mirror of
https://github.com/aviallon/nixos-lib.git
synced 2026-04-05 17:27:50 +00:00
182 lines
5.3 KiB
Nix
182 lines
5.3 KiB
Nix
{ config, pkgs, lib, ... }:
|
|
with lib;
|
|
let
|
|
cfg = config.aviallon.general;
|
|
desktopCfg = config.aviallon.desktop;
|
|
nixConfigValue = value:
|
|
if value == true then "true"
|
|
else if value == false then "false"
|
|
else if isList value then toString value
|
|
else generators.mkValueStringDefault { } value;
|
|
|
|
isNullOrEmpty = v: (v == null) ||
|
|
(isList v && (length v == 0));
|
|
|
|
nixConfig = settings: (generators.toKeyValue {
|
|
mkKeyValue = generators.mkKeyValueDefault {
|
|
mkValueString = nixConfigValue;
|
|
} " = ";
|
|
} (filterAttrs (n: v: !(isNullOrEmpty v))
|
|
settings)
|
|
);
|
|
|
|
log2 = let
|
|
mylog = x: y: if (x >= 2) then mylog (x / 2) (y + 1) else y;
|
|
in x: mylog x 0;
|
|
buildUserKeyFile = "remote_builder/id_builder";
|
|
buildUserPubKey = readFile ./nix/id_builder.pub;
|
|
buildUserKey = readFile ./nix/id_builder;
|
|
|
|
getSpeed = cores: threads: cores + (threads - cores) / 2;
|
|
mkBuildMachine = {
|
|
hostName,
|
|
cores,
|
|
threads ? (cores * 2),
|
|
features ? [ ],
|
|
x86ver ? 1 }:
|
|
rec {
|
|
inherit hostName;
|
|
system = "x86_64-linux";
|
|
maxJobs = cores / 2;
|
|
sshUser = "builder";
|
|
sshKey = "/etc/${buildUserKeyFile}";
|
|
speedFactor = getSpeed cores threads;
|
|
supportedFeatures = [ "kvm" "benchmark" ]
|
|
++ optional (speedFactor > 8) "big-parallel"
|
|
++ optional (x86ver >= 2) "arch-x86-64-v2"
|
|
++ optional (x86ver >= 3) "arch-x86-64-v3"
|
|
;
|
|
};
|
|
in
|
|
{
|
|
options.aviallon.general = {
|
|
enable = mkOption {
|
|
default = true;
|
|
example = false;
|
|
description = "Enable aviallon's general tuning";
|
|
type = types.bool;
|
|
};
|
|
cores = mkOption {
|
|
default = null;
|
|
example = 4;
|
|
description = "Number of physical threads of the machine";
|
|
type = types.nullOr (types.addCheck types.int (x: x > 0));
|
|
};
|
|
|
|
cpuArch = mkOption {
|
|
default = "x86-64";
|
|
example = "x86-64-v2";
|
|
description = "Set CPU arch used in overlays, ...";
|
|
type = types.str;
|
|
};
|
|
cpuTune = mkOption {
|
|
default = "generic";
|
|
example = "sandybridge";
|
|
description = "Set CPU tuning for compilers";
|
|
type = types.str;
|
|
};
|
|
unsafeOptimizations = mkEnableOption "unsafe system tuning";
|
|
flakes.enable = mkEnableOption "experimental flake support";
|
|
debug = mkEnableOption "debug-specific configuration";
|
|
};
|
|
|
|
config = mkIf cfg.enable {
|
|
# Set your time zone.
|
|
time.timeZone = "Europe/Paris";
|
|
|
|
# Select internationalisation properties.
|
|
i18n = {
|
|
defaultLocale = "fr_FR.UTF-8";
|
|
};
|
|
|
|
console = {
|
|
keyMap = "fr-pc";
|
|
font = "Lat2-Terminus16";
|
|
};
|
|
|
|
boot.kernelParams = concatLists [
|
|
(optional cfg.unsafeOptimizations "mitigations=off")
|
|
(optionals cfg.unsafeOptimizations [ "i915.mitigations=off" "i915.enable_dc=4" "i915.fastboot=1" ] )
|
|
];
|
|
|
|
powerManagement.cpuFreqGovernor = mkDefault "schedutil";
|
|
|
|
# Some programs need SUID wrappers, can be configured further or are
|
|
# started in user sessions.
|
|
programs.mtr.enable = true;
|
|
programs.gnupg.agent = {
|
|
enable = true;
|
|
enableSSHSupport = true;
|
|
};
|
|
|
|
nix.gc.automatic = mkDefault true;
|
|
nix.gc.dates = mkDefault "Monday,Wednesday,Friday,Sunday 03:00:00";
|
|
nix.gc.randomizedDelaySec = "3h";
|
|
nix.optimise.automatic = mkDefault true;
|
|
nix.optimise.dates = mkForce [ "Tuesday,Thursday,Saturday 03:00:00" ];
|
|
nix.autoOptimiseStore = mkDefault true;
|
|
|
|
nix.daemonIOSchedPriority = 5;
|
|
nix.daemonCPUSchedPolicy = "batch";
|
|
nix.daemonIOSchedClass = "idle";
|
|
|
|
system.autoUpgrade.enable = mkDefault true;
|
|
system.autoUpgrade.allowReboot = mkIf (!desktopCfg.enable) (mkDefault true);
|
|
system.autoUpgrade.dates = "Sunday *-*-* 00:00";
|
|
|
|
documentation.nixos.includeAllModules = true;
|
|
documentation.nixos.enable = true;
|
|
documentation.dev.enable = true;
|
|
documentation.man.generateCaches = true;
|
|
|
|
|
|
environment.shellInit = concatStringsSep "\n" [
|
|
''export GPG_TTY="$(tty)"''
|
|
''gpg-connect-agent /bye''
|
|
''export SSH_AUTH_SOCK="/run/user/$UID/gnupg/S.gpg-agent.ssh"''
|
|
];
|
|
|
|
|
|
nixpkgs.localSystem.system = builtins.currentSystem;
|
|
nixpkgs.localSystem.platform = lib.systems.platforms.pc // {
|
|
gcc.arch = cfg.cpuArch;
|
|
gcc.tune = cfg.cpuTune;
|
|
};
|
|
|
|
environment.etc."${buildUserKeyFile}".text = buildUserKey;
|
|
nix.buildMachines = [
|
|
{
|
|
hostName = "lesviallon.fr";
|
|
system = "x86_64-linux";
|
|
maxJobs = 2;
|
|
speedFactor = 4;
|
|
supportedFeatures = [ "kvm" "benchmark" "big-parallel" ];
|
|
}
|
|
];
|
|
users.users.builder = {
|
|
isSystemUser = true;
|
|
group = "builder";
|
|
hashedPassword = mkForce null; # Must not have a password!
|
|
openssh.authorizedKeys.keys = [
|
|
buildUserPubKey
|
|
];
|
|
};
|
|
users.groups.builder = {};
|
|
nix.trustedUsers = [ "builder" ];
|
|
nix.distributedBuilds = mkDefault false;
|
|
|
|
nix.package = mkIf cfg.flakes.enable (if (builtins.compareVersions pkgs.nix.version "2.4" >= 0) then pkgs.nix else pkgs.nix_2_4);
|
|
nix.extraOptions = nixConfig {
|
|
builders-use-substitutes = true;
|
|
experimental-features = concatLists [
|
|
(optionals cfg.flakes.enable ["nix-command" "flakes"])
|
|
];
|
|
download-attempts = 5;
|
|
cores = ifEnable (cfg.cores != null) cfg.cores;
|
|
stalled-download-timeout = 20;
|
|
};
|
|
|
|
nix.maxJobs = mkIf (cfg.cores != null) (log2 cfg.cores);
|
|
};
|
|
|
|
}
|