diff --git a/arm/nix-os-raspberrypi/Makefile b/arm/nix-os-raspberrypi/Makefile new file mode 100644 index 0000000..ec9fbfb --- /dev/null +++ b/arm/nix-os-raspberrypi/Makefile @@ -0,0 +1,28 @@ +# +# arm/nix-os-raspberrypi/Makefile +# + +# Fake targets +.PHONY: rpi2 rpi4 rpi4 + +all: rp5 + +rpi2: + nix build .#installerImages.rpi02 + +rp4: + nix build .#installerImages.rpi4 + +rp5: + nix build .#installerImages.rpi5 + +rp5_on_amd64: + sudo nix build .#nixosConfigurations.rpi5.config.system.build.sdImage --system aarch64-linux + +update: + sudo nix flake update; + +sync: + rsync -avz ./ 172.16.40.122:/home/das/nixos/arm/nix-os-raspberrypi/ + +# end diff --git a/arm/nix-os-raspberrypi/disko-nvme-zfs.nix b/arm/nix-os-raspberrypi/disko-nvme-zfs.nix new file mode 100644 index 0000000..88a4334 --- /dev/null +++ b/arm/nix-os-raspberrypi/disko-nvme-zfs.nix @@ -0,0 +1,181 @@ +{ config, lib, ... }: + +let + firmwarePartition = lib.recursiveUpdate { + # label = "FIRMWARE"; + priority = 1; + + type = "0700"; # Microsoft basic data + attributes = [ + 0 # Required Partition + ]; + + size = "1024M"; + content = { + type = "filesystem"; + format = "vfat"; + # mountpoint = "/boot/firmware"; + mountOptions = [ + "noatime" + "noauto" + "x-systemd.automount" + "x-systemd.idle-timeout=1min" + ]; + }; + }; + + espPartition = lib.recursiveUpdate { + # label = "ESP"; + + type = "EF00"; # EFI System Partition (ESP) + attributes = [ + 2 # Legacy BIOS Bootable, for U-Boot to find extlinux config + ]; + + size = "1024M"; + content = { + type = "filesystem"; + format = "vfat"; + # mountpoint = "/boot"; + mountOptions = [ + "noatime" + "noauto" + "x-systemd.automount" + "x-systemd.idle-timeout=1min" + "umask=0077" + ]; + }; + }; + +in { + + boot.supportedFilesystems = [ "zfs" ]; + # networking.hostId is set somewhere else + services.zfs.autoScrub.enable = true; + services.zfs.trim.enable = true; + + disko.devices = { + disk.nvme0 = { + type = "disk"; + device = "/dev/nvme0n1"; + content = { + type = "gpt"; + partitions = { + + FIRMWARE = firmwarePartition { + label = "FIRMWARE"; + content.mountpoint = "/boot/firmware"; + }; + + ESP = espPartition { + label = "ESP"; + content.mountpoint = "/boot"; + }; + + zfs = { + size = "100%"; + content = { + type = "zfs"; + pool = "rpool"; # zroot + }; + }; + + }; + }; + }; #nvme0 + + zpool = { + rpool = { + type = "zpool"; + + # zpool properties + options = { + ashift = "12"; + autotrim = "on"; # see also services.zfs.trim.enable + }; + + # zfs properties + rootFsOptions = { + # "com.sun:auto-snapshot" = "false"; + # https://jrs-s.net/2018/08/17/zfs-tuning-cheat-sheet/ + compression = "lz4"; + atime = "off"; + xattr = "sa"; + acltype = "posixacl"; + # https://rubenerd.com/forgetting-to-set-utf-normalisation-on-a-zfs-pool/ + normalization = "formD"; + dnodesize = "auto"; + mountpoint = "none"; + canmount = "off"; + }; + + postCreateHook = let + poolName = "rpool"; + in "zfs list -t snapshot -H -o name | grep -E '^${poolName}@blank$' || zfs snapshot ${poolName}@blank"; + + datasets = { + + # stuff which can be recomputed/easily redownloaded, e.g. nix store + local = { + type = "zfs_fs"; + options.mountpoint = "none"; + }; + "local/nix" = { + type = "zfs_fs"; + options = { + reservation = "128M"; + mountpoint = "legacy"; # to manage "with traditional tools" + }; + mountpoint = "/nix"; # nixos configuration mountpoint + }; + + # _system_ data + system = { + type = "zfs_fs"; + options = { + mountpoint = "none"; + }; + }; + "system/root" = { + type = "zfs_fs"; + options = { + mountpoint = "legacy"; + }; + mountpoint = "/"; + }; + "system/var" = { + type = "zfs_fs"; + options = { + mountpoint = "legacy"; + }; + mountpoint = "/var"; + }; + + # _user_ and _user service_ data. safest, long retention policy + safe = { + type = "zfs_fs"; + options = { + copies = "2"; + mountpoint = "none"; + }; + }; + "safe/home" = { + type = "zfs_fs"; + options = { + mountpoint = "legacy"; + }; + mountpoint = "/home"; + }; + "safe/var/lib" = { + type = "zfs_fs"; + options = { + mountpoint = "legacy"; + }; + mountpoint = "/var/lib"; + }; + + }; + }; + }; + }; +} \ No newline at end of file diff --git a/arm/nix-os-raspberrypi/disko-usb-btrfs.nix b/arm/nix-os-raspberrypi/disko-usb-btrfs.nix new file mode 100644 index 0000000..597fd91 --- /dev/null +++ b/arm/nix-os-raspberrypi/disko-usb-btrfs.nix @@ -0,0 +1,167 @@ +{ config, lib, ... }: + +let + firmwarePartition = lib.recursiveUpdate { + # label = "FIRMWARE"; + priority = 1; + + type = "0700"; # Microsoft basic data + attributes = [ + 0 # Required Partition + ]; + + size = "1024M"; + content = { + type = "filesystem"; + format = "vfat"; + # mountpoint = "/boot/firmware"; + mountOptions = [ + "noatime" + "noauto" + "x-systemd.automount" + "x-systemd.idle-timeout=1min" + ]; + }; + }; + + espPartition = lib.recursiveUpdate { + # label = "ESP"; + + type = "EF00"; # EFI System Partition (ESP) + attributes = [ + 2 # Legacy BIOS Bootable, for U-Boot to find extlinux config + ]; + + size = "1024M"; + content = { + type = "filesystem"; + format = "vfat"; + # mountpoint = "/boot"; + mountOptions = [ + "noatime" + "noauto" + "x-systemd.automount" + "x-systemd.idle-timeout=1min" + "umask=0077" + ]; + }; + }; + +in { + + # https://nixos.wiki/wiki/Btrfs#Scrubbing + services.btrfs.autoScrub = { + enable = true; + interval = "monthly"; + fileSystems = [ "/" ]; + }; + + fileSystems = { + # mount early enough in the boot process so no logs will be lost + "/var/log".neededForBoot = true; + }; + + disko.devices.disk.main = { + type = "disk"; + device = "/dev/sda"; + + content = { + type = "gpt"; + partitions = { + + FIRMWARE = firmwarePartition { + label = "FIRMWARE"; + content.mountpoint = "/boot/firmware"; + }; + + ESP = espPartition { + label = "ESP"; + content.mountpoint = "/boot"; + }; + + system = { + type = "8305"; # Linux ARM64 root (/) + + size = "100%"; + content = { + type = "btrfs"; + extraArgs = [ + # "--label nixos" + "-f" # Override existing partition + ]; + postCreateHook = let + thisBtrfs = config.disko.devices.disk.main.content.partitions.system.content; + device = thisBtrfs.device; + subvolumes = thisBtrfs.subvolumes; + + makeBlankSnapshot = btrfsMntPoint: subvol: let + subvolAbsPath = lib.strings.normalizePath "${btrfsMntPoint}/${subvol.name}"; + dst = "${subvolAbsPath}-blank"; + # NOTE: this one-liner has the same functionality (inspired by zfs hook) + # btrfs subvolume list -s mnt/rootfs | grep -E ' rootfs-blank$' || btrfs subvolume snapshot -r mnt/rootfs mnt/rootfs-blank + in '' + if ! btrfs subvolume show "${dst}" > /dev/null 2>&1; then + btrfs subvolume snapshot -r "${subvolAbsPath}" "${dst}" + fi + ''; + # Mount top-level subvolume (/) with "subvol=/", without it + # the default subvolume will be mounted. They're the same in + # this case, though. So "subvol=/" isn't really necessary + in '' + MNTPOINT=$(mktemp -d) + mount ${device} "$MNTPOINT" -o subvol=/ + trap 'umount $MNTPOINT; rm -rf $MNTPOINT' EXIT + ${makeBlankSnapshot "$MNTPOINT" subvolumes."/rootfs"} + ''; + subvolumes = { + "/rootfs" = { + mountpoint = "/"; + mountOptions = [ "noatime" ]; + }; + "/nix" = { + mountpoint = "/nix"; + mountOptions = [ "noatime" ]; + }; + "/home" = { + mountpoint = "/home"; + mountOptions = [ "noatime" ]; + }; + "/log" = { + mountpoint = "/var/log"; + mountOptions = [ "noatime" ]; + }; + "/swap" = { + mountpoint = "/.swapvol"; + swap."swapfile" = { + size = "8G"; + priority = 3; # (higher number -> higher priority) + # to be used after zswap (set zramSwap.priority > this priority), + # but before "hibernation" swap + # https://github.com/nix-community/disko/issues/651 + }; + }; + }; + }; + }; # system + + swap = { + type = "8200"; # Linux swap + + size = "9G"; # RAM + 1GB + content = { + type = "swap"; + resumeDevice = true; # "hibernation" swap + # zram's swap will be used first, and this one only + # used when the system is under pressure enough that zram and + # "regular" swap above didn't work + # https://github.com/systemd/systemd/issues/16708#issuecomment-1632592375 + # (set zramSwap.priority > btrfs' .swapvol priority > this priority) + priority = 2; + }; + }; + + }; + }; + + }; # disko.devices.disk.main +} \ No newline at end of file diff --git a/arm/nix-os-raspberrypi/flake.lock b/arm/nix-os-raspberrypi/flake.lock new file mode 100644 index 0000000..4f3f964 --- /dev/null +++ b/arm/nix-os-raspberrypi/flake.lock @@ -0,0 +1,248 @@ +{ + "nodes": { + "argononed": { + "flake": false, + "locked": { + "lastModified": 1729566243, + "narHash": "sha256-DPNI0Dpk5aym3Baf5UbEe5GENDrSmmXVdriRSWE+rgk=", + "owner": "nvmd", + "repo": "argononed", + "rev": "16dbee54d49b66d5654d228d1061246b440ef7cf", + "type": "github" + }, + "original": { + "owner": "nvmd", + "repo": "argononed", + "type": "github" + } + }, + "disko": { + "inputs": { + "nixpkgs": [ + "nixos-raspberrypi", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1742690494, + "narHash": "sha256-SFacEbSRMoTyWG5VXh4ieofJGge+cLq9lH8ifB+zjBg=", + "owner": "nvmd", + "repo": "disko", + "rev": "9dc58d4d49c9f74623a06e2fc20cdfd8bb3cbe8b", + "type": "github" + }, + "original": { + "owner": "nvmd", + "ref": "gpt-attrs", + "repo": "disko", + "type": "github" + } + }, + "disko_2": { + "inputs": { + "nixpkgs": [ + "nixos-anywhere", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1744940522, + "narHash": "sha256-TNoetfICvd29DhxRPpmyKItQBDlqSvKcV+wGNkn14jk=", + "owner": "nix-community", + "repo": "disko", + "rev": "51d33bbb7f1e74ba5f9d9a77357735149da99081", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "master", + "repo": "disko", + "type": "github" + } + }, + "flake-parts": { + "inputs": { + "nixpkgs-lib": [ + "nixos-anywhere", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1743550720, + "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "c621e8422220273271f52058f618c94e405bb0f5", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "nixos-anywhere": { + "inputs": { + "disko": "disko_2", + "flake-parts": "flake-parts", + "nixos-images": "nixos-images", + "nixos-stable": "nixos-stable", + "nixpkgs": "nixpkgs", + "treefmt-nix": "treefmt-nix" + }, + "locked": { + "lastModified": 1745120626, + "narHash": "sha256-MqAi9oR5iaPbevV7B7WJWpFQaMloeHYQSX/lVL2XI7g=", + "owner": "nix-community", + "repo": "nixos-anywhere", + "rev": "736734245b9d386d3323acc97f46f585ff273bae", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixos-anywhere", + "type": "github" + } + }, + "nixos-images": { + "inputs": { + "nixos-stable": [ + "nixos-anywhere", + "nixos-stable" + ], + "nixos-unstable": [ + "nixos-anywhere", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1744853194, + "narHash": "sha256-NBOdBdQdxb3FdM4Ywb4cATMLfFtkPqDYh0LIQMZ7eRY=", + "owner": "nix-community", + "repo": "nixos-images", + "rev": "8f6f8060a13096934c2a502eb0508bdc3f1284a1", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixos-images", + "type": "github" + } + }, + "nixos-raspberrypi": { + "inputs": { + "argononed": "argononed", + "nixpkgs": "nixpkgs_2" + }, + "locked": { + "lastModified": 1744760965, + "narHash": "sha256-U6W7accGi6egFfAzVdDsEU9isjN0h4WxgGpKYHKoeM4=", + "owner": "nvmd", + "repo": "nixos-raspberrypi", + "rev": "423e8fc1ed409ee5f94c118fe6ba61136b30f18f", + "type": "github" + }, + "original": { + "owner": "nvmd", + "ref": "main", + "repo": "nixos-raspberrypi", + "type": "github" + } + }, + "nixos-stable": { + "locked": { + "lastModified": 1744440957, + "narHash": "sha256-FHlSkNqFmPxPJvy+6fNLaNeWnF1lZSgqVCl/eWaJRc4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "26d499fc9f1d567283d5d56fcf367edd815dba1d", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1745088452, + "narHash": "sha256-6SrsUiwNtyQtl+JJNcNKe98iediwPrY9Kldhszqggto=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "ae0c0ebf757121ee44bb98e70a71212a9961055d", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable-small", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1744579458, + "narHash": "sha256-ywpXJotE1Cg0uUQ1/493wi0DokkkhOmqtH2JP55L2kg=", + "owner": "nvmd", + "repo": "nixpkgs", + "rev": "27e298704f0f167167cff3e237b3a2c68b66bda4", + "type": "github" + }, + "original": { + "owner": "nvmd", + "ref": "modules-with-keys", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { + "locked": { + "lastModified": 1745234285, + "narHash": "sha256-GfpyMzxwkfgRVN0cTGQSkTC0OHhEkv3Jf6Tcjm//qZ0=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "c11863f1e964833214b767f4a369c6e6a7aba141", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "disko": "disko", + "nixos-anywhere": "nixos-anywhere", + "nixos-raspberrypi": "nixos-raspberrypi", + "nixpkgs": "nixpkgs_3" + } + }, + "treefmt-nix": { + "inputs": { + "nixpkgs": [ + "nixos-anywhere", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1744961264, + "narHash": "sha256-aRmUh0AMwcbdjJHnytg1e5h5ECcaWtIFQa6d9gI85AI=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "8d404a69efe76146368885110f29a2ca3700bee6", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/arm/nix-os-raspberrypi/flake.nix b/arm/nix-os-raspberrypi/flake.nix new file mode 100644 index 0000000..23d4db5 --- /dev/null +++ b/arm/nix-os-raspberrypi/flake.nix @@ -0,0 +1,268 @@ +{ + description = '' + Examples of NixOS systems' configuration for Raspberry Pi boards + using nixos-raspberrypi + ''; + + nixConfig = { + bash-prompt = "\[nixos-raspberrypi-demo\] ➜ "; + extra-substituters = [ + "https://nixos-raspberrypi.cachix.org" + ]; + extra-trusted-public-keys = [ + "nixos-raspberrypi.cachix.org-1:4iMO9LXa8BqhU+Rpg6LQKiGa2lsNh/j2oiYLNOQ5sPI=" + ]; + connect-timeout = 5; + }; + + inputs = { + + nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; + nixos-raspberrypi = { + url = "github:nvmd/nixos-raspberrypi/main"; + }; + + disko = { + # the fork is needed for partition attributes support + url = "github:nvmd/disko/gpt-attrs"; + # url = "github:nix-community/disko"; + inputs.nixpkgs.follows = "nixos-raspberrypi/nixpkgs"; + }; + + nixos-anywhere = { + url = "github:nix-community/nixos-anywhere"; + }; + }; + + outputs = { self, nixpkgs + , nixos-raspberrypi, disko + , nixos-anywhere, ... }@inputs: let + allSystems = nixpkgs.lib.systems.flakeExposed; + forSystems = systems: f: nixpkgs.lib.genAttrs systems (system: f system); + in { + + devShells = forSystems allSystems (system: let + pkgs = nixpkgs.legacyPackages.${system}; + in { + default = pkgs.mkShell { + nativeBuildInputs = with pkgs; [ + nil # lsp language server for nix + nixpkgs-fmt + nix-output-monitor + nixos-anywhere.packages.${system}.default + ]; + }; + }); + + nixosConfigurations = let + + users-config-stub = { + # This is identical to what nixos installer does in + # (modulesPash + "profiles/installation-device.nix") + + # Use less privileged nixos user + users.users.nixos = { + isNormalUser = true; + extraGroups = [ + "wheel" + "networkmanager" + "video" + ]; + # Allow the graphical user to login without password + initialHashedPassword = ""; + }; + + # Allow the user to log in as root without a password. + users.users.root.initialHashedPassword = ""; + + # Don't require sudo/root to `reboot` or `poweroff`. + security.polkit.enable = true; + + # Allow passwordless sudo from nixos user + security.sudo = { + enable = true; + wheelNeedsPassword = false; + }; + + # Automatically log in at the virtual consoles. + services.getty.autologinUser = "nixos"; + + # We run sshd by default. Login is only possible after adding a + # password via "passwd" or by adding a ssh key to ~/.ssh/authorized_keys. + # The latter one is particular useful if keys are manually added to + # installation device for head-less systems i.e. arm boards by manually + # mounting the storage in a different system. + services.openssh = { + enable = true; + settings.PermitRootLogin = "yes"; + }; + + # allow nix-copy to live system + nix.settings.trusted-users = [ "nixos" ]; + }; + + common-user-config = {config, pkgs, ... }: { + imports = [ + ./modules/nice-looking-console.nix + users-config-stub + ]; + + time.timeZone = "UTC"; + networking.hostName = "rpi${config.boot.loader.raspberryPi.variant}-demo"; + + services.udev.extraRules = '' + # Ignore partitions with "Required Partition" GPT partition attribute + # On our RPis this is firmware (/boot/firmware) partition + ENV{ID_PART_ENTRY_SCHEME}=="gpt", \ + ENV{ID_PART_ENTRY_FLAGS}=="0x1", \ + ENV{UDISKS_IGNORE}="1" + ''; + + environment.systemPackages = with pkgs; [ + tree + ]; + + + # users.users.nixos.openssh.authorizedKeys.keys = [ + # # YOUR SSH PUB KEY HERE # + + # ]; + # users.users.root.openssh.authorizedKeys.keys = [ + # # YOUR SSH PUB KEY HERE # + + # ]; + + + system.nixos.tags = let + cfg = config.boot.loader.raspberryPi; + in [ + "raspberry-pi-${cfg.variant}" + cfg.bootloader + config.boot.kernelPackages.kernel.version + ]; + }; + in { + + rpi02 = nixos-raspberrypi.lib.nixosSystemFull { + specialArgs = inputs; + modules = [ + ({ config, pkgs, lib, nixos-raspberrypi, ... }: { + imports = with nixos-raspberrypi.nixosModules; [ + # Hardware configuration + raspberry-pi-02.base + usb-gadget-ethernet + # config.txt example + ./pi02-configtxt.nix + ]; + }) + # Disk configuration + # Assumes the system will continue to reside on the installation media (sd-card), + # as there're hardly other feasible options on RPi02. + # (see also https://github.com/nvmd/nixos-raspberrypi/issues/8#issuecomment-2804912881) + # `sd-image` has lots of dependencies unnecessary for the installed system, + # replicating its disk layout + ({ config, pkgs, ... }: { + fileSystems = { + "/boot/firmware" = { + device = "/dev/disk/by-label/FIRMWARE"; + fsType = "vfat"; + options = [ + "noatime" + "noauto" + "x-systemd.automount" + "x-systemd.idle-timeout=1min" + ]; + }; + "/" = { + device = "/dev/disk/by-label/NIXOS_SD"; + fsType = "ext4"; + options = [ "noatime" ]; + }; + }; + }) + # Further user configuration + common-user-config + ({ config, pkgs, ... }: { + environment.systemPackages = with pkgs; [ + i2c-tools + ]; + }) + ]; + }; + + rpi4 = nixos-raspberrypi.lib.nixosSystem { + specialArgs = inputs; + modules = [ + ({ config, pkgs, lib, nixos-raspberrypi, disko, ... }: { + imports = with nixos-raspberrypi.nixosModules; [ + # Hardware configuration + raspberry-pi-4.base + raspberry-pi-4.display-vc4 + raspberry-pi-4.bluetooth + ]; + }) + # Disk configuration + disko.nixosModules.disko + # WARNING: formatting disk with disko is DESTRUCTIVE, check if + # `disko.devices.disk.main.device` is set correctly! + ./disko-usb-btrfs.nix + # Further user configuration + common-user-config + { + boot.tmp.useTmpfs = true; + } + ]; + }; + + rpi5 = nixos-raspberrypi.lib.nixosSystemFull { + specialArgs = inputs; + modules = [ + ({ config, pkgs, lib, nixos-raspberrypi, disko, ... }: { + imports = with nixos-raspberrypi.nixosModules; [ + # Hardware configuration + raspberry-pi-5.base + raspberry-pi-5.display-vc4 + ./pi5-configtxt.nix + ]; + }) + # Disk configuration + disko.nixosModules.disko + # WARNING: formatting disk with disko is DESTRUCTIVE, check if + # `disko.devices.disk.nvme0.device` is set correctly! + ./disko-nvme-zfs.nix + { networking.hostId = "8821e309"; } # NOTE: for zfs, must be unique + # Further user configuration + common-user-config + { + boot.tmp.useTmpfs = true; + } + + # Advanced: Use non-default kernel from kernel-firmware bundle + ({ config, pkgs, lib, ... }: let + kernelBundle = pkgs.linuxAndFirmware.v6_6_31; + in { + boot = { + loader.raspberryPi.firmwarePackage = kernelBundle.raspberrypifw; + kernelPackages = kernelBundle.linuxPackages_rpi5; + }; + + nixpkgs.overlays = lib.mkAfter [ + (self: super: { + # This is used in (modulesPath + "/hardware/all-firmware.nix") when at least + # enableRedistributableFirmware is enabled + # I know no easier way to override this package + inherit (kernelBundle) raspberrypiWirelessFirmware; + # Some derivations want to use it as an input, + # e.g. raspberrypi-dtbs, omxplayer, sd-image-* modules + inherit (kernelBundle) raspberrypifw; + }) + ]; + }) + + ]; + }; + + }; + + }; +} \ No newline at end of file diff --git a/arm/nix-os-raspberrypi/modules/nice-looking-console.nix b/arm/nix-os-raspberrypi/modules/nice-looking-console.nix new file mode 100644 index 0000000..d30dd51 --- /dev/null +++ b/arm/nix-os-raspberrypi/modules/nice-looking-console.nix @@ -0,0 +1,32 @@ +{ config, lib, pkgs, ... }: + +{ + # The following have been borrowed from: + # https://github.com/nix-community/nixos-images/blob/b733f0680a42cc01d6ad53896fb5ca40a66d5e79/nix/image-installer/module.nix#L84 + + console.earlySetup = true; + # ter-u22n is probably too big + console.font = lib.mkDefault "${pkgs.terminus_font}/share/consolefonts/ter-u16n.psf.gz"; + + # Make colored console output more readable + # for example, `ip addr`s (blues are too dark by default) + # Tango theme: https://yayachiken.net/en/posts/tango-colors-in-terminal/ + console.colors = lib.mkDefault [ + "000000" + "CC0000" + "4E9A06" + "C4A000" + "3465A4" + "75507B" + "06989A" + "D3D7CF" + "555753" + "EF2929" + "8AE234" + "FCE94F" + "739FCF" + "AD7FA8" + "34E2E2" + "EEEEEC" + ]; +} \ No newline at end of file diff --git a/arm/nix-os-raspberrypi/modules/server-networking.nix b/arm/nix-os-raspberrypi/modules/server-networking.nix new file mode 100644 index 0000000..613ba73 --- /dev/null +++ b/arm/nix-os-raspberrypi/modules/server-networking.nix @@ -0,0 +1,30 @@ +{ lib, ... }: +{ + # https://github.com/nix-community/srvos/blob/fa814c65868d32f7bd4d13a87b191ace02feb7d8/nixos/common/networking.nix + # with some options disabled + + # Allow PMTU / DHCP + # networking.firewall.allowPing = true; + + # Keep dmesg/journalctl -k output readable by NOT logging + # each refused connection on the open internet. + networking.firewall.logRefusedConnections = lib.mkDefault false; + + # Use networkd instead of the pile of shell scripts + # NOTE: SK: is it safe to combine with NetworkManager on desktops? + networking.useNetworkd = lib.mkDefault true; + + # The notion of "online" is a broken concept + # https://github.com/systemd/systemd/blob/e1b45a756f71deac8c1aa9a008bd0dab47f64777/NEWS#L13 + # https://github.com/NixOS/nixpkgs/issues/247608 + systemd.services.NetworkManager-wait-online.enable = false; + systemd.network.wait-online.enable = false; + + # Do not take down the network for too long when upgrading, + # This also prevents failures of services that are restarted instead of stopped. + # It will use `systemctl restart` rather than stopping it with `systemctl stop` + # followed by a delayed `systemctl start`. + systemd.services.systemd-networkd.stopIfChanged = false; + # Services that are only restarted might be not able to resolve when resolved is stopped before + systemd.services.systemd-resolved.stopIfChanged = false; +} diff --git a/arm/nix-os-raspberrypi/pi02-configtxt.nix b/arm/nix-os-raspberrypi/pi02-configtxt.nix new file mode 100644 index 0000000..d6eff7b --- /dev/null +++ b/arm/nix-os-raspberrypi/pi02-configtxt.nix @@ -0,0 +1,28 @@ +{ config, pkgs, lib, ... }: + +{ + hardware.raspberry-pi.config = { + all = { # [all] conditional filter, https://www.raspberrypi.com/documentation/computers/config_txt.html#conditional-filters + + base-dt-params = { + i2c = { + enable = true; + value = "on"; + }; + }; + + # dt-overlays = { + # i2c-rtc = { + # enable = true; + # params = { + # ds3231 = { + # enable = true; + # # value = ""; + # }; + # }; + # }; + # }; + + }; + }; +} \ No newline at end of file diff --git a/arm/nix-os-raspberrypi/pi5-configtxt.nix b/arm/nix-os-raspberrypi/pi5-configtxt.nix new file mode 100644 index 0000000..1f232a8 --- /dev/null +++ b/arm/nix-os-raspberrypi/pi5-configtxt.nix @@ -0,0 +1,45 @@ +{ config, pkgs, lib, ... }: + +{ + hardware.raspberry-pi.config = { + all = { # [all] conditional filter, https://www.raspberrypi.com/documentation/computers/config_txt.html#conditional-filters + + options = { + # https://www.raspberrypi.com/documentation/computers/config_txt.html#enable_uart + # in conjunction with `console=serial0,115200` in kernel command line (`cmdline.txt`) + # creates a serial console, accessible using GPIOs 14 and 15 (pins + # 8 and 10 on the 40-pin header) + enable_uart = { + enable = true; + value = true; + }; + # https://www.raspberrypi.com/documentation/computers/config_txt.html#uart_2ndstage + # enable debug logging to the UART, also automatically enables + # UART logging in `start.elf` + uart_2ndstage = { + enable = true; + value = true; + }; + }; + + # Base DTB parameters + # https://github.com/raspberrypi/linux/blob/a1d3defcca200077e1e382fe049ca613d16efd2b/arch/arm/boot/dts/overlays/README#L132 + base-dt-params = { + + # https://www.raspberrypi.com/documentation/computers/raspberry-pi.html#enable-pcie + pciex1 = { + enable = true; + value = "on"; + }; + # PCIe Gen 3.0 + # https://www.raspberrypi.com/documentation/computers/raspberry-pi.html#pcie-gen-3-0 + pciex1_gen = { + enable = true; + value = "3"; + }; + + }; + + }; + }; +} \ No newline at end of file diff --git a/arm/nix-os-raspberrypi/readme.md b/arm/nix-os-raspberrypi/readme.md new file mode 100644 index 0000000..818d160 --- /dev/null +++ b/arm/nix-os-raspberrypi/readme.md @@ -0,0 +1,11 @@ + + +https://github.com/nvmd/nixos-raspberrypi + + +Demo +https://github.com/nvmd/nixos-raspberrypi-demo/blob/main/flake.nix + + +Raspberry Pi 5 support +https://github.com/NixOS/nixpkgs/issues/260754#issuecomment-2797503311 \ No newline at end of file diff --git a/arm/pi5-1-os/Makefile b/arm/pi5-1-os/Makefile index 1dae1f4..4f74294 100644 --- a/arm/pi5-1-os/Makefile +++ b/arm/pi5-1-os/Makefile @@ -23,7 +23,7 @@ rebuild: #sudo nix flake update; sudo nix --extra-experimental-features nix-command --extra-experimental-features flakes flake update; #sudo nix-channel --update; - sudo nixos-rebuild switch --flake .#pi5-1 + sudo nixos-rebuild switch --flake .#pi5-1-os sync: rsync -av /home/das/nixos/arm/pi5-1-os/ pi5-1:/home/das/nixos/arm/pi5-1-os/ diff --git a/arm/pi5-1-os/flake.nix b/arm/pi5-1-os/flake.nix index ad65d9d..219834c 100644 --- a/arm/pi5-1-os/flake.nix +++ b/arm/pi5-1-os/flake.nix @@ -33,12 +33,12 @@ # https://www.raspberrypi.com/documentation/computers/linux_kernel.html#native-build-configuration raspberry-pi-nix.board = "bcm2712"; networking = { - hostName = "pi5-1"; + hostName = "pi5-1-os"; }; }; in { nixosConfigurations = { - pi5-1 = lib.nixosSystem { + pi5-1-os = lib.nixosSystem { #system ="x86_64-linux"; inherit system; modules = [ diff --git a/arm/pi5-1/.gitignore b/arm/pi5-1/.gitignore index 89d56a0..2132a05 100644 --- a/arm/pi5-1/.gitignore +++ b/arm/pi5-1/.gitignore @@ -1,2 +1,4 @@ result ./result +old-result +./old-result \ No newline at end of file diff --git a/arm/pi5-1/Makefile b/arm/pi5-1/Makefile index 84c7da3..55aceb9 100644 --- a/arm/pi5-1/Makefile +++ b/arm/pi5-1/Makefile @@ -1,11 +1,13 @@ # https://wiki.nixos.org/wiki/NixOS_on_ARM/Building_Images#Compiling_through_binfmt_QEMU all: - nix build .#packages.aarch64-linux.sdcard + nix build .#packages.aarch64-linux.sdcard; +update: + sudo nix flake update; flash: - sudo dd if=/nix/store/z5bdj3iczgzm3qjgn6lvjswd0lmflkza-nixos-sd-image-24.11.20250119.107d5ef-aarch64-linux.img/sd-image/nixos-sd-image-24.11.20250119.107d5ef-aarch64-linux.img of=/dev/sda bs=10MB oflag=dsync status=progress + sudo dd if=/nix/store/z5bdj3iczgzm3qjgn6lvjswd0lmflkza-nixos-sd-image-24.11.20250119.107d5ef-aarch64-linux.img/sd-image/nixos-sd-image-24.11.20250119.107d5ef-aarch64-linux.img of=/dev/sda bs=10MB oflag=dsync status=progress; # this was copied from video: https://www.youtube.com/watch?v=6Le0IbPRzOE # time. 53.54 diff --git a/arm/pi5-1/configuration.nix b/arm/pi5-1/configuration.nix new file mode 100644 index 0000000..ebcc6db --- /dev/null +++ b/arm/pi5-1/configuration.nix @@ -0,0 +1,49 @@ +# +# arm/pi5-1/configuration.nix +# + +{ config, pkgs, lib, ... }: + +# https://nixos.wiki/wiki/FAQ#How_can_I_install_a_package_from_unstable_while_remaining_on_the_stable_channel.3F +# https://discourse.nixos.org/t/differences-between-nix-channels/13998 + +{ + # https://nixos.wiki/wiki/NixOS_modules + imports = + [ + ./sysctl.nix + ./services.ssh.nix + ./nodeExporter.nix + ./docker-daemon.nix + ]; + + # https://nixos.wiki/wiki/Nix_Cookbook + nix = { + settings = { + auto-optimise-store = true; + #experimental-features = [ "nix-command" "flakes" ]; + experimental-features = [ "nix-command" "flakes" ]; + + download-buffer-size = "100000000"; + }; + + gc = { + automatic = true; # Enable automatic execution of the task + dates = "weekly"; # Schedule the task to run weekly + options = "--delete-older-than 10d"; # Specify options for the task: delete files older than 10 days + randomizedDelaySec = "14m"; # Introduce a randomized delay of up to 14 minutes before executing the task + }; + }; + + networking.firewall.enable = true; + + services.lldpd.enable = true; + + services.timesyncd.enable = true; + + services.fstrim.enable = true; + + nixpkgs.config = { + allowUnfree = true; + }; +} \ No newline at end of file diff --git a/arm/pi5-1/docker-daemon.nix b/arm/pi5-1/docker-daemon.nix new file mode 100644 index 0000000..fe72a86 --- /dev/null +++ b/arm/pi5-1/docker-daemon.nix @@ -0,0 +1,27 @@ + +{ config, pkgs, ... }: + +{ + # https://nixos.wiki/wiki/Docker + # https://search.nixos.org/options?from=0&size=50&sort=alpha_asc&query=virtualisation.docker + # https://search.nixos.org/options?channel=24.05&show=virtualisation.docker.extraOptions&from=0&size=50&sort=alpha_asc&type=packages&query=virtualisation.docker + # https://github.com/NixOS/nixpkgs/issues/68349 + virtualisation.docker.enable = true; + virtualisation.docker.daemon.settings = { + data-root = "/home/das/docker/"; + userland-proxy = false; + experimental = true; + ipv6 = true; + fixed-cidr-v6 = "fd00::/80"; + metrics-addr = "0.0.0.0:9323"; + # log-driver = "json-file"; + # log-opts.max-size = "10m"; + # log-opts.max-file = "10"; + }; + #this doesn't work + #virtualisation.docker.daemon.settings.log-opts.max-size = "10m"; + # https://docs.docker.com/reference/cli/dockerd/ + #virtualisation.docker.extraOptions = "--userland-proxy=false"; + #virtualisation.docker.extraOptions = "--log-opt=max-size=10m"; + #virtualisation.docker.extraOptions = "--ipv6"; +} \ No newline at end of file diff --git a/arm/pi5-1/extra-config.nix b/arm/pi5-1/extra-config.nix deleted file mode 100644 index 1123fd4..0000000 --- a/arm/pi5-1/extra-config.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ config, lib, pkgs, ... }: -{ - networking.firewall.enable = false; - - nixpkgs.config.allowUnfree = true; - environment.systemPackages = with pkgs; [ - pkgs.openssh - ]; - - services.openssh.enable = true; -} diff --git a/arm/pi5-1/flake.lock b/arm/pi5-1/flake.lock index 9e1930b..a817abf 100644 --- a/arm/pi5-1/flake.lock +++ b/arm/pi5-1/flake.lock @@ -23,11 +23,11 @@ ] }, "locked": { - "lastModified": 1737057290, - "narHash": "sha256-3Pe0yKlCc7EOeq1X/aJVDH0CtNL+tIBm49vpepwL1MQ=", + "lastModified": 1742568034, + "narHash": "sha256-QaMEhcnscfF2MqB7flZr+sLJMMYZPnvqO4NYf9B4G38=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "d002ce9b6e7eb467cd1c6bb9aef9c35d191b5453", + "rev": "42ee229088490e3777ed7d1162cb9e9d8c3dbb11", "type": "github" }, "original": { @@ -38,11 +38,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1737299813, - "narHash": "sha256-Qw2PwmkXDK8sPQ5YQ/y/icbQ+TYgbxfjhgnkNJyT1X8=", + "lastModified": 1745279238, + "narHash": "sha256-AQ7M9wTa/Pa/kK5pcGTgX/DGqMHyzsyINfN7ktsI7Fo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "107d5ef05c0b1119749e381451389eded30fb0d5", + "rev": "9684b53175fc6c09581e94cc85f05ab77464c7e3", "type": "github" }, "original": { diff --git a/arm/pi5-1/flake.nix b/arm/pi5-1/flake.nix index e3532b8..b722120 100644 --- a/arm/pi5-1/flake.nix +++ b/arm/pi5-1/flake.nix @@ -1,13 +1,27 @@ +# +# arm/pi5-1/flake.nix +# +# This is based on +# https://github.com/NixOS/nixpkgs/issues/260754#issuecomment-2501839916 +# +# My own success comment +# https://github.com/NixOS/nixpkgs/issues/260754#issuecomment-2614122573 +# +# https://nixos-and-flakes.thiscute.world/development/cross-platform-compilation#cross-compilation +# { description = "Base system for raspberry pi 5"; inputs = { + # nixpkgs.url = "nixpkgs/nixos-unstable"; nixpkgs.url = "nixpkgs/nixos-24.11"; + # nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; nixos-generators = { url = "github:nix-community/nixos-generators"; inputs.nixpkgs.follows = "nixpkgs"; }; }; + #outputs = { self, nixpkgs, nixpkgs-unstable, nixos-generators, ... }: outputs = { self, nixpkgs, nixos-generators, ... }: { nixosModules = { @@ -28,6 +42,14 @@ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGMCFUMSCFJX95eLfm7P9r72NBp9I1FiXwNwJ+x/HGPV das@t" ]; }; + brent = { + password = "admin123"; + isNormalUser = true; + extraGroups = [ "wheel" ]; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBHhM04LlDK/gOItDXa2mzMof6LhXT9IBJ9liFPEn0xJ brent@mckee.is" + ]; + }; }; }; }; @@ -37,7 +59,7 @@ system = "aarch64-linux"; format = "sd-aarch64"; modules = [ - ./extra-config.nix + ./configuration.nix self.nixosModules.system self.nixosModules.users ( { ... }: { diff --git a/arm/pi5-1/nodeExporter.nix b/arm/pi5-1/nodeExporter.nix new file mode 100644 index 0000000..416ab9a --- /dev/null +++ b/arm/pi5-1/nodeExporter.nix @@ -0,0 +1,23 @@ +{ config, pkgs, ... }: +{ + # https://nixos.org/manual/nixos/stable/#module-services-prometheus-exporters + # https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/services/monitoring/prometheus/default.nix + services.prometheus.exporters.node = { + enable = true; + port = 9000; + # https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/services/monitoring/prometheus/exporters.nix + enabledCollectors = [ "systemd" ]; + # /nix/store/zgsw0yx18v10xa58psanfabmg95nl2bb-node_exporter-1.8.1/bin/node_exporter --help + extraFlags = [ + "--collector.ethtool" + "--collector.softirqs" + "--collector.tcpstat" + #"--collector.wifi" + "--collector.filesystem.ignored-mount-points='/nix/store'"]; + }; + + # https://search.nixos.org/options?channel=24.05&from=200&size=50&sort=relevance&type=packages&query=services.prometheus.exporters + services.prometheus.exporters.systemd.enable = true; + services.prometheus.exporters.smartctl.enable = true; + services.prometheus.exporters.process.enable = true; +} \ No newline at end of file diff --git a/arm/pi5-1/readme.md b/arm/pi5-1/readme.md index 8d7023c..e9376ee 100644 --- a/arm/pi5-1/readme.md +++ b/arm/pi5-1/readme.md @@ -77,4 +77,13 @@ lrwxrwxrwx 1 das users 99 Jan 21 08:55 result -> /nix/store/z5bdj3iczgzm -rw-r--r-- 1 das users 1013224749 Jan 21 13:44 sda2.tar.gz ``` +dd if=/dev/mmcblk0 of=/dev/nvme0n1 bs=10MB oflag=dsync status=progress + +https://discourse.nixos.org/t/cross-compiling-building-a-flake-for-raspberry-pi-taking-too-long/51951/2 + + +https://nixos-and-flakes.thiscute.world/development/cross-platform-compilation + + +https://nixos-and-flakes.thiscute.world/development/cross-platform-compilation#cross-compilation \ No newline at end of file diff --git a/arm/pi5-1/services.ssh.nix b/arm/pi5-1/services.ssh.nix new file mode 100644 index 0000000..06741ae --- /dev/null +++ b/arm/pi5-1/services.ssh.nix @@ -0,0 +1,51 @@ +{ pkgs, config, ... }: +{ + # https://nixos.wiki/wiki/SSH + # https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/networking/ssh/sshd.nix + # https://github.com/NixOS/nixpkgs/blob/47457869d5b12bdd72303d6d2ba4bfcc26fe8531/nixos/modules/services/security/sshguard.nix + services.openssh = { + enable = true; + openFirewall = true; + settings = { + # default key algos: https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/networking/ssh/sshd.nix#L546 + # KexAlgorithms = [ + # "mlkem768x25519-sha256" + # "sntrup761x25519-sha512" + # "sntrup761x25519-sha512@openssh.com" + # "curve25519-sha256" + # "curve25519-sha256@libssh.org" + # "diffie-hellman-group-exchange-sha256" + # ]; + Ciphers = [ + "chacha20-poly1305@openssh.com" + "aes256-gcm@openssh.com" + "aes128-gcm@openssh.com" + # shortned default list + ]; + Macs = [ + "hmac-sha2-512-etm@openssh.com" + "hmac-sha2-256-etm@openssh.com" + "umac-128-etm@openssh.com" + ]; + # HostKeyAlgorithms = [ + # "ssh-ed25519-cert-v01@openssh.com" + # "sk-ssh-ed25519-cert-v01@openssh.com" + # "rsa-sha2-512-cert-v01@openssh.com" + # "rsa-sha2-256-cert-v01@openssh.com" + # "ssh-ed25519" + # "sk-ssh-ed25519@openssh.com" + # "rsa-sha2-512" + # "rsa-sha2-256" + # ]; + UsePAM = true; + KbdInteractiveAuthentication = true; + PermitRootLogin = "prohibit-password"; + PasswordAuthentication = false; + ChallengeResponseAuthentication = false; + X11Forwarding = false; + GatewayPorts = "no"; + }; + }; + + services.sshguard.enable = true; +} \ No newline at end of file diff --git a/arm/pi5-1/sysctl.nix b/arm/pi5-1/sysctl.nix new file mode 100644 index 0000000..b6fa4a8 --- /dev/null +++ b/arm/pi5-1/sysctl.nix @@ -0,0 +1,43 @@ +{ config, pkgs, ... }: + +{ + # https://www.kernel.org/doc/html/latest/networking/ip-sysctl.html + boot.kernel.sysctl = { + # detect dead connections more quickly + "net.ipv4.tcp_keepalive_intvl" = 30; + #net.ipv4.tcp_keepalive_intvl = 75 + "net.ipv4.tcp_keepalive_probes" = 4; + #net.ipv4.tcp_keepalive_probes = 9 + "net.ipv4.tcp_keepalive_time" = 120; + #net.ipv4.tcp_keepalive_time = 7200 + # 30 * 4 = 120 seconds. / 60 = 2 minutes + # default: 75 seconds * 9 = 675 seconds. /60 = 11.25 minutes + "net.ipv4.tcp_rmem" = "4096 1000000 16000000"; + "net.ipv4.tcp_wmem" = "4096 1000000 16000000"; + #net.ipv4.tcp_rmem = 4096 131072 6291456 + #net.ipv4.tcp_wmem = 4096 16384 4194304 + # https://github.com/torvalds/linux/blob/master/Documentation/networking/ip-sysctl.rst?plain=1#L1042 + # https://lwn.net/Articles/560082/ + "net.ipv4.tcp_notsent_lowat" = "131072"; + #net.ipv4.tcp_notsent_lowat = 4294967295 + # enable Enable reuse of TIME-WAIT sockets globally + "net.ipv4.tcp_tw_reuse" = 1; + #net.ipv4.tcp_tw_reuse=2 + "net.ipv4.tcp_timestamps" = 1; + "net.ipv4.tcp_ecn" = 1; + "net.core.default_qdisc" = "cake"; + "net.ipv4.tcp_congestion_control" = "cubic"; + #net.ipv4.tcp_congestion_control=bbr + "net.core.rmem_default" = 26214400; + "net.core.rmem_max" = 26214400; + "net.core.wmem_default" = 26214400; + "net.core.wmem_max" = 26214400; + #net.core.optmem_max = 20480 + #net.core.rmem_default = 212992 + #net.core.rmem_max = 212992 + #net.core.wmem_default = 212992 + #net.core.wmem_max = 212992 + "net.ipv4.ip_local_port_range" = "1025 65535"; + #net.ipv4.ip_local_port_range ="32768 60999" + }; +} \ No newline at end of file diff --git a/desktop/l/Makefile b/desktop/l/Makefile new file mode 100644 index 0000000..1e544ae --- /dev/null +++ b/desktop/l/Makefile @@ -0,0 +1,72 @@ +# +# nixos/laptops/l/Makefile +# +EXPECTED_HOSTNAME := l + +ACTUAL_HOSTNAME := $(shell hostname) + +all: check_hostname rebuild + +check_hostname: +ifeq ($(ACTUAL_HOSTNAME),$(EXPECTED_HOSTNAME)) + @echo "Hostnames match: $(ACTUAL_HOSTNAME)" +else + @echo "Error: Hostname does not match. Expected: $(EXPECTED_HOSTNAME), Got: $(ACTUAL_HOSTNAME)" + @exit 1 +endif + +rebuild: + sudo nixos-rebuild switch --flake . + +rebuild_t: + sudo nixos-rebuild switch --flake .#t + +#https://nixos.org/manual/nixos/unstable/index.html#sec-nix-network-issues +#nixos-rebuild switch --option binary-caches http://my-cache.example.org/ + +impure: + sudo nixos-rebuild switch --impure --flake . + +rebuild_trace: + sudo nixos-rebuild switch --show-trace --flake . + +update: + sudo nix flake update; + +rebuild_old: + # sudo cp ./flake.nix /etc/nixos/ + # sudo cp ./flake.lock /etc/nixos/ + # sudo cp ../../modules/* /etc/nixos/ + # sudo cp ./configuration.nix /etc/nixos/ + # #sudo cp ./home-manager.nix /etc/nixos/ + # sudo cp ./home.nix /etc/nixos/ + # sudo cp ./prometheus.nix /etc/nixos/ + # sudo cp ./*.nix /etc/nixos/ + # sudo nix-channel --update + # sudo nixos-rebuild switch + #sudo cp ./* /etc/nixos/ + sudo nix flake update; + #sudo nix-channel --update; + sudo nixos-rebuild switch --flake . + +update_oldm.: + sudo nix-channel --update + sudo nixos-rebuild switch + #nix-shell -p vim + +restart_display_manager: + sudo systemctl restart display-manager.service + +#ls -l /run/opengl-driver/lib/gbm/ +#readlink /run/opengl-driver/lib/gbm/dri_gbm.so +#glxinfo | grep -i 'renderer' + +#journalctl -b | grep -Ei 'X.*fatal|gdm|wayland|mesa|amdgpu' --no-pager +#less /var/log/Xorg.0.log + +#nix-shell -p mesa-demos +#glxinfo | grep -i opengl + +# cat configuration.nix | grep -A 20 "hardware.graphics =" + +# end diff --git a/desktop/l/configuration.nix b/desktop/l/configuration.nix new file mode 100644 index 0000000..4bc55c8 --- /dev/null +++ b/desktop/l/configuration.nix @@ -0,0 +1,302 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running 'nixos-help'). + +# sudo nixos-rebuild switch +# sudo nix-channel --update +# nix-shell -p vim +# nmcli device wifi connect MYSSID password PWORD +# systemctl restart display-manager.service + +{ + inputs, + config, + pkgs, + lib, + ... +}: + +{ + # https://nixos.wiki/wiki/NixOS_modules + # https://nixos-and-flakes.thiscute.world/nixos-with-flakes/start-using-home-manager + imports = + [ + ./hardware-configuration.nix + #./hardware-graphics.nix + ./sysctl.nix + ./wireless_desktop.nix + ./locale.nix + ./hosts.nix + ./firewall.nix + #./systemdSystem.nix + ./systemPackages.nix + # home manager is imported in the flake + #./home.nix + ./nodeExporter.nix + ./prometheus.nix + ./grafana.nix + # clickhouse + #./docker-compose.nix + ./docker-daemon.nix + #./smokeping.nix + ./distributed-builds.nix + ./hyprland.nix + ]; + + boot = { + loader.systemd-boot = { + enable = true; + consoleMode = "max"; + memtest86.enable = true; + }; + + loader.efi.canTouchEfiVariables = true; + + # https://nixos.wiki/wiki/Linux_kernel + #kernelPackages = pkgs.linuxPackages; # need to run this old kernel to allow nvidia driver to compile :( + #kernelPackages = pkgs.linuxPackages; + kernelPackages = pkgs.linuxPackages_latest; + #boot.kernelPackages = pkgs.linuxPackages_rpi4 + + # # https://github.com/tolgaerok/nixos-2405-gnome/blob/main/core/boot/efi/efi.nix#L56C5-L56C21 + # kernelParams = [ + # "nvidia-drm.modeset=1" + # "nvidia-drm.fbdev=1" + # # https://www.reddit.com/r/NixOS/comments/u5l3ya/cant_start_x_in_nixos/?rdt=56160 + # #"nomodeset" + # ]; + + initrd.kernelModules = [ + "amdgpu" + ]; + + blacklistedKernelModules = [ + "nouveau" + #"i915" + ]; + + # https://wiki.nixos.org/wiki/NixOS_on_ARM/Building_Images#Compiling_through_binfmt_QEMU + # https://nixos.org/manual/nixos/stable/options#opt-boot.binfmt.emulatedSystems + binfmt.emulatedSystems = [ "aarch64-linux" "riscv64-linux" ]; + + extraModulePackages = [ + config.boot.kernelPackages.v4l2loopback + ]; + + extraModprobeConfig = '' + options kvm_intel nested=1 + options v4l2loopback devices=1 video_nr=1 card_label="OBS Cam" exclusive_caps=1 + ''; + }; + + # https://fzakaria.com/2025/02/26/nix-pragmatism-nix-ld-and-envfs + # Enable nix-ld for better compatibility with non-Nix binaries + programs.nix-ld = { + enable = true; + # Add commonly needed libraries + libraries = with pkgs; [ + stdenv.cc.cc.lib + zlib + libxml2 + # Add more libraries as needed + ]; + }; + + # Enable envfs for better compatibility with FHS expectations + services.envfs = { + enable = true; + }; + + # For OBS + security.polkit.enable = true; + + nix = { + settings = { + auto-optimise-store = true; + experimental-features = [ "nix-command" "flakes" ]; + download-buffer-size = "500000000"; + }; + gc = { + automatic = true; # Enable automatic execution of the task + dates = "daily"; # Schedule the task to run daily + options = "--delete-older-than 10d"; # Specify options for the task: delete files older than 10 days + randomizedDelaySec = "14m"; # Introduce a randomized delay of up to 14 minutes before executing the task + }; + }; + + # https://nixos.wiki/wiki/Networking + networking.hostName = "l"; + + time.timeZone = "America/Los_Angeles"; + + services.udev.packages = [ pkgs.gnome-settings-daemon ]; + # services.udev.packages = [ pkgs.gnome.gnome-settings-daemon ]; + + # # https://nixos.wiki/wiki/NixOS_Wiki:Audio + # services.pulseaudio.enable = false; # Use Pipewire, the modern sound subsystem + + security.rtkit.enable = true; # Enable RealtimeKit for audio purposes + + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + # Uncomment the following line if you want to use JACK applications + # jack.enable = true; + }; + + services.openssh.enable = true; + programs.ssh.extraConfig = '' + Host hp4.home + PubkeyAcceptedKeyTypes ssh-ed25519 + ServerAliveInterval 60 + IPQoS throughput + ''; + + services.lldpd.enable = true; + services.timesyncd.enable = true; + services.fstrim.enable = true; + services.avahi = { + enable = true; + nssmdns4 = true; + ipv4 = true; + ipv6 = true; + openFirewall = true; + }; + + services.bpftune.enable = true; + # Enable touchpad support (enabled default in most desktopManager). + # services.libinput.enable = true; + + # https://nixos.wiki/wiki/Printing + services.printing.enable = true; + + # https://wiki.nixos.org/wiki/Flameshot + # services.flameshot = { + # enable = true; + # settings.General = { + # showStartupLaunchMessage = false; + # saveLastRegion = true; + # }; + # }; + + systemd.services.modem-manager.enable = false; + systemd.services."dbus-org.freedesktop.ModemManager1".enable = false; + + services.clickhouse.enable = false; + + # environment.variables defined in hardware-graphics.nix + environment.sessionVariables = { + TERM = "xterm-256color"; + #MY_VARIABLE = "my-value"; + }; + + users.users.das = { + isNormalUser = true; + description = "das"; + extraGroups = [ "wheel" "networkmanager" "kvm" "libvirtd" "docker" "video" ]; + packages = with pkgs; [ + ]; + # https://nixos.wiki/wiki/SSH_public_key_authentication + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGMCFUMSCFJX95eLfm7P9r72NBp9I1FiXwNwJ+x/HGPV das@t" + ]; + }; + + # package moved to systemPackages.nix + # environment.systemPackages = with pkgs; [ + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.mtr.enable = true; + + programs.gnupg.agent = { + enable = true; + enableSSHSupport = true; + }; + + hardware.graphics = { + enable = true; # auto includes mesa + package = pkgs.mesa; + extraPackages = with pkgs; [ + libglvnd + libva-vdpau-driver + libvdpau-va-gl + rocmPackages.clr.icd + ]; + }; + services.xserver = { + enable = true; + videoDrivers = [ "amdgpu" ]; + xkb = { + layout = "us"; + variant = ""; + }; + }; + + services.desktopManager.gnome.enable = true; + services.displayManager.gdm.enable = true; + + # https://nixos.wiki/wiki/AMD_GPU + systemd.tmpfiles.rules = [ + "L+ /opt/rocm/hip - - - - ${pkgs.rocmPackages.clr}" + ]; + systemd.services.lactd.wantedBy = [ "multi-user.target" ]; + + xdg.portal = { + enable = true; + extraPortals = with pkgs; [ xdg-desktop-portal-gtk ]; + config.common.default = "gtk"; + }; + + # # https://wiki.hyprland.org/Nix/Hyprland-on-NixOS/ + # programs.hyprland = { + # enable = true; + # xwayland.enable = true; + # }; + + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + # # https://nixos.wiki/wiki/Podman + # virtualisation.podman = { + # enable = true; + # dockerCompat = true; + # defaultNetwork.settings.dns_enabled = true; + # autoPrune.enable = true; + # }; + # #virtualisation.oci-containers.backend = "podman"; + # # virtualisation.oci-containers.containers = { + # # container-name = { + # # image = "container-image"; + # # autoStart = true; + # # ports = [ "127.0.0.1:1234:1234" ]; + # # }; + # # }; + + # https://nixos.wiki/wiki/Virt-manager + virtualisation.libvirtd.enable = true; + programs.virt-manager.enable = true; + virtualisation.spiceUSBRedirection.enable = true; + + virtualisation.containers = { + ociSeccompBpfHook.enable = true; + }; + + # guest + # services.qemuGuest.enable = true; + # services.spice-vdagentd.enable = true; + + # https://wiki.nixos.org/wiki/Laptop + + system.stateVersion = "24.11"; + + nixpkgs.config = { + allowUnfree = true; + }; + +} diff --git a/desktop/l/debug b/desktop/l/debug new file mode 100644 index 0000000..b06ba55 --- /dev/null +++ b/desktop/l/debug @@ -0,0 +1,300 @@ +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: X.Org ANSI C Emulation: 0.4 +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: X.Org Video Driver: 25.2 +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: X.Org XInput driver : 24.4 +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: X.Org Server Extension : 10.0 +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (++) using VT number 7 +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (II) systemd-logind: took control of session /org/freedesktop/login1/session/c23 +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (II) xfree86: Adding drm device (/dev/dri/card1) +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (II) Platform probe for /sys/devices/pci0000:60/0000:60:03.1/0000:61:00.0/0000:62:00.0/0000:63:00.0/drm/card1 +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (II) systemd-logind: got fd for /dev/dri/card1 226:1 fd 14 paused 0 +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (--) PCI:*(99@0:0:0) 1002:7312:1002:031e rev 0, Mem @ 0x13e00000000/8589934592, 0x14000000000/268435456, 0xcde00000/524288, I/O @ 0x0000f000/256, BIOS @ 0x????????/131072 +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (WW) Open ACPI failed (/var/run/acpid.socket) (No such file or directory) +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (II) "glx" will be loaded by default. +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (II) LoadModule: "glx" +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (II) Loading /nix/store/j93m21y17jbs7sa380gdyv5236q27rss-xorg-server-21.1.16/lib/xorg/modules/extensions/libglx.so +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (II) Module glx: vendor="X.Org Foundation" +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: compiled for 1.21.1.16, module version = 1.0.0 +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: ABI class: X.Org Server Extension, version 10.0 +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (II) LoadModule: "amdgpu" +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (II) Loading /nix/store/1syfpzn0s39fh62xcq5jaahar619gbds-xf86-video-amdgpu-23.0.0/lib/xorg/modules/drivers/amdgpu_drv.so +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (II) Module amdgpu: vendor="X.Org Foundation" +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: compiled for 1.21.1.16, module version = 23.0.0 +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: Module class: X.Org Video Driver +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: ABI class: X.Org Video Driver, version 25.2 +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (II) AMDGPU: Driver for AMD Radeon: +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: All GPUs supported by the amdgpu kernel driver +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (WW) VGA arbiter: cannot open kernel arbiter, no multi-card support +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (II) AMDGPU(0): Creating default Display subsection in Screen section +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: "Screen-amdgpu[0]" for depth/fbbpp 24/32 +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (==) AMDGPU(0): Depth 24, (--) framebuffer bpp 32 +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (II) AMDGPU(0): Pixel depth = 24 bits stored in 4 bytes (32 bpp pixmaps) +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (==) AMDGPU(0): Default visual is TrueColor +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (==) AMDGPU(0): RGB weight 888 +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (II) AMDGPU(0): Using 8 bits per RGB (8 bit DAC) +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (--) AMDGPU(0): Chipset: "AMD Radeon Pro W5700" (ChipID = 0x7312) +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (II) Loading sub module "fb" +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (II) LoadModule: "fb" +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (II) Module "fb" already built-in +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (II) Loading sub module "dri2" +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (II) LoadModule: "dri2" +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (II) Module "dri2" already built-in +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (II) Loading sub module "glamoregl" +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (II) LoadModule: "glamoregl" +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (II) Loading /nix/store/j93m21y17jbs7sa380gdyv5236q27rss-xorg-server-21.1.16/lib/xorg/modules/libglamoregl.so +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (II) Module glamoregl: vendor="X.Org Foundation" +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: compiled for 1.21.1.16, module version = 1.0.1 +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: ABI class: X.Org ANSI C Emulation, version 0.4 +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (EE) +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (EE) Backtrace: +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (EE) 0: /nix/store/j93m21y17jbs7sa380gdyv5236q27rss-xorg-server-21.1.16/bin/X (OsSigHandler+0x33) [0x5c35e3] +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (EE) unw_get_proc_name failed: no unwind info found [-10] +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (EE) 1: /nix/store/p9kdj55g5l39nbrxpjyz5wc1m0s7rzsx-glibc-2.40-66/lib/libc.so.6 (?+0x0) [0x7f321be49620] +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (EE) +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (EE) Segmentation fault at address 0x0 +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (EE) +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: Fatal server error: +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (EE) Caught signal 11 (Segmentation fault). Server aborting +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (EE) +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (EE) +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: Please consult the The X.Org Foundation support +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: at http://wiki.x.org +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: for help. +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (EE) Please also check the log file at "/dev/null" for additional information. +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (EE) +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (EE) Server terminated with error (1). Closing log file. + Module libdrm_amdgpu.so.1 without build-id. + Module amdgpu_drv.so without build-id. + #5 0x00000000005ccd95 FatalError (Xorg + 0x1ccd95) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54128]: Unable to run X server +Jun 02 13:22:24 l gdm[53976]: Gdm: GdmDisplay: Session never registered, failing +Jun 02 13:22:24 l gdm[53976]: Gdm: Child process -54128 was already dead. +Jun 02 13:22:24 l gdm[53976]: Gdm: GdmDisplay: Session never registered, failing +Jun 02 13:22:24 l gdm[53976]: Gdm: Child process -54128 was already dead. +Jun 02 13:22:24 l systemd-logind[1623]: New session c24 of user gdm. +Jun 02 13:22:24 l systemd[1]: Started Session c24 of User gdm. +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: X.Org X Server 1.21.1.16 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: X Protocol Version 11, Revision 0 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: Current Operating System: Linux l 6.12.25 #1-NixOS SMP PREEMPT_DYNAMIC Fri Apr 25 08:48:08 UTC 2025 x86_64 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: Kernel command line: initrd=\EFI\nixos\ddwdrb723gkjnw86zlcpzdzns53599kb-initrd-linux-6.12.25-initrd.efi init=/nix/store/zgv335j605i6kzm2r7hfca41029fdi12-nixos-system-l-24.11.20250502.bf3287d/init loglevel=4 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: Current version of pixman: 0.43.4 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: Before reporting problems, check http://wiki.x.org +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: to make sure that you have the latest version. +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: Markers: (--) probed, (**) from config file, (==) default setting, +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (++) from command line, (!!) notice, (II) informational, +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (WW) warning, (EE) error, (NI) not implemented, (??) unknown. +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (++) Log file: "/dev/null", Time: Mon Jun 2 13:22:24 2025 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (++) Using config file: "/nix/store/fym223impgdfyvxh0cpk9vnrk0lywbxm-xserver.conf" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (==) Using config directory: "/etc/X11/xorg.conf.d" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (==) Using system config directory "/nix/store/j93m21y17jbs7sa380gdyv5236q27rss-xorg-server-21.1.16/share/X11/xorg.conf.d" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (==) ServerLayout "Layout[all]" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (**) |-->Screen "Screen-amdgpu[0]" (0) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (**) | |-->Monitor "" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (**) | |-->Device "Device-amdgpu[0]" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (==) No monitor specified for screen "Screen-amdgpu[0]". +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: Using a default monitor configuration. +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (**) Option "DontZap" "on" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (**) Option "AllowMouseOpenFail" "on" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (**) Allowing byte-swapped clients +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (==) Automatically adding devices +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (==) Automatically enabling devices +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (==) Automatically adding GPU devices +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (==) Automatically binding GPU devices +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (==) Max clients allowed: 256, resource mask: 0x1fffff +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (**) FontPath set to: +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: /nix/store/xh83kpkqq7xvqyqlc7j4gmphf6jc8g5f-font-cursor-misc-1.0.4/lib/X11/fonts/misc, +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: /nix/store/p8zdmv713rmrjv0qdxv58cmy0nh427w3-font-misc-misc-1.1.3/lib/X11/fonts/misc, +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: /nix/store/lc9l1wg361h0zrw1hcv78aygzcyxsa88-unifont-16.0.01/share/fonts, +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: /nix/store/42350zvqxga4vfwdaky5mjhjrfh00y0m-font-adobe-100dpi-1.0.4/lib/X11/fonts/100dpi, +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: /nix/store/brzcaxpd0bq424cd7wqd59bvxfhxpmny-font-adobe-75dpi-1.0.4/lib/X11/fonts/75dpi +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (**) ModulePath set to "/nix/store/1syfpzn0s39fh62xcq5jaahar619gbds-xf86-video-amdgpu-23.0.0/lib/xorg/modules,/nix/store/j93m21y17jbs7sa380gdyv5236q27rss-xorg-server-21.1.16/lib/xorg/modules,/nix/store/1dx1w0hkdaycrcyjpwyq4i1nc0j6my36-xf86-input-evdev-2.11.0/lib/xorg/modules,/nix/store/hc4vy0scpvr0k10bm1sjqn40qql1725r-xf86-input-libinput-1.5.0/lib/xorg/modules" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) The server relies on udev to provide the list of input devices. +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: If no devices become available, reconfigure udev or disable AutoAddDevices. +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) Loader magic: 0x64fe40 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) Module ABI versions: +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: X.Org ANSI C Emulation: 0.4 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: X.Org Video Driver: 25.2 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: X.Org XInput driver : 24.4 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: X.Org Server Extension : 10.0 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (++) using VT number 7 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) systemd-logind: took control of session /org/freedesktop/login1/session/c24 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) xfree86: Adding drm device (/dev/dri/card1) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) Platform probe for /sys/devices/pci0000:60/0000:60:03.1/0000:61:00.0/0000:62:00.0/0000:63:00.0/drm/card1 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) systemd-logind: got fd for /dev/dri/card1 226:1 fd 14 paused 0 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (--) PCI:*(99@0:0:0) 1002:7312:1002:031e rev 0, Mem @ 0x13e00000000/8589934592, 0x14000000000/268435456, 0xcde00000/524288, I/O @ 0x0000f000/256, BIOS @ 0x????????/131072 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (WW) Open ACPI failed (/var/run/acpid.socket) (No such file or directory) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) "glx" will be loaded by default. +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) LoadModule: "glx" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) Loading /nix/store/j93m21y17jbs7sa380gdyv5236q27rss-xorg-server-21.1.16/lib/xorg/modules/extensions/libglx.so +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) Module glx: vendor="X.Org Foundation" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: compiled for 1.21.1.16, module version = 1.0.0 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: ABI class: X.Org Server Extension, version 10.0 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) LoadModule: "amdgpu" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) Loading /nix/store/1syfpzn0s39fh62xcq5jaahar619gbds-xf86-video-amdgpu-23.0.0/lib/xorg/modules/drivers/amdgpu_drv.so +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) Module amdgpu: vendor="X.Org Foundation" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: compiled for 1.21.1.16, module version = 23.0.0 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: Module class: X.Org Video Driver +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: ABI class: X.Org Video Driver, version 25.2 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) AMDGPU: Driver for AMD Radeon: +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: All GPUs supported by the amdgpu kernel driver +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (WW) VGA arbiter: cannot open kernel arbiter, no multi-card support +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) AMDGPU(0): Creating default Display subsection in Screen section +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: "Screen-amdgpu[0]" for depth/fbbpp 24/32 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (==) AMDGPU(0): Depth 24, (--) framebuffer bpp 32 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) AMDGPU(0): Pixel depth = 24 bits stored in 4 bytes (32 bpp pixmaps) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (==) AMDGPU(0): Default visual is TrueColor +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (==) AMDGPU(0): RGB weight 888 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) AMDGPU(0): Using 8 bits per RGB (8 bit DAC) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (--) AMDGPU(0): Chipset: "AMD Radeon Pro W5700" (ChipID = 0x7312) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) Loading sub module "fb" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) LoadModule: "fb" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) Module "fb" already built-in +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) Loading sub module "dri2" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) LoadModule: "dri2" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) Module "dri2" already built-in +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) Loading sub module "glamoregl" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) LoadModule: "glamoregl" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) Loading /nix/store/j93m21y17jbs7sa380gdyv5236q27rss-xorg-server-21.1.16/lib/xorg/modules/libglamoregl.so +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) Module glamoregl: vendor="X.Org Foundation" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: compiled for 1.21.1.16, module version = 1.0.1 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: ABI class: X.Org ANSI C Emulation, version 0.4 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (EE) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (EE) Backtrace: +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (EE) 0: /nix/store/j93m21y17jbs7sa380gdyv5236q27rss-xorg-server-21.1.16/bin/X (OsSigHandler+0x33) [0x5c35e3] +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (EE) unw_get_proc_name failed: no unwind info found [-10] +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (EE) 1: /nix/store/p9kdj55g5l39nbrxpjyz5wc1m0s7rzsx-glibc-2.40-66/lib/libc.so.6 (?+0x0) [0x7fbd5d795620] +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (EE) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (EE) Segmentation fault at address 0x0 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (EE) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: Fatal server error: +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (EE) Caught signal 11 (Segmentation fault). Server aborting +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (EE) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (EE) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: Please consult the The X.Org Foundation support +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: at http://wiki.x.org +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: for help. +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (EE) Please also check the log file at "/dev/null" for additional information. +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (EE) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (EE) Server terminated with error (1). Closing log file. + Module libdrm_amdgpu.so.1 without build-id. + Module amdgpu_drv.so without build-id. + #5 0x00000000005ccd95 FatalError (Xorg + 0x1ccd95) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54157]: Unable to run X server +Jun 02 13:22:24 l gdm[53976]: Gdm: GdmDisplay: Session never registered, failing +Jun 02 13:22:24 l gdm[53976]: Gdm: Child process -54157 was already dead. +Jun 02 13:22:24 l gdm[53976]: Gdm: GdmDisplay: Session never registered, failing +Jun 02 13:22:24 l gdm[53976]: Gdm: Child process -54157 was already dead. +Jun 02 13:22:24 l systemd-logind[1623]: New session c25 of user gdm. +Jun 02 13:22:24 l systemd[1]: Started Session c25 of User gdm. +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: X.Org X Server 1.21.1.16 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: X Protocol Version 11, Revision 0 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: Current Operating System: Linux l 6.12.25 #1-NixOS SMP PREEMPT_DYNAMIC Fri Apr 25 08:48:08 UTC 2025 x86_64 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: Kernel command line: initrd=\EFI\nixos\ddwdrb723gkjnw86zlcpzdzns53599kb-initrd-linux-6.12.25-initrd.efi init=/nix/store/zgv335j605i6kzm2r7hfca41029fdi12-nixos-system-l-24.11.20250502.bf3287d/init loglevel=4 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: Current version of pixman: 0.43.4 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: Before reporting problems, check http://wiki.x.org +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: to make sure that you have the latest version. +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: Markers: (--) probed, (**) from config file, (==) default setting, +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (++) from command line, (!!) notice, (II) informational, +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (WW) warning, (EE) error, (NI) not implemented, (??) unknown. +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (++) Log file: "/dev/null", Time: Mon Jun 2 13:22:24 2025 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (++) Using config file: "/nix/store/fym223impgdfyvxh0cpk9vnrk0lywbxm-xserver.conf" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (==) Using config directory: "/etc/X11/xorg.conf.d" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (==) Using system config directory "/nix/store/j93m21y17jbs7sa380gdyv5236q27rss-xorg-server-21.1.16/share/X11/xorg.conf.d" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (==) ServerLayout "Layout[all]" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (**) |-->Screen "Screen-amdgpu[0]" (0) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (**) | |-->Monitor "" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (**) | |-->Device "Device-amdgpu[0]" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (==) No monitor specified for screen "Screen-amdgpu[0]". +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: Using a default monitor configuration. +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (**) Option "DontZap" "on" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (**) Option "AllowMouseOpenFail" "on" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (**) Allowing byte-swapped clients +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (==) Automatically adding devices +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (==) Automatically enabling devices +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (==) Automatically adding GPU devices +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (==) Automatically binding GPU devices +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (==) Max clients allowed: 256, resource mask: 0x1fffff +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (**) FontPath set to: +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: /nix/store/xh83kpkqq7xvqyqlc7j4gmphf6jc8g5f-font-cursor-misc-1.0.4/lib/X11/fonts/misc, +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: /nix/store/p8zdmv713rmrjv0qdxv58cmy0nh427w3-font-misc-misc-1.1.3/lib/X11/fonts/misc, +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: /nix/store/lc9l1wg361h0zrw1hcv78aygzcyxsa88-unifont-16.0.01/share/fonts, +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: /nix/store/42350zvqxga4vfwdaky5mjhjrfh00y0m-font-adobe-100dpi-1.0.4/lib/X11/fonts/100dpi, +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: /nix/store/brzcaxpd0bq424cd7wqd59bvxfhxpmny-font-adobe-75dpi-1.0.4/lib/X11/fonts/75dpi +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (**) ModulePath set to "/nix/store/1syfpzn0s39fh62xcq5jaahar619gbds-xf86-video-amdgpu-23.0.0/lib/xorg/modules,/nix/store/j93m21y17jbs7sa380gdyv5236q27rss-xorg-server-21.1.16/lib/xorg/modules,/nix/store/1dx1w0hkdaycrcyjpwyq4i1nc0j6my36-xf86-input-evdev-2.11.0/lib/xorg/modules,/nix/store/hc4vy0scpvr0k10bm1sjqn40qql1725r-xf86-input-libinput-1.5.0/lib/xorg/modules" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) The server relies on udev to provide the list of input devices. +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: If no devices become available, reconfigure udev or disable AutoAddDevices. +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) Loader magic: 0x64fe40 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) Module ABI versions: +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: X.Org ANSI C Emulation: 0.4 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: X.Org Video Driver: 25.2 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: X.Org XInput driver : 24.4 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: X.Org Server Extension : 10.0 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (++) using VT number 7 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) systemd-logind: took control of session /org/freedesktop/login1/session/c25 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) xfree86: Adding drm device (/dev/dri/card1) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) Platform probe for /sys/devices/pci0000:60/0000:60:03.1/0000:61:00.0/0000:62:00.0/0000:63:00.0/drm/card1 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) systemd-logind: got fd for /dev/dri/card1 226:1 fd 14 paused 0 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (--) PCI:*(99@0:0:0) 1002:7312:1002:031e rev 0, Mem @ 0x13e00000000/8589934592, 0x14000000000/268435456, 0xcde00000/524288, I/O @ 0x0000f000/256, BIOS @ 0x????????/131072 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (WW) Open ACPI failed (/var/run/acpid.socket) (No such file or directory) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) "glx" will be loaded by default. +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) LoadModule: "glx" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) Loading /nix/store/j93m21y17jbs7sa380gdyv5236q27rss-xorg-server-21.1.16/lib/xorg/modules/extensions/libglx.so +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) Module glx: vendor="X.Org Foundation" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: compiled for 1.21.1.16, module version = 1.0.0 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: ABI class: X.Org Server Extension, version 10.0 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) LoadModule: "amdgpu" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) Loading /nix/store/1syfpzn0s39fh62xcq5jaahar619gbds-xf86-video-amdgpu-23.0.0/lib/xorg/modules/drivers/amdgpu_drv.so +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) Module amdgpu: vendor="X.Org Foundation" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: compiled for 1.21.1.16, module version = 23.0.0 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: Module class: X.Org Video Driver +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: ABI class: X.Org Video Driver, version 25.2 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) AMDGPU: Driver for AMD Radeon: +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: All GPUs supported by the amdgpu kernel driver +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (WW) VGA arbiter: cannot open kernel arbiter, no multi-card support +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) AMDGPU(0): Creating default Display subsection in Screen section +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: "Screen-amdgpu[0]" for depth/fbbpp 24/32 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (==) AMDGPU(0): Depth 24, (--) framebuffer bpp 32 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) AMDGPU(0): Pixel depth = 24 bits stored in 4 bytes (32 bpp pixmaps) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (==) AMDGPU(0): Default visual is TrueColor +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (==) AMDGPU(0): RGB weight 888 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) AMDGPU(0): Using 8 bits per RGB (8 bit DAC) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (--) AMDGPU(0): Chipset: "AMD Radeon Pro W5700" (ChipID = 0x7312) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) Loading sub module "fb" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) LoadModule: "fb" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) Module "fb" already built-in +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) Loading sub module "dri2" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) LoadModule: "dri2" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) Module "dri2" already built-in +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) Loading sub module "glamoregl" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) LoadModule: "glamoregl" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) Loading /nix/store/j93m21y17jbs7sa380gdyv5236q27rss-xorg-server-21.1.16/lib/xorg/modules/libglamoregl.so +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) Module glamoregl: vendor="X.Org Foundation" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: compiled for 1.21.1.16, module version = 1.0.1 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: ABI class: X.Org ANSI C Emulation, version 0.4 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (EE) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (EE) Backtrace: +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (EE) 0: /nix/store/j93m21y17jbs7sa380gdyv5236q27rss-xorg-server-21.1.16/bin/X (OsSigHandler+0x33) [0x5c35e3] +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (EE) unw_get_proc_name failed: no unwind info found [-10] +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (EE) 1: /nix/store/p9kdj55g5l39nbrxpjyz5wc1m0s7rzsx-glibc-2.40-66/lib/libc.so.6 (?+0x0) [0x7f2325759620] +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (EE) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (EE) Segmentation fault at address 0x0 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (EE) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: Fatal server error: +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (EE) Caught signal 11 (Segmentation fault). Server aborting +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (EE) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (EE) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: Please consult the The X.Org Foundation support +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: at http://wiki.x.org +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: for help. +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (EE) Please also check the log file at "/dev/null" for additional information. +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (EE) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (EE) Server terminated with error (1). Closing log file. + Module libdrm_amdgpu.so.1 without build-id. + Module amdgpu_drv.so without build-id. + #5 0x00000000005ccd95 FatalError (Xorg + 0x1ccd95) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54186]: Unable to run X server +Jun 02 13:22:24 l gdm[53976]: Gdm: GdmDisplay: Session never registered, failing +Jun 02 13:22:24 l gdm[53976]: Gdm: GdmLocalDisplayFactory: maximum number of X display failures reached: check X server log for errors +Jun 02 13:22:24 l gdm[53976]: Gdm: Child process -54186 was already dead. +Jun 02 13:22:35 l (sd-pam)[53991]: pam_unix(systemd-user:session): session closed for user gdm diff --git a/desktop/l/distributed-builds.nix b/desktop/l/distributed-builds.nix new file mode 100644 index 0000000..cd2717d --- /dev/null +++ b/desktop/l/distributed-builds.nix @@ -0,0 +1,28 @@ +# +# latops/t/distributed-builds.nix +# +# https://nix.dev/tutorials/nixos/distributed-builds-setup.html#set-up-distributed-builds +# https://docs.nixbuild.net/getting-started/#quick-nixos-configuration +{ pkgs, ... }: +{ + nix.distributedBuilds = true; + nix.settings.builders-use-substitutes = true; + + nix.buildMachines = [ + { + hostName = "hp4.home"; + sshUser = "remotebuild"; + sshKey = "/root/.ssh/remotebuild"; + system = pkgs.stdenv.hostPlatform.system; + maxJobs = 100; + supportedFeatures = [ "nixos-test" "big-parallel" "kvm" ]; + } + ]; +} + +# https://docs.nixbuild.net/getting-started/#your-first-build +# nix-build \ +# --max-jobs 0 \ +# --builders "ssh://hp4 x86_64-linux - 100 1 big-parallel,benchmark" \ +# -I nixpkgs=channel:nixos-20.03 \ +# --expr '((import {}).runCommand "test${toString builtins.currentTime}" {} "echo Hello nixbuild.net; touch $out")' \ No newline at end of file diff --git a/desktop/l/docker-daemon.nix b/desktop/l/docker-daemon.nix new file mode 100644 index 0000000..fe72a86 --- /dev/null +++ b/desktop/l/docker-daemon.nix @@ -0,0 +1,27 @@ + +{ config, pkgs, ... }: + +{ + # https://nixos.wiki/wiki/Docker + # https://search.nixos.org/options?from=0&size=50&sort=alpha_asc&query=virtualisation.docker + # https://search.nixos.org/options?channel=24.05&show=virtualisation.docker.extraOptions&from=0&size=50&sort=alpha_asc&type=packages&query=virtualisation.docker + # https://github.com/NixOS/nixpkgs/issues/68349 + virtualisation.docker.enable = true; + virtualisation.docker.daemon.settings = { + data-root = "/home/das/docker/"; + userland-proxy = false; + experimental = true; + ipv6 = true; + fixed-cidr-v6 = "fd00::/80"; + metrics-addr = "0.0.0.0:9323"; + # log-driver = "json-file"; + # log-opts.max-size = "10m"; + # log-opts.max-file = "10"; + }; + #this doesn't work + #virtualisation.docker.daemon.settings.log-opts.max-size = "10m"; + # https://docs.docker.com/reference/cli/dockerd/ + #virtualisation.docker.extraOptions = "--userland-proxy=false"; + #virtualisation.docker.extraOptions = "--log-opt=max-size=10m"; + #virtualisation.docker.extraOptions = "--ipv6"; +} \ No newline at end of file diff --git a/desktop/l/firewall.nix b/desktop/l/firewall.nix new file mode 100644 index 0000000..449b44f --- /dev/null +++ b/desktop/l/firewall.nix @@ -0,0 +1,32 @@ +{ config, pkgs, ... }: + +{ + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + # https://nixos.wiki/wiki/Firewall + # https://scvalex.net/posts/54/ + # sudo nft --stateless list table filter + # sudo sudo iptables-save + networking.firewall = { + enable = false; + allowedTCPPorts = [ + 22 # ssh + 5001 # iperf2 + ]; + # allowedTCPPorts = [ 22 5001 ]; + # #allowedUDPPortRanges = [ + # # { from = 4000; to = 4007; } + # # { from = 8000; to = 8010; } + # #]; + # NixOS automagically creates stateful connection tracking, which we don't want + # for performance reasons + # extraCommands = '' + # iptables --delete nixos-fw -m conntrack --ctstate RELATED,ESTABLISHED -j nixos-fw-accept || true + # ''; + }; + # networking.firewall.interfaces."eth0".allowedTCPPorts = [ 80 443 ]; +} \ No newline at end of file diff --git a/desktop/l/flake.lock b/desktop/l/flake.lock new file mode 100644 index 0000000..dc661a5 --- /dev/null +++ b/desktop/l/flake.lock @@ -0,0 +1,505 @@ +{ + "nodes": { + "aquamarine": { + "inputs": { + "hyprutils": [ + "hyprland", + "hyprutils" + ], + "hyprwayland-scanner": [ + "hyprland", + "hyprwayland-scanner" + ], + "nixpkgs": [ + "hyprland", + "nixpkgs" + ], + "systems": [ + "hyprland", + "systems" + ] + }, + "locked": { + "lastModified": 1747864449, + "narHash": "sha256-PIjVAWghZhr3L0EFM2UObhX84UQxIACbON0IC0zzSKA=", + "owner": "hyprwm", + "repo": "aquamarine", + "rev": "389372c5f4dc1ac0e7645ed29a35fd6d71672ef5", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "aquamarine", + "type": "github" + } + }, + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "gitignore": { + "inputs": { + "nixpkgs": [ + "hyprland", + "pre-commit-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, + "home-manager": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1749160002, + "narHash": "sha256-IM3xKjsKxhu7Y1WdgTltrLKiOJS8nW7D4SUDEMNr7CI=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "68cc9eeb3875ae9682c04629f20738e1e79d72aa", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "hyprcursor": { + "inputs": { + "hyprlang": [ + "hyprland", + "hyprlang" + ], + "nixpkgs": [ + "hyprland", + "nixpkgs" + ], + "systems": [ + "hyprland", + "systems" + ] + }, + "locked": { + "lastModified": 1745948457, + "narHash": "sha256-lzTV10FJTCGNtMdgW5YAhCAqezeAzKOd/97HbQK8GTU=", + "owner": "hyprwm", + "repo": "hyprcursor", + "rev": "ac903e80b33ba6a88df83d02232483d99f327573", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "hyprcursor", + "type": "github" + } + }, + "hyprgraphics": { + "inputs": { + "hyprutils": [ + "hyprland", + "hyprutils" + ], + "nixpkgs": [ + "hyprland", + "nixpkgs" + ], + "systems": [ + "hyprland", + "systems" + ] + }, + "locked": { + "lastModified": 1745015490, + "narHash": "sha256-apEJ9zoSzmslhJ2vOKFcXTMZLUFYzh1ghfB6Rbw3Low=", + "owner": "hyprwm", + "repo": "hyprgraphics", + "rev": "60754910946b4e2dc1377b967b7156cb989c5873", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "hyprgraphics", + "type": "github" + } + }, + "hyprland": { + "inputs": { + "aquamarine": "aquamarine", + "hyprcursor": "hyprcursor", + "hyprgraphics": "hyprgraphics", + "hyprland-protocols": "hyprland-protocols", + "hyprland-qtutils": "hyprland-qtutils", + "hyprlang": "hyprlang", + "hyprutils": "hyprutils", + "hyprwayland-scanner": "hyprwayland-scanner", + "nixpkgs": "nixpkgs", + "pre-commit-hooks": "pre-commit-hooks", + "systems": "systems", + "xdph": "xdph" + }, + "locked": { + "lastModified": 1749155341, + "narHash": "sha256-KE7qwOLzIsPFnXKh4Z72NwAzP8ZdRxxQKthLGJ30YHM=", + "owner": "hyprwm", + "repo": "Hyprland", + "rev": "fb7548cb41d82f12db2d51b50af29abe4704a1a4", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "Hyprland", + "type": "github" + } + }, + "hyprland-plugins": { + "inputs": { + "hyprland": [ + "hyprland" + ], + "nixpkgs": [ + "hyprland-plugins", + "hyprland", + "nixpkgs" + ], + "systems": [ + "hyprland-plugins", + "hyprland", + "systems" + ] + }, + "locked": { + "lastModified": 1748526041, + "narHash": "sha256-QyUACXhQJ2+K0YxwEuAfpyCXqbdCCHj1jNAWJy+vUxw=", + "owner": "hyprwm", + "repo": "hyprland-plugins", + "rev": "2eee96fe52fa0923c0aae647eb7901b5b51df3db", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "hyprland-plugins", + "type": "github" + } + }, + "hyprland-protocols": { + "inputs": { + "nixpkgs": [ + "hyprland", + "nixpkgs" + ], + "systems": [ + "hyprland", + "systems" + ] + }, + "locked": { + "lastModified": 1743714874, + "narHash": "sha256-yt8F7NhMFCFHUHy/lNjH/pjZyIDFNk52Q4tivQ31WFo=", + "owner": "hyprwm", + "repo": "hyprland-protocols", + "rev": "3a5c2bda1c1a4e55cc1330c782547695a93f05b2", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "hyprland-protocols", + "type": "github" + } + }, + "hyprland-qt-support": { + "inputs": { + "hyprlang": [ + "hyprland", + "hyprland-qtutils", + "hyprlang" + ], + "nixpkgs": [ + "hyprland", + "hyprland-qtutils", + "nixpkgs" + ], + "systems": [ + "hyprland", + "hyprland-qtutils", + "systems" + ] + }, + "locked": { + "lastModified": 1737634706, + "narHash": "sha256-nGCibkfsXz7ARx5R+SnisRtMq21IQIhazp6viBU8I/A=", + "owner": "hyprwm", + "repo": "hyprland-qt-support", + "rev": "8810df502cdee755993cb803eba7b23f189db795", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "hyprland-qt-support", + "type": "github" + } + }, + "hyprland-qtutils": { + "inputs": { + "hyprland-qt-support": "hyprland-qt-support", + "hyprlang": [ + "hyprland", + "hyprlang" + ], + "hyprutils": [ + "hyprland", + "hyprland-qtutils", + "hyprlang", + "hyprutils" + ], + "nixpkgs": [ + "hyprland", + "nixpkgs" + ], + "systems": [ + "hyprland", + "systems" + ] + }, + "locked": { + "lastModified": 1745951494, + "narHash": "sha256-2dModE32doiyQMmd6EDAQeZnz+5LOs6KXyE0qX76WIg=", + "owner": "hyprwm", + "repo": "hyprland-qtutils", + "rev": "4be1d324faf8d6e82c2be9f8510d299984dfdd2e", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "hyprland-qtutils", + "type": "github" + } + }, + "hyprlang": { + "inputs": { + "hyprutils": [ + "hyprland", + "hyprutils" + ], + "nixpkgs": [ + "hyprland", + "nixpkgs" + ], + "systems": [ + "hyprland", + "systems" + ] + }, + "locked": { + "lastModified": 1747484975, + "narHash": "sha256-+LAQ81HBwG0lwshHlWe0kfWg4KcChIPpnwtnwqmnoEU=", + "owner": "hyprwm", + "repo": "hyprlang", + "rev": "163c83b3db48a17c113729c220a60b94596c9291", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "hyprlang", + "type": "github" + } + }, + "hyprutils": { + "inputs": { + "nixpkgs": [ + "hyprland", + "nixpkgs" + ], + "systems": [ + "hyprland", + "systems" + ] + }, + "locked": { + "lastModified": 1746635225, + "narHash": "sha256-W9G9bb0zRYDBRseHbVez0J8qVpD5QbizX67H/vsudhM=", + "owner": "hyprwm", + "repo": "hyprutils", + "rev": "674ea57373f08b7609ce93baff131117a0dfe70d", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "hyprutils", + "type": "github" + } + }, + "hyprwayland-scanner": { + "inputs": { + "nixpkgs": [ + "hyprland", + "nixpkgs" + ], + "systems": [ + "hyprland", + "systems" + ] + }, + "locked": { + "lastModified": 1747584298, + "narHash": "sha256-PH9qZqWLHvSBQiUnA0NzAyQA3tu2no2z8kz0ZeHWj4w=", + "owner": "hyprwm", + "repo": "hyprwayland-scanner", + "rev": "e511882b9c2e1d7a75d45d8fddd2160daeafcbc3", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "hyprwayland-scanner", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1748460289, + "narHash": "sha256-7doLyJBzCllvqX4gszYtmZUToxKvMUrg45EUWaUYmBg=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "96ec055edbe5ee227f28cdbc3f1ddf1df5965102", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1748929857, + "narHash": "sha256-lcZQ8RhsmhsK8u7LIFsJhsLh/pzR9yZ8yqpTzyGdj+Q=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "c2a03962b8e24e669fb37b7df10e7c79531ff1a4", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "pre-commit-hooks": { + "inputs": { + "flake-compat": "flake-compat", + "gitignore": "gitignore", + "nixpkgs": [ + "hyprland", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1747372754, + "narHash": "sha256-2Y53NGIX2vxfie1rOW0Qb86vjRZ7ngizoo+bnXU9D9k=", + "owner": "cachix", + "repo": "git-hooks.nix", + "rev": "80479b6ec16fefd9c1db3ea13aeb038c60530f46", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "git-hooks.nix", + "type": "github" + } + }, + "root": { + "inputs": { + "home-manager": "home-manager", + "hyprland": "hyprland", + "hyprland-plugins": "hyprland-plugins", + "nixpkgs": "nixpkgs_2" + } + }, + "systems": { + "locked": { + "lastModified": 1689347949, + "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", + "owner": "nix-systems", + "repo": "default-linux", + "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default-linux", + "type": "github" + } + }, + "xdph": { + "inputs": { + "hyprland-protocols": [ + "hyprland", + "hyprland-protocols" + ], + "hyprlang": [ + "hyprland", + "hyprlang" + ], + "hyprutils": [ + "hyprland", + "hyprutils" + ], + "hyprwayland-scanner": [ + "hyprland", + "hyprwayland-scanner" + ], + "nixpkgs": [ + "hyprland", + "nixpkgs" + ], + "systems": [ + "hyprland", + "systems" + ] + }, + "locked": { + "lastModified": 1745871725, + "narHash": "sha256-M24SNc2flblWGXFkGQfqSlEOzAGZnMc9QG3GH4K/KbE=", + "owner": "hyprwm", + "repo": "xdg-desktop-portal-hyprland", + "rev": "76bbf1a6b1378e4ab5230bad00ad04bc287c969e", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "xdg-desktop-portal-hyprland", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/desktop/l/flake.nix b/desktop/l/flake.nix new file mode 100644 index 0000000..947553c --- /dev/null +++ b/desktop/l/flake.nix @@ -0,0 +1,67 @@ +{ + description = "l Flake"; + + # https://nix.dev/manual/nix/2.24/command-ref/new-cli/nix3-flake.html#flake-inputs + inputs = { + nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; + + # https://nixos-and-flakes.thiscute.world/nixos-with-flakes/start-using-home-manager + home-manager = { + url = "github:nix-community/home-manager"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + hyprland.url = "github:hyprwm/Hyprland"; + hyprland-plugins = { + url = "github:hyprwm/hyprland-plugins"; + inputs.hyprland.follows = "hyprland"; + }; + }; + + #outputs = inputs@{ nixpkgs, home-manager, hyprland, ... }: + outputs = { self, nixpkgs, home-manager, hyprland, ... }: + let + system = "x86_64-linux"; + pkgs = import nixpkgs { + inherit system; + config = { + allowUnfree = true; + allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ + # "nvidia-x11" + # "nvidia-settings" + # "nvidia-persistenced" + "google-chrome" + "android-studio" + "android-studio-stable" + ]; + }; + }; + lib = nixpkgs.lib; + in { + nixosConfigurations = { + l = lib.nixosSystem rec { + inherit system; + specialArgs = { + inherit hyprland; + unstable = pkgs; + }; + modules = [ + ./configuration.nix + hyprland.nixosModules.default + home-manager.nixosModules.home-manager + { + # https://nix-community.github.io/home-manager/nixos-options.xhtml#nixos-opt-home-manager.useGlobalPkgs + #home-manager.useGlobalPkgs = true; # This disables the Home Manager options nixpkgs.*. + home-manager.useUserPackages = true; + home-manager.users.das = { config, pkgs, ... }: { + imports = [ + ./home.nix + ]; + }; + home-manager.extraSpecialArgs = specialArgs; + # see also: https://github.com/HeinzDev/Hyprland-dotfiles/blob/main/flake.nix + } + ]; + }; + }; + }; +} diff --git a/desktop/l/grafana.nix b/desktop/l/grafana.nix new file mode 100644 index 0000000..471b71d --- /dev/null +++ b/desktop/l/grafana.nix @@ -0,0 +1,23 @@ +{ config, pkgs, ... }: +{ + # https://nixos.wiki/wiki/Grafana + # https://search.nixos.org/options?query=services.grafana + # https://xeiaso.net/blog/prometheus-grafana-loki-nixos-2020-11-20/ + # https://grafana.com/grafana/dashboards/1860-node-exporter-full/ + services.grafana = { + enable = true; + settings = { + server = { + # Listening Address + http_addr = "0.0.0.0"; + # and Port + http_port = 3000; + # Grafana needs to know on which domain and URL it's running + #domain = "your.domain"; + #root_url = "https://your.domain/grafana/"; # Not needed if it is `https://your.domain/` + serve_from_sub_path = true; + enable_gzip = true; + }; + }; + }; +} \ No newline at end of file diff --git a/desktop/l/hardware-configuration.nix b/desktop/l/hardware-configuration.nix new file mode 100644 index 0000000..6608cdd --- /dev/null +++ b/desktop/l/hardware-configuration.nix @@ -0,0 +1,42 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/8722e7a6-a625-407f-9b1f-839bb52e7f8d"; + fsType = "ext4"; + }; + + boot.initrd.luks.devices."luks-67cf4e90-444f-4056-91a8-446fd6c42b09".device = "/dev/disk/by-uuid/67cf4e90-444f-4056-91a8-446fd6c42b09"; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/F732-675E"; + fsType = "vfat"; + options = [ "fmask=0077" "dmask=0077" ]; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/d762bfcb-e63b-47ad-ab8b-369c47e79833"; } + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/desktop/l/home-hyprland.nix b/desktop/l/home-hyprland.nix new file mode 100644 index 0000000..6ba1790 --- /dev/null +++ b/desktop/l/home-hyprland.nix @@ -0,0 +1,316 @@ +{ config, pkgs, ... }: + +{ + # Enable Hyprland + programs.hyprland = { + enable = true; + xwayland.enable = true; + }; + + # Enable XDG portal + xdg.portal = { + enable = true; + extraPortals = with pkgs; [ xdg-desktop-portal-gtk ]; + config.common.default = "gtk"; + }; + + # Hyprland window manager configuration + wayland.windowManager.hyprland = { + enable = true; + xwayland.enable = true; + extraConfig = '' + # Monitor configuration + monitor=,preferred,auto,1 + + # Execute-once startup commands + exec-once = waybar + exec-once = swaybg -i ~/.config/hypr/wallpaper.jpg + exec-once = hypridle + exec-once = wl-paste --type text --watch cliphist store + exec-once = wl-paste --type image --watch cliphist store + + # Input configuration + input { + kb_layout = us + kb_variant = + kb_model = + kb_options = + kb_rules = + + follow_mouse = 1 + touchpad { + natural_scroll = true + scroll_factor = 0.3 + } + sensitivity = 0 # -1.0 - 1.0, 0 means no modification. + } + + # General settings + general { + gaps_in = 5 + gaps_out = 10 + border_size = 2 + col.active_border = rgba(33ccffee) rgba(00ff99ee) 45deg + col.inactive_border = rgba(595959aa) + layout = dwindle + no_cursor_warps = true + } + + # Decoration settings + decoration { + rounding = 10 + blur { + enabled = true + size = 3 + passes = 1 + } + drop_shadow = true + shadow_range = 4 + shadow_render_power = 3 + col.shadow = rgba(1a1a1aee) + } + + # Animation settings + animations { + enabled = true + bezier = myBezier, 0.05, 0.9, 0.1, 1.05 + animation = windows, 1, 7, myBezier + animation = windowsOut, 1, 7, default, popin 80% + animation = border, 1, 10, default + animation = borderangle, 1, 8, default + animation = fade, 1, 7, default + animation = workspaces, 1, 6, default + } + + # Layout settings + dwindle { + pseudotile = true + preserve_split = true + } + + # Gesture settings + gestures { + workspace_swipe = true + workspace_swipe_fingers = 3 + } + + # Keybindings + bind = SUPER, Q, killactive, + bind = SUPER, RETURN, exec, ${pkgs.alacritty}/bin/alacritty + bind = SUPER, D, exec, wofi --show drun + bind = SUPER, F, fullscreen + bind = SUPER, H, movefocus, l + bind = SUPER, L, movefocus, r + bind = SUPER, K, movefocus, u + bind = SUPER, J, movefocus, d + bind = SUPER, left, movewindow, l + bind = SUPER, right, movewindow, r + bind = SUPER, up, movewindow, u + bind = SUPER, down, movewindow, d + bind = SUPER SHIFT, H, movewindow, l + bind = SUPER SHIFT, L, movewindow, r + bind = SUPER SHIFT, K, movewindow, u + bind = SUPER SHIFT, J, movewindow, d + bind = SUPER, 1, workspace, 1 + bind = SUPER, 2, workspace, 2 + bind = SUPER, 3, workspace, 3 + bind = SUPER, 4, workspace, 4 + bind = SUPER, 5, workspace, 5 + bind = SUPER, 6, workspace, 6 + bind = SUPER, 7, workspace, 7 + bind = SUPER, 8, workspace, 8 + bind = SUPER, 9, workspace, 9 + bind = SUPER, 0, workspace, 10 + bind = SUPER SHIFT, 1, movetoworkspace, 1 + bind = SUPER SHIFT, 2, movetoworkspace, 2 + bind = SUPER SHIFT, 3, movetoworkspace, 3 + bind = SUPER SHIFT, 4, movetoworkspace, 4 + bind = SUPER SHIFT, 5, movetoworkspace, 5 + bind = SUPER SHIFT, 6, movetoworkspace, 6 + bind = SUPER SHIFT, 7, movetoworkspace, 7 + bind = SUPER SHIFT, 8, movetoworkspace, 8 + bind = SUPER SHIFT, 9, movetoworkspace, 9 + bind = SUPER SHIFT, 0, movetoworkspace, 10 + bind = SUPER, mouse_down, workspace, e+1 + bind = SUPER, mouse_up, workspace, e-1 + bind = SUPER, period, togglespecialworkspace, magic + bind = SUPER SHIFT, period, movetoworkspace, special:magic + bind = SUPER, S, togglesplit, + bind = SUPER, P, pseudo, + bind = SUPER, V, togglefloating, + bind = SUPER, R, exec, wofi --show run + bind = SUPER, Print, exec, grimblast --notify copysave area + bind = SUPER SHIFT, Print, exec, grimblast --notify copysave screen + bind = SUPER, X, exec, wl-clipboard-manager + bind = SUPER, C, exec, cliphist list | wofi --dmenu | cliphist decode | wl-copy + ''; + }; + + # Waybar configuration + programs.waybar = { + enable = true; + settings = { + mainBar = { + layer = "top"; + position = "top"; + height = 30; + spacing = 4; + modules-left = [ + "hyprland/workspaces" + "hyprland/submap" + ]; + modules-center = [ + "hyprland/window" + ]; + modules-right = [ + "pulseaudio" + "network" + "cpu" + "memory" + "battery" + "clock" + ]; + "hyprland/workspaces" = { + format = "{name}"; + on-click = "activate"; + sort-by-number = true; + }; + "hyprland/window" = { + format = "{}"; + separate-outputs = true; + }; + "pulseaudio" = { + format = "{icon} {volume}%"; + format-muted = "🔇"; + format-icons = { + headphone = "🎧"; + handsfree = "📱"; + headset = "🎧"; + phone = "☎️"; + portable = "📱"; + car = "🚗"; + default = ["🔈" "🔉" "🔊"]; + }; + on-click = "pavucontrol"; + }; + "network" = { + format-wifi = "📶 {essid}"; + format-ethernet = "🌐 {ipaddr}/{cidr}"; + format-linked = "🌐 {ifname} (No IP)"; + format-disconnected = "⚠️ Disconnected"; + format-alt = "{ifname}: {ipaddr}/{cidr}"; + }; + "cpu" = { + format = "🖥️ {usage}%"; + tooltip-format = "{usage}% used"; + }; + "memory" = { + format = "🧠 {percentage}%"; + tooltip-format = "{used:0.1f}GB/{total:0.1f}GB used"; + }; + "battery" = { + states = { + warning = 30; + critical = 15; + }; + format = "{icon} {capacity}%"; + format-charging = "⚡ {capacity}%"; + format-plugged = "🔌 {capacity}%"; + format-icons = ["🔋" "🔋" "🔋" "🔋" "🔋"]; + }; + "clock" = { + format = "🕒 {:%H:%M}"; + format-alt = "🕒 {:%Y-%m-%d %H:%M}"; + tooltip-format = "{:%Y %B}\n{calendar}"; + }; + }; + }; + style = '' + * { + border: none; + border-radius: 0; + font-family: "JetBrainsMono Nerd Font"; + font-size: 13px; + font-weight: bold; + min-height: 0; + } + + window#waybar { + background: rgba(21, 18, 27, 0.8); + color: #cdd6f4; + } + + #workspaces button { + padding: 0 5px; + background: transparent; + color: #cdd6f4; + } + + #workspaces button:hover { + background: rgba(0, 0, 0, 0.2); + } + + #workspaces button.active { + background: #7aa2f7; + color: #1e1e2e; + } + + #workspaces button.urgent { + background: #f38ba8; + color: #1e1e2e; + } + + #battery, + #cpu, + #memory, + #network, + #pulseaudio, + #clock { + padding: 0 10px; + margin: 0 5px; + } + + #battery { + color: #a6e3a1; + } + + #battery.warning { + color: #f9e2af; + } + + #battery.critical { + color: #f38ba8; + } + + #network { + color: #89b4fa; + } + + #pulseaudio { + color: #cba6f7; + } + + #cpu { + color: #f5c2e7; + } + + #memory { + color: #fab387; + } + + #clock { + color: #89dceb; + } + ''; + }; + + # Ghostty configuration + programs.ghostty = { + enable = true; + settings = { + scrollback-sidebar = true; + scrollback-sidebar-width = 20; + scrollback-sidebar-position = "right"; + }; + }; +} \ No newline at end of file diff --git a/desktop/l/home.nix b/desktop/l/home.nix new file mode 100644 index 0000000..638fd40 --- /dev/null +++ b/desktop/l/home.nix @@ -0,0 +1,861 @@ +{ + hyprland, + config, + pkgs, + ... +}: + +{ + imports = [ + hyprland.homeManagerModules.default + ]; + + # Hyprland window manager configuration + wayland.windowManager.hyprland = { + enable = true; + xwayland.enable = true; + extraConfig = '' + # Monitor configuration + monitor=,preferred,auto,1 + + # Execute-once startup commands + exec-once = waybar + exec-once = swaybg -i ~/.config/hypr/wallpaper.jpg + exec-once = hypridle + exec-once = wl-paste --type text --watch cliphist store + exec-once = wl-paste --type image --watch cliphist store + + # Input configuration + input { + kb_layout = us + kb_variant = + kb_model = + kb_options = + kb_rules = + + follow_mouse = 1 + touchpad { + natural_scroll = true + scroll_factor = 0.3 + } + sensitivity = 0 # -1.0 - 1.0, 0 means no modification. + } + + # General settings + general { + gaps_in = 5 + gaps_out = 10 + border_size = 2 + col.active_border = rgba(33ccffee) rgba(00ff99ee) 45deg + col.inactive_border = rgba(595959aa) + layout = dwindle + no_cursor_warps = true + } + + # Decoration settings + decoration { + rounding = 10 + blur { + enabled = true + size = 3 + passes = 1 + } + drop_shadow = true + shadow_range = 4 + shadow_render_power = 3 + col.shadow = rgba(1a1a1aee) + } + + # Animation settings + animations { + enabled = true + bezier = myBezier, 0.05, 0.9, 0.1, 1.05 + animation = windows, 1, 7, myBezier + animation = windowsOut, 1, 7, default, popin 80% + animation = border, 1, 10, default + animation = borderangle, 1, 8, default + animation = fade, 1, 7, default + animation = workspaces, 1, 6, default + } + + # Layout settings + dwindle { + pseudotile = true + preserve_split = true + } + + # Gesture settings + gestures { + workspace_swipe = true + workspace_swipe_fingers = 3 + } + + # Keybindings + bind = SUPER, Q, killactive, + bind = SUPER, RETURN, exec, ${pkgs.alacritty}/bin/alacritty + bind = SUPER, D, exec, wofi --show drun + bind = SUPER, F, fullscreen + bind = SUPER, H, movefocus, l + bind = SUPER, L, movefocus, r + bind = SUPER, K, movefocus, u + bind = SUPER, J, movefocus, d + bind = SUPER, left, movewindow, l + bind = SUPER, right, movewindow, r + bind = SUPER, up, movewindow, u + bind = SUPER, down, movewindow, d + bind = SUPER SHIFT, H, movewindow, l + bind = SUPER SHIFT, L, movewindow, r + bind = SUPER SHIFT, K, movewindow, u + bind = SUPER SHIFT, J, movewindow, d + bind = SUPER, 1, workspace, 1 + bind = SUPER, 2, workspace, 2 + bind = SUPER, 3, workspace, 3 + bind = SUPER, 4, workspace, 4 + bind = SUPER, 5, workspace, 5 + bind = SUPER, 6, workspace, 6 + bind = SUPER, 7, workspace, 7 + bind = SUPER, 8, workspace, 8 + bind = SUPER, 9, workspace, 9 + bind = SUPER, 0, workspace, 10 + bind = SUPER SHIFT, 1, movetoworkspace, 1 + bind = SUPER SHIFT, 2, movetoworkspace, 2 + bind = SUPER SHIFT, 3, movetoworkspace, 3 + bind = SUPER SHIFT, 4, movetoworkspace, 4 + bind = SUPER SHIFT, 5, movetoworkspace, 5 + bind = SUPER SHIFT, 6, movetoworkspace, 6 + bind = SUPER SHIFT, 7, movetoworkspace, 7 + bind = SUPER SHIFT, 8, movetoworkspace, 8 + bind = SUPER SHIFT, 9, movetoworkspace, 9 + bind = SUPER SHIFT, 0, movetoworkspace, 10 + bind = SUPER, mouse_down, workspace, e+1 + bind = SUPER, mouse_up, workspace, e-1 + bind = SUPER, period, togglespecialworkspace, magic + bind = SUPER SHIFT, period, movetoworkspace, special:magic + bind = SUPER, S, togglesplit, + bind = SUPER, P, pseudo, + bind = SUPER, V, togglefloating, + bind = SUPER, R, exec, wofi --show run + bind = SUPER, Print, exec, grimblast --notify copysave area + bind = SUPER SHIFT, Print, exec, grimblast --notify copysave screen + bind = SUPER, X, exec, wl-clipboard-manager + bind = SUPER, C, exec, cliphist list | wofi --dmenu | cliphist decode | wl-copy + ''; + }; + + # Waybar configuration + programs.waybar = { + enable = true; + settings = { + mainBar = { + layer = "top"; + position = "top"; + height = 30; + spacing = 4; + modules-left = [ + "hyprland/workspaces" + "hyprland/submap" + ]; + modules-center = [ + "hyprland/window" + ]; + modules-right = [ + "pulseaudio" + "network" + "cpu" + "memory" + "battery" + "clock" + ]; + "hyprland/workspaces" = { + format = "{name}"; + on-click = "activate"; + sort-by-number = true; + }; + "hyprland/window" = { + format = "{}"; + separate-outputs = true; + }; + "pulseaudio" = { + format = "{icon} {volume}%"; + format-muted = "🔇"; + format-icons = { + headphone = "🎧"; + handsfree = "📱"; + headset = "🎧"; + phone = "☎️"; + portable = "📱"; + car = "🚗"; + default = ["🔈" "🔉" "🔊"]; + }; + on-click = "pavucontrol"; + }; + "network" = { + format-wifi = "📶 {essid}"; + format-ethernet = "🌐 {ipaddr}/{cidr}"; + format-linked = "🌐 {ifname} (No IP)"; + format-disconnected = "⚠️ Disconnected"; + format-alt = "{ifname}: {ipaddr}/{cidr}"; + }; + "cpu" = { + format = "🖥️ {usage}%"; + tooltip-format = "{usage}% used"; + }; + "memory" = { + format = "🧠 {percentage}%"; + tooltip-format = "{used:0.1f}GB/{total:0.1f}GB used"; + }; + "battery" = { + states = { + warning = 30; + critical = 15; + }; + format = "{icon} {capacity}%"; + format-charging = "⚡ {capacity}%"; + format-plugged = "🔌 {capacity}%"; + format-icons = ["🔋" "🔋" "🔋" "🔋" "🔋"]; + }; + "clock" = { + format = "🕒 {:%H:%M}"; + format-alt = "🕒 {:%Y-%m-%d %H:%M}"; + tooltip-format = "{:%Y %B}\n{calendar}"; + }; + }; + }; + style = '' + * { + border: none; + border-radius: 0; + font-family: "JetBrainsMono Nerd Font"; + font-size: 13px; + font-weight: bold; + min-height: 0; + } + + window#waybar { + background: rgba(21, 18, 27, 0.8); + color: #cdd6f4; + } + + #workspaces button { + padding: 0 5px; + background: transparent; + color: #cdd6f4; + } + + #workspaces button:hover { + background: rgba(0, 0, 0, 0.2); + } + + #workspaces button.active { + background: #7aa2f7; + color: #1e1e2e; + } + + #workspaces button.urgent { + background: #f38ba8; + color: #1e1e2e; + } + + #battery, + #cpu, + #memory, + #network, + #pulseaudio, + #clock { + padding: 0 10px; + margin: 0 5px; + } + + #battery { + color: #a6e3a1; + } + + #battery.warning { + color: #f9e2af; + } + + #battery.critical { + color: #f38ba8; + } + + #network { + color: #89b4fa; + } + + #pulseaudio { + color: #cba6f7; + } + + #cpu { + color: #f5c2e7; + } + + #memory { + color: #fab387; + } + + #clock { + color: #89dceb; + } + ''; + }; + + # Ghostty configuration + programs.ghostty = { + enable = true; + # settings = { + # settings doesn't work + }; + # https://ghostty.zerebos.com/app/import-export + # no scorllback limit + # https://github.com/ghostty-org/ghostty/issues/111 + xdg.configFile."ghostty/config.toml".text = '' + term = xterm-256color + scrollback-limit = 10000001 + image-storage-limit = 320000001 + clipboard-write = allow + window-subtitle = working-directory + background-opacity = 0.91 + background-blur = 20 + ''; + + home = { + username = "das"; + homeDirectory = "/home/das"; + }; + + # https://nix-community.github.io/home-manager/index.xhtml#ch-installation + #home-manager.users.das = { pkgs, ... }: { + + # https://nix-community.github.io/home-manager/options.xhtml#opt-home.sessionVariables + home.sessionVariables = { + #NIXPKGS_ALLOW_UNFREE = "1"; + ELECTRON_OZONE_PLATFORM_HINT = "auto"; + + QT_QPA_PLATFORM = "wayland"; + # GI_TYPELIB_PATH = "/run/current-system/sw/lib/girepository-1.0"; + # disable wayland + # NIXOS_OZONE_WL = "1"; + GOPRIVATE = "gitlab.com/sidenio/*"; + TERM = "xterm-256color"; + + #HTTP_PROXY = "http://hp4.home:3128"; + #HTTPS_PROXY = "http://hp4.home:3128"; + #NO_PROXY = "localhost,127.0.0.1,::1,172.16.0.0/16"; + # You can also use ALL_PROXY or FTP_PROXY if needed + # ALL_PROXY = "http://hp4:3128"; + }; + + home.packages = with pkgs; [ + # System/Info Tools + killall + hw-probe + lshw + hwloc + gparted + ncdu + neofetch + file + + # Hyprland related + waybar + swaybg + swaylock + wl-clipboard + wf-recorder + grimblast + hyprpaper + hyprpicker + hypridle + hyprlock + + # Terminal Multiplexers + tmux + screen + + # # LLVM/Clang toolchain (needed for race detection and C/C++ builds) + # llvmPackages_20.clang-tools + # llvmPackages_20.lld + + # # LLVM C++ Standard Library, compiler runtime, and unwind library + # #llvmPackages_20.stdenv + # llvmPackages_20.libcxxStdenv + # llvmPackages_20.libcxxClang + # llvmPackages_20.libcxx # Provides libc++.so, libc++.a (libraries) + # llvmPackages_20.libcxx.dev # Provides C++ headers + # # do NOT include llvm.libc-full, because it will override glibc + # #llvm.libc-full + # llvmPackages_20.compiler-rt # Provides libclang_rt.builtins*.a + # llvmPackages_20.compiler-rt.dev # Provides libclang_rt headers + # llvmPackages_20.libunwind # Provides libunwind for exception handling + # llvmPackages_20.libunwind.dev # Provides libunwind headers + + # llvmPackages_20.libclang llvmPackages_20.libclang.dev llvmPackages_20.libclang.lib + + # Essential development libraries (minimal headers) + glibc glibc.dev glibc.static + libgcc libgcc.lib + gcc-unwrapped gcc-unwrapped.lib gcc-unwrapped.libgcc + stdenv.cc.cc.lib + zlib.dev + openssl openssl.dev openssl.out + ncurses.dev + libyaml.dev + + # Build Tools + libgcc + # https://nixos.wiki/wiki/C + # https://search.nixos.org/packages?channel=24.05&show=gcc&from=0&size=50&sort=relevance&type=packages&query=gcc + #gcc + automake + gnumake + #cmake + pkg-config + + gdb + + # Scripting/Utils + perl + #3.12.8 on 12th of Feb 2025 + python3Full + gawk + jq + git + htop + btop + minicom + + bc + + # Compression + bzip2 + gzip + lz4 + zip + unzip + #xz + #zstd + + gnutar + + # File Transfer/Management + rsync + tree + + # Terminals + alacritty + kitty + #https://ghostty.org/ + ghostty + + # Networking + ethtool + iproute2 + vlan + tcpdump + wireshark + iperf2 + netperf + flent + bpftools + fping + inetutils # Includes telnet + netcat-gnu + + # Filesystem/Monitoring + inotify-tools + + + # SDR + gnuradio + hackrf + gqrx + cubicsdr + + # Media + vlc + # ffmpeg moved to system package + #ffmpeg_7-full + #ffmpeg-full + + # Go Development + # https://nixos.wiki/wiki/Go + # https://nixos.org/manual/nixpkgs/stable/#sec-language-go + # https://nixos.wiki/wiki/FAQ#How_can_I_install_a_package_from_unstable_while_remaining_on_the_stable_channel.3F + libcap + #gcc_multi + #glibc_multi + # thunderbird + #go_1_23 + go + gopls + golint + golangci-lint + golangci-lint-langserver + # trunk is unfree, and i can't work out how to enable unfree + #trunk-io + # https://github.com/go-delve/delve + delve + # https://github.com/aarzilli/gdlv + gdlv + buf + protobuf_27 + grpcurl + # https://github.com/go-gorm/gen + # https://github.com/infobloxopen/protoc-gen-gorm/blob/main/example/postgres_arrays/buf.gen.yaml + gorm-gentool + # removed 24.11 + #buf-language-server + # https://tinygo.org/ + #tinygo + + # removing bazel and moving to the "nix develop" shell + # # https://github.com/bazelbuild/bazel/tags + # # https://github.com/NixOS/nixpkgs/blob/nixos-unstable/pkgs/development/tools/build-managers/bazel/bazel_7/default.nix#L524 + #bazel_7 + bazel-buildtools + bazelisk + + code-cursor + + # # https://github.com/bazel-contrib/bazel-gazelle/tags + # # https://github.com/NixOS/nixpkgs/blob/nixos-unstable/pkgs/by-name/ba/bazel-gazelle/package.nix#L26 + # bazel-gazelle + # bazel-buildtools + # bazelisk + # # https://github.com/buchgr/bazel-remote - maybe something to look at? + # # https://github.com/buildfarm/buildfarm?tab=readme-ov-file#helm-chart + + # Debugging/Profiling + graphviz # for pprof + strace + + # Diffing + meld + + # Editors + helix + + # Rust Development + # https://nixos.wiki/wiki/Rust + cargo + rustc + rustfmt + rust-analyzer + clippy + #clang_multi + + # Mobile Development + flutter + android-studio + android-tools + android-udev-rules + + nordic + gnome-themes-extra + #gnome-shell-extensions + + # Gnome Related / Extensions + # gnomeExtensions.emoji-copy + # gnomeExtensions.workspace-switcher-manager + gnome-extension-manager + gnome-usage + dconf-editor + gnome-settings-daemon + gnome-disk-utility + gnome-software + gnome-tweaks + simple-scan + gnomeExtensions.appindicator + gnomeExtensions.settingscenter + gnomeExtensions.system-monitor + gnomeExtensions.dash-to-dock + gnomeExtensions.just-perfection + gnomeExtensions.logo-menu + gnomeExtensions.wifi-qrcode + gnomeExtensions.wireless-hid + gnomeExtensions.user-themes + gnomeExtensions.tray-icons-reloaded + gnomeExtensions.vitals + gnomeExtensions.dash-to-panel + gnomeExtensions.sound-output-device-chooser + gnomeExtensions.space-bar + # https://github.com/AstraExt/astra-monitor + gnomeExtensions.astra-monitor + libgtop + + # Office/Documents + libreoffice-qt + hunspell + hunspellDicts.en_AU + #hunspellDicts.en_US + evince + + # Browsers + # https://nixos.wiki/wiki/Firefox + firefox + # https://nixos.wiki/wiki/Chromium + chromium + #google-chrome + # https://discourse.nixos.org/t/google-chrome-not-working-after-recent-nixos-rebuild/43746 + (google-chrome.override { + commandLineArgs = [ + "--enable-features=UseOzonePlatform" + "--ozone-platform=wayland" + ]; + }) + + # Communication + # https://nixos.wiki/wiki/Slack + slack + zoom-us + + # Screenshots/Screen Recording + # https://wiki.nixos.org/wiki/Flameshot + flameshot + #(flameshot.override { enableWlrSupport = true; }) + grim # screenshot functionality + slurp # screenshot functionality + simplescreenrecorder + # https://wiki.nixos.org/wiki/Gpu-screen-recorder + gpu-screen-recorder # CLI + gpu-screen-recorder-gtk # GUI + + # Graphics + gimp-with-plugins + + # Text Editors + gedit + + # Containers + # https://nixos.wiki/wiki/Podman + dive + podman + runc + skopeo + podman-tui + podman-compose + docker-buildx + + # Kubernetes + #clickhouse + #clickhouse-cli + # https://github.com/int128/kubelogin + kubelogin-oidc + kubectl + kubernetes-helm + istioctl + krew + kubeshark + kubectl-ktop + kubectl-klock + kube-capacity + kubectl-images + kubectl-gadget + kdash + # k9s --kubeconfig=dev-d.kubeconfig + k9s + + # Misc + # https://github.com/jrincayc/ucblogo-code + ucblogo + # https://github.com/wagoodman/dive + # dive # Duplicate removed + # https://github.com/sharkdp/hyperfine + hyperfine + + # App Launchers + rofi-wayland + wofi + + # Raspberry Pi + #rpi-imager + + #silly + cmatrix + sl + vectoroids # game + # https://feralinteractive.github.io/gamemode/ + # sameboy + + #gpu monitoring + lact + ]; + + # vscode + # https://nixos.wiki/wiki/Visual_Studio_Code + # https://github.com/thexyno/nixos-config/blob/main/hm-modules/vscode/default.nix + # nix run github:nix-community/nix-vscode-extensions# -- --list-extensions + # https://mynixos.com/home-manager/options/programs.vscode + programs.vscode = { + enable = true; + package = pkgs.vscode; + profiles.default.extensions = with pkgs.vscode-extensions; [ + dart-code.dart-code + dart-code.flutter + golang.go + hashicorp.terraform + ms-azuretools.vscode-docker + ms-vscode-remote.remote-containers + ms-vscode-remote.remote-ssh + ms-vscode.makefile-tools + ms-vscode.cmake-tools + ms-vscode.cpptools + ms-vscode.hexeditor + ms-vscode.makefile-tools + ms-python.python + ms-python.vscode-pylance + ms-kubernetes-tools.vscode-kubernetes-tools + redhat.vscode-yaml + rust-lang.rust-analyzer + tamasfe.even-better-toml + timonwong.shellcheck + zxh404.vscode-proto3 + yzhang.markdown-all-in-one + jnoortheen.nix-ide + rust-lang.rust-analyzer + bazelbuild.vscode-bazel + ]; + }; + + #fonts.fonts = with pkgs; [ + # nerdfonts + # meslo-lgs-nf + #]; + + programs.bash = { + enable = true; + enableCompletion = true; + shellAliases = { + k = "kubectl"; + }; + }; + + programs.vim = { + enable = true; + plugins = with pkgs.vimPlugins; [ vim-airline ]; + settings = { ignorecase = true; }; + extraConfig = '' + set mouse=a + ''; + }; + #ldflags = [ + # "-X main.Version=${version}" + # "-X main.Commit=${version}" + #]; + + programs.git = { + enable = true; + userEmail = "dave.seddon.ca@gmail.com"; + userName = "randomizedcoder"; + #signing.key = "GPG-KEY-ID"; + #signing.signByDefault = true; + }; + + # https://nixos.wiki/wiki/OBS_Studio + # TODO add kernel module for virtual camera + programs.obs-studio = { + enable = true; + plugins = with pkgs.obs-studio-plugins; [ + wlrobs + obs-backgroundremoval + obs-pipewire-audio-capture + ]; + }; + + # another example with dark colors: + # https://github.com/HeinzDev/Hyprland-dotfiles/blob/main/home/home.nix#L70 + # + # https://heywoodlh.io/nixos-gnome-settings-and-keyboard-shortcuts + # https://rycee.gitlab.io/home-manager/options.xhtml#opt-dconf.settings + dconf.settings = { + "org/gnome/desktop/wm/preferences" = { + #button-layout = "close,minimize,maximize,above:appmenu"; + button-layout = ":minimize,maximize,above,close"; + num-workspaces = 2; + }; + # "org/gnome/desktop/interface" = { + # color-scheme = "prefer-dark"; + # }; + "org/gnome/desktop/interface" = { + clock-show-seconds = true; + clock-show-weekday = true; + color-scheme = "prefer-dark"; + enable-hot-corners = false; + font-antialiasing = "grayscale"; + font-hinting = "slight"; + gtk-theme = "Nordic"; + icon-theme = "Papirus-Dark"; + cursor-theme = "Adwaita"; + toolkit-accessibility = false; + }; + "org/gnome/shell" = { + disable-user-extensions = false; + favorite-apps = [ + "firefox.desktop" + "google-chrome.desktop" + "code.desktop" + "chromium.desktop" + "alacritty.desktop" + #"kitty.desktop" + "slack.desktop" + "ghostty.desktop" + ]; + # "org/gnome/shell/extensions/user-theme" = { + # name = "Nordic"; + # }; + enabled-extensions = with pkgs.gnomeExtensions; [ + blur-my-shell.extensionUuid + gsconnect.extensionUuid + ]; + }; + }; + + home.file."containers.conf" = { + target = ".config/containers/containers.conf"; + # https://docs.podman.io/en/v4.6.0/markdown/options/security-opt.html + # https://github.com/containers/common/blob/main/docs/containers.conf.5.md + text = '' + [containers] + annotations=["run.oci.keep_original_groups=1",] + label=false + #seccomp=unconfined + ''; + }; + home.file."registries.conf" = { + target = ".config/containers/registries.conf"; + text = '' + [registries.search] + registries = ['docker.io'] + ''; + # text = '' + # [registries.search] + # registries = ['docker.io', 'registry.gitlab.com'] + # ''; + }; + home.file."policy.json" = { + target = ".config/containers/policy.json"; + text = '' + { + "default": [ + { + "type": "insecureAcceptAnything" + } + ], + "transports": + { + "docker-daemon": + { + "": [{"type":"insecureAcceptAnything"}] + } + } + } + ''; + }; + # https://github.com/colemickens/nixcfg/blob/1915d408ea28a5b7279f94df7a982dbf2cf692ef/mixins/ghostty.nix#L19 + + # set at flake.nix level + nixpkgs.config.allowUnfree = true; + + home.stateVersion = "24.11"; +} diff --git a/desktop/l/hosts.nix b/desktop/l/hosts.nix new file mode 100644 index 0000000..ae89d39 --- /dev/null +++ b/desktop/l/hosts.nix @@ -0,0 +1,18 @@ +{ config, pkgs, ... }: + +{ + networking.hosts = { + "172.16.40.198" = [ "hp0" "hp0eth" ]; # adi's room + "172.16.40.141" = [ "hp0wifi" ]; + "172.16.40.142" = [ "hp1" "hp1eth" ]; + "172.16.40.212" = [ "hp2" "hp2eth" ]; + "172.16.40.146" = [ "hp3" "hp3eth" ]; # savi's room + "172.16.40.130" = [ "hp3wifi" ]; + "172.16.50.232" = [ "hp4" "hp4eth" ]; # rack + "172.16.40.70" = [ "hp5" "hp5eth" ]; + "172.16.40.122" = [ "pi5-1" "pi5-1-eth" ]; + "172.16.40.62" = [ "chromebox3" "chromebox3-eth" ]; + "172.16.40.46" = [ "l2" ]; + "127.0.0.1" = ["redpanda-0" ]; + }; +} \ No newline at end of file diff --git a/desktop/l/hyprland.nix b/desktop/l/hyprland.nix new file mode 100644 index 0000000..c4970d4 --- /dev/null +++ b/desktop/l/hyprland.nix @@ -0,0 +1,15 @@ +{ config, pkgs, ... }: +{ + # Enable Hyprland system-wide + programs.hyprland = { + enable = true; + xwayland.enable = true; + }; + + # Enable XDG portal for Wayland + xdg.portal = { + enable = true; + extraPortals = with pkgs; [ xdg-desktop-portal-gtk ]; + config.common.default = "gtk"; + }; +} \ No newline at end of file diff --git a/desktop/l/locale.nix b/desktop/l/locale.nix new file mode 100644 index 0000000..6a67b6f --- /dev/null +++ b/desktop/l/locale.nix @@ -0,0 +1,18 @@ +{ config, pkgs, ... }: + +{ + # Select internationalisation properties. + i18n.defaultLocale = "en_US.UTF-8"; + + i18n.extraLocaleSettings = { + LC_ADDRESS = "en_US.UTF-8"; + LC_IDENTIFICATION = "en_US.UTF-8"; + LC_MEASUREMENT = "en_US.UTF-8"; + LC_MONETARY = "en_US.UTF-8"; + LC_NAME = "en_US.UTF-8"; + LC_NUMERIC = "en_US.UTF-8"; + LC_PAPER = "en_US.UTF-8"; + LC_TELEPHONE = "en_US.UTF-8"; + LC_TIME = "en_US.UTF-8"; + }; +} \ No newline at end of file diff --git a/desktop/l/nodeExporter.nix b/desktop/l/nodeExporter.nix new file mode 100644 index 0000000..f26d49b --- /dev/null +++ b/desktop/l/nodeExporter.nix @@ -0,0 +1,27 @@ +{ + config, + pkgs, + ... +}: +{ + # https://nixos.org/manual/nixos/stable/#module-services-prometheus-exporters + # https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/services/monitoring/prometheus/default.nix + services.prometheus.exporters.node = { + enable = true; + port = 19000; + # https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/services/monitoring/prometheus/exporters.nix + enabledCollectors = [ "systemd" ]; + # /nix/store/zgsw0yx18v10xa58psanfabmg95nl2bb-node_exporter-1.8.1/bin/node_exporter --help + extraFlags = [ + "--collector.ethtool" + "--collector.softirqs" + "--collector.tcpstat" + "--collector.wifi" + "--collector.filesystem.ignored-mount-points='/nix/store'"]; + }; + + # https://search.nixos.org/options?channel=24.05&from=200&size=50&sort=relevance&type=packages&query=services.prometheus.exporters + services.prometheus.exporters.systemd.enable = true; + services.prometheus.exporters.smartctl.enable = true; + services.prometheus.exporters.process.enable = true; +} \ No newline at end of file diff --git a/desktop/l/original.configuration.nix b/desktop/l/original.configuration.nix new file mode 100644 index 0000000..d326571 --- /dev/null +++ b/desktop/l/original.configuration.nix @@ -0,0 +1,131 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +{ config, pkgs, ... }: + +{ + imports = + [ # Include the results of the hardware scan. + ./hardware-configuration.nix + ]; + + # Bootloader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + boot.initrd.luks.devices."luks-16f90ee0-dd9b-43de-951b-57d7b9b1f265".device = "/dev/disk/by-uuid/16f90ee0-dd9b-43de-951b-57d7b9b1f265"; + networking.hostName = "nixos"; # Define your hostname. + # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. + + # Configure network proxy if necessary + # networking.proxy.default = "http://user:password@proxy:port/"; + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + + # Enable networking + networking.networkmanager.enable = true; + + # Set your time zone. + time.timeZone = "America/Los_Angeles"; + + # Select internationalisation properties. + i18n.defaultLocale = "en_US.UTF-8"; + + i18n.extraLocaleSettings = { + LC_ADDRESS = "en_US.UTF-8"; + LC_IDENTIFICATION = "en_US.UTF-8"; + LC_MEASUREMENT = "en_US.UTF-8"; + LC_MONETARY = "en_US.UTF-8"; + LC_NAME = "en_US.UTF-8"; + LC_NUMERIC = "en_US.UTF-8"; + LC_PAPER = "en_US.UTF-8"; + LC_TELEPHONE = "en_US.UTF-8"; + LC_TIME = "en_US.UTF-8"; + }; + + # Enable the X11 windowing system. + services.xserver.enable = true; + + # Enable the GNOME Desktop Environment. + services.xserver.displayManager.gdm.enable = true; + services.xserver.desktopManager.gnome.enable = true; + + # Configure keymap in X11 + services.xserver.xkb = { + layout = "us"; + variant = ""; + }; + + # Enable CUPS to print documents. + services.printing.enable = true; + + # Enable sound with pipewire. + hardware.pulseaudio.enable = false; + security.rtkit.enable = true; + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + # If you want to use JACK applications, uncomment this + #jack.enable = true; + + # use the example session manager (no others are packaged yet so this is enabled by default, + # no need to redefine it in your config for now) + #media-session.enable = true; + }; + + # Enable touchpad support (enabled default in most desktopManager). + # services.xserver.libinput.enable = true; + + # Define a user account. Don't forget to set a password with ‘passwd’. + users.users.das = { + isNormalUser = true; + description = "das"; + extraGroups = [ "networkmanager" "wheel" ]; + packages = with pkgs; [ + # thunderbird + ]; + }; + + # Install firefox. + programs.firefox.enable = true; + + # Allow unfree packages + nixpkgs.config.allowUnfree = true; + + # List packages installed in system profile. To search, run: + # $ nix search wget + environment.systemPackages = with pkgs; [ + # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. + # wget + ]; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.mtr.enable = true; + # programs.gnupg.agent = { + # enable = true; + # enableSSHSupport = true; + # }; + + # List services that you want to enable: + + # Enable the OpenSSH daemon. + services.openssh.enable = true; + + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "24.11"; # Did you read the comment? + +} diff --git a/desktop/l/original.hardware-configuration.nix b/desktop/l/original.hardware-configuration.nix new file mode 100644 index 0000000..6608cdd --- /dev/null +++ b/desktop/l/original.hardware-configuration.nix @@ -0,0 +1,42 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/8722e7a6-a625-407f-9b1f-839bb52e7f8d"; + fsType = "ext4"; + }; + + boot.initrd.luks.devices."luks-67cf4e90-444f-4056-91a8-446fd6c42b09".device = "/dev/disk/by-uuid/67cf4e90-444f-4056-91a8-446fd6c42b09"; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/F732-675E"; + fsType = "vfat"; + options = [ "fmask=0077" "dmask=0077" ]; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/d762bfcb-e63b-47ad-ab8b-369c47e79833"; } + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/desktop/l/prometheus.nix b/desktop/l/prometheus.nix new file mode 100644 index 0000000..24eabca --- /dev/null +++ b/desktop/l/prometheus.nix @@ -0,0 +1,70 @@ +{ config, pkgs, ... }: +{ + # https://wiki.nixos.org/wiki/Prometheus + # https://nixos.org/manual/nixos/stable/#module-services-prometheus-exporters-configuration + # https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/services/monitoring/prometheus/default.nix + # default port 9090 + services.prometheus = { + enable = true; + globalConfig.scrape_interval = "10s"; # "1m" + scrapeConfigs = [ + { + job_name = "node"; + static_configs = [{ + targets = [ "localhost:${toString config.services.prometheus.exporters.node.port}" ]; + }]; + } + { + job_name = "xtcp"; + static_configs = [{ + targets = [ "localhost:9088" ]; + }]; + } + { + job_name = "hp1_xtcp"; + static_configs = [{ + targets = [ "hp1:9088" ]; + }]; + } + { + job_name = "clickhouse"; + static_configs = [{ + #targets = [ "localhost:9363" ]; + targets = [ "localhost:19363" ]; + }]; + } + { + job_name = "hp1"; + static_configs = [{ + targets = [ "hp1:${toString config.services.prometheus.exporters.node.port}" ]; + }]; + } + { + job_name = "hp1_clickhouse"; + static_configs = [{ + #targets = [ "localhost:9363" ]; + targets = [ "hp1:19363" ]; + }]; + } + { + job_name = "hp2"; + static_configs = [{ + targets = [ "hp2:${toString config.services.prometheus.exporters.node.port}" ]; + }]; + } + { + job_name = "hp2_clickhouse"; + static_configs = [{ + #targets = [ "localhost:9363" ]; + targets = [ "hp2:19363" ]; + }]; + } + #{ + # job_name = "chromebox1"; + # static_configs = [{ + # targets = [ "172.16.40.179:9105" ]; + # }]; + #} + ]; + }; +} \ No newline at end of file diff --git a/desktop/l/root.id_ed25519.pub b/desktop/l/root.id_ed25519.pub new file mode 100644 index 0000000..4176adb --- /dev/null +++ b/desktop/l/root.id_ed25519.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIBUWTELKL25XhSi+le+KNqaeAQvZ4Sh0/+lmRpiJzKn root@l diff --git a/desktop/l/root_ssh_config b/desktop/l/root_ssh_config new file mode 100644 index 0000000..6bea619 --- /dev/null +++ b/desktop/l/root_ssh_config @@ -0,0 +1,21 @@ +host hp4 hp4.home + user remotebuild + IdentityFile ~/.ssh/remotebuild + ServerAliveInterval 10 + Protocol 2 + #UseRoaming no + ForwardAgent yes + # Modern Key Exchange Algorithms (Kex) - Prioritizes Post-Quantum (if available) and Curve25519 + KexAlgorithms sntrup761x25519-sha512@openssh.com,curve25519-sha256@libssh.org,curve25519-sha256,diffie-hellman-group-exchange-sha256 + # Modern Ciphers - Prioritizes ChaCha20 and AES-GCM (Authenticated Encryption) + Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com + # Modern MACs - Prioritizes Encrypt-then-MAC (EtM) modes + MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com + # temp hmac-md5 + #MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-md5 + ControlMaster auto + ControlPath ~/.ssh/master-%r@%h:%p + ControlPersist 10m + Compression yes + Connecttimeout 10 + HashKnownHosts no \ No newline at end of file diff --git a/desktop/l/sysctl.nix b/desktop/l/sysctl.nix new file mode 100644 index 0000000..de472c7 --- /dev/null +++ b/desktop/l/sysctl.nix @@ -0,0 +1,55 @@ +{ config, pkgs, ... }: + +{ + # https://www.kernel.org/doc/html/latest/networking/ip-sysctl.html + # https://www.l4sgear.com/ + boot.kernel.sysctl = { + # detect dead connections more quickly + "net.ipv4.tcp_keepalive_intvl" = 30; + #net.ipv4.tcp_keepalive_intvl = 75 + "net.ipv4.tcp_keepalive_probes" = 4; + #net.ipv4.tcp_keepalive_probes = 9 + "net.ipv4.tcp_keepalive_time" = 120; + #net.ipv4.tcp_keepalive_time = 7200 + # 30 * 4 = 120 seconds. / 60 = 2 minutes + # default: 75 seconds * 9 = 675 seconds. /60 = 11.25 minutes + "net.ipv4.tcp_rmem" = "4096 1000000 16000000"; + "net.ipv4.tcp_wmem" = "4096 1000000 16000000"; + #net.ipv4.tcp_rmem = 4096 131072 6291456 + #net.ipv4.tcp_wmem = 4096 16384 4194304 + # https://github.com/torvalds/linux/blob/master/Documentation/networking/ip-sysctl.rst?plain=1#L1042 + # https://lwn.net/Articles/560082/ + "net.ipv4.tcp_notsent_lowat" = "131072"; + #net.ipv4.tcp_notsent_lowat = 4294967295 + # enable Enable reuse of TIME-WAIT sockets globally + "net.ipv4.tcp_tw_reuse" = 1; + #net.ipv4.tcp_tw_reuse=2 + "net.ipv4.tcp_timestamps" = 1; + "net.ipv4.tcp_ecn" = 1; + "net.core.default_qdisc" = "cake"; + "net.ipv4.tcp_congestion_control" = "cubic"; + #net.ipv4.tcp_congestion_control=bbr + "net.core.rmem_default" = 26214400; + "net.core.rmem_max" = 26214400; + "net.core.wmem_default" = 26214400; + "net.core.wmem_max" = 26214400; + #net.core.optmem_max = 20480 + #net.core.rmem_default = 212992 + #net.core.rmem_max = 212992 + #net.core.wmem_default = 212992 + #net.core.wmem_max = 212992 + "net.ipv4.ip_local_port_range" = "1025 65535"; + #net.ipv4.ip_local_port_range ="32768 60999" + # + #net.ipv4.inet_peer_maxttl = 600 + #net.ipv4.inet_peer_minttl = 120 + #net.ipv4.ip_default_ttl = 64 + # we DO want to save the slow start in the route cache + "net.ipv4.tcp_no_ssthresh_metrics_save" = 0; + #net.ipv4.tcp_no_ssthresh_metrics_save = 1 + "net.ipv4.tcp_reflect_tos" = 1; + #net.ipv4.tcp_reflect_tos = 0 + "net.ipv4.tcp_rto_min_us" = 50000; #50ms + #net.ipv4.tcp_rto_min_us = 200000 #200ms + }; +} \ No newline at end of file diff --git a/desktop/l/systemPackages.nix b/desktop/l/systemPackages.nix new file mode 100644 index 0000000..c9fa23e --- /dev/null +++ b/desktop/l/systemPackages.nix @@ -0,0 +1,47 @@ +{ + config, + pkgs, + ... +}: +{ + # set at flake.nix level + nixpkgs.config.allowUnfree = true; + + # $ nix search wget + environment.systemPackages = with pkgs; [ + # Basic system tools + psmisc + vim + curl + wget + tcpdump + iproute2 + nftables + iptables + pciutils + usbutils + iw + wirelesstools + wpa_supplicant + lldpd + #snmp seems to be needed by lldpd + net-snmp + neofetch + libxml2 # Added for bazel/clang development + + # Wayland support + xwayland + meson + wayland-protocols + wayland-utils + wl-clipboard + + xscreensaver + + clinfo + lact + + # https://wiki.nixos.org/wiki/Flameshot + #(flameshot.override { enableWlrSupport = true; }) + ]; +} diff --git a/desktop/l/wireless_desktop.nix b/desktop/l/wireless_desktop.nix new file mode 100644 index 0000000..c8f4a68 --- /dev/null +++ b/desktop/l/wireless_desktop.nix @@ -0,0 +1,20 @@ +{ config, pkgs, ... }: + +{ + # networking.proxy.default = "http://user:password@proxy:port/"; + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + + networking = { + networkmanager = { + enable = true; + #wifi.powersave = true; + wifi.powersave = false; + }; + }; + + #networking.hosts = { + # "172.16.50.216" = ["hp0"]; + # "172.16.40.35" = ["hp1"]; + # "172.16.40.71" = ["hp2"]; + #}; +} \ No newline at end of file diff --git a/desktop/l2/CPU_and_IRQ_optimization.md b/desktop/l2/CPU_and_IRQ_optimization.md new file mode 100644 index 0000000..38e4aab --- /dev/null +++ b/desktop/l2/CPU_and_IRQ_optimization.md @@ -0,0 +1,1038 @@ +# CPU and IRQ Optimization for L2 WiFi Access Point + +## System Overview + +The L2 system is equipped with an **AMD Ryzen Threadripper PRO 3945WX** featuring: +- **12 physical cores** with **24 logical threads** (SMT enabled) +- **4 NUMA nodes** +- **L3 cache**: 16MB per core complex (4x 16MB, each shared among 6 cores) +- **L2 cache**: 512KB per core +- **L1 cache**: 32KB instruction + 32KB data per core +- **128 GB RAM** for optimal network buffer allocation + +## Cache-Aware Core Pairing for Network Optimization + +On this architecture, each physical core is split into two logical processors (SMT siblings), e.g., P0/P12, P1/P13, ..., P11/P23. Both siblings share the same L1, L2, and L3 cache. To maximize cache locality and avoid cache pollution from userland processes, **network processing and IRQs should be grouped by physical core, using paired SMT siblings**. + +**Recommended pattern:** +- Use one or both SMT siblings per physical core for network processing (e.g., 0,12,1,13,2,14,3,15,4,16,5,17,6,18,7,19 for 8 physical cores) +- Assign userland to the remaining SMT siblings (e.g., 8,20,9,21,10,22,11,23) + +## Current Interrupt Distribution Analysis + +### Network Interface Interrupts + +#### Ethernet Interface (enp1s0) - Atlantic Driver +- **8 MSI-X vectors** distributed across cores 16-23 +- **Current distribution**: Interrupts are clustered on cores 14, 15, 16, 17, 18, 20, 22, 23 +- **Issue**: Competing with storage I/O and userland processes + +#### WiFi Interfaces (4x Intel iwlwifi) +- **wlp35s0**: 16 MSI-X vectors, mostly on CPU 21 +- **wlp65s0**: 16 MSI-X vectors, mostly on CPU 23 +- **wlp66s0**: 16 MSI-X vectors, mostly on CPU 14 +- **wlp97s0**: 16 MSI-X vectors, mostly on CPU 15 +- **Issue**: All WiFi interfaces clustered on a few cores + +### Storage and Other Interrupts +- **NVMe drives**: Heavy interrupt load on cores 8-13, 20-23 +- **USB controllers**: Scattered across cores 5-6, 18 +- **GPU**: Core 3 (heavy interrupt load) + +## Current Issues + +### 1. **Interrupt Contention** +- Network interrupts are competing with storage I/O on the same cores +- WiFi interfaces are clustered on a few cores (14, 15, 21, 23) +- No isolation between network processing and userland workloads + +### 2. **Cache Inefficiency** +- Network interrupts and userland processes share the same CPU caches +- SMT threads on the same physical core compete for cache resources +- No NUMA awareness for network processing + +### 3. **Suboptimal Core Utilization** +- Cores 0-7, 9, 11, 13, 16-19, 22 have minimal network interrupt load +- Heavy network processing concentrated on cores 14, 15, 21, 23 +- No dedicated cores for network processing + +## Proposed Optimization Strategy + +### Phase 1: Core Isolation and Dedication + +#### Network IRQ Processing Cores (Isolated from Scheduler) +**Dedicated cores for network interrupt handling:** +- **Ethernet IRQ cores**: 0,12,1,13,2,14,3,15 (first 4 L cores) + - **IRQs**: 168-176 (enp1s0 queues 0-8) + - **Distribution**: 9 IRQs across 8 logical cores +- **WiFi IRQ cores**: 4,5,6,7 (dedicated L cores for default queues) + - **IRQs**: 4 default queues (179, 198, 214, 231) - one per L core + - **Distribution**: Each WiFi interface gets dedicated L core for default queue + all other queues + - **Strategy**: Prioritize default queues (95%+ of WiFi traffic) across separate L cores +- **Isolation**: These cores are isolated by `isolcpus` kernel parameter +- **Benefits**: + - Dedicated cores for interrupt processing + - No competition from userland processes + - Better interrupt coalescing and latency + - Optimized WiFi default queue distribution for maximum parallelism + +#### Userland Processing Cores (8-23) +**Remaining cores for system services and userland:** +- **Cores 8,20,9,21,10,22,11,23**: Userland processes, system services +- **Services**: hostapd, DHCP (Kea), DNS (PowerDNS), IPv6 RA (radvd) +- **Slice**: system.slice and network-services.slice +- **Benefits**: + - Isolated from network interrupt processing + - Dedicated resources for network services + - Better performance for non-interrupt workloads + +### Phase 2: IRQ Affinity Optimization + +#### WiFi Default Queue Optimization Strategy + +**Analysis of WiFi Interrupt Distribution:** +Based on `/proc/interrupts` analysis, WiFi interfaces show a clear pattern: +- **Default queues** (IRQs 179, 198, 214, 231): 23K-25K interrupts each - these are the critical path +- **Data queues** (IRQs 181-194, 199-212, 215-228, 232-245): 0-10 interrupts each - minimal load +- **Exception queues** (IRQs 195, 213, 229, 246): 1K-1.2K interrupts each - moderate load + +**Strategy: Prioritize Default Queues** +Since the default queues handle the vast majority of WiFi traffic (95%+ of interrupts), we optimize by: +1. **Distribute 4 default queues across 4 different L cores** (4,5,6,7) for maximum parallelism +2. **Group remaining queues** from each interface on the same core as their default queue +3. **Exception queues** follow their respective default queue + +**Rationale:** +- Default queues are the primary data path for WiFi packets +- Distributing them across separate L cores eliminates contention +- Each WiFi interface gets dedicated L core resources +- Better cache locality and reduced cross-core interference + +#### Dynamic IRQ Detection and Distribution +The IRQ affinity script dynamically detects network interfaces and distributes IRQs: + +```bash +# Ethernet interfaces - distribute across first 4 L cores (0,12,1,13,2,14,3,15) +for interface in $(ip link show | grep -E "enp|eth" | awk -F: '{print $2}' | tr -d ' '); do + for irq in $(grep $interface /proc/interrupts | awk '{print $1}' | sed 's/://'); do + cpu=$((irq % 8)) # Distribute across cores 0-7 + echo $cpu > /proc/irq/$irq/smp_affinity_list + done +done + +# WiFi interfaces - optimize default queues across L cores 4,5,6,7 +wifi_count=0 +for interface in $(iw dev | grep Interface | awk '{print $2}'); do + # Assign each WiFi interface to a dedicated L core (4,5,6,7) + case $wifi_count in + 0) default_core=4 ;; # First WiFi interface -> L core 4 + 1) default_core=5 ;; # Second WiFi interface -> L core 5 + 2) default_core=6 ;; # Third WiFi interface -> L core 6 + 3) default_core=7 ;; # Fourth WiFi interface -> L core 7 + esac + + # Set default queue to dedicated L core + default_irq=$(grep "$interface.*default_queue" /proc/interrupts | awk '{print $1}' | sed 's/://') + if [ -n "$default_irq" ]; then + echo $default_core > /proc/irq/$default_irq/smp_affinity_list + fi + + # Set all other queues (1-14, exception) to same core as default queue + for irq in $(grep "$interface" /proc/interrupts | grep -v "default_queue" | awk '{print $1}' | sed 's/://'); do + echo $default_core > /proc/irq/$irq/smp_affinity_list + done + + wifi_count=$((wifi_count + 1)) +done +``` + +### Phase 3: Systemd Slice Configuration + +#### Network Services Slice +```nix +systemd.slices = { + network-services = { + description = "Network services (DHCP, DNS, RA, hostapd)"; + sliceConfig = { + CPUAffinity = "8,20,9,21,10,22,11,23"; # Userland cores only + Nice = -5; + MemoryHigh = "4G"; + MemoryMax = "8G"; + }; + }; +}; +``` + +#### System Slice +```nix +systemd.slices = { + system = { + description = "System and userland services"; + sliceConfig = { + CPUAffinity = "8,20,9,21,10,22,11,23"; # Userland cores only + Nice = 0; + MemoryHigh = "32G"; + MemoryMax = "64G"; + }; + }; +}; +``` + +#### Per-Daemon Slices (Inherit from Main Slices) +```nix +systemd.slices = { + kea = { + description = "KEA DHCP server slice"; + sliceConfig = { + Slice = "network-services.slice"; + }; + }; + pdns = { + description = "PowerDNS Recursor slice"; + sliceConfig = { + Slice = "network-services.slice"; + }; + }; + radvd = { + description = "radvd IPv6 RA slice"; + sliceConfig = { + Slice = "network-services.slice"; + }; + }; + hostapd = { + description = "hostapd WiFi access point slice"; + sliceConfig = { + Slice = "network-services.slice"; + }; + }; +}; +``` + +### Phase 4: Kernel Parameter and Sysctl Optimization + +#### CPU Isolation (Kernel Boot Parameters) +```bash +# Boot parameters (set in boot.kernelParams) +# Isolate both SMT siblings of each physical core used for network processing +# Ethernet cores: 0,12,1,13,2,14,3,15 (first 4 L cores) +# WiFi cores: 4,5,6,7 (dedicated L cores for default queues) +isolcpus=0,12,1,13,2,14,3,15,4,5,6,7 +nohz_full=0,12,1,13,2,14,3,15,4,5,6,7 +rcu_nocbs=0,12,1,13,2,14,3,15,4,5,6,7 +``` + +**Parameter Explanations:** + +- **`isolcpus`**: Isolates specified CPUs from the Linux scheduler. These cores will not run any userland processes, only kernel threads and IRQs. This prevents userland processes from interfering with network interrupt processing. + +- **`nohz_full`**: Disables the tick (timer interrupt) on specified CPUs when they have only one runnable task. This eliminates periodic timer interrupts that can cause jitter and latency spikes in network processing. Critical for achieving consistent low-latency network performance. + +- **`rcu_nocbs`**: Disables RCU (Read-Copy Update) callback processing on specified CPUs. RCU is a synchronization mechanism that can cause periodic CPU wakeups and cache line bouncing. By disabling it on network cores, we eliminate this source of interference and improve cache locality for network data structures. + +**Performance Benefits:** +- **Reduced Latency**: Eliminates timer and RCU interrupts that cause jitter +- **Better Cache Locality**: Prevents cache pollution from RCU callbacks +- **Consistent Performance**: Isolated cores provide predictable network processing +- **Lower CPU Overhead**: Network cores focus exclusively on interrupt handling + +#### Network Stack Optimization (Sysctl) +> **Note:** Network stack tunables such as `net.core.netdev_budget`, `net.core.netdev_budget_usecs`, and similar should be set via sysctl (NixOS: `boot.kernel.sysctl` or sysctl.nix), **not** as kernel boot parameters. These are runtime tunables and are not recognized as boot parameters. + +```nix +# In sysctl.nix or boot.kernel.sysctl +boot.kernel.sysctl = { + "net.core.netdev_budget" = 600; + "net.core.netdev_budget_usecs" = 8000; + # ... other network tunables ... +}; +``` + +### Phase 5: NUMA Optimization + +#### Memory Allocation +```bash +# Bind network processes to NUMA node 0 +numactl --cpunodebind=0 --membind=0 +``` + +#### Network Buffer Allocation +```bash +# Allocate network buffers from local NUMA node +echo 0 > /proc/sys/vm/numa_balancing +``` + +## Implementation Plan + +### Step 1: Create IRQ Affinity Script +Create a systemd service to set IRQ affinities at boot: + +```nix +systemd.services.irq-affinity = { + description = "Set IRQ affinity for network optimization"; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" "systemd-udev-settle.service" ]; + before = [ "hostapd.service" "kea-dhcp4-server.service" ]; + + serviceConfig = { + Type = "oneshot"; + ExecStart = "${pkgs.writeShellScript "irq-affinity" '' + #!/bin/bash + # Dynamic IRQ affinity distribution script + # Automatically detects network interfaces and distributes IRQs + # ... (complete script) + ''}"; + RemainAfterExit = true; + }; +}; +``` + +### Step 2: CPU Affinity for Network Services +```nix +systemd.services = { + # Network services (network-services slice, via per-daemon slices) + hostapd = { + serviceConfig = { + Slice = "hostapd.slice"; + Nice = -10; + IOSchedulingClass = 1; # Real-time I/O + IOSchedulingPriority = 4; + LimitNOFILE = 65536; + Restart = "always"; + RestartSec = "5s"; + }; + }; + + kea-dhcp4-server = { + serviceConfig = { + Slice = "kea.slice"; + Nice = -5; + LimitNOFILE = 65536; + Restart = "always"; + RestartSec = "10s"; + }; + }; + + pdns-recursor = { + serviceConfig = { + Slice = "pdns.slice"; + Nice = -5; + LimitNOFILE = 65536; + Restart = "always"; + RestartSec = "10s"; + }; + }; + + radvd = { + serviceConfig = { + Slice = "radvd.slice"; + Nice = -5; + Restart = "always"; + RestartSec = "10s"; + }; + }; +}; +``` + +### Step 3: Kernel Boot Parameters +```nix +boot.kernelParams = [ + "isolcpus=0,12,1,13,2,14,3,15,4,5,6,7" + "nohz_full=0,12,1,13,2,14,3,15,4,5,6,7" + "rcu_nocbs=0,12,1,13,2,14,3,15,4,5,6,7" +]; +``` + +## Expected Performance Improvements + +### 1. **Reduced Interrupt Latency** +- Dedicated cores eliminate competition for CPU resources +- Better cache locality reduces memory access latency +- SMT isolation prevents cache pollution + +### 2. **Improved Throughput** +- Parallel processing across 8 dedicated network cores +- Better interrupt distribution reduces bottlenecks +- Optimized cache utilization for network data structures + +### 3. **Lower CPU Overhead** +- Reduced context switching on network cores +- Better interrupt coalescing effectiveness +- Optimized memory allocation patterns + +### 4. **Enhanced Scalability** +- Better support for multiple concurrent WiFi clients +- Improved handling of burst traffic +- More predictable performance under load + +### 5. **Better Resource Management** +- Memory limits prevent resource contention +- Slice-based isolation improves system stability +- Automatic restart policies for critical services + +## Monitoring and Verification + +### IRQ Distribution Check +```bash +# Monitor IRQ distribution +watch -n 1 'cat /proc/interrupts | grep -E "(enp1s0|iwlwifi)"' +``` + +### CPU Utilization Monitoring +```bash +# Monitor CPU usage per core +mpstat -P ALL 1 +``` + +### Slice Status Monitoring +```bash +# Check slice status and resource usage +systemctl status network-services.slice system.slice +``` + +### Network Performance Testing +```bash +# Test network throughput with iperf2 +iperf -s # On network cores +iperf -c # From client + +# Test with flent (FLExible Network Tester) +flent rrul -H -l 60 + +# Test with netperf +netserver # On server +netperf -H -t TCP_STREAM +``` + +### Cache Performance +```bash +# Monitor cache misses +perf stat -e cache-misses,cache-references -p +``` + +### Real-time Network Monitoring +```bash +# Monitor network interfaces +iftop -i br0 +nethogs +nload br0 +``` + +## Configuration Files + +### 1. `irq-affinity.nix` +Network IRQ affinity configuration and service for distributing interrupts across dedicated network cores + +### 2. `systemd-slices.nix` +Systemd slice definitions with CPU affinity, resource limits, and service assignments for hierarchical resource management + +### 3. `kernel-params.nix` +Kernel boot parameters for optimization (complements existing boot config in configuration.nix) + +### 4. `sysctl.nix` +Runtime kernel network parameters + +### 5. `systemPackages.nix` +Network testing tools: iperf2, flent, netperf, ethtool, sysstat, htop, iftop, nethogs, nload, speedtest-cli, mtr, traceroute, nmap, wireshark, tshark, perf-tools, perf + +## System Architecture + +``` +Internet (enp1s0) + ↓ +[NAT/Firewall] ← nftables with connection tracking (isolated network cores 0-7) + ↓ +[Bridge (br0)] ← 192.168.1.1/24, fd00::1/64 + ↓ +[WiFi Clients] ← 4x WiFi interfaces with hostapd 2.10 (network-services slice, userland cores) + ↓ +[Network Services] ← DHCP, DNS, RA (network-services slice, userland cores) + ↓ +[System Services] ← System services (system.slice, userland cores) + +Core Allocation: +- Ethernet IRQs: cores 0,12,1,13,2,14,3,15 (first 4 L cores) +- WiFi IRQs: cores 4,5,6,7 (dedicated L cores for default queues) +- Services: cores 8,20,9,21,10,22,11,23 (userland cores) +``` + +## Services Overview + +| Service | Purpose | Slice | Slice CPU Affinity | Priority | +|--------------|------------------------|-------------------------|-------------------------------------|----------| +| hostapd | WiFi access point | hostapd.slice (child of network-services.slice) | 8,20,9,21,10,22,11,23 | -10 (RT) | +| Kea | DHCP server | kea.slice (child of network-services.slice) | 8,20,9,21,10,22,11,23 | -5 | +| PowerDNS | DNS resolver | pdns.slice (child of network-services.slice)| 8,20,9,21,10,22,11,23 | -5 | +| radvd | IPv6 RA | radvd.slice (child of network-services.slice)| 8,20,9,21,10,22,11,23 | -5 | + +**Note:** All services inherit CPU affinity and resource limits from their assigned slice. Only the two main parent slices (network-services and system) need explicit CPU affinity settings. **Network cores (0,12,1,13,2,14,3,15,4,5,6,7) are isolated by `isolcpus` and can only be used for IRQ affinity, not for systemd slice CPU affinity.** Kernel-level components like nftables and CAKE (QoS) are not managed by systemd slices; their performance is influenced by CPU isolation, IRQ affinity, and kernel boot parameters, not by systemd. + +## Integration with Existing Configuration + +### Boot Configuration +The system already has boot configuration in `configuration.nix`: +- **systemd-boot** with EFI support +- **linuxPackages_latest** kernel +- **Regulatory database** loading in initrd +- **cfg80211** and **iwlwifi** module options +- **Blacklisted modules** (nouveau) + +The `kernel-params.nix` module complements this existing configuration by adding: +- CPU isolation parameters +- Network performance optimizations +- Bluetooth disabling +- Security mitigation adjustments + +### System Packages +Network testing tools are installed via `systemPackages.nix`: +- **iperf2**: Traditional network performance testing +- **flent**: FLExible Network Tester for advanced network analysis +- **netperf**: Comprehensive network performance testing +- **Additional tools**: ethtool, sysstat, htop, iftop, nethogs, nload, speedtest-cli, mtr, traceroute, nmap, wireshark, tshark, perf-tools, perf + +## System Assessment and Adaptation Guide + +This section describes how to assess a different system and adapt the CPU/IRQ optimization configuration for different hardware configurations. + +### Step 1: System Hardware Assessment + +#### CPU Information +```bash +# Get CPU details +lscpu + +# Expected output example: +# CPU(s): 24 +# Thread(s) per core: 2 +# Core(s) per socket: 12 +# Socket(s): 1 +# NUMA node(s): 4 +# NUMA node0 CPU(s): 0-5 +# NUMA node1 CPU(s): 6-11 +# NUMA node2 CPU(s): 12-17 +# NUMA node3 CPU(s): 18-23 +``` + +**Key information to extract:** +- Total CPU cores and threads +- Physical cores vs logical threads (SMT/Hyperthreading) +- NUMA node configuration +- Cache sizes (L1, L2, L3) + +**CPU Layout Visualization:** +For a visual representation of the CPU topology, use: +```bash +hwloc-ls l2_2025_06_28.svg +``` + +This generates an SVG file showing the complete CPU layout, including: +- Physical core distribution +- SMT thread pairing +- NUMA node boundaries +- Cache hierarchy +- PCIe topology + +The generated `l2_2025_06_28.svg` file provides a detailed visual map of the system's CPU architecture, which is invaluable for understanding core relationships and optimizing IRQ affinity assignments. + +![CPU Layout Diagram](l2_2025_06_28.svg) + +#### Memory Information +```bash +# Get memory details +cat /proc/meminfo | grep -E "(MemTotal|MemFree|HugePages)" + +# Expected output example: +# MemTotal: 131750188 kB +# MemFree: 128223008 kB +# HugePages_Total: 0 +# Hugepagesize: 2048 kB +``` + +**Key information to extract:** +- Total system memory +- Available memory +- Huge page configuration + +#### Network Interface Assessment +```bash +# List network interfaces +ip link show + +# Get detailed interface information +lspci | grep -i ethernet +lspci | grep -i network + +# Check WiFi interfaces +iw dev + +# Expected output example: +# Interface wlp35s0 +# Interface wlp65s0 +# Interface wlp66s0 +# Interface wlp97s0 +``` + +**Key information to extract:** +- Ethernet interface names and drivers +- WiFi interface names and drivers +- Number of network interfaces + +### Step 2: Current Interrupt Distribution Analysis + +#### IRQ Distribution +```bash +# View current interrupt distribution +cat /proc/interrupts + +# Filter for network interfaces +cat /proc/interrupts | grep -E "(enp|wlp|eth|wlan)" + +# Expected output example: +# 168: 5051 706 4608 85 115 521 108 3924 IR-PCI-MSI 65536-edge enp1s0 +# 179: 1234 567 890 234 456 789 123 456 IR-PCI-MSI 65536-edge wlp35s0 +``` + +**Key information to extract:** +- IRQ numbers for each network interface +- Current CPU distribution of interrupts +- Number of MSI-X vectors per interface + +#### CPU Utilization Patterns +```bash +# Monitor CPU usage during network activity +mpstat -P ALL 1 10 + +# Check CPU topology +cat /proc/cpuinfo | grep -E "(processor|physical id|core id)" + +# Expected output example: +# processor : 0 +# physical id : 0 +# core id : 0 +# processor : 1 +# physical id : 0 +# core id : 0 +``` + +**Key information to extract:** +- CPU topology (physical cores vs logical threads) +- Current CPU utilization patterns +- Identify cores with high interrupt load + +### Step 3: Storage and Other Interrupt Analysis + +#### Storage Interrupts +```bash +# Check storage device interrupts +cat /proc/interrupts | grep -E "(nvme|ahci|scsi)" + +# Check storage devices +lsblk +lspci | grep -i storage +``` + +#### Other System Interrupts +```bash +# Check USB, GPU, and other interrupts +cat /proc/interrupts | grep -E "(usb|gpu|pcie)" + +# Check PCIe devices +lspci -t +``` + +### Step 4: Core Allocation Strategy (Assessment Guide) + +Based on the assessment, determine the optimal core allocation: + +#### For Different CPU Configurations (Paired SMT Siblings) + +**Example: 8 physical cores, 16 logical threads** +```bash +# Assessment shows: 8 physical cores, 16 logical threads +# Strategy: Use paired SMT siblings for network processing +network_cores="0,8,1,9,2,10,3,11,4,12,5,13,6,14,7,15" +userland_cores="remaining SMT siblings" +``` + +**For your system (12 physical cores, 24 threads):** +```bash +network_cores="0,12,1,13,2,14,3,15,4,16,5,17,6,18,7,19" +userland_cores="8,20,9,21,10,22,11,23" +``` + +> **Rationale:** This pattern ensures that network processing and IRQs are always on separate physical cores (and their SMT siblings) from userland, maximizing cache locality and minimizing cross-core interference. + +### Step 5: Memory Limit Calculations + +**Formula for memory limits:** +```bash +# Calculate memory limits based on total system memory +total_memory_gb=$(($(grep MemTotal /proc/meminfo | awk '{print $2}') / 1024 / 1024)) + +# Network services slice: 3-6% of total memory +network_services_memory_high=$((total_memory_gb * 3 / 100)) +network_services_memory_max=$((total_memory_gb * 6 / 100)) + +# System slice: 25-50% of total memory +system_memory_high=$((total_memory_gb * 25 / 100)) +system_memory_max=$((total_memory_gb * 50 / 100)) +``` + +### Step 6: IRQ Affinity Script Generation + +#### Dynamic IRQ Detection Script +```bash +#!/bin/bash +# Generate IRQ affinity script for the target system + +# Detect network interfaces +ethernet_interfaces=$(ip link show | grep -E "enp|eth" | awk -F: '{print $2}' | tr -d ' ') +wifi_interfaces=$(iw dev | grep Interface | awk '{print $2}') + +echo "#!/bin/bash" +echo "set -euo pipefail" +echo "" +echo "echo \"Setting IRQ affinity for network optimization...\"" +echo "" + +# Ethernet interfaces - distribute across network cores +for interface in $ethernet_interfaces; do + echo "# Ethernet interface $interface" + echo "for irq in \$(grep $interface /proc/interrupts | awk '{print \$1}' | sed 's/://'); do" + echo " cpu=\$((irq % 8)) # Distribute across cores 0-7" + echo " echo \$cpu > /proc/irq/\$irq/smp_affinity_list" + echo "done" + echo "" +done + +# WiFi interfaces - distribute across network cores +echo "# WiFi interfaces - distribute across network cores" +wifi_count=0 +for interface in $wifi_interfaces; do + if [ $((wifi_count % 2)) -eq 0 ]; then + echo "# $interface -> cores 0-3" + echo "for irq in \$(grep $interface /proc/interrupts | awk '{print \$1}' | sed 's/://'); do" + echo " cpu=\$((irq % 4)) # Distribute across cores 0-3" + echo " echo \$cpu > /proc/irq/\$irq/smp_affinity_list" + echo "done" + else + echo "# $interface -> cores 4-7" + echo "for irq in \$(grep $interface /proc/interrupts | awk '{print \$1}' | sed 's/://'); do" + echo " cpu=\$((irq % 4 + 4)) # Distribute across cores 4-7" + echo " echo \$cpu > /proc/irq/\$irq/smp_affinity_list" + echo "done" + fi + echo "" + wifi_count=$((wifi_count + 1)) +done + +echo "echo \"IRQ affinity configuration complete\"" +``` + +### Step 7: Configuration File Adaptation + +#### Kernel Parameters Adaptation +```bash +# Generate kernel parameters based on CPU configuration +cpu_count=$(nproc) +physical_cores=$(lscpu | grep "Core(s) per socket" | awk '{print $4}') +network_cores_count=$((physical_cores / 2)) # Use half of physical cores for network + +# Generate isolcpus parameter +isolcpus_range="0-$((network_cores_count * 2 - 1))" # Account for SMT + +echo "# Generated kernel parameters for $(hostname)" +echo "boot.kernelParams = [" +echo " # CPU isolation for network cores" +echo " \"isolcpus=$isolcpus_range\"" +echo " \"nohz_full=$isolcpus_range\"" +echo " \"rcu_nocbs=$isolcpus_range\"" +echo " # ... additional parameters" +echo "];" +``` + +#### Slice Configuration Adaptation +```bash +# Generate slice configuration based on system resources +total_memory_gb=$(($(grep MemTotal /proc/meminfo | awk '{print $2}') / 1024 / 1024)) +network_cores_count=$((physical_cores / 2)) + +echo "systemd.slices = {" +echo " network-services = {" +echo " description = \"Network services (DHCP, DNS, RA, hostapd)\";" +echo " sliceConfig = {" +echo " CPUAffinity = \"8,20,9,21,10,22,11,23\"; # Userland cores only" +echo " MemoryHigh = \"${network_services_memory_high}G\";" +echo " MemoryMax = \"${network_services_memory_max}G\";" +echo " };" +echo " };" +echo " system = {" +echo " description = \"System and userland services\";" +echo " sliceConfig = {" +echo " CPUAffinity = \"8,20,9,21,10,22,11,23\"; # Userland cores only" +echo " MemoryHigh = \"${system_memory_high}G\";" +echo " MemoryMax = \"${system_memory_max}G\";" +echo " };" +echo " };" +echo "};" +``` + +### Step 8: Validation and Testing + +#### Pre-optimization Baseline +```bash +# Capture baseline performance +iperf -s & +sleep 5 +iperf -c localhost -t 30 > baseline_results.txt +killall iperf + +# Capture baseline IRQ distribution +cat /proc/interrupts > baseline_interrupts.txt +``` + +#### Post-optimization Validation +```bash +# Verify IRQ distribution +echo "Verifying IRQ distribution..." +cat /proc/interrupts | grep -E "(enp|wlp|eth|wlan)" + +# Verify CPU isolation +echo "Verifying CPU isolation..." +cat /proc/cmdline | grep isolcpus + +# Verify slice configuration +echo "Verifying slice configuration..." +systemctl status network-services.slice system.slice + +# Performance testing +iperf -s & +sleep 5 +iperf -c localhost -t 30 > optimized_results.txt +killall iperf + +# Compare results +echo "Performance comparison:" +echo "Baseline: $(grep -E "SUM.*Gbits/sec" baseline_results.txt)" +echo "Optimized: $(grep -E "SUM.*Gbits/sec" optimized_results.txt)" +``` + +### Step 9: Documentation Template + +Create a system-specific documentation file: + +```bash +cat > system_assessment_$(hostname).md << EOF +# System Assessment for $(hostname) + +## Hardware Configuration +- **CPU**: $(lscpu | grep "Model name" | cut -d: -f2 | xargs) +- **Cores**: $(nproc) logical, $(lscpu | grep "Core(s) per socket" | awk '{print $4}') physical +- **Memory**: $(($(grep MemTotal /proc/meminfo | awk '{print $2}') / 1024 / 1024)) GB +- **NUMA Nodes**: $(lscpu | grep "NUMA node(s)" | awk '{print $3}') + +## Network Interfaces +$(ip link show | grep -E "enp|eth|wlp" | awk '{print " - " $2}') + +## Optimization Strategy +- **Network Cores**: 0-$((network_cores_count * 2 - 1)) +- **Userland Cores**: $((network_cores_count * 2))-$((nproc - 1)) +- **Memory Limits**: Services=${network_services_memory_high}G/${network_services_memory_max}G, System=${system_memory_high}G/${system_memory_max}G + +## Configuration Files +- Modified: kernel-params.nix, irq-affinity.nix, sysctl.nix +- Generated: system-specific IRQ affinity script + +## Performance Results +- Baseline: [To be measured] +- Optimized: [To be measured] +EOF +``` + +This assessment guide provides a systematic approach to adapting the CPU/IRQ optimization configuration for different hardware configurations, ensuring optimal performance regardless of the specific system architecture. + +## Conclusion + +This optimization strategy provides: +- **Dedicated network processing cores** (0-7) for maximum performance +- **Dedicated network services cores** (8-23) for infrastructure services +- **Isolated userland processing** (8-23) for system stability +- **Optimized IRQ distribution** across dedicated cores +- **Slice-based resource management** with memory limits optimized for 128GB RAM +- **NUMA-aware memory allocation** for better locality +- **Kernel parameter tuning** for network performance +- **Comprehensive network testing tools** for performance validation +- **Systematic assessment methodology** for adapting to different hardware configurations + +The result is a high-performance WiFi access point optimized for maximum network throughput with minimal latency and CPU overhead, featuring a clean and maintainable systemd hierarchy with proper resource isolation and extensive monitoring capabilities. + +## Per-Daemon Systemd Slices for Maximum Visibility and Control + +To achieve the highest level of resource isolation, monitoring, and control, this design uses a dedicated systemd slice for each major network service (daemon). This approach leverages systemd's hierarchical cgroup model, allowing you to: +- Set CPU, memory, and IO limits per service +- Monitor each service's resource usage independently +- Apply fine-grained policies and priorities +- Optionally group related slices under a parent slice for aggregate monitoring + +### Two Main Parent Slices with CPU Affinity + +The configuration defines two main parent slices, each with its own CPU affinity and resource limits: +- **network-services.slice**: For network infrastructure services (hostapd, Kea, PowerDNS, radvd, etc.) +- **system.slice**: For userland/system services + +**CPU affinity and resource limits are set only on these two main slices.** + +### Per-Daemon Subordinate Slices Inherit from Main Slices + +Each major daemon gets its own subordinate slice (e.g., `kea.slice`, `pdns.slice`, `radvd.slice`, `hostapd.slice`), which is attached as a child to the appropriate main slice. The per-daemon slices inherit CPU affinity and other limits from their parent, so you only need to set these on the main slices. + +#### Example NixOS Configuration + +```nix +# Main parent slices with CPU affinity (userland cores only) +systemd.slices.network-services = { + description = "Network services (DHCP, DNS, RA, hostapd)"; + sliceConfig = { + CPUAffinity = "8,20,9,21,10,22,11,23"; # Userland cores only + MemoryHigh = "4G"; + MemoryMax = "8G"; + }; +}; +systemd.slices.system = { + description = "System and userland services"; + sliceConfig = { + CPUAffinity = "8,20,9,21,10,22,11,23"; # Userland cores only + MemoryHigh = "32G"; + MemoryMax = "64G"; + }; +}; + +# Per-daemon slices inherit from main slices +systemd.slices.kea = { + description = "KEA DHCP server slice"; + sliceConfig = { + Slice = "network-services.slice"; + }; +}; +``` + +**Note:** Network cores (0,12,1,13,2,14,3,15,4,5,6,7) are isolated by `isolcpus` and can only be used for IRQ affinity, not for systemd slice CPU affinity. All services run on userland cores (8,20,9,21,10,22,11,23) to ensure they can be scheduled by the kernel. + +## Recent Discoveries and Configuration Refinements + +### WiFi IRQ Detection and Assignment Issues + +During implementation and testing, we discovered several important issues with the initial WiFi IRQ affinity approach: + +#### Issue 1: WiFi IRQs Organized by PCI Device, Not Interface Name +**Discovery:** WiFi IRQs are organized by PCI device identifier (e.g., `0000:61:00.0`, `0000:41:00.0`) rather than by interface name (e.g., `wlp35s0`, `wlp66s0`). The original script attempted to match IRQs by interface name, which failed because: +- Multiple IRQs per interface are grouped under the same PCI device +- Interface names don't directly map to IRQ entries in `/proc/interrupts` +- The `iwlwifi:default_queue` pattern is the correct identifier + +**Solution:** Updated the IRQ affinity script to: +1. **Detect WiFi default queues by PCI device**: `cat /proc/interrupts | grep "iwlwifi:default_queue"` +2. **Assign each PCI device to a dedicated L core**: 4 default queues across L cores 4,5,6,7 +3. **Group all queues from the same PCI device** on the same core as their default queue + +#### Issue 2: Systemd Slice Configuration Syntax Errors +**Discovery:** The `Nice` property is not valid in systemd slice configuration. Attempting to set `Nice` in the `[Slice]` section causes systemd to ignore the entire slice configuration. + +**Solution:** Removed the invalid `Nice` property from slice configurations. Nice values are set at the service level instead: +```nix +systemd.services.hostapd.serviceConfig.Nice = -10; +systemd.services.kea-dhcp4-server.serviceConfig.Nice = -5; +``` + +#### Issue 3: WiFi IRQ Distribution Not Following Expected Pattern +**Discovery:** Initial testing showed WiFi IRQs distributed across cores 1, 10, 12, 3, 4, 5, 8 instead of the expected L cores 4,5,6,7. This indicated the IRQ affinity script was not working correctly. + +**Root Cause:** The script was trying to match IRQs by interface name instead of PCI device, and the WiFi IRQ detection logic was flawed. + +**Solution:** Completely rewrote the WiFi IRQ detection and assignment logic to work with PCI devices and properly distribute the 4 default queues across L cores 4,5,6,7. + +### IRQ and Slice Analysis Script + +To monitor and verify the optimization configuration, we created a comprehensive analysis script: `irq-slice-analysis.sh` + +#### Purpose +The script provides a concise runtime analysis of: +- Kernel command line parameters (CPU isolation, NoHz, RCU settings) +- Ethernet IRQ L core distribution +- WiFi IRQ L core distribution with validation against expected cores +- Systemd slice CPU affinity and status +- Service status and slice assignments +- IRQ affinity service status + +#### Key Features +- **Concise output**: Focuses on essential information in a compact format +- **L core mapping**: Converts logical CPU numbers to physical L core numbers +- **Status indicators**: Color-coded status messages (✓, ⚠, ✗, ℹ) +- **Validation**: Checks if WiFi IRQs are using expected L cores 4,5,6,7 +- **Service monitoring**: Shows active services with their slice assignments and nice values + +#### Usage +```bash +# Run the analysis script +./irq-slice-analysis.sh + +# Example output: +=== L2 WiFi Access Point - IRQ and Slice Analysis === +ℹ Isolated cores: 0,12,1,13,2,14,3,15,4,16,5,17,6,18,7,19 + +=== Ethernet IRQ L Cores === +enp1s0 IRQs using L cores: 11 12 3 4 5 6 7 9 + +=== WiFi IRQ L Cores === +iwlwifi IRQs using L cores: 1 10 12 3 4 5 8 +✓ L core 4: used +✓ L core 5: used +⚠ L core 6: not used +⚠ L core 7: not used + +=== Systemd Slice L Cores === +network-services.slice: L cores 8 9 10 11 +system.slice: L cores 8 9 10 11 +kea.slice: inherits from parent +pdns.slice: inherits from parent +radvd.slice: inherits from parent +hostapd.slice: inherits from parent + +=== Service Status === +✓ hostapd: active (slice: hostapd.slice, nice: -10) +✓ kea-dhcp4-server: active (slice: kea.slice, nice: -5) +✓ pdns-recursor: active (slice: pdns.slice, nice: -5) +✓ radvd: active (slice: radvd.slice, nice: -5) + +✓ IRQ affinity service: active +``` + +#### Design Decisions Captured +1. **WiFi IRQ Detection**: Use PCI device-based detection instead of interface name matching +2. **Default Queue Prioritization**: Focus on distributing 4 default queues across L cores 4,5,6,7 +3. **Systemd Slice Syntax**: Remove invalid `Nice` property from slice configurations +4. **Analysis Script**: Provide concise, actionable output for monitoring optimization status +5. **L Core Mapping**: Convert logical CPU numbers to physical core numbers for clarity + +These discoveries and refinements ensure the optimization configuration works correctly across different hardware configurations and provides reliable monitoring capabilities for ongoing performance validation. + +## Global CPU Affinity for Systemd Services (NixOS) + +To ensure all userland/systemd services run only on the designated userland cores, we use the following NixOS options: + +```nix +systemd.extraConfig = "CPUAffinity=8,20,9,21,10,22,11,23"; +systemd.user.extraConfig = "CPUAffinity=8,20,9,21,10,22,11,23"; +``` + +This sets the default CPU affinity for all systemd-managed services and user services to the userland cores. This is written to `/etc/systemd/system.conf` and `/etc/systemd/user.conf` respectively. Individual services can still override this if needed, but by default, all systemd services will be restricted to these cores. + +> **Note:** There is no global `Nice` setting in systemd. Nice values must be set per-service using the `Nice` property in the service's `serviceConfig` block. + + +## cpu layout + +To see the cpu layout + +``` +hwloc-ls l2_2025_06_28.svg + ``` \ No newline at end of file diff --git a/desktop/l2/Makefile b/desktop/l2/Makefile new file mode 100644 index 0000000..da37477 --- /dev/null +++ b/desktop/l2/Makefile @@ -0,0 +1,75 @@ +# +# nixos/laptops/l/Makefile +# +EXPECTED_HOSTNAME := l2 + +ACTUAL_HOSTNAME := $(shell hostname) + +all: check_hostname rebuild + +check_hostname: +ifeq ($(ACTUAL_HOSTNAME),$(EXPECTED_HOSTNAME)) + @echo "Hostnames match: $(ACTUAL_HOSTNAME)" +else + @echo "Error: Hostname does not match. Expected: $(EXPECTED_HOSTNAME), Got: $(ACTUAL_HOSTNAME)" + @exit 1 +endif + +rebuild: + sudo nixos-rebuild switch --flake . + +rebuild_t: + sudo nixos-rebuild switch --flake .#l2 + +#https://nixos.org/manual/nixos/unstable/index.html#sec-nix-network-issues +#nixos-rebuild switch --option binary-caches http://my-cache.example.org/ + +impure: + sudo nixos-rebuild switch --impure --flake . + +rebuild_trace: + sudo nixos-rebuild switch --show-trace --flake . + +update: + sudo nix flake update; + +sync: + rsync -avz /home/das/nixos/ "${EXPECTED_HOSTNAME}":/home/das/nixos/ + +rebuild_old: + # sudo cp ./flake.nix /etc/nixos/ + # sudo cp ./flake.lock /etc/nixos/ + # sudo cp ../../modules/* /etc/nixos/ + # sudo cp ./configuration.nix /etc/nixos/ + # #sudo cp ./home-manager.nix /etc/nixos/ + # sudo cp ./home.nix /etc/nixos/ + # sudo cp ./prometheus.nix /etc/nixos/ + # sudo cp ./*.nix /etc/nixos/ + # sudo nix-channel --update + # sudo nixos-rebuild switch + #sudo cp ./* /etc/nixos/ + sudo nix flake update; + #sudo nix-channel --update; + sudo nixos-rebuild switch --flake . + +update_oldm.: + sudo nix-channel --update + sudo nixos-rebuild switch + #nix-shell -p vim + +restart_display_manager: + sudo systemctl restart display-manager.service + +#ls -l /run/opengl-driver/lib/gbm/ +#readlink /run/opengl-driver/lib/gbm/dri_gbm.so +#glxinfo | grep -i 'renderer' + +#journalctl -b | grep -Ei 'X.*fatal|gdm|wayland|mesa|amdgpu' --no-pager +#less /var/log/Xorg.0.log + +#nix-shell -p mesa-demos +#glxinfo | grep -i opengl + +# cat configuration.nix | grep -A 20 "hardware.graphics =" + +# end diff --git a/desktop/l2/README.md b/desktop/l2/README.md new file mode 100644 index 0000000..db16f7b --- /dev/null +++ b/desktop/l2/README.md @@ -0,0 +1,333 @@ +# L2 WiFi Access Point Configuration + +This directory contains the NixOS configuration for a high-performance WiFi access point with 4x WiFi NICs, designed to handle multiple concurrent clients with optimized network performance. + +## Overview + +The L2 system is configured as a dedicated WiFi access point with: +- **4x WiFi NICs** for high-capacity wireless networking +- **Custom hostapd 2.10** with LAR (License Assisted Radar) patch +- **Advanced network services** (DHCP, DNS, IPv6 RA) +- **nftables firewall** with connection tracking and NAT +- **Network interface optimizations** for maximum performance +- **CPU and IRQ optimizations** for dedicated network processing + +## WiFi Configuration + +### Hostapd 2.10 with LAR Patch + +The system uses a custom hostapd 2.10 build with the LAR (License Assisted Radar) patch applied. This is configured in `flake.nix`: + +```nix +overlays = { + default = final: prev: { + hostapd = prev.hostapd.overrideDerivation (old: { + version = "2.10"; + src = final.fetchurl { + url = "https://w1.fi/releases/hostapd-2.10.tar.gz"; + sha256 = "0pcik0a6yin9nib02frjhaglmg44hwik086iwg1751b7kdwpqvi0"; + }; + # Replace all patches with just the LAR patch + patches = [ + (final.fetchpatch { + url = "https://tildearrow.org/storage/hostapd-2.10-lar.patch"; + sha256 = "USiHBZH5QcUJfZSxGoFwUefq3ARc4S/KliwUm8SqvoI="; + }) + ]; + }); + }; +}; +``` + +**Why hostapd 2.10?** +- Better support for modern WiFi features +- Improved performance and stability +- LAR patch enables License Assisted Radar functionality +- **Note**: Default nixpkgs hostapd version is 2.11, but the LAR patch can only be applied to 2.10 + +**LAR Patch Benefits:** +- Enables radar detection and avoidance +- Required for certain regulatory domains +- Improves coexistence with radar systems +- **Reference**: [Making hostapd LAR-friendly on Intel 5GHz wireless cards](https://tildearrow.org/?p=post&month=7&year=2022&item=lar) + +The LAR patch addresses issues with Intel wireless cards that use Location-Aware Regulatory (LAR) to automatically detect the country/regulatory domain. The patch modifies hostapd to scan for nearby networks before setting up the access point, which helps the card properly detect the regulatory domain and enable 5GHz channels. + +### WiFi Interface Configuration + +The system manages 4 WiFi interfaces: +- `wlp35s0` - Channel 36 (non-DFS) +- `wlp65s0` - Channel 40 (non-DFS) +- `wlp66s0` - Channel 44 (non-DFS) +- `wlp97s0` - Channel 48 (non-DFS) + +All interfaces operate in 5GHz band with WPA3-SAE authentication. + +### WiFi WMM (QoS) Configuration + +This system uses specific WMM (Wi-Fi Multimedia) settings for the best effort (AC_BE) access category, as suggested by Nokia WiFi engineer Koen De Schepper, to optimize WiFi performance for normal-priority traffic: + +``` +# Normal priority / AC_BE = best effort +wmm_ac_be_aifs=1 +wmm_ac_be_cwmin=4 +wmm_ac_be_cwmax=4 +wmm_ac_be_txop_limit=32 +wmm_ac_be_acm=0 +``` + +These values are set in the `hostapd-multi.nix` configuration and ensure that best effort traffic is handled with optimal latency and fairness, as recommended by industry experts. + +## CPU and IRQ Optimization + +### System Architecture + +The L2 system features an **AMD Ryzen Threadripper PRO 3945WX** with: +- **12 physical cores** (24 logical threads with SMT) +- **4 NUMA nodes** with **64 MiB L3 cache** +- **6 MiB L2 cache** (12 instances) +- **384 KiB L1 cache** per core + +### Core Dedication Strategy + +#### Network Processing Cores (0-7) +- **Dedicated cores** for network interrupts and processing +- **Isolated from scheduler** (`isolcpus=0-7`) +- **No tick processing** (`nohz_full=0-7`) +- **Disabled RCU callbacks** (`rcu_nocbs=0-7`) +- **Performance governor** with maximum frequency +- **Benefits**: + - Dedicated L1/L2 cache for network processing + - No competition with userland workloads + - Better cache locality for network data structures + - Reduced interrupt latency + +#### Userland Processing Cores (8-23) +- **Remaining cores** for system services and userland +- **Normal scheduling** and power management +- **Benefits**: + - Isolated from network interrupt processing + - Dedicated resources for DHCP, DNS, firewall processing + - Better performance for non-network workloads + +### IRQ Affinity Configuration + +#### Ethernet Interface (enp1s0) +- **8 MSI-X vectors** distributed across cores 0-7 +- **Atlantic driver** with optimized interrupt handling + +#### WiFi Interfaces +- **wlp35s0**: 16 MSI-X vectors → cores 0-3 +- **wlp65s0**: 16 MSI-X vectors → cores 4-7 +- **wlp66s0**: 16 MSI-X vectors → cores 0-3 (alternating) +- **wlp97s0**: 16 MSI-X vectors → cores 4-7 (alternating) + +### Service CPU Affinity + +#### Network Processing Services (Cores 0-7) +- **hostapd**: High priority (-10), real-time I/O, network-processing slice +- **nftables**: High priority (-5), network-processing slice +- **network-optimization**: High priority (-5), network-processing slice + +#### Network Services (Cores 8-15) +- **kea-dhcp4-server**: High priority (-5), network-services slice +- **pdns-recursor**: High priority (-5), network-services slice +- **radvd**: High priority (-5), network-services slice + +#### Userland Services (Cores 16-23) +- **Monitoring services**: Normal priority, userland-processing slice +- **System services**: Normal priority, userland-processing slice +- **User processes**: Normal priority, userland-processing slice + +## Network Services (`hostapd-multi.nix`) + +### DHCP Server (Kea) +- **Purpose**: Provides IPv4 addresses to WiFi clients +- **Subnet**: 192.168.1.0/24 +- **Range**: 192.168.1.100 - 192.168.1.200 +- **Gateway**: 192.168.1.1 +- **DNS**: 192.168.1.1 + +### DNS Resolver (PowerDNS Recursor) +- **Purpose**: Local DNS resolution for WiFi clients +- **Listen addresses**: 127.0.0.1, ::1, 192.168.1.1, fd00::1 +- **Features**: RFC1918 support, recursive resolution +- **Fallback**: Cloudflare DNS (1.1.1.1, 2606:4700:4700::1111) + +### IPv6 Router Advertisement (radvd) +- **Purpose**: IPv6 SLAAC for WiFi clients +- **Prefix**: fd00::/64 +- **Features**: Autonomous address configuration +- **DNS**: fd00::1 + +### Network Bridge (br0) +- **Purpose**: Bridges all WiFi interfaces +- **IPv4**: 192.168.1.1/24 +- **IPv6**: fd00::1/64 +- **QoS**: CAKE (Common Applications Kept Enhanced) for traffic shaping + +## Firewall and NAT (`firewall.nix`) + +### nftables Configuration +The system uses nftables with connection tracking for maximum security and performance: + +#### Filter Table (inet) +- **Input Chain**: Handles incoming traffic to the router + - SSH (port 22) + - DNS (port 53) + - DHCP (ports 67 for DHCPv4, 547 for DHCPv6) + - ICMP (ping) + - IPv6 RA +- **Forward Chain**: Handles traffic between networks + - Allow internal to external (br0 → enp1s0) + - Allow return traffic for established connections +- **Output Chain**: Allow all outgoing traffic + +#### NAT Tables +- **IPv4 NAT**: Masquerades traffic from br0 to enp1s0 +- **IPv6 NAT**: Masquerades IPv6 traffic from br0 to enp1s0 + +### Connection Tracking +- **Purpose**: Stateful packet filtering +- **Benefits**: + - Only legitimate return traffic is allowed + - Better security than stateless filtering + - Improved performance for established connections + +## Network Optimizations (`network-optimization.nix`) + +### Hardware Optimizations +Applied via ethtool during boot: + +#### Ring Buffers +- **RX/TX**: Increased to maximum (8184) +- **Benefit**: Higher throughput, better burst handling + +#### Feature Enables +- **LRO (Large Receive Offload)**: Combines packets for CPU efficiency +- **IPv4 Checksum Offload**: Hardware handles checksum calculation +- **TCP ECN Segmentation**: Better ECN packet handling +- **GRO List**: Generic Receive Offload with list support + +#### Interrupt Coalescing +- **RX**: 512μs, 32 frames (was 256μs, 0 frames) +- **TX**: 1024μs, 32 frames (was 1022μs, 0 frames) +- **Benefits**: Fewer interrupts, better batch processing + +### Kernel Optimizations (`sysctl.nix`) +- **TCP buffers**: Optimized for high throughput +- **Connection tracking**: 262K entries for multiple clients +- **Network backlog**: Increased for burst traffic handling +- **Congestion control**: BBR for better performance + +### Verification +Network optimization results are logged to `/tmp/network-optimization.log` and include: +- Ring buffer settings +- Feature status +- Interrupt coalescing configuration +- Driver information + +## Performance Monitoring (`monitoring.nix`) + +### Automated Monitoring +- **IRQ distribution**: Tracks interrupt distribution across cores +- **CPU utilization**: Monitors per-core usage patterns +- **Network statistics**: Tracks interface performance +- **Cache performance**: Monitors cache misses for network processes +- **System load**: Tracks overall system performance + +### Performance Testing +- **Throughput testing**: Automated iperf3 testing +- **Latency testing**: Ping latency measurements +- **IRQ distribution testing**: Validates interrupt affinity +- **CPU utilization testing**: Monitors during network activity + +### Logging and Analysis +- **Log directory**: `/var/log/network-performance/` +- **Real-time monitoring**: Continuous performance tracking +- **Historical data**: sysstat integration for trend analysis +- **Log rotation**: Automated log management + +## System Architecture + +``` +Internet (enp1s0) + ↓ +[NAT/Firewall] ← nftables with connection tracking (cores 0-7, network-processing slice) + ↓ +[Bridge (br0)] ← 192.168.1.1/24, fd00::1/64 + ↓ +[WiFi Clients] ← 4x WiFi interfaces with hostapd 2.10 (cores 0-7, network-processing slice) + ↓ +[Network Services] ← DHCP, DNS, RA (cores 8-15, network-services slice) + ↓ +[Userland Services] ← Monitoring, system services (cores 16-23, userland-processing slice) +``` + +## Services Overview + +| Service | Purpose | CPU Cores | Priority | Slice | +|---------|---------|-----------|----------|-------| +| hostapd | WiFi access point | 0-7 | -10 (RT) | network-processing | +| nftables | Firewall/NAT | 0-7 | -5 | network-processing | +| Kea | DHCP server | 8-15 | -5 | network-services | +| PowerDNS | DNS resolver | 8-15 | -5 | network-services | +| radvd | IPv6 RA | 8-15 | -5 | network-services | +| CAKE | QoS | 0-7 | -5 | network-processing | +| Monitoring | Performance tracking | 16-23 | 0 | userland-processing | + +## Performance Features + +- **Multi-interface WiFi**: 4x concurrent access points +- **Hardware offloading**: Checksums, segmentation, GRO +- **Connection tracking**: Stateful firewall with 262K entries +- **Optimized buffers**: Maximum ring buffers and TCP windows +- **Interrupt coalescing**: Reduced CPU overhead +- **BBR congestion control**: Better throughput and latency +- **CPU isolation**: Dedicated network processing cores +- **IRQ affinity**: Optimized interrupt distribution +- **Cache optimization**: Dedicated L1/L2 cache for network processing + +## Expected Performance Improvements + +### 1. **Reduced Interrupt Latency** +- Dedicated cores eliminate competition for CPU resources +- Better cache locality reduces memory access latency +- SMT isolation prevents cache pollution + +### 2. **Improved Throughput** +- Parallel processing across 8 dedicated network cores +- Better interrupt distribution reduces bottlenecks +- Optimized cache utilization for network data structures + +### 3. **Lower CPU Overhead** +- Reduced context switching on network cores +- Better interrupt coalescing effectiveness +- Optimized memory allocation patterns + +### 4. **Enhanced Scalability** +- Better support for multiple concurrent WiFi clients +- Improved handling of burst traffic +- More predictable performance under load + +## Monitoring + +- **Network optimization log**: `/tmp/network-optimization.log` +- **Performance monitoring**: `/var/log/network-performance/` +- **nftables rules**: `sudo nft list ruleset` +- **Service status**: `systemctl status hostapd kea-dhcp4-server pdns-recursor radvd nftables` +- **IRQ distribution**: `cat /proc/interrupts | grep -E "(enp1s0|iwlwifi)"` +- **CPU utilization**: `mpstat -P ALL 1` + +## Files Overview + +- `flake.nix` - Hostapd 2.10 overlay and flake configuration +- `hostapd-multi.nix` - WiFi, DHCP, DNS, and IPv6 services +- `firewall.nix` - nftables firewall and NAT configuration +- `network-optimization.nix` - Hardware and kernel optimizations +- `irq-affinity.nix` - IRQ affinity and CPU dedication configuration +- `kernel-params.nix` - Kernel boot parameters and runtime optimizations +- `monitoring.nix` - Performance monitoring and testing services +- `sysctl.nix` - Kernel network parameters +- `configuration.nix` - Main system configuration +- `CPU_and_IRQ_optimization.md` - Detailed optimization documentation \ No newline at end of file diff --git a/desktop/l2/configuration.nix b/desktop/l2/configuration.nix new file mode 100644 index 0000000..bb4ab57 --- /dev/null +++ b/desktop/l2/configuration.nix @@ -0,0 +1,189 @@ +# +# +# l2/configuration.nix +# + +{ + inputs, + config, + pkgs, + lib, + ... +}: + +{ + # https://nixos.wiki/wiki/NixOS_modules + # https://nixos-and-flakes.thiscute.world/nixos-with-flakes/start-using-home-manager + imports = + [ + ./hardware-configuration.nix + #./hardware-graphics.nix + ./sysctl.nix + #./wireless_desktop.nix + ./locale.nix + ./hosts.nix + ./firewall.nix + #./systemdSystem.nix + ./systemPackages.nix + # home manager is imported in the flake + #./home.nix + ./nodeExporter.nix + ./prometheus.nix + ./grafana.nix + # clickhouse + #./docker-compose.nix + #./docker-daemon.nix + #./smokeping.nix + #./distributed-builds.nix + #./hyprland.nix + #./hostapd.nix + ./hostapd-multi.nix + ./network-optimization.nix + # CPU and IRQ optimization modules + ./irq-affinity.nix + ./systemd-slices.nix + ./kernel-params.nix + #./monitoring.nix + ]; + + boot = { + loader.systemd-boot = { + enable = true; + consoleMode = "max"; + memtest86.enable = true; + configurationLimit = 20; + }; + + loader.efi.canTouchEfiVariables = true; + + # https://nixos.wiki/wiki/Linux_kernel + #kernelPackages = pkgs.linuxPackages; + kernelPackages = pkgs.linuxPackages_latest; + + initrd.kernelModules = [ + "amdgpu" + ]; + + blacklistedKernelModules = [ + "nouveau" + #"i915" + ]; + + initrd.preDeviceCommands = '' + echo "Loading regulatory database early" + cp ${pkgs.wireless-regdb}/lib/firmware/regulatory.db /lib/firmware/ + cp ${pkgs.wireless-regdb}/lib/firmware/regulatory.db.p7s /lib/firmware/ + ''; + + # cat /proc/cmdline + # cat /etc/modprobe.d/nixos.conf + extraModprobeConfig = '' + options cfg80211 ieee80211_regdom=US + options iwlwifi lar_disable=1 + ''; + + }; + + # https://fzakaria.com/2025/02/26/nix-pragmatism-nix-ld-and-envfs + # Enable nix-ld for better compatibility with non-Nix binaries + programs.nix-ld = { + enable = true; + # Add commonly needed libraries + libraries = with pkgs; [ + stdenv.cc.cc.lib + zlib + libxml2 + ]; + }; + + # Enable envfs for better compatibility with FHS expectations + services.envfs = { + enable = true; + }; + + nix = { + settings = { + auto-optimise-store = true; + experimental-features = [ "nix-command" "flakes" ]; + download-buffer-size = "500000000"; + # https://nix.dev/manual/nix/2.28/command-ref/conf-file#conf-max-jobs + max-jobs = 12; # default = 1. Setting this to 1/2 my cores + http-connections = 100; # default 25 + # https://nix.dev/manual/nix/2.28/command-ref/conf-file#conf-max-substitution-jobs + max-substitution-jobs = 64; # default 16 + }; + gc = { + automatic = true; # Enable automatic execution of the task + dates = "daily"; # Schedule the task to run daily + options = "--delete-older-than 10d"; # Specify options for the task: delete files older than 10 days + randomizedDelaySec = "14m"; # Introduce a randomized delay of up to 14 minutes before executing the task + }; + }; + + # https://nixos.wiki/wiki/Networking + networking.hostName = "l2"; + + time.timeZone = "America/Los_Angeles"; + + systemd.services.systemd-udev-settle.enable = false; + + services.openssh.enable = true; + programs.ssh.extraConfig = '' + Host hp4.home + PubkeyAcceptedKeyTypes ssh-ed25519 + ServerAliveInterval 60 + IPQoS throughput + ''; + + services.lldpd.enable = true; + services.timesyncd.enable = true; + services.fstrim.enable = true; + + services.avahi = { + enable = true; + nssmdns4 = true; + ipv4 = true; + ipv6 = true; + openFirewall = true; + }; + + # environment.variables defined in hardware-graphics.nix + environment.sessionVariables = { + TERM = "xterm-256color"; + #MY_VARIABLE = "my-value"; + }; + + users.users.das = { + isNormalUser = true; + description = "das"; + extraGroups = [ "wheel" "networkmanager" "kvm" "libvirtd" "docker" "video" ]; + packages = with pkgs; [ + ]; + # https://nixos.wiki/wiki/SSH_public_key_authentication + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGMCFUMSCFJX95eLfm7P9r72NBp9I1FiXwNwJ+x/HGPV das@t" + ]; + }; + + programs.gnupg.agent = { + enable = true; + enableSSHSupport = true; + }; + + # # https://nixos.wiki/wiki/Virt-manager + # virtualisation.libvirtd.enable = true; + # #programs.virt-manager.enable = true; + # virtualisation.spiceUSBRedirection.enable = true; + + # virtualisation.containers = { + # ociSeccompBpfHook.enable = true; + # }; + + system.stateVersion = "24.11"; + + systemd.extraConfig = "CPUAffinity=8,20,9,21,10,22,11,23"; + systemd.user.extraConfig = "CPUAffinity=8,20,9,21,10,22,11,23"; + +} + +# end \ No newline at end of file diff --git a/desktop/l2/distributed-builds.nix b/desktop/l2/distributed-builds.nix new file mode 100644 index 0000000..cd2717d --- /dev/null +++ b/desktop/l2/distributed-builds.nix @@ -0,0 +1,28 @@ +# +# latops/t/distributed-builds.nix +# +# https://nix.dev/tutorials/nixos/distributed-builds-setup.html#set-up-distributed-builds +# https://docs.nixbuild.net/getting-started/#quick-nixos-configuration +{ pkgs, ... }: +{ + nix.distributedBuilds = true; + nix.settings.builders-use-substitutes = true; + + nix.buildMachines = [ + { + hostName = "hp4.home"; + sshUser = "remotebuild"; + sshKey = "/root/.ssh/remotebuild"; + system = pkgs.stdenv.hostPlatform.system; + maxJobs = 100; + supportedFeatures = [ "nixos-test" "big-parallel" "kvm" ]; + } + ]; +} + +# https://docs.nixbuild.net/getting-started/#your-first-build +# nix-build \ +# --max-jobs 0 \ +# --builders "ssh://hp4 x86_64-linux - 100 1 big-parallel,benchmark" \ +# -I nixpkgs=channel:nixos-20.03 \ +# --expr '((import {}).runCommand "test${toString builtins.currentTime}" {} "echo Hello nixbuild.net; touch $out")' \ No newline at end of file diff --git a/desktop/l2/docker-daemon.nix b/desktop/l2/docker-daemon.nix new file mode 100644 index 0000000..fe72a86 --- /dev/null +++ b/desktop/l2/docker-daemon.nix @@ -0,0 +1,27 @@ + +{ config, pkgs, ... }: + +{ + # https://nixos.wiki/wiki/Docker + # https://search.nixos.org/options?from=0&size=50&sort=alpha_asc&query=virtualisation.docker + # https://search.nixos.org/options?channel=24.05&show=virtualisation.docker.extraOptions&from=0&size=50&sort=alpha_asc&type=packages&query=virtualisation.docker + # https://github.com/NixOS/nixpkgs/issues/68349 + virtualisation.docker.enable = true; + virtualisation.docker.daemon.settings = { + data-root = "/home/das/docker/"; + userland-proxy = false; + experimental = true; + ipv6 = true; + fixed-cidr-v6 = "fd00::/80"; + metrics-addr = "0.0.0.0:9323"; + # log-driver = "json-file"; + # log-opts.max-size = "10m"; + # log-opts.max-file = "10"; + }; + #this doesn't work + #virtualisation.docker.daemon.settings.log-opts.max-size = "10m"; + # https://docs.docker.com/reference/cli/dockerd/ + #virtualisation.docker.extraOptions = "--userland-proxy=false"; + #virtualisation.docker.extraOptions = "--log-opt=max-size=10m"; + #virtualisation.docker.extraOptions = "--ipv6"; +} \ No newline at end of file diff --git a/desktop/l2/firewall.nix b/desktop/l2/firewall.nix new file mode 100644 index 0000000..479db85 --- /dev/null +++ b/desktop/l2/firewall.nix @@ -0,0 +1,121 @@ +# +# l2/firewall.nix +# +# Firewall configuration for WiFi access point +# +# # List all rules (most common) +# sudo nft list ruleset + +# # List specific table +# sudo nft list table inet filter + +# # List specific chain +# sudo nft list chain inet filter input + +# # Show rules with handles (useful for deleting specific rules) +# sudo nft list ruleset -a + +# # Monitor nftables events in real-time +# sudo nft monitor + +# # Monitor specific events (new rules, deleted rules, etc.) +# sudo nft monitor new rules +# sudo nft monitor destroy rules + +# # Show packet counters +# sudo nft list ruleset -n + +# # Show rules with statistics +# sudo nft list ruleset -s +# # +# # See all filter rules (input, forward, output chains) +# sudo nft list table inet filter + +# # See NAT rules +# sudo nft list table ip nat +# sudo nft list table ip6 nat +# + +{ config, pkgs, ... }: + +{ + # Disable the default iptables firewall since we're using nftables + networking.firewall.enable = false; + + # Enable nftables with connection tracking for maximum security + networking.nftables = { + enable = true; + ruleset = '' + table inet filter { + chain input { + type filter hook input priority 0; policy drop; + + # Enable connection tracking + ct state established,related accept + ct state invalid drop + + # Allow loopback + iif lo accept + oif lo accept + + # Allow SSH from anywhere + tcp dport 22 accept + + # Allow DNS queries + udp dport 53 accept + tcp dport 53 accept + + # Allow DHCP + udp dport 67 accept + udp dport 547 accept + + # Allow ICMP (ping, etc.) + icmp type echo-request accept + icmpv6 type echo-request accept + + # Allow RA (Router Advertisement) + icmpv6 type nd-router-advert accept + } + + chain forward { + type filter hook forward priority 0; policy drop; + + # Allow traffic from internal network to external + # Use meta iifname to avoid interface existence check at load time + meta iifname "br0" oifname "enp1s0" accept + + # Allow return traffic from external to internal + meta iifname "enp1s0" oifname "br0" ct state established,related accept + } + + chain output { + type filter hook output priority 0; policy accept; + } + } + + table ip nat { + chain prerouting { + type nat hook prerouting priority dstnat; + } + + chain postrouting { + type nat hook postrouting priority srcnat; + # IPv4 masquerading + meta oifname "enp1s0" masquerade + } + } + + table ip6 nat { + chain prerouting { + type nat hook prerouting priority dstnat; + } + + chain postrouting { + type nat hook postrouting priority srcnat; + # IPv6 masquerading + meta oifname "enp1s0" masquerade + } + } + ''; + }; +} \ No newline at end of file diff --git a/desktop/l2/flake.lock b/desktop/l2/flake.lock new file mode 100644 index 0000000..cb18004 --- /dev/null +++ b/desktop/l2/flake.lock @@ -0,0 +1,48 @@ +{ + "nodes": { + "home-manager": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1750798083, + "narHash": "sha256-DTCCcp6WCFaYXWKFRA6fiI2zlvOLCf5Vwx8+/0R8Wc4=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "ff31a4677c1a8ae506aa7e003a3dba08cb203f82", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1750741721, + "narHash": "sha256-Z0djmTa1YmnGMfE9jEe05oO4zggjDmxOGKwt844bUhE=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "4b1164c3215f018c4442463a27689d973cffd750", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "home-manager": "home-manager", + "nixpkgs": "nixpkgs" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/desktop/l2/flake.nix b/desktop/l2/flake.nix new file mode 100644 index 0000000..2d609cc --- /dev/null +++ b/desktop/l2/flake.nix @@ -0,0 +1,73 @@ +# +# l2/flake.nix +# +{ + description = "l2 Flake"; + + # https://nix.dev/manual/nix/2.24/command-ref/new-cli/nix3-flake.html#flake-inputs + inputs = { + nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; + + # https://nixos-and-flakes.thiscute.world/nixos-with-flakes/start-using-home-manager + home-manager = { + url = "github:nix-community/home-manager"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + }; + + outputs = { self, nixpkgs, home-manager, ... }: + let + system = "x86_64-linux"; + + lib = nixpkgs.lib; + + overlays = { + default = final: prev: { + hostapd = prev.hostapd.overrideDerivation (old: { + version = "2.10"; + src = final.fetchurl { + url = "https://w1.fi/releases/hostapd-2.10.tar.gz"; + sha256 = "0pcik0a6yin9nib02frjhaglmg44hwik086iwg1751b7kdwpqvi0"; + # nix-prefetch-url https://w1.fi/releases/hostapd-2.10.tar.gz + }; + patches = [ + (final.fetchpatch { + url = "https://tildearrow.org/storage/hostapd-2.10-lar.patch"; + sha256 = "USiHBZH5QcUJfZSxGoFwUefq3ARc4S/KliwUm8SqvoI="; + }) + ]; + }); + }; + }; + + pkgs = import nixpkgs { + inherit system; + overlays = [ overlays.default ]; + config.allowUnfree = true; + }; + + in { + nixosConfigurations = { + l2 = lib.nixosSystem { + + inherit system; + + modules = [ + ./configuration.nix + { + nixpkgs.pkgs = pkgs; + } + home-manager.nixosModules.home-manager + { + home-manager.useUserPackages = true; + home-manager.users.das = { config, pkgs, ... }: { + imports = [ ./home.nix ]; + }; + } + ]; + }; + }; + }; +} + +# end \ No newline at end of file diff --git a/desktop/l2/grafana.nix b/desktop/l2/grafana.nix new file mode 100644 index 0000000..471b71d --- /dev/null +++ b/desktop/l2/grafana.nix @@ -0,0 +1,23 @@ +{ config, pkgs, ... }: +{ + # https://nixos.wiki/wiki/Grafana + # https://search.nixos.org/options?query=services.grafana + # https://xeiaso.net/blog/prometheus-grafana-loki-nixos-2020-11-20/ + # https://grafana.com/grafana/dashboards/1860-node-exporter-full/ + services.grafana = { + enable = true; + settings = { + server = { + # Listening Address + http_addr = "0.0.0.0"; + # and Port + http_port = 3000; + # Grafana needs to know on which domain and URL it's running + #domain = "your.domain"; + #root_url = "https://your.domain/grafana/"; # Not needed if it is `https://your.domain/` + serve_from_sub_path = true; + enable_gzip = true; + }; + }; + }; +} \ No newline at end of file diff --git a/desktop/l2/hardware-configuration.nix b/desktop/l2/hardware-configuration.nix new file mode 100644 index 0000000..e1b1083 --- /dev/null +++ b/desktop/l2/hardware-configuration.nix @@ -0,0 +1,41 @@ +# Do not modify this file! It was generated by 'nixos-generate-config' +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/f72013eb-dba3-48d6-80cd-65a1684ba502"; + fsType = "ext4"; + }; + + boot.initrd.luks.devices."luks-6fd137fa-aa82-4200-9ca1-cd049de90418".device = "/dev/disk/by-uuid/6fd137fa-aa82-4200-9ca1-cd049de90418"; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/4C7A-4843"; + fsType = "vfat"; + options = [ "fmask=0077" "dmask=0077" ]; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/979a4a5a-8724-4c06-8173-13e72cb49a9d"; } + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + # networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true; + + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/desktop/l2/home.nix b/desktop/l2/home.nix new file mode 100644 index 0000000..f36f1bf --- /dev/null +++ b/desktop/l2/home.nix @@ -0,0 +1,174 @@ +{ + config, + pkgs, + ... +}: + +{ + + home = { + username = "das"; + homeDirectory = "/home/das"; + }; + + # https://nix-community.github.io/home-manager/index.xhtml#ch-installation + #home-manager.users.das = { pkgs, ... }: { + + # https://nix-community.github.io/home-manager/options.xhtml#opt-home.sessionVariables + home.sessionVariables = { + #NIXPKGS_ALLOW_UNFREE = "1"; + ELECTRON_OZONE_PLATFORM_HINT = "auto"; + + QT_QPA_PLATFORM = "wayland"; + # GI_TYPELIB_PATH = "/run/current-system/sw/lib/girepository-1.0"; + # disable wayland + # NIXOS_OZONE_WL = "1"; + GOPRIVATE = "gitlab.com/sidenio/*"; + TERM = "xterm-256color"; + + #HTTP_PROXY = "http://hp4.home:3128"; + #HTTPS_PROXY = "http://hp4.home:3128"; + #NO_PROXY = "localhost,127.0.0.1,::1,172.16.0.0/16"; + # You can also use ALL_PROXY or FTP_PROXY if needed + # ALL_PROXY = "http://hp4:3128"; + }; + + home.packages = with pkgs; [ + # System/Info Tools + killall + hw-probe + lshw + hwloc + #gparted + ncdu + neofetch + file + + # # Hyprland related + # waybar + # swaybg + # swaylock + # wl-clipboard + # wf-recorder + # grimblast + # hyprpaper + # hyprpicker + # hypridle + # hyprlock + + # Terminal Multiplexers + tmux + screen + + # LLVM/Clang toolchain (needed for race detection and C/C++ builds) + llvmPackages_20.clang-tools + llvmPackages_20.lld + + # Essential development libraries (minimal headers) + glibc.dev + stdenv.cc.cc.lib + zlib.dev + openssl.dev + ncurses.dev + libyaml.dev + + # Build Tools + libgcc + # https://nixos.wiki/wiki/C + # https://search.nixos.org/packages?channel=24.05&show=gcc&from=0&size=50&sort=relevance&type=packages&query=gcc + #gcc + automake + gnumake + #cmake + pkg-config + + # Scripting/Utils + perl + #3.12.8 on 12th of Feb 2025 + python3Full + gawk + jq + git + htop + btop + minicom + + bc + + # Compression + bzip2 + gzip + lz4 + zip + unzip + #xz + #zstd + + gnutar + + # File Transfer/Management + rsync + tree + + # # Terminals + # alacritty + # kitty + # #https://ghostty.org/ + # ghostty + + # Networking + ethtool + iproute2 + vlan + tcpdump + wireshark + iperf2 + netperf + flent + bpftools + fping + inetutils # Includes telnet + netcat-gnu + + # Filesystem/Monitoring + inotify-tools + + #silly + cmatrix + sl + + ]; + + programs.bash = { + enable = true; + enableCompletion = true; + shellAliases = { + k = "kubectl"; + }; + }; + + programs.vim = { + enable = true; + plugins = with pkgs.vimPlugins; [ vim-airline ]; + settings = { ignorecase = true; }; + extraConfig = '' + set mouse=a + ''; + }; + #ldflags = [ + # "-X main.Version=${version}" + # "-X main.Commit=${version}" + #]; + + programs.git = { + enable = true; + userEmail = "dave.seddon.ca@gmail.com"; + userName = "randomizedcoder"; + #signing.key = "GPG-KEY-ID"; + #signing.signByDefault = true; + }; + + nixpkgs.config.allowUnfree = true; + + home.stateVersion = "24.11"; +} diff --git a/desktop/l2/hostapd-multi.nix b/desktop/l2/hostapd-multi.nix new file mode 100644 index 0000000..7eea848 --- /dev/null +++ b/desktop/l2/hostapd-multi.nix @@ -0,0 +1,400 @@ +# +# l2/hostapd-multi.nix +# + +{ config, lib, pkgs, ... }: + +let + radioIfaces = { + # non-DFS channels + wlp35s0 = 36; + wlp65s0 = 40; + wlp66s0 = 44; + wlp97s0 = 48; + }; + + commonSettings = { + bridge = "br0"; + ieee80211w = 2; + + # WMM tuning (as recommended by Koen De Schepper, Nokia) + wmm_ac_be_aifs = 1; + wmm_ac_be_cwmin = 4; + wmm_ac_be_cwmax = 4; + wmm_ac_be_txop_limit = 32; + wmm_ac_be_acm = 0; + }; + + commonAuth = { + mode = "wpa3-sae"; + saePasswords = [{ password = "strongpassword"; }]; + }; + + genRadio = iface: channel: { + countryCode = "US"; + #band = "2g"; + band = "5g"; + channel = channel; + # settings = { + # country_code = "US"; + # ieee80211d = true; + # ieee80211h = false; + # # he_su_beamformer = 1; + # # he_su_beamformee = 1; + # # he_bss_color = 8; + # }; + + networks.${iface} = { + ssid = "myssid"; + authentication = commonAuth; + settings = commonSettings; + }; + }; + +in { + + # AX210 kernel bug + # https://bugzilla.kernel.org/show_bug.cgi?id=206469#c2 + + # Moved to configuration.nix + #boot.initrd.preDeviceCommands = '' + # echo "Loading regulatory database early" + # cp ${pkgs.wireless-regdb}/lib/firmware/regulatory.db /lib/firmware/ + # cp ${pkgs.wireless-regdb}/lib/firmware/regulatory.db.p7s /lib/firmware/ + #''; + + # This is now set in the configuration.nix + # boot.extraModprobeConfig = '' + # options cfg80211 ieee80211_regdom=US + # options iwlwifi lar_disable=1 + # ''; + + # install the firmware for the wireless interface + # ls /lib/firmware/regulatory.db + # see also: https://discourse.nixos.org/t/direct-firmware-load-for-regulatory-db-failed/16317 + hardware = { + enableAllFirmware = true; + enableRedistributableFirmware = true; + wirelessRegulatoryDatabase = true; + #firmware = with pkgs; [ wireless-regdb ]; + }; + + systemd.tmpfiles.rules = [ + "L+ /lib/firmware/regulatory.db - - - - ${pkgs.wireless-regdb}/lib/firmware/regulatory.db" + "L+ /lib/firmware/regulatory.db.p7s - - - - ${pkgs.wireless-regdb}/lib/firmware/regulatory.db.p7s" + ]; + + systemd.services.set-regdom = { + description = "Force regulatory domain before hostapd"; + wantedBy = [ "multi-user.target" ]; + after = [ "network-pre.target" "sysinit.target" ]; # Ensure network stack and devices are ready + before = [ "hostapd.service" "network-online.target" ]; # Run before hostapd and general network comes up + serviceConfig = { + Type = "oneshot"; + ExecStart = "${pkgs.iw}/bin/iw reg set US"; + ExecStopPost = "${pkgs.iw}/bin/iw reg get"; + }; + }; + + # systemctl status hostapd + services.hostapd.enable = true; + services.hostapd.radios = lib.genAttrs (builtins.attrNames radioIfaces) + (iface: genRadio iface radioIfaces.${iface}); + + # systemctl status kea-dhcp4-server.service + services.kea = { + dhcp4 = { + enable = true; + settings = { + valid-lifetime = 3600; + renew-timer = 900; + rebind-timer = 1800; + interfaces-config.interfaces = [ "br0" ]; + lease-database = { + type = "memfile"; + persist = true; + name = "/var/lib/kea/dhcp4.leases"; + }; + subnet4 = [ + { + id = 1; + subnet = "192.168.1.0/24"; + pools = [{ pool = "192.168.1.100 - 192.168.1.200"; }]; + option-data = [ + { name = "routers"; data = "192.168.1.1"; } + { name = "domain-name-servers"; data = "192.168.1.1"; } + ]; + } + ]; + }; + }; + }; + # services.prometheus.exporters.kea = { + # enable = true; + # openFirewall = true; + # #port = 9547; # default port ( https://mynixos.com/nixpkgs/option/services.prometheus.exporters.kea.port ) + # targets = [ "/run/kea/kea-dhcp4.socket" ]; + # }; + + # PowerDNS Recursor + # sudo lsof -i :53 + # systemctl status pdns-recursor + services.pdns-recursor = { + enable = true; + dns.address = [ "127.0.0.1" "::1" "192.168.1.1" "fd00::1" ]; + dns.allowFrom = [ "127.0.0.1/32" "::1/128" "192.168.1.0/24" "fd00::/64" ]; + yaml-settings = { + recursor = { + serve_rfc1918 = true; + }; + }; + }; + + # IPv6 SLAAC via radvd + # systemctl status radvd + services.radvd = { + enable = true; + config = '' + interface br0 { + AdvSendAdvert on; + prefix fd00::/64 { + AdvOnLink on; + AdvAutonomous on; + }; + RDNSS fd00::1 { + AdvRDNSSLifetime 600; + }; + }; + ''; + }; + + # https://nixos.wiki/wiki/Systemd-networkd + networking.useNetworkd = true; + networking.useDHCP = false; + systemd.network.enable = true; + + #https://www.freedesktop.org/software/systemd/man/latest/systemd.netdev.html + systemd.network.netdevs = { + "br0" = { + netdevConfig = { + Kind = "bridge"; + Name = "br0"; + }; + }; + }; + + # add dummy0 to force br0 up + systemd.network.netdevs."dummy0" = { + netdevConfig = { + Kind = "dummy"; + Name = "dummy0"; + }; + }; + +systemd.network.networks."dummy0" = { + matchConfig.Name = "dummy0"; + networkConfig = { + Bridge = "br0"; + }; +}; + + # https://www.freedesktop.org/software/systemd/man/latest/systemd.network.html + systemd.network.networks = { + "enp1s0" = { + matchConfig.Name = "enp1s0"; + networkConfig = { + DHCP = "ipv4"; + IPv6AcceptRA = true; + IPv6PrivacyExtensions = true; + # IPMasquerade handled by nftables for better control + LLDP = true; + EmitLLDP = true; + }; + }; + + "br0" = { + matchConfig.Name = "br0"; + networkConfig = { + Address = [ + "192.168.1.1/24" + "fd00::1/64" + ]; + ConfigureWithoutCarrier = true; + }; + linkConfig = { + ActivationPolicy = "always-up"; + }; + cakeConfig = { + Bandwidth = "1000M"; # Set your desired bandwidth + OverheadBytes = 8; + CompensationMode = "ptm"; # e.g. for DSL, change as needed + NAT = true; + FlowIsolationMode = "triple"; + PriorityQueueingPreset = "besteffort"; + }; + }; + + "wlan" = { + matchConfig.Type = "wlan"; + linkConfig = { + Unmanaged = true; + }; + }; + }; + + # Disable conflicting resolvers and provide local one + services.resolved.enable = false; + networking.nameservers = [ "127.0.0.1" "::1" ]; + + environment.etc."resolv.conf".text = '' + # dnsmasq + nameserver 127.0.0.1 + nameserver ::1 + # emergency cloudflare + nameserver 1.1.1.1 + nameserver 2606:4700:4700::1111 + ''; +} + +#systemctl status kea +#systemctl status pdns-recursor +#systemctl status radvd + +# [das@l2:~/nixos/desktop/l2]$ sudo ethtool --driver enp1s0 +# driver: atlantic +# version: 6.15.3 +# firmware-version: 4.2.32 +# expansion-rom-version: +# bus-info: 0000:01:00.0 +# supports-statistics: yes +# supports-test: no +# supports-eeprom-access: no +# supports-register-dump: yes +# supports-priv-flags: yes + +# [das@l2:~/nixos/desktop/l2]$ sudo ethtool --show-ring enp1s0 +# Ring parameters for enp1s0: +# Pre-set maximums: +# RX: 8184 +# RX Mini: n/a +# RX Jumbo: n/a +# TX: 8184 +# TX push buff len: n/a +# Current hardware settings: +# RX: 2048 +# RX Mini: n/a +# RX Jumbo: n/a +# TX: 4096 +# RX Buf Len: n/a +# CQE Size: n/a +# TX Push: off +# RX Push: off +# TX push buff len: n/a +# TCP data split: n/a + +# [das@l2:~/nixos/desktop/l2]$ sudo ethtool --show-features enp1s0 +# Features for enp1s0: +# rx-checksumming: on +# tx-checksumming: on +# tx-checksum-ipv4: off [fixed] +# tx-checksum-ip-generic: on +# tx-checksum-ipv6: off [fixed] +# tx-checksum-fcoe-crc: off [fixed] +# tx-checksum-sctp: off [fixed] +# scatter-gather: on +# tx-scatter-gather: on +# tx-scatter-gather-fraglist: off [fixed] +# tcp-segmentation-offload: on +# tx-tcp-segmentation: on +# tx-tcp-ecn-segmentation: off [fixed] +# tx-tcp-mangleid-segmentation: off +# tx-tcp6-segmentation: on +# tx-tcp-accecn-segmentation: off [fixed] +# generic-segmentation-offload: on +# generic-receive-offload: on +# large-receive-offload: off +# rx-vlan-offload: on +# tx-vlan-offload: on +# ntuple-filters: on +# receive-hashing: on +# highdma: off [fixed] +# rx-vlan-filter: on +# vlan-challenged: off [fixed] +# tx-gso-robust: off [fixed] +# tx-fcoe-segmentation: off [fixed] +# tx-gre-segmentation: off [fixed] +# tx-gre-csum-segmentation: off [fixed] +# tx-ipxip4-segmentation: off [fixed] +# tx-ipxip6-segmentation: off [fixed] +# tx-udp_tnl-segmentation: off [fixed] +# tx-udp_tnl-csum-segmentation: off [fixed] +# tx-gso-partial: on +# tx-tunnel-remcsum-segmentation: off [fixed] +# tx-sctp-segmentation: off [fixed] +# tx-esp-segmentation: off [fixed] +# tx-udp-segmentation: on +# tx-gso-list: off [fixed] +# tx-nocache-copy: off +# loopback: off [fixed] +# rx-fcs: off [fixed] +# rx-all: off [fixed] +# tx-vlan-stag-hw-insert: off [fixed] +# rx-vlan-stag-hw-parse: off [fixed] +# rx-vlan-stag-filter: off [fixed] +# l2-fwd-offload: off [fixed] +# hw-tc-offload: on +# esp-hw-offload: off [fixed] +# esp-tx-csum-hw-offload: off [fixed] +# rx-udp_tunnel-port-offload: off [fixed] +# tls-hw-tx-offload: off [fixed] +# tls-hw-rx-offload: off [fixed] +# rx-gro-hw: off [fixed] +# tls-hw-record: off [fixed] +# rx-gro-list: off +# macsec-hw-offload: off [fixed] +# rx-udp-gro-forwarding: off +# hsr-tag-ins-offload: off [fixed] +# hsr-tag-rm-offload: off [fixed] +# hsr-fwd-offload: off [fixed] +# hsr-dup-offload: off [fixed] + +# [das@l2:~/nixos/desktop/l2]$ + +# [das@l2:~/nixos/desktop/l2]$ sudo ethtool --show-coalesce enp1s0 +# Coalesce parameters for enp1s0: +# Adaptive RX: n/a TX: n/a +# stats-block-usecs: n/a +# sample-interval: n/a +# pkt-rate-low: n/a +# pkt-rate-high: n/a + +# rx-usecs: 256 +# rx-frames: 0 +# rx-usecs-irq: n/a +# rx-frames-irq: n/a + +# tx-usecs: 1022 +# tx-frames: 0 +# tx-usecs-irq: n/a +# tx-frames-irq: n/a + +# rx-usecs-low: n/a +# rx-frame-low: n/a +# tx-usecs-low: n/a +# tx-frame-low: n/a + +# rx-usecs-high: n/a +# rx-frame-high: n/a +# tx-usecs-high: n/a +# tx-frame-high: n/a + +# CQE mode RX: n/a TX: n/a + +# tx-aggr-max-bytes: n/a +# tx-aggr-max-frames: n/a +# tx-aggr-time-usecs: n/a + + +# [das@l2:~/nixos/desktop/l2]$ + +# end \ No newline at end of file diff --git a/desktop/l2/hosts.nix b/desktop/l2/hosts.nix new file mode 100644 index 0000000..62a2951 --- /dev/null +++ b/desktop/l2/hosts.nix @@ -0,0 +1,18 @@ +{ config, pkgs, ... }: + +{ + networking.hosts = { + "172.16.40.198" = [ "hp0" "hp0eth" ]; # adi's room + "172.16.40.141" = [ "hp0wifi" ]; + "172.16.40.142" = [ "hp1" "hp1eth" ]; + "172.16.40.212" = [ "hp2" "hp2eth" ]; + "172.16.40.146" = [ "hp3" "hp3eth" ]; # savi's room + "172.16.40.130" = [ "hp3wifi" ]; + "172.16.50.232" = [ "hp4" "hp4eth" ]; # rack + "172.16.40.70" = [ "hp5" "hp5eth" ]; + "172.16.40.122" = [ "pi5-1" "pi5-1-eth" ]; + "172.16.40.62" = [ "chromebox3" "chromebox3-eth" ]; + "172.16.40.46" = [ "l2" ]; + #"127.0.0.1" = ["redpanda-0" ]; + }; +} \ No newline at end of file diff --git a/desktop/l2/irq-affinity.nix b/desktop/l2/irq-affinity.nix new file mode 100644 index 0000000..098c82b --- /dev/null +++ b/desktop/l2/irq-affinity.nix @@ -0,0 +1,118 @@ +# IRQ Affinity Configuration for L2 WiFi Access Point +# Optimizes interrupt distribution across dedicated network cores + +{ config, lib, pkgs, ... }: + +let + # Network core assignments (cache-aware, paired SMT siblings) + # Ethernet IRQs: cores 0,12,1,13,2,14,3,15 (first 4 L cores) + # WiFi IRQs: cores 4,5,6,7 (dedicated L cores for default queues) + # Userland: cores 8,20,9,21,10,22,11,23 (remaining 4 L cores) + ethernetCores = "0,12,1,13,2,14,3,15"; # Ethernet IRQ cores + wifiCores = "4,5,6,7"; # WiFi default queue cores (L cores) + userlandCores = "8,20,9,21,10,22,11,23"; # Userland cores + + # IRQ affinity script (optimize WiFi default queues across dedicated L cores) + irqAffinityScript = pkgs.writeShellScript "irq-affinity" '' + #!/bin/bash + set -euo pipefail + + echo "Setting IRQ affinity for network optimization..." + + # Ethernet cores (first 4 L cores) + ethernet_cores="0 12 1 13 2 14 3 15" + # WiFi default queue cores (L cores 4,5,6,7) + wifi_default_cores="4 5 6 7" + + # Distribute Ethernet IRQs across ethernet cores + echo "Distributing Ethernet IRQs across cores: ${ethernetCores}" + irq_index=0 + for interface in $(${pkgs.iproute2}/bin/ip link show | ${pkgs.gnugrep}/bin/grep -E "enp|eth" | ${pkgs.gawk}/bin/awk -F: '{print $2}' | ${pkgs.gnused}/bin/sed 's/ //g'); do + for irq in $(${pkgs.gnugrep}/bin/grep "$interface" /proc/interrupts | ${pkgs.gawk}/bin/awk '{print $1}' | ${pkgs.gnused}/bin/sed 's/://'); do + cpu_index=$((irq_index % 8)) + # Convert index to actual CPU number + case $cpu_index in + 0) cpu=0 ;; + 1) cpu=12 ;; + 2) cpu=1 ;; + 3) cpu=13 ;; + 4) cpu=2 ;; + 5) cpu=14 ;; + 6) cpu=3 ;; + 7) cpu=15 ;; + esac + if [[ -e "/proc/irq/$irq/smp_affinity_list" ]]; then + echo "$cpu" > "/proc/irq/$irq/smp_affinity_list" + echo "Ethernet IRQ $irq ($interface) -> CPU $cpu" + else + echo "Warning: Ethernet IRQ $irq not found" + fi + irq_index=$((irq_index + 1)) + done + done + + # Optimize WiFi default queues across dedicated L cores + echo "Optimizing WiFi default queues across cores: ${wifiCores}" + + # Get all WiFi default queue IRQs by PCI device + wifi_default_irqs=$(cat /proc/interrupts | ${pkgs.gnugrep}/bin/grep "iwlwifi:default_queue" | ${pkgs.gawk}/bin/awk '{print $1}' | ${pkgs.gnused}/bin/sed 's/://') + + if [ -n "$wifi_default_irqs" ]; then + wifi_count=0 + for irq in $wifi_default_irqs; do + # Assign each WiFi default queue to a dedicated L core (4,5,6,7) + case $wifi_count in + 0) default_core=4 ;; # First WiFi device -> L core 4 + 1) default_core=5 ;; # Second WiFi device -> L core 5 + 2) default_core=6 ;; # Third WiFi device -> L core 6 + 3) default_core=7 ;; # Fourth WiFi device -> L core 7 + esac + + if [[ -e "/proc/irq/$irq/smp_affinity_list" ]]; then + echo "$default_core" > "/proc/irq/$irq/smp_affinity_list" + echo "WiFi default queue IRQ $irq -> CPU $default_core" + else + echo "Warning: WiFi default queue IRQ $irq not found" + fi + + # Set all other queues for this WiFi device to same core as default queue + pci_device=$(${pkgs.gnugrep}/bin/grep "^ *$irq:" /proc/interrupts | ${pkgs.gnugrep}/bin/grep -o "0000:[0-9a-f:]*") + if [ -n "$pci_device" ]; then + for queue_irq in $(cat /proc/interrupts | ${pkgs.gnugrep}/bin/grep "$pci_device" | ${pkgs.gnugrep}/bin/grep -v "default_queue" | ${pkgs.gawk}/bin/awk '{print $1}' | ${pkgs.gnused}/bin/sed 's/://'); do + if [[ -e "/proc/irq/$queue_irq/smp_affinity_list" ]]; then + echo "$default_core" > "/proc/irq/$queue_irq/smp_affinity_list" + echo " Queue IRQ $queue_irq -> CPU $default_core" + fi + done + fi + + wifi_count=$((wifi_count + 1)) + done + else + echo "Warning: No WiFi default queue IRQs found" + fi + + echo "IRQ affinity configuration complete" + echo "Current IRQ distribution:" + cat /proc/interrupts | ${pkgs.gnugrep}/bin/grep -E "(enp|iwlwifi)" || true + ''; + +in { + # IRQ Affinity Service + systemd.services.irq-affinity = { + description = "Set IRQ affinity for network optimization"; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" "systemd-udev-settle.service" ]; + before = [ "hostapd.service" "kea-dhcp4-server.service" ]; + + serviceConfig = { + Type = "oneshot"; + ExecStart = "${irqAffinityScript}"; + RemainAfterExit = true; + StandardOutput = "journal"; + StandardError = "journal"; + }; + }; +} + +# end \ No newline at end of file diff --git a/desktop/l2/irq-slice-analysis.sh b/desktop/l2/irq-slice-analysis.sh new file mode 100755 index 0000000..16573da --- /dev/null +++ b/desktop/l2/irq-slice-analysis.sh @@ -0,0 +1,217 @@ +#!/bin/bash + +# IRQ and Slice Analysis Script for L2 WiFi Access Point +# Analyzes runtime state of IRQ distribution and systemd slice CPU affinity + +set -euo pipefail + +echo "=== L2 WiFi Access Point - IRQ and Slice Analysis ===" +echo "Generated: $(date)" +echo "" + +# Color codes for output +RED='\033[0;31m' +GREEN='\033[0;32m' +YELLOW='\033[1;33m' +BLUE='\033[0;34m' +NC='\033[0m' # No Color + +# Function to print colored output +print_status() { + local status=$1 + local message=$2 + case $status in + "OK") echo -e "${GREEN}✓${NC} $message" ;; + "WARN") echo -e "${YELLOW}⚠${NC} $message" ;; + "ERROR") echo -e "${RED}✗${NC} $message" ;; + "INFO") echo -e "${BLUE}ℹ${NC} $message" ;; + esac +} + +# Check kernel parameters +cmdline=$(cat /proc/cmdline) +isolcpus=$(echo "$cmdline" | grep -o "isolcpus=[^ ]*" | cut -d= -f2 || echo "NOT SET") +print_status "INFO" "Isolated cores: $isolcpus" + +# Ethernet IRQ L core distribution +echo "" +echo "=== Ethernet IRQ L Cores ===" +enp1s0_irqs=$(cat /proc/interrupts | grep "enp1s0" | awk '{print $1}' | sed 's/://') +if [ -n "$enp1s0_irqs" ]; then + l_cores="" + for irq in $enp1s0_irqs; do + cpu_dist=$(grep "^ *$irq:" /proc/interrupts | awk '{for(i=2; i<=25; i++) if($i>0) printf "%d ", i-1}') + for cpu in $cpu_dist; do + if [ "$cpu" -lt 12 ]; then + l_core=$cpu + else + l_core=$((cpu - 12)) + fi + l_cores="$l_cores $l_core" + done + done + l_cores=$(echo $l_cores | tr ' ' '\n' | sort -u | tr '\n' ' ') + echo "enp1s0 IRQs using L cores: $l_cores" +else + print_status "WARN" "No enp1s0 IRQs found" +fi + +# WiFi IRQ L core distribution +echo "" +echo "=== WiFi IRQ L Cores ===" +iwlwifi_irqs=$(cat /proc/interrupts | grep "iwlwifi" | awk '{print $1}' | sed 's/://') +if [ -n "$iwlwifi_irqs" ]; then + l_cores="" + for irq in $iwlwifi_irqs; do + cpu_dist=$(grep "^ *$irq:" /proc/interrupts | awk '{for(i=2; i<=25; i++) if($i>0) printf "%d ", i-1}') + for cpu in $cpu_dist; do + if [ "$cpu" -lt 12 ]; then + l_core=$cpu + else + l_core=$((cpu - 12)) + fi + l_cores="$l_cores $l_core" + done + done + l_cores=$(echo $l_cores | tr ' ' '\n' | sort -u | tr '\n' ' ') + echo "iwlwifi IRQs using L cores: $l_cores" + + # Check expected cores 4,5,6,7 + for expected in 4 5 6 7; do + if echo "$l_cores" | grep -q " $expected "; then + print_status "OK" "L core $expected: used" + else + print_status "WARN" "L core $expected: not used" + fi + done +else + print_status "WARN" "No iwlwifi IRQs found" +fi + +# Systemd slice CPU affinity +echo "" +echo "=== Systemd Slice L Cores ===" + +# Check global systemd CPU affinity +echo "--- Global Systemd CPU Affinity ---" +if [ -f "/etc/systemd/system.conf" ]; then + global_cpu_affinity=$(grep "^CPUAffinity=" /etc/systemd/system.conf | cut -d= -f2 || echo "not set") + echo "Global systemd CPUAffinity: $global_cpu_affinity" +else + echo "Global systemd CPUAffinity: not configured" +fi + +# Check main slices +main_slices=("network-services" "system") +for slice in "${main_slices[@]}"; do + echo "--- $slice.slice ---" + cgroup_path="/sys/fs/cgroup/system.slice/$slice.slice" + + if systemctl status "$slice.slice" >/dev/null 2>&1; then + if [ -d "$cgroup_path" ] && [ -f "$cgroup_path/cpuset.cpus" ]; then + cpu_affinity=$(cat "$cgroup_path/cpuset.cpus") + print_status "INFO" "CPU affinity: $cpu_affinity" + + # Convert to L cores + l_cores="" + for cpu in $(echo $cpu_affinity | tr ',' ' '); do + if [[ $cpu =~ ^[0-9]+$ ]]; then + if [ "$cpu" -lt 12 ]; then + l_core=$cpu + else + l_core=$((cpu - 12)) + fi + l_cores="$l_cores $l_core" + elif [[ $cpu =~ ^([0-9]+)-([0-9]+)$ ]]; then + start=${BASH_REMATCH[1]} + end=${BASH_REMATCH[2]} + for ((cpu=start; cpu<=end; cpu++)); do + if [ "$cpu" -lt 12 ]; then + l_core=$cpu + else + l_core=$((cpu - 12)) + fi + l_cores="$l_cores $l_core" + done + fi + done + l_cores=$(echo $l_cores | tr ' ' '\n' | sort -u | tr '\n' ' ') + echo " L cores: $l_cores" + else + print_status "INFO" "Slice loaded but no cgroup (no active services)" + fi + else + print_status "ERROR" "Slice $slice.slice not found or not active" + fi + echo "" +done + +# Check per-daemon slices +per_daemon_slices=("kea" "pdns" "radvd" "hostapd") +for slice in "${per_daemon_slices[@]}"; do + echo "--- $slice.slice ---" + cgroup_path="/sys/fs/cgroup/system.slice/$slice.slice" + + if systemctl status "$slice.slice" >/dev/null 2>&1; then + if [ -d "$cgroup_path" ] && [ -f "$cgroup_path/cpuset.cpus" ]; then + cpu_affinity=$(cat "$cgroup_path/cpuset.cpus") + print_status "INFO" "CPU affinity: $cpu_affinity" + + # Convert to L cores + l_cores="" + for cpu in $(echo $cpu_affinity | tr ',' ' '); do + if [[ $cpu =~ ^[0-9]+$ ]]; then + if [ "$cpu" -lt 12 ]; then + l_core=$cpu + else + l_core=$((cpu - 12)) + fi + l_cores="$l_cores $l_core" + elif [[ $cpu =~ ^([0-9]+)-([0-9]+)$ ]]; then + start=${BASH_REMATCH[1]} + end=${BASH_REMATCH[2]} + for ((cpu=start; cpu<=end; cpu++)); do + if [ "$cpu" -lt 12 ]; then + l_core=$cpu + else + l_core=$((cpu - 12)) + fi + l_cores="$l_cores $l_core" + done + fi + done + l_cores=$(echo $l_cores | tr ' ' '\n' | sort -u | tr '\n' ' ') + echo " L cores: $l_cores" + else + print_status "INFO" "Slice loaded but no cgroup (no active services)" + fi + else + print_status "WARN" "Slice $slice.slice not found or not active" + fi + echo "" +done + +# Service status summary +echo "" +echo "=== Service Status ===" +services=("hostapd" "kea-dhcp4-server" "pdns-recursor" "radvd") +for service in "${services[@]}"; do + if systemctl is-active "$service" >/dev/null 2>&1; then + slice=$(systemctl show "$service" --property=Slice --value 2>/dev/null || echo "unknown") + nice_value=$(systemctl show "$service" --property=Nice --value 2>/dev/null || echo "0") + print_status "OK" "$service: active (slice: $slice, nice: $nice_value)" + else + print_status "WARN" "$service: not active" + fi +done + +# IRQ affinity service +echo "" +if systemctl is-active irq-affinity >/dev/null 2>&1; then + print_status "OK" "IRQ affinity service: active" +else + print_status "WARN" "IRQ affinity service: not active" +fi + +echo "" +echo "=== Analysis Complete ===" \ No newline at end of file diff --git a/desktop/l2/kernel-params.nix b/desktop/l2/kernel-params.nix new file mode 100644 index 0000000..b955d3c --- /dev/null +++ b/desktop/l2/kernel-params.nix @@ -0,0 +1,123 @@ +# Kernel Parameters for L2 WiFi Access Point Optimization +# CPU isolation, network performance, and interrupt handling + +{ config, lib, pkgs, ... }: + +{ + # Boot kernel parameters for network optimization + boot.kernelParams = [ + # CPU isolation for network IRQ cores + # Ethernet IRQs: cores 0,12,1,13,2,14,3,15 (first 4 L cores) + # WiFi IRQs: cores 4,16,5,17,6,18,7,19 (next 4 L cores) + "isolcpus=0,12,1,13,2,14,3,15,4,16,5,17,6,18,7,19" + # "nohz_full=0,12,1,13,2,14,3,15,4,16,5,17,6,18,7,19" + # "rcu_nocbs=0,12,1,13,2,14,3,15,4,16,5,17,6,18,7,19" + + # # Interrupt handling + # "irqaffinity=0,12,1,13,2,14,3,15,4,16,5,17,6,18,7,19" + # "threadirqs" + + # # Memory management + # "hugepagesz=1G" + # "hugepages=4" + + # CPU frequency scaling + "intel_pstate=performance" + "cpufreq.default_governor=performance" + + # NUMA optimization + "numa_balancing=0" + + # I/O scheduler + "elevator=bfq" + + # # Security mitigations (minimal impact on network performance) + # "mitigations=off" + # "spectre_v2=off" + # "spec_store_bypass_disable=off" + # "retbleed=off" + + # WiFi optimizations + "cfg80211.ieee80211_regdom=US" + "iwlwifi.power_save=0" + "iwlwifi.11n_disable=0" + # "iwlwifi.bt_coex_active=0" + + # # PCIe optimizations + # "pcie_aspm=off" + # "pcie_aspm.policy=performance" + + # # Bluetooth disabling + # "bluetooth.blacklist=1" + # "btusb.blacklist=1" + # "btintel.blacklist=1" + + # # Debugging (disable for production) + # "quiet" + # "loglevel=3" + ]; + + # CPU frequency scaling + powerManagement.cpuFreqGovernor = "performance"; + + # Disable CPU frequency scaling for network cores + systemd.services.cpu-performance = { + description = "Set CPU performance governor for network IRQ cores"; + wantedBy = [ "multi-user.target" ]; + after = [ "systemd-udev-settle.service" ]; + + serviceConfig = { + Type = "oneshot"; + ExecStart = pkgs.writeShellScript "cpu-performance" '' + #!/bin/bash + # Set performance governor for all CPUs + for cpu in /sys/devices/system/cpu/cpu*/cpufreq/scaling_governor; do + echo performance > "$cpu" 2>/dev/null || true + done + + # Set min/max frequency to maximum for network IRQ cores + # Ethernet IRQs: cores 0,12,1,13,2,14,3,15 (first 4 L cores) + # WiFi IRQs: cores 4,16,5,17,6,18,7,19 (next 4 L cores) + for cpu in 0 12 1 13 2 14 3 15 4 16 5 17 6 18 7 19; do + if [[ -e "/sys/devices/system/cpu/cpu$cpu/cpufreq/cpuinfo_max_freq" ]]; then + max_freq=$(cat "/sys/devices/system/cpu/cpu$cpu/cpufreq/cpuinfo_max_freq") + echo "$max_freq" > "/sys/devices/system/cpu/cpu$cpu/cpufreq/scaling_min_freq" 2>/dev/null || true + echo "$max_freq" > "/sys/devices/system/cpu/cpu$cpu/cpufreq/scaling_max_freq" 2>/dev/null || true + fi + done + + echo "CPU performance governor set for network IRQ optimization" + ''; + RemainAfterExit = true; + StandardOutput = "journal"; + StandardError = "journal"; + }; + }; + + # Disable Bluetooth completely + hardware.bluetooth.enable = false; + + # # Disable Bluetooth kernel modules + # boot.blacklistedKernelModules = [ + # "bluetooth" + # "btusb" + # "btintel" + # "btrtl" + # "btbcm" + # "btqca" + # "hci_uart" + # "hci_vhci" + # "hci_h4" + # "hci_bcsp" + # "hci_ll" + # "hci_mrvl" + # "hci_qca" + # "hci_uart" + # "hci_vhci" + # "hci_h4" + # "hci_bcsp" + # "hci_ll" + # "hci_mrvl" + # "hci_qca" + # ]; +} \ No newline at end of file diff --git a/desktop/l2/l2_2025_06_28.svg b/desktop/l2/l2_2025_06_28.svg new file mode 100644 index 0000000..2abea29 --- /dev/null +++ b/desktop/l2/l2_2025_06_28.svg @@ -0,0 +1,316 @@ + + + + Machine (126GB total) + + Package L#0 + + L3 (16MB) + + L2 (512KB) + + L1d (32KB) + + L1i (32KB) + + Core L#0 + + PU L#0 + P#0 + + PU L#1 + P#12 + + L2 (512KB) + + L1d (32KB) + + L1i (32KB) + + Core L#1 + + PU L#2 + P#1 + + PU L#3 + P#13 + + L2 (512KB) + + L1d (32KB) + + L1i (32KB) + + Core L#2 + + PU L#4 + P#2 + + PU L#5 + P#14 + + L3 (16MB) + + L2 (512KB) + + L1d (32KB) + + L1i (32KB) + + Core L#3 + + PU L#6 + P#3 + + PU L#7 + P#15 + + L2 (512KB) + + L1d (32KB) + + L1i (32KB) + + Core L#4 + + PU L#8 + P#4 + + PU L#9 + P#16 + + L2 (512KB) + + L1d (32KB) + + L1i (32KB) + + Core L#5 + + PU L#10 + P#5 + + PU L#11 + P#17 + + L3 (16MB) + + L2 (512KB) + + L1d (32KB) + + L1i (32KB) + + Core L#6 + + PU L#12 + P#6 + + PU L#13 + P#18 + + L2 (512KB) + + L1d (32KB) + + L1i (32KB) + + Core L#7 + + PU L#14 + P#7 + + PU L#15 + P#19 + + L2 (512KB) + + L1d (32KB) + + L1i (32KB) + + Core L#8 + + PU L#16 + P#8 + + PU L#17 + P#20 + + L3 (16MB) + + L2 (512KB) + + L1d (32KB) + + L1i (32KB) + + Core L#9 + + PU L#18 + P#9 + + PU L#19 + P#21 + + L2 (512KB) + + L1d (32KB) + + L1i (32KB) + + Core L#10 + + PU L#20 + P#10 + + PU L#21 + P#22 + + L2 (512KB) + + L1d (32KB) + + L1i (32KB) + + Core L#11 + + PU L#22 + P#11 + + PU L#23 + P#23 + + NUMANode L#0 P#0 (126GB) + + + + 3.9 + + 16 + + + + + 3.9 + + + PCI 01:00.0 + + Net enp1s0 + + + + 16 + + + + + 32 + + 32 + + + + + 32 + + + PCI 05:00.0 + + + + 32 + + + PCI 06:00.0 + + + + 3.9 + + 7.9 + + 0.6 + + + + + 3.9 + + + PCI 21:00.0 + + Block nvme0n1 + 1907 GB + + + + 7.9 + + + PCI 22:00.0 + + Block nvme1n1 + 1863 GB + + + + 0.6 + + + PCI 23:00.0 + + Net wlp35s0 + + + + 0.6 + + 0.6 + + + + + 0.6 + + + PCI 41:00.0 + + Net wlp65s0 + + + + 0.6 + + + PCI 42:00.0 + + Net wlp66s0 + + + + 0.6 + + 2.0 + + + + + 0.6 + + + PCI 61:00.0 + + Net wlp97s0 + + + + 2.0 + + + PCI 62:00.0 + + Host: l2 + Date: Sat 28 Jun 2025 06:52:23 PM PDT + diff --git a/desktop/l2/locale.nix b/desktop/l2/locale.nix new file mode 100644 index 0000000..6a67b6f --- /dev/null +++ b/desktop/l2/locale.nix @@ -0,0 +1,18 @@ +{ config, pkgs, ... }: + +{ + # Select internationalisation properties. + i18n.defaultLocale = "en_US.UTF-8"; + + i18n.extraLocaleSettings = { + LC_ADDRESS = "en_US.UTF-8"; + LC_IDENTIFICATION = "en_US.UTF-8"; + LC_MEASUREMENT = "en_US.UTF-8"; + LC_MONETARY = "en_US.UTF-8"; + LC_NAME = "en_US.UTF-8"; + LC_NUMERIC = "en_US.UTF-8"; + LC_PAPER = "en_US.UTF-8"; + LC_TELEPHONE = "en_US.UTF-8"; + LC_TIME = "en_US.UTF-8"; + }; +} \ No newline at end of file diff --git a/desktop/l2/monitoring.nix b/desktop/l2/monitoring.nix new file mode 100644 index 0000000..5801a10 --- /dev/null +++ b/desktop/l2/monitoring.nix @@ -0,0 +1,373 @@ +# Monitoring Configuration for L2 WiFi Access Point +# Performance monitoring and logging for CPU/IRQ optimizations + +{ config, lib, pkgs, ... }: + +let + # Monitoring script for IRQ and CPU performance + monitoringScript = pkgs.writeShellScript "network-monitoring" '' + #!/bin/bash + set -euo pipefail + + LOG_DIR="/var/log/network-performance" + mkdir -p "$LOG_DIR" + + # Function to log with timestamp + log() { + echo "$(date '+%Y-%m-%d %H:%M:%S') - $1" | tee -a "$LOG_DIR/performance.log" + } + + # Function to monitor IRQ distribution + monitor_irqs() { + log "=== IRQ Distribution ===" + cat /proc/interrupts | grep -E "(enp1s0|iwlwifi)" | while read line; do + log "IRQ: $line" + done + } + + # Function to monitor CPU utilization + monitor_cpu() { + log "=== CPU Utilization ===" + mpstat -P ALL 1 1 | grep -E "(CPU|Average)" | while read line; do + log "CPU: $line" + done + } + + # Function to monitor network statistics + monitor_network() { + log "=== Network Statistics ===" + for interface in enp1s0 wlp35s0 wlp65s0 wlp66s0 wlp97s0; do + if [[ -e "/sys/class/net/$interface/statistics/rx_packets" ]]; then + rx_packets=$(cat "/sys/class/net/$interface/statistics/rx_packets") + tx_packets=$(cat "/sys/class/net/$interface/statistics/tx_packets") + rx_bytes=$(cat "/sys/class/net/$interface/statistics/rx_bytes") + tx_bytes=$(cat "/sys/class/net/$interface/statistics/tx_bytes") + log "Interface $interface: RX=$rx_packets pkts ($rx_bytes bytes), TX=$tx_packets pkts ($tx_bytes bytes)" + fi + done + } + + # Function to monitor memory usage + monitor_memory() { + log "=== Memory Usage ===" + free -h | while read line; do + log "Memory: $line" + done + } + + # Function to monitor cache performance + monitor_cache() { + log "=== Cache Performance ===" + if command -v perf >/dev/null 2>&1; then + # Monitor cache misses for network processes + for pid in $(pgrep -f "hostapd|nftables"); do + if [[ -n "$pid" ]]; then + cache_stats=$(perf stat -e cache-misses,cache-references -p "$pid" sleep 1 2>&1 | grep -E "(cache-misses|cache-references)" || true) + log "PID $pid cache stats: $cache_stats" + fi + done + fi + } + + # Function to monitor system load + monitor_load() { + log "=== System Load ===" + uptime | while read line; do + log "Load: $line" + done + } + + # Function to monitor network optimization status + monitor_optimization() { + log "=== Network Optimization Status ===" + + # Check IRQ affinity + log "IRQ Affinity Check:" + for irq in 168 169 170 171 172 173 174 175; do + if [[ -e "/proc/irq/$irq/smp_affinity_list" ]]; then + affinity=$(cat "/proc/irq/$irq/smp_affinity_list") + log " IRQ $irq -> CPU $affinity" + fi + done + + # Check CPU frequency + log "CPU Frequency Check:" + for cpu in {0..7}; do + if [[ -e "/sys/devices/system/cpu/cpu$cpu/cpufreq/scaling_cur_freq" ]]; then + freq=$(cat "/sys/devices/system/cpu/cpu$cpu/cpufreq/scaling_cur_freq") + governor=$(cat "/sys/devices/system/cpu/cpu$cpu/cpufreq/scaling_governor") + log " CPU $cpu: \$freq kHz (\$governor)" + fi + done + + # Check network optimization log + if [[ -e "/tmp/network-optimization.log" ]]; then + log "Network optimization log (last 10 lines):" + tail -10 "/tmp/network-optimization.log" | while read line; do + log " $line" + done + fi + } + + # Main monitoring function + main() { + log "Starting network performance monitoring" + + monitor_irqs + monitor_cpu + monitor_network + monitor_memory + monitor_cache + monitor_load + monitor_optimization + + log "Monitoring complete" + } + + # Run monitoring + main "$@" + ''; + + # Performance testing script + performanceTestScript = pkgs.writeShellScript "performance-test" '' + #!/bin/bash + set -euo pipefail + + LOG_DIR="/var/log/network-performance" + mkdir -p "$LOG_DIR" + + log() { + echo "$(date '+%Y-%m-%d %H:%M:%S') - $1" | tee -a "$LOG_DIR/performance-test.log" + } + + # Function to test network throughput + test_throughput() { + log "=== Network Throughput Test ===" + + # Start iperf3 server if not running + if ! pgrep -f "iperf3 -s" >/dev/null; then + log "Starting iperf3 server" + iperf3 -s -D + sleep 2 + fi + + # Test localhost throughput + log "Testing localhost throughput..." + iperf3 -c localhost -t 10 -J | jq -r '.end.sum_received.bits_per_second' | while read throughput; do + log "Localhost throughput: $throughput bps" + done + } + + # Function to test latency + test_latency() { + log "=== Latency Test ===" + + # Test ping to localhost + log "Testing ping latency to localhost..." + ping -c 10 localhost | grep -E "(min|avg|max)" | while read line; do + log "Ping: $line" + done + } + + # Function to test IRQ distribution + test_irq_distribution() { + log "=== IRQ Distribution Test ===" + + # Generate some network traffic + log "Generating network traffic for IRQ testing..." + + # Start background ping + ping -i 0.1 localhost >/dev/null 2>&1 & + ping_pid=$! + + # Wait and check IRQ distribution + sleep 5 + + log "IRQ distribution during traffic:" + cat /proc/interrupts | grep -E "(enp1s0|iwlwifi)" | head -10 | while read line; do + log " $line" + done + + # Stop ping + kill $ping_pid 2>/dev/null || true + } + + # Function to test CPU utilization + test_cpu_utilization() { + log "=== CPU Utilization Test ===" + + # Monitor CPU usage during network activity + log "Monitoring CPU usage for 10 seconds..." + mpstat -P ALL 1 10 | grep -E "(CPU|Average)" | while read line; do + log "CPU: $line" + done + } + + # Main test function + main() { + log "Starting performance tests" + + test_throughput + test_latency + test_irq_distribution + test_cpu_utilization + + log "Performance tests complete" + } + + main "$@" + ''; + +in { + # Monitoring service + systemd.services.network-monitoring = { + description = "Network performance monitoring"; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" "irq-affinity.service" ]; + + serviceConfig = { + Type = "oneshot"; + ExecStart = "${monitoringScript}"; + StandardOutput = "journal"; + StandardError = "journal"; + Environment = "PATH=${lib.makeBinPath [ pkgs.coreutils pkgs.procps pkgs.sysstat pkgs.perf-tools pkgs.jq pkgs.gawk pkgs.gnugrep pkgs.gnused ]}"; + }; + }; + + # Periodic monitoring timer + systemd.timers.network-monitoring = { + description = "Periodic network performance monitoring"; + wantedBy = [ "timers.target" ]; + timerConfig = { + OnBootSec = "5min"; + OnUnitActiveSec = "15min"; + Persistent = true; + }; + }; + + # Performance testing service + systemd.services.performance-test = { + description = "Network performance testing"; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" "irq-affinity.service" ]; + + serviceConfig = { + Type = "oneshot"; + ExecStart = "${performanceTestScript}"; + StandardOutput = "journal"; + StandardError = "journal"; + Environment = "PATH=${lib.makeBinPath [ pkgs.coreutils pkgs.procps pkgs.iperf3 pkgs.jq pkgs.gawk pkgs.gnugrep pkgs.gnused pkgs.iputils pkgs.sysstat ]}"; + }; + }; + + # Periodic performance testing timer + systemd.timers.performance-test = { + description = "Periodic network performance testing"; + wantedBy = [ "timers.target" ]; + timerConfig = { + OnBootSec = "10min"; + OnUnitActiveSec = "1h"; + Persistent = true; + }; + }; + + # Real-time monitoring service + systemd.services.realtime-monitoring = { + description = "Real-time network performance monitoring"; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" "irq-affinity.service" ]; + + serviceConfig = { + Type = "simple"; + ExecStart = pkgs.writeShellScript "realtime-monitoring" '' + #!/bin/bash + set -euo pipefail + + LOG_DIR="/var/log/network-performance" + mkdir -p "$LOG_DIR" + + log() { + echo "$(date '+%Y-%m-%d %H:%M:%S') - $1" >> "$LOG_DIR/realtime.log" + } + + # Monitor IRQ distribution every 30 seconds + while true; do + log "=== IRQ Distribution ===" + cat /proc/interrupts | grep -E "(enp1s0|iwlwifi)" | while read line; do + log "$line" + done + + log "=== CPU Utilization ===" + mpstat -P ALL 1 1 | grep -E "(CPU|Average)" | while read line; do + log "$line" + done + + sleep 30 + done + ''; + Restart = "always"; + RestartSec = "10"; + Environment = "PATH=${lib.makeBinPath [ pkgs.coreutils pkgs.sysstat pkgs.gnugrep ]}"; + }; + }; + + # Log rotation for monitoring logs + services.logrotate.settings."network-performance" = { + files = "/var/log/network-performance/*.log"; + rotate = 7; + daily = true; + compress = true; + missingok = true; + notifempty = true; + postrotate = "systemctl reload rsyslog"; + }; + + # Additional monitoring tools + environment.systemPackages = with pkgs; [ + # Performance monitoring tools + htop + iotop + iftop + nethogs + nload + nmon + sysstat + perf-tools + bpftrace + + # Network testing tools + iperf3 + netperf + wrk + + # System analysis tools + strace + ltrace + valgrind + gdb + + # JSON processing for logs + jq + + # Additional monitoring + glances + s-tui + stress-ng + ]; + + # Enable sysstat for historical monitoring + services.sysstat = { + enable = true; + }; + + # Configure rsyslog for monitoring + services.rsyslogd = { + enable = true; + extraConfig = '' + # Network performance monitoring + if $programname == 'network-monitoring' then /var/log/network-performance/monitoring.log + if $programname == 'performance-test' then /var/log/network-performance/test.log + if $programname == 'realtime-monitoring' then /var/log/network-performance/realtime.log + ''; + }; +} \ No newline at end of file diff --git a/desktop/l2/network-optimization.nix b/desktop/l2/network-optimization.nix new file mode 100644 index 0000000..2a9088d --- /dev/null +++ b/desktop/l2/network-optimization.nix @@ -0,0 +1,81 @@ +# +# l2/network-optimization.nix +# + +# Network interface optimizations for Atlantic NIC in WiFi access point configuration +# +# Ring Buffer Optimizations: +# - Increase RX/TX ring buffers to maximum (8184) for better throughput +# +# Feature Optimizations: +# - LRO (Large Receive Offload): Combine multiple packets for better CPU efficiency +# - IPv4 checksum offload: Hardware handles checksum calculation +# - TCP ECN segmentation: Better handling of ECN-marked packets +# - GRO list: Generic Receive Offload with list support +# +# Interrupt Coalescing Optimizations: +# - Defaults: rx-usecs=256 rx-frames=0 tx-usecs=1022 tx-frames=0 +# - Changes: rx-usecs=512 rx-frames=32 tx-usecs=1024 tx-frames=32 +# - Purpose: Reduce interrupt frequency for better performance with multiple WiFi clients +# - Benefits: Fewer CPU context switches, better batch processing +# + +{ config, pkgs, ... }: + +let + # Create a shell script for network optimizations + networkOptimizationScript = pkgs.writeShellScript "network-optimization.sh" '' + #!/bin/sh + # Network interface optimizations for Atlantic NIC + + # Ring buffer optimizations + ${pkgs.ethtool}/bin/ethtool -G enp1s0 rx 8184 tx 8184 + + # Feature optimizations + ${pkgs.ethtool}/bin/ethtool -K enp1s0 lro on + ${pkgs.ethtool}/bin/ethtool -K enp1s0 tx-checksum-ipv4 on + ${pkgs.ethtool}/bin/ethtool -K enp1s0 tx-tcp-ecn-segmentation on + ${pkgs.ethtool}/bin/ethtool -K enp1s0 rx-gro-list on + + # Interrupt coalescing optimizations + # Defaults: rx-usecs=256 rx-frames=0 tx-usecs=1022 tx-frames=0 + # Changes: rx-usecs=512 rx-frames=32 tx-usecs=1024 tx-frames=32 + ${pkgs.ethtool}/bin/ethtool -C enp1s0 rx-usecs 512 rx-frames 32 + ${pkgs.ethtool}/bin/ethtool -C enp1s0 tx-usecs 1024 tx-frames 32 + + # Save verification output to /tmp (cleaned up on reboot) + echo "=== Network Optimization Results ===" > /tmp/network-optimization.log + echo "Timestamp: $(date)" >> /tmp/network-optimization.log + echo "" >> /tmp/network-optimization.log + + echo "=== Ring Buffer Settings ===" >> /tmp/network-optimization.log + ${pkgs.ethtool}/bin/ethtool --show-ring enp1s0 >> /tmp/network-optimization.log 2>&1 + echo "" >> /tmp/network-optimization.log + + echo "=== Feature Settings ===" >> /tmp/network-optimization.log + ${pkgs.ethtool}/bin/ethtool --show-features enp1s0 >> /tmp/network-optimization.log 2>&1 + echo "" >> /tmp/network-optimization.log + + echo "=== Interrupt Coalescing Settings ===" >> /tmp/network-optimization.log + ${pkgs.ethtool}/bin/ethtool --show-coalesce enp1s0 >> /tmp/network-optimization.log 2>&1 + echo "" >> /tmp/network-optimization.log + + echo "=== Driver Information ===" >> /tmp/network-optimization.log + ${pkgs.ethtool}/bin/ethtool --driver enp1s0 >> /tmp/network-optimization.log 2>&1 + ''; + +in { + # Network interface optimizations for Atlantic NIC + # Run before network-online.target to avoid driver reinitialization + systemd.services.network-optimization = { + description = "Optimize network interface settings"; + wantedBy = [ "multi-user.target" ]; + before = [ "network-online.target" ]; + after = [ "network-pre.target" ]; + serviceConfig = { + Type = "oneshot"; + ExecStart = networkOptimizationScript; + RemainAfterExit = true; + }; + }; +} \ No newline at end of file diff --git a/desktop/l2/network.nix.not b/desktop/l2/network.nix.not new file mode 100644 index 0000000..81d67df --- /dev/null +++ b/desktop/l2/network.nix.not @@ -0,0 +1,98 @@ +{ config, pkgs, lib, ... }: + +{ + networking = { + useNetworkd = true; + useDHCP = false; + interfaces = { + enp1s0 = { + useDHCP = true; + ipv6 = { + enable = true; + acceptRA = true; + }; + }; + + wlp35s0 = { + ipv4.addresses = [{ + address = "10.0.35.1"; + prefixLength = 24; + }]; + ipv6.addresses = []; + }; + + wlp65s0 = { + ipv4.addresses = [{ + address = "10.0.65.1"; + prefixLength = 24; + }]; + ipv6.addresses = []; + }; + + wlp70s0 = { + ipv4.addresses = [{ + address = "10.0.70.1"; + prefixLength = 24; + }]; + ipv6.addresses = []; + }; + }; + + firewall = { + enable = true; + allowedTCPPorts = [ 22 53 67 ]; # SSH, DNS, DHCP + allowedUDPPorts = [ 53 67 68 ]; # DNS, DHCP client/server + }; + + enableIPv6 = true; + ipForward = true; + ipv6 = { + enable = true; + forward = true; + }; + }; + + # Enable kea DHCP server + services.kea = { + enable = true; + dhcp4 = { + enable = true; + settings = { + interfaces-config.interfaces = [ "wlp35s0" "wlp65s0" "wlp70s0" ]; + subnet4 = [ + { + subnet = "10.0.35.0/24"; + pools = [{ pool = "10.0.35.100 - 10.0.35.200"; }]; + option-data = [ + { name = "routers"; data = "10.0.35.1"; } + { name = "domain-name-servers"; data = "10.0.35.1"; } + ]; + } + { + subnet = "10.0.65.0/24"; + pools = [{ pool = "10.0.65.100 - 10.0.65.200"; }]; + option-data = [ + { name = "routers"; data = "10.0.65.1"; } + { name = "domain-name-servers"; data = "10.0.65.1"; } + ]; + } + { + subnet = "10.0.70.0/24"; + pools = [{ pool = "10.0.70.100 - 10.0.70.200"; }]; + option-data = [ + { name = "routers"; data = "10.0.70.1"; } + { name = "domain-name-servers"; data = "10.0.70.1"; } + ]; + } + ]; + }; + }; + }; + + # Enable PowerDNS recursor + services.pdns-recursor = { + enable = true; + localAddress = "127.0.0.1"; + allowFrom = [ "127.0.0.0/8" "10.0.35.0/24" "10.0.65.0/24" "10.0.70.0/24" ]; + }; +} diff --git a/desktop/l2/nodeExporter.nix b/desktop/l2/nodeExporter.nix new file mode 100644 index 0000000..f26d49b --- /dev/null +++ b/desktop/l2/nodeExporter.nix @@ -0,0 +1,27 @@ +{ + config, + pkgs, + ... +}: +{ + # https://nixos.org/manual/nixos/stable/#module-services-prometheus-exporters + # https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/services/monitoring/prometheus/default.nix + services.prometheus.exporters.node = { + enable = true; + port = 19000; + # https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/services/monitoring/prometheus/exporters.nix + enabledCollectors = [ "systemd" ]; + # /nix/store/zgsw0yx18v10xa58psanfabmg95nl2bb-node_exporter-1.8.1/bin/node_exporter --help + extraFlags = [ + "--collector.ethtool" + "--collector.softirqs" + "--collector.tcpstat" + "--collector.wifi" + "--collector.filesystem.ignored-mount-points='/nix/store'"]; + }; + + # https://search.nixos.org/options?channel=24.05&from=200&size=50&sort=relevance&type=packages&query=services.prometheus.exporters + services.prometheus.exporters.systemd.enable = true; + services.prometheus.exporters.smartctl.enable = true; + services.prometheus.exporters.process.enable = true; +} \ No newline at end of file diff --git a/desktop/l2/not.hostapd.nix b/desktop/l2/not.hostapd.nix new file mode 100644 index 0000000..56b7c3b --- /dev/null +++ b/desktop/l2/not.hostapd.nix @@ -0,0 +1,173 @@ +# +# hostapd.nix +# + +# +# NOT using service.hostapd, because it has limited configuration capabilities +# https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/networking/hostapd.nix +# +# Using custom systemd services to run hostapd per interface +# +# systemctl status hostapd-wlp35s0 +# systemctl status hostapd-wlp65s0 +# systemctl status hostapd-wlp70s0 +# +# nix pkgs source +# https://github.com/NixOS/nixpkgs/blob/master/pkgs/by-name/ho/hostapd/package.nix +# https://w1.fi/hostapd/ +# https://github.com/latelee/hostapd +# +# Giant NixPkgs PR: https://github.com/NixOS/nixpkgs/pull/222536 +# +# +# hostapd.nix + +{ config, lib, pkgs, ... }: + +let + # List of Wi-Fi interfaces to manage + wifiInterfaces = [ "wlp35s0" "wlp65s0" "wlp70s0" ]; + + # Real MAC addresses for each interface (used for bssid=) + ifaceMacs = { + wlp35s0 = "28:A4:4A:27:E7:7D"; + wlp65s0 = "28:A4:4A:D7:86:74"; + wlp70s0 = "90:65:84:5E:6F:D2"; + }; + + # Common SSID and WPA3 settings + ssid = "myssid"; + psk = "supersecurepassword"; + + # Common AP parameters + commonParams = iface: '' + # + ##### Configuration for ${iface} ##### + # + ${if iface == builtins.elemAt wifiInterfaces 0 then "interface=${iface}" else "bss=${iface}"} + bssid=${ifaceMacs.${iface}} + ssid=${ssid} + hw_mode=g + channel=6 + ieee80211n=1 + ieee80211ac=1 + ieee80211ax=1 + wmm_enabled=1 + + # WMM tuning + wmm_ac_be_aifs=1 + wmm_ac_be_cwmin=4 + wmm_ac_be_cwmax=4 + wmm_ac_be_txop_limit=32 + wmm_ac_be_acm=0 + + # WPA3-SAE settings + wpa=2 + wpa_key_mgmt=SAE + rsn_pairwise=CCMP + sae_require_mfp=1 + ieee80211w=2 + ft_psk_generate_local=1 + mobility_domain=4f57 + ft_over_ds=1 + nas_identifier=${iface}-ap + sae_password=${psk} + bridge=br0 + macaddr_acl=0 + ''; + + # Generate a single hostapd.conf for all BSSes + hostapdConf = pkgs.writeText "hostapd.conf" ( + '' + ctrl_interface=/run/hostapd + country_code=US + ieee80211d=1 + logger_syslog=-1 + logger_syslog_level=2 + logger_stdout=-1 + logger_stdout_level=2 + '' + + lib.concatMapStringsSep "\n" commonParams wifiInterfaces + ); + +in { + systemd.services.hostapd = { + description = "Unified hostapd service for multi-interface Wi-Fi"; + wantedBy = [ "multi-user.target" ]; + after = [ "network-online.target" ]; + requires = [ "network-online.target" ]; + + preStart = '' + for iface in ${builtins.concatStringsSep " " wifiInterfaces}; do + ip link set dev "$iface" down || true + iw dev "$iface" set type __ap || true + ip link set dev "$iface" up + done + sleep 5 + ''; + + path = [ pkgs.iproute2 pkgs.iw ]; + + serviceConfig = { + ExecStart = "${pkgs.hostapd}/bin/hostapd -d ${hostapdConf}"; + Restart = "on-failure"; + RuntimeDirectory = "hostapd"; + Type = "simple"; + LimitNOFILE = 65535; + #CapabilityBoundingSet = [ "CAP_NET_ADMIN" "CAP_NET_BIND_SERVICE" ]; + #AmbientCapabilities = [ "CAP_NET_ADMIN" "CAP_NET_BIND_SERVICE" ]; + # ProtectSystem = "strict"; + # ProtectHome = true; + # PrivateTmp = true; + # NoNewPrivileges = true; + # ReadWritePaths = [ "/run/hostapd" ]; + # DeviceAllow = [ + # "/dev/wlp35s0" + # "/dev/wlp65s0" + # "/dev/wlp70s0" + # "/dev/rfkill" + # ]; + # DevicePolicy = "auto"; + # DevicePolicy = "closed"; + # RestrictAddressFamilies = [ + # "AF_UNIX" + # "AF_NETLINK" + # "AF_INET" + # "AF_INET6" + # ]; + # ProtectKernelModules = true; + # ProtectControlGroups = true; + # ProtectKernelTunables = true; + # ProtectClock = true; + # LockPersonality = true; + # RemoveIPC = true; + # RestrictRealtime = true; + # SystemCallArchitectures = "native"; + # RestrictNamespaces = true; + + MemoryMax = "1024M"; + CPUQuota = "100%"; + }; + }; + + networking = { + networkmanager.enable = false; + useDHCP = false; + + # Define empty bridge device, do not enslave wifi interfaces directly + bridges.br0.interfaces = [ ]; + + interfaces."br0" = { + ipv4.addresses = [{ address = "192.168.1.1"; prefixLength = 24; }]; + ipv6.addresses = [{ address = "fd00::1"; prefixLength = 64; }]; + }; + + interfaces."enp1s0".useDHCP = true; + + nat.enable = true; + nat.externalInterface = "enp1s0"; + nat.internalInterfaces = [ "br0" ]; + }; +} + +# end \ No newline at end of file diff --git a/desktop/l2/prometheus.nix b/desktop/l2/prometheus.nix new file mode 100644 index 0000000..24eabca --- /dev/null +++ b/desktop/l2/prometheus.nix @@ -0,0 +1,70 @@ +{ config, pkgs, ... }: +{ + # https://wiki.nixos.org/wiki/Prometheus + # https://nixos.org/manual/nixos/stable/#module-services-prometheus-exporters-configuration + # https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/services/monitoring/prometheus/default.nix + # default port 9090 + services.prometheus = { + enable = true; + globalConfig.scrape_interval = "10s"; # "1m" + scrapeConfigs = [ + { + job_name = "node"; + static_configs = [{ + targets = [ "localhost:${toString config.services.prometheus.exporters.node.port}" ]; + }]; + } + { + job_name = "xtcp"; + static_configs = [{ + targets = [ "localhost:9088" ]; + }]; + } + { + job_name = "hp1_xtcp"; + static_configs = [{ + targets = [ "hp1:9088" ]; + }]; + } + { + job_name = "clickhouse"; + static_configs = [{ + #targets = [ "localhost:9363" ]; + targets = [ "localhost:19363" ]; + }]; + } + { + job_name = "hp1"; + static_configs = [{ + targets = [ "hp1:${toString config.services.prometheus.exporters.node.port}" ]; + }]; + } + { + job_name = "hp1_clickhouse"; + static_configs = [{ + #targets = [ "localhost:9363" ]; + targets = [ "hp1:19363" ]; + }]; + } + { + job_name = "hp2"; + static_configs = [{ + targets = [ "hp2:${toString config.services.prometheus.exporters.node.port}" ]; + }]; + } + { + job_name = "hp2_clickhouse"; + static_configs = [{ + #targets = [ "localhost:9363" ]; + targets = [ "hp2:19363" ]; + }]; + } + #{ + # job_name = "chromebox1"; + # static_configs = [{ + # targets = [ "172.16.40.179:9105" ]; + # }]; + #} + ]; + }; +} \ No newline at end of file diff --git a/desktop/l2/sysctl.nix b/desktop/l2/sysctl.nix new file mode 100644 index 0000000..7ff020e --- /dev/null +++ b/desktop/l2/sysctl.nix @@ -0,0 +1,125 @@ +# +# sysctl.nix +# +{ config, pkgs, ... }: + +{ + # https://www.kernel.org/doc/html/latest/networking/ip-sysctl.html + # https://www.l4sgear.com/ + boot.kernel.sysctl = { + # detect dead connections more quickly + "net.ipv4.tcp_keepalive_intvl" = 30; + #net.ipv4.tcp_keepalive_intvl = 75 + "net.ipv4.tcp_keepalive_probes" = 4; + #net.ipv4.tcp_keepalive_probes = 9 + "net.ipv4.tcp_keepalive_time" = 120; + #net.ipv4.tcp_keepalive_time = 7200 + # 30 * 4 = 120 seconds. / 60 = 2 minutes + # default: 75 seconds * 9 = 675 seconds. /60 = 11.25 minutes + "net.ipv4.tcp_rmem" = "4096 1000000 16000000"; + "net.ipv4.tcp_wmem" = "4096 1000000 16000000"; + #net.ipv4.tcp_rmem = 4096 131072 6291456 + #net.ipv4.tcp_wmem = 4096 16384 4194304 + # https://github.com/torvalds/linux/blob/master/Documentation/networking/ip-sysctl.rst?plain=1#L1042 + # https://lwn.net/Articles/560082/ + "net.ipv4.tcp_notsent_lowat" = "131072"; + #net.ipv4.tcp_notsent_lowat = 4294967295 + # enable Enable reuse of TIME-WAIT sockets globally + "net.ipv4.tcp_tw_reuse" = 1; + #net.ipv4.tcp_tw_reuse=2 + "net.ipv4.tcp_timestamps" = 1; + "net.ipv4.tcp_ecn" = 1; + "net.core.default_qdisc" = "cake"; + "net.ipv4.tcp_congestion_control" = "cubic"; + #net.ipv4.tcp_congestion_control=bbr + "net.core.rmem_default" = 26214400; + "net.core.rmem_max" = 26214400; + "net.core.wmem_default" = 26214400; + "net.core.wmem_max" = 26214400; + #net.core.optmem_max = 20480 + #net.core.rmem_default = 212992 + #net.core.rmem_max = 212992 + #net.core.wmem_default = 212992 + #net.core.wmem_max = 212992 + #not using 1025 because the kernel complains about wanting different parity + "net.ipv4.ip_local_port_range" = "1026 65535"; + #net.ipv4.ip_local_port_range ="32768 60999" + # + #net.ipv4.inet_peer_maxttl = 600 + #net.ipv4.inet_peer_minttl = 120 + #net.ipv4.ip_default_ttl = 64 + # we DO want to save the slow start in the route cache + "net.ipv4.tcp_no_ssthresh_metrics_save" = 0; + #net.ipv4.tcp_no_ssthresh_metrics_save = 1 + "net.ipv4.tcp_reflect_tos" = 1; + #net.ipv4.tcp_reflect_tos = 0 + "net.ipv4.tcp_rto_min_us" = 50000; #50ms + #net.ipv4.tcp_rto_min_us = 200000 #200ms + + "net.ipv4.ip_forward" = 1; + "net.ipv6.conf.all.forwarding" = 1; + + # Additional network optimizations for WiFi access point + # TCP optimizations + "net.ipv4.tcp_window_scaling" = 1; + "net.ipv4.tcp_sack" = 1; + "net.ipv4.tcp_fack" = 1; + "net.ipv4.tcp_fin_timeout" = 30; + + # Increase connection tracking table size for multiple WiFi clients + "net.netfilter.nf_conntrack_max" = 262144; + "net.netfilter.nf_conntrack_tcp_timeout_established" = 86400; + + # Network interface optimizations + "net.core.netdev_max_backlog" = 5000; + "net.core.netdev_budget" = 600; # default 300 + "net.core.netdev_budget_usecs" = 8000; #default 2000, increasing to 8ms + + # IPv6 optimizations + "net.ipv6.tcp_rmem" = "4096 1000000 16000000"; + "net.ipv6.tcp_wmem" = "4096 1000000 16000000"; + + # Additional network stack optimizations + "net.core.netdev_tstamp_prequeue" = 0; # Disable prequeue timestamping + "net.core.rps_sock_flow_entries" = 32768; # RPS flow entries + + # TCP optimizations for high performance + "net.ipv4.tcp_slow_start_after_idle" = 0; # Disable slow start after idle + "net.ipv4.tcp_fastopen" = 3; # Enable TCP Fast Open + + # IPv6 parameters + "net.ipv6.conf.all.accept_ra" = 2; # Accept RA + "net.ipv6.conf.default.accept_ra" = 2; # Accept RA + "net.ipv6.conf.all.autoconf" = 1; # Enable autoconf + "net.ipv6.conf.default.autoconf" = 1; # Enable autoconf + + # Connection tracking optimizations + "net.netfilter.nf_conntrack_tcp_timeout_time_wait" = 120; + "net.netfilter.nf_conntrack_tcp_timeout_close_wait" = 60; + "net.netfilter.nf_conntrack_tcp_timeout_fin_wait" = 120; + "net.netfilter.nf_conntrack_udp_timeout" = 30; + "net.netfilter.nf_conntrack_udp_timeout_stream" = 180; + + # Memory management optimizations + "vm.swappiness" = 1; # Minimize swapping + "vm.dirty_ratio" = 15; # Dirty page ratio + "vm.dirty_background_ratio" = 5; # Background dirty ratio + "vm.dirty_writeback_centisecs" = 500; # Writeback interval + "vm.dirty_expire_centisecs" = 3000; # Expire interval + "vm.vfs_cache_pressure" = 50; # Cache pressure + "vm.overcommit_memory" = 1; # Allow overcommit + + # NUMA optimization + "vm.numa_balancing" = 0; # Disable NUMA balancing + + # Process limits + "kernel.pid_max" = 65536; # Increase PID limit + "kernel.threads-max" = 2097152; # Increase thread limit + "kernel.sched_rt_runtime_us" = -1; # Disable RT throttling + "kernel.sched_rt_period_us" = 1000000; # RT period + + # Security (minimal impact) + "kernel.kptr_restrict" = 0; # Allow kptr access + "kernel.perf_event_paranoid" = 0; # Allow perf events + }; +} \ No newline at end of file diff --git a/desktop/l2/systemPackages.nix b/desktop/l2/systemPackages.nix new file mode 100644 index 0000000..c3a9296 --- /dev/null +++ b/desktop/l2/systemPackages.nix @@ -0,0 +1,58 @@ +# +# l2/systemPackages.nix +# +{ + config, + pkgs, + ... +}: +{ + # $ nix search wget + environment.systemPackages = with pkgs; [ + + # Basic system tools + psmisc + vim + curl + wget + tcpdump + iproute2 + nftables + #iptables + pciutils + usbutils + iw + wirelesstools + #wpa_supplicant + lldpd + #snmp seems to be needed by lldpd + net-snmp + neofetch + + + hostapd + bridge-utils + wireless-regdb + linux-firmware + + # Network testing and performance tools + iperf2 + flent + netperf + ethtool + sysstat + htop + iftop + nethogs + nload + speedtest-cli + mtr + traceroute + nmap + tshark + perf-tools + linuxPackages_latest.perf + ]; +} + +# end \ No newline at end of file diff --git a/desktop/l2/systemd-slices.nix b/desktop/l2/systemd-slices.nix new file mode 100644 index 0000000..6351269 --- /dev/null +++ b/desktop/l2/systemd-slices.nix @@ -0,0 +1,122 @@ +# Systemd Slices Configuration for L2 WiFi Access Point +# Defines hierarchical slice structure with resource limits (no CPUAffinity) + +{ config, lib, pkgs, ... }: + +let + # Userland core assignments (remaining cores after network IRQ isolation) + userlandCores = "8,20,9,21,10,22,11,23"; + +in { + # Systemd slices for better resource organization + systemd.slices = { + # Network services slice - DHCP, DNS, RA, hostapd (userland cores) + network-services = { + description = "Network services (DHCP, DNS, RA, hostapd)"; + sliceConfig = { + MemoryHigh = "4G"; + MemoryMax = "8G"; + }; + }; + + # Use the existing system.slice for userland/system services + system = { + description = "System and userland services"; + sliceConfig = { + MemoryHigh = "32G"; + MemoryMax = "64G"; + }; + }; + + # Per-daemon slices (inherit from main slices) + kea = { + description = "KEA DHCP server slice"; + sliceConfig = { + Slice = "network-services.slice"; + }; + }; + pdns = { + description = "PowerDNS Recursor slice"; + sliceConfig = { + Slice = "network-services.slice"; + }; + }; + radvd = { + description = "radvd IPv6 RA slice"; + sliceConfig = { + Slice = "network-services.slice"; + }; + }; + hostapd = { + description = "hostapd WiFi access point slice"; + sliceConfig = { + Slice = "network-services.slice"; + }; + }; + }; + + # CPU Affinity for Network Services + systemd.services = { + # Critical network processing services (network-services slice) + hostapd = { + serviceConfig = { + Slice = "hostapd.slice"; + Nice = -10; + IOSchedulingClass = 1; # Real-time I/O + IOSchedulingPriority = 4; + LimitNOFILE = 65536; + Restart = "always"; + RestartSec = "5s"; + }; + }; + + # Network services (network-services slice, via per-daemon slices) + kea-dhcp4-server = { + serviceConfig = { + Slice = "kea.slice"; + Nice = -5; + LimitNOFILE = 65536; + Restart = "always"; + RestartSec = "10s"; + }; + }; + pdns-recursor = { + serviceConfig = { + Slice = "pdns.slice"; + Nice = -5; + LimitNOFILE = 65536; + Restart = "always"; + RestartSec = "10s"; + }; + }; + radvd = { + serviceConfig = { + Slice = "radvd.slice"; + Nice = -5; + Restart = "always"; + RestartSec = "10s"; + }; + }; + }; +} + +# end + +# [das@l2:~/nixos/desktop/l2]$ systemctl list-units --type=slice +# UNIT LOAD ACTIVE SUB DESCRIPTION +# -.slice loaded active active Root Slice +# system-getty.slice loaded active active Slice /system/getty +# system-modprobe.slice loaded active active Slice /system/modprobe +# system-systemd\x2dfsck.slice loaded active active Slice /system/systemd-fsck +# system.slice loaded active active System Slice +# user-1000.slice loaded active active Slice /user/1000 +# user.slice loaded active active User and Session Slice + +# Legend: LOAD → Reflects whether the unit definition was properly loaded. +# ACTIVE → The high-level unit activation state, i.e. generalization of SUB. +# SUB → The low-level unit activation state, values depend on unit type. + +# 7 loaded units listed. Pass --all to see loaded but inactive units, too. +# To show all installed unit files use 'systemctl list-unit-files'. + +# [das@l2:~/nixos/desktop/l2]$ \ No newline at end of file diff --git a/desktop/l2/wireless_desktop.nix b/desktop/l2/wireless_desktop.nix new file mode 100644 index 0000000..c8f4a68 --- /dev/null +++ b/desktop/l2/wireless_desktop.nix @@ -0,0 +1,20 @@ +{ config, pkgs, ... }: + +{ + # networking.proxy.default = "http://user:password@proxy:port/"; + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + + networking = { + networkmanager = { + enable = true; + #wifi.powersave = true; + wifi.powersave = false; + }; + }; + + #networking.hosts = { + # "172.16.50.216" = ["hp0"]; + # "172.16.40.35" = ["hp1"]; + # "172.16.40.71" = ["hp2"]; + #}; +} \ No newline at end of file diff --git a/desktop/old.l/Makefile b/desktop/old.l/Makefile new file mode 100644 index 0000000..1e544ae --- /dev/null +++ b/desktop/old.l/Makefile @@ -0,0 +1,72 @@ +# +# nixos/laptops/l/Makefile +# +EXPECTED_HOSTNAME := l + +ACTUAL_HOSTNAME := $(shell hostname) + +all: check_hostname rebuild + +check_hostname: +ifeq ($(ACTUAL_HOSTNAME),$(EXPECTED_HOSTNAME)) + @echo "Hostnames match: $(ACTUAL_HOSTNAME)" +else + @echo "Error: Hostname does not match. Expected: $(EXPECTED_HOSTNAME), Got: $(ACTUAL_HOSTNAME)" + @exit 1 +endif + +rebuild: + sudo nixos-rebuild switch --flake . + +rebuild_t: + sudo nixos-rebuild switch --flake .#t + +#https://nixos.org/manual/nixos/unstable/index.html#sec-nix-network-issues +#nixos-rebuild switch --option binary-caches http://my-cache.example.org/ + +impure: + sudo nixos-rebuild switch --impure --flake . + +rebuild_trace: + sudo nixos-rebuild switch --show-trace --flake . + +update: + sudo nix flake update; + +rebuild_old: + # sudo cp ./flake.nix /etc/nixos/ + # sudo cp ./flake.lock /etc/nixos/ + # sudo cp ../../modules/* /etc/nixos/ + # sudo cp ./configuration.nix /etc/nixos/ + # #sudo cp ./home-manager.nix /etc/nixos/ + # sudo cp ./home.nix /etc/nixos/ + # sudo cp ./prometheus.nix /etc/nixos/ + # sudo cp ./*.nix /etc/nixos/ + # sudo nix-channel --update + # sudo nixos-rebuild switch + #sudo cp ./* /etc/nixos/ + sudo nix flake update; + #sudo nix-channel --update; + sudo nixos-rebuild switch --flake . + +update_oldm.: + sudo nix-channel --update + sudo nixos-rebuild switch + #nix-shell -p vim + +restart_display_manager: + sudo systemctl restart display-manager.service + +#ls -l /run/opengl-driver/lib/gbm/ +#readlink /run/opengl-driver/lib/gbm/dri_gbm.so +#glxinfo | grep -i 'renderer' + +#journalctl -b | grep -Ei 'X.*fatal|gdm|wayland|mesa|amdgpu' --no-pager +#less /var/log/Xorg.0.log + +#nix-shell -p mesa-demos +#glxinfo | grep -i opengl + +# cat configuration.nix | grep -A 20 "hardware.graphics =" + +# end diff --git a/desktop/old.l/configuration.nix b/desktop/old.l/configuration.nix new file mode 100644 index 0000000..90684b7 --- /dev/null +++ b/desktop/old.l/configuration.nix @@ -0,0 +1,311 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running 'nixos-help'). + +# sudo nixos-rebuild switch +# sudo nix-channel --update +# nix-shell -p vim +# nmcli device wifi connect MYSSID password PWORD +# systemctl restart display-manager.service + +{ + inputs, + config, + pkgs, + unstable, + lib, + ... +}: + +# https://nixos.wiki/wiki/FAQ#How_can_I_install_a_package_from_unstable_while_remaining_on_the_stable_channel.3F +# https://discourse.nixos.org/t/differences-between-nix-channels/13998 + +{ + # https://nixos.wiki/wiki/NixOS_modules + # https://nixos-and-flakes.thiscute.world/nixos-with-flakes/start-using-home-manager + imports = + [ + ./hardware-configuration.nix + #./hardware-graphics.nix + ./sysctl.nix + ./wireless_desktop.nix + ./locale.nix + ./hosts.nix + ./firewall.nix + #./systemdSystem.nix + ./systemPackages.nix + # home manager is imported in the flake + #./home.nix + ./nodeExporter.nix + ./prometheus.nix + ./grafana.nix + # clickhouse + #./docker-compose.nix + ./docker-daemon.nix + #./smokeping.nix + ./distributed-builds.nix + ]; + + boot = { + loader.systemd-boot = { + enable = true; + consoleMode = "max"; + memtest86.enable = true; + }; + + loader.efi.canTouchEfiVariables = true; + + # https://nixos.wiki/wiki/Linux_kernel + #kernelPackages = pkgs.linuxPackages; # need to run this old kernel to allow nvidia driver to compile :( + kernelPackages = pkgs.unstable.linuxPackages; + #boot.kernelPackages = pkgs.linuxPackages_latest; + #boot.kernelPackages = pkgs.linuxPackages_rpi4 + + # # https://github.com/tolgaerok/nixos-2405-gnome/blob/main/core/boot/efi/efi.nix#L56C5-L56C21 + # kernelParams = [ + # "nvidia-drm.modeset=1" + # "nvidia-drm.fbdev=1" + # # https://www.reddit.com/r/NixOS/comments/u5l3ya/cant_start_x_in_nixos/?rdt=56160 + # #"nomodeset" + # ]; + + initrd.kernelModules = [ + "amdgpu" + ]; + + blacklistedKernelModules = [ + "nouveau" + #"i915" + ]; + + # https://wiki.nixos.org/wiki/NixOS_on_ARM/Building_Images#Compiling_through_binfmt_QEMU + # https://nixos.org/manual/nixos/stable/options#opt-boot.binfmt.emulatedSystems + binfmt.emulatedSystems = [ "aarch64-linux" "riscv64-linux" ]; + + extraModulePackages = [ + config.boot.kernelPackages.v4l2loopback + #pkgs.unstable.linuxPackages.nvidiaPackages.production + ]; + + extraModprobeConfig = '' + options kvm_intel nested=1 + options v4l2loopback devices=1 video_nr=1 card_label="OBS Cam" exclusive_caps=1 + ''; + }; + + # https://fzakaria.com/2025/02/26/nix-pragmatism-nix-ld-and-envfs + # Enable nix-ld for better compatibility with non-Nix binaries + programs.nix-ld = { + enable = false; + # Add commonly needed libraries + libraries = with pkgs; [ + stdenv.cc.cc.lib + zlib + libxml2 + # Add more libraries as needed + ]; + }; + + # Enable envfs for better compatibility with FHS expectations + services.envfs = { + enable = false; + }; + + # For OBS + security.polkit.enable = true; + + nix = { + settings = { + auto-optimise-store = true; + experimental-features = [ "nix-command" "flakes" ]; + download-buffer-size = "500000000"; + }; + gc = { + automatic = true; # Enable automatic execution of the task + dates = "daily"; # Schedule the task to run daily + options = "--delete-older-than 10d"; # Specify options for the task: delete files older than 10 days + randomizedDelaySec = "14m"; # Introduce a randomized delay of up to 14 minutes before executing the task + }; + }; + + # https://nixos.wiki/wiki/Networking + networking.hostName = "l"; + + time.timeZone = "America/Los_Angeles"; + + services.udev.packages = [ pkgs.gnome-settings-daemon ]; + # services.udev.packages = [ pkgs.gnome.gnome-settings-daemon ]; + + # https://nixos.wiki/wiki/NixOS_Wiki:Audio + hardware.pulseaudio.enable = false; # Use Pipewire, the modern sound subsystem + + security.rtkit.enable = true; # Enable RealtimeKit for audio purposes + + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + # Uncomment the following line if you want to use JACK applications + # jack.enable = true; + }; + + services.lldpd.enable = true; + services.openssh.enable = true; + services.timesyncd.enable = true; + services.fstrim.enable = true; + services.avahi = { + enable = true; + nssmdns4 = true; + ipv4 = true; + ipv6 = true; + openFirewall = true; + }; + + services.bpftune.enable = true; + # Enable touchpad support (enabled default in most desktopManager). + # services.libinput.enable = true; + + # https://nixos.wiki/wiki/Printing + services.printing.enable = true; + + # https://wiki.nixos.org/wiki/Flameshot + # services.flameshot = { + # enable = true; + # settings.General = { + # showStartupLaunchMessage = false; + # saveLastRegion = true; + # }; + # }; + + systemd.services.modem-manager.enable = false; + systemd.services."dbus-org.freedesktop.ModemManager1".enable = false; + + services.clickhouse.enable = false; + + # environment.variables defined in hardware-graphics.nix + environment.sessionVariables = { + TERM = "xterm-256color"; + #MY_VARIABLE = "my-value"; + }; + + users.users.das = { + isNormalUser = true; + description = "das"; + extraGroups = [ "wheel" "networkmanager" "kvm" "libvirtd" "docker" "video" ]; + packages = with pkgs; [ + ]; + # https://nixos.wiki/wiki/SSH_public_key_authentication + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGMCFUMSCFJX95eLfm7P9r72NBp9I1FiXwNwJ+x/HGPV das@t" + ]; + }; + + # package moved to systemPackages.nix + # environment.systemPackages = with pkgs; [ + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.mtr.enable = true; + + programs.gnupg.agent = { + enable = true; + enableSSHSupport = true; + }; + + hardware.graphics = { + enable = true; # auto includes mesa + package = unstable.mesa; + extraPackages = with pkgs; [ + unstable.libglvnd + unstable.libva-vdpau-driver + unstable.libvdpau-va-gl + unstable.rocmPackages.clr.icd + ]; + }; + services.xserver = { + enable = true; + displayManager.gdm.enable = true; + #displayManager.gdm.wayland = true; + desktopManager.gnome.enable = true; + videoDrivers = [ "amdgpu" ]; + }; + + # https://nixos.wiki/wiki/AMD_GPU + systemd.tmpfiles.rules = [ + "L+ /opt/rocm/hip - - - - ${pkgs.rocmPackages.clr}" + ]; + systemd.services.lactd.wantedBy = [ "multi-user.target" ]; + + # Configure keymap in X11 + services.xserver.xkb = { + layout = "us"; + variant = ""; + }; + + # # https://wiki.hyprland.org/Nix/Hyprland-on-NixOS/ + programs.hyprland = { + enable = true; + # Nvidia patches are no longer needed + #nvidiaPatches = true; + xwayland.enable = true; + }; + + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + # # https://nixos.wiki/wiki/Podman + # virtualisation.podman = { + # enable = true; + # dockerCompat = true; + # defaultNetwork.settings.dns_enabled = true; + # autoPrune.enable = true; + # }; + # #virtualisation.oci-containers.backend = "podman"; + # # virtualisation.oci-containers.containers = { + # # container-name = { + # # image = "container-image"; + # # autoStart = true; + # # ports = [ "127.0.0.1:1234:1234" ]; + # # }; + # # }; + + # https://nixos.wiki/wiki/Virt-manager + virtualisation.libvirtd.enable = true; + programs.virt-manager.enable = true; + virtualisation.spiceUSBRedirection.enable = true; + + virtualisation.containers = { + ociSeccompBpfHook.enable = true; + }; + + # guest + # services.qemuGuest.enable = true; + # services.spice-vdagentd.enable = true; + + # https://wiki.nixos.org/wiki/Laptop + + system.stateVersion = "24.11"; + + nixpkgs.config = { + allowUnfree = true; + # allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ + # "nvidia-x11" + # "nvidia-settings" + # "nvidia-persistenced" + # ]; + }; + + # hardware.opengl = { + # enable = true; + # driSupport = true; + # driSupport32Bit = true; + # extraPackages = with pkgs; [ + # vaapiVdpau + # libvdpau-va-gl + # ]; + # }; +} diff --git a/desktop/old.l/debug b/desktop/old.l/debug new file mode 100644 index 0000000..b06ba55 --- /dev/null +++ b/desktop/old.l/debug @@ -0,0 +1,300 @@ +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: X.Org ANSI C Emulation: 0.4 +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: X.Org Video Driver: 25.2 +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: X.Org XInput driver : 24.4 +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: X.Org Server Extension : 10.0 +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (++) using VT number 7 +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (II) systemd-logind: took control of session /org/freedesktop/login1/session/c23 +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (II) xfree86: Adding drm device (/dev/dri/card1) +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (II) Platform probe for /sys/devices/pci0000:60/0000:60:03.1/0000:61:00.0/0000:62:00.0/0000:63:00.0/drm/card1 +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (II) systemd-logind: got fd for /dev/dri/card1 226:1 fd 14 paused 0 +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (--) PCI:*(99@0:0:0) 1002:7312:1002:031e rev 0, Mem @ 0x13e00000000/8589934592, 0x14000000000/268435456, 0xcde00000/524288, I/O @ 0x0000f000/256, BIOS @ 0x????????/131072 +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (WW) Open ACPI failed (/var/run/acpid.socket) (No such file or directory) +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (II) "glx" will be loaded by default. +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (II) LoadModule: "glx" +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (II) Loading /nix/store/j93m21y17jbs7sa380gdyv5236q27rss-xorg-server-21.1.16/lib/xorg/modules/extensions/libglx.so +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (II) Module glx: vendor="X.Org Foundation" +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: compiled for 1.21.1.16, module version = 1.0.0 +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: ABI class: X.Org Server Extension, version 10.0 +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (II) LoadModule: "amdgpu" +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (II) Loading /nix/store/1syfpzn0s39fh62xcq5jaahar619gbds-xf86-video-amdgpu-23.0.0/lib/xorg/modules/drivers/amdgpu_drv.so +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (II) Module amdgpu: vendor="X.Org Foundation" +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: compiled for 1.21.1.16, module version = 23.0.0 +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: Module class: X.Org Video Driver +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: ABI class: X.Org Video Driver, version 25.2 +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (II) AMDGPU: Driver for AMD Radeon: +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: All GPUs supported by the amdgpu kernel driver +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (WW) VGA arbiter: cannot open kernel arbiter, no multi-card support +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (II) AMDGPU(0): Creating default Display subsection in Screen section +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: "Screen-amdgpu[0]" for depth/fbbpp 24/32 +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (==) AMDGPU(0): Depth 24, (--) framebuffer bpp 32 +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (II) AMDGPU(0): Pixel depth = 24 bits stored in 4 bytes (32 bpp pixmaps) +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (==) AMDGPU(0): Default visual is TrueColor +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (==) AMDGPU(0): RGB weight 888 +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (II) AMDGPU(0): Using 8 bits per RGB (8 bit DAC) +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (--) AMDGPU(0): Chipset: "AMD Radeon Pro W5700" (ChipID = 0x7312) +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (II) Loading sub module "fb" +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (II) LoadModule: "fb" +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (II) Module "fb" already built-in +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (II) Loading sub module "dri2" +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (II) LoadModule: "dri2" +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (II) Module "dri2" already built-in +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (II) Loading sub module "glamoregl" +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (II) LoadModule: "glamoregl" +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (II) Loading /nix/store/j93m21y17jbs7sa380gdyv5236q27rss-xorg-server-21.1.16/lib/xorg/modules/libglamoregl.so +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (II) Module glamoregl: vendor="X.Org Foundation" +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: compiled for 1.21.1.16, module version = 1.0.1 +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: ABI class: X.Org ANSI C Emulation, version 0.4 +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (EE) +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (EE) Backtrace: +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (EE) 0: /nix/store/j93m21y17jbs7sa380gdyv5236q27rss-xorg-server-21.1.16/bin/X (OsSigHandler+0x33) [0x5c35e3] +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (EE) unw_get_proc_name failed: no unwind info found [-10] +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (EE) 1: /nix/store/p9kdj55g5l39nbrxpjyz5wc1m0s7rzsx-glibc-2.40-66/lib/libc.so.6 (?+0x0) [0x7f321be49620] +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (EE) +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (EE) Segmentation fault at address 0x0 +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (EE) +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: Fatal server error: +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (EE) Caught signal 11 (Segmentation fault). Server aborting +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (EE) +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (EE) +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: Please consult the The X.Org Foundation support +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: at http://wiki.x.org +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: for help. +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (EE) Please also check the log file at "/dev/null" for additional information. +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (EE) +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (EE) Server terminated with error (1). Closing log file. + Module libdrm_amdgpu.so.1 without build-id. + Module amdgpu_drv.so without build-id. + #5 0x00000000005ccd95 FatalError (Xorg + 0x1ccd95) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54128]: Unable to run X server +Jun 02 13:22:24 l gdm[53976]: Gdm: GdmDisplay: Session never registered, failing +Jun 02 13:22:24 l gdm[53976]: Gdm: Child process -54128 was already dead. +Jun 02 13:22:24 l gdm[53976]: Gdm: GdmDisplay: Session never registered, failing +Jun 02 13:22:24 l gdm[53976]: Gdm: Child process -54128 was already dead. +Jun 02 13:22:24 l systemd-logind[1623]: New session c24 of user gdm. +Jun 02 13:22:24 l systemd[1]: Started Session c24 of User gdm. +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: X.Org X Server 1.21.1.16 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: X Protocol Version 11, Revision 0 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: Current Operating System: Linux l 6.12.25 #1-NixOS SMP PREEMPT_DYNAMIC Fri Apr 25 08:48:08 UTC 2025 x86_64 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: Kernel command line: initrd=\EFI\nixos\ddwdrb723gkjnw86zlcpzdzns53599kb-initrd-linux-6.12.25-initrd.efi init=/nix/store/zgv335j605i6kzm2r7hfca41029fdi12-nixos-system-l-24.11.20250502.bf3287d/init loglevel=4 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: Current version of pixman: 0.43.4 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: Before reporting problems, check http://wiki.x.org +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: to make sure that you have the latest version. +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: Markers: (--) probed, (**) from config file, (==) default setting, +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (++) from command line, (!!) notice, (II) informational, +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (WW) warning, (EE) error, (NI) not implemented, (??) unknown. +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (++) Log file: "/dev/null", Time: Mon Jun 2 13:22:24 2025 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (++) Using config file: "/nix/store/fym223impgdfyvxh0cpk9vnrk0lywbxm-xserver.conf" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (==) Using config directory: "/etc/X11/xorg.conf.d" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (==) Using system config directory "/nix/store/j93m21y17jbs7sa380gdyv5236q27rss-xorg-server-21.1.16/share/X11/xorg.conf.d" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (==) ServerLayout "Layout[all]" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (**) |-->Screen "Screen-amdgpu[0]" (0) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (**) | |-->Monitor "" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (**) | |-->Device "Device-amdgpu[0]" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (==) No monitor specified for screen "Screen-amdgpu[0]". +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: Using a default monitor configuration. +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (**) Option "DontZap" "on" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (**) Option "AllowMouseOpenFail" "on" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (**) Allowing byte-swapped clients +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (==) Automatically adding devices +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (==) Automatically enabling devices +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (==) Automatically adding GPU devices +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (==) Automatically binding GPU devices +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (==) Max clients allowed: 256, resource mask: 0x1fffff +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (**) FontPath set to: +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: /nix/store/xh83kpkqq7xvqyqlc7j4gmphf6jc8g5f-font-cursor-misc-1.0.4/lib/X11/fonts/misc, +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: /nix/store/p8zdmv713rmrjv0qdxv58cmy0nh427w3-font-misc-misc-1.1.3/lib/X11/fonts/misc, +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: /nix/store/lc9l1wg361h0zrw1hcv78aygzcyxsa88-unifont-16.0.01/share/fonts, +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: /nix/store/42350zvqxga4vfwdaky5mjhjrfh00y0m-font-adobe-100dpi-1.0.4/lib/X11/fonts/100dpi, +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: /nix/store/brzcaxpd0bq424cd7wqd59bvxfhxpmny-font-adobe-75dpi-1.0.4/lib/X11/fonts/75dpi +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (**) ModulePath set to "/nix/store/1syfpzn0s39fh62xcq5jaahar619gbds-xf86-video-amdgpu-23.0.0/lib/xorg/modules,/nix/store/j93m21y17jbs7sa380gdyv5236q27rss-xorg-server-21.1.16/lib/xorg/modules,/nix/store/1dx1w0hkdaycrcyjpwyq4i1nc0j6my36-xf86-input-evdev-2.11.0/lib/xorg/modules,/nix/store/hc4vy0scpvr0k10bm1sjqn40qql1725r-xf86-input-libinput-1.5.0/lib/xorg/modules" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) The server relies on udev to provide the list of input devices. +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: If no devices become available, reconfigure udev or disable AutoAddDevices. +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) Loader magic: 0x64fe40 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) Module ABI versions: +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: X.Org ANSI C Emulation: 0.4 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: X.Org Video Driver: 25.2 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: X.Org XInput driver : 24.4 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: X.Org Server Extension : 10.0 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (++) using VT number 7 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) systemd-logind: took control of session /org/freedesktop/login1/session/c24 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) xfree86: Adding drm device (/dev/dri/card1) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) Platform probe for /sys/devices/pci0000:60/0000:60:03.1/0000:61:00.0/0000:62:00.0/0000:63:00.0/drm/card1 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) systemd-logind: got fd for /dev/dri/card1 226:1 fd 14 paused 0 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (--) PCI:*(99@0:0:0) 1002:7312:1002:031e rev 0, Mem @ 0x13e00000000/8589934592, 0x14000000000/268435456, 0xcde00000/524288, I/O @ 0x0000f000/256, BIOS @ 0x????????/131072 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (WW) Open ACPI failed (/var/run/acpid.socket) (No such file or directory) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) "glx" will be loaded by default. +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) LoadModule: "glx" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) Loading /nix/store/j93m21y17jbs7sa380gdyv5236q27rss-xorg-server-21.1.16/lib/xorg/modules/extensions/libglx.so +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) Module glx: vendor="X.Org Foundation" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: compiled for 1.21.1.16, module version = 1.0.0 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: ABI class: X.Org Server Extension, version 10.0 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) LoadModule: "amdgpu" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) Loading /nix/store/1syfpzn0s39fh62xcq5jaahar619gbds-xf86-video-amdgpu-23.0.0/lib/xorg/modules/drivers/amdgpu_drv.so +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) Module amdgpu: vendor="X.Org Foundation" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: compiled for 1.21.1.16, module version = 23.0.0 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: Module class: X.Org Video Driver +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: ABI class: X.Org Video Driver, version 25.2 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) AMDGPU: Driver for AMD Radeon: +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: All GPUs supported by the amdgpu kernel driver +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (WW) VGA arbiter: cannot open kernel arbiter, no multi-card support +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) AMDGPU(0): Creating default Display subsection in Screen section +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: "Screen-amdgpu[0]" for depth/fbbpp 24/32 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (==) AMDGPU(0): Depth 24, (--) framebuffer bpp 32 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) AMDGPU(0): Pixel depth = 24 bits stored in 4 bytes (32 bpp pixmaps) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (==) AMDGPU(0): Default visual is TrueColor +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (==) AMDGPU(0): RGB weight 888 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) AMDGPU(0): Using 8 bits per RGB (8 bit DAC) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (--) AMDGPU(0): Chipset: "AMD Radeon Pro W5700" (ChipID = 0x7312) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) Loading sub module "fb" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) LoadModule: "fb" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) Module "fb" already built-in +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) Loading sub module "dri2" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) LoadModule: "dri2" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) Module "dri2" already built-in +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) Loading sub module "glamoregl" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) LoadModule: "glamoregl" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) Loading /nix/store/j93m21y17jbs7sa380gdyv5236q27rss-xorg-server-21.1.16/lib/xorg/modules/libglamoregl.so +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) Module glamoregl: vendor="X.Org Foundation" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: compiled for 1.21.1.16, module version = 1.0.1 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: ABI class: X.Org ANSI C Emulation, version 0.4 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (EE) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (EE) Backtrace: +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (EE) 0: /nix/store/j93m21y17jbs7sa380gdyv5236q27rss-xorg-server-21.1.16/bin/X (OsSigHandler+0x33) [0x5c35e3] +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (EE) unw_get_proc_name failed: no unwind info found [-10] +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (EE) 1: /nix/store/p9kdj55g5l39nbrxpjyz5wc1m0s7rzsx-glibc-2.40-66/lib/libc.so.6 (?+0x0) [0x7fbd5d795620] +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (EE) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (EE) Segmentation fault at address 0x0 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (EE) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: Fatal server error: +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (EE) Caught signal 11 (Segmentation fault). Server aborting +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (EE) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (EE) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: Please consult the The X.Org Foundation support +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: at http://wiki.x.org +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: for help. +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (EE) Please also check the log file at "/dev/null" for additional information. +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (EE) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (EE) Server terminated with error (1). Closing log file. + Module libdrm_amdgpu.so.1 without build-id. + Module amdgpu_drv.so without build-id. + #5 0x00000000005ccd95 FatalError (Xorg + 0x1ccd95) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54157]: Unable to run X server +Jun 02 13:22:24 l gdm[53976]: Gdm: GdmDisplay: Session never registered, failing +Jun 02 13:22:24 l gdm[53976]: Gdm: Child process -54157 was already dead. +Jun 02 13:22:24 l gdm[53976]: Gdm: GdmDisplay: Session never registered, failing +Jun 02 13:22:24 l gdm[53976]: Gdm: Child process -54157 was already dead. +Jun 02 13:22:24 l systemd-logind[1623]: New session c25 of user gdm. +Jun 02 13:22:24 l systemd[1]: Started Session c25 of User gdm. +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: X.Org X Server 1.21.1.16 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: X Protocol Version 11, Revision 0 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: Current Operating System: Linux l 6.12.25 #1-NixOS SMP PREEMPT_DYNAMIC Fri Apr 25 08:48:08 UTC 2025 x86_64 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: Kernel command line: initrd=\EFI\nixos\ddwdrb723gkjnw86zlcpzdzns53599kb-initrd-linux-6.12.25-initrd.efi init=/nix/store/zgv335j605i6kzm2r7hfca41029fdi12-nixos-system-l-24.11.20250502.bf3287d/init loglevel=4 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: Current version of pixman: 0.43.4 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: Before reporting problems, check http://wiki.x.org +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: to make sure that you have the latest version. +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: Markers: (--) probed, (**) from config file, (==) default setting, +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (++) from command line, (!!) notice, (II) informational, +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (WW) warning, (EE) error, (NI) not implemented, (??) unknown. +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (++) Log file: "/dev/null", Time: Mon Jun 2 13:22:24 2025 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (++) Using config file: "/nix/store/fym223impgdfyvxh0cpk9vnrk0lywbxm-xserver.conf" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (==) Using config directory: "/etc/X11/xorg.conf.d" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (==) Using system config directory "/nix/store/j93m21y17jbs7sa380gdyv5236q27rss-xorg-server-21.1.16/share/X11/xorg.conf.d" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (==) ServerLayout "Layout[all]" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (**) |-->Screen "Screen-amdgpu[0]" (0) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (**) | |-->Monitor "" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (**) | |-->Device "Device-amdgpu[0]" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (==) No monitor specified for screen "Screen-amdgpu[0]". +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: Using a default monitor configuration. +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (**) Option "DontZap" "on" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (**) Option "AllowMouseOpenFail" "on" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (**) Allowing byte-swapped clients +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (==) Automatically adding devices +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (==) Automatically enabling devices +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (==) Automatically adding GPU devices +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (==) Automatically binding GPU devices +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (==) Max clients allowed: 256, resource mask: 0x1fffff +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (**) FontPath set to: +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: /nix/store/xh83kpkqq7xvqyqlc7j4gmphf6jc8g5f-font-cursor-misc-1.0.4/lib/X11/fonts/misc, +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: /nix/store/p8zdmv713rmrjv0qdxv58cmy0nh427w3-font-misc-misc-1.1.3/lib/X11/fonts/misc, +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: /nix/store/lc9l1wg361h0zrw1hcv78aygzcyxsa88-unifont-16.0.01/share/fonts, +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: /nix/store/42350zvqxga4vfwdaky5mjhjrfh00y0m-font-adobe-100dpi-1.0.4/lib/X11/fonts/100dpi, +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: /nix/store/brzcaxpd0bq424cd7wqd59bvxfhxpmny-font-adobe-75dpi-1.0.4/lib/X11/fonts/75dpi +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (**) ModulePath set to "/nix/store/1syfpzn0s39fh62xcq5jaahar619gbds-xf86-video-amdgpu-23.0.0/lib/xorg/modules,/nix/store/j93m21y17jbs7sa380gdyv5236q27rss-xorg-server-21.1.16/lib/xorg/modules,/nix/store/1dx1w0hkdaycrcyjpwyq4i1nc0j6my36-xf86-input-evdev-2.11.0/lib/xorg/modules,/nix/store/hc4vy0scpvr0k10bm1sjqn40qql1725r-xf86-input-libinput-1.5.0/lib/xorg/modules" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) The server relies on udev to provide the list of input devices. +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: If no devices become available, reconfigure udev or disable AutoAddDevices. +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) Loader magic: 0x64fe40 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) Module ABI versions: +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: X.Org ANSI C Emulation: 0.4 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: X.Org Video Driver: 25.2 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: X.Org XInput driver : 24.4 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: X.Org Server Extension : 10.0 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (++) using VT number 7 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) systemd-logind: took control of session /org/freedesktop/login1/session/c25 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) xfree86: Adding drm device (/dev/dri/card1) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) Platform probe for /sys/devices/pci0000:60/0000:60:03.1/0000:61:00.0/0000:62:00.0/0000:63:00.0/drm/card1 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) systemd-logind: got fd for /dev/dri/card1 226:1 fd 14 paused 0 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (--) PCI:*(99@0:0:0) 1002:7312:1002:031e rev 0, Mem @ 0x13e00000000/8589934592, 0x14000000000/268435456, 0xcde00000/524288, I/O @ 0x0000f000/256, BIOS @ 0x????????/131072 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (WW) Open ACPI failed (/var/run/acpid.socket) (No such file or directory) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) "glx" will be loaded by default. +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) LoadModule: "glx" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) Loading /nix/store/j93m21y17jbs7sa380gdyv5236q27rss-xorg-server-21.1.16/lib/xorg/modules/extensions/libglx.so +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) Module glx: vendor="X.Org Foundation" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: compiled for 1.21.1.16, module version = 1.0.0 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: ABI class: X.Org Server Extension, version 10.0 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) LoadModule: "amdgpu" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) Loading /nix/store/1syfpzn0s39fh62xcq5jaahar619gbds-xf86-video-amdgpu-23.0.0/lib/xorg/modules/drivers/amdgpu_drv.so +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) Module amdgpu: vendor="X.Org Foundation" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: compiled for 1.21.1.16, module version = 23.0.0 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: Module class: X.Org Video Driver +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: ABI class: X.Org Video Driver, version 25.2 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) AMDGPU: Driver for AMD Radeon: +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: All GPUs supported by the amdgpu kernel driver +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (WW) VGA arbiter: cannot open kernel arbiter, no multi-card support +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) AMDGPU(0): Creating default Display subsection in Screen section +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: "Screen-amdgpu[0]" for depth/fbbpp 24/32 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (==) AMDGPU(0): Depth 24, (--) framebuffer bpp 32 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) AMDGPU(0): Pixel depth = 24 bits stored in 4 bytes (32 bpp pixmaps) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (==) AMDGPU(0): Default visual is TrueColor +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (==) AMDGPU(0): RGB weight 888 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) AMDGPU(0): Using 8 bits per RGB (8 bit DAC) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (--) AMDGPU(0): Chipset: "AMD Radeon Pro W5700" (ChipID = 0x7312) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) Loading sub module "fb" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) LoadModule: "fb" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) Module "fb" already built-in +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) Loading sub module "dri2" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) LoadModule: "dri2" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) Module "dri2" already built-in +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) Loading sub module "glamoregl" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) LoadModule: "glamoregl" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) Loading /nix/store/j93m21y17jbs7sa380gdyv5236q27rss-xorg-server-21.1.16/lib/xorg/modules/libglamoregl.so +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) Module glamoregl: vendor="X.Org Foundation" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: compiled for 1.21.1.16, module version = 1.0.1 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: ABI class: X.Org ANSI C Emulation, version 0.4 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (EE) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (EE) Backtrace: +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (EE) 0: /nix/store/j93m21y17jbs7sa380gdyv5236q27rss-xorg-server-21.1.16/bin/X (OsSigHandler+0x33) [0x5c35e3] +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (EE) unw_get_proc_name failed: no unwind info found [-10] +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (EE) 1: /nix/store/p9kdj55g5l39nbrxpjyz5wc1m0s7rzsx-glibc-2.40-66/lib/libc.so.6 (?+0x0) [0x7f2325759620] +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (EE) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (EE) Segmentation fault at address 0x0 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (EE) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: Fatal server error: +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (EE) Caught signal 11 (Segmentation fault). Server aborting +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (EE) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (EE) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: Please consult the The X.Org Foundation support +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: at http://wiki.x.org +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: for help. +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (EE) Please also check the log file at "/dev/null" for additional information. +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (EE) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (EE) Server terminated with error (1). Closing log file. + Module libdrm_amdgpu.so.1 without build-id. + Module amdgpu_drv.so without build-id. + #5 0x00000000005ccd95 FatalError (Xorg + 0x1ccd95) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54186]: Unable to run X server +Jun 02 13:22:24 l gdm[53976]: Gdm: GdmDisplay: Session never registered, failing +Jun 02 13:22:24 l gdm[53976]: Gdm: GdmLocalDisplayFactory: maximum number of X display failures reached: check X server log for errors +Jun 02 13:22:24 l gdm[53976]: Gdm: Child process -54186 was already dead. +Jun 02 13:22:35 l (sd-pam)[53991]: pam_unix(systemd-user:session): session closed for user gdm diff --git a/desktop/old.l/distributed-builds.nix b/desktop/old.l/distributed-builds.nix new file mode 100644 index 0000000..7989606 --- /dev/null +++ b/desktop/old.l/distributed-builds.nix @@ -0,0 +1,19 @@ +# +# latops/t/distributed-builds.nix +# +# https://nix.dev/tutorials/nixos/distributed-builds-setup.html#set-up-distributed-builds +{ pkgs, ... }: +{ + nix.distributedBuilds = true; + nix.settings.builders-use-substitutes = true; + + nix.buildMachines = [ + { + hostName = "hp4.home"; + sshUser = "remotebuild"; + sshKey = "/root/.ssh/remotebuild"; + system = pkgs.stdenv.hostPlatform.system; + supportedFeatures = [ "nixos-test" "big-parallel" "kvm" ]; + } + ]; +} \ No newline at end of file diff --git a/desktop/old.l/docker-daemon.nix b/desktop/old.l/docker-daemon.nix new file mode 100644 index 0000000..fe72a86 --- /dev/null +++ b/desktop/old.l/docker-daemon.nix @@ -0,0 +1,27 @@ + +{ config, pkgs, ... }: + +{ + # https://nixos.wiki/wiki/Docker + # https://search.nixos.org/options?from=0&size=50&sort=alpha_asc&query=virtualisation.docker + # https://search.nixos.org/options?channel=24.05&show=virtualisation.docker.extraOptions&from=0&size=50&sort=alpha_asc&type=packages&query=virtualisation.docker + # https://github.com/NixOS/nixpkgs/issues/68349 + virtualisation.docker.enable = true; + virtualisation.docker.daemon.settings = { + data-root = "/home/das/docker/"; + userland-proxy = false; + experimental = true; + ipv6 = true; + fixed-cidr-v6 = "fd00::/80"; + metrics-addr = "0.0.0.0:9323"; + # log-driver = "json-file"; + # log-opts.max-size = "10m"; + # log-opts.max-file = "10"; + }; + #this doesn't work + #virtualisation.docker.daemon.settings.log-opts.max-size = "10m"; + # https://docs.docker.com/reference/cli/dockerd/ + #virtualisation.docker.extraOptions = "--userland-proxy=false"; + #virtualisation.docker.extraOptions = "--log-opt=max-size=10m"; + #virtualisation.docker.extraOptions = "--ipv6"; +} \ No newline at end of file diff --git a/desktop/old.l/firewall.nix b/desktop/old.l/firewall.nix new file mode 100644 index 0000000..449b44f --- /dev/null +++ b/desktop/old.l/firewall.nix @@ -0,0 +1,32 @@ +{ config, pkgs, ... }: + +{ + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + # https://nixos.wiki/wiki/Firewall + # https://scvalex.net/posts/54/ + # sudo nft --stateless list table filter + # sudo sudo iptables-save + networking.firewall = { + enable = false; + allowedTCPPorts = [ + 22 # ssh + 5001 # iperf2 + ]; + # allowedTCPPorts = [ 22 5001 ]; + # #allowedUDPPortRanges = [ + # # { from = 4000; to = 4007; } + # # { from = 8000; to = 8010; } + # #]; + # NixOS automagically creates stateful connection tracking, which we don't want + # for performance reasons + # extraCommands = '' + # iptables --delete nixos-fw -m conntrack --ctstate RELATED,ESTABLISHED -j nixos-fw-accept || true + # ''; + }; + # networking.firewall.interfaces."eth0".allowedTCPPorts = [ 80 443 ]; +} \ No newline at end of file diff --git a/desktop/old.l/flake.lock b/desktop/old.l/flake.lock new file mode 100644 index 0000000..6a828e3 --- /dev/null +++ b/desktop/old.l/flake.lock @@ -0,0 +1,523 @@ +{ + "nodes": { + "aquamarine": { + "inputs": { + "hyprutils": [ + "hyprland", + "hyprutils" + ], + "hyprwayland-scanner": [ + "hyprland", + "hyprwayland-scanner" + ], + "nixpkgs": [ + "hyprland", + "nixpkgs" + ], + "systems": [ + "hyprland", + "systems" + ] + }, + "locked": { + "lastModified": 1745357003, + "narHash": "sha256-jYwzQkv1r7HN/4qrAuKp+NR4YYNp2xDrOX5O9YVqkWo=", + "owner": "hyprwm", + "repo": "aquamarine", + "rev": "a19cf76ee1a15c1c12083fa372747ce46387289f", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "aquamarine", + "type": "github" + } + }, + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "gitignore": { + "inputs": { + "nixpkgs": [ + "hyprland", + "pre-commit-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, + "home-manager": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1746171682, + "narHash": "sha256-EyXUNSa+H+YvGVuQJP1nZskXAowxKYp79RNUsNdQTj4=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "50eee705bbdbac942074a8c120e8194185633675", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "release-24.11", + "repo": "home-manager", + "type": "github" + } + }, + "hyprcursor": { + "inputs": { + "hyprlang": [ + "hyprland", + "hyprlang" + ], + "nixpkgs": [ + "hyprland", + "nixpkgs" + ], + "systems": [ + "hyprland", + "systems" + ] + }, + "locked": { + "lastModified": 1745948457, + "narHash": "sha256-lzTV10FJTCGNtMdgW5YAhCAqezeAzKOd/97HbQK8GTU=", + "owner": "hyprwm", + "repo": "hyprcursor", + "rev": "ac903e80b33ba6a88df83d02232483d99f327573", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "hyprcursor", + "type": "github" + } + }, + "hyprgraphics": { + "inputs": { + "hyprutils": [ + "hyprland", + "hyprutils" + ], + "nixpkgs": [ + "hyprland", + "nixpkgs" + ], + "systems": [ + "hyprland", + "systems" + ] + }, + "locked": { + "lastModified": 1745015490, + "narHash": "sha256-apEJ9zoSzmslhJ2vOKFcXTMZLUFYzh1ghfB6Rbw3Low=", + "owner": "hyprwm", + "repo": "hyprgraphics", + "rev": "60754910946b4e2dc1377b967b7156cb989c5873", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "hyprgraphics", + "type": "github" + } + }, + "hyprland": { + "inputs": { + "aquamarine": "aquamarine", + "hyprcursor": "hyprcursor", + "hyprgraphics": "hyprgraphics", + "hyprland-protocols": "hyprland-protocols", + "hyprland-qtutils": "hyprland-qtutils", + "hyprlang": "hyprlang", + "hyprutils": "hyprutils", + "hyprwayland-scanner": "hyprwayland-scanner", + "nixpkgs": "nixpkgs", + "pre-commit-hooks": "pre-commit-hooks", + "systems": "systems", + "xdph": "xdph" + }, + "locked": { + "lastModified": 1746291290, + "narHash": "sha256-96SpKoIyUsRas+h6RhnPcgbduyH2j2YrujWpsuKdK8Q=", + "owner": "hyprwm", + "repo": "Hyprland", + "rev": "46ac115bd19ee3aff5c816033de0b1d55a74e33f", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "Hyprland", + "type": "github" + } + }, + "hyprland-plugins": { + "inputs": { + "hyprland": [ + "hyprland" + ], + "nixpkgs": [ + "hyprland-plugins", + "hyprland", + "nixpkgs" + ], + "systems": [ + "hyprland-plugins", + "hyprland", + "systems" + ] + }, + "locked": { + "lastModified": 1746281365, + "narHash": "sha256-L5oTQib471A0zXhk6ed9y8UE19Sh7+WU3xQg0q3e+FI=", + "owner": "hyprwm", + "repo": "hyprland-plugins", + "rev": "0ca682bc2c2e10414e7de1fb6606226a45e76380", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "hyprland-plugins", + "type": "github" + } + }, + "hyprland-protocols": { + "inputs": { + "nixpkgs": [ + "hyprland", + "nixpkgs" + ], + "systems": [ + "hyprland", + "systems" + ] + }, + "locked": { + "lastModified": 1743714874, + "narHash": "sha256-yt8F7NhMFCFHUHy/lNjH/pjZyIDFNk52Q4tivQ31WFo=", + "owner": "hyprwm", + "repo": "hyprland-protocols", + "rev": "3a5c2bda1c1a4e55cc1330c782547695a93f05b2", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "hyprland-protocols", + "type": "github" + } + }, + "hyprland-qt-support": { + "inputs": { + "hyprlang": [ + "hyprland", + "hyprland-qtutils", + "hyprlang" + ], + "nixpkgs": [ + "hyprland", + "hyprland-qtutils", + "nixpkgs" + ], + "systems": [ + "hyprland", + "hyprland-qtutils", + "systems" + ] + }, + "locked": { + "lastModified": 1737634706, + "narHash": "sha256-nGCibkfsXz7ARx5R+SnisRtMq21IQIhazp6viBU8I/A=", + "owner": "hyprwm", + "repo": "hyprland-qt-support", + "rev": "8810df502cdee755993cb803eba7b23f189db795", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "hyprland-qt-support", + "type": "github" + } + }, + "hyprland-qtutils": { + "inputs": { + "hyprland-qt-support": "hyprland-qt-support", + "hyprlang": [ + "hyprland", + "hyprlang" + ], + "hyprutils": [ + "hyprland", + "hyprland-qtutils", + "hyprlang", + "hyprutils" + ], + "nixpkgs": [ + "hyprland", + "nixpkgs" + ], + "systems": [ + "hyprland", + "systems" + ] + }, + "locked": { + "lastModified": 1745951494, + "narHash": "sha256-2dModE32doiyQMmd6EDAQeZnz+5LOs6KXyE0qX76WIg=", + "owner": "hyprwm", + "repo": "hyprland-qtutils", + "rev": "4be1d324faf8d6e82c2be9f8510d299984dfdd2e", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "hyprland-qtutils", + "type": "github" + } + }, + "hyprlang": { + "inputs": { + "hyprutils": [ + "hyprland", + "hyprutils" + ], + "nixpkgs": [ + "hyprland", + "nixpkgs" + ], + "systems": [ + "hyprland", + "systems" + ] + }, + "locked": { + "lastModified": 1745357019, + "narHash": "sha256-q/C3qj9FWHQenObXuw/nGIT8iIsWFjgmcQYcA+ZfpPs=", + "owner": "hyprwm", + "repo": "hyprlang", + "rev": "397600c42b8d7a443a5b4e92aa15f46650a90f18", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "hyprlang", + "type": "github" + } + }, + "hyprutils": { + "inputs": { + "nixpkgs": [ + "hyprland", + "nixpkgs" + ], + "systems": [ + "hyprland", + "systems" + ] + }, + "locked": { + "lastModified": 1745975815, + "narHash": "sha256-s3GzsRxBL/N/xYgUXZhQh4t62uR1BN4zxXgWBtJ3lWM=", + "owner": "hyprwm", + "repo": "hyprutils", + "rev": "05878d9470c9e5cbc8807813f9ec2006627a0ca0", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "hyprutils", + "type": "github" + } + }, + "hyprwayland-scanner": { + "inputs": { + "nixpkgs": [ + "hyprland", + "nixpkgs" + ], + "systems": [ + "hyprland", + "systems" + ] + }, + "locked": { + "lastModified": 1739870480, + "narHash": "sha256-SiDN5BGxa/1hAsqhgJsS03C3t2QrLgBT8u+ENJ0Qzwc=", + "owner": "hyprwm", + "repo": "hyprwayland-scanner", + "rev": "206367a08dc5ac4ba7ad31bdca391d098082e64b", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "hyprwayland-scanner", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1746141548, + "narHash": "sha256-IgBWhX7A2oJmZFIrpRuMnw5RAufVnfvOgHWgIdds+hc=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "f02fddb8acef29a8b32f10a335d44828d7825b78", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-unstable": { + "locked": { + "lastModified": 1746141548, + "narHash": "sha256-IgBWhX7A2oJmZFIrpRuMnw5RAufVnfvOgHWgIdds+hc=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "f02fddb8acef29a8b32f10a335d44828d7825b78", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1746183838, + "narHash": "sha256-kwaaguGkAqTZ1oK0yXeQ3ayYjs8u/W7eEfrFpFfIDFA=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "bf3287dac860542719fe7554e21e686108716879", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-24.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "pre-commit-hooks": { + "inputs": { + "flake-compat": "flake-compat", + "gitignore": "gitignore", + "nixpkgs": [ + "hyprland", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1742649964, + "narHash": "sha256-DwOTp7nvfi8mRfuL1escHDXabVXFGT1VlPD1JHrtrco=", + "owner": "cachix", + "repo": "git-hooks.nix", + "rev": "dcf5072734cb576d2b0c59b2ac44f5050b5eac82", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "git-hooks.nix", + "type": "github" + } + }, + "root": { + "inputs": { + "home-manager": "home-manager", + "hyprland": "hyprland", + "hyprland-plugins": "hyprland-plugins", + "nixpkgs": "nixpkgs_2", + "nixpkgs-unstable": "nixpkgs-unstable" + } + }, + "systems": { + "locked": { + "lastModified": 1689347949, + "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", + "owner": "nix-systems", + "repo": "default-linux", + "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default-linux", + "type": "github" + } + }, + "xdph": { + "inputs": { + "hyprland-protocols": [ + "hyprland", + "hyprland-protocols" + ], + "hyprlang": [ + "hyprland", + "hyprlang" + ], + "hyprutils": [ + "hyprland", + "hyprutils" + ], + "hyprwayland-scanner": [ + "hyprland", + "hyprwayland-scanner" + ], + "nixpkgs": [ + "hyprland", + "nixpkgs" + ], + "systems": [ + "hyprland", + "systems" + ] + }, + "locked": { + "lastModified": 1745871725, + "narHash": "sha256-M24SNc2flblWGXFkGQfqSlEOzAGZnMc9QG3GH4K/KbE=", + "owner": "hyprwm", + "repo": "xdg-desktop-portal-hyprland", + "rev": "76bbf1a6b1378e4ab5230bad00ad04bc287c969e", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "xdg-desktop-portal-hyprland", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/desktop/old.l/flake.nix b/desktop/old.l/flake.nix new file mode 100644 index 0000000..9a24cec --- /dev/null +++ b/desktop/old.l/flake.nix @@ -0,0 +1,96 @@ +{ + description = "l Flake"; + + # https://nix.dev/manual/nix/2.24/command-ref/new-cli/nix3-flake.html#flake-inputs + inputs = { + nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11"; + nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; + # https://docs.github.com/en/rest/branches/branches?apiVersion=2022-11-28#get-a-branch + # nixpkgs-unstable.url = "github:randomizedcoder/nixpkgs/8f146535307f0168d758fe6fee6f52663cb11695";#iperf2_2.2.1 + # nixpkgs-unstable.url = "github:randomizedcoder/nixpkgs/c9580e24eb621d72eda63355d7c8dbfb1654d333"; + # https://github.com/NixOS/nix/issues/12022 + #nix flake lock --override-input nixpkgs /home/eelco/Dev/nixpkgs + #nix flake lock --override-input nixpkgs "/home/das/Downloads/nixpkgs + #nixpkgs.url = "/home/das/Downloads/nixpkgs"; + #nixpkgs = "../../../Downloads/nixpkgs/"; + # https://nixos-and-flakes.thiscute.world/nixos-with-flakes/start-using-home-manager + home-manager = { + url = "github:nix-community/home-manager/release-24.11"; + # The `follows` keyword in inputs is used for inheritance. + # Here, `inputs.nixpkgs` of home-manager is kept consistent with + # the `inputs.nixpkgs` of the current flake, + # to avoid problems caused by different versions of nixpkgs. + inputs.nixpkgs.follows = "nixpkgs"; + }; + hyprland.url = "github:hyprwm/Hyprland"; + hyprland-plugins = { + url = "github:hyprwm/hyprland-plugins"; + # https://github.com/hyprwm/hyprland-plugins + inputs.hyprland.follows = "hyprland"; + }; + }; + + #outputs = inputs@{ nixpkgs, home-manager, hyprland, ... }: + outputs = { self, nixpkgs, nixpkgs-unstable, home-manager, hyprland, ... }: + let + system = "x86_64-linux"; + pkgs = import nixpkgs { + inherit system; + config = { + allowUnfree = true; + allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ + # "nvidia-x11" + # "nvidia-settings" + # "nvidia-persistenced" + "google-chrome" + "android-studio" + "android-studio-stable" + ]; + }; + }; + # https://nixos.wiki/wiki/Flakes#Importing_packages_from_multiple_channels + # overlay-unstable = final: prev: { + # unstable = nixpkgs-unstable.legacyPackages.${prev.system}; + # }; + overlay-unstable = final: prev: { + unstable = import nixpkgs-unstable { + inherit system; + config = { + allowUnfree = true; + # allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ + # "vscode" + # "code-cursor" + # "slack" + # "zoom-us" + # "nvidia-x11" + # ]; + }; + }; + }; + lib = nixpkgs.lib; + in { + nixosConfigurations = { + l = lib.nixosSystem rec { + inherit system; + specialArgs = { + inherit hyprland overlay-unstable; + unstable = import nixpkgs-unstable { inherit system; config.allowUnfree = true; }; + }; + modules = [ + ({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay-unstable ]; }) + ./configuration.nix + hyprland.nixosModules.default + home-manager.nixosModules.home-manager + { + # https://nix-community.github.io/home-manager/nixos-options.xhtml#nixos-opt-home-manager.useGlobalPkgs + #home-manager.useGlobalPkgs = true; # This disables the Home Manager options nixpkgs.*. + home-manager.useUserPackages = true; + home-manager.users.das = import ./home.nix; + home-manager.extraSpecialArgs = specialArgs; + # see also: https://github.com/HeinzDev/Hyprland-dotfiles/blob/main/flake.nix + } + ]; + }; + }; + }; +} diff --git a/desktop/old.l/grafana.nix b/desktop/old.l/grafana.nix new file mode 100644 index 0000000..471b71d --- /dev/null +++ b/desktop/old.l/grafana.nix @@ -0,0 +1,23 @@ +{ config, pkgs, ... }: +{ + # https://nixos.wiki/wiki/Grafana + # https://search.nixos.org/options?query=services.grafana + # https://xeiaso.net/blog/prometheus-grafana-loki-nixos-2020-11-20/ + # https://grafana.com/grafana/dashboards/1860-node-exporter-full/ + services.grafana = { + enable = true; + settings = { + server = { + # Listening Address + http_addr = "0.0.0.0"; + # and Port + http_port = 3000; + # Grafana needs to know on which domain and URL it's running + #domain = "your.domain"; + #root_url = "https://your.domain/grafana/"; # Not needed if it is `https://your.domain/` + serve_from_sub_path = true; + enable_gzip = true; + }; + }; + }; +} \ No newline at end of file diff --git a/desktop/old.l/hardware-configuration.nix b/desktop/old.l/hardware-configuration.nix new file mode 100644 index 0000000..6608cdd --- /dev/null +++ b/desktop/old.l/hardware-configuration.nix @@ -0,0 +1,42 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/8722e7a6-a625-407f-9b1f-839bb52e7f8d"; + fsType = "ext4"; + }; + + boot.initrd.luks.devices."luks-67cf4e90-444f-4056-91a8-446fd6c42b09".device = "/dev/disk/by-uuid/67cf4e90-444f-4056-91a8-446fd6c42b09"; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/F732-675E"; + fsType = "vfat"; + options = [ "fmask=0077" "dmask=0077" ]; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/d762bfcb-e63b-47ad-ab8b-369c47e79833"; } + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/desktop/old.l/home.nix b/desktop/old.l/home.nix new file mode 100644 index 0000000..be84c15 --- /dev/null +++ b/desktop/old.l/home.nix @@ -0,0 +1,612 @@ +{ + hyprland, + config, + pkgs, + overlay-unstable, + ... +}: +#{ config, pkgs, ... }: +#{ config, inputs, pkgs, ... }: + +# sudo cp ./nixos/modules/* /etc/nixos/ +# sudo nixos-rebuild switch + +{ + imports = [ + hyprland.homeManagerModules.default + # other imports to go here + ]; + + home = { + username = "das"; + homeDirectory = "/home/das"; + }; + + # https://nix-community.github.io/home-manager/index.xhtml#ch-installation + #home-manager.users.das = { pkgs, ... }: { + + # https://nix-community.github.io/home-manager/options.xhtml#opt-home.sessionVariables + home.sessionVariables = { + NIXPKGS_ALLOW_UNFREE = "1"; + ELECTRON_OZONE_PLATFORM_HINT = "auto"; + + QT_QPA_PLATFORM = "wayland"; + # GI_TYPELIB_PATH = "/run/current-system/sw/lib/girepository-1.0"; + # disable wayland + NIXOS_OZONE_WL = "1"; + GOPRIVATE = "gitlab.com/sidenio/*"; + TERM = "xterm-256color"; + + #HTTP_PROXY = "http://hp4.home:3128"; + #HTTPS_PROXY = "http://hp4.home:3128"; + #NO_PROXY = "localhost,127.0.0.1,::1,172.16.0.0/16"; + # You can also use ALL_PROXY or FTP_PROXY if needed + # ALL_PROXY = "http://hp4:3128"; + }; + + home.packages = with pkgs; [ + # System/Info Tools + killall + hw-probe + lshw + hwloc + gparted + ncdu + neofetch + file + + # Terminal Multiplexers + tmux + screen + + # LLVM/Clang toolchain (needed for race detection and C/C++ builds) + unstable.llvmPackages_20.clang-tools + unstable.llvmPackages_20.lld + + # Essential development libraries (minimal headers) + glibc.dev + stdenv.cc.cc.lib + zlib.dev + openssl.dev + ncurses.dev + libyaml.dev + + # Build Tools + libgcc + # https://nixos.wiki/wiki/C + # https://search.nixos.org/packages?channel=24.05&show=gcc&from=0&size=50&sort=relevance&type=packages&query=gcc + #gcc + automake + gnumake + #cmake + pkg-config + + # Scripting/Utils + perl + #3.12.8 on 12th of Feb 2025 + python3Full + gawk + jq + git + htop + btop + minicom + + bc + + # Compression + bzip2 + gzip + lz4 + zip + unzip + xz + zstd + + gnutar + + # File Transfer/Management + rsync + tree + + # Terminals + alacritty + kitty + #https://ghostty.org/ + unstable.ghostty + + # Networking + ethtool + iproute2 + vlan + tcpdump + wireshark + unstable.iperf2 + netperf + flent + bpftools + fping + inetutils # Includes telnet + netcat-gnu + + # Filesystem/Monitoring + inotify-tools + + # Printing + hplip + #hplipWithPlugin + + # SDR + gnuradio + hackrf + gqrx + cubicsdr + + # Media + unstable.vlc + # ffmpeg moved to system package + #ffmpeg_7-full + #ffmpeg-full + + # Go Development + # https://nixos.wiki/wiki/Go + # https://nixos.org/manual/nixpkgs/stable/#sec-language-go + # https://nixos.wiki/wiki/FAQ#How_can_I_install_a_package_from_unstable_while_remaining_on_the_stable_channel.3F + libcap + #gcc_multi + #glibc_multi + # thunderbird + #go_1_23 + unstable.go + unstable.gopls + unstable.golint + unstable.golangci-lint + unstable.golangci-lint-langserver + # trunk is unfree, and i can't work out how to enable unfree + #trunk-io + # https://github.com/go-delve/delve + unstable.delve + # https://github.com/aarzilli/gdlv + gdlv + unstable.buf + protobuf_27 + grpcurl + # https://github.com/go-gorm/gen + # https://github.com/infobloxopen/protoc-gen-gorm/blob/main/example/postgres_arrays/buf.gen.yaml + gorm-gentool + # removed 24.11 + #buf-language-server + # https://tinygo.org/ + #tinygo + + # removing bazel and moving to the "nix develop" shell + # # https://github.com/bazelbuild/bazel/tags + # # https://github.com/NixOS/nixpkgs/blob/nixos-unstable/pkgs/development/tools/build-managers/bazel/bazel_7/default.nix#L524 + #unstable.bazel_7 + unstable.bazel-buildtools + unstable.bazelisk + + unstable.code-cursor + + # # https://github.com/bazel-contrib/bazel-gazelle/tags + # # https://github.com/NixOS/nixpkgs/blob/nixos-unstable/pkgs/by-name/ba/bazel-gazelle/package.nix#L26 + # unstable.bazel-gazelle + # unstable.bazel-buildtools + # unstable.bazelisk + # # https://github.com/buchgr/bazel-remote - maybe something to look at? + # # https://github.com/buildfarm/buildfarm?tab=readme-ov-file#helm-chart + + # Debugging/Profiling + graphviz # for pprof + strace + + # Diffing + meld + + # Editors + helix + + # Rust Development + # https://nixos.wiki/wiki/Rust + cargo + rustc + rustfmt + rust-analyzer + clippy + #clang_multi + + # Mobile Development + flutter + android-studio + android-tools + android-udev-rules + + # Gnome Related / Extensions + # gnomeExtensions.emoji-copy + # unstable.gnomeExtensions.workspace-switcher-manager + gnome-extension-manager + gnome-usage + dconf-editor + gnome-settings-daemon + gnome-disk-utility + gnome-software + gnome-tweaks + simple-scan + gnomeExtensions.appindicator + gnomeExtensions.settingscenter + gnomeExtensions.system-monitor + gnomeExtensions.dash-to-dock + gnomeExtensions.just-perfection + gnomeExtensions.logo-menu + gnomeExtensions.wifi-qrcode + gnomeExtensions.wireless-hid + gnomeExtensions.user-themes + gnomeExtensions.tray-icons-reloaded + gnomeExtensions.vitals + gnomeExtensions.dash-to-panel + gnomeExtensions.sound-output-device-chooser + gnomeExtensions.space-bar + # https://github.com/AstraExt/astra-monitor + gnomeExtensions.astra-monitor + libgtop + + # Office/Documents + libreoffice-qt + hunspell + hunspellDicts.en_AU + #hunspellDicts.en_US + evince + + # Browsers + # https://nixos.wiki/wiki/Firefox + firefox + # https://nixos.wiki/wiki/Chromium + chromium + #google-chrome + # https://discourse.nixos.org/t/google-chrome-not-working-after-recent-nixos-rebuild/43746 + (google-chrome.override { + commandLineArgs = [ + "--enable-features=UseOzonePlatform" + "--ozone-platform=wayland" + ]; + }) + + # Communication + # https://nixos.wiki/wiki/Slack + unstable.slack + unstable.zoom-us + + # Screenshots/Screen Recording + # https://wiki.nixos.org/wiki/Flameshot + unstable.flameshot + #(flameshot.override { enableWlrSupport = true; }) + grim # screenshot functionality + slurp # screenshot functionality + simplescreenrecorder + # https://wiki.nixos.org/wiki/Gpu-screen-recorder + gpu-screen-recorder # CLI + gpu-screen-recorder-gtk # GUI + + # Graphics + gimp-with-plugins + + # Text Editors + gedit + + # Containers + # https://nixos.wiki/wiki/Podman + dive + podman + runc + skopeo + podman-tui + podman-compose + docker-buildx + + # Kubernetes + #clickhouse + #clickhouse-cli + # https://github.com/int128/kubelogin + kubelogin-oidc + kubectl + kubernetes-helm + istioctl + krew + kubeshark + kubectl-ktop + kubectl-klock + kube-capacity + kubectl-images + kubectl-gadget + kdash + # k9s --kubeconfig=dev-d.kubeconfig + k9s + + # Misc + # https://github.com/jrincayc/ucblogo-code + ucblogo + # https://github.com/wagoodman/dive + # dive # Duplicate removed + # https://github.com/sharkdp/hyperfine + hyperfine + + # App Launchers + rofi-wayland + wofi + + # Raspberry Pi + rpi-imager + + #silly + cmatrix + sl + + #gpu monitoring + lact + ]; + + # vscode + # https://nixos.wiki/wiki/Visual_Studio_Code + # https://github.com/thexyno/nixos-config/blob/main/hm-modules/vscode/default.nix + # nix run github:nix-community/nix-vscode-extensions# -- --list-extensions + # https://mynixos.com/home-manager/options/programs.vscode + programs.vscode = { + enable = true; + # package = pkgs.vscode; + # extensions = with pkgs.vscode-extensions; [ + package = pkgs.unstable.vscode; + extensions = with pkgs.unstable.vscode-extensions; [ + #bbenoist.nix + dart-code.dart-code + dart-code.flutter + golang.go + hashicorp.terraform + #k6.k6 + ms-azuretools.vscode-docker + # https://github.com/orgs/microsoft/repositories?q=vscode + ms-vscode-remote.remote-containers + ms-vscode-remote.remote-ssh + #ms-vscode-remote.remote-ssh-edit + ms-vscode.makefile-tools + ms-vscode.cmake-tools + ms-vscode.cpptools + #ms-vscode.cpptools-extension-pack + #ms-vscode.cpptools-themes + ms-vscode.hexeditor + ms-vscode.makefile-tools + ms-python.python + ms-python.vscode-pylance + #ms-vscode.remote-explorer + #ms-vscode.remote-repositories + #ms-vscode.remote-server + ms-kubernetes-tools.vscode-kubernetes-tools + redhat.vscode-yaml + rust-lang.rust-analyzer + #crates is depreciated + #serayuzgur.crates + tamasfe.even-better-toml + timonwong.shellcheck + #trunk.io + zxh404.vscode-proto3 + yzhang.markdown-all-in-one + #platformio.platformio-ide + #github.copilot + # nix + #brettm12345.nixfmt.vscode + jnoortheen.nix-ide + #jeff-hykin.better-nix-syntax + rust-lang.rust-analyzer + #bazel + bazelbuild.vscode-bazel + ]; + }; + + #fonts.fonts = with pkgs; [ + # nerdfonts + # meslo-lgs-nf + #]; + + programs.bash = { + enable = true; + enableCompletion = true; + shellAliases = { + k = "kubectl"; + }; + }; + + programs.vim = { + enable = true; + plugins = with pkgs.vimPlugins; [ vim-airline ]; + settings = { ignorecase = true; }; + extraConfig = '' + set mouse=a + ''; + }; + #ldflags = [ + # "-X main.Version=${version}" + # "-X main.Commit=${version}" + #]; + + programs.git = { + enable = true; + userEmail = "dave.seddon.ca@gmail.com"; + userName = "randomizedcoder"; + #signing.key = "GPG-KEY-ID"; + #signing.signByDefault = true; + }; + + # https://nixos.wiki/wiki/OBS_Studio + # TODO add kernel module for virtual camera + programs.obs-studio = { + enable = true; + plugins = with pkgs.obs-studio-plugins; [ + wlrobs + obs-backgroundremoval + obs-pipewire-audio-capture + ]; + }; + + # another example with dark colors: + # https://github.com/HeinzDev/Hyprland-dotfiles/blob/main/home/home.nix#L70 + # + # https://heywoodlh.io/nixos-gnome-settings-and-keyboard-shortcuts + # https://rycee.gitlab.io/home-manager/options.xhtml#opt-dconf.settings + dconf.settings = { + "org/gnome/desktop/wm/preferences" = { + #button-layout = "close,minimize,maximize,above:appmenu"; + button-layout = ":minimize,maximize,above,close"; + num-workspaces = 2; + }; + # "org/gnome/desktop/interface" = { + # color-scheme = "prefer-dark"; + # }; + "org/gnome/desktop/interface" = { + clock-show-seconds = true; + clock-show-weekday = true; + color-scheme = "prefer-dark"; + enable-hot-corners = false; + font-antialiasing = "grayscale"; + font-hinting = "slight"; + gtk-theme = "Nordic"; + # toolkit-accessibility = true; + toolkit-accessibility = false; + }; + "org/gnome/shell" = { + disable-user-extensions = false; + favorite-apps = [ + "firefox.desktop" + "google-chrome.desktop" + "code.desktop" + "chromium.desktop" + "alacritty.desktop" + #"kitty.desktop" + "slack.desktop" + "ghostty.desktop" + ]; + enabled-extensions = with pkgs.gnomeExtensions; [ + blur-my-shell.extensionUuid + gsconnect.extensionUuid + ]; + }; + }; + + # disable wayland + # # https://nixos.wiki/wiki/Hyprland + # # https://josiahalenbrown.substack.com/p/installing-nixos-with-hyprland + # #programs.hyprland.enable = true; + # wayland.windowManager.hyprland = { + # # Whether to enable Hyprland wayland compositor + # enable = true; + # # The hyprland package to use + # package = pkgs.hyprland; + # # Whether to enable XWayland + # xwayland.enable = true; + + # https://wiki.hyprland.org/Nix/Hyprland-on-Home-Manager/ + # wayland.windowManager.hyprland.enable = true; # enable Hyprland + # Example: https://github.com/JaKooLit/NixOS-configs/blob/main/Ja-OS%20(configs%20using%20install%20script)/Asus-G15/hosts/G15-NixOS/config.nix#L144 + wayland.windowManager.hyprland = { + enable = true; + xwayland.enable = true; + #extraConfig = '' plugin = ${inputs.hy3.packages.${pkgs.system}.hy3}/lib/libhy3.so ''; + # plugins = [ + # inputs.hyprland-plugins.packages.${pkgs.system}.hyprbars + # # ... + #]; + extraConfig = '' + # Monitor configuration (Example - replace with yours) + monitor=,preferred,auto,1 + + # Execute-once startup commands (Example) + exec-once = waybar & + exec-once = nm-applet --indicator + + # Keybindings (Example) + bind = SUPER, Q, killactive, + bind = SUPER, RETURN, exec, ${pkgs.alacritty}/bin/alacritty + + # Include other settings... + # input { ... } + # general { ... } + # decoration { ... } + # animations { ... } + # etc... + + # Source other files if needed (less common with inline config) + # source = ~/.config/hypr/myColors.conf + ''; + }; + + # # Optional + # # Whether to enable hyprland-session.target on hyprland startup + # systemd.enable = true; + # }; + # # home.file.".config/hypr/hyprland.conf".text = '' + # # ''; + + home.file."containers.conf" = { + target = ".config/containers/containers.conf"; + # https://docs.podman.io/en/v4.6.0/markdown/options/security-opt.html + # https://github.com/containers/common/blob/main/docs/containers.conf.5.md + text = '' + [containers] + annotations=["run.oci.keep_original_groups=1",] + label=false + #seccomp=unconfined + ''; + }; + home.file."registries.conf" = { + target = ".config/containers/registries.conf"; + text = '' + [registries.search] + registries = ['docker.io'] + ''; + # text = '' + # [registries.search] + # registries = ['docker.io', 'registry.gitlab.com'] + # ''; + }; + home.file."policy.json" = { + target = ".config/containers/policy.json"; + text = '' + { + "default": [ + { + "type": "insecureAcceptAnything" + } + ], + "transports": + { + "docker-daemon": + { + "": [{"type":"insecureAcceptAnything"}] + } + } + } + ''; + }; + # https://mynixos.com/home-manager/options/programs.ghostty + home.file.".config/ghostty/ghostty.toml" = { + target = ".config/ghostty/ghostty.toml"; + text = '' + [window] + # Whether to show the scrollback sidebar. + sidebar = true + + # The width of the scrollback sidebar. + sidebar_width = 10 + + # Whether to show the scrollback sidebar on the left or right. + sidebar_position = "right" + ''; + }; + # https://github.com/colemickens/nixcfg/blob/1915d408ea28a5b7279f94df7a982dbf2cf692ef/mixins/ghostty.nix#L19 + + # set at flake.nix level + nixpkgs.config.allowUnfree = true; + + nixpkgs.overlays = [ overlay-unstable ]; + + #home.stateVersion = "23.11"; + home.stateVersion = "24.11"; +} diff --git a/desktop/old.l/hosts.nix b/desktop/old.l/hosts.nix new file mode 100644 index 0000000..3af6575 --- /dev/null +++ b/desktop/old.l/hosts.nix @@ -0,0 +1,17 @@ +{ config, pkgs, ... }: + +{ + networking.hosts = { + "172.16.40.198" = ["hp0" "hp0eth"]; # adi's room + "172.16.40.141" = ["hp0wifi"]; + "172.16.40.142" = ["hp1" "hp1eth"]; + "172.16.40.212" = ["hp2" "hp2eth"]; + "172.16.40.146" = ["hp3" "hp3eth"]; # savi's room + "172.16.40.130" = ["hp3wifi"]; + "172.16.50.232" = ["hp4" "hp4eth"]; # rack + "172.16.40.70" = ["hp5" "hp5eth"]; + "172.16.40.122" = ["pi5-1" "pi5-1-eth"]; + "172.16.40.62" = ["chromebox3" "chromebox3-eth"]; + "127.0.0.1" = ["redpanda-0"]; + }; +} \ No newline at end of file diff --git a/desktop/old.l/locale.nix b/desktop/old.l/locale.nix new file mode 100644 index 0000000..6a67b6f --- /dev/null +++ b/desktop/old.l/locale.nix @@ -0,0 +1,18 @@ +{ config, pkgs, ... }: + +{ + # Select internationalisation properties. + i18n.defaultLocale = "en_US.UTF-8"; + + i18n.extraLocaleSettings = { + LC_ADDRESS = "en_US.UTF-8"; + LC_IDENTIFICATION = "en_US.UTF-8"; + LC_MEASUREMENT = "en_US.UTF-8"; + LC_MONETARY = "en_US.UTF-8"; + LC_NAME = "en_US.UTF-8"; + LC_NUMERIC = "en_US.UTF-8"; + LC_PAPER = "en_US.UTF-8"; + LC_TELEPHONE = "en_US.UTF-8"; + LC_TIME = "en_US.UTF-8"; + }; +} \ No newline at end of file diff --git a/desktop/old.l/nodeExporter.nix b/desktop/old.l/nodeExporter.nix new file mode 100644 index 0000000..f26d49b --- /dev/null +++ b/desktop/old.l/nodeExporter.nix @@ -0,0 +1,27 @@ +{ + config, + pkgs, + ... +}: +{ + # https://nixos.org/manual/nixos/stable/#module-services-prometheus-exporters + # https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/services/monitoring/prometheus/default.nix + services.prometheus.exporters.node = { + enable = true; + port = 19000; + # https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/services/monitoring/prometheus/exporters.nix + enabledCollectors = [ "systemd" ]; + # /nix/store/zgsw0yx18v10xa58psanfabmg95nl2bb-node_exporter-1.8.1/bin/node_exporter --help + extraFlags = [ + "--collector.ethtool" + "--collector.softirqs" + "--collector.tcpstat" + "--collector.wifi" + "--collector.filesystem.ignored-mount-points='/nix/store'"]; + }; + + # https://search.nixos.org/options?channel=24.05&from=200&size=50&sort=relevance&type=packages&query=services.prometheus.exporters + services.prometheus.exporters.systemd.enable = true; + services.prometheus.exporters.smartctl.enable = true; + services.prometheus.exporters.process.enable = true; +} \ No newline at end of file diff --git a/desktop/old.l/original.configuration.nix b/desktop/old.l/original.configuration.nix new file mode 100644 index 0000000..d326571 --- /dev/null +++ b/desktop/old.l/original.configuration.nix @@ -0,0 +1,131 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +{ config, pkgs, ... }: + +{ + imports = + [ # Include the results of the hardware scan. + ./hardware-configuration.nix + ]; + + # Bootloader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + boot.initrd.luks.devices."luks-16f90ee0-dd9b-43de-951b-57d7b9b1f265".device = "/dev/disk/by-uuid/16f90ee0-dd9b-43de-951b-57d7b9b1f265"; + networking.hostName = "nixos"; # Define your hostname. + # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. + + # Configure network proxy if necessary + # networking.proxy.default = "http://user:password@proxy:port/"; + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + + # Enable networking + networking.networkmanager.enable = true; + + # Set your time zone. + time.timeZone = "America/Los_Angeles"; + + # Select internationalisation properties. + i18n.defaultLocale = "en_US.UTF-8"; + + i18n.extraLocaleSettings = { + LC_ADDRESS = "en_US.UTF-8"; + LC_IDENTIFICATION = "en_US.UTF-8"; + LC_MEASUREMENT = "en_US.UTF-8"; + LC_MONETARY = "en_US.UTF-8"; + LC_NAME = "en_US.UTF-8"; + LC_NUMERIC = "en_US.UTF-8"; + LC_PAPER = "en_US.UTF-8"; + LC_TELEPHONE = "en_US.UTF-8"; + LC_TIME = "en_US.UTF-8"; + }; + + # Enable the X11 windowing system. + services.xserver.enable = true; + + # Enable the GNOME Desktop Environment. + services.xserver.displayManager.gdm.enable = true; + services.xserver.desktopManager.gnome.enable = true; + + # Configure keymap in X11 + services.xserver.xkb = { + layout = "us"; + variant = ""; + }; + + # Enable CUPS to print documents. + services.printing.enable = true; + + # Enable sound with pipewire. + hardware.pulseaudio.enable = false; + security.rtkit.enable = true; + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + # If you want to use JACK applications, uncomment this + #jack.enable = true; + + # use the example session manager (no others are packaged yet so this is enabled by default, + # no need to redefine it in your config for now) + #media-session.enable = true; + }; + + # Enable touchpad support (enabled default in most desktopManager). + # services.xserver.libinput.enable = true; + + # Define a user account. Don't forget to set a password with ‘passwd’. + users.users.das = { + isNormalUser = true; + description = "das"; + extraGroups = [ "networkmanager" "wheel" ]; + packages = with pkgs; [ + # thunderbird + ]; + }; + + # Install firefox. + programs.firefox.enable = true; + + # Allow unfree packages + nixpkgs.config.allowUnfree = true; + + # List packages installed in system profile. To search, run: + # $ nix search wget + environment.systemPackages = with pkgs; [ + # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. + # wget + ]; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.mtr.enable = true; + # programs.gnupg.agent = { + # enable = true; + # enableSSHSupport = true; + # }; + + # List services that you want to enable: + + # Enable the OpenSSH daemon. + services.openssh.enable = true; + + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "24.11"; # Did you read the comment? + +} diff --git a/desktop/old.l/original.hardware-configuration.nix b/desktop/old.l/original.hardware-configuration.nix new file mode 100644 index 0000000..6608cdd --- /dev/null +++ b/desktop/old.l/original.hardware-configuration.nix @@ -0,0 +1,42 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/8722e7a6-a625-407f-9b1f-839bb52e7f8d"; + fsType = "ext4"; + }; + + boot.initrd.luks.devices."luks-67cf4e90-444f-4056-91a8-446fd6c42b09".device = "/dev/disk/by-uuid/67cf4e90-444f-4056-91a8-446fd6c42b09"; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/F732-675E"; + fsType = "vfat"; + options = [ "fmask=0077" "dmask=0077" ]; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/d762bfcb-e63b-47ad-ab8b-369c47e79833"; } + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/desktop/old.l/prometheus.nix b/desktop/old.l/prometheus.nix new file mode 100644 index 0000000..24eabca --- /dev/null +++ b/desktop/old.l/prometheus.nix @@ -0,0 +1,70 @@ +{ config, pkgs, ... }: +{ + # https://wiki.nixos.org/wiki/Prometheus + # https://nixos.org/manual/nixos/stable/#module-services-prometheus-exporters-configuration + # https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/services/monitoring/prometheus/default.nix + # default port 9090 + services.prometheus = { + enable = true; + globalConfig.scrape_interval = "10s"; # "1m" + scrapeConfigs = [ + { + job_name = "node"; + static_configs = [{ + targets = [ "localhost:${toString config.services.prometheus.exporters.node.port}" ]; + }]; + } + { + job_name = "xtcp"; + static_configs = [{ + targets = [ "localhost:9088" ]; + }]; + } + { + job_name = "hp1_xtcp"; + static_configs = [{ + targets = [ "hp1:9088" ]; + }]; + } + { + job_name = "clickhouse"; + static_configs = [{ + #targets = [ "localhost:9363" ]; + targets = [ "localhost:19363" ]; + }]; + } + { + job_name = "hp1"; + static_configs = [{ + targets = [ "hp1:${toString config.services.prometheus.exporters.node.port}" ]; + }]; + } + { + job_name = "hp1_clickhouse"; + static_configs = [{ + #targets = [ "localhost:9363" ]; + targets = [ "hp1:19363" ]; + }]; + } + { + job_name = "hp2"; + static_configs = [{ + targets = [ "hp2:${toString config.services.prometheus.exporters.node.port}" ]; + }]; + } + { + job_name = "hp2_clickhouse"; + static_configs = [{ + #targets = [ "localhost:9363" ]; + targets = [ "hp2:19363" ]; + }]; + } + #{ + # job_name = "chromebox1"; + # static_configs = [{ + # targets = [ "172.16.40.179:9105" ]; + # }]; + #} + ]; + }; +} \ No newline at end of file diff --git a/desktop/old.l/root.id_ed25519.pub b/desktop/old.l/root.id_ed25519.pub new file mode 100644 index 0000000..4176adb --- /dev/null +++ b/desktop/old.l/root.id_ed25519.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIBUWTELKL25XhSi+le+KNqaeAQvZ4Sh0/+lmRpiJzKn root@l diff --git a/desktop/old.l/root_ssh_config b/desktop/old.l/root_ssh_config new file mode 100644 index 0000000..6bea619 --- /dev/null +++ b/desktop/old.l/root_ssh_config @@ -0,0 +1,21 @@ +host hp4 hp4.home + user remotebuild + IdentityFile ~/.ssh/remotebuild + ServerAliveInterval 10 + Protocol 2 + #UseRoaming no + ForwardAgent yes + # Modern Key Exchange Algorithms (Kex) - Prioritizes Post-Quantum (if available) and Curve25519 + KexAlgorithms sntrup761x25519-sha512@openssh.com,curve25519-sha256@libssh.org,curve25519-sha256,diffie-hellman-group-exchange-sha256 + # Modern Ciphers - Prioritizes ChaCha20 and AES-GCM (Authenticated Encryption) + Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com + # Modern MACs - Prioritizes Encrypt-then-MAC (EtM) modes + MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com + # temp hmac-md5 + #MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-md5 + ControlMaster auto + ControlPath ~/.ssh/master-%r@%h:%p + ControlPersist 10m + Compression yes + Connecttimeout 10 + HashKnownHosts no \ No newline at end of file diff --git a/desktop/old.l/sysctl.nix b/desktop/old.l/sysctl.nix new file mode 100644 index 0000000..de472c7 --- /dev/null +++ b/desktop/old.l/sysctl.nix @@ -0,0 +1,55 @@ +{ config, pkgs, ... }: + +{ + # https://www.kernel.org/doc/html/latest/networking/ip-sysctl.html + # https://www.l4sgear.com/ + boot.kernel.sysctl = { + # detect dead connections more quickly + "net.ipv4.tcp_keepalive_intvl" = 30; + #net.ipv4.tcp_keepalive_intvl = 75 + "net.ipv4.tcp_keepalive_probes" = 4; + #net.ipv4.tcp_keepalive_probes = 9 + "net.ipv4.tcp_keepalive_time" = 120; + #net.ipv4.tcp_keepalive_time = 7200 + # 30 * 4 = 120 seconds. / 60 = 2 minutes + # default: 75 seconds * 9 = 675 seconds. /60 = 11.25 minutes + "net.ipv4.tcp_rmem" = "4096 1000000 16000000"; + "net.ipv4.tcp_wmem" = "4096 1000000 16000000"; + #net.ipv4.tcp_rmem = 4096 131072 6291456 + #net.ipv4.tcp_wmem = 4096 16384 4194304 + # https://github.com/torvalds/linux/blob/master/Documentation/networking/ip-sysctl.rst?plain=1#L1042 + # https://lwn.net/Articles/560082/ + "net.ipv4.tcp_notsent_lowat" = "131072"; + #net.ipv4.tcp_notsent_lowat = 4294967295 + # enable Enable reuse of TIME-WAIT sockets globally + "net.ipv4.tcp_tw_reuse" = 1; + #net.ipv4.tcp_tw_reuse=2 + "net.ipv4.tcp_timestamps" = 1; + "net.ipv4.tcp_ecn" = 1; + "net.core.default_qdisc" = "cake"; + "net.ipv4.tcp_congestion_control" = "cubic"; + #net.ipv4.tcp_congestion_control=bbr + "net.core.rmem_default" = 26214400; + "net.core.rmem_max" = 26214400; + "net.core.wmem_default" = 26214400; + "net.core.wmem_max" = 26214400; + #net.core.optmem_max = 20480 + #net.core.rmem_default = 212992 + #net.core.rmem_max = 212992 + #net.core.wmem_default = 212992 + #net.core.wmem_max = 212992 + "net.ipv4.ip_local_port_range" = "1025 65535"; + #net.ipv4.ip_local_port_range ="32768 60999" + # + #net.ipv4.inet_peer_maxttl = 600 + #net.ipv4.inet_peer_minttl = 120 + #net.ipv4.ip_default_ttl = 64 + # we DO want to save the slow start in the route cache + "net.ipv4.tcp_no_ssthresh_metrics_save" = 0; + #net.ipv4.tcp_no_ssthresh_metrics_save = 1 + "net.ipv4.tcp_reflect_tos" = 1; + #net.ipv4.tcp_reflect_tos = 0 + "net.ipv4.tcp_rto_min_us" = 50000; #50ms + #net.ipv4.tcp_rto_min_us = 200000 #200ms + }; +} \ No newline at end of file diff --git a/desktop/old.l/systemPackages.nix b/desktop/old.l/systemPackages.nix new file mode 100644 index 0000000..c9fa23e --- /dev/null +++ b/desktop/old.l/systemPackages.nix @@ -0,0 +1,47 @@ +{ + config, + pkgs, + ... +}: +{ + # set at flake.nix level + nixpkgs.config.allowUnfree = true; + + # $ nix search wget + environment.systemPackages = with pkgs; [ + # Basic system tools + psmisc + vim + curl + wget + tcpdump + iproute2 + nftables + iptables + pciutils + usbutils + iw + wirelesstools + wpa_supplicant + lldpd + #snmp seems to be needed by lldpd + net-snmp + neofetch + libxml2 # Added for bazel/clang development + + # Wayland support + xwayland + meson + wayland-protocols + wayland-utils + wl-clipboard + + xscreensaver + + clinfo + lact + + # https://wiki.nixos.org/wiki/Flameshot + #(flameshot.override { enableWlrSupport = true; }) + ]; +} diff --git a/desktop/old.l/wireless_desktop.nix b/desktop/old.l/wireless_desktop.nix new file mode 100644 index 0000000..c8f4a68 --- /dev/null +++ b/desktop/old.l/wireless_desktop.nix @@ -0,0 +1,20 @@ +{ config, pkgs, ... }: + +{ + # networking.proxy.default = "http://user:password@proxy:port/"; + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + + networking = { + networkmanager = { + enable = true; + #wifi.powersave = true; + wifi.powersave = false; + }; + }; + + #networking.hosts = { + # "172.16.50.216" = ["hp0"]; + # "172.16.40.35" = ["hp1"]; + # "172.16.40.71" = ["hp2"]; + #}; +} \ No newline at end of file diff --git a/hostapd/Makefile b/hostapd/Makefile new file mode 100644 index 0000000..13d2ac6 --- /dev/null +++ b/hostapd/Makefile @@ -0,0 +1,24 @@ +# +# nixos/hostapd/Makefile +# +EXPECTED_HOSTNAME := l2 + +ACTUAL_HOSTNAME := $(shell hostname) + +all: check_hostname rebuild + +check_hostname: +ifeq ($(ACTUAL_HOSTNAME),$(EXPECTED_HOSTNAME)) + @echo "Hostnames match: $(ACTUAL_HOSTNAME)" +else + @echo "Error: Hostname does not match. Expected: $(EXPECTED_HOSTNAME), Got: $(ACTUAL_HOSTNAME)" + @exit 1 +endif + +rebuild: + sudo nixos-rebuild switch --flake . + +update: + sudo nix flake update; + +# end \ No newline at end of file diff --git a/hostapd/flake.lock b/hostapd/flake.lock new file mode 100644 index 0000000..58966e9 --- /dev/null +++ b/hostapd/flake.lock @@ -0,0 +1,27 @@ +{ + "nodes": { + "nixpkgs": { + "locked": { + "lastModified": 1750776420, + "narHash": "sha256-/CG+w0o0oJ5itVklOoLbdn2dGB0wbZVOoDm4np6w09A=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "30a61f056ac492e3b7cdcb69c1e6abdcf00e39cf", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "nixpkgs": "nixpkgs" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/hostapd/flake.nix b/hostapd/flake.nix new file mode 100644 index 0000000..4e250fe --- /dev/null +++ b/hostapd/flake.nix @@ -0,0 +1,45 @@ +# +# nixos/hostapd/flake.nix +# +{ + description = "NixOS with hostapd 2.10 + patch"; + + inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; + + outputs = { self, nixpkgs }: { + nixosConfigurations.l2 = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + + pkgs = import nixpkgs { + system = "x86_64-linux"; + overlays = [ + (final: prev: { + hostapd = prev.hostapd.overrideDerivation (old: { + version = "2.10"; + src = final.fetchurl { + url = "https://w1.fi/releases/hostapd-2.10.tar.gz"; + sha256 = "0pcik0a6yin9nib02frjhaglmg44hwik086iwg1751b7kdwpqvi0"; + }; + patches = (old.patches or []) ++ [ + (final.fetchpatch { + url = "https://tildearrow.org/storage/hostapd-2.10-lar.patch"; + sha256 = "USiHBZH5QcUJfZSxGoFwUefq3ARc4S/KliwUm8SqvoI="; + }) + ]; + }); + }) + ]; + config.allowUnfree = true; + }; + + modules = [ + ({ config, pkgs, ... }: { + environment.systemPackages = [ pkgs.hostapd ]; + services.hostapd.enable = false; + }) + ]; + }; + }; +} + +# end \ No newline at end of file diff --git a/hp/hp1/Makefile b/hp/hp1/Makefile index ed8a6dc..977cc7c 100644 --- a/hp/hp1/Makefile +++ b/hp/hp1/Makefile @@ -30,8 +30,11 @@ rebuild_trace: update: sudo nix flake update; +update_flake: + sudo nix --extra-experimental-features nix-command --extra-experimental-features flakes flake update + sync: - rsync -av /home/das/nixos/hp/hp1/ hp1:/home/das/nixos/hp/hp1/ + rsync -av /home/das/nixos/hp/"${EXPECTED_HOSTNAME}"/ "${EXPECTED_HOSTNAME}":/home/das/nixos/hp/"${EXPECTED_HOSTNAME}"/ #rsync -av /home/das/nixos/modules/ hp1:/home/das/nixos/modules/ # https://nixos.wiki/wiki/Kubernetes#reset_to_a_clean_state diff --git a/hp/hp1/configuration.nix b/hp/hp1/configuration.nix index 629c57c..4fe5180 100644 --- a/hp/hp1/configuration.nix +++ b/hp/hp1/configuration.nix @@ -1,3 +1,6 @@ +# +# hp/hp1/configuration.nix +# { config, pkgs, ... }: # https://nixos.wiki/wiki/FAQ#How_can_I_install_a_package_from_unstable_while_remaining_on_the_stable_channel.3F @@ -60,17 +63,28 @@ }; nix = { + settings = { + auto-optimise-store = true; + experimental-features = [ "nix-command" "flakes" ]; + download-buffer-size = "100000000"; + builders-use-substitutes = true; + }; + # https://nix.dev/tutorials/nixos/distributed-builds-setup.html#set-up-distributed-builds + distributedBuilds = true; + buildMachines = [{ + hostName = "hp4"; + sshUser = "remotebuild"; + #sshKey = "/root/.ssh/remotebuild"; + sshKey = "/home/das/.ssh/remotebuild"; + system = pkgs.stdenv.hostPlatform.system; + supportedFeatures = [ "nixos-test" "big-parallel" "kvm" ]; + }]; gc = { automatic = true; # Enable automatic execution of the task dates = "weekly"; # Schedule the task to run weekly options = "--delete-older-than 10d"; # Specify options for the task: delete files older than 10 days randomizedDelaySec = "14m"; # Introduce a randomized delay of up to 14 minutes before executing the task }; - settings = { - auto-optimise-store = true; - experimental-features = [ "nix-command" "flakes" ]; - download-buffer-size = "100000000"; - }; }; # find /run/opengl-driver -name "libamfrt64.so.1" @@ -102,9 +116,6 @@ # Set your time zone. time.timeZone = "America/Los_Angeles"; - # Enable touchpad support (enabled default in most desktopManager). - # services.xserver.libinput.enable = true; - environment.sessionVariables = { TERM = "xterm-256color"; #MY_VARIABLE = "my-value"; @@ -121,9 +132,24 @@ # https://nixos.wiki/wiki/SSH_public_key_authentication openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGMCFUMSCFJX95eLfm7P9r72NBp9I1FiXwNwJ+x/HGPV das@t" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOP3x3r8OZ5ya1GNLqmKOsKDX7oAR+BG9u4EozXvydtC das@hp0" ]; }; + # # https://github.com/colemickens/nixcfg/blob/1915d408ea28a5b7279f94df7a982dbf2cf692ef/mixins/ssh.nix#L13C1-L28C7 + # system.activationScripts.root_ssh_config = { + # text = '' + # ( + # # symlink root ssh config to ours so daemon can use our agent/keys/etc... + # mkdir -p /root/.ssh + # ln -sf /home/das/.ssh/config /root/.ssh/config + # ln -sf /home/das/.ssh/known_hosts /root/.ssh/known_hosts + # ln -sf /home/das/.ssh/known_hosts /root/.ssh/known_hosts + # ) + # ''; + # deps = [ ]; + # }; + # Some programs need SUID wrappers, can be configured further or are # started in user sessions. # programs.mtr.enable = true; @@ -136,6 +162,8 @@ enableSSHSupport = true; }; + + # https://nixos.wiki/wiki/SSH services.openssh.enable = true; services.timesyncd.enable = true; diff --git a/hp/hp1/flake.lock b/hp/hp1/flake.lock index 41141bb..0e1e1f0 100644 --- a/hp/hp1/flake.lock +++ b/hp/hp1/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1736373539, - "narHash": "sha256-dinzAqCjenWDxuy+MqUQq0I4zUSfaCvN9rzuCmgMZJY=", + "lastModified": 1744743431, + "narHash": "sha256-iyn/WBYDc7OtjSawbegINDe/gIkok888kQxk3aVnkgg=", "owner": "nix-community", "repo": "home-manager", - "rev": "bd65bc3cde04c16755955630b344bc9e35272c56", + "rev": "c61bfe3ae692f42ce688b5865fac9e0de58e1387", "type": "github" }, "original": { @@ -23,11 +23,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1736549401, - "narHash": "sha256-ibkQrMHxF/7TqAYcQE+tOnIsSEzXmMegzyBWza6uHKM=", + "lastModified": 1744440957, + "narHash": "sha256-FHlSkNqFmPxPJvy+6fNLaNeWnF1lZSgqVCl/eWaJRc4=", "owner": "nixos", "repo": "nixpkgs", - "rev": "1dab772dd4a68a7bba5d9460685547ff8e17d899", + "rev": "26d499fc9f1d567283d5d56fcf367edd815dba1d", "type": "github" }, "original": { diff --git a/hp/hp1/flake.nix b/hp/hp1/flake.nix index 4ff9a24..bee279a 100644 --- a/hp/hp1/flake.nix +++ b/hp/hp1/flake.nix @@ -16,6 +16,15 @@ }; }; + nixConfig = { + extra-substituters = [ + "http://hp4:5000" + ]; + extra-trusted-public-keys = [ + "hp4:YkYI70Fsy07fHWdh++V82b5Lgz03J9oE3KcIiFaJg8w=" + ]; + }; + outputs = inputs@{ nixpkgs, home-manager, ... }: let system = "x86_64-linux"; diff --git a/hp/hp1/home.nix b/hp/hp1/home.nix index 04795b4..9402a9a 100644 --- a/hp/hp1/home.nix +++ b/hp/hp1/home.nix @@ -136,6 +136,57 @@ #signing.signByDefault = true; }; + # https://github.com/nix-community/home-manager/blob/master/modules/programs/ssh.nix + # https://mynixos.com/home-manager/options/programs.ssh + # programs.ssh = { + # enable = true; + # # controlPath = "~/.ssh/control/master-%r@%h:%p"; + # # controlPersist = "10m"; + # # compression = true; + # # serverAliveInterval = 5; + # extraConfig = '' + # Host hp4 + # User remotebuild + # IdentityFile ~/.ssh/remotebuild + # Host * + # User das + # KeepAlive yes + # ServerAliveInterval 10 + # Protocol 2 + # #UseRoaming no + # ForwardAgent yes + # KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256 + # Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr + # # temp hmac-md5 + # #MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-md5 + # MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256 + # ControlMaster auto + # ControlPath ~/.ssh/master-%r@%h:%p + # ControlPersist 10m + # Compression yes + # Connecttimeout 10 + # HashKnownHosts no + # ''; + + # matchBlocks = { + # "hp4" = { + # #hostname = "localhost"; + # #port = 2222; + # #identityFile = remotebuild; + # }; + # "*" = { + # # everything sucks about SSH_AUTH_SOCK, so let's just control + # # it and what it points to directly + # User = "das"; + # KeepAlive = "yes"; + # ServerAliveInterval = 10; + # Protocol = 2; + # }; + # }; + #}; + #aws ssh example + #https://discourse.nixos.org/t/is-there-a-nix-way-to-configure-ssh-server-connections/28033/7?u=randomizedcoder + nixpkgs.config.allowUnfree = true; programs.home-manager.enable = true; diff --git a/hp/hp1/hosts.nix b/hp/hp1/hosts.nix index 3af6575..b60a4f0 100644 --- a/hp/hp1/hosts.nix +++ b/hp/hp1/hosts.nix @@ -12,6 +12,5 @@ "172.16.40.70" = ["hp5" "hp5eth"]; "172.16.40.122" = ["pi5-1" "pi5-1-eth"]; "172.16.40.62" = ["chromebox3" "chromebox3-eth"]; - "127.0.0.1" = ["redpanda-0"]; }; } \ No newline at end of file diff --git a/hp/hp1/root_ssh_config b/hp/hp1/root_ssh_config new file mode 100644 index 0000000..6bea619 --- /dev/null +++ b/hp/hp1/root_ssh_config @@ -0,0 +1,21 @@ +host hp4 hp4.home + user remotebuild + IdentityFile ~/.ssh/remotebuild + ServerAliveInterval 10 + Protocol 2 + #UseRoaming no + ForwardAgent yes + # Modern Key Exchange Algorithms (Kex) - Prioritizes Post-Quantum (if available) and Curve25519 + KexAlgorithms sntrup761x25519-sha512@openssh.com,curve25519-sha256@libssh.org,curve25519-sha256,diffie-hellman-group-exchange-sha256 + # Modern Ciphers - Prioritizes ChaCha20 and AES-GCM (Authenticated Encryption) + Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com + # Modern MACs - Prioritizes Encrypt-then-MAC (EtM) modes + MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com + # temp hmac-md5 + #MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-md5 + ControlMaster auto + ControlPath ~/.ssh/master-%r@%h:%p + ControlPersist 10m + Compression yes + Connecttimeout 10 + HashKnownHosts no \ No newline at end of file diff --git a/hp/hp1/test_distributed_build.md b/hp/hp1/test_distributed_build.md new file mode 100644 index 0000000..b2bdddf --- /dev/null +++ b/hp/hp1/test_distributed_build.md @@ -0,0 +1,5 @@ + + +nix-build --max-jobs 0 -E << EOF +(import {}).writeText "test" "$(date)" +EOF \ No newline at end of file diff --git a/hp/hp4/Makefile b/hp/hp4/Makefile index de94510..2756e0c 100644 --- a/hp/hp4/Makefile +++ b/hp/hp4/Makefile @@ -1,5 +1,5 @@ # -# nixos/hp4/Makefile +# nixos/hp/hp4/Makefile # EXPECTED_HOSTNAME := hp4 @@ -16,14 +16,25 @@ else endif rebuild: - sudo cp /home/das/nixos/modules/* /etc/nixos/ - sudo cp ./*.nix /etc/nixos/ - sudo nix-channel --update - sudo nixos-rebuild switch + #sudo cp /home/das/nixos/modules/* /etc/nixos/ + #sudo cp ./*.nix /etc/nixos/ + #sudo nix-channel --update + #sudo nixos-rebuild switch + #sudo nix-channel --update; + sudo nixos-rebuild switch --flake . + +rebuild_trace: + sudo nixos-rebuild switch --show-trace --flake . + +update: + sudo nix flake update; + +update_flake: + sudo nix --extra-experimental-features nix-command --extra-experimental-features flakes flake update sync: - rsync -av /home/das/nixos/hp/hp4/ hp4:/home/das/nixos/hp4/ - rsync -av /home/das/nixos/modules/ hp4:/home/das/nixos/modules/ + rsync -av /home/das/nixos/hp/"${EXPECTED_HOSTNAME}"/ "${EXPECTED_HOSTNAME}":/home/das/nixos/hp/"${EXPECTED_HOSTNAME}"/ + #rsync -av /home/das/nixos/modules/ hp1:/home/das/nixos/modules/ # https://nixos.wiki/wiki/Kubernetes#reset_to_a_clean_state nuke_k8s: check_hostname delete_k8s @@ -32,6 +43,12 @@ delete_k8s: sudo rm -rf /var/lib/kubernetes/ /var/lib/etcd/ /var/lib/cfssl/ /var/lib/kubelet/ sudo rm -rf /etc/kube-flannel/ /etc/kubernetes/ +nuke_k3s: check_hostname delete_k3s + +delete k3s: + sudo rm -rf /var/lib/rancher/k3s/ /etc/rancher/k3s + k3s-killall.sh + create_cert: # Generate private key openssl genrsa -out /var/lib/kubernetes/secrets/cluster-admin.pem 4096 @@ -42,6 +59,16 @@ create_cert: # Issue certificate openssl ca -config ./openssl_ca_config -in /var/lib/kubernetes/secrets/cluster-admin.csr -out /var/lib/kubernetes/secrets/cluster-admin.crt -days 365 -notext -batch +# https://nixos.wiki/wiki/Binary_Cache +# curl http://localhost:5000/nix-cache-info +setup_nix_serve: + cd /var + nix-store --generate-binary-cache-key hp4 cache-priv-key.pem cache-pub-key.pem + chown nix-serve cache-priv-key.pem + chmod 600 cache-priv-key.pem + cat cache-pub-key.pem +copy_lock: + scp hp4:/home/das/nixos/hp/hp4/flake.lock ./ # end diff --git a/hp/hp4/athens.nix b/hp/hp4/athens.nix new file mode 100644 index 0000000..813bbc6 --- /dev/null +++ b/hp/hp4/athens.nix @@ -0,0 +1,20 @@ +{ pkgs, config, ... }: +{ + services.athens = { + enable = true; + #openFirewall = true; # this doesn't exist any more? + port = 8888; + logLevel = "debug"; + # storageType = "disk"; # disk is default + # diskStorageRoot = "/var/lib/athens"; + #goBinary = unstable.go; + # https://mynixos.com/nixpkgs/option/services.athens.goBinary + goGetWorkers = 32; # default 10 + indexType = "memory"; # default none + statsExporter = "prometheus"; + }; + # https://mynixos.com/nixpkgs/options/services.athens + # https://github.com/ditsuke/nixpkgs-compat/blob/master/nixos/modules/services/development/athens.md + # https://github.com/ditsuke/nixpkgs-compat/blob/master/nixos/modules/services/development/athens.nix + # journalctl -u athens.service -f +} \ No newline at end of file diff --git a/hp/hp4/authorizedKeys b/hp/hp4/authorizedKeys new file mode 100644 index 0000000..f81fd33 --- /dev/null +++ b/hp/hp4/authorizedKeys @@ -0,0 +1,2 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINjiY/MIQUyp58JXt+fuy1mQWCZfFhbYoRK6jJN5ZxeV root@t +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMO7liZykpeI/ggPRBXQswdLAZWNWj+h8QA3hzQLi0ai das@hp1 diff --git a/hp/hp4/cache-pub-key.pem b/hp/hp4/cache-pub-key.pem new file mode 100644 index 0000000..6f3ab1f --- /dev/null +++ b/hp/hp4/cache-pub-key.pem @@ -0,0 +1 @@ +hp4:YkYI70Fsy07fHWdh++V82b5Lgz03J9oE3KcIiFaJg8w= \ No newline at end of file diff --git a/hp/hp4/configuration.nix b/hp/hp4/configuration.nix index 098516b..ce74630 100644 --- a/hp/hp4/configuration.nix +++ b/hp/hp4/configuration.nix @@ -1,6 +1,6 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). +# +# hp/hp4/configuration.nix +# # sudo nixos-rebuild switch # sudo nix-channel --update @@ -8,7 +8,7 @@ # nmcli device wifi connect MYSSID password PWORD # systemctl restart display-manager.service -{ config, pkgs, ... }: +{ config, pkgs, lib, ... }: # https://nixos.wiki/wiki/FAQ#How_can_I_install_a_package_from_unstable_while_remaining_on_the_stable_channel.3F # https://discourse.nixos.org/t/differences-between-nix-channels/13998 @@ -18,35 +18,89 @@ imports = [ # Include the results of the hardware scan. ./hardware-configuration.nix - # sudo nix-channel --add https://github.com/nix-community/home-manager/archive/release-23.11.tar.gz home-manager + # sudo nix-channel --add https://github.com/nix-community/home-manager/archive/release-24.11.tar.gz home-manager # sudo nix-channel --update - + # tutorial + # https://nixos-and-flakes.thiscute.world/nixos-with-flakes/start-using-home-manager + # # ./sysctl.nix - ./wireless.nix + # ./wireless.nix ./hosts.nix ./firewall.nix ./il8n.nix #./systemdSystem.nix ./systemPackages.nix - ./home-manager.nix + # home manager is imported by the flake + #./home.nix ./nodeExporter.nix ./prometheus.nix ./grafana.nix - #./trafficserver.nix + ./docker-daemon.nix + #./k8s_master.nix + #./k8s_node.nix + #./k3s_master.nix + #./k3s_node.nix + ./systemd.services.ethtool-enp1s0f0.nix + ./systemd.services.ethtool-enp1s0f1.nix + ./nginx.nix + ./trafficserver.nix + ./athens.nix + ./remote-builder.nix + ./services.ssh.nix ]; + # Bootloader. + boot = { + loader.systemd-boot = { + enable = true; + #consoleMode = "max"; # Sets the console mode to the highest resolution supported by the firmware. + memtest86.enable = true; + }; + + loader.efi.canTouchEfiVariables = true; + + # https://nixos.wiki/wiki/AMD_GPU + #initrd.kernelModules = [ "amdgpu" ]; + + # https://nixos.wiki/wiki/Linux_kernel + kernelPackages = pkgs.linuxPackages_latest; + #boot.kernelPackages = pkgs.linuxPackages_rpi4 + }; + # https://nixos.wiki/wiki/Nix_Cookbook - nix.gc.automatic = true; - nix.settings.auto-optimise-store = true; + nix = { + nrBuildUsers = 64; + settings = { + auto-optimise-store = true; + #experimental-features = [ "nix-command" "flakes" ]; + experimental-features = [ "nix-command" "flakes" "configurable-impure-env" ]; + #impure-env = "GOPROXY=http://localhost:3000"; + impure-env = "GOPROXY=http://localhost:8888"; - # Bootloader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; + download-buffer-size = "100000000"; + + # https://nix.dev/tutorials/nixos/distributed-builds-setup.html#set-up-the-remote-builder + # https://nix.dev/tutorials/nixos/distributed-builds-setup.html#optimise-the-remote-builder-configuration + # https://nix.dev/manual/nix/2.23/command-ref/conf-file + #trusted-users = [ "remotebuild" ]; # this moved to remote-builder.nix + + min-free = 10 * 1024 * 1024; + max-free = 200 * 1024 * 1024; + max-jobs = "auto"; + cores = 0; + + #nix.settings.experimental-features = [ "configurable-impure-env" ]; + #nix.settings.impure-env = "GOPROXY=http://localhost:3000"; + }; - # https://nixos.wiki/wiki/Linux_kernel - boot.kernelPackages = pkgs.linuxPackages_latest; - #boot.kernelPackages = pkgs.linuxPackages_rpi4 + gc = { + automatic = true; # Enable automatic execution of the task + dates = "weekly"; # Schedule the task to run weekly + options = "--delete-older-than 10d"; # Specify options for the task: delete files older than 10 days + randomizedDelaySec = "14m"; # Introduce a randomized delay of up to 14 minutes before executing the task + }; + }; # https://nixos.wiki/wiki/Networking # https://nlewo.github.io/nixos-manual-sphinx/configuration/ipv4-config.xml.html @@ -74,9 +128,6 @@ # Set your time zone. time.timeZone = "America/Los_Angeles"; - # Enable touchpad support (enabled default in most desktopManager). - # services.xserver.libinput.enable = true; - environment.sessionVariables = { TERM = "xterm-256color"; #MY_VARIABLE = "my-value"; @@ -87,7 +138,7 @@ users.users.das = { isNormalUser = true; description = "das"; - extraGroups = [ "wheel" "networkmanager" "libvirtd" ]; + extraGroups = [ "wheel" "libvirtd" "docker" "kubernetes" "video" ]; packages = with pkgs; [ ]; # https://nixos.wiki/wiki/SSH_public_key_authentication @@ -140,12 +191,77 @@ enableSSHSupport = true; }; - # https://nixos.wiki/wiki/SSH - services.openssh = { + # # https://nixos.wiki/wiki/SSH + # # https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/networking/ssh/sshd.nix + # # https://github.com/NixOS/nixpkgs/blob/47457869d5b12bdd72303d6d2ba4bfcc26fe8531/nixos/modules/services/security/sshguard.nix + # services.openssh = { + # enable = true; + # openFirewall = true; + # settings = { + # # default key algos: https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/networking/ssh/sshd.nix#L546 + # # KexAlgorithms = [ + # # "mlkem768x25519-sha256" + # # "sntrup761x25519-sha512" + # # "sntrup761x25519-sha512@openssh.com" + # # "curve25519-sha256" + # # "curve25519-sha256@libssh.org" + # # "diffie-hellman-group-exchange-sha256" + # # ]; + # Ciphers = [ + # "chacha20-poly1305@openssh.com" + # "aes256-gcm@openssh.com" + # "aes128-gcm@openssh.com" + # # shortned default list + # ]; + # Macs = [ + # "hmac-sha2-512-etm@openssh.com" + # "hmac-sha2-256-etm@openssh.com" + # "umac-128-etm@openssh.com" + # ]; + # # HostKeyAlgorithms = [ + # # "ssh-ed25519-cert-v01@openssh.com" + # # "sk-ssh-ed25519-cert-v01@openssh.com" + # # "rsa-sha2-512-cert-v01@openssh.com" + # # "rsa-sha2-256-cert-v01@openssh.com" + # # "ssh-ed25519" + # # "sk-ssh-ed25519@openssh.com" + # # "rsa-sha2-512" + # # "rsa-sha2-256" + # # ]; + # UsePAM = true; + # KbdInteractiveAuthentication = true; + # PermitRootLogin = "prohibit-password"; + # PasswordAuthentication = false; + # ChallengeResponseAuthentication = false; + # X11Forwarding = false; + # GatewayPorts = "no"; + # }; + # }; + + # services.sshguard.enable = true; + + # search for serivces url + #https://github.com/search?q=repo%3ANixOS%2Fnixpkgs+path%3A%2F%5Enixos%5C%2Fmodules%5C%2Fservices%5C%2F%2F+openssh&type=code + + services.timesyncd.enable = true; + + services.fstrim.enable = true; + + services.nix-serve = { enable = true; - settings = { - PermitRootLogin = "yes"; # TODO DISABLE THIS!!! - }; + openFirewall = true; + secretKeyFile = "/var/cache-priv-key.pem"; + }; + + systemd.services.nix-daemon.serviceConfig = { + MemoryAccounting = true; + MemoryMax = "90%"; + OOMScoreAdjust = 500; + }; + + services.pdns-recursor = { + enable = true; + # openFirewall = false; # Default }; # This value determines the NixOS release from which the default @@ -160,5 +276,13 @@ # programs.virt-manager.enable = true; # services.qemuGuest.enable = true; + nixpkgs.config = { + allowUnfree = true; + # permittedInsecurePackages = [ + # "squid-6.10" + # ]; + }; + # services.squid.enable = true; + # https://wiki.nixos.org/wiki/Laptop } diff --git a/hp/hp4/docker-daemon.nix b/hp/hp4/docker-daemon.nix new file mode 100644 index 0000000..fe72a86 --- /dev/null +++ b/hp/hp4/docker-daemon.nix @@ -0,0 +1,27 @@ + +{ config, pkgs, ... }: + +{ + # https://nixos.wiki/wiki/Docker + # https://search.nixos.org/options?from=0&size=50&sort=alpha_asc&query=virtualisation.docker + # https://search.nixos.org/options?channel=24.05&show=virtualisation.docker.extraOptions&from=0&size=50&sort=alpha_asc&type=packages&query=virtualisation.docker + # https://github.com/NixOS/nixpkgs/issues/68349 + virtualisation.docker.enable = true; + virtualisation.docker.daemon.settings = { + data-root = "/home/das/docker/"; + userland-proxy = false; + experimental = true; + ipv6 = true; + fixed-cidr-v6 = "fd00::/80"; + metrics-addr = "0.0.0.0:9323"; + # log-driver = "json-file"; + # log-opts.max-size = "10m"; + # log-opts.max-file = "10"; + }; + #this doesn't work + #virtualisation.docker.daemon.settings.log-opts.max-size = "10m"; + # https://docs.docker.com/reference/cli/dockerd/ + #virtualisation.docker.extraOptions = "--userland-proxy=false"; + #virtualisation.docker.extraOptions = "--log-opt=max-size=10m"; + #virtualisation.docker.extraOptions = "--ipv6"; +} \ No newline at end of file diff --git a/hp/hp4/firewall.nix b/hp/hp4/firewall.nix new file mode 100644 index 0000000..44cdaed --- /dev/null +++ b/hp/hp4/firewall.nix @@ -0,0 +1,44 @@ +{ config, pkgs, ... }: + +{ + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + # https://nixos.wiki/wiki/Firewall + # https://scvalex.net/posts/54/ + # sudo nft --stateless list table filter + # sudo sudo iptables-save + networking.firewall = { + enable = false; + allowedTCPPorts = [ + #22 # ssh + 3000 # grafana + 3128 # TrafficServer Forward Proxy + #5000 # opened by services.nix-serve.openFirewall = true; + 5001 # iperf2 + 8080 # Nginx reverse proxy + 8443 # Nginx reverse proxy TLS + 8888 # athens + 9090 # prometheus + # 9100 is opened by services.prometheus.exporters.node.openFirewall = true; + # 9113 is opened by services.prometheus.exporters.nginx.openFirewall = true; + ]; + allowedUDPPorts = [ + 161 # SNMP (No openFirewall option in definition) + ]; + # allowedTCPPorts = [ 22 5001 ]; + # #allowedUDPPortRanges = [ + # # { from = 4000; to = 4007; } + # # { from = 8000; to = 8010; } + # #]; + # NixOS automagically creates stateful connection tracking, which we don't want + # for performance reasons + # extraCommands = '' + # iptables --delete nixos-fw -m conntrack --ctstate RELATED,ESTABLISHED -j nixos-fw-accept || true + # ''; + }; + # networking.firewall.interfaces."eth0".allowedTCPPorts = [ 80 443 ]; +} \ No newline at end of file diff --git a/hp/hp4/flake.lock b/hp/hp4/flake.lock new file mode 100644 index 0000000..fe285b9 --- /dev/null +++ b/hp/hp4/flake.lock @@ -0,0 +1,66 @@ +{ + "nodes": { + "home-manager": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1746171682, + "narHash": "sha256-EyXUNSa+H+YvGVuQJP1nZskXAowxKYp79RNUsNdQTj4=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "50eee705bbdbac942074a8c120e8194185633675", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "release-24.11", + "repo": "home-manager", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1746183838, + "narHash": "sha256-kwaaguGkAqTZ1oK0yXeQ3ayYjs8u/W7eEfrFpFfIDFA=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "bf3287dac860542719fe7554e21e686108716879", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-24.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-unstable": { + "locked": { + "lastModified": 1746141548, + "narHash": "sha256-IgBWhX7A2oJmZFIrpRuMnw5RAufVnfvOgHWgIdds+hc=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "f02fddb8acef29a8b32f10a335d44828d7825b78", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "home-manager": "home-manager", + "nixpkgs": "nixpkgs", + "nixpkgs-unstable": "nixpkgs-unstable" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/hp/hp4/flake.nix b/hp/hp4/flake.nix new file mode 100644 index 0000000..64b9a60 --- /dev/null +++ b/hp/hp4/flake.nix @@ -0,0 +1,59 @@ +{ + description = "HP4 Flake"; + + # https://nix.dev/manual/nix/2.24/command-ref/new-cli/nix3-flake.html#flake-inputs + inputs = { + nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11"; + nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; + + # https://nixos-and-flakes.thiscute.world/nixos-with-flakes/start-using-home-manager + home-manager = { + url = "github:nix-community/home-manager/release-24.11"; + # The `follows` keyword in inputs is used for inheritance. + # Here, `inputs.nixpkgs` of home-manager is kept consistent with + # the `inputs.nixpkgs` of the current flake, + # to avoid problems caused by different versions of nixpkgs. + inputs.nixpkgs.follows = "nixpkgs"; + }; + }; + + outputs = inputs@{ nixpkgs, nixpkgs-unstable, home-manager, ... }: + let + system = "x86_64-linux"; + pkgs = import nixpkgs { + inherit system; + config = { allowUnfree = true; }; + }; + # https://nixos.wiki/wiki/Flakes#Importing_packages_from_multiple_channels + # overlay-unstable = final: prev: { + # unstable = nixpkgs-unstable.legacyPackages.${prev.system}; + # }; + overlay-unstable = final: prev: { + unstable = import nixpkgs-unstable { + inherit system; + config = { allowUnfree = true; }; + }; + }; + lib = nixpkgs.lib; + in { + nixosConfigurations = { + hp4 = lib.nixosSystem { + #system ="x86_64-linux"; + inherit system; + modules = [ + ({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay-unstable ]; }) + ./configuration.nix + home-manager.nixosModules.home-manager + { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.users.das = import ./home.nix; + + # Optionally, use home-manager.extraSpecialArgs to pass + # arguments to home.nix + } + ]; + }; + }; + }; +} diff --git a/hp/hp4/grafana.nix b/hp/hp4/grafana.nix new file mode 100644 index 0000000..cf1b428 --- /dev/null +++ b/hp/hp4/grafana.nix @@ -0,0 +1,24 @@ +{ config, pkgs, ... }: +{ + # https://nixos.wiki/wiki/Grafana + # https://search.nixos.org/options?query=services.grafana + # https://xeiaso.net/blog/prometheus-grafana-loki-nixos-2020-11-20/ + # https://grafana.com/grafana/dashboards/1860-node-exporter-full/ + services.grafana = { + enable = true; + #openFirewall = true; # this doesn't exist + settings = { + server = { + # Listening Address + http_addr = "0.0.0.0"; + # and Port + http_port = 3000; + # Grafana needs to know on which domain and URL it's running + #domain = "your.domain"; + #root_url = "https://your.domain/grafana/"; # Not needed if it is `https://your.domain/` + serve_from_sub_path = true; + enable_gzip = true; + }; + }; + }; +} \ No newline at end of file diff --git a/hp/hp4/home-manager.nix b/hp/hp4/home-manager.nix deleted file mode 100644 index d56130e..0000000 --- a/hp/hp4/home-manager.nix +++ /dev/null @@ -1,176 +0,0 @@ -{ config, pkgs, ... }: - -# sudo cp ./nixos/modules/* /etc/nixos/ -# sudo nixos-rebuild switch - -{ - # https://nix-community.github.io/home-manager/index.xhtml#ch-installation - home-manager.users.das = { pkgs, ... }: { - - # https://nix-community.github.io/home-manager/options.xhtml#opt-home.sessionVariables - home.sessionVariables = { - }; - - home.packages = with pkgs; [ - # - gparted - hw-probe - ncdu - # - tmux - screen - # - libgcc - # https://nixos.wiki/wiki/C - # https://search.nixos.org/packages?channel=24.05&show=gcc&from=0&size=50&sort=relevance&type=packages&query=gcc - gcc - automake - gnumake - #cmake - pkg-config - # - # alsa-lib - # alsa-lib-with-plugins - # - perl - python3 - # - gawk - jq - git - htop - minicom - # - bzip2 - gzip - lz4 - zip - unzip - xz - zstd - # - rsync - tree - # - ethtool - iproute2 - vlan - tcpdump - #iperf2 - netperf - flent - bpftools - fping - inetutils - # - hwloc - bpftools - # - inotify-tools - # - # - neofetch - # - # go - # https://nixos.wiki/wiki/Go - # https://nixos.org/manual/nixpkgs/stable/#sec-language-go - # https://nixos.wiki/wiki/FAQ#How_can_I_install_a_package_from_unstable_while_remaining_on_the_stable_channel.3F - libcap - gcc - # thunderbird - # - # debug - strace - - ]; - - programs.bash.enable = true; - - programs.vim = { - enable = true; - plugins = with pkgs.vimPlugins; [ vim-airline ]; - settings = { ignorecase = true; }; - extraConfig = '' - set mouse=a - ''; - }; - #ldflags = [ - # "-X main.Version=${version}" - # "-X main.Commit=${version}" - #]; - - programs.git = { - enable = true; - userEmail = "dave.seddon.ca@gmail.com"; - userName = "randomizedcoder "; - #signing.key = "GPG-KEY-ID"; - #signing.signByDefault = true; - }; - - # disable wayland - # # https://nixos.wiki/wiki/Hyprland - # # https://josiahalenbrown.substack.com/p/installing-nixos-with-hyprland - # #programs.hyprland.enable = true; - # wayland.windowManager.hyprland = { - # # Whether to enable Hyprland wayland compositor - # enable = true; - # # The hyprland package to use - # package = pkgs.hyprland; - # # Whether to enable XWayland - # xwayland.enable = true; - - # # Optional - # # Whether to enable hyprland-session.target on hyprland startup - # systemd.enable = true; - # }; - # # home.file.".config/hypr/hyprland.conf".text = '' - # # ''; - - - home.file."containers.conf" = { - target = ".config/containers/containers.conf"; - # https://docs.podman.io/en/v4.6.0/markdown/options/security-opt.html - # https://github.com/containers/common/blob/main/docs/containers.conf.5.md - text = '' - [containers] - annotations=["run.oci.keep_original_groups=1",] - label=false - #seccomp=unconfined - ''; - }; - home.file."registries.conf" = { - target = ".config/containers/registries.conf"; - text = '' - [registries.search] - registries = ['docker.io'] - ''; - # text = '' - # [registries.search] - # registries = ['docker.io', 'registry.gitlab.com'] - # ''; - }; - home.file."policy.json" = { - target = ".config/containers/policy.json"; - text = '' - { - "default": [ - { - "type": "insecureAcceptAnything" - } - ], - "transports": - { - "docker-daemon": - { - "": [{"type":"insecureAcceptAnything"}] - } - } - } - ''; - }; - - nixpkgs.config.allowUnfree = true; - - home.stateVersion = "23.11"; - }; -} \ No newline at end of file diff --git a/hp/hp4/home.nix b/hp/hp4/home.nix new file mode 100644 index 0000000..04795b4 --- /dev/null +++ b/hp/hp4/home.nix @@ -0,0 +1,144 @@ +{ config, pkgs, ... }: + +# sudo cp ./nixos/modules/* /etc/nixos/ +# sudo nixos-rebuild switch + +{ + home.username = "das"; + home.homeDirectory = "/home/das"; + + # imports = [ + # #./ffmpeg_systemd_service.nix + # ]; + + # https://nix-community.github.io/home-manager/index.xhtml#ch-installation + #home-manager.users.das = { pkgs, ... }: { + + # https://nix-community.github.io/home-manager/options.xhtml#opt-home.sessionVariables + home.sessionVariables = { + #GI_TYPELIB_PATH = "/run/current-system/sw/lib/girepository-1.0"; + # disable wayland + #NIXOS_OZONE_WL = "1"; + KUBECONFIG = "/home/das/k3s.yaml"; + TERM = "xterm-256color"; + }; + + home.packages = with pkgs; [ + # + killall + hw-probe + lshw + hwloc + # + tmux + screen + # + libgcc + # https://nixos.wiki/wiki/C + # https://search.nixos.org/packages?channel=24.05&show=gcc&from=0&size=50&sort=relevance&type=packages&query=gcc + gcc + automake + gnumake + #cmake + pkg-config + # + # alsa-lib + # alsa-lib-with-plugins + # + perl + python3 + # + gawk + jq + git + htop + btop + minicom + # + bzip2 + gzip + lz4 + zip + unzip + xz + zstd + # + rsync + tree + # + ethtool + iproute2 + vlan + tcpdump + #wireshark + #iperf2 + netperf + flent + bpftools + fping + inetutils + # + netcat-gnu + # for telnet + inetutils + # + hwloc + bpftools + # + inotify-tools + # + libcap + gcc + # thunderbird + go + # rust + # https://nixos.wiki/wiki/Rust + # pkgs.cargo + # pkgs.rustc + # + # debug + strace + # + dive + # for pprof + graphviz + # + #ffmpeg + #ffmpeg-full + ]; + + programs.bash = { + enable = true; + enableCompletion = true; + shellAliases = { + k = "kubectl"; + }; + }; + + programs.vim = { + enable = true; + plugins = with pkgs.vimPlugins; [ vim-airline ]; + settings = { ignorecase = true; }; + extraConfig = '' + set mouse=a + ''; + }; + #ldflags = [ + # "-X main.Version=${version}" + # "-X main.Commit=${version}" + #]; + + programs.git = { + enable = true; + userEmail = "dave.seddon.ca@gmail.com"; + userName = "randomizedcoder "; + #signing.key = "GPG-KEY-ID"; + #signing.signByDefault = true; + }; + + nixpkgs.config.allowUnfree = true; + + programs.home-manager.enable = true; + home.stateVersion = "24.11"; + #}; +} diff --git a/hp/hp4/il8n.nix b/hp/hp4/il8n.nix new file mode 100644 index 0000000..6a67b6f --- /dev/null +++ b/hp/hp4/il8n.nix @@ -0,0 +1,18 @@ +{ config, pkgs, ... }: + +{ + # Select internationalisation properties. + i18n.defaultLocale = "en_US.UTF-8"; + + i18n.extraLocaleSettings = { + LC_ADDRESS = "en_US.UTF-8"; + LC_IDENTIFICATION = "en_US.UTF-8"; + LC_MEASUREMENT = "en_US.UTF-8"; + LC_MONETARY = "en_US.UTF-8"; + LC_NAME = "en_US.UTF-8"; + LC_NUMERIC = "en_US.UTF-8"; + LC_PAPER = "en_US.UTF-8"; + LC_TELEPHONE = "en_US.UTF-8"; + LC_TIME = "en_US.UTF-8"; + }; +} \ No newline at end of file diff --git a/hp/hp4/nginx.conf b/hp/hp4/nginx.conf deleted file mode 100644 index d7b6f33..0000000 --- a/hp/hp4/nginx.conf +++ /dev/null @@ -1,34 +0,0 @@ -{ pkgs, config, ... }: -{ - # https://nixos.wiki/wiki/Nginx - # https://mynixos.com/options/services.nginx - # https://search.nixos.org/options?channel=24.11&from=0&size=50&sort=relevance&type=packages&query=services.nginx - services.nginx = { - enable = true; - statusPage = true; - - listen = 8080; - - resolver.addresses = [ "1.1.1.1" "8.8.8.8" ] - - recommendedZstdSettings = true; - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedProxySettings = true; - recommendedBrotliSettings = true; - - virtualHosts = { - default = { - serverName = "_"; - default = true; - rejectSSL = true; - locations = { - "/" = { - resolver 1.1.1.1; - proxyPass = "http://127.0.0.1:12345"; - } - } - }; - }; - }; -}; \ No newline at end of file diff --git a/hp/hp4/nginx.nix b/hp/hp4/nginx.nix new file mode 100644 index 0000000..9174cbe --- /dev/null +++ b/hp/hp4/nginx.nix @@ -0,0 +1,101 @@ +{ pkgs, config, ... }: + +{ + # https://github.com/NixOS/nixpkgs/blob/master/pkgs/servers/http/nginx/generic.nix + # https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/web-servers/nginx/default.nix + # acme: https://github.com/lovesegfault/nix-config/blob/f32ab485a45bf60c3d86aa4485254b087d8e0187/services/nginx.nix#L28 + # https://github.com/NixOS/nixpkgs/blob/47457869d5b12bdd72303d6d2ba4bfcc26fe8531/nixos/modules/services/security/oauth2-proxy-nginx.nix + # https://blog.matejc.com/blogs/myblog/nixos-hydra-nginx + # https://github.com/nixinator/cardano-ops/blob/8a7be334a476a80829e17c8a0ca6ec374347a937/roles/explorer.nix#L313 + # grep ExecStartPre /etc/systemd/system/nginx.service + services.nginx = { + enable = true; + defaultHTTPListenPort = 8080; + statusPage = true; + + recommendedProxySettings = true; + recommendedTlsSettings = true; + recommendedZstdSettings = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedBrotliSettings = true; + + # Minimal configuration for serving files + virtualHosts."_" = { + serverName = "_"; + root = "/var/www/html"; + default = true; + + locations."/" = { + extraConfig = '' + autoindex on; + autoindex_exact_size on; + autoindex_localtime on; + #index index.html; + ''; + }; + + locations."/nginx_status" = { + extraConfig = '' + stub_status on; + access_log off; + allow 127.0.0.1; + allow ::1; + allow 172.16.50.0/24; + deny all; + ''; + }; + }; + }; + + # Ensure the docRoot directory exists and has correct permissions + systemd.tmpfiles.rules = [ + "d /var/www/html 0755 nginx nginx - -" + ]; + + # journalctl --follow --namespace nginx + + systemd.services.nginx.serviceConfig.LogNamespace = "nginx"; + + services.prometheus.exporters.nginx = { + enable = true; + openFirewall = true; + # statusUrl = "http://localhost/stub_status"; # Default, should work with statusPage = true + # listenAddress = "0.0.0.0"; # Default + # port = 9113; # Default + }; + +} +# { +# # https://nixos.wiki/wiki/Nginx +# # https://mynixos.com/options/services.nginx +# # https://search.nixos.org/options?channel=24.11&from=0&size=50&sort=relevance&type=packages&query=services.nginx +# services.nginx = { +# enable = true; +# statusPage = true; + +# listen = 8080; + +# resolver.addresses = [ "1.1.1.1" "8.8.8.8" ] + +# recommendedZstdSettings = true; +# recommendedGzipSettings = true; +# recommendedOptimisation = true; +# recommendedProxySettings = true; +# recommendedBrotliSettings = true; + +# virtualHosts = { +# default = { +# serverName = "_"; +# default = true; +# rejectSSL = true; +# locations = { +# "/" = { +# resolver 1.1.1.1; +# proxyPass = "http://127.0.0.1:12345"; +# } +# } +# }; +# }; +# }; +# }; \ No newline at end of file diff --git a/hp/hp4/nixos_logo.nix b/hp/hp4/nixos_logo.nix new file mode 100644 index 0000000..468901d --- /dev/null +++ b/hp/hp4/nixos_logo.nix @@ -0,0 +1,10 @@ +# ███▄ █ ██▓ ▒██ ██▒ ▒█████ ██████ +# ██ ▀█ █ ▓██▒ ▒▒ █ █ ▒░ ▒██▒ ██▒ ▒██ ▒ +# ▓██ ▀█ ██▒ ▒██▒ ░░ █ ░ ▒██░ ██▒ ░ ▓██▄ +# ▓██▒ ▐▌██▒ ░██░ ░ █ █ ▒ ▒██ ██░ ▒ ██▒ +# ▒██░ ▓██░ ░██░ ▒██▒ ▒██▒ ░ ████▓▒░ ▒██████▒▒ +# ░ ▒░ ▒ ▒ ░▓ ▒▒ ░ ░▓ ░ ░ ▒░▒░▒░ ▒ ▒▓▒ ▒ ░ +# ░ ░░ ░ ▒░ ▒ ░ ░░ ░▒ ░ ░ ▒ ▒░ ░ ░▒ ░ ░ +# ░ ░ ░ ▒ ░ ░ ░ ░ ░ ░ ▒ ░ ░ ░ +# ░ ░ ░ ░ ░ ░ ░ +# https://github.com/tolgaerok/nixos-2405-gnome/blob/main/configuration.nix \ No newline at end of file diff --git a/hp/hp4/nodeExporter.nix b/hp/hp4/nodeExporter.nix new file mode 100644 index 0000000..388d136 --- /dev/null +++ b/hp/hp4/nodeExporter.nix @@ -0,0 +1,14 @@ +{ config, pkgs, ... }: +{ + # https://nixos.org/manual/nixos/stable/#module-services-prometheus-exporters + # https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/services/monitoring/prometheus/default.nix + services.prometheus.exporters.node = { + enable = true; + openFirewall = true; + port = 9000; + # https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/services/monitoring/prometheus/exporters.nix + enabledCollectors = [ "systemd" ]; + # /nix/store/zgsw0yx18v10xa58psanfabmg95nl2bb-node_exporter-1.8.1/bin/node_exporter --help + extraFlags = [ "--collector.ethtool" "--collector.softirqs" "--collector.tcpstat" "--collector.wifi" ]; + }; +} \ No newline at end of file diff --git a/hp/hp4/prometheus.nix b/hp/hp4/prometheus.nix new file mode 100644 index 0000000..e756933 --- /dev/null +++ b/hp/hp4/prometheus.nix @@ -0,0 +1,20 @@ +{ config, pkgs, ... }: +{ + # https://wiki.nixos.org/wiki/Prometheus + # https://nixos.org/manual/nixos/stable/#module-services-prometheus-exporters-configuration + # https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/services/monitoring/prometheus/default.nix + # default port 9090 + services.prometheus = { + enable = true; + # openFirewall = true; # doesn't exist + globalConfig.scrape_interval = "10s"; # "1m" + scrapeConfigs = [ + { + job_name = "node"; + static_configs = [{ + targets = [ "localhost:${toString config.services.prometheus.exporters.node.port}" ]; + }]; + } + ]; + }; +} \ No newline at end of file diff --git a/hp/hp4/remote-builder.nix b/hp/hp4/remote-builder.nix new file mode 100644 index 0000000..98c19e5 --- /dev/null +++ b/hp/hp4/remote-builder.nix @@ -0,0 +1,44 @@ +# +# /hp/hp4/remote-builder.nix +# +{ pkgs, config, ... }: +{ + # https://nix.dev/tutorials/nixos/distributed-builds-setup.html#set-up-the-remote-builder + # sudo ssh remotebuild@hp4 -i /root/.ssh/remotebuild "echo hello" + # sudo ssh remotebuild@hp4.home -i /root/.ssh/remotebuild "echo hello" + users.users.remotebuild = { + isNormalUser = true; + createHome = false; + group = "remotebuild"; + + # openssh.authorizedKeys.keyFiles = [ ./authorizedKeys ]; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINjiY/MIQUyp58JXt+fuy1mQWCZfFhbYoRK6jJN5ZxeV root@t" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMO7liZykpeI/ggPRBXQswdLAZWNWj+h8QA3hzQLi0ai das@hp1" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIBUWTELKL25XhSi+le+KNqaeAQvZ4Sh0/+lmRpiJzKn root@l" + ]; + }; + + users.groups.remotebuild = {}; + + # https://nix.dev/tutorials/nixos/distributed-builds-setup.html#optimise-the-remote-builder-configuration + # nix.settings.trusted-users = [ "remotebuild" ]; + nix = { + nrBuildUsers = 64; + settings = { + trusted-users = [ "remotebuild" ]; + + min-free = 10 * 1024 * 1024; + max-free = 200 * 1024 * 1024; + + max-jobs = "auto"; + cores = 0; + }; + }; + + systemd.services.nix-daemon.serviceConfig = { + MemoryAccounting = true; + MemoryMax = "90%"; + OOMScoreAdjust = 500; + }; +} diff --git a/hp/hp4/services.ssh.nix b/hp/hp4/services.ssh.nix new file mode 100644 index 0000000..06741ae --- /dev/null +++ b/hp/hp4/services.ssh.nix @@ -0,0 +1,51 @@ +{ pkgs, config, ... }: +{ + # https://nixos.wiki/wiki/SSH + # https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/networking/ssh/sshd.nix + # https://github.com/NixOS/nixpkgs/blob/47457869d5b12bdd72303d6d2ba4bfcc26fe8531/nixos/modules/services/security/sshguard.nix + services.openssh = { + enable = true; + openFirewall = true; + settings = { + # default key algos: https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/networking/ssh/sshd.nix#L546 + # KexAlgorithms = [ + # "mlkem768x25519-sha256" + # "sntrup761x25519-sha512" + # "sntrup761x25519-sha512@openssh.com" + # "curve25519-sha256" + # "curve25519-sha256@libssh.org" + # "diffie-hellman-group-exchange-sha256" + # ]; + Ciphers = [ + "chacha20-poly1305@openssh.com" + "aes256-gcm@openssh.com" + "aes128-gcm@openssh.com" + # shortned default list + ]; + Macs = [ + "hmac-sha2-512-etm@openssh.com" + "hmac-sha2-256-etm@openssh.com" + "umac-128-etm@openssh.com" + ]; + # HostKeyAlgorithms = [ + # "ssh-ed25519-cert-v01@openssh.com" + # "sk-ssh-ed25519-cert-v01@openssh.com" + # "rsa-sha2-512-cert-v01@openssh.com" + # "rsa-sha2-256-cert-v01@openssh.com" + # "ssh-ed25519" + # "sk-ssh-ed25519@openssh.com" + # "rsa-sha2-512" + # "rsa-sha2-256" + # ]; + UsePAM = true; + KbdInteractiveAuthentication = true; + PermitRootLogin = "prohibit-password"; + PasswordAuthentication = false; + ChallengeResponseAuthentication = false; + X11Forwarding = false; + GatewayPorts = "no"; + }; + }; + + services.sshguard.enable = true; +} \ No newline at end of file diff --git a/hp/hp4/sysctl.nix b/hp/hp4/sysctl.nix new file mode 100644 index 0000000..ed11dac --- /dev/null +++ b/hp/hp4/sysctl.nix @@ -0,0 +1,43 @@ +{ config, pkgs, ... }: + +{ + # https://www.kernel.org/doc/html/latest/networking/ip-sysctl.html + boot.kernel.sysctl = { + # detect dead connections more quickly + "net.ipv4.tcp_keepalive_intvl" = 30; + #net.ipv4.tcp_keepalive_intvl = 75 + "net.ipv4.tcp_keepalive_probes" = 4; + #net.ipv4.tcp_keepalive_probes = 9 + "net.ipv4.tcp_keepalive_time" = 120; + #net.ipv4.tcp_keepalive_time = 7200 + # 30 * 4 = 120 seconds. / 60 = 2 minutes + # default: 75 seconds * 9 = 675 seconds. /60 = 11.25 minutes + "net.ipv4.tcp_rmem" = "4096 1000000 16000000"; + "net.ipv4.tcp_wmem" = "4096 1000000 16000000"; + #net.ipv4.tcp_rmem = 4096 131072 6291456 + #net.ipv4.tcp_wmem = 4096 16384 4194304 + # https://github.com/torvalds/linux/blob/master/Documentation/networking/ip-sysctl.rst?plain=1#L1042 + # https://lwn.net/Articles/560082/ + "net.ipv4.tcp_notsent_lowat" = "131072"; + #net.ipv4.tcp_notsent_lowat = 4294967295 + # enable Enable reuse of TIME-WAIT sockets globally + "net.ipv4.tcp_tw_reuse" = 1; + #net.ipv4.tcp_tw_reuse=2 + "net.ipv4.tcp_timestamps" = 1; + "net.ipv4.tcp_ecn" = 1; + "net.core.default_qdisc" = "fq_codel"; + "net.ipv4.tcp_congestion_control" = "cubic"; + #net.ipv4.tcp_congestion_control=bbr + "net.core.rmem_default" = 26214400; + "net.core.rmem_max" = 26214400; + "net.core.wmem_default" = 26214400; + "net.core.wmem_max" = 26214400; + #net.core.optmem_max = 20480 + #net.core.rmem_default = 212992 + #net.core.rmem_max = 212992 + #net.core.wmem_default = 212992 + #net.core.wmem_max = 212992 + "net.ipv4.ip_local_port_range" = "1025 65535"; + #net.ipv4.ip_local_port_range ="32768 60999" + }; +} \ No newline at end of file diff --git a/hp/hp4/systemPackages.nix b/hp/hp4/systemPackages.nix new file mode 100644 index 0000000..a524c6d --- /dev/null +++ b/hp/hp4/systemPackages.nix @@ -0,0 +1,37 @@ +{ + config, + pkgs, + ... +}: +{ + # Allow unfree packages + nixpkgs.config.allowUnfree = true; + # $ nix search wget + environment.systemPackages = with pkgs; [ + # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. + # wget + psmisc + vim + curl + wget + tcpdump + iproute2 + nftables + iptables + pciutils + usbutils + iw + wirelesstools + wpa_supplicant + #wpa_supplicant_ro_ssids + lldpd + #snmp seems to be needed by lldpd + net-snmp + neofetch + # + ffmpeg-full + radeontop # GPU monitoring tool + # https://nixos.wiki/wiki/AMD_GPU#OpenCL + clinfo + ]; +} diff --git a/hp/hp4/systemd.services.ethtool-enp1s0f0.nix b/hp/hp4/systemd.services.ethtool-enp1s0f0.nix new file mode 100644 index 0000000..34d2446 --- /dev/null +++ b/hp/hp4/systemd.services.ethtool-enp1s0f0.nix @@ -0,0 +1,14 @@ +{ pkgs, ... }: +{ + systemd.services.ethtool-enp10f0 = { + description = "ethtool-enp1s0f0"; + serviceConfig = { + Type = "oneshot"; + User = "root"; + ExecStart = "${pkgs.ethtool}/bin/ethtool --set-ring enp1s0f0 rx 4096 tx 4096"; + }; + # wantedBy = [ "multi-user.target" ]; + # https://systemd.io/NETWORK_ONLINE/ + wantedBy = [ "network-pre.target" ]; + }; +} diff --git a/hp/hp4/systemd.services.ethtool-enp1s0f1.nix b/hp/hp4/systemd.services.ethtool-enp1s0f1.nix new file mode 100644 index 0000000..9141622 --- /dev/null +++ b/hp/hp4/systemd.services.ethtool-enp1s0f1.nix @@ -0,0 +1,14 @@ +{ pkgs, ... }: +{ + systemd.services.ethtool-enp1s0f1 = { + description = "ethtool-enp1s0f1"; + serviceConfig = { + Type = "oneshot"; + User = "root"; + ExecStart = "${pkgs.ethtool}/bin/ethtool --set-ring enp1s0f1 rx 4096 tx 4096"; + }; + # wantedBy = [ "multi-user.target" ]; + # https://systemd.io/NETWORK_ONLINE/ + wantedBy = [ "network-pre.target" ]; + }; +} diff --git a/hp/hp4/trafficserver.nix b/hp/hp4/trafficserver.nix index 4260782..09387e8 100644 --- a/hp/hp4/trafficserver.nix +++ b/hp/hp4/trafficserver.nix @@ -7,8 +7,12 @@ }; # https://search.nixos.org/options?channel=24.11&size=50&sort=relevance&type=packages&query=trafficserver # https://github.com/NixOS/nixpkgs/blob/nixos-24.11/nixos/modules/services/web-servers/trafficserver/default.nix + # https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/web-servers/trafficserver/default.nix services.trafficserver = { enable = true; + + #openFirewall = true; # doesn't exist + #volume = "volume=1 scheme=http size=20%"; storage = "/var/cache/trafficserver 200G"; # storage = "/var/cache/trafficserver 256M"; @@ -16,6 +20,10 @@ records = { proxy = { config = { + dns = { + nameservers = "127.0.0.1"; + round_robin_nameservers = 0; + }; # Anonymize the forward proxy http = { anonymize_remove_from = 1; @@ -24,7 +32,7 @@ anonymize_remove_cookie = 1; anonymize_remove_client_ip = 1; - cache.http = 0; + cache.http = 1; insert_client_ip = 0; insert_squid_x_forwarded_for = 0; insert_request_via_str = 0; @@ -33,6 +41,10 @@ #server_ports = toString cfg.proxyPort; server_ports = "3128 3128:ipv6"; }; + cache = { + ram_cache.size = "2G"; + #ram_cache.lru_algorithm = 0; # 0 is default, 1 is basic LRU + }; # Set logging and disable reverse proxy log.logging_enabled = 3; @@ -46,47 +58,27 @@ ipAllow = { ip_allow = [ - { - apply = "in"; - ip_addrs = "127.0.0.1"; - action = "allow"; - methods = "ALL"; - } - { - apply = "in"; - ip_addrs = "::1"; - action = "allow"; - methods = "ALL"; - } - { - apply = "in"; - ip_addrs = "172.16.0.0/16"; - action = "allow"; - methods = "ALL"; - } - { - apply = "in"; - # 4x4x4=64 - # 2603:8000:9c01:3b00 - ip_addrs = "2603:8000:9c01:3b00/64"; - action = "allow"; - methods = "ALL"; - } - { - apply = "in"; - ip_addrs = "0/0"; - action = "deny"; - methods = "ALL"; - } - { - apply = "in"; - ip_addrs = "::/0"; - action = "deny"; - methods = "ALL"; - } + { apply = "in"; ip_addrs = "0/0"; action = "allow"; methods = "ALL"; } + { apply = "in"; ip_addrs = "::/0"; action = "allow"; methods = "ALL"; } + + # { apply = "in"; ip_addrs = "127.0.0.1"; action = "allow"; methods = "ALL"; } + # { apply = "in"; ip_addrs = "::1"; action = "allow"; methods = "ALL"; } + # { apply = "in"; ip_addrs = "172.16.0.0/16"; action = "allow"; methods = "ALL"; } + # { apply = "in"; ip_addrs = "2603:8000:9c01:3b00/64"; action = "allow"; methods = "ALL"; } + # # Deny all others + # { apply = "in"; ip_addrs = "0/0"; action = "deny"; methods = "ALL"; } + # { apply = "in"; ip_addrs = "::/0"; action = "deny"; methods = "ALL"; } ]; }; }; + + systemd.tmpfiles.settings."trafficserver-dirs" = { + "/var/cache/trafficserver"."d" = { + mode = "0750"; + user = "ats"; + group = "ats"; + }; + }; } # https://github.com/input-output-hk/cardano-parts/blob/main/flake/nixosModules/profile-mithril-relay.nix # https://github.com/HippocampusGirl/nixos/blob/b01f0359810cfdd040642e2e3bbea8683bc11aee/machines/laptop-wsl/trafficserver.nix#L2 \ No newline at end of file diff --git a/laptops/t/Makefile b/laptops/t/Makefile index 0a717b1..0f9e0a8 100644 --- a/laptops/t/Makefile +++ b/laptops/t/Makefile @@ -18,6 +18,12 @@ endif rebuild: sudo nixos-rebuild switch --flake . +rebuild_t: + sudo nixos-rebuild switch --flake .#t + +#https://nixos.org/manual/nixos/unstable/index.html#sec-nix-network-issues +#nixos-rebuild switch --option binary-caches http://my-cache.example.org/ + impure: sudo nixos-rebuild switch --impure --flake . @@ -48,4 +54,7 @@ update_oldm.: sudo nixos-rebuild switch #nix-shell -p vim +restart_display_manager: + sudo systemctl restart display-manager.service + # end diff --git a/laptops/t/configuration.nix b/laptops/t/configuration.nix index 5caf054..aa7de28 100644 --- a/laptops/t/configuration.nix +++ b/laptops/t/configuration.nix @@ -1,6 +1,6 @@ # Edit this configuration file to define what should be installed on # your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). +# and in the NixOS manual (accessible by running 'nixos-help'). # sudo nixos-rebuild switch # sudo nix-channel --update @@ -42,10 +42,10 @@ #./docker-compose.nix ./docker-daemon.nix #./smokeping.nix + ./distributed-builds.nix ]; boot = { - loader.systemd-boot = { enable = true; consoleMode = "max"; @@ -62,8 +62,8 @@ # https://github.com/tolgaerok/nixos-2405-gnome/blob/main/core/boot/efi/efi.nix#L56C5-L56C21 kernelParams = [ - #"nvidia-drm.modeset=1" - #"nvidia-drm.fbdev=1" + "nvidia-drm.modeset=1" + "nvidia-drm.fbdev=1" # https://www.reddit.com/r/NixOS/comments/u5l3ya/cant_start_x_in_nixos/?rdt=56160 #"nomodeset" ]; @@ -77,50 +77,52 @@ # https://nixos.org/manual/nixos/stable/options#opt-boot.binfmt.emulatedSystems binfmt.emulatedSystems = [ "aarch64-linux" "riscv64-linux" ]; - extraModulePackages = with config.boot.kernelPackages; [ - v4l2loopback - #nvidia_x11 + extraModulePackages = [ + config.boot.kernelPackages.v4l2loopback + pkgs.unstable.linuxPackages.nvidiaPackages.production + ]; + + extraModprobeConfig = '' + options nvidia NVreg_UsePageAttributeTable=1 + options nvidia NVreg_RegistryDwords=RMUseSwI2c=0x01;RMI2cSpeed=100 + options kvm_intel nested=1 + options v4l2loopback devices=1 video_nr=1 card_label="OBS Cam" exclusive_caps=1 + ''; + }; + + # https://fzakaria.com/2025/02/26/nix-pragmatism-nix-ld-and-envfs + # Enable nix-ld for better compatibility with non-Nix binaries + programs.nix-ld = { + enable = false; + # Add commonly needed libraries + libraries = with pkgs; [ + stdenv.cc.cc.lib + zlib + libxml2 + # Add more libraries as needed ]; + }; - # https://nixos.wiki/wiki/Libvirt#Nested_virtualization - #extraModprobeConfig = "options kvm_intel nested=1"; - # https://gist.github.com/chrisheib/162c8cad466638f568f0fb7e5a6f4f6b#file-config_working-nix-L19 - extraModprobeConfig = - "options nvidia " - #"" - + lib.concatStringsSep " " [ - # nvidia assume that by default your CPU does not support PAT, - # but this is effectively never the case in 2023 - "NVreg_UsePageAttributeTable=1" - # This is sometimes needed for ddc/ci support, see - # https://www.ddcutil.com/nvidia/ - # - # Current monitor does not support it, but this is useful for - # the future - "NVreg_RegistryDwords=RMUseSwI2c=0x01;RMI2cSpeed=100" - "options kvm_intel nested=1" - # # https://nixos.wiki/wiki/OBS_Studio - '' - options v4l2loopback devices=1 video_nr=1 card_label="OBS Cam" exclusive_caps=1 - '' - ]; + # Enable envfs for better compatibility with FHS expectations + services.envfs = { + enable = false; }; # For OBS security.polkit.enable = true; nix = { - gc = { - automatic = true; # Enable automatic execution of the task - dates = "weekly"; # Schedule the task to run weekly - options = "--delete-older-than 10d"; # Specify options for the task: delete files older than 10 days - randomizedDelaySec = "14m"; # Introduce a randomized delay of up to 14 minutes before executing the task - }; settings = { auto-optimise-store = true; experimental-features = [ "nix-command" "flakes" ]; download-buffer-size = "500000000"; }; + gc = { + automatic = true; # Enable automatic execution of the task + dates = "daily"; # Schedule the task to run daily + options = "--delete-older-than 10d"; # Specify options for the task: delete files older than 10 days + randomizedDelaySec = "14m"; # Introduce a randomized delay of up to 14 minutes before executing the task + }; }; # https://nixos.wiki/wiki/Networking @@ -246,20 +248,6 @@ # Or disable the firewall altogether. # networking.firewall.enable = false; - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - #system.stateVersion = "23.11"; - - system.stateVersion = "24.11"; - - virtualisation.containers = { - ociSeccompBpfHook.enable = true; - }; - # # https://nixos.wiki/wiki/Podman # virtualisation.podman = { # enable = true; @@ -281,11 +269,42 @@ programs.virt-manager.enable = true; virtualisation.spiceUSBRedirection.enable = true; + virtualisation.containers = { + ociSeccompBpfHook.enable = true; + }; + # guest # services.qemuGuest.enable = true; # services.spice-vdagentd.enable = true; - nixpkgs.config.allowUnfree = true; - # https://wiki.nixos.org/wiki/Laptop + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It's perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + #system.stateVersion = "23.11"; + + system.stateVersion = "24.11"; + + nixpkgs.config = { + allowUnfree = true; + # allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ + # "nvidia-x11" + # "nvidia-settings" + # "nvidia-persistenced" + # ]; + }; + + # hardware.opengl = { + # enable = true; + # driSupport = true; + # driSupport32Bit = true; + # extraPackages = with pkgs; [ + # vaapiVdpau + # libvdpau-va-gl + # ]; + # }; } diff --git a/laptops/t/configuration.nix.before b/laptops/t/configuration.nix.before deleted file mode 100644 index 5cd5470..0000000 --- a/laptops/t/configuration.nix.before +++ /dev/null @@ -1,314 +0,0 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). - -# sudo nixos-rebuild switch -# sudo nix-channel --update -# nix-shell -p vim -# nmcli device wifi connect MYSSID password PWORD -# systemctl restart display-manager.service - -{ config, pkgs, ... }: - -# https://nixos.wiki/wiki/FAQ#How_can_I_install_a_package_from_unstable_while_remaining_on_the_stable_channel.3F - -{ - # https://nixos.wiki/wiki/NixOS_modules - imports = - [ # Include the results of the hardware scan. - ./hardware-configuration.nix - # sudo nix-channel --add https://github.com/nix-community/home-manager/archive/release-24.05.tar.gz home-manager - # sudo nix-channel --update - - # - ./sysctl.nix - ./wireless_desktop.nix - # sound removed for 24.11 - #./sound.nix - ./locale.nix - ./hosts.nix - ./firewall.nix - #./systemdSystem.nix - ./systemPackages.nix - ./home-manager.nix - ./nodeExporter.nix - ./prometheus.nix - ./grafana.nix - # clickhouse - #./docker-compose.nix - ./docker-daemon.nix - #./smokeping.nix - ]; - - - - # Bootloader. - boot.loader.systemd-boot = { - enable = true; - consoleMode = "max"; # Sets the console mode to the highest resolution supported by the firmware. - memtest86.enable = true; - }; - - boot.loader.efi.canTouchEfiVariables = true; - - # https://nixos.wiki/wiki/Linux_kernel - boot.kernelPackages = pkgs.linuxPackages_latest; - #boot.kernelPackages = pkgs.linuxPackages_rpi4 - - #boot.kernelParams = [ - # https://github.com/tolgaerok/nixos-2405-gnome/blob/main/core/boot/efi/efi.nix#L56C5-L56C21 - - nix = { - gc = { - automatic = true; # Enable automatic execution of the task - dates = "weekly"; # Schedule the task to run weekly - options = "--delete-older-than 10d"; # Specify options for the task: delete files older than 10 days - randomizedDelaySec = "14m"; # Introduce a randomized delay of up to 14 minutes before executing the task - }; - settings = { - auto-optimise-store = true; - experimental-features = [ "nix-command" "flakes" ]; - }; - }; - - # https://nixos.wiki/wiki/Networking - networking.hostName = "t"; - - services.lldpd.enable = true; - - # Set your time zone. - time.timeZone = "America/Los_Angeles"; - - # this option doesn't exist - # hardware.graphics.enable = true; - - # https://wiki.nixos.org/w/index.php?title=NVIDIA - # https://nixos.wiki/wiki/Nvidia - # https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/hardware/video/nvidia.nix - hardware.nvidia = { - - modesetting.enable = true; - - prime = { - # ([[:print:]]+[:@][0-9]{1,3}:[0-9]{1,2}:[0-9])?' - # 00:02.0 VGA compatible controller: Intel Corporation CometLake-H GT2 [UHD Graphics] (rev 05) - intelBusId = "PCI:0:2:0"; - # 01:00.0 VGA compatible controller: NVIDIA Corporation TU117GLM [Quadro T2000 Mobile / Max-Q] (rev a1) - nvidiaBusId = "PCI:1:0:0"; - offload = { - enable = true; - #sync.enable = true; - enableOffloadCmd = true; - }; - }; - - # Nvidia power management. Experimental, and can cause sleep/suspend to fail. - # Enable this if you have graphical corruption issues or application crashes after waking - # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead - # of just the bare essentials. - powerManagement = { - enable = true; - # Fine-grained power management. Turns off GPU when not in use. - # Experimental and only works on modern Nvidia GPUs (Turing or newer). - finegrained = true; - }; - - # Use the NVidia open source kernel module (not to be confused with the - # independent third-party "nouveau" open source driver). - # Support is limited to the Turing and later architectures. Full list of - # supported GPUs is at: - # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus - # Only available from driver 515.43.04+ - # Currently alpha-quality/buggy, so false is currently the recommended setting. - # prioritry drivers don't compile on 6.10.3 - open = true; - #open = false; - - # Enable the Nvidia settings menu, - # accessible via `nvidia-settings`. - # nvidiaSettings = true; - nvidiaSettings = false; - - # Optionally, you may need to select the appropriate driver version for your specific GPU. - # package = config.boot.kernelPackages.nvidiaPackages.stable; - #package = config.boot.kernelPackages.nvidiaPackages.stable; - package = config.boot.kernelPackages.nvidiaPackages.beta; - #package = config.boot.kernelPackages.nvidiaPackages.production; - # https://nixos.wiki/wiki/Nvidia#Determining_the_Correct_Driver_Version - }; - - # Nouveau is enabled by default whenever graphics are enabled - # This name will change to hardware.opengl.enable, with 24.11 - hardware.opengl = { - enable = true; - # removed in 24.11 - #driSupport = true; - }; - - services.xserver = { - enable = true; - # Load nvidia driver for Xorg and Wayland - videoDrivers = [ "nvidia-open" ]; - #videoDrivers = [ "nvidia" ]; - # Display Managers are responsible for handling user login - displayManager = { - gdm.enable = true; - }; - # Enable the GNOME Desktop Environment. - desktopManager = { - gnome.enable = true; - plasma5.enable = false; - xterm.enable = false; - }; - # https://discourse.nixos.org/t/help-with-setting-up-a-different-desktop-environment-window-manager/15025/6 - - # Configure keymap in X11 - xkb.layout = "us"; - xkb.variant = ""; - }; - - # https://theo.is-a.dev/blog/post/hyprland-adventure/ - #[das@t:~]$ lshw -c video | grep config - #WARNING: you should run this program as super-user. - # configuration: depth=32 driver=nouveau latency=0 resolution=3840,2160 - # configuration: depth=32 driver=i915 latency=0 resolution=3840,2160 - # - #[das@t:~]$ lspci -nnk | egrep -i --color 'vga|3d|2d' -A3 | grep 'in use' - #Kernel driver in use: i915 - #Kernel driver in use: nouveau - # - #[das@t:~]$ lspci -nnk | grep -i vga -A2 - #00:02.0 VGA compatible controller [0300]: Intel Corporation CometLake-H GT2 [UHD Graphics] [8086:9bc4] (rev 05) - #Subsystem: Lenovo Device [17aa:22c0] - #Kernel driver in use: i915 - #-- - #01:00.0 VGA compatible controller [0300]: NVIDIA Corporation TU117GLM [Quadro T2000 Mobile / Max-Q] [10de:1fb8] (rev a1) - #Subsystem: Lenovo Device [17aa:22c0] - #Kernel driver in use: nouveau - # - # hwinfo --gfxcard - - services.udev.packages = [ pkgs.gnome.gnome-settings-daemon ]; - - services.bpftune.enable = true; - - systemd.services.modem-manager.enable = false; - systemd.services."dbus-org.freedesktop.ModemManager1".enable = false; - - # https://discourse.nixos.org/t/unable-to-fix-too-many-open-files-error/27094/6 - systemd.extraConfig = "DefaultLimitNOFILE=2048"; # defaults to 1024 if unset - - # Enable touchpad support (enabled default in most desktopManager). - services.libinput.enable = true; - - # https://nixos.wiki/wiki/Printing - services.printing.enable = true; - services.avahi = { - enable = true; - nssmdns4 = true; - openFirewall = true; - }; - - environment.sessionVariables = { - TERM = "xterm-256color"; - #MY_VARIABLE = "my-value"; - #ANOTHER_VARIABLE = "another-value"; - }; - - users.users.das = { - isNormalUser = true; - description = "das"; - extraGroups = [ "wheel" "networkmanager" "kvm" "libvirtd" "docker" "video" ]; - # users.extraGroups.docker.members = [ "das" ]; - packages = with pkgs; [ - ]; - # https://nixos.wiki/wiki/SSH_public_key_authentication - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGMCFUMSCFJX95eLfm7P9r72NBp9I1FiXwNwJ+x/HGPV das@t" - ]; - }; - - # Allow unfree packages - nixpkgs.config.allowUnfree = true; - - # List packages installed in system profile. To search, run: - # $ nix search wget - environment.systemPackages = with pkgs; [ - # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. - # wget - vim - curl - wget - tcpdump - iproute2 - nftables - iptables - pciutils - usbutils - pciutils - virt-manager - cudatoolkit - pkgs.gnomeExtensions.appindicator - ]; - - # Some programs need SUID wrappers, can be configured further or are - # started in user sessions. - # programs.mtr.enable = true; - # programs.gnupg.agent = { - # enable = true; - # enableSSHSupport = true; - # }; - programs.gnupg.agent = { - enable = true; - enableSSHSupport = true; - }; - - #programs.hyprland.enable = true; - - services.openssh.enable = true; - - services.timesyncd.enable = true; - - services.fstrim.enable = true; - - # Open ports in the firewall. - # networking.firewall.allowedTCPPorts = [ ... ]; - # networking.firewall.allowedUDPPorts = [ ... ]; - # Or disable the firewall altogether. - # networking.firewall.enable = false; - - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - #system.stateVersion = "23.11"; - system.stateVersion = "24.05"; - - virtualisation.containers = { - ociSeccompBpfHook.enable = true; - }; - - # # https://nixos.wiki/wiki/Podman - # virtualisation.podman = { - # enable = true; - # dockerCompat = true; - # defaultNetwork.settings.dns_enabled = true; - # autoPrune.enable = true; - # }; - # #virtualisation.oci-containers.backend = "podman"; - # # virtualisation.oci-containers.containers = { - # # container-name = { - # # image = "container-image"; - # # autoStart = true; - # # ports = [ "127.0.0.1:1234:1234" ]; - # # }; - # # }; - - virtualisation.libvirtd.enable = true; - programs.virt-manager.enable = true; - # services.qemuGuest.enable = true; - - # https://wiki.nixos.org/wiki/Laptop -} diff --git a/laptops/t/distributed-builds.nix b/laptops/t/distributed-builds.nix new file mode 100644 index 0000000..7989606 --- /dev/null +++ b/laptops/t/distributed-builds.nix @@ -0,0 +1,19 @@ +# +# latops/t/distributed-builds.nix +# +# https://nix.dev/tutorials/nixos/distributed-builds-setup.html#set-up-distributed-builds +{ pkgs, ... }: +{ + nix.distributedBuilds = true; + nix.settings.builders-use-substitutes = true; + + nix.buildMachines = [ + { + hostName = "hp4.home"; + sshUser = "remotebuild"; + sshKey = "/root/.ssh/remotebuild"; + system = pkgs.stdenv.hostPlatform.system; + supportedFeatures = [ "nixos-test" "big-parallel" "kvm" ]; + } + ]; +} \ No newline at end of file diff --git a/laptops/t/flake.lock b/laptops/t/flake.lock index 7557246..6a828e3 100644 --- a/laptops/t/flake.lock +++ b/laptops/t/flake.lock @@ -20,11 +20,11 @@ ] }, "locked": { - "lastModified": 1744289235, - "narHash": "sha256-ZFkHLdimtFzQACsVVyZkZlfYdj4iNy3PkzXfrwmlse8=", + "lastModified": 1745357003, + "narHash": "sha256-jYwzQkv1r7HN/4qrAuKp+NR4YYNp2xDrOX5O9YVqkWo=", "owner": "hyprwm", "repo": "aquamarine", - "rev": "c8282f4982b56dfa5e9b9f659809da93f8d37e7a", + "rev": "a19cf76ee1a15c1c12083fa372747ce46387289f", "type": "github" }, "original": { @@ -78,11 +78,11 @@ ] }, "locked": { - "lastModified": 1744743431, - "narHash": "sha256-iyn/WBYDc7OtjSawbegINDe/gIkok888kQxk3aVnkgg=", + "lastModified": 1746171682, + "narHash": "sha256-EyXUNSa+H+YvGVuQJP1nZskXAowxKYp79RNUsNdQTj4=", "owner": "nix-community", "repo": "home-manager", - "rev": "c61bfe3ae692f42ce688b5865fac9e0de58e1387", + "rev": "50eee705bbdbac942074a8c120e8194185633675", "type": "github" }, "original": { @@ -108,11 +108,11 @@ ] }, "locked": { - "lastModified": 1742215578, - "narHash": "sha256-zfs71PXVVPEe56WEyNi2TJQPs0wabU4WAlq0XV7GcdE=", + "lastModified": 1745948457, + "narHash": "sha256-lzTV10FJTCGNtMdgW5YAhCAqezeAzKOd/97HbQK8GTU=", "owner": "hyprwm", "repo": "hyprcursor", - "rev": "2fd36421c21aa87e2fe3bee11067540ae612f719", + "rev": "ac903e80b33ba6a88df83d02232483d99f327573", "type": "github" }, "original": { @@ -137,11 +137,11 @@ ] }, "locked": { - "lastModified": 1743953322, - "narHash": "sha256-prQ5JKopXtzCMX2eT3dXbaVvGmzjMRE2bXStQDdazpM=", + "lastModified": 1745015490, + "narHash": "sha256-apEJ9zoSzmslhJ2vOKFcXTMZLUFYzh1ghfB6Rbw3Low=", "owner": "hyprwm", "repo": "hyprgraphics", - "rev": "9d7f2687c84c729afbc3b13f7937655570f2978d", + "rev": "60754910946b4e2dc1377b967b7156cb989c5873", "type": "github" }, "original": { @@ -166,11 +166,11 @@ "xdph": "xdph" }, "locked": { - "lastModified": 1744849150, - "narHash": "sha256-eaKqF4Oc7atN7Y2yTTeAOLN05q+G2YY0597ukgAD2Cs=", + "lastModified": 1746291290, + "narHash": "sha256-96SpKoIyUsRas+h6RhnPcgbduyH2j2YrujWpsuKdK8Q=", "owner": "hyprwm", "repo": "Hyprland", - "rev": "225e13c3cc83308175f0a9aa18cfa31324155034", + "rev": "46ac115bd19ee3aff5c816033de0b1d55a74e33f", "type": "github" }, "original": { @@ -196,11 +196,11 @@ ] }, "locked": { - "lastModified": 1743950622, - "narHash": "sha256-8qjDapcQeDqxQUIm5gA0x6XZtowV/14bOs3K0tCSMoU=", + "lastModified": 1746281365, + "narHash": "sha256-L5oTQib471A0zXhk6ed9y8UE19Sh7+WU3xQg0q3e+FI=", "owner": "hyprwm", "repo": "hyprland-plugins", - "rev": "be6b9875dd5c586fb401d294bb98c31973849651", + "rev": "0ca682bc2c2e10414e7de1fb6606226a45e76380", "type": "github" }, "original": { @@ -289,11 +289,11 @@ ] }, "locked": { - "lastModified": 1739048983, - "narHash": "sha256-REhTcXq4qs3B3cCDtLlYDz0GZvmsBSh947Ub6pQWGTQ=", + "lastModified": 1745951494, + "narHash": "sha256-2dModE32doiyQMmd6EDAQeZnz+5LOs6KXyE0qX76WIg=", "owner": "hyprwm", "repo": "hyprland-qtutils", - "rev": "3504a293c8f8db4127cb0f7cfc1a318ffb4316f8", + "rev": "4be1d324faf8d6e82c2be9f8510d299984dfdd2e", "type": "github" }, "original": { @@ -318,11 +318,11 @@ ] }, "locked": { - "lastModified": 1744468525, - "narHash": "sha256-9HySx+EtsbbKlZDlY+naqqOV679VdxP6x6fP3wxDXJk=", + "lastModified": 1745357019, + "narHash": "sha256-q/C3qj9FWHQenObXuw/nGIT8iIsWFjgmcQYcA+ZfpPs=", "owner": "hyprwm", "repo": "hyprlang", - "rev": "f1000c54d266e6e4e9d646df0774fac5b8a652df", + "rev": "397600c42b8d7a443a5b4e92aa15f46650a90f18", "type": "github" }, "original": { @@ -343,11 +343,11 @@ ] }, "locked": { - "lastModified": 1743950287, - "narHash": "sha256-/6IAEWyb8gC/NKZElxiHChkouiUOrVYNq9YqG0Pzm4Y=", + "lastModified": 1745975815, + "narHash": "sha256-s3GzsRxBL/N/xYgUXZhQh4t62uR1BN4zxXgWBtJ3lWM=", "owner": "hyprwm", "repo": "hyprutils", - "rev": "f2dc70e448b994cef627a157ee340135bd68fbc6", + "rev": "05878d9470c9e5cbc8807813f9ec2006627a0ca0", "type": "github" }, "original": { @@ -383,11 +383,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1744463964, - "narHash": "sha256-LWqduOgLHCFxiTNYi3Uj5Lgz0SR+Xhw3kr/3Xd0GPTM=", + "lastModified": 1746141548, + "narHash": "sha256-IgBWhX7A2oJmZFIrpRuMnw5RAufVnfvOgHWgIdds+hc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2631b0b7abcea6e640ce31cd78ea58910d31e650", + "rev": "f02fddb8acef29a8b32f10a335d44828d7825b78", "type": "github" }, "original": { @@ -399,11 +399,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1744463964, - "narHash": "sha256-LWqduOgLHCFxiTNYi3Uj5Lgz0SR+Xhw3kr/3Xd0GPTM=", + "lastModified": 1746141548, + "narHash": "sha256-IgBWhX7A2oJmZFIrpRuMnw5RAufVnfvOgHWgIdds+hc=", "owner": "nixos", "repo": "nixpkgs", - "rev": "2631b0b7abcea6e640ce31cd78ea58910d31e650", + "rev": "f02fddb8acef29a8b32f10a335d44828d7825b78", "type": "github" }, "original": { @@ -415,11 +415,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1744440957, - "narHash": "sha256-FHlSkNqFmPxPJvy+6fNLaNeWnF1lZSgqVCl/eWaJRc4=", + "lastModified": 1746183838, + "narHash": "sha256-kwaaguGkAqTZ1oK0yXeQ3ayYjs8u/W7eEfrFpFfIDFA=", "owner": "nixos", "repo": "nixpkgs", - "rev": "26d499fc9f1d567283d5d56fcf367edd815dba1d", + "rev": "bf3287dac860542719fe7554e21e686108716879", "type": "github" }, "original": { @@ -504,11 +504,11 @@ ] }, "locked": { - "lastModified": 1744644585, - "narHash": "sha256-p0D/e4J6Sv6GSb+9u8OQcVHSE2gPNYB5ygIfGDyEiXQ=", + "lastModified": 1745871725, + "narHash": "sha256-M24SNc2flblWGXFkGQfqSlEOzAGZnMc9QG3GH4K/KbE=", "owner": "hyprwm", "repo": "xdg-desktop-portal-hyprland", - "rev": "be6771e754345f18244fb00aae5c9e5ab21ccc26", + "rev": "76bbf1a6b1378e4ab5230bad00ad04bc287c969e", "type": "github" }, "original": { diff --git a/laptops/t/flake.nix b/laptops/t/flake.nix index cf2ced4..43d0e08 100644 --- a/laptops/t/flake.nix +++ b/laptops/t/flake.nix @@ -36,7 +36,17 @@ system = "x86_64-linux"; pkgs = import nixpkgs { inherit system; - config = { allowUnfree = true; }; + config = { + allowUnfree = true; + allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ + "nvidia-x11" + "nvidia-settings" + "nvidia-persistenced" + "google-chrome" + "android-studio" + "android-studio-stable" + ]; + }; }; # https://nixos.wiki/wiki/Flakes#Importing_packages_from_multiple_channels # overlay-unstable = final: prev: { @@ -45,23 +55,35 @@ overlay-unstable = final: prev: { unstable = import nixpkgs-unstable { inherit system; - config = { allowUnfree = true; }; + config = { + allowUnfree = true; + # allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ + # "vscode" + # "code-cursor" + # "slack" + # "zoom-us" + # "nvidia-x11" + # ]; + }; }; }; lib = nixpkgs.lib; in { nixosConfigurations = { t = lib.nixosSystem rec { - #system ="x86_64-linux"; inherit system; - specialArgs = { inherit hyprland; }; + specialArgs = { + inherit hyprland; + inherit overlay-unstable; + }; modules = [ ({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay-unstable ]; }) ./configuration.nix hyprland.nixosModules.default home-manager.nixosModules.home-manager { - home-manager.useGlobalPkgs = true; + # https://nix-community.github.io/home-manager/nixos-options.xhtml#nixos-opt-home-manager.useGlobalPkgs + #home-manager.useGlobalPkgs = true; # This disables the Home Manager options nixpkgs.*. home-manager.useUserPackages = true; home-manager.users.das = import ./home.nix; home-manager.extraSpecialArgs = specialArgs; diff --git a/laptops/t/hardware-graphics.nix b/laptops/t/hardware-graphics.nix index 771ea25..674dffd 100644 --- a/laptops/t/hardware-graphics.nix +++ b/laptops/t/hardware-graphics.nix @@ -1,30 +1,35 @@ # # nixos/laptops/t/hardware-graphics.nix # + +# example: https://github.com/colemickens/nixcfg/blob/1915d408ea28a5b7279f94df7a982dbf2cf692ef/mixins/gfx-nvidia.nix + { config, pkgs, lib, ... }: { - # hardware.opengl.enable = true; - # was renamed to: + # Use hardware.graphics for graphics configuration hardware.graphics = { enable = true; - extraPackages = with pkgs; [ - # https://discourse.nixos.org/t/nvidia-open-breaks-hardware-acceleration/58770/2 - nvidia-vaapi-driver - vaapiVdpau - libvdpau - libvdpau-va-gl - vdpauinfo + enable32Bit = true; + extraPackages = with pkgs.unstable; [ + # VA-API support libva libva-utils - # https://wiki.nixos.org/wiki/Intel_Graphics - #vpl-gpu-rt - # added 2025/02/03 not tested vaapiIntel intel-media-driver + + # VDPAU support + vaapiVdpau + libvdpau + libvdpau-va-gl + vdpauinfo + + # OpenGL support + libGLU + libGL ]; }; @@ -33,72 +38,33 @@ # nix-prefetch-url --name displaylink-600.zip https://www.synaptics.com/sites/default/files/exe_files/2024-05/DisplayLink%20USB%20Graphics%20Software%20for%20Ubuntu6.0-EXE.zip #services.xserver.videoDrivers = [ "displaylink" "modesetting" ]; - # https://wiki.nixos.org/w/index.php?title=NVIDIA + # https://wiki.nixos.org/wiki/NVIDIA # https://nixos.wiki/wiki/Nvidia # https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/hardware/video/nvidia.nix # https://github.com/NixOS/nixpkgs/blob/nixos-24.11/nixos/modules/hardware/video/nvidia.nix hardware.nvidia = { - - # This will no longer be necessary when - # https://github.com/NixOS/nixpkgs/pull/326369 hits stable - #modesetting.enable = true; - modesetting.enable = lib.mkDefault true; - + modesetting.enable = true; powerManagement = { enable = true; - #finegrained = true; + finegrained = true; }; - # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus - # Only available from driver 515.43.04+ - # Currently alpha-quality/buggy, so false is currently the recommended setting. - # prioritry drivers don't compile on 6.10.3 - # Set to false for proprietary drivers -> https://download.nvidia.com/XFree86/Linux-x86_64/565.77/README/kernel_open.html - open = true; - + open = false; nvidiaSettings = true; - - #package = config.boot.kernelPackages.nvidiaPackages.stable; - #package = config.boot.kernelPackages.nvidiaPackages.stable; - #package = config.boot.kernelPackages.nvidiaPackages.beta; # <---------- was using this - #package = config.boot.kernelPackages.nvidiaPackages.production; - # https://nixos.wiki/wiki/Nvidia#Determining_the_Correct_Driver_Version - # https://github.com/NixOS/nixpkgs/blob/master/pkgs/by-name/nv/nvidia-modprobe/package.nix - #package = pkgs.linuxPackages.nvidia_x11; - package = pkgs.unstable.linuxPackages.nvidia_x11; + package = pkgs.unstable.linuxPackages.nvidiaPackages.production; + + prime = { + offload.enable = true; + # Intel GPU + intelBusId = "PCI:0:2:0"; + # NVIDIA is your secondary GPU + nvidiaBusId = "PCI:1:0:0"; + }; }; - # https://theo.is-a.dev/blog/post/hyprland-adventure/ - #[das@t:~]$ lshw -c video | grep config - #WARNING: you should run this program as super-user. - # configuration: depth=32 driver=nouveau latency=0 resolution=3840,2160 - # configuration: depth=32 driver=i915 latency=0 resolution=3840,2160 - # - #[das@t:~]$ lspci -nnk | egrep -i --color 'vga|3d|2d' -A3 | grep 'in use' - #Kernel driver in use: i915 - #Kernel driver in use: nouveau - # - #[das@t:~]$ lspci -nnk | grep -i vga -A2 - #00:02.0 VGA compatible controller [0300]: Intel Corporation CometLake-H GT2 [UHD Graphics] [8086:9bc4] (rev 05) - #Subsystem: Lenovo Device [17aa:22c0] - #Kernel driver in use: i915 - #-- - #01:00.0 VGA compatible controller [0300]: NVIDIA Corporation TU117GLM [Quadro T2000 Mobile / Max-Q] [10de:1fb8] (rev a1) - #Subsystem: Lenovo Device [17aa:22c0] - #Kernel driver in use: nouveau - # - # hwinfo --gfxcard - services.xserver = { enable = true; - - videoDrivers = [ "nvidia" "modesetting" ]; # modesetting ~= intel - # intel does NOT exist - # videoDrivers = [ "nvidia" "intel" ]; - # https://github.com/NixOS/nixpkgs/blob/nixos-24.11/nixos/modules/hardware/video/displaylink.nix - #videoDrivers = [ "nvidia" "displaylink" ]; - - # Display Managers are responsible for handling user login + videoDrivers = [ "modesetting" "nvidia" ]; displayManager = { gdm.enable = true; }; @@ -119,28 +85,45 @@ # https://discourse.nixos.org/t/nvidia-open-breaks-hardware-acceleration/58770/12?u=randomizedcoder # https://gist.github.com/chrisheib/162c8cad466638f568f0fb7e5a6f4f6b#file-config-nix-L193 environment.variables = { - MOZ_DISABLE_RDD_SANDBOX = "1"; - LIBVA_DRIVER_NAME = "nvidia"; + # VA-API configuration + LIBVA_DRIVER_NAME = "iHD"; + LIBVA_DRIVER_FALLBACK = "nvidia"; + + # NVIDIA configuration GBM_BACKEND = "nvidia-drm"; __GLX_VENDOR_LIBRARY_NAME = "nvidia"; NVD_BACKEND = "direct"; + + # Wayland configuration EGL_PLATFORM = "wayland"; - # prevents cursor disappear when using Nvidia drivers WLR_NO_HARDWARE_CURSORS = "1"; - MOZ_ENABLE_WAYLAND = "1"; XDG_SESSION_TYPE = "wayland"; NIXOS_OZONE_WL = "1"; - CUDA_PATH = "${pkgs.linuxPackages.nvidia_x11}/lib"; - # export LD_LIBRARY_PATH=${pkgs.linuxPackages.nvidia_x11}/lib - EXTRA_LDFLAGS = "-L/lib -L${pkgs.linuxPackages.nvidia_x11}/lib"; + # NVIDIA library paths + CUDA_PATH = "${config.hardware.nvidia.package}/lib"; + EXTRA_LDFLAGS = "-L/lib -L${config.hardware.nvidia.package}/lib"; EXTRA_CCFLAGS = "-I/usr/include"; - LD_LIBRARY_PATH = "$\{LD_LIBRARY_PATH\}:/run/opengl-driver/lib:${pkgs.linuxPackages.nvidia_x11}/lib"; + LD_LIBRARY_PATH = "/run/opengl-driver/lib:${config.hardware.nvidia.package}/lib"; - # flameshot + # Qt applications QT_QPA_PLATFORM = "wayland"; }; + + # Session variables for Electron apps + environment.sessionVariables = { + NIXOS_OZONE_WL = "1"; + MOZ_ENABLE_WAYLAND = "1"; + ELECTRON_OZONE_PLATFORM_HINT = "wayland"; + ELECTRON_EXTRA_LAUNCH_ARGS = "--enable-features=VaapiVideoDecoder,VaapiVideoEncoder,UseOzonePlatform --ozone-platform=wayland"; + }; + + # Browser configuration + nixpkgs.config.chromium.commandLineArgs = "--enable-features=VaapiVideoDecoder,VaapiVideoEncoder,UseOzonePlatform --ozone-platform=wayland"; + nixpkgs.config.firefox.commandLineArgs = "--enable-features=VaapiVideoDecoder,VaapiVideoEncoder,UseOzonePlatform --ozone-platform=wayland"; + + nixpkgs.config.allowAliases = false; } # i tried prime, but it didn't seem to work diff --git a/laptops/t/home.nix b/laptops/t/home.nix index 8ea29d6..275ba73 100644 --- a/laptops/t/home.nix +++ b/laptops/t/home.nix @@ -2,6 +2,7 @@ hyprland, config, pkgs, + overlay-unstable, ... }: #{ config, pkgs, ... }: @@ -26,54 +27,74 @@ # https://nix-community.github.io/home-manager/options.xhtml#opt-home.sessionVariables home.sessionVariables = { - QT_QPA_PLATFORM = "wayland"; - GI_TYPELIB_PATH = "/run/current-system/sw/lib/girepository-1.0"; - # disable wayland - NIXOS_OZONE_WL = "1"; - GOPRIVATE = "gitlab.com/sidenio/*"; - TERM = "xterm-256color"; + NIXPKGS_ALLOW_UNFREE = "1"; + + QT_QPA_PLATFORM = "wayland"; + GI_TYPELIB_PATH = "/run/current-system/sw/lib/girepository-1.0"; + # disable wayland + NIXOS_OZONE_WL = "1"; + GOPRIVATE = "gitlab.com/sidenio/*"; + TERM = "xterm-256color"; + + #HTTP_PROXY = "http://hp4.home:3128"; + #HTTPS_PROXY = "http://hp4.home:3128"; + #NO_PROXY = "localhost,127.0.0.1,::1,172.16.0.0/16"; + # You can also use ALL_PROXY or FTP_PROXY if needed + # ALL_PROXY = "http://hp4:3128"; }; home.packages = with pkgs; [ - # + # System/Info Tools killall hw-probe - # + lshw + hwloc gparted - # ncdu - # - hw-probe - lshw - # + neofetch + file + + # Terminal Multiplexers tmux screen - # + + # LLVM/Clang toolchain (needed for race detection and C/C++ builds) + llvmPackages_19.libcxxClang + llvmPackages_19.lld + llvmPackages_19.libcxx.dev + + # Essential development libraries (minimal headers) + glibc.dev + stdenv.cc.cc.lib + zlib.dev + openssl.dev + ncurses.dev + libyaml.dev + + # Build Tools libgcc # https://nixos.wiki/wiki/C # https://search.nixos.org/packages?channel=24.05&show=gcc&from=0&size=50&sort=relevance&type=packages&query=gcc - gcc + #gcc automake gnumake #cmake pkg-config - # - # - # alsa-lib - # alsa-lib-with-plugins - # + # Scripting/Utils perl #3.12.8 on 12th of Feb 2025 python3Full - # gawk jq git htop btop minicom - # + + bc + + # Compression bzip2 gzip lz4 @@ -81,16 +102,20 @@ unzip xz zstd - # + + gnutar + + # File Transfer/Management rsync tree - file - # + + # Terminals alacritty kitty #https://ghostty.org/ ghostty - # + + # Networking ethtool iproute2 vlan @@ -101,34 +126,33 @@ flent bpftools fping - inetutils - # - hwloc - bpftools - # + inetutils # Includes telnet + netcat-gnu + + # Filesystem/Monitoring inotify-tools - # - # HP Printers + + # Printing hplip #hplipWithPlugin - # + + # SDR gnuradio hackrf gqrx cubicsdr - # - neofetch - # + + # Media vlc # ffmpeg moved to system package #ffmpeg_7-full #ffmpeg-full - # go + + # Go Development # https://nixos.wiki/wiki/Go # https://nixos.org/manual/nixpkgs/stable/#sec-language-go # https://nixos.wiki/wiki/FAQ#How_can_I_install_a_package_from_unstable_while_remaining_on_the_stable_channel.3F libcap - gcc #gcc_multi #glibc_multi # thunderbird @@ -154,32 +178,50 @@ #buf-language-server # https://tinygo.org/ #tinygo - # - graphviz - # + + # removing bazel and moving to the "nix develop" shell + # # https://github.com/bazelbuild/bazel/tags + # # https://github.com/NixOS/nixpkgs/blob/nixos-unstable/pkgs/development/tools/build-managers/bazel/bazel_7/default.nix#L524 + #unstable.bazel_7 + unstable.bazel-buildtools + unstable.bazelisk + + unstable.code-cursor + + # # https://github.com/bazel-contrib/bazel-gazelle/tags + # # https://github.com/NixOS/nixpkgs/blob/nixos-unstable/pkgs/by-name/ba/bazel-gazelle/package.nix#L26 + # unstable.bazel-gazelle + # unstable.bazel-buildtools + # unstable.bazelisk + # # https://github.com/buchgr/bazel-remote - maybe something to look at? + # # https://github.com/buildfarm/buildfarm?tab=readme-ov-file#helm-chart + + # Debugging/Profiling + graphviz # for pprof + strace + + # Diffing meld - # - # https://nixos.wiki/wiki/Helix + + # Editors helix - # rust + + # Rust Development # https://nixos.wiki/wiki/Rust - #pkgs.cargo - #pkgs.rustc cargo rustc rustfmt rust-analyzer clippy #clang_multi - # + + # Mobile Development flutter android-studio android-tools android-udev-rules - # - # debug - strace - # Gnome related / extensions + + # Gnome Related / Extensions # gnomeExtensions.emoji-copy # unstable.gnomeExtensions.workspace-switcher-manager gnome-extension-manager @@ -207,13 +249,15 @@ # https://github.com/AstraExt/astra-monitor gnomeExtensions.astra-monitor libgtop - # + + # Office/Documents libreoffice-qt hunspell hunspellDicts.en_AU #hunspellDicts.en_US - # evince + + # Browsers # https://nixos.wiki/wiki/Firefox firefox # https://nixos.wiki/wiki/Chromium @@ -226,25 +270,29 @@ "--ozone-platform=wayland" ]; }) + + # Communication # https://nixos.wiki/wiki/Slack - slack - # - zoom-us - # + unstable.slack + unstable.zoom-us + + # Screenshots/Screen Recording # https://wiki.nixos.org/wiki/Flameshot (flameshot.override { enableWlrSupport = true; }) grim # screenshot functionality slurp # screenshot functionality - # - gimp-with-plugins - # simplescreenrecorder # https://wiki.nixos.org/wiki/Gpu-screen-recorder gpu-screen-recorder # CLI gpu-screen-recorder-gtk # GUI - # + + # Graphics + gimp-with-plugins + + # Text Editors gedit - # + + # Containers # https://nixos.wiki/wiki/Podman dive podman @@ -253,10 +301,8 @@ podman-tui podman-compose docker-buildx - # - rofi-wayland - wofi - # + + # Kubernetes #clickhouse #clickhouse-cli # https://github.com/int128/kubelogin @@ -274,18 +320,20 @@ kdash # k9s --kubeconfig=dev-d.kubeconfig k9s - # + + # Misc # https://github.com/jrincayc/ucblogo-code ucblogo # https://github.com/wagoodman/dive - dive + # dive # Duplicate removed # https://github.com/sharkdp/hyperfine hyperfine - # app launchers + + # App Launchers rofi-wayland wofi - # - # raspberry pi + + # Raspberry Pi rpi-imager ]; @@ -296,9 +344,11 @@ # https://mynixos.com/home-manager/options/programs.vscode programs.vscode = { enable = true; - package = pkgs.vscode; - extensions = with pkgs.vscode-extensions; [ - bbenoist.nix + # package = pkgs.vscode; + # extensions = with pkgs.vscode-extensions; [ + package = pkgs.unstable.vscode; + extensions = with pkgs.unstable.vscode-extensions; [ + #bbenoist.nix dart-code.dart-code dart-code.flutter golang.go @@ -332,12 +382,14 @@ zxh404.vscode-proto3 yzhang.markdown-all-in-one #platformio.platformio-ide - github.copilot + #github.copilot # nix #brettm12345.nixfmt.vscode jnoortheen.nix-ide #jeff-hykin.better-nix-syntax rust-lang.rust-analyzer + #bazel + bazelbuild.vscode-bazel ]; }; @@ -453,6 +505,28 @@ # inputs.hyprland-plugins.packages.${pkgs.system}.hyprbars # # ... #]; + extraConfig = '' + # Monitor configuration (Example - replace with yours) + monitor=,preferred,auto,1 + + # Execute-once startup commands (Example) + exec-once = waybar & + exec-once = nm-applet --indicator + + # Keybindings (Example) + bind = SUPER, Q, killactive, + bind = SUPER, RETURN, exec, ${pkgs.alacritty}/bin/alacritty + + # Include other settings... + # input { ... } + # general { ... } + # decoration { ... } + # animations { ... } + # etc... + + # Source other files if needed (less common with inline config) + # source = ~/.config/hypr/myColors.conf + ''; }; # # Optional @@ -503,6 +577,7 @@ } ''; }; + # https://mynixos.com/home-manager/options/programs.ghostty home.file.".config/ghostty/ghostty.toml" = { target = ".config/ghostty/ghostty.toml"; text = '' @@ -517,9 +592,13 @@ sidebar_position = "right" ''; }; + # https://github.com/colemickens/nixcfg/blob/1915d408ea28a5b7279f94df7a982dbf2cf692ef/mixins/ghostty.nix#L19 + # set at flake.nix level nixpkgs.config.allowUnfree = true; + nixpkgs.overlays = [ overlay-unstable ]; + #home.stateVersion = "23.11"; home.stateVersion = "24.11"; } diff --git a/laptops/t/hosts.nix b/laptops/t/hosts.nix index 3af6575..b60a4f0 100644 --- a/laptops/t/hosts.nix +++ b/laptops/t/hosts.nix @@ -12,6 +12,5 @@ "172.16.40.70" = ["hp5" "hp5eth"]; "172.16.40.122" = ["pi5-1" "pi5-1-eth"]; "172.16.40.62" = ["chromebox3" "chromebox3-eth"]; - "127.0.0.1" = ["redpanda-0"]; }; } \ No newline at end of file diff --git a/laptops/t/root_ssh_config b/laptops/t/root_ssh_config new file mode 100644 index 0000000..6bea619 --- /dev/null +++ b/laptops/t/root_ssh_config @@ -0,0 +1,21 @@ +host hp4 hp4.home + user remotebuild + IdentityFile ~/.ssh/remotebuild + ServerAliveInterval 10 + Protocol 2 + #UseRoaming no + ForwardAgent yes + # Modern Key Exchange Algorithms (Kex) - Prioritizes Post-Quantum (if available) and Curve25519 + KexAlgorithms sntrup761x25519-sha512@openssh.com,curve25519-sha256@libssh.org,curve25519-sha256,diffie-hellman-group-exchange-sha256 + # Modern Ciphers - Prioritizes ChaCha20 and AES-GCM (Authenticated Encryption) + Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com + # Modern MACs - Prioritizes Encrypt-then-MAC (EtM) modes + MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com + # temp hmac-md5 + #MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-md5 + ControlMaster auto + ControlPath ~/.ssh/master-%r@%h:%p + ControlPersist 10m + Compression yes + Connecttimeout 10 + HashKnownHosts no \ No newline at end of file diff --git a/laptops/t/sysctl.nix b/laptops/t/sysctl.nix index b6fa4a8..de472c7 100644 --- a/laptops/t/sysctl.nix +++ b/laptops/t/sysctl.nix @@ -2,6 +2,7 @@ { # https://www.kernel.org/doc/html/latest/networking/ip-sysctl.html + # https://www.l4sgear.com/ boot.kernel.sysctl = { # detect dead connections more quickly "net.ipv4.tcp_keepalive_intvl" = 30; @@ -39,5 +40,16 @@ #net.core.wmem_max = 212992 "net.ipv4.ip_local_port_range" = "1025 65535"; #net.ipv4.ip_local_port_range ="32768 60999" + # + #net.ipv4.inet_peer_maxttl = 600 + #net.ipv4.inet_peer_minttl = 120 + #net.ipv4.ip_default_ttl = 64 + # we DO want to save the slow start in the route cache + "net.ipv4.tcp_no_ssthresh_metrics_save" = 0; + #net.ipv4.tcp_no_ssthresh_metrics_save = 1 + "net.ipv4.tcp_reflect_tos" = 1; + #net.ipv4.tcp_reflect_tos = 0 + "net.ipv4.tcp_rto_min_us" = 50000; #50ms + #net.ipv4.tcp_rto_min_us = 200000 #200ms }; } \ No newline at end of file diff --git a/laptops/t/systemPackages.nix b/laptops/t/systemPackages.nix index 4378681..34e8f82 100644 --- a/laptops/t/systemPackages.nix +++ b/laptops/t/systemPackages.nix @@ -4,12 +4,12 @@ ... }: { + # set at flake.nix level nixpkgs.config.allowUnfree = true; # $ nix search wget environment.systemPackages = with pkgs; [ - # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. - # wget + # Basic system tools psmisc vim curl @@ -20,45 +20,23 @@ iptables pciutils usbutils - pciutils - virt-manager - pkgs.gnomeExtensions.appindicator iw wirelesstools wpa_supplicant - #wpa_supplicant_ro_ssids lldpd #snmp seems to be needed by lldpd net-snmp - unstable.neofetch - - # https://wiki.nixos.org/wiki/Flameshot - #(flameshot.override { enableWlrSupport = true; }) + neofetch + #libxml2 # Added for bazel/clang development - # hyprland - unstable.hyprland - swww # for wallpapers - xdg-desktop-portal-gtk - xdg-desktop-portal-hyprland + # Wayland support xwayland meson wayland-protocols wayland-utils wl-clipboard - wlroots - # - #nvidia - unstable.vdpauinfo # sudo vainfo - unstable.libva-utils # sudo vainfo - # https://discourse.nixos.org/t/nvidia-open-breaks-hardware-acceleration/58770/2 - # - unstable.ffmpeg-full - # - # https://nixos.wiki/wiki/CUDA - unstable.cudatoolkit - unstable.linuxPackages.nvidia_x11 - unstable.libGLU - unstable.libGL + # https://wiki.nixos.org/wiki/Flameshot + #(flameshot.override { enableWlrSupport = true; }) ]; } \ No newline at end of file diff --git a/laptops/t14/hosts.nix b/laptops/t14/hosts.nix index 3af6575..b60a4f0 100644 --- a/laptops/t14/hosts.nix +++ b/laptops/t14/hosts.nix @@ -12,6 +12,5 @@ "172.16.40.70" = ["hp5" "hp5eth"]; "172.16.40.122" = ["pi5-1" "pi5-1-eth"]; "172.16.40.62" = ["chromebox3" "chromebox3-eth"]; - "127.0.0.1" = ["redpanda-0"]; }; } \ No newline at end of file diff --git a/laptops/t14/x.nix b/laptops/t14/x.nix deleted file mode 100644 index 7fe7a23..0000000 --- a/laptops/t14/x.nix +++ /dev/null @@ -1,163 +0,0 @@ -# -# nixos/laptops/t/hardware-graphics.nix -# -{ config, - pkgs, - lib, - ... -}: -{ - # hardware.opengl.enable = true; - # was renamed to: - hardware.graphics = { - enable = true; - extraPackages = with pkgs; [ - # https://discourse.nixos.org/t/nvidia-open-breaks-hardware-acceleration/58770/2 - nvidia-vaapi-driver - vaapiVdpau - libvdpau - libvdpau-va-gl - vdpauinfo - libva - libva-utils - # https://wiki.nixos.org/wiki/Intel_Graphics - #vpl-gpu-rt - # added 2025/02/03 not tested - vaapiIntel - intel-media-driver - ]; - }; - - # TODO try displaylink - # https://nixos.wiki/wiki/Displaylink - # nix-prefetch-url --name displaylink-600.zip https://www.synaptics.com/sites/default/files/exe_files/2024-05/DisplayLink%20USB%20Graphics%20Software%20for%20Ubuntu6.0-EXE.zip - #services.xserver.videoDrivers = [ "displaylink" "modesetting" ]; - - # https://wiki.nixos.org/w/index.php?title=NVIDIA - # https://nixos.wiki/wiki/Nvidia - # https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/hardware/video/nvidia.nix - # https://github.com/NixOS/nixpkgs/blob/nixos-24.11/nixos/modules/hardware/video/nvidia.nix - hardware.nvidia = { - - # This will no longer be necessary when - # https://github.com/NixOS/nixpkgs/pull/326369 hits stable - #modesetting.enable = true; - modesetting.enable = lib.mkDefault true; - - powerManagement = { - enable = true; - #finegrained = true; - }; - - # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus - # Only available from driver 515.43.04+ - # Currently alpha-quality/buggy, so false is currently the recommended setting. - # prioritry drivers don't compile on 6.10.3 - # Set to false for proprietary drivers -> https://download.nvidia.com/XFree86/Linux-x86_64/565.77/README/kernel_open.html - open = true; - - nvidiaSettings = true; - - #package = config.boot.kernelPackages.nvidiaPackages.stable; - #package = config.boot.kernelPackages.nvidiaPackages.stable; - #package = config.boot.kernelPackages.nvidiaPackages.beta; # <---------- was using this - #package = config.boot.kernelPackages.nvidiaPackages.production; - # https://nixos.wiki/wiki/Nvidia#Determining_the_Correct_Driver_Version - # https://github.com/NixOS/nixpkgs/blob/master/pkgs/by-name/nv/nvidia-modprobe/package.nix - #package = pkgs.linuxPackages.nvidia_x11; - package = pkgs.unstable.linuxPackages.nvidia_x11; - }; - - # https://theo.is-a.dev/blog/post/hyprland-adventure/ - #[das@t:~]$ lshw -c video | grep config - #WARNING: you should run this program as super-user. - # configuration: depth=32 driver=nouveau latency=0 resolution=3840,2160 - # configuration: depth=32 driver=i915 latency=0 resolution=3840,2160 - # - #[das@t:~]$ lspci -nnk | egrep -i --color 'vga|3d|2d' -A3 | grep 'in use' - #Kernel driver in use: i915 - #Kernel driver in use: nouveau - # - #[das@t:~]$ lspci -nnk | grep -i vga -A2 - #00:02.0 VGA compatible controller [0300]: Intel Corporation CometLake-H GT2 [UHD Graphics] [8086:9bc4] (rev 05) - #Subsystem: Lenovo Device [17aa:22c0] - #Kernel driver in use: i915 - #-- - #01:00.0 VGA compatible controller [0300]: NVIDIA Corporation TU117GLM [Quadro T2000 Mobile / Max-Q] [10de:1fb8] (rev a1) - #Subsystem: Lenovo Device [17aa:22c0] - #Kernel driver in use: nouveau - # - # hwinfo --gfxcard - - services.xserver = { - enable = true; - - #videoDrivers = [ "nvidia" "modesetting" ]; # modesetting ~= intel - # intel does NOT exist - # videoDrivers = [ "nvidia" "intel" ]; - # https://github.com/NixOS/nixpkgs/blob/nixos-24.11/nixos/modules/hardware/video/displaylink.nix - #videoDrivers = [ "nvidia" "displaylink" ]; - - # Display Managers are responsible for handling user login - displayManager = { - gdm.enable = true; - }; - - # Enable the GNOME Desktop Environment - desktopManager = { - gnome.enable = true; - plasma5.enable = false; - xterm.enable = false; - }; - # https://discourse.nixos.org/t/help-with-setting-up-a-different-desktop-environment-window-manager/15025/6 - - # Configure keymap in X11 - xkb.layout = "us"; - xkb.variant = ""; - }; - - # https://discourse.nixos.org/t/nvidia-open-breaks-hardware-acceleration/58770/12?u=randomizedcoder - # https://gist.github.com/chrisheib/162c8cad466638f568f0fb7e5a6f4f6b#file-config-nix-L193 - environment.variables = { - # MOZ_DISABLE_RDD_SANDBOX = "1"; - # LIBVA_DRIVER_NAME = "nvidia"; - # GBM_BACKEND = "nvidia-drm"; - # __GLX_VENDOR_LIBRARY_NAME = "nvidia"; - #NVD_BACKEND = "direct"; - EGL_PLATFORM = "wayland"; - # prevents cursor disappear when using Nvidia drivers - WLR_NO_HARDWARE_CURSORS = "1"; - - MOZ_ENABLE_WAYLAND = "1"; - XDG_SESSION_TYPE = "wayland"; - NIXOS_OZONE_WL = "1"; - - # CUDA_PATH = "${pkgs.linuxPackages.nvidia_x11}/lib"; - # # export LD_LIBRARY_PATH=${pkgs.linuxPackages.nvidia_x11}/lib - # EXTRA_LDFLAGS = "-L/lib -L${pkgs.linuxPackages.nvidia_x11}/lib"; - # EXTRA_CCFLAGS = "-I/usr/include"; - # LD_LIBRARY_PATH = "$\{LD_LIBRARY_PATH\}:/run/opengl-driver/lib:${pkgs.linuxPackages.nvidia_x11}/lib"; - - # flameshot - QT_QPA_PLATFORM = "wayland"; - }; -} - - # i tried prime, but it didn't seem to work - # prime = { - # # ([[:print:]]+[:@][0-9]{1,3}:[0-9]{1,2}:[0-9])?' - # # 00:02.0 VGA compatible controller: Intel Corporation CometLake-H GT2 [UHD Graphics] (rev 05) - # intelBusId = "PCI:0:2:0"; - # # 01:00.0 VGA compatible controller: NVIDIA Corporation TU117GLM [Quadro T2000 Mobile / Max-Q] (rev a1) - # nvidiaBusId = "PCI:1:0:0"; - # sync.enable = true; - # #offload = { - # # enable = true; - # # #sync.enable = true; - # # enableOffloadCmd = true; - # #}; - # }; - -# [LOG] GPU information: -# 00:02.0 VGA compatible controller [0300]: Intel Corporation CometLake-H GT2 [UHD Graphics] [8086:9bc4] (rev 05) (prog-if 00 [VGA controller]) -# 01:00.0 VGA compatible controller [0300]: NVIDIA Corporation TU117GLM [Quadro T2000 Mobile / Max-Q] [10de:1fb8] (rev a1) (prog-if 00 [VGA controller]) \ No newline at end of file