mirror of
https://github.com/aviallon/nixos-lib.git
synced 2026-04-05 17:27:50 +00:00
148 lines
3.8 KiB
Nix
148 lines
3.8 KiB
Nix
{ config, pkgs, lib, myLib, ... }:
|
|
with lib;
|
|
let
|
|
cfg = config.aviallon.general;
|
|
desktopCfg = config.aviallon.desktop;
|
|
buildUserPubKeyFile = ./nix/id_builder.pub;
|
|
buildUserKeyFile = ./nix/id_builder;
|
|
|
|
getSpeed = cores: threads: cores + (threads - cores) / 2;
|
|
|
|
mkBuildMachine = {
|
|
hostName,
|
|
cores,
|
|
threads ? (cores * 2),
|
|
features ? [ ],
|
|
x86ver ? 1
|
|
}:
|
|
rec {
|
|
inherit hostName;
|
|
system = "x86_64-linux";
|
|
maxJobs = cores / 2;
|
|
sshUser = "builder";
|
|
sshKey = toString buildUserKeyFile;
|
|
speedFactor = getSpeed cores threads;
|
|
supportedFeatures = [ "kvm" "benchmark" ]
|
|
++ optional (speedFactor > 8) "big-parallel"
|
|
++ optional (x86ver >= 2) "gccarch-x86-64-v2"
|
|
++ optional (x86ver >= 3) "gccarch-x86-64-v3"
|
|
++ features
|
|
;
|
|
};
|
|
in
|
|
{
|
|
imports = [
|
|
(mkRemovedOptionModule [ "aviallon" "general" "flakes" "enable" ] "Flakes are now enabled by default")
|
|
];
|
|
|
|
options.aviallon.general = {
|
|
enable = mkOption {
|
|
default = true;
|
|
example = false;
|
|
description = "Enable aviallon's general tuning";
|
|
type = types.bool;
|
|
};
|
|
|
|
minimal = mkEnableOption "minimal installation";
|
|
|
|
cores = mkOption {
|
|
default = null;
|
|
example = 4;
|
|
description = "Number of physical threads of the machine";
|
|
type = with types; nullOr ints.positive;
|
|
};
|
|
|
|
cpuVendor = mkOption {
|
|
default = null;
|
|
example = "amd";
|
|
description = "Vendor of you CPU. Either AMD or Intel";
|
|
type = types.str;
|
|
};
|
|
|
|
cpuArch = mkOption {
|
|
default = "x86-64";
|
|
example = "x86-64-v2";
|
|
description = "Set CPU arch used in overlays, ...";
|
|
type = types.str;
|
|
};
|
|
cpuTune = mkOption {
|
|
default = "generic";
|
|
example = "sandybridge";
|
|
description = "Set CPU tuning for compilers";
|
|
type = types.str;
|
|
};
|
|
unsafeOptimizations = mkEnableOption "unsafe system tuning";
|
|
debug = mkEnableOption "debug-specific configuration";
|
|
};
|
|
|
|
config = mkIf cfg.enable {
|
|
# Set your time zone.
|
|
time.timeZone = "Europe/Paris";
|
|
|
|
# Select internationalisation properties.
|
|
i18n = {
|
|
defaultLocale = "fr_FR.UTF-8";
|
|
};
|
|
|
|
console = {
|
|
keyMap = "fr-pc";
|
|
font = "Lat2-Terminus16";
|
|
};
|
|
|
|
aviallon.boot.cmdline = mkIf cfg.unsafeOptimizations {
|
|
mitigations = "off";
|
|
};
|
|
|
|
powerManagement.cpuFreqGovernor = mkDefault "schedutil";
|
|
|
|
# Some programs need SUID wrappers, can be configured further or are
|
|
# started in user sessions.
|
|
programs.mtr.enable = true;
|
|
programs.gnupg.agent = {
|
|
enable = true;
|
|
enableSSHSupport = true;
|
|
};
|
|
|
|
documentation.nixos.includeAllModules = true;
|
|
documentation.nixos.enable = true;
|
|
documentation.dev.enable = true;
|
|
documentation.man.generateCaches = true;
|
|
|
|
|
|
environment.shellInit = concatStringsSep "\n" [
|
|
''export GPG_TTY="$(tty)"''
|
|
''gpg-connect-agent /bye''
|
|
''export SSH_AUTH_SOCK="/run/user/$UID/gnupg/S.gpg-agent.ssh"''
|
|
];
|
|
|
|
|
|
nixpkgs.localSystem.system = builtins.currentSystem;
|
|
nixpkgs.localSystem.platform = lib.systems.platforms.pc // {
|
|
gcc.arch = cfg.cpuArch;
|
|
gcc.tune = cfg.cpuTune;
|
|
};
|
|
|
|
nix.buildMachines = [
|
|
{
|
|
hostName = "lesviallon.fr";
|
|
system = "x86_64-linux";
|
|
maxJobs = 2;
|
|
speedFactor = 4;
|
|
supportedFeatures = [ "kvm" "benchmark" "big-parallel" ];
|
|
}
|
|
];
|
|
users.users.builder = {
|
|
isSystemUser = true;
|
|
group = "builder";
|
|
hashedPassword = mkForce null; # Must not have a password!
|
|
openssh.authorizedKeys.keys = [
|
|
(readFile buildUserPubKeyFile)
|
|
];
|
|
shell = pkgs.bashInteractive;
|
|
};
|
|
users.groups.builder = {};
|
|
nix.trustedUsers = [ "builder" ];
|
|
nix.distributedBuilds = mkDefault true;
|
|
};
|
|
|
|
}
|