traceValWithPrefix "optimizations (glibc)" {
}; passthru = pkgs.glibc.passthru;
}); env = (attrs.env or {}) // {
}*/ NIX_CFLAGS_COMPILE = (attrs.env.NIX_CFLAGS_COMPILE or "") + (toString optimizedFlags.CFLAGS);
# zlib is in second place, given how often it is used };
#{ });
# original = pkgs.zlib; }
# replacement = optimizePkg { level = "slower"; } pkgs.zlib; */
#} # zlib is in second place, given how often it is used
]; #{
# original = pkgs.zlib;
# replacement = optimizePkg { level = "slower"; } pkgs.zlib;
#}
];
nixpkgs.overlays = mkAfter [ nixpkgs.overlays = mkAfter [
(self: super: { (self: super: {
veryFastStdenv = super.overrideCC super.gccStdenv (super.buildPackages.gcc_latest.overrideAttrs (old: veryFastStdenv = super.overrideCC super.gccStdenv (
let super.buildPackages.gcc_latest.overrideAttrs (
optimizedAttrs = {} old:
// { let
optimizedAttrs = { } // {
configureFlags = [ configureFlags = [
"--with-cpu-64=${generalCfg.cpu.arch}" "--with-arch-64=${generalCfg.cpu.arch}" "--with-cpu-64=${generalCfg.cpu.arch}"
"--with-arch-64=${generalCfg.cpu.arch}"
"--with-tune-64=${generalCfg.cpu.tune}" "--with-tune-64=${generalCfg.cpu.tune}"
"--with-build-config=bootstrap-lto-lean" "--with-build-config=bootstrap-lto-lean"
]; ];
} };
; ccWithProfiling = old.cc.overrideAttrs (_: {
ccWithProfiling = old.cc.overrideAttrs (_: { buildFlags = [ "profiledbootstrap" ]; } ); buildFlags = [ "profiledbootstrap" ];
in { });
cc = addAttrs ccWithProfiling optimizedAttrs; in
} {
)); cc = addAttrs ccWithProfiling optimizedAttrs;
}
)
);
}) })
(self: super: { (self: super: {
#jetbrains = super.jetbrains // { #jetbrains = super.jetbrains // {
# jdk = pipe super.jetbrains.jdk [ # jdk = pipe super.jetbrains.jdk [

11
optimizations/services.nix
View file

@ -1,4 +1,10 @@
{ config, options, pkgs, lib, ... }: {
config,
options,
pkgs,
lib,
...
}:
with lib; with lib;
let let
cfg = config.aviallon.optimizations; cfg = config.aviallon.optimizations;
@ -8,7 +14,8 @@ let
}; };
man-db = optimizePkg { level = "moderately-unsafe"; } pkgs.man-db; man-db = optimizePkg { level = "moderately-unsafe"; } pkgs.man-db;
mandoc = optimizePkg { level = "moderately-unsafe"; } pkgs.mandoc; mandoc = optimizePkg { level = "moderately-unsafe"; } pkgs.mandoc;
in { in
{
config = mkIf cfg.enable { config = mkIf cfg.enable {
documentation.man.man-db.package = man-db; documentation.man.man-db.package = man-db;
documentation.man.mandoc.package = mandoc; documentation.man.mandoc.package = mandoc;

309
overlays.nix
View file

@ -1,4 +1,11 @@
{config, pkgs, options, lib, myLib, ...}: {
config,
pkgs,
options,
lib,
myLib,
...
}:
with builtins; with builtins;
with lib; with lib;
let let
@ -8,7 +15,10 @@ in
{ {
imports = [ imports = [
(mkRenamedOptionModule [ "aviallon" "overlays" "optimizations" ] [ "aviallon" "optimizations" "enable" ]) (mkRenamedOptionModule
[ "aviallon" "overlays" "optimizations" ]
[ "aviallon" "optimizations" "enable" ]
)
]; ];
options.aviallon.overlays = { options.aviallon.overlays = {
@ -21,140 +31,179 @@ in
traceCallPackage = mkEnableOption "printing package names each time callPackage is evaluated"; traceCallPackage = mkEnableOption "printing package names each time callPackage is evaluated";
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
nix.nixPath = nix.nixPath =
# Append our nixpkgs-overlays. # Append our nixpkgs-overlays.
[ "nixpkgs-overlays=/etc/nixos/overlays-compat/" ] [ "nixpkgs-overlays=/etc/nixos/overlays-compat/" ];
;
nixpkgs.overlays =
nixpkgs.overlays = [] [ ]
++ optional cfg.traceCallPackage (self: super: { ++ optional cfg.traceCallPackage (
callPackage = path: overrides: self: super: {
let callPackage =
_pkg = super.callPackage path overrides; path: overrides:
_name = _pkg.name or _pkg.pname or "<unknown>"; let
in trace "callPackage ${_name}" _pkg _pkg = super.callPackage path overrides;
; _name = _pkg.name or _pkg.pname or "<unknown>";
}) in
++ [(self: super: { trace "callPackage ${_name}" _pkg;
htop = super.htop.overrideAttrs (old: { }
configureFlags = old.configureFlags ++ [ )
"--enable-affinity" ++ [
"--enable-delayacct" (self: super: {
"--enable-capabilities" htop = super.htop.overrideAttrs (old: {
]; configureFlags = old.configureFlags ++ [
"--enable-affinity"
nativeBuildInputs = old.nativeBuildInputs ++ (with super; [ "--enable-delayacct"
pkg-config "--enable-capabilities"
]);
buildInputs = old.buildInputs ++ (with super; [
libcap
libunwind
libnl
]);
});
ark = super.ark.override {
unfreeEnableUnrar = true;
};
})
(final: prev: {
# Use our kernel for generating linux man pages
linux-manual = prev.linux-manual.override { linuxPackages_latest = config.boot.kernelPackages; };
})
(final: prev: {
lutris-fhs =
(prev.buildFHSUserEnv {
name = "lutris";
targetPkgs = pkgs: (with pkgs;
[
glibc
bashInteractive
python3Full
lutris
gamescope
wineWowPackages.waylandFull
flatpak
]
);
# symlink shared assets, including icons and desktop entries
extraInstallCommands = ''
ln -s "${pkgs.lutris}/share" "$out/"
'';
runScript = "/usr/bin/lutris";
});
})
(final: prev: let
pycharm-common = pkg:
let
myIsDerivation = x: !(myLib.derivations.isBroken x);
interpreters = pkgs: filter (x: myIsDerivation x) (attrValues pkgs.pythonInterpreters);
in prev.buildFHSUserEnv rec {
name = pkg.pname;
targetPkgs = pkgs: (with pkgs;
[
glibc
bashInteractive
zlib
python3Full
pkg
]
++ trace "Using the following interpreters: ${toString (pkgNames (interpreters pkgs))}" (interpreters pkgs)
);
# symlink shared assets, including icons and desktop entries
extraInstallCommands = ''
ln -s "${pkg}/share" "$out/"
'';
runScript = "/usr/bin/${pkg.pname}";
};
in {
jetbrains = prev.jetbrains // {
pycharm-community-fhs = pycharm-common prev.jetbrains.pycharm-community;
pycharm-professional-fhs = pycharm-common prev.jetbrains.pycharm-professional;
clion-fhs = let
compilers = pkgs: with pkgs; with llvmPackages_17; [
(setPrio (-9) gcc13)
(hiPrio clang)
clang-unwrapped
libcxx
]; ];
in prev.buildFHSUserEnv rec {
name = "clion";
targetPkgs = pkgs: (with pkgs;
[
jetbrains.clion
(hiPrio cmake)
(hiPrio ninja)
gnumake
extra-cmake-modules
]
++ trace "Using the following compilers: ${toString (pkgNames (compilers pkgs))}" (compilers pkgs)
);
# symlink shared assets, including icons and desktop entries
extraInstallCommands = ''
ln -s "${prev.jetbrains.clion}/share" "$out/"
'';
extraOutputsToInstall = [ "include" "dev" "doc" ];
runScript = "/usr/bin/clion"; nativeBuildInputs =
old.nativeBuildInputs
++ (with super; [
pkg-config
]);
buildInputs =
old.buildInputs
++ (with super; [
libcap
libunwind
libnl
]);
});
ark = super.ark.override {
unfreeEnableUnrar = true;
}; };
};
})
]; })
# (final: prev: {
# # linux-manual requires scripts/split-man.pl from the kernel source, but
# # neither xanmod 6.19.7 nor vanilla 6.18.x ship it yet. Mark broken so
# # the build doesn't fail; man-pages and man-pages-posix still build fine.
# linux-manual = prev.linux-manual.overrideAttrs (_: {
# meta = (prev.linux-manual.meta or { }) // {
# broken = true;
# };
# });
# })
(final: prev: {
lutris-fhs = (
prev.buildFHSUserEnv {
name = "lutris";
targetPkgs =
pkgs:
(with pkgs; [
glibc
bashInteractive
python3Full
lutris
gamescope
wineWow64Packages.waylandFull
flatpak
]);
# symlink shared assets, including icons and desktop entries
extraInstallCommands = ''
ln -s "${pkgs.lutris}/share" "$out/"
'';
runScript = "/usr/bin/lutris";
}
);
})
(
final: prev:
let
pycharm-common =
pkg:
let
myIsDerivation = x: !(myLib.derivations.isBroken x);
interpreters = pkgs: filter (x: myIsDerivation x) (attrValues pkgs.pythonInterpreters);
in
prev.buildFHSUserEnv rec {
name = pkg.pname;
targetPkgs =
pkgs:
(
with pkgs;
[
glibc
bashInteractive
zlib
python3Full
pkg
]
++ trace "Using the following interpreters: ${toString (pkgNames (interpreters pkgs))}" (
interpreters pkgs
)
);
# symlink shared assets, including icons and desktop entries
extraInstallCommands = ''
ln -s "${pkg}/share" "$out/"
'';
runScript = "/usr/bin/${pkg.pname}";
};
in
{
jetbrains = prev.jetbrains // {
pycharm-community-fhs = pycharm-common prev.jetbrains.pycharm-community;
pycharm-professional-fhs = pycharm-common prev.jetbrains.pycharm-professional;
clion-fhs =
let
compilers =
pkgs:
with pkgs;
with llvmPackages_17;
[
(setPrio (-9) gcc13)
(hiPrio clang)
clang-unwrapped
libcxx
];
in
prev.buildFHSUserEnv rec {
name = "clion";
targetPkgs =
pkgs:
(
with pkgs;
[
jetbrains.clion
(hiPrio cmake)
(hiPrio ninja)
gnumake
extra-cmake-modules
]
++ trace "Using the following compilers: ${toString (pkgNames (compilers pkgs))}" (compilers pkgs)
);
# symlink shared assets, including icons and desktop entries
extraInstallCommands = ''
ln -s "${prev.jetbrains.clion}/share" "$out/"
'';
extraOutputsToInstall = [
"include"
"dev"
"doc"
];
runScript = "/usr/bin/clion";
};
};
}
)
];
aviallon.programs.allowUnfreeList = [ aviallon.programs.allowUnfreeList = [
"unrar" "ark" "unrar"
"ark"
]; ];
}; };
} }

83
packages.nix
View file

@ -1,4 +1,10 @@
{ config, pkgs, lib, myLib, ... }: {
config,
pkgs,
lib,
myLib,
...
}:
with lib; with lib;
let let
cfg = config.aviallon.programs; cfg = config.aviallon.programs;
@ -6,12 +12,15 @@ let
generalCfg = config.aviallon.general; generalCfg = config.aviallon.general;
optimizeCfg = config.aviallon.optimizations; optimizeCfg = config.aviallon.optimizations;
myOpenssh = if optimizeCfg.enable then (optimizeCfg.optimizePkg {} pkgs.openssh) else pkgs.openssh; myOpenssh = if optimizeCfg.enable then (optimizeCfg.optimizePkg { } pkgs.openssh) else pkgs.openssh;
in in
{ {
imports = [ imports = [
./programs ./programs
(mkRenamedOptionModule [ "aviallon" "programs" "compileFlags" ] [ "aviallon" "optimizations" "extraCompileFlags" ]) (mkRenamedOptionModule
[ "aviallon" "programs" "compileFlags" ]
[ "aviallon" "optimizations" "extraCompileFlags" ]
)
]; ];
options.aviallon.programs = { options.aviallon.programs = {
@ -23,14 +32,19 @@ in
}; };
allowUnfreeList = mkOption { allowUnfreeList = mkOption {
default = [ ]; default = [ ];
example = [ "nvidia-x11" "steam" ]; example = [
"nvidia-x11"
"steam"
];
description = "Allow specific unfree software to be installed"; description = "Allow specific unfree software to be installed";
type = types.listOf types.str; type = types.listOf types.str;
}; };
config = mkOption { config = mkOption {
default = {}; default = { };
type = types.attrs; type = types.attrs;
example = { cudaSupport = true; }; example = {
cudaSupport = true;
};
description = "nixpkgs config settings to be applied to all nixpkgs instances"; description = "nixpkgs config settings to be applied to all nixpkgs instances";
}; };
}; };
@ -39,33 +53,36 @@ in
programs.java.enable = mkDefault (!generalCfg.minimal); programs.java.enable = mkDefault (!generalCfg.minimal);
aviallon.programs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) cfg.allowUnfreeList; aviallon.programs.config.allowUnfreePredicate =
pkg: builtins.elem (lib.getName pkg) cfg.allowUnfreeList;
environment.systemPackages = with pkgs; [] environment.systemPackages =
++ [ with pkgs;
vim [ ]
wget ++ [
nano vim
myOpenssh wget
psmisc nano
pciutils myOpenssh
ripgrep psmisc
fd pciutils
htop ripgrep
unstable.cachix fd
usbutils htop
] unstable.cachix
++ optionals (!generalCfg.minimal) [ usbutils
rsync ]
par2cmdline # .par2 archive verification ++ optionals (!generalCfg.minimal) [
python3 rsync
parallel par2cmdline # .par2 archive verification
coreutils-full python3
nmap parallel
pv coreutils-full
xxHash nmap
unzip pv
]; xxHash
unzip
];
programs.ssh.package = myOpenssh; programs.ssh.package = myOpenssh;
@ -77,7 +94,7 @@ in
}; };
programs.ccache.enable = true; programs.ccache.enable = true;
nix.settings.extra-sandbox-paths = [ nix.settings.extra-sandbox-paths = [
(toString config.programs.ccache.cacheDir) (toString config.programs.ccache.cacheDir)
]; ];

33
packages/aspm_enable/default.nix
View file

@ -1,12 +1,13 @@
{lib {
,bc lib,
,pciutils bc,
,gnugrep pciutils,
,coreutils gnugrep,
,bash coreutils,
,writeText bash,
,stdenv writeText,
,substituteAll stdenv,
substituteAll,
}: }:
with lib; with lib;
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
@ -26,13 +27,23 @@ stdenv.mkDerivation rec {
substituteAllInPlace $out/bin/aspm_enable; substituteAllInPlace $out/bin/aspm_enable;
''; '';
buildInputs = [ pciutils bc coreutils gnugrep ]; buildInputs = [
pciutils
bc
coreutils
gnugrep
];
meta = { meta = {
description = "A program to forcibly enable PCIe ASPM for compatible devices"; description = "A program to forcibly enable PCIe ASPM for compatible devices";
homepage = "https://wireless.wiki.kernel.org/en/users/Documentation/ASPM"; homepage = "https://wireless.wiki.kernel.org/en/users/Documentation/ASPM";
license = licenses.gpl3Plus; license = licenses.gpl3Plus;
patforms = [ "x86_64-linux" "i686-linux" "aarch64-linux" "mipsel-linux" ]; patforms = [
"x86_64-linux"
"i686-linux"
"aarch64-linux"
"mipsel-linux"
];
maintainers = with maintainers; [ ]; maintainers = with maintainers; [ ];
}; };
} }

1
packages/pinentry.nix
View file

@ -33,4 +33,3 @@ writeShellScriptBin "pinentry" ''
exec ''${pinentryFlavors[$flavor]}/bin/pinentry exec ''${pinentryFlavors[$flavor]}/bin/pinentry
'' ''

74
power.nix
View file

@ -1,10 +1,17 @@
{ config, pkgs, lib, myLib, ... }: {
config,
pkgs,
lib,
myLib,
...
}:
with lib; with lib;
let let
generalCfg = config.aviallon.general; generalCfg = config.aviallon.general;
cfg = config.aviallon.power; cfg = config.aviallon.power;
undervoltType = with types; nullOr (addCheck int (x: (x < 0 && x > -200))); undervoltType = with types; nullOr (addCheck int (x: (x < 0 && x > -200)));
in { in
{
options.aviallon.power = { options.aviallon.power = {
enable = mkOption { enable = mkOption {
default = true; default = true;
@ -16,7 +23,10 @@ in {
default = "performance"; default = "performance";
example = "efficiency"; example = "efficiency";
description = "What to optimize towards"; description = "What to optimize towards";
type = types.enum [ "performance" "efficiency" ]; type = types.enum [
"performance"
"efficiency"
];
}; };
powerLimit = { powerLimit = {
enable = mkEnableOption "power limiting"; enable = mkEnableOption "power limiting";
@ -101,7 +111,7 @@ in {
ConditionACPower = true; ConditionACPower = true;
}; };
}; };
systemd.targets.battery-power = { systemd.targets.battery-power = {
description = "Target is active when power is drawn from a battery."; description = "Target is active when power is drawn from a battery.";
conflicts = [ "ac-power.target" ]; conflicts = [ "ac-power.target" ];
@ -113,22 +123,28 @@ in {
services.udev.extraRules = '' services.udev.extraRules = ''
ACTION!="remove", KERNEL=="AC*", SUBSYSTEM=="power_supply", ATTR{online}=="0", RUN+="${pkgs.systemd}/bin/systemctl stop ac-power.target" ACTION!="remove", KERNEL=="AC*", SUBSYSTEM=="power_supply", ATTR{online}=="0", RUN+="${pkgs.systemd}/bin/systemctl stop ac-power.target"
ACTION!="remove", KERNEL=="AC*", SUBSYSTEM=="power_supply", ATTR{online}=="1", RUN+="${pkgs.systemd}/bin/systemctl start ac-power.target" ACTION!="remove", KERNEL=="AC*", SUBSYSTEM=="power_supply", ATTR{online}=="1", RUN+="${pkgs.systemd}/bin/systemctl start ac-power.target"
ACTION!="remove", KERNEL=="BAT*", SUBSYSTEM=="power_supply", ATTR{status}=="Discharging", RUN+="${pkgs.systemd}/bin/systemctl start battery-power.target" ACTION!="remove", KERNEL=="BAT*", SUBSYSTEM=="power_supply", ATTR{status}=="Discharging", RUN+="${pkgs.systemd}/bin/systemctl start battery-power.target"
ACTION!="remove", KERNEL=="BAT*", SUBSYSTEM=="power_supply", ATTR{status}=="Charging", RUN+="${pkgs.systemd}/bin/systemctl stop battery-power.target" ACTION!="remove", KERNEL=="BAT*", SUBSYSTEM=="power_supply", ATTR{status}=="Charging", RUN+="${pkgs.systemd}/bin/systemctl stop battery-power.target"
ACTION!="remove", DEVPATH=="*intel-rapl:*", SUBSYSTEM=="powercap", RUN+="${pkgs.coreutils}/bin/chmod g+r '/sys%p/energy_uj'" ACTION!="remove", DEVPATH=="*intel-rapl:*", SUBSYSTEM=="powercap", RUN+="${pkgs.coreutils}/bin/chmod g+r '/sys%p/energy_uj'"
''; '';
users.groups.power = {}; users.groups.power = { };
systemd.services.undervolt-intel = { systemd.services.undervolt-intel = {
script = "" script =
""
+ "${pkgs.undervolt}/bin/undervolt" + "${pkgs.undervolt}/bin/undervolt"
+ (optionalString (! isNull cfg.undervolt.cpu.coreOffset ) " --core ${toString cfg.undervolt.cpu.coreOffset}") + (optionalString (
+ (optionalString (! isNull cfg.undervolt.cpu.cacheOffset ) " --cache ${toString cfg.undervolt.cpu.cacheOffset}") !isNull cfg.undervolt.cpu.coreOffset
+ (optionalString (! isNull cfg.undervolt.cpu.iGPUOffset ) " --gpu ${toString cfg.undervolt.cpu.iGPUOffset}") ) " --core ${toString cfg.undervolt.cpu.coreOffset}")
; + (optionalString (
!isNull cfg.undervolt.cpu.cacheOffset
) " --cache ${toString cfg.undervolt.cpu.cacheOffset}")
+ (optionalString (
!isNull cfg.undervolt.cpu.iGPUOffset
) " --gpu ${toString cfg.undervolt.cpu.iGPUOffset}");
serviceConfig = { serviceConfig = {
RemainAfterExit = true; RemainAfterExit = true;
}; };
@ -138,11 +154,15 @@ in {
}; };
systemd.services.intel-powerlimit-ac = { systemd.services.intel-powerlimit-ac = {
script = "${pkgs.undervolt}/bin/undervolt" script =
+ optionalString (! isNull cfg.powerLimit.ac.cpu ) " --power-limit-long ${toString cfg.powerLimit.ac.cpu} 28" "${pkgs.undervolt}/bin/undervolt"
+ optionalString (! isNull cfg.powerLimit.ac.cpuBoost ) " --power-limit-short ${toString cfg.powerLimit.ac.cpuBoost} 0.1" + optionalString (
+ optionalString (! isNull cfg.temperature.ac.cpu ) " --temp ${toString cfg.temperature.ac.cpu}" !isNull cfg.powerLimit.ac.cpu
; ) " --power-limit-long ${toString cfg.powerLimit.ac.cpu} 28"
+ optionalString (
!isNull cfg.powerLimit.ac.cpuBoost
) " --power-limit-short ${toString cfg.powerLimit.ac.cpuBoost} 0.1"
+ optionalString (!isNull cfg.temperature.ac.cpu) " --temp ${toString cfg.temperature.ac.cpu}";
unitConfig = { unitConfig = {
ConditionACPower = true; ConditionACPower = true;
}; };
@ -154,13 +174,19 @@ in {
partOf = [ "ac-power.target" ]; partOf = [ "ac-power.target" ];
enable = (cfg.powerLimit.enable || cfg.temperature.enable) && (generalCfg.cpu.vendor == "intel"); enable = (cfg.powerLimit.enable || cfg.temperature.enable) && (generalCfg.cpu.vendor == "intel");
}; };
systemd.services.intel-powerlimit-battery = { systemd.services.intel-powerlimit-battery = {
script = "${pkgs.undervolt}/bin/undervolt" script =
+ optionalString (! isNull cfg.powerLimit.battery.cpu ) " --power-limit-long ${toString cfg.powerLimit.battery.cpu} 28" "${pkgs.undervolt}/bin/undervolt"
+ optionalString (! isNull cfg.powerLimit.battery.cpuBoost ) " --power-limit-short ${toString cfg.powerLimit.battery.cpuBoost} 0.1" + optionalString (
+ optionalString (! isNull cfg.temperature.battery.cpu ) " --temp ${toString cfg.temperature.battery.cpu}" !isNull cfg.powerLimit.battery.cpu
; ) " --power-limit-long ${toString cfg.powerLimit.battery.cpu} 28"
+ optionalString (
!isNull cfg.powerLimit.battery.cpuBoost
) " --power-limit-short ${toString cfg.powerLimit.battery.cpuBoost} 0.1"
+ optionalString (
!isNull cfg.temperature.battery.cpu
) " --temp ${toString cfg.temperature.battery.cpu}";
unitConfig = { unitConfig = {
ConditionACPower = false; ConditionACPower = false;
}; };
@ -172,6 +198,6 @@ in {
partOf = [ "battery-power.target" ]; partOf = [ "battery-power.target" ];
enable = (cfg.powerLimit.enable || cfg.temperature.enable) && (generalCfg.cpu.vendor == "intel"); enable = (cfg.powerLimit.enable || cfg.temperature.enable) && (generalCfg.cpu.vendor == "intel");
}; };
}; };
} }

7
programs/bash.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
with lib; with lib;
{ {
options.aviallon.programs.bash = { options.aviallon.programs.bash = {

31
programs/firefox.nix
View file

@ -1,17 +1,27 @@
{config, pkgs, lib, ...}: {
config,
pkgs,
lib,
...
}:
with lib; with lib;
let let
genPrefList = {locked ? false}: prefs: genPrefList =
{
locked ? false,
}:
prefs:
let let
prefFuncName = if locked then "lockPref" else "defaultPref"; prefFuncName = if locked then "lockPref" else "defaultPref";
in in
concatStringsSep "\n" ( concatStringsSep "\n" (
mapAttrsToList mapAttrsToList (
(key: value: ''${prefFuncName}(${builtins.toJSON key}, ${builtins.toJSON value});'' ) key: value: ''${prefFuncName}(${builtins.toJSON key}, ${builtins.toJSON value});''
prefs ) prefs
); );
cfg = config.programs.firefox; cfg = config.programs.firefox;
in { in
{
config = mkIf cfg.enable { config = mkIf cfg.enable {
programs.firefox.wrapperConfig = { programs.firefox.wrapperConfig = {
smartcardSupport = true; smartcardSupport = true;
@ -60,7 +70,7 @@ in {
Install = [ Install = [
"uBlock0@raymondhill.net" "uBlock0@raymondhill.net"
"magnolia@12.34" "magnolia@12.34"
]; ];
}; };
ExtensionSettings = { ExtensionSettings = {
"uBlock0@raymondhill.net" = { "uBlock0@raymondhill.net" = {
@ -126,8 +136,9 @@ in {
#"privacy.trackingprotection.origin_telemetry.enabled" = false; #"privacy.trackingprotection.origin_telemetry.enabled" = false;
} // { }
"intl.accept_languages" = "fr-fr,en-us,en"; // {
"intl.accept_languages" = "fr-fr,en-us,en";
"intl.locale.requested" = "fr,en-US"; "intl.locale.requested" = "fr,en-US";
"media.eme.enabled" = true; # DRM "media.eme.enabled" = true; # DRM
"general.autoScroll" = true; # Middleclick scrolling "general.autoScroll" = true; # Middleclick scrolling

8
programs/git.nix
View file

@ -1,4 +1,10 @@
{config, pkgs, lib, myLib, ...}: {
config,
pkgs,
lib,
myLib,
...
}:
with lib; with lib;
{ {
programs.git = { programs.git = {

45
programs/htop.nix
View file

@ -1,12 +1,17 @@
{config, pkgs, lib, ...}: {
config,
pkgs,
lib,
...
}:
{ {
programs.htop.enable = true; programs.htop.enable = true;
programs.htop.settings = { programs.htop.settings = {
# fields=0 48 17 18 38 39 40 2 46 47 49 1 # fields=0 48 17 18 38 39 40 2 46 47 49 1
# sort_key=46 # sort_key=46
# sort_direction=-1 # sort_direction=-1
# tree_sort_key=0 # tree_sort_key=0
# tree_sort_direction=1 # tree_sort_direction=1
hide_kernel_threads = true; hide_kernel_threads = true;
hide_userland_threads = true; hide_userland_threads = true;
shadow_other_users = 0; shadow_other_users = 0;
@ -38,9 +43,29 @@
delay = 10; delay = 10;
hide_function_bar = 0; hide_function_bar = 0;
header_layout = "two_50_50"; header_layout = "two_50_50";
column_meters_0 = [ "AllCPUs" "Memory" "Swap" ]; column_meters_0 = [
column_meter_modes_0 = [ 1 1 1 ]; "AllCPUs"
column_meters_1 = [ "Tasks" "LoadAverage" "Uptime" "DiskIO" "NetworkIO" ]; "Memory"
column_meter_modes_1 = [ 2 2 2 2 2 ]; "Swap"
];
column_meter_modes_0 = [
1
1
1
];
column_meters_1 = [
"Tasks"
"LoadAverage"
"Uptime"
"DiskIO"
"NetworkIO"
];
column_meter_modes_1 = [
2
2
2
2
2
];
}; };
} }

50
programs/libreoffice.nix
View file

@ -1,14 +1,26 @@
{ config, pkgs, lib, myLib, ... }: {
config,
pkgs,
lib,
myLib,
...
}:
with lib; with lib;
let let
cfg = config.aviallon.programs.libreoffice; cfg = config.aviallon.programs.libreoffice;
applyOverrides = overrides: pkg: pipe pkg overrides; applyOverrides = overrides: pkg: pipe pkg overrides;
in { in
{
options.aviallon.programs.libreoffice = { options.aviallon.programs.libreoffice = {
enable = mkEnableOption "LibreOffice"; enable = mkEnableOption "LibreOffice";
variant = mkOption { variant = mkOption {
type = with types; types.enum [ "still" "fresh" ]; type =
with types;
types.enum [
"still"
"fresh"
];
default = "fresh"; default = "fresh";
description = "Which LibreOffice variant to use"; description = "Which LibreOffice variant to use";
}; };
@ -35,18 +47,26 @@ in {
config = mkIf cfg.enable { config = mkIf cfg.enable {
aviallon.programs.libreoffice.package = aviallon.programs.libreoffice.package =
let let
overridesList = [] overridesList =
++ [(pkg: pkg.override { [ ]
variant = cfg.variant; ++ [
})] (
++ optional cfg.opencl (pkg: pkg.overrideAttrs (old: { pkg:
pkg.override {
variant = cfg.variant;
}
)
]
++ optional cfg.opencl (
pkg:
pkg.overrideAttrs (old: {
buildInputs = old.buildInputs ++ [ pkgs.ocl-icd ]; buildInputs = old.buildInputs ++ [ pkgs.ocl-icd ];
})) })
; );
in pkgs.libreoffice.override { in
unwrapped = applyOverrides overridesList cfg.package'; pkgs.libreoffice.override {
}; unwrapped = applyOverrides overridesList cfg.package';
};
environment.systemPackages = [ environment.systemPackages = [
cfg.package cfg.package

2
programs/nano.nix
View file

@ -1,4 +1,4 @@
{config, pkgs, ...}: { config, pkgs, ... }:
{ {
environment.systemPackages = [ pkgs.nanorc ]; environment.systemPackages = [ pkgs.nanorc ];
programs.nano.syntaxHighlight = false; programs.nano.syntaxHighlight = false;

27
programs/nvtop.nix
View file

@ -1,16 +1,32 @@
{ config, pkgs, lib, myLib, ... }: {
config,
pkgs,
lib,
myLib,
...
}:
with lib; with lib;
let let
cfg = config.aviallon.programs.nvtop; cfg = config.aviallon.programs.nvtop;
in { in
{
options.aviallon.programs.nvtop = { options.aviallon.programs.nvtop = {
enable = mkEnableOption "nvtop"; enable = mkEnableOption "nvtop";
backend = mkOption { backend = mkOption {
description = "Which backend to enable"; description = "Which backend to enable";
type = with types; listOf (enum [ "nvidia" "amd" "intel" "panthor" "panfrost" "msm" ]); type =
with types;
listOf (enum [
"nvidia"
"amd"
"intel"
"panthor"
"panfrost"
"msm"
]);
default = [ "amd" ]; default = [ "amd" ];
}; };
nvidia = mkEnableOption "Nvidia GPU with proprietary drivers is used"; nvidia = mkEnableOption "Nvidia GPU with proprietary drivers is used";
package = mkOption { package = mkOption {
internal = true; internal = true;
@ -25,7 +41,8 @@ in {
aviallon.programs.nvtop.package = mkDefault ( aviallon.programs.nvtop.package = mkDefault (
if (length cfg.backend > 1) then if (length cfg.backend > 1) then
pkgs.nvtopPackages.full pkgs.nvtopPackages.full
else pkgs.nvtopPackages.${elemAt cfg.backend 0} else
pkgs.nvtopPackages.${elemAt cfg.backend 0}
); );
environment.systemPackages = [ environment.systemPackages = [

2
security/default.nix
View file

@ -1,4 +1,4 @@
{config, ...}: { config, ... }:
{ {
imports = [ imports = [
./hardening.nix ./hardening.nix

12
security/encryption.nix
View file

@ -1,8 +1,14 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
with lib; with lib;
let let
cfg = config.aviallon.security.encryption; cfg = config.aviallon.security.encryption;
in { in
{
options.aviallon.security.encryption = { options.aviallon.security.encryption = {
enable = mkEnableOption "encryption-related tools and programs"; enable = mkEnableOption "encryption-related tools and programs";
cryptsetup.package = mkOption { cryptsetup.package = mkOption {
@ -24,7 +30,7 @@ in {
}; };
boot.initrd.systemd.enable = mkOverride 10 true; boot.initrd.systemd.enable = mkOverride 10 true;
boot.initrd.availableKernelModules = [ "cryptd" ]; boot.initrd.availableKernelModules = [ "cryptd" ];
boot.initrd.kernelModules = [ "jitterentropy_rng" ]; boot.initrd.kernelModules = [ "jitterentropy_rng" ];
}; };

97
security/hardening.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
with lib; with lib;
let let
cfg = config.aviallon.hardening; cfg = config.aviallon.hardening;
@ -32,11 +37,18 @@ in
}; };
imports = [ imports = [
(mkRemovedOptionModule [ "aviallon" "hardening" "services" "dbus" ] "dbus should use AppArmor hardening instead") (mkRemovedOptionModule [
"aviallon"
"hardening"
"services"
"dbus"
] "dbus should use AppArmor hardening instead")
]; ];
config = mkIf cfg.enable { config = mkIf cfg.enable {
aviallon.boot.kernel.package = mkIf cfg.hardcore (mkDefault pkgs.linuxKernel.kernels.linux_hardened); aviallon.boot.kernel.package = mkIf cfg.hardcore (
mkDefault pkgs.linuxKernel.kernels.linux_hardened
);
security.lockKernelModules = mkIf cfg.hardcore (mkQuasiForce true); security.lockKernelModules = mkIf cfg.hardcore (mkQuasiForce true);
# security.protectKernelImage = mkIf cfg.hardcore (mkOverride 500 false); # needed for kexec # security.protectKernelImage = mkIf cfg.hardcore (mkOverride 500 false); # needed for kexec
@ -44,27 +56,26 @@ in
security.sudo.execWheelOnly = true; security.sudo.execWheelOnly = true;
services.openssh.settings.PermitRootLogin = services.openssh.settings.PermitRootLogin = if cfg.hardcore then "no" else "prohibit-password";
if cfg.hardcore then
"no"
else "prohibit-password";
security.apparmor.enable = true; security.apparmor.enable = true;
services.dbus.apparmor = "enabled"; services.dbus.apparmor = "enabled";
aviallon.boot.cmdline = { aviallon.boot.cmdline = {
"lsm" = [ "landlock" ] "lsm" = [
++ optional cfg.hardcore "lockdown" "landlock"
++ [ "yama" ] ]
# Apparmor https://wiki.archlinux.org/title/AppArmor#Installation ++ optional cfg.hardcore "lockdown"
++ optionals config.security.apparmor.enable [ "apparmor" ] ++ [ "yama" ]
++ [ "bpf" ] # Apparmor https://wiki.archlinux.org/title/AppArmor#Installation
; ++ optionals config.security.apparmor.enable [ "apparmor" ]
++ [ "bpf" ];
"lockdown" = if cfg.hardcore then "confidentiality" else "integrity"; "lockdown" = if cfg.hardcore then "confidentiality" else "integrity";
# Vsyscall page not readable (default is "emulate". "none" might break statically-linked binaries.) # Vsyscall page not readable (default is "emulate". "none" might break statically-linked binaries.)
vsyscall = mkIf cfg.hardcore "xonly"; vsyscall = mkIf cfg.hardcore "xonly";
} // (ifEnable cfg.expensive { }
// (ifEnable cfg.expensive {
# Slab/slub sanity checks, redzoning, and poisoning # Slab/slub sanity checks, redzoning, and poisoning
"init_on_alloc" = 1; "init_on_alloc" = 1;
"init_on_free" = 1; "init_on_free" = 1;
@ -93,7 +104,7 @@ in
# Is used in podman containers, for instance # Is used in podman containers, for instance
security.allowUserNamespaces = mkDefault true; security.allowUserNamespaces = mkDefault true;
# boot.blacklistedKernelModules = mkForce [ ]; # boot.blacklistedKernelModules = mkForce [ ];
# Only authorize admins to use nix in hardcore mode # Only authorize admins to use nix in hardcore mode
nix.allowedUsers = mkIf cfg.hardcore (mkQuasiForce [ "@wheel" ]); nix.allowedUsers = mkIf cfg.hardcore (mkQuasiForce [ "@wheel" ]);
@ -101,34 +112,36 @@ in
# Can really badly affect performance in some occasions. # Can really badly affect performance in some occasions.
security.audit.enable = mkDefault true; security.audit.enable = mkDefault true;
security.auditd.enable = mkQuasiForce false; security.auditd.enable = mkQuasiForce false;
systemd.services.systemd-journald = let
rules = pkgs.writeText "audit.rules" (concatStringsSep "\n" config.security.audit.rules);
in mkIf config.security.audit.enable {
serviceConfig = {
#ExecStartPre = "-${pkgs.audit}/bin/augenrules --load";
ExecStartPre = ''-${pkgs.audit}/bin/auditctl -R ${rules} -e 1 -f 1 -r 1000 -b 64'';
Sockets = [ "systemd-journald-audit.socket" ];
};
aliases = [ "auditd.service" ];
path = [ pkgs.audit ];
};
security.audit.rules = [] systemd.services.systemd-journald =
let
rules = pkgs.writeText "audit.rules" (concatStringsSep "\n" config.security.audit.rules);
in
mkIf config.security.audit.enable {
serviceConfig = {
#ExecStartPre = "-${pkgs.audit}/bin/augenrules --load";
ExecStartPre = ''-${pkgs.audit}/bin/auditctl -R ${rules} -e 1 -f 1 -r 1000 -b 64'';
Sockets = [ "systemd-journald-audit.socket" ];
};
aliases = [ "auditd.service" ];
path = [ pkgs.audit ];
};
security.audit.rules =
[ ]
++ [ ++ [
"-A exclude,always -F msgtype=SERVICE_START" "-A exclude,always -F msgtype=SERVICE_START"
"-A exclude,always -F msgtype=SERVICE_STOP" "-A exclude,always -F msgtype=SERVICE_STOP"
"-A exclude,always -F msgtype=BPF" "-A exclude,always -F msgtype=BPF"
"-w /etc/apparmor/ -p wa -k apparmor_changes" "-w /etc/apparmor/ -p wa -k apparmor_changes"
"-w /etc/apparmor.d/ -p wa -k apparmor_changes" "-w /etc/apparmor.d/ -p wa -k apparmor_changes"
"-a exit,always -F arch=b64 -S init_module -S finit_module -k module_insertion" "-a exit,always -F arch=b64 -S init_module -S finit_module -k module_insertion"
"-a exit,always -F arch=b32 -S init_module -S finit_module -k module_insertion" "-a exit,always -F arch=b32 -S init_module -S finit_module -k module_insertion"
"-a exit,always -F arch=b64 -C auid!=euid -F auid!=unset -F euid=0 -S execve -k privesc_execve" "-a exit,always -F arch=b64 -C auid!=euid -F auid!=unset -F euid=0 -S execve -k privesc_execve"
"-a exit,always -F arch=b32 -C auid!=euid -F auid!=unset -F euid=0 -S execve -k privesc_execve" "-a exit,always -F arch=b32 -C auid!=euid -F auid!=unset -F euid=0 -S execve -k privesc_execve"
] ]
++ optional cfg.expensive "-a exit,always -F arch=b64 -S execve -k execve_calls" ++ optional cfg.expensive "-a exit,always -F arch=b64 -S execve -k execve_calls";
;
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
sbctl # Secure Boot keys generation sbctl # Secure Boot keys generation

22
security/tpm.nix
View file

@ -1,10 +1,18 @@
{config, pkgs, lib, ...}: {
config,
pkgs,
lib,
...
}:
with lib; with lib;
let let
cfg = config.aviallon.security.tpm; cfg = config.aviallon.security.tpm;
in { in
{
options.aviallon.security.tpm = { options.aviallon.security.tpm = {
enable = (mkEnableOption "TPM") // { default = true; }; enable = (mkEnableOption "TPM") // {
default = true;
};
tpm1_2.enable = mkEnableOption "TPM 1.2 support"; tpm1_2.enable = mkEnableOption "TPM 1.2 support";
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
@ -12,18 +20,20 @@ in {
enable = true; enable = true;
tctiEnvironment.enable = true; tctiEnvironment.enable = true;
pkcs11.enable = true; pkcs11.enable = true;
}; };
environment.systemPackages = [ environment.systemPackages = [
pkgs.tpm2-tools pkgs.tpm2-tools
] ++ optional cfg.tpm1_2.enable pkgs.tpm-tools; ]
++ optional cfg.tpm1_2.enable pkgs.tpm-tools;
services.tcsd = mkIf cfg.tpm1_2.enable { services.tcsd = mkIf cfg.tpm1_2.enable {
enable = true; enable = true;
}; };
boot.initrd.availableKernelModules = [ boot.initrd.availableKernelModules = [
"tpm_tis" "tpm_crb" "tpm_tis"
"tpm_crb"
]; ];
}; };
} }

2
services/default.nix
View file

@ -1,4 +1,4 @@
{ config, pkgs, ...}: { config, pkgs, ... }:
{ {
imports = [ imports = [
./jupyterhub.nix ./jupyterhub.nix

125
services/general.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
with lib; with lib;
let let
cfg = config.aviallon.services; cfg = config.aviallon.services;
@ -6,23 +11,28 @@ let
laptopCfg = config.aviallon.laptop; laptopCfg = config.aviallon.laptop;
generalCfg = config.aviallon.general; generalCfg = config.aviallon.general;
journaldConfigValue = value: journaldConfigValue =
if value == true then "true" value:
else if value == false then "false" if value == true then
else if isList value then toString value "true"
else generators.mkValueStringDefault { } value; else if value == false then
"false"
else if isList value then
toString value
else
generators.mkValueStringDefault { } value;
isNullOrEmpty = v: (v == null) || isNullOrEmpty = v: (v == null) || (isList v && (length v == 0));
(isList v && (length v == 0));
journaldConfig = settings: (generators.toKeyValue { journaldConfig =
mkKeyValue = generators.mkKeyValueDefault { settings:
mkValueString = journaldConfigValue; (generators.toKeyValue {
} "="; mkKeyValue = generators.mkKeyValueDefault {
} (filterAttrs (n: v: !(isNullOrEmpty v)) mkValueString = journaldConfigValue;
settings) } "=";
); } (filterAttrs (n: v: !(isNullOrEmpty v)) settings));
in { in
{
options.aviallon.services = { options.aviallon.services = {
enable = mkOption { enable = mkOption {
@ -33,9 +43,15 @@ in {
}; };
journald.extraConfig = mkOption { journald.extraConfig = mkOption {
default = {}; default = { };
example = {}; example = { };
type = with types; attrsOf (oneOf [ bool int str ]); type =
with types;
attrsOf (oneOf [
bool
int
str
]);
description = "Add extra config to journald with Nix language"; description = "Add extra config to journald with Nix language";
}; };
}; };
@ -64,28 +80,29 @@ in {
scriptArgs = "%I"; scriptArgs = "%I";
wantedBy = [ "sshd@.service" ]; wantedBy = [ "sshd@.service" ];
}; };
programs.ssh.setXAuthLocation = config.services.xserver.enable; programs.ssh.setXAuthLocation = config.services.xserver.enable;
programs.ssh.forwardX11 = mkDefault config.services.xserver.enable; programs.ssh.forwardX11 = mkDefault config.services.xserver.enable;
security.pam.services.sudo.forwardXAuth = mkDefault true; # Easier to start GUI programs as root security.pam.services.sudo.forwardXAuth = mkDefault true; # Easier to start GUI programs as root
environment.systemPackages = with pkgs; [ waypipe ]; environment.systemPackages = with pkgs; [ waypipe ];
# Better reliability and performance # Better reliability and performance
services.dbus.implementation = "broker"; services.dbus.implementation = "broker";
networking.firewall.allowedTCPPorts = [ 22 ]; networking.firewall.allowedTCPPorts = [ 22 ];
networking.firewall.allowedUDPPorts = [ 22 5353 ]; networking.firewall.allowedUDPPorts = [
22
5353
];
services.rsyncd.enable = !desktopCfg.enable; services.rsyncd.enable = !desktopCfg.enable;
services.fstrim.enable = true; services.fstrim.enable = true;
services.haveged.enable = (builtins.compareVersions config.boot.kernelPackages.kernel.version "5.6" < 0); services.haveged.enable = (
builtins.compareVersions config.boot.kernelPackages.kernel.version "5.6" < 0
);
services.irqbalance.enable = true; services.irqbalance.enable = true;
@ -103,23 +120,38 @@ in {
loglevel = "info"; loglevel = "info";
cgroup_realtime_workaround = false; cgroup_realtime_workaround = false;
}; };
services.ananicy.extraRules = concatStringsSep "\n" ( forEach [ services.ananicy.extraRules = concatStringsSep "\n" (
{ name = "cp"; forEach [
type = "BG_CPUIO"; } {
{ name = "nix-build"; name = "cp";
type = "BG_CPUIO"; } type = "BG_CPUIO";
{ name = "nix-store"; }
type = "BG_CPUIO"; } {
{ name = "nix-collect-garbage"; name = "nix-build";
type = "BG_CPUIO"; } type = "BG_CPUIO";
{ name = "nix"; }
type = "BG_CPUIO"; } {
{ name = "X"; name = "nix-store";
type = "LowLatency_RT"; } type = "BG_CPUIO";
{ name = "htop"; }
type = "LowLatency_RT"; } {
] (x: builtins.toJSON x)); name = "nix-collect-garbage";
type = "BG_CPUIO";
}
{
name = "nix";
type = "BG_CPUIO";
}
{
name = "X";
type = "LowLatency_RT";
}
{
name = "htop";
type = "LowLatency_RT";
}
] (x: builtins.toJSON x)
);
# Enusre low-latency response for this time-critical service # Enusre low-latency response for this time-critical service
systemd.services."hdapsd@" = { systemd.services."hdapsd@" = {
@ -148,9 +180,9 @@ in {
hinfo = true; # Whether to register a mDNS HINFO record which contains information about the local operating system and CPU. hinfo = true; # Whether to register a mDNS HINFO record which contains information about the local operating system and CPU.
}; };
extraConfig = mkIf config.services.resolved.enable '' extraConfig = mkIf config.services.resolved.enable ''
[server] [server]
enable-dbus=warn enable-dbus=warn
#disallow-other-stacks=yes #disallow-other-stacks=yes
''; '';
}; };
@ -158,7 +190,6 @@ in {
MulticastDNS = false; MulticastDNS = false;
}; };
services.nginx = { services.nginx = {
recommendedProxySettings = true; recommendedProxySettings = true;
recommendedGzipSettings = true; recommendedGzipSettings = true;

16
services/gnupg.nix
View file

@ -1,17 +1,23 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
with lib; with lib;
let let
gpgNoTTY = pkgs.writeShellScriptBin "gpg-no-tty" '' gpgNoTTY = pkgs.writeShellScriptBin "gpg-no-tty" ''
exec ${pkgs.gnupg}/bin/gpg --batch --no-tty "$@" exec ${pkgs.gnupg}/bin/gpg --batch --no-tty "$@"
''; '';
pinentrySwitcher = pkgs.callPackage ../packages/pinentry.nix {}; pinentrySwitcher = pkgs.callPackage ../packages/pinentry.nix { };
in { in
{
config = { config = {
programs.gnupg = { programs.gnupg = {
agent.enable = true; agent.enable = true;
dirmngr.enable = true; dirmngr.enable = true;
agent.pinentryPackage = pkgs.pinentry-all; agent.pinentryPackage = pkgs.pinentry-all;
agent.enableSSHSupport = true; agent.enableSSHSupport = true;
agent.enableExtraSocket = true; agent.enableExtraSocket = true;
@ -29,6 +35,6 @@ in {
environment.systemPackages = [ environment.systemPackages = [
gpgNoTTY gpgNoTTY
]; ];
}; };
} }

54
services/jupyterhub.nix
View file

@ -1,4 +1,9 @@
{config, pkgs, lib, ...}: {
config,
pkgs,
lib,
...
}:
with lib; with lib;
let let
cfg = config.aviallon.services.jupyterhub; cfg = config.aviallon.services.jupyterhub;
@ -7,12 +12,15 @@ in
options.aviallon.services.jupyterhub = { options.aviallon.services.jupyterhub = {
enable = mkEnableOption "Jupyterhub server with Python 3 kernel"; enable = mkEnableOption "Jupyterhub server with Python 3 kernel";
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
services.jupyterhub = { services.jupyterhub = {
enable = true; enable = true;
kernels.python3 = let kernels.python3 =
env = (pkgs.python3.withPackages (pythonPackages: with pythonPackages; [ let
env = (
pkgs.python3.withPackages (
pythonPackages: with pythonPackages; [
ipykernel ipykernel
pandas pandas
scikit-learn scikit-learn
@ -20,20 +28,23 @@ in
matplotlib matplotlib
numpy numpy
pip pip
])); ]
in { )
displayName = "Python 3 for machine learning"; );
argv = [ in
"${env.interpreter}" {
"-m" displayName = "Python 3 for machine learning";
"ipykernel_launcher" argv = [
"-f" "${env.interpreter}"
"{connection_file}" "-m"
]; "ipykernel_launcher"
language = "python"; "-f"
logo32 = "${env}/${env.sitePackages}/ipykernel/resources/logo-32x32.png"; "{connection_file}"
logo64 = "${env}/${env.sitePackages}/ipykernel/resources/logo-64x64.png"; ];
}; language = "python";
logo32 = "${env}/${env.sitePackages}/ipykernel/resources/logo-32x32.png";
logo64 = "${env}/${env.sitePackages}/ipykernel/resources/logo-64x64.png";
};
}; };
services.nginx = { services.nginx = {
@ -41,7 +52,12 @@ in
}; };
services.nginx.virtualHosts = { services.nginx.virtualHosts = {
"jupyterhub.localhost" = { "jupyterhub.localhost" = {
listen = [ { addr = "0.0.0.0"; port = 80; } ]; listen = [
{
addr = "0.0.0.0";
port = 80;
}
];
locations."/" = { locations."/" = {
proxyPass = "http://localhost:${toString config.services.jupyterhub.port}"; proxyPass = "http://localhost:${toString config.services.jupyterhub.port}";
proxyWebsockets = true; proxyWebsockets = true;

2
windows/default.nix
View file

@ -1,4 +1,4 @@
{...}: { ... }:
{ {
imports = [ imports = [
./wine.nix ./wine.nix

12
windows/wine.nix
View file

@ -1,14 +1,20 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
with lib; with lib;
let let
cfg = config.aviallon.windows.wine; cfg = config.aviallon.windows.wine;
in { in
{
options.aviallon.windows.wine = { options.aviallon.windows.wine = {
enable = mkEnableOption "windows executable support on Linux"; enable = mkEnableOption "windows executable support on Linux";
package = mkOption { package = mkOption {
description = "Wine package to use"; description = "Wine package to use";
type = types.package; type = types.package;
default = pkgs.wineWowPackages.waylandFull; default = pkgs.wineWow64Packages.waylandFull;
example = pkgs.winePackages.stable; example = pkgs.winePackages.stable;
}; };
}; };