From 8fbeffb9fbcc3b8e9028d78af3ac00bb5985146e Mon Sep 17 00:00:00 2001 From: "randomizedcoder dave.seddon.ca@gmail.com" Date: Tue, 22 Apr 2025 14:01:39 -0700 Subject: [PATCH 01/25] working --- hp/hp1/Makefile | 5 +- hp/hp1/configuration.nix | 44 ++++- hp/hp1/flake.lock | 12 +- hp/hp1/flake.nix | 9 + hp/hp1/home.nix | 51 ++++++ hp/hp1/test_distributed_build.md | 5 + hp/hp4/Makefile | 41 ++++- hp/hp4/athens.nix | 20 +++ hp/hp4/authorizedKeys | 2 + hp/hp4/cache-pub-key.pem | 1 + hp/hp4/configuration.nix | 167 +++++++++++++++--- hp/hp4/docker-daemon.nix | 27 +++ hp/hp4/firewall.nix | 44 +++++ hp/hp4/flake.lock | 66 +++++++ hp/hp4/flake.nix | 59 +++++++ hp/hp4/grafana.nix | 24 +++ hp/hp4/home-manager.nix | 176 ------------------- hp/hp4/home.nix | 144 +++++++++++++++ hp/hp4/hosts.nix | 1 + hp/hp4/il8n.nix | 18 ++ hp/hp4/nginx.conf | 34 ---- hp/hp4/nginx.nix | 151 ++++++++++++++++ hp/hp4/nixos_logo.nix | 10 ++ hp/hp4/nodeExporter.nix | 14 ++ hp/hp4/prometheus.nix | 20 +++ hp/hp4/remote-builder.nix | 19 ++ hp/hp4/sysctl.nix | 43 +++++ hp/hp4/systemPackages.nix | 37 ++++ hp/hp4/systemd.services.ethtool-enp1s0f0.nix | 14 ++ hp/hp4/systemd.services.ethtool-enp1s0f1.nix | 14 ++ hp/hp4/trafficserver.nix | 70 ++++---- laptops/t/Makefile | 6 + laptops/t/configuration.nix | 1 + laptops/t/distributed-builds.nix | 19 ++ laptops/t/flake.lock | 30 ++-- laptops/t/hardware-graphics.nix | 3 + laptops/t/home.nix | 169 +++++++++++------- 37 files changed, 1199 insertions(+), 371 deletions(-) create mode 100644 hp/hp1/test_distributed_build.md create mode 100644 hp/hp4/athens.nix create mode 100644 hp/hp4/authorizedKeys create mode 100644 hp/hp4/cache-pub-key.pem create mode 100644 hp/hp4/docker-daemon.nix create mode 100644 hp/hp4/firewall.nix create mode 100644 hp/hp4/flake.lock create mode 100644 hp/hp4/flake.nix create mode 100644 hp/hp4/grafana.nix delete mode 100644 hp/hp4/home-manager.nix create mode 100644 hp/hp4/home.nix create mode 100644 hp/hp4/il8n.nix delete mode 100644 hp/hp4/nginx.conf create mode 100644 hp/hp4/nginx.nix create mode 100644 hp/hp4/nixos_logo.nix create mode 100644 hp/hp4/nodeExporter.nix create mode 100644 hp/hp4/prometheus.nix create mode 100644 hp/hp4/remote-builder.nix create mode 100644 hp/hp4/sysctl.nix create mode 100644 hp/hp4/systemPackages.nix create mode 100644 hp/hp4/systemd.services.ethtool-enp1s0f0.nix create mode 100644 hp/hp4/systemd.services.ethtool-enp1s0f1.nix create mode 100644 laptops/t/distributed-builds.nix diff --git a/hp/hp1/Makefile b/hp/hp1/Makefile index ed8a6dc..977cc7c 100644 --- a/hp/hp1/Makefile +++ b/hp/hp1/Makefile @@ -30,8 +30,11 @@ rebuild_trace: update: sudo nix flake update; +update_flake: + sudo nix --extra-experimental-features nix-command --extra-experimental-features flakes flake update + sync: - rsync -av /home/das/nixos/hp/hp1/ hp1:/home/das/nixos/hp/hp1/ + rsync -av /home/das/nixos/hp/"${EXPECTED_HOSTNAME}"/ "${EXPECTED_HOSTNAME}":/home/das/nixos/hp/"${EXPECTED_HOSTNAME}"/ #rsync -av /home/das/nixos/modules/ hp1:/home/das/nixos/modules/ # https://nixos.wiki/wiki/Kubernetes#reset_to_a_clean_state diff --git a/hp/hp1/configuration.nix b/hp/hp1/configuration.nix index 629c57c..4fe5180 100644 --- a/hp/hp1/configuration.nix +++ b/hp/hp1/configuration.nix @@ -1,3 +1,6 @@ +# +# hp/hp1/configuration.nix +# { config, pkgs, ... }: # https://nixos.wiki/wiki/FAQ#How_can_I_install_a_package_from_unstable_while_remaining_on_the_stable_channel.3F @@ -60,17 +63,28 @@ }; nix = { + settings = { + auto-optimise-store = true; + experimental-features = [ "nix-command" "flakes" ]; + download-buffer-size = "100000000"; + builders-use-substitutes = true; + }; + # https://nix.dev/tutorials/nixos/distributed-builds-setup.html#set-up-distributed-builds + distributedBuilds = true; + buildMachines = [{ + hostName = "hp4"; + sshUser = "remotebuild"; + #sshKey = "/root/.ssh/remotebuild"; + sshKey = "/home/das/.ssh/remotebuild"; + system = pkgs.stdenv.hostPlatform.system; + supportedFeatures = [ "nixos-test" "big-parallel" "kvm" ]; + }]; gc = { automatic = true; # Enable automatic execution of the task dates = "weekly"; # Schedule the task to run weekly options = "--delete-older-than 10d"; # Specify options for the task: delete files older than 10 days randomizedDelaySec = "14m"; # Introduce a randomized delay of up to 14 minutes before executing the task }; - settings = { - auto-optimise-store = true; - experimental-features = [ "nix-command" "flakes" ]; - download-buffer-size = "100000000"; - }; }; # find /run/opengl-driver -name "libamfrt64.so.1" @@ -102,9 +116,6 @@ # Set your time zone. time.timeZone = "America/Los_Angeles"; - # Enable touchpad support (enabled default in most desktopManager). - # services.xserver.libinput.enable = true; - environment.sessionVariables = { TERM = "xterm-256color"; #MY_VARIABLE = "my-value"; @@ -121,9 +132,24 @@ # https://nixos.wiki/wiki/SSH_public_key_authentication openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGMCFUMSCFJX95eLfm7P9r72NBp9I1FiXwNwJ+x/HGPV das@t" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOP3x3r8OZ5ya1GNLqmKOsKDX7oAR+BG9u4EozXvydtC das@hp0" ]; }; + # # https://github.com/colemickens/nixcfg/blob/1915d408ea28a5b7279f94df7a982dbf2cf692ef/mixins/ssh.nix#L13C1-L28C7 + # system.activationScripts.root_ssh_config = { + # text = '' + # ( + # # symlink root ssh config to ours so daemon can use our agent/keys/etc... + # mkdir -p /root/.ssh + # ln -sf /home/das/.ssh/config /root/.ssh/config + # ln -sf /home/das/.ssh/known_hosts /root/.ssh/known_hosts + # ln -sf /home/das/.ssh/known_hosts /root/.ssh/known_hosts + # ) + # ''; + # deps = [ ]; + # }; + # Some programs need SUID wrappers, can be configured further or are # started in user sessions. # programs.mtr.enable = true; @@ -136,6 +162,8 @@ enableSSHSupport = true; }; + + # https://nixos.wiki/wiki/SSH services.openssh.enable = true; services.timesyncd.enable = true; diff --git a/hp/hp1/flake.lock b/hp/hp1/flake.lock index 41141bb..0e1e1f0 100644 --- a/hp/hp1/flake.lock +++ b/hp/hp1/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1736373539, - "narHash": "sha256-dinzAqCjenWDxuy+MqUQq0I4zUSfaCvN9rzuCmgMZJY=", + "lastModified": 1744743431, + "narHash": "sha256-iyn/WBYDc7OtjSawbegINDe/gIkok888kQxk3aVnkgg=", "owner": "nix-community", "repo": "home-manager", - "rev": "bd65bc3cde04c16755955630b344bc9e35272c56", + "rev": "c61bfe3ae692f42ce688b5865fac9e0de58e1387", "type": "github" }, "original": { @@ -23,11 +23,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1736549401, - "narHash": "sha256-ibkQrMHxF/7TqAYcQE+tOnIsSEzXmMegzyBWza6uHKM=", + "lastModified": 1744440957, + "narHash": "sha256-FHlSkNqFmPxPJvy+6fNLaNeWnF1lZSgqVCl/eWaJRc4=", "owner": "nixos", "repo": "nixpkgs", - "rev": "1dab772dd4a68a7bba5d9460685547ff8e17d899", + "rev": "26d499fc9f1d567283d5d56fcf367edd815dba1d", "type": "github" }, "original": { diff --git a/hp/hp1/flake.nix b/hp/hp1/flake.nix index 4ff9a24..bee279a 100644 --- a/hp/hp1/flake.nix +++ b/hp/hp1/flake.nix @@ -16,6 +16,15 @@ }; }; + nixConfig = { + extra-substituters = [ + "http://hp4:5000" + ]; + extra-trusted-public-keys = [ + "hp4:YkYI70Fsy07fHWdh++V82b5Lgz03J9oE3KcIiFaJg8w=" + ]; + }; + outputs = inputs@{ nixpkgs, home-manager, ... }: let system = "x86_64-linux"; diff --git a/hp/hp1/home.nix b/hp/hp1/home.nix index 04795b4..9402a9a 100644 --- a/hp/hp1/home.nix +++ b/hp/hp1/home.nix @@ -136,6 +136,57 @@ #signing.signByDefault = true; }; + # https://github.com/nix-community/home-manager/blob/master/modules/programs/ssh.nix + # https://mynixos.com/home-manager/options/programs.ssh + # programs.ssh = { + # enable = true; + # # controlPath = "~/.ssh/control/master-%r@%h:%p"; + # # controlPersist = "10m"; + # # compression = true; + # # serverAliveInterval = 5; + # extraConfig = '' + # Host hp4 + # User remotebuild + # IdentityFile ~/.ssh/remotebuild + # Host * + # User das + # KeepAlive yes + # ServerAliveInterval 10 + # Protocol 2 + # #UseRoaming no + # ForwardAgent yes + # KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256 + # Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr + # # temp hmac-md5 + # #MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-md5 + # MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256 + # ControlMaster auto + # ControlPath ~/.ssh/master-%r@%h:%p + # ControlPersist 10m + # Compression yes + # Connecttimeout 10 + # HashKnownHosts no + # ''; + + # matchBlocks = { + # "hp4" = { + # #hostname = "localhost"; + # #port = 2222; + # #identityFile = remotebuild; + # }; + # "*" = { + # # everything sucks about SSH_AUTH_SOCK, so let's just control + # # it and what it points to directly + # User = "das"; + # KeepAlive = "yes"; + # ServerAliveInterval = 10; + # Protocol = 2; + # }; + # }; + #}; + #aws ssh example + #https://discourse.nixos.org/t/is-there-a-nix-way-to-configure-ssh-server-connections/28033/7?u=randomizedcoder + nixpkgs.config.allowUnfree = true; programs.home-manager.enable = true; diff --git a/hp/hp1/test_distributed_build.md b/hp/hp1/test_distributed_build.md new file mode 100644 index 0000000..b2bdddf --- /dev/null +++ b/hp/hp1/test_distributed_build.md @@ -0,0 +1,5 @@ + + +nix-build --max-jobs 0 -E << EOF +(import {}).writeText "test" "$(date)" +EOF \ No newline at end of file diff --git a/hp/hp4/Makefile b/hp/hp4/Makefile index de94510..2756e0c 100644 --- a/hp/hp4/Makefile +++ b/hp/hp4/Makefile @@ -1,5 +1,5 @@ # -# nixos/hp4/Makefile +# nixos/hp/hp4/Makefile # EXPECTED_HOSTNAME := hp4 @@ -16,14 +16,25 @@ else endif rebuild: - sudo cp /home/das/nixos/modules/* /etc/nixos/ - sudo cp ./*.nix /etc/nixos/ - sudo nix-channel --update - sudo nixos-rebuild switch + #sudo cp /home/das/nixos/modules/* /etc/nixos/ + #sudo cp ./*.nix /etc/nixos/ + #sudo nix-channel --update + #sudo nixos-rebuild switch + #sudo nix-channel --update; + sudo nixos-rebuild switch --flake . + +rebuild_trace: + sudo nixos-rebuild switch --show-trace --flake . + +update: + sudo nix flake update; + +update_flake: + sudo nix --extra-experimental-features nix-command --extra-experimental-features flakes flake update sync: - rsync -av /home/das/nixos/hp/hp4/ hp4:/home/das/nixos/hp4/ - rsync -av /home/das/nixos/modules/ hp4:/home/das/nixos/modules/ + rsync -av /home/das/nixos/hp/"${EXPECTED_HOSTNAME}"/ "${EXPECTED_HOSTNAME}":/home/das/nixos/hp/"${EXPECTED_HOSTNAME}"/ + #rsync -av /home/das/nixos/modules/ hp1:/home/das/nixos/modules/ # https://nixos.wiki/wiki/Kubernetes#reset_to_a_clean_state nuke_k8s: check_hostname delete_k8s @@ -32,6 +43,12 @@ delete_k8s: sudo rm -rf /var/lib/kubernetes/ /var/lib/etcd/ /var/lib/cfssl/ /var/lib/kubelet/ sudo rm -rf /etc/kube-flannel/ /etc/kubernetes/ +nuke_k3s: check_hostname delete_k3s + +delete k3s: + sudo rm -rf /var/lib/rancher/k3s/ /etc/rancher/k3s + k3s-killall.sh + create_cert: # Generate private key openssl genrsa -out /var/lib/kubernetes/secrets/cluster-admin.pem 4096 @@ -42,6 +59,16 @@ create_cert: # Issue certificate openssl ca -config ./openssl_ca_config -in /var/lib/kubernetes/secrets/cluster-admin.csr -out /var/lib/kubernetes/secrets/cluster-admin.crt -days 365 -notext -batch +# https://nixos.wiki/wiki/Binary_Cache +# curl http://localhost:5000/nix-cache-info +setup_nix_serve: + cd /var + nix-store --generate-binary-cache-key hp4 cache-priv-key.pem cache-pub-key.pem + chown nix-serve cache-priv-key.pem + chmod 600 cache-priv-key.pem + cat cache-pub-key.pem +copy_lock: + scp hp4:/home/das/nixos/hp/hp4/flake.lock ./ # end diff --git a/hp/hp4/athens.nix b/hp/hp4/athens.nix new file mode 100644 index 0000000..813bbc6 --- /dev/null +++ b/hp/hp4/athens.nix @@ -0,0 +1,20 @@ +{ pkgs, config, ... }: +{ + services.athens = { + enable = true; + #openFirewall = true; # this doesn't exist any more? + port = 8888; + logLevel = "debug"; + # storageType = "disk"; # disk is default + # diskStorageRoot = "/var/lib/athens"; + #goBinary = unstable.go; + # https://mynixos.com/nixpkgs/option/services.athens.goBinary + goGetWorkers = 32; # default 10 + indexType = "memory"; # default none + statsExporter = "prometheus"; + }; + # https://mynixos.com/nixpkgs/options/services.athens + # https://github.com/ditsuke/nixpkgs-compat/blob/master/nixos/modules/services/development/athens.md + # https://github.com/ditsuke/nixpkgs-compat/blob/master/nixos/modules/services/development/athens.nix + # journalctl -u athens.service -f +} \ No newline at end of file diff --git a/hp/hp4/authorizedKeys b/hp/hp4/authorizedKeys new file mode 100644 index 0000000..f81fd33 --- /dev/null +++ b/hp/hp4/authorizedKeys @@ -0,0 +1,2 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINjiY/MIQUyp58JXt+fuy1mQWCZfFhbYoRK6jJN5ZxeV root@t +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMO7liZykpeI/ggPRBXQswdLAZWNWj+h8QA3hzQLi0ai das@hp1 diff --git a/hp/hp4/cache-pub-key.pem b/hp/hp4/cache-pub-key.pem new file mode 100644 index 0000000..6f3ab1f --- /dev/null +++ b/hp/hp4/cache-pub-key.pem @@ -0,0 +1 @@ +hp4:YkYI70Fsy07fHWdh++V82b5Lgz03J9oE3KcIiFaJg8w= \ No newline at end of file diff --git a/hp/hp4/configuration.nix b/hp/hp4/configuration.nix index 098516b..08ef4a0 100644 --- a/hp/hp4/configuration.nix +++ b/hp/hp4/configuration.nix @@ -1,6 +1,6 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). +# +# hp/hp4/configuration.nix +# # sudo nixos-rebuild switch # sudo nix-channel --update @@ -8,7 +8,7 @@ # nmcli device wifi connect MYSSID password PWORD # systemctl restart display-manager.service -{ config, pkgs, ... }: +{ config, pkgs, lib, ... }: # https://nixos.wiki/wiki/FAQ#How_can_I_install_a_package_from_unstable_while_remaining_on_the_stable_channel.3F # https://discourse.nixos.org/t/differences-between-nix-channels/13998 @@ -18,35 +18,88 @@ imports = [ # Include the results of the hardware scan. ./hardware-configuration.nix - # sudo nix-channel --add https://github.com/nix-community/home-manager/archive/release-23.11.tar.gz home-manager + # sudo nix-channel --add https://github.com/nix-community/home-manager/archive/release-24.11.tar.gz home-manager # sudo nix-channel --update - + # tutorial + # https://nixos-and-flakes.thiscute.world/nixos-with-flakes/start-using-home-manager + # # ./sysctl.nix - ./wireless.nix + # ./wireless.nix ./hosts.nix ./firewall.nix ./il8n.nix #./systemdSystem.nix ./systemPackages.nix - ./home-manager.nix + # home manager is imported by the flake + #./home.nix ./nodeExporter.nix ./prometheus.nix ./grafana.nix - #./trafficserver.nix + ./docker-daemon.nix + #./k8s_master.nix + #./k8s_node.nix + #./k3s_master.nix + #./k3s_node.nix + ./systemd.services.ethtool-enp1s0f0.nix + ./systemd.services.ethtool-enp1s0f1.nix + ./nginx.nix + ./trafficserver.nix + ./athens.nix + ./remote-builder.nix ]; + # Bootloader. + boot = { + loader.systemd-boot = { + enable = true; + #consoleMode = "max"; # Sets the console mode to the highest resolution supported by the firmware. + memtest86.enable = true; + }; + + loader.efi.canTouchEfiVariables = true; + + # https://nixos.wiki/wiki/AMD_GPU + #initrd.kernelModules = [ "amdgpu" ]; + + # https://nixos.wiki/wiki/Linux_kernel + kernelPackages = pkgs.linuxPackages_latest; + #boot.kernelPackages = pkgs.linuxPackages_rpi4 + }; + # https://nixos.wiki/wiki/Nix_Cookbook - nix.gc.automatic = true; - nix.settings.auto-optimise-store = true; + nix = { + nrBuildUsers = 64; + settings = { + auto-optimise-store = true; + #experimental-features = [ "nix-command" "flakes" ]; + experimental-features = [ "nix-command" "flakes" "configurable-impure-env" ]; + #impure-env = "GOPROXY=http://localhost:3000"; + impure-env = "GOPROXY=http://localhost:8888"; - # Bootloader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; + download-buffer-size = "100000000"; + + # https://nix.dev/tutorials/nixos/distributed-builds-setup.html#set-up-the-remote-builder + # https://nix.dev/tutorials/nixos/distributed-builds-setup.html#optimise-the-remote-builder-configuration + # https://nix.dev/manual/nix/2.23/command-ref/conf-file + #trusted-users = [ "remotebuild" ]; # this moved to remote-builder.nix - # https://nixos.wiki/wiki/Linux_kernel - boot.kernelPackages = pkgs.linuxPackages_latest; - #boot.kernelPackages = pkgs.linuxPackages_rpi4 + min-free = 10 * 1024 * 1024; + max-free = 200 * 1024 * 1024; + max-jobs = "auto"; + cores = 0; + + #nix.settings.experimental-features = [ "configurable-impure-env" ]; + #nix.settings.impure-env = "GOPROXY=http://localhost:3000"; + }; + + gc = { + automatic = true; # Enable automatic execution of the task + dates = "weekly"; # Schedule the task to run weekly + options = "--delete-older-than 10d"; # Specify options for the task: delete files older than 10 days + randomizedDelaySec = "14m"; # Introduce a randomized delay of up to 14 minutes before executing the task + }; + }; # https://nixos.wiki/wiki/Networking # https://nlewo.github.io/nixos-manual-sphinx/configuration/ipv4-config.xml.html @@ -74,9 +127,6 @@ # Set your time zone. time.timeZone = "America/Los_Angeles"; - # Enable touchpad support (enabled default in most desktopManager). - # services.xserver.libinput.enable = true; - environment.sessionVariables = { TERM = "xterm-256color"; #MY_VARIABLE = "my-value"; @@ -87,7 +137,7 @@ users.users.das = { isNormalUser = true; description = "das"; - extraGroups = [ "wheel" "networkmanager" "libvirtd" ]; + extraGroups = [ "wheel" "libvirtd" "docker" "kubernetes" "video" ]; packages = with pkgs; [ ]; # https://nixos.wiki/wiki/SSH_public_key_authentication @@ -141,13 +191,78 @@ }; # https://nixos.wiki/wiki/SSH + # https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/networking/ssh/sshd.nix + # https://github.com/NixOS/nixpkgs/blob/47457869d5b12bdd72303d6d2ba4bfcc26fe8531/nixos/modules/services/security/sshguard.nix services.openssh = { enable = true; + openFirewall = true; settings = { - PermitRootLogin = "yes"; # TODO DISABLE THIS!!! + # default key algos: https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/networking/ssh/sshd.nix#L546 + # KexAlgorithms = [ + # "mlkem768x25519-sha256" + # "sntrup761x25519-sha512" + # "sntrup761x25519-sha512@openssh.com" + # "curve25519-sha256" + # "curve25519-sha256@libssh.org" + # "diffie-hellman-group-exchange-sha256" + # ]; + Ciphers = [ + "chacha20-poly1305@openssh.com" + "aes256-gcm@openssh.com" + "aes128-gcm@openssh.com" + # shortned default list + ]; + Macs = [ + "hmac-sha2-512-etm@openssh.com" + "hmac-sha2-256-etm@openssh.com" + "umac-128-etm@openssh.com" + ]; + # HostKeyAlgorithms = [ + # "ssh-ed25519-cert-v01@openssh.com" + # "sk-ssh-ed25519-cert-v01@openssh.com" + # "rsa-sha2-512-cert-v01@openssh.com" + # "rsa-sha2-256-cert-v01@openssh.com" + # "ssh-ed25519" + # "sk-ssh-ed25519@openssh.com" + # "rsa-sha2-512" + # "rsa-sha2-256" + # ]; + UsePAM = true; + KbdInteractiveAuthentication = true; + PermitRootLogin = "prohibit-password"; + PasswordAuthentication = false; + ChallengeResponseAuthentication = false; + X11Forwarding = false; + GatewayPorts = "no"; }; }; + services.sshguard.enable = true; + + # search for serivces url + #https://github.com/search?q=repo%3ANixOS%2Fnixpkgs+path%3A%2F%5Enixos%5C%2Fmodules%5C%2Fservices%5C%2F%2F+openssh&type=code + + services.timesyncd.enable = true; + + services.fstrim.enable = true; + + services.nix-serve = { + enable = true; + openFirewall = true; + secretKeyFile = "/var/cache-priv-key.pem"; + }; + + systemd.services.nix-daemon.serviceConfig = { + MemoryAccounting = true; + MemoryMax = "90%"; + OOMScoreAdjust = 500; + }; + + services.pdns-recursor = { + enable = true; + # openFirewall = false; # Default + }; + # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave @@ -160,5 +275,13 @@ # programs.virt-manager.enable = true; # services.qemuGuest.enable = true; + nixpkgs.config = { + allowUnfree = true; + # permittedInsecurePackages = [ + # "squid-6.10" + # ]; + }; + # services.squid.enable = true; + # https://wiki.nixos.org/wiki/Laptop } diff --git a/hp/hp4/docker-daemon.nix b/hp/hp4/docker-daemon.nix new file mode 100644 index 0000000..fe72a86 --- /dev/null +++ b/hp/hp4/docker-daemon.nix @@ -0,0 +1,27 @@ + +{ config, pkgs, ... }: + +{ + # https://nixos.wiki/wiki/Docker + # https://search.nixos.org/options?from=0&size=50&sort=alpha_asc&query=virtualisation.docker + # https://search.nixos.org/options?channel=24.05&show=virtualisation.docker.extraOptions&from=0&size=50&sort=alpha_asc&type=packages&query=virtualisation.docker + # https://github.com/NixOS/nixpkgs/issues/68349 + virtualisation.docker.enable = true; + virtualisation.docker.daemon.settings = { + data-root = "/home/das/docker/"; + userland-proxy = false; + experimental = true; + ipv6 = true; + fixed-cidr-v6 = "fd00::/80"; + metrics-addr = "0.0.0.0:9323"; + # log-driver = "json-file"; + # log-opts.max-size = "10m"; + # log-opts.max-file = "10"; + }; + #this doesn't work + #virtualisation.docker.daemon.settings.log-opts.max-size = "10m"; + # https://docs.docker.com/reference/cli/dockerd/ + #virtualisation.docker.extraOptions = "--userland-proxy=false"; + #virtualisation.docker.extraOptions = "--log-opt=max-size=10m"; + #virtualisation.docker.extraOptions = "--ipv6"; +} \ No newline at end of file diff --git a/hp/hp4/firewall.nix b/hp/hp4/firewall.nix new file mode 100644 index 0000000..59e1d54 --- /dev/null +++ b/hp/hp4/firewall.nix @@ -0,0 +1,44 @@ +{ config, pkgs, ... }: + +{ + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + # https://nixos.wiki/wiki/Firewall + # https://scvalex.net/posts/54/ + # sudo nft --stateless list table filter + # sudo sudo iptables-save + networking.firewall = { + enable = true; + allowedTCPPorts = [ + #22 # ssh + 3000 # grafana + 3128 # TrafficServer Forward Proxy + #5000 # opened by services.nix-serve.openFirewall = true; + 5001 # iperf2 + 8080 # Nginx reverse proxy + 8443 # Nginx reverse proxy TLS + 8888 # athens + 9090 # prometheus + # 9100 is opened by services.prometheus.exporters.node.openFirewall = true; + # 9113 is opened by services.prometheus.exporters.nginx.openFirewall = true; + ]; + allowedUDPPorts = [ + 161 # SNMP (No openFirewall option in definition) + ]; + # allowedTCPPorts = [ 22 5001 ]; + # #allowedUDPPortRanges = [ + # # { from = 4000; to = 4007; } + # # { from = 8000; to = 8010; } + # #]; + # NixOS automagically creates stateful connection tracking, which we don't want + # for performance reasons + # extraCommands = '' + # iptables --delete nixos-fw -m conntrack --ctstate RELATED,ESTABLISHED -j nixos-fw-accept || true + # ''; + }; + # networking.firewall.interfaces."eth0".allowedTCPPorts = [ 80 443 ]; +} \ No newline at end of file diff --git a/hp/hp4/flake.lock b/hp/hp4/flake.lock new file mode 100644 index 0000000..e120429 --- /dev/null +++ b/hp/hp4/flake.lock @@ -0,0 +1,66 @@ +{ + "nodes": { + "home-manager": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1744743431, + "narHash": "sha256-iyn/WBYDc7OtjSawbegINDe/gIkok888kQxk3aVnkgg=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "c61bfe3ae692f42ce688b5865fac9e0de58e1387", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "release-24.11", + "repo": "home-manager", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1744440957, + "narHash": "sha256-FHlSkNqFmPxPJvy+6fNLaNeWnF1lZSgqVCl/eWaJRc4=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "26d499fc9f1d567283d5d56fcf367edd815dba1d", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-24.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-unstable": { + "locked": { + "lastModified": 1744932701, + "narHash": "sha256-fusHbZCyv126cyArUwwKrLdCkgVAIaa/fQJYFlCEqiU=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "b024ced1aac25639f8ca8fdfc2f8c4fbd66c48ef", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "home-manager": "home-manager", + "nixpkgs": "nixpkgs", + "nixpkgs-unstable": "nixpkgs-unstable" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/hp/hp4/flake.nix b/hp/hp4/flake.nix new file mode 100644 index 0000000..64b9a60 --- /dev/null +++ b/hp/hp4/flake.nix @@ -0,0 +1,59 @@ +{ + description = "HP4 Flake"; + + # https://nix.dev/manual/nix/2.24/command-ref/new-cli/nix3-flake.html#flake-inputs + inputs = { + nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11"; + nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; + + # https://nixos-and-flakes.thiscute.world/nixos-with-flakes/start-using-home-manager + home-manager = { + url = "github:nix-community/home-manager/release-24.11"; + # The `follows` keyword in inputs is used for inheritance. + # Here, `inputs.nixpkgs` of home-manager is kept consistent with + # the `inputs.nixpkgs` of the current flake, + # to avoid problems caused by different versions of nixpkgs. + inputs.nixpkgs.follows = "nixpkgs"; + }; + }; + + outputs = inputs@{ nixpkgs, nixpkgs-unstable, home-manager, ... }: + let + system = "x86_64-linux"; + pkgs = import nixpkgs { + inherit system; + config = { allowUnfree = true; }; + }; + # https://nixos.wiki/wiki/Flakes#Importing_packages_from_multiple_channels + # overlay-unstable = final: prev: { + # unstable = nixpkgs-unstable.legacyPackages.${prev.system}; + # }; + overlay-unstable = final: prev: { + unstable = import nixpkgs-unstable { + inherit system; + config = { allowUnfree = true; }; + }; + }; + lib = nixpkgs.lib; + in { + nixosConfigurations = { + hp4 = lib.nixosSystem { + #system ="x86_64-linux"; + inherit system; + modules = [ + ({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay-unstable ]; }) + ./configuration.nix + home-manager.nixosModules.home-manager + { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.users.das = import ./home.nix; + + # Optionally, use home-manager.extraSpecialArgs to pass + # arguments to home.nix + } + ]; + }; + }; + }; +} diff --git a/hp/hp4/grafana.nix b/hp/hp4/grafana.nix new file mode 100644 index 0000000..cf1b428 --- /dev/null +++ b/hp/hp4/grafana.nix @@ -0,0 +1,24 @@ +{ config, pkgs, ... }: +{ + # https://nixos.wiki/wiki/Grafana + # https://search.nixos.org/options?query=services.grafana + # https://xeiaso.net/blog/prometheus-grafana-loki-nixos-2020-11-20/ + # https://grafana.com/grafana/dashboards/1860-node-exporter-full/ + services.grafana = { + enable = true; + #openFirewall = true; # this doesn't exist + settings = { + server = { + # Listening Address + http_addr = "0.0.0.0"; + # and Port + http_port = 3000; + # Grafana needs to know on which domain and URL it's running + #domain = "your.domain"; + #root_url = "https://your.domain/grafana/"; # Not needed if it is `https://your.domain/` + serve_from_sub_path = true; + enable_gzip = true; + }; + }; + }; +} \ No newline at end of file diff --git a/hp/hp4/home-manager.nix b/hp/hp4/home-manager.nix deleted file mode 100644 index d56130e..0000000 --- a/hp/hp4/home-manager.nix +++ /dev/null @@ -1,176 +0,0 @@ -{ config, pkgs, ... }: - -# sudo cp ./nixos/modules/* /etc/nixos/ -# sudo nixos-rebuild switch - -{ - # https://nix-community.github.io/home-manager/index.xhtml#ch-installation - home-manager.users.das = { pkgs, ... }: { - - # https://nix-community.github.io/home-manager/options.xhtml#opt-home.sessionVariables - home.sessionVariables = { - }; - - home.packages = with pkgs; [ - # - gparted - hw-probe - ncdu - # - tmux - screen - # - libgcc - # https://nixos.wiki/wiki/C - # https://search.nixos.org/packages?channel=24.05&show=gcc&from=0&size=50&sort=relevance&type=packages&query=gcc - gcc - automake - gnumake - #cmake - pkg-config - # - # alsa-lib - # alsa-lib-with-plugins - # - perl - python3 - # - gawk - jq - git - htop - minicom - # - bzip2 - gzip - lz4 - zip - unzip - xz - zstd - # - rsync - tree - # - ethtool - iproute2 - vlan - tcpdump - #iperf2 - netperf - flent - bpftools - fping - inetutils - # - hwloc - bpftools - # - inotify-tools - # - # - neofetch - # - # go - # https://nixos.wiki/wiki/Go - # https://nixos.org/manual/nixpkgs/stable/#sec-language-go - # https://nixos.wiki/wiki/FAQ#How_can_I_install_a_package_from_unstable_while_remaining_on_the_stable_channel.3F - libcap - gcc - # thunderbird - # - # debug - strace - - ]; - - programs.bash.enable = true; - - programs.vim = { - enable = true; - plugins = with pkgs.vimPlugins; [ vim-airline ]; - settings = { ignorecase = true; }; - extraConfig = '' - set mouse=a - ''; - }; - #ldflags = [ - # "-X main.Version=${version}" - # "-X main.Commit=${version}" - #]; - - programs.git = { - enable = true; - userEmail = "dave.seddon.ca@gmail.com"; - userName = "randomizedcoder "; - #signing.key = "GPG-KEY-ID"; - #signing.signByDefault = true; - }; - - # disable wayland - # # https://nixos.wiki/wiki/Hyprland - # # https://josiahalenbrown.substack.com/p/installing-nixos-with-hyprland - # #programs.hyprland.enable = true; - # wayland.windowManager.hyprland = { - # # Whether to enable Hyprland wayland compositor - # enable = true; - # # The hyprland package to use - # package = pkgs.hyprland; - # # Whether to enable XWayland - # xwayland.enable = true; - - # # Optional - # # Whether to enable hyprland-session.target on hyprland startup - # systemd.enable = true; - # }; - # # home.file.".config/hypr/hyprland.conf".text = '' - # # ''; - - - home.file."containers.conf" = { - target = ".config/containers/containers.conf"; - # https://docs.podman.io/en/v4.6.0/markdown/options/security-opt.html - # https://github.com/containers/common/blob/main/docs/containers.conf.5.md - text = '' - [containers] - annotations=["run.oci.keep_original_groups=1",] - label=false - #seccomp=unconfined - ''; - }; - home.file."registries.conf" = { - target = ".config/containers/registries.conf"; - text = '' - [registries.search] - registries = ['docker.io'] - ''; - # text = '' - # [registries.search] - # registries = ['docker.io', 'registry.gitlab.com'] - # ''; - }; - home.file."policy.json" = { - target = ".config/containers/policy.json"; - text = '' - { - "default": [ - { - "type": "insecureAcceptAnything" - } - ], - "transports": - { - "docker-daemon": - { - "": [{"type":"insecureAcceptAnything"}] - } - } - } - ''; - }; - - nixpkgs.config.allowUnfree = true; - - home.stateVersion = "23.11"; - }; -} \ No newline at end of file diff --git a/hp/hp4/home.nix b/hp/hp4/home.nix new file mode 100644 index 0000000..04795b4 --- /dev/null +++ b/hp/hp4/home.nix @@ -0,0 +1,144 @@ +{ config, pkgs, ... }: + +# sudo cp ./nixos/modules/* /etc/nixos/ +# sudo nixos-rebuild switch + +{ + home.username = "das"; + home.homeDirectory = "/home/das"; + + # imports = [ + # #./ffmpeg_systemd_service.nix + # ]; + + # https://nix-community.github.io/home-manager/index.xhtml#ch-installation + #home-manager.users.das = { pkgs, ... }: { + + # https://nix-community.github.io/home-manager/options.xhtml#opt-home.sessionVariables + home.sessionVariables = { + #GI_TYPELIB_PATH = "/run/current-system/sw/lib/girepository-1.0"; + # disable wayland + #NIXOS_OZONE_WL = "1"; + KUBECONFIG = "/home/das/k3s.yaml"; + TERM = "xterm-256color"; + }; + + home.packages = with pkgs; [ + # + killall + hw-probe + lshw + hwloc + # + tmux + screen + # + libgcc + # https://nixos.wiki/wiki/C + # https://search.nixos.org/packages?channel=24.05&show=gcc&from=0&size=50&sort=relevance&type=packages&query=gcc + gcc + automake + gnumake + #cmake + pkg-config + # + # alsa-lib + # alsa-lib-with-plugins + # + perl + python3 + # + gawk + jq + git + htop + btop + minicom + # + bzip2 + gzip + lz4 + zip + unzip + xz + zstd + # + rsync + tree + # + ethtool + iproute2 + vlan + tcpdump + #wireshark + #iperf2 + netperf + flent + bpftools + fping + inetutils + # + netcat-gnu + # for telnet + inetutils + # + hwloc + bpftools + # + inotify-tools + # + libcap + gcc + # thunderbird + go + # rust + # https://nixos.wiki/wiki/Rust + # pkgs.cargo + # pkgs.rustc + # + # debug + strace + # + dive + # for pprof + graphviz + # + #ffmpeg + #ffmpeg-full + ]; + + programs.bash = { + enable = true; + enableCompletion = true; + shellAliases = { + k = "kubectl"; + }; + }; + + programs.vim = { + enable = true; + plugins = with pkgs.vimPlugins; [ vim-airline ]; + settings = { ignorecase = true; }; + extraConfig = '' + set mouse=a + ''; + }; + #ldflags = [ + # "-X main.Version=${version}" + # "-X main.Commit=${version}" + #]; + + programs.git = { + enable = true; + userEmail = "dave.seddon.ca@gmail.com"; + userName = "randomizedcoder "; + #signing.key = "GPG-KEY-ID"; + #signing.signByDefault = true; + }; + + nixpkgs.config.allowUnfree = true; + + programs.home-manager.enable = true; + home.stateVersion = "24.11"; + #}; +} diff --git a/hp/hp4/hosts.nix b/hp/hp4/hosts.nix index b60a4f0..3af6575 100644 --- a/hp/hp4/hosts.nix +++ b/hp/hp4/hosts.nix @@ -12,5 +12,6 @@ "172.16.40.70" = ["hp5" "hp5eth"]; "172.16.40.122" = ["pi5-1" "pi5-1-eth"]; "172.16.40.62" = ["chromebox3" "chromebox3-eth"]; + "127.0.0.1" = ["redpanda-0"]; }; } \ No newline at end of file diff --git a/hp/hp4/il8n.nix b/hp/hp4/il8n.nix new file mode 100644 index 0000000..6a67b6f --- /dev/null +++ b/hp/hp4/il8n.nix @@ -0,0 +1,18 @@ +{ config, pkgs, ... }: + +{ + # Select internationalisation properties. + i18n.defaultLocale = "en_US.UTF-8"; + + i18n.extraLocaleSettings = { + LC_ADDRESS = "en_US.UTF-8"; + LC_IDENTIFICATION = "en_US.UTF-8"; + LC_MEASUREMENT = "en_US.UTF-8"; + LC_MONETARY = "en_US.UTF-8"; + LC_NAME = "en_US.UTF-8"; + LC_NUMERIC = "en_US.UTF-8"; + LC_PAPER = "en_US.UTF-8"; + LC_TELEPHONE = "en_US.UTF-8"; + LC_TIME = "en_US.UTF-8"; + }; +} \ No newline at end of file diff --git a/hp/hp4/nginx.conf b/hp/hp4/nginx.conf deleted file mode 100644 index d7b6f33..0000000 --- a/hp/hp4/nginx.conf +++ /dev/null @@ -1,34 +0,0 @@ -{ pkgs, config, ... }: -{ - # https://nixos.wiki/wiki/Nginx - # https://mynixos.com/options/services.nginx - # https://search.nixos.org/options?channel=24.11&from=0&size=50&sort=relevance&type=packages&query=services.nginx - services.nginx = { - enable = true; - statusPage = true; - - listen = 8080; - - resolver.addresses = [ "1.1.1.1" "8.8.8.8" ] - - recommendedZstdSettings = true; - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedProxySettings = true; - recommendedBrotliSettings = true; - - virtualHosts = { - default = { - serverName = "_"; - default = true; - rejectSSL = true; - locations = { - "/" = { - resolver 1.1.1.1; - proxyPass = "http://127.0.0.1:12345"; - } - } - }; - }; - }; -}; \ No newline at end of file diff --git a/hp/hp4/nginx.nix b/hp/hp4/nginx.nix new file mode 100644 index 0000000..eeca782 --- /dev/null +++ b/hp/hp4/nginx.nix @@ -0,0 +1,151 @@ +{ pkgs, config, ... }: + +{ + # https://github.com/NixOS/nixpkgs/blob/master/pkgs/servers/http/nginx/generic.nix + # https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/web-servers/nginx/default.nix + # acme: https://github.com/lovesegfault/nix-config/blob/f32ab485a45bf60c3d86aa4485254b087d8e0187/services/nginx.nix#L28 + # https://github.com/NixOS/nixpkgs/blob/47457869d5b12bdd72303d6d2ba4bfcc26fe8531/nixos/modules/services/security/oauth2-proxy-nginx.nix + # https://blog.matejc.com/blogs/myblog/nixos-hydra-nginx + # https://github.com/nixinator/cardano-ops/blob/8a7be334a476a80829e17c8a0ca6ec374347a937/roles/explorer.nix#L313 + # grep ExecStartPre /etc/systemd/system/nginx.service + services.nginx = { + + enable = true; + + # package = mkOption { + # default = pkgs.nginxStable; + + defaultHTTPListenPort = 8080; + defaultSSLListenPort = 8443; + + #openFirewall = true; # doesn't exist + + statusPage = true; + + recommendedProxySettings = true; + recommendedTlsSettings = true; + + recommendedZstdSettings = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedBrotliSettings = true; + + resolver = { + addresses = [ "127.0.0.1" ]; # Point to local pdns-recursor + # valid = "30s"; # Optional: Override DNS cache TTL + # ipv6 = false; # Optional: Disable IPv6 lookups if desired + }; + + # proxyCachePath = { + # "main_cache" = { + # # Path will be /var/cache/nginx/main_cache + # levels = "1:2"; + # keysZoneName = "my_proxy_zone"; + # keysZoneSize = "10m"; + # maxSize = "10g"; + # inactive = "60m"; + # useTempPath = false; + # }; + # }; + + eventsConfig = '' + worker_connections 4096; + ''; + + appendHttpConfig = '' + proxy_cache_path /var/cache/nginx/main_cache levels=1:2 keys_zone=my_proxy_zone:10m max_size=10g inactive=60m use_temp_path=off; + ''; + + virtualHosts."_" = { + #listen = [{ addr = "0.0.0.0"; port = 3128; }]; + listen = [{ addr = "0.0.0.0"; port = 8080; }]; + + extraConfig = '' + #resolver 127.0.0.1; + + location / { + proxy_http_version 1.1; + proxy_pass $request_uri; + #proxy_pass http://$host$uri$is_args$args; + + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Real-IP $remote_addr; + + proxy_cache my_proxy_zone; + proxy_cache_key "$scheme$request_method$host$request_uri"; + proxy_cache_valid 200 302 10m; + proxy_cache_valid 404 1m; + proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504; + } + ''; + }; + }; + # journalctl --follow --namespace nginx + + systemd.services.nginx.serviceConfig.LogNamespace = "nginx"; + + # systemd.tmpfiles.rules = [ + # "d /var/cache/nginx 0700 nginx nginx - -" + # "d /var/log/nginx 0755 nginx nginx - -" + # ]; + systemd.tmpfiles.settings."nginx-dirs" = { + "/var/cache/nginx"."d" = { + mode = "0700"; + user = "nginx"; + group = "nginx"; + }; + "/var/log/nginx"."d" = { + mode = "0755"; + user = "nginx"; + group = "nginx"; + }; + "/run/nginx"."d" = { + mode = "0755"; + user = "nginx"; + group = "nginx"; + }; + }; + + services.prometheus.exporters.nginx = { + enable = true; + openFirewall = true; + # statusUrl = "http://localhost/stub_status"; # Default, should work with statusPage = true + # listenAddress = "0.0.0.0"; # Default + # port = 9113; # Default + }; + +} +# { +# # https://nixos.wiki/wiki/Nginx +# # https://mynixos.com/options/services.nginx +# # https://search.nixos.org/options?channel=24.11&from=0&size=50&sort=relevance&type=packages&query=services.nginx +# services.nginx = { +# enable = true; +# statusPage = true; + +# listen = 8080; + +# resolver.addresses = [ "1.1.1.1" "8.8.8.8" ] + +# recommendedZstdSettings = true; +# recommendedGzipSettings = true; +# recommendedOptimisation = true; +# recommendedProxySettings = true; +# recommendedBrotliSettings = true; + +# virtualHosts = { +# default = { +# serverName = "_"; +# default = true; +# rejectSSL = true; +# locations = { +# "/" = { +# resolver 1.1.1.1; +# proxyPass = "http://127.0.0.1:12345"; +# } +# } +# }; +# }; +# }; +# }; \ No newline at end of file diff --git a/hp/hp4/nixos_logo.nix b/hp/hp4/nixos_logo.nix new file mode 100644 index 0000000..468901d --- /dev/null +++ b/hp/hp4/nixos_logo.nix @@ -0,0 +1,10 @@ +# ███▄ █ ██▓ ▒██ ██▒ ▒█████ ██████ +# ██ ▀█ █ ▓██▒ ▒▒ █ █ ▒░ ▒██▒ ██▒ ▒██ ▒ +# ▓██ ▀█ ██▒ ▒██▒ ░░ █ ░ ▒██░ ██▒ ░ ▓██▄ +# ▓██▒ ▐▌██▒ ░██░ ░ █ █ ▒ ▒██ ██░ ▒ ██▒ +# ▒██░ ▓██░ ░██░ ▒██▒ ▒██▒ ░ ████▓▒░ ▒██████▒▒ +# ░ ▒░ ▒ ▒ ░▓ ▒▒ ░ ░▓ ░ ░ ▒░▒░▒░ ▒ ▒▓▒ ▒ ░ +# ░ ░░ ░ ▒░ ▒ ░ ░░ ░▒ ░ ░ ▒ ▒░ ░ ░▒ ░ ░ +# ░ ░ ░ ▒ ░ ░ ░ ░ ░ ░ ▒ ░ ░ ░ +# ░ ░ ░ ░ ░ ░ ░ +# https://github.com/tolgaerok/nixos-2405-gnome/blob/main/configuration.nix \ No newline at end of file diff --git a/hp/hp4/nodeExporter.nix b/hp/hp4/nodeExporter.nix new file mode 100644 index 0000000..388d136 --- /dev/null +++ b/hp/hp4/nodeExporter.nix @@ -0,0 +1,14 @@ +{ config, pkgs, ... }: +{ + # https://nixos.org/manual/nixos/stable/#module-services-prometheus-exporters + # https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/services/monitoring/prometheus/default.nix + services.prometheus.exporters.node = { + enable = true; + openFirewall = true; + port = 9000; + # https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/services/monitoring/prometheus/exporters.nix + enabledCollectors = [ "systemd" ]; + # /nix/store/zgsw0yx18v10xa58psanfabmg95nl2bb-node_exporter-1.8.1/bin/node_exporter --help + extraFlags = [ "--collector.ethtool" "--collector.softirqs" "--collector.tcpstat" "--collector.wifi" ]; + }; +} \ No newline at end of file diff --git a/hp/hp4/prometheus.nix b/hp/hp4/prometheus.nix new file mode 100644 index 0000000..e756933 --- /dev/null +++ b/hp/hp4/prometheus.nix @@ -0,0 +1,20 @@ +{ config, pkgs, ... }: +{ + # https://wiki.nixos.org/wiki/Prometheus + # https://nixos.org/manual/nixos/stable/#module-services-prometheus-exporters-configuration + # https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/services/monitoring/prometheus/default.nix + # default port 9090 + services.prometheus = { + enable = true; + # openFirewall = true; # doesn't exist + globalConfig.scrape_interval = "10s"; # "1m" + scrapeConfigs = [ + { + job_name = "node"; + static_configs = [{ + targets = [ "localhost:${toString config.services.prometheus.exporters.node.port}" ]; + }]; + } + ]; + }; +} \ No newline at end of file diff --git a/hp/hp4/remote-builder.nix b/hp/hp4/remote-builder.nix new file mode 100644 index 0000000..d2e074c --- /dev/null +++ b/hp/hp4/remote-builder.nix @@ -0,0 +1,19 @@ +# +# /hp/hp4/remote-builder.nix +# +{ pkgs, config, ... }: +{ + # https://nix.dev/tutorials/nixos/distributed-builds-setup.html#set-up-the-remote-builder + # sudo ssh remotebuild@hp4 -i /root/.ssh/remotebuild "echo hello" + users.users.remotebuild = { + isNormalUser = true; + createHome = false; + group = "remotebuild"; + + openssh.authorizedKeys.keyFiles = [ ./authorizedKeys ]; + }; + + users.groups.remotebuild = {}; + + nix.settings.trusted-users = [ "remotebuild" ]; +} \ No newline at end of file diff --git a/hp/hp4/sysctl.nix b/hp/hp4/sysctl.nix new file mode 100644 index 0000000..ed11dac --- /dev/null +++ b/hp/hp4/sysctl.nix @@ -0,0 +1,43 @@ +{ config, pkgs, ... }: + +{ + # https://www.kernel.org/doc/html/latest/networking/ip-sysctl.html + boot.kernel.sysctl = { + # detect dead connections more quickly + "net.ipv4.tcp_keepalive_intvl" = 30; + #net.ipv4.tcp_keepalive_intvl = 75 + "net.ipv4.tcp_keepalive_probes" = 4; + #net.ipv4.tcp_keepalive_probes = 9 + "net.ipv4.tcp_keepalive_time" = 120; + #net.ipv4.tcp_keepalive_time = 7200 + # 30 * 4 = 120 seconds. / 60 = 2 minutes + # default: 75 seconds * 9 = 675 seconds. /60 = 11.25 minutes + "net.ipv4.tcp_rmem" = "4096 1000000 16000000"; + "net.ipv4.tcp_wmem" = "4096 1000000 16000000"; + #net.ipv4.tcp_rmem = 4096 131072 6291456 + #net.ipv4.tcp_wmem = 4096 16384 4194304 + # https://github.com/torvalds/linux/blob/master/Documentation/networking/ip-sysctl.rst?plain=1#L1042 + # https://lwn.net/Articles/560082/ + "net.ipv4.tcp_notsent_lowat" = "131072"; + #net.ipv4.tcp_notsent_lowat = 4294967295 + # enable Enable reuse of TIME-WAIT sockets globally + "net.ipv4.tcp_tw_reuse" = 1; + #net.ipv4.tcp_tw_reuse=2 + "net.ipv4.tcp_timestamps" = 1; + "net.ipv4.tcp_ecn" = 1; + "net.core.default_qdisc" = "fq_codel"; + "net.ipv4.tcp_congestion_control" = "cubic"; + #net.ipv4.tcp_congestion_control=bbr + "net.core.rmem_default" = 26214400; + "net.core.rmem_max" = 26214400; + "net.core.wmem_default" = 26214400; + "net.core.wmem_max" = 26214400; + #net.core.optmem_max = 20480 + #net.core.rmem_default = 212992 + #net.core.rmem_max = 212992 + #net.core.wmem_default = 212992 + #net.core.wmem_max = 212992 + "net.ipv4.ip_local_port_range" = "1025 65535"; + #net.ipv4.ip_local_port_range ="32768 60999" + }; +} \ No newline at end of file diff --git a/hp/hp4/systemPackages.nix b/hp/hp4/systemPackages.nix new file mode 100644 index 0000000..a524c6d --- /dev/null +++ b/hp/hp4/systemPackages.nix @@ -0,0 +1,37 @@ +{ + config, + pkgs, + ... +}: +{ + # Allow unfree packages + nixpkgs.config.allowUnfree = true; + # $ nix search wget + environment.systemPackages = with pkgs; [ + # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. + # wget + psmisc + vim + curl + wget + tcpdump + iproute2 + nftables + iptables + pciutils + usbutils + iw + wirelesstools + wpa_supplicant + #wpa_supplicant_ro_ssids + lldpd + #snmp seems to be needed by lldpd + net-snmp + neofetch + # + ffmpeg-full + radeontop # GPU monitoring tool + # https://nixos.wiki/wiki/AMD_GPU#OpenCL + clinfo + ]; +} diff --git a/hp/hp4/systemd.services.ethtool-enp1s0f0.nix b/hp/hp4/systemd.services.ethtool-enp1s0f0.nix new file mode 100644 index 0000000..34d2446 --- /dev/null +++ b/hp/hp4/systemd.services.ethtool-enp1s0f0.nix @@ -0,0 +1,14 @@ +{ pkgs, ... }: +{ + systemd.services.ethtool-enp10f0 = { + description = "ethtool-enp1s0f0"; + serviceConfig = { + Type = "oneshot"; + User = "root"; + ExecStart = "${pkgs.ethtool}/bin/ethtool --set-ring enp1s0f0 rx 4096 tx 4096"; + }; + # wantedBy = [ "multi-user.target" ]; + # https://systemd.io/NETWORK_ONLINE/ + wantedBy = [ "network-pre.target" ]; + }; +} diff --git a/hp/hp4/systemd.services.ethtool-enp1s0f1.nix b/hp/hp4/systemd.services.ethtool-enp1s0f1.nix new file mode 100644 index 0000000..9141622 --- /dev/null +++ b/hp/hp4/systemd.services.ethtool-enp1s0f1.nix @@ -0,0 +1,14 @@ +{ pkgs, ... }: +{ + systemd.services.ethtool-enp1s0f1 = { + description = "ethtool-enp1s0f1"; + serviceConfig = { + Type = "oneshot"; + User = "root"; + ExecStart = "${pkgs.ethtool}/bin/ethtool --set-ring enp1s0f1 rx 4096 tx 4096"; + }; + # wantedBy = [ "multi-user.target" ]; + # https://systemd.io/NETWORK_ONLINE/ + wantedBy = [ "network-pre.target" ]; + }; +} diff --git a/hp/hp4/trafficserver.nix b/hp/hp4/trafficserver.nix index 4260782..09387e8 100644 --- a/hp/hp4/trafficserver.nix +++ b/hp/hp4/trafficserver.nix @@ -7,8 +7,12 @@ }; # https://search.nixos.org/options?channel=24.11&size=50&sort=relevance&type=packages&query=trafficserver # https://github.com/NixOS/nixpkgs/blob/nixos-24.11/nixos/modules/services/web-servers/trafficserver/default.nix + # https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/web-servers/trafficserver/default.nix services.trafficserver = { enable = true; + + #openFirewall = true; # doesn't exist + #volume = "volume=1 scheme=http size=20%"; storage = "/var/cache/trafficserver 200G"; # storage = "/var/cache/trafficserver 256M"; @@ -16,6 +20,10 @@ records = { proxy = { config = { + dns = { + nameservers = "127.0.0.1"; + round_robin_nameservers = 0; + }; # Anonymize the forward proxy http = { anonymize_remove_from = 1; @@ -24,7 +32,7 @@ anonymize_remove_cookie = 1; anonymize_remove_client_ip = 1; - cache.http = 0; + cache.http = 1; insert_client_ip = 0; insert_squid_x_forwarded_for = 0; insert_request_via_str = 0; @@ -33,6 +41,10 @@ #server_ports = toString cfg.proxyPort; server_ports = "3128 3128:ipv6"; }; + cache = { + ram_cache.size = "2G"; + #ram_cache.lru_algorithm = 0; # 0 is default, 1 is basic LRU + }; # Set logging and disable reverse proxy log.logging_enabled = 3; @@ -46,47 +58,27 @@ ipAllow = { ip_allow = [ - { - apply = "in"; - ip_addrs = "127.0.0.1"; - action = "allow"; - methods = "ALL"; - } - { - apply = "in"; - ip_addrs = "::1"; - action = "allow"; - methods = "ALL"; - } - { - apply = "in"; - ip_addrs = "172.16.0.0/16"; - action = "allow"; - methods = "ALL"; - } - { - apply = "in"; - # 4x4x4=64 - # 2603:8000:9c01:3b00 - ip_addrs = "2603:8000:9c01:3b00/64"; - action = "allow"; - methods = "ALL"; - } - { - apply = "in"; - ip_addrs = "0/0"; - action = "deny"; - methods = "ALL"; - } - { - apply = "in"; - ip_addrs = "::/0"; - action = "deny"; - methods = "ALL"; - } + { apply = "in"; ip_addrs = "0/0"; action = "allow"; methods = "ALL"; } + { apply = "in"; ip_addrs = "::/0"; action = "allow"; methods = "ALL"; } + + # { apply = "in"; ip_addrs = "127.0.0.1"; action = "allow"; methods = "ALL"; } + # { apply = "in"; ip_addrs = "::1"; action = "allow"; methods = "ALL"; } + # { apply = "in"; ip_addrs = "172.16.0.0/16"; action = "allow"; methods = "ALL"; } + # { apply = "in"; ip_addrs = "2603:8000:9c01:3b00/64"; action = "allow"; methods = "ALL"; } + # # Deny all others + # { apply = "in"; ip_addrs = "0/0"; action = "deny"; methods = "ALL"; } + # { apply = "in"; ip_addrs = "::/0"; action = "deny"; methods = "ALL"; } ]; }; }; + + systemd.tmpfiles.settings."trafficserver-dirs" = { + "/var/cache/trafficserver"."d" = { + mode = "0750"; + user = "ats"; + group = "ats"; + }; + }; } # https://github.com/input-output-hk/cardano-parts/blob/main/flake/nixosModules/profile-mithril-relay.nix # https://github.com/HippocampusGirl/nixos/blob/b01f0359810cfdd040642e2e3bbea8683bc11aee/machines/laptop-wsl/trafficserver.nix#L2 \ No newline at end of file diff --git a/laptops/t/Makefile b/laptops/t/Makefile index 0a717b1..7a0b23d 100644 --- a/laptops/t/Makefile +++ b/laptops/t/Makefile @@ -18,6 +18,12 @@ endif rebuild: sudo nixos-rebuild switch --flake . +rebuild_t: + sudo nixos-rebuild switch --flake .#t + +#https://nixos.org/manual/nixos/unstable/index.html#sec-nix-network-issues +#nixos-rebuild switch --option binary-caches http://my-cache.example.org/ + impure: sudo nixos-rebuild switch --impure --flake . diff --git a/laptops/t/configuration.nix b/laptops/t/configuration.nix index 5caf054..fd0ccdd 100644 --- a/laptops/t/configuration.nix +++ b/laptops/t/configuration.nix @@ -42,6 +42,7 @@ #./docker-compose.nix ./docker-daemon.nix #./smokeping.nix + ./distributed-builds.nix ]; boot = { diff --git a/laptops/t/distributed-builds.nix b/laptops/t/distributed-builds.nix new file mode 100644 index 0000000..7989606 --- /dev/null +++ b/laptops/t/distributed-builds.nix @@ -0,0 +1,19 @@ +# +# latops/t/distributed-builds.nix +# +# https://nix.dev/tutorials/nixos/distributed-builds-setup.html#set-up-distributed-builds +{ pkgs, ... }: +{ + nix.distributedBuilds = true; + nix.settings.builders-use-substitutes = true; + + nix.buildMachines = [ + { + hostName = "hp4.home"; + sshUser = "remotebuild"; + sshKey = "/root/.ssh/remotebuild"; + system = pkgs.stdenv.hostPlatform.system; + supportedFeatures = [ "nixos-test" "big-parallel" "kvm" ]; + } + ]; +} \ No newline at end of file diff --git a/laptops/t/flake.lock b/laptops/t/flake.lock index 7557246..39384f6 100644 --- a/laptops/t/flake.lock +++ b/laptops/t/flake.lock @@ -137,11 +137,11 @@ ] }, "locked": { - "lastModified": 1743953322, - "narHash": "sha256-prQ5JKopXtzCMX2eT3dXbaVvGmzjMRE2bXStQDdazpM=", + "lastModified": 1745015490, + "narHash": "sha256-apEJ9zoSzmslhJ2vOKFcXTMZLUFYzh1ghfB6Rbw3Low=", "owner": "hyprwm", "repo": "hyprgraphics", - "rev": "9d7f2687c84c729afbc3b13f7937655570f2978d", + "rev": "60754910946b4e2dc1377b967b7156cb989c5873", "type": "github" }, "original": { @@ -166,11 +166,11 @@ "xdph": "xdph" }, "locked": { - "lastModified": 1744849150, - "narHash": "sha256-eaKqF4Oc7atN7Y2yTTeAOLN05q+G2YY0597ukgAD2Cs=", + "lastModified": 1745328209, + "narHash": "sha256-eP3x+JNE1T6RjXhimaEnoc4GvNJcyzppW1vpAs287Zg=", "owner": "hyprwm", "repo": "Hyprland", - "rev": "225e13c3cc83308175f0a9aa18cfa31324155034", + "rev": "241a4935a244f403fa7108259075b04c81ed258f", "type": "github" }, "original": { @@ -196,11 +196,11 @@ ] }, "locked": { - "lastModified": 1743950622, - "narHash": "sha256-8qjDapcQeDqxQUIm5gA0x6XZtowV/14bOs3K0tCSMoU=", + "lastModified": 1745156469, + "narHash": "sha256-3PK27C3XcPoOkEIQnaPi3cdvh7XjIGqkcQ6MeZMvy2E=", "owner": "hyprwm", "repo": "hyprland-plugins", - "rev": "be6b9875dd5c586fb401d294bb98c31973849651", + "rev": "faa4e782753ab994333666b7e686b038d420c22f", "type": "github" }, "original": { @@ -383,11 +383,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1744463964, - "narHash": "sha256-LWqduOgLHCFxiTNYi3Uj5Lgz0SR+Xhw3kr/3Xd0GPTM=", + "lastModified": 1744932701, + "narHash": "sha256-fusHbZCyv126cyArUwwKrLdCkgVAIaa/fQJYFlCEqiU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2631b0b7abcea6e640ce31cd78ea58910d31e650", + "rev": "b024ced1aac25639f8ca8fdfc2f8c4fbd66c48ef", "type": "github" }, "original": { @@ -399,11 +399,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1744463964, - "narHash": "sha256-LWqduOgLHCFxiTNYi3Uj5Lgz0SR+Xhw3kr/3Xd0GPTM=", + "lastModified": 1744932701, + "narHash": "sha256-fusHbZCyv126cyArUwwKrLdCkgVAIaa/fQJYFlCEqiU=", "owner": "nixos", "repo": "nixpkgs", - "rev": "2631b0b7abcea6e640ce31cd78ea58910d31e650", + "rev": "b024ced1aac25639f8ca8fdfc2f8c4fbd66c48ef", "type": "github" }, "original": { diff --git a/laptops/t/hardware-graphics.nix b/laptops/t/hardware-graphics.nix index 771ea25..32d0f37 100644 --- a/laptops/t/hardware-graphics.nix +++ b/laptops/t/hardware-graphics.nix @@ -1,6 +1,9 @@ # # nixos/laptops/t/hardware-graphics.nix # + +# example: https://github.com/colemickens/nixcfg/blob/1915d408ea28a5b7279f94df7a982dbf2cf692ef/mixins/gfx-nvidia.nix + { config, pkgs, lib, diff --git a/laptops/t/home.nix b/laptops/t/home.nix index 8ea29d6..0206888 100644 --- a/laptops/t/home.nix +++ b/laptops/t/home.nix @@ -32,23 +32,30 @@ NIXOS_OZONE_WL = "1"; GOPRIVATE = "gitlab.com/sidenio/*"; TERM = "xterm-256color"; + + HTTP_PROXY = "http://hp4.home:3128"; + HTTPS_PROXY = "http://hp4.home:3128"; # Use http:// for the proxy address itself + NO_PROXY = "localhost,127.0.0.1,::1,172.16.0.0/16"; # Adjust CIDR if needed + # You can also use ALL_PROXY or FTP_PROXY if needed + # ALL_PROXY = "http://hp4:3128"; }; home.packages = with pkgs; [ - # + # System/Info Tools killall hw-probe - # + lshw + hwloc gparted - # ncdu - # - hw-probe - lshw - # + neofetch + file + + # Terminal Multiplexers tmux screen - # + + # Build Tools libgcc # https://nixos.wiki/wiki/C # https://search.nixos.org/packages?channel=24.05&show=gcc&from=0&size=50&sort=relevance&type=packages&query=gcc @@ -57,23 +64,19 @@ gnumake #cmake pkg-config - # - # - # alsa-lib - # alsa-lib-with-plugins - # + # Scripting/Utils perl #3.12.8 on 12th of Feb 2025 python3Full - # gawk jq git htop btop minicom - # + + # Compression bzip2 gzip lz4 @@ -81,16 +84,18 @@ unzip xz zstd - # + + # File Transfer/Management rsync tree - file - # + + # Terminals alacritty kitty #https://ghostty.org/ ghostty - # + + # Networking ethtool iproute2 vlan @@ -101,34 +106,33 @@ flent bpftools fping - inetutils - # - hwloc - bpftools - # + inetutils # Includes telnet + netcat-gnu + + # Filesystem/Monitoring inotify-tools - # - # HP Printers + + # Printing hplip #hplipWithPlugin - # + + # SDR gnuradio hackrf gqrx cubicsdr - # - neofetch - # + + # Media vlc # ffmpeg moved to system package #ffmpeg_7-full #ffmpeg-full - # go + + # Go Development # https://nixos.wiki/wiki/Go # https://nixos.org/manual/nixpkgs/stable/#sec-language-go # https://nixos.wiki/wiki/FAQ#How_can_I_install_a_package_from_unstable_while_remaining_on_the_stable_channel.3F libcap - gcc #gcc_multi #glibc_multi # thunderbird @@ -154,32 +158,41 @@ #buf-language-server # https://tinygo.org/ #tinygo - # - graphviz - # + + # https://github.com/bazelbuild/bazel/tags + # https://github.com/NixOS/nixpkgs/blob/nixos-unstable/pkgs/development/tools/build-managers/bazel/bazel_7/default.nix#L524 + unstable.bazel_7 + + # https://github.com/bazel-contrib/bazel-gazelle/tags + # https://github.com/NixOS/nixpkgs/blob/nixos-unstable/pkgs/by-name/ba/bazel-gazelle/package.nix#L26 + unstable.bazel-gazelle + + # Debugging/Profiling + graphviz # for pprof + strace + + # Diffing meld - # - # https://nixos.wiki/wiki/Helix + + # Editors helix - # rust + + # Rust Development # https://nixos.wiki/wiki/Rust - #pkgs.cargo - #pkgs.rustc cargo rustc rustfmt rust-analyzer clippy #clang_multi - # + + # Mobile Development flutter android-studio android-tools android-udev-rules - # - # debug - strace - # Gnome related / extensions + + # Gnome Related / Extensions # gnomeExtensions.emoji-copy # unstable.gnomeExtensions.workspace-switcher-manager gnome-extension-manager @@ -207,13 +220,15 @@ # https://github.com/AstraExt/astra-monitor gnomeExtensions.astra-monitor libgtop - # + + # Office/Documents libreoffice-qt hunspell hunspellDicts.en_AU #hunspellDicts.en_US - # evince + + # Browsers # https://nixos.wiki/wiki/Firefox firefox # https://nixos.wiki/wiki/Chromium @@ -226,25 +241,29 @@ "--ozone-platform=wayland" ]; }) + + # Communication # https://nixos.wiki/wiki/Slack slack - # zoom-us - # + + # Screenshots/Screen Recording # https://wiki.nixos.org/wiki/Flameshot (flameshot.override { enableWlrSupport = true; }) grim # screenshot functionality slurp # screenshot functionality - # - gimp-with-plugins - # simplescreenrecorder # https://wiki.nixos.org/wiki/Gpu-screen-recorder gpu-screen-recorder # CLI gpu-screen-recorder-gtk # GUI - # + + # Graphics + gimp-with-plugins + + # Text Editors gedit - # + + # Containers # https://nixos.wiki/wiki/Podman dive podman @@ -253,10 +272,8 @@ podman-tui podman-compose docker-buildx - # - rofi-wayland - wofi - # + + # Kubernetes #clickhouse #clickhouse-cli # https://github.com/int128/kubelogin @@ -274,18 +291,20 @@ kdash # k9s --kubeconfig=dev-d.kubeconfig k9s - # + + # Misc # https://github.com/jrincayc/ucblogo-code ucblogo # https://github.com/wagoodman/dive - dive + # dive # Duplicate removed # https://github.com/sharkdp/hyperfine hyperfine - # app launchers + + # App Launchers rofi-wayland wofi - # - # raspberry pi + + # Raspberry Pi rpi-imager ]; @@ -453,6 +472,28 @@ # inputs.hyprland-plugins.packages.${pkgs.system}.hyprbars # # ... #]; + extraConfig = '' + # Monitor configuration (Example - replace with yours) + monitor=,preferred,auto,1 + + # Execute-once startup commands (Example) + exec-once = waybar & + exec-once = nm-applet --indicator + + # Keybindings (Example) + bind = SUPER, Q, killactive, + bind = SUPER, RETURN, exec, ${pkgs.alacritty}/bin/alacritty + + # Include other settings... + # input { ... } + # general { ... } + # decoration { ... } + # animations { ... } + # etc... + + # Source other files if needed (less common with inline config) + # source = ~/.config/hypr/myColors.conf + ''; }; # # Optional @@ -503,6 +544,7 @@ } ''; }; + # https://mynixos.com/home-manager/options/programs.ghostty home.file.".config/ghostty/ghostty.toml" = { target = ".config/ghostty/ghostty.toml"; text = '' @@ -517,6 +559,7 @@ sidebar_position = "right" ''; }; + # https://github.com/colemickens/nixcfg/blob/1915d408ea28a5b7279f94df7a982dbf2cf692ef/mixins/ghostty.nix#L19 nixpkgs.config.allowUnfree = true; From 74634929a4cb64a990d8162a5f16dd6b73a429c4 Mon Sep 17 00:00:00 2001 From: "randomizedcoder dave.seddon.ca@gmail.com" Date: Tue, 22 Apr 2025 19:13:44 -0700 Subject: [PATCH 02/25] bazel --- hp/hp1/root_ssh_config | 21 +++++++++++++++++++++ hp/hp4/remote-builder.nix | 7 ++++++- laptops/t/flake.lock | 12 ++++++------ laptops/t/home.nix | 5 +++++ laptops/t/root_ssh_config | 21 +++++++++++++++++++++ 5 files changed, 59 insertions(+), 7 deletions(-) create mode 100644 hp/hp1/root_ssh_config create mode 100644 laptops/t/root_ssh_config diff --git a/hp/hp1/root_ssh_config b/hp/hp1/root_ssh_config new file mode 100644 index 0000000..6bea619 --- /dev/null +++ b/hp/hp1/root_ssh_config @@ -0,0 +1,21 @@ +host hp4 hp4.home + user remotebuild + IdentityFile ~/.ssh/remotebuild + ServerAliveInterval 10 + Protocol 2 + #UseRoaming no + ForwardAgent yes + # Modern Key Exchange Algorithms (Kex) - Prioritizes Post-Quantum (if available) and Curve25519 + KexAlgorithms sntrup761x25519-sha512@openssh.com,curve25519-sha256@libssh.org,curve25519-sha256,diffie-hellman-group-exchange-sha256 + # Modern Ciphers - Prioritizes ChaCha20 and AES-GCM (Authenticated Encryption) + Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com + # Modern MACs - Prioritizes Encrypt-then-MAC (EtM) modes + MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com + # temp hmac-md5 + #MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-md5 + ControlMaster auto + ControlPath ~/.ssh/master-%r@%h:%p + ControlPersist 10m + Compression yes + Connecttimeout 10 + HashKnownHosts no \ No newline at end of file diff --git a/hp/hp4/remote-builder.nix b/hp/hp4/remote-builder.nix index d2e074c..aec585c 100644 --- a/hp/hp4/remote-builder.nix +++ b/hp/hp4/remote-builder.nix @@ -5,12 +5,17 @@ { # https://nix.dev/tutorials/nixos/distributed-builds-setup.html#set-up-the-remote-builder # sudo ssh remotebuild@hp4 -i /root/.ssh/remotebuild "echo hello" + # sudo ssh remotebuild@hp4.home -i /root/.ssh/remotebuild "echo hello" users.users.remotebuild = { isNormalUser = true; createHome = false; group = "remotebuild"; - openssh.authorizedKeys.keyFiles = [ ./authorizedKeys ]; + # openssh.authorizedKeys.keyFiles = [ ./authorizedKeys ]; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINjiY/MIQUyp58JXt+fuy1mQWCZfFhbYoRK6jJN5ZxeV root@t" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMO7liZykpeI/ggPRBXQswdLAZWNWj+h8QA3hzQLi0ai das@hp1" + ]; }; users.groups.remotebuild = {}; diff --git a/laptops/t/flake.lock b/laptops/t/flake.lock index 39384f6..c5f3364 100644 --- a/laptops/t/flake.lock +++ b/laptops/t/flake.lock @@ -196,11 +196,11 @@ ] }, "locked": { - "lastModified": 1745156469, - "narHash": "sha256-3PK27C3XcPoOkEIQnaPi3cdvh7XjIGqkcQ6MeZMvy2E=", + "lastModified": 1745350310, + "narHash": "sha256-M9QKHcx6aFD2NVjD5pl3/VMxf8ZIDdaqplZL8YWwupA=", "owner": "hyprwm", "repo": "hyprland-plugins", - "rev": "faa4e782753ab994333666b7e686b038d420c22f", + "rev": "8e5e53adefdd96158841ee5b23bce4fe631bf57e", "type": "github" }, "original": { @@ -399,11 +399,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1744932701, - "narHash": "sha256-fusHbZCyv126cyArUwwKrLdCkgVAIaa/fQJYFlCEqiU=", + "lastModified": 1745234285, + "narHash": "sha256-GfpyMzxwkfgRVN0cTGQSkTC0OHhEkv3Jf6Tcjm//qZ0=", "owner": "nixos", "repo": "nixpkgs", - "rev": "b024ced1aac25639f8ca8fdfc2f8c4fbd66c48ef", + "rev": "c11863f1e964833214b767f4a369c6e6a7aba141", "type": "github" }, "original": { diff --git a/laptops/t/home.nix b/laptops/t/home.nix index 0206888..b0e56ca 100644 --- a/laptops/t/home.nix +++ b/laptops/t/home.nix @@ -166,6 +166,9 @@ # https://github.com/bazel-contrib/bazel-gazelle/tags # https://github.com/NixOS/nixpkgs/blob/nixos-unstable/pkgs/by-name/ba/bazel-gazelle/package.nix#L26 unstable.bazel-gazelle + unstable.bazel-buildtools + unstable.bazelisk + # https://github.com/buchgr/bazel-remote - maybe something to look at? # Debugging/Profiling graphviz # for pprof @@ -357,6 +360,8 @@ jnoortheen.nix-ide #jeff-hykin.better-nix-syntax rust-lang.rust-analyzer + #bazel + bazelbuild.vscode-bazel ]; }; diff --git a/laptops/t/root_ssh_config b/laptops/t/root_ssh_config new file mode 100644 index 0000000..6bea619 --- /dev/null +++ b/laptops/t/root_ssh_config @@ -0,0 +1,21 @@ +host hp4 hp4.home + user remotebuild + IdentityFile ~/.ssh/remotebuild + ServerAliveInterval 10 + Protocol 2 + #UseRoaming no + ForwardAgent yes + # Modern Key Exchange Algorithms (Kex) - Prioritizes Post-Quantum (if available) and Curve25519 + KexAlgorithms sntrup761x25519-sha512@openssh.com,curve25519-sha256@libssh.org,curve25519-sha256,diffie-hellman-group-exchange-sha256 + # Modern Ciphers - Prioritizes ChaCha20 and AES-GCM (Authenticated Encryption) + Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com + # Modern MACs - Prioritizes Encrypt-then-MAC (EtM) modes + MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com + # temp hmac-md5 + #MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-md5 + ControlMaster auto + ControlPath ~/.ssh/master-%r@%h:%p + ControlPersist 10m + Compression yes + Connecttimeout 10 + HashKnownHosts no \ No newline at end of file From d7e3c821c5bf85f69e76352e9a6f3bde14bd8984 Mon Sep 17 00:00:00 2001 From: "randomizedcoder dave.seddon.ca@gmail.com" Date: Wed, 23 Apr 2025 17:06:23 -0700 Subject: [PATCH 03/25] pi5-1 --- arm/pi5-1/.gitignore | 2 + arm/pi5-1/Makefile | 6 ++- arm/pi5-1/configuration.nix | 49 +++++++++++++++++++ arm/pi5-1/docker-daemon.nix | 27 +++++++++++ arm/pi5-1/extra-config.nix | 11 ----- arm/pi5-1/flake.nix | 15 +++++- arm/pi5-1/nodeExporter.nix | 23 +++++++++ arm/pi5-1/services.ssh.nix | 51 ++++++++++++++++++++ arm/pi5-1/sysctl.nix | 43 +++++++++++++++++ hp/hp4/configuration.nix | 95 +++++++++++++++++++------------------ hp/hp4/services.ssh.nix | 51 ++++++++++++++++++++ laptops/t/home.nix | 1 + 12 files changed, 312 insertions(+), 62 deletions(-) create mode 100644 arm/pi5-1/configuration.nix create mode 100644 arm/pi5-1/docker-daemon.nix delete mode 100644 arm/pi5-1/extra-config.nix create mode 100644 arm/pi5-1/nodeExporter.nix create mode 100644 arm/pi5-1/services.ssh.nix create mode 100644 arm/pi5-1/sysctl.nix create mode 100644 hp/hp4/services.ssh.nix diff --git a/arm/pi5-1/.gitignore b/arm/pi5-1/.gitignore index 89d56a0..2132a05 100644 --- a/arm/pi5-1/.gitignore +++ b/arm/pi5-1/.gitignore @@ -1,2 +1,4 @@ result ./result +old-result +./old-result \ No newline at end of file diff --git a/arm/pi5-1/Makefile b/arm/pi5-1/Makefile index 84c7da3..55aceb9 100644 --- a/arm/pi5-1/Makefile +++ b/arm/pi5-1/Makefile @@ -1,11 +1,13 @@ # https://wiki.nixos.org/wiki/NixOS_on_ARM/Building_Images#Compiling_through_binfmt_QEMU all: - nix build .#packages.aarch64-linux.sdcard + nix build .#packages.aarch64-linux.sdcard; +update: + sudo nix flake update; flash: - sudo dd if=/nix/store/z5bdj3iczgzm3qjgn6lvjswd0lmflkza-nixos-sd-image-24.11.20250119.107d5ef-aarch64-linux.img/sd-image/nixos-sd-image-24.11.20250119.107d5ef-aarch64-linux.img of=/dev/sda bs=10MB oflag=dsync status=progress + sudo dd if=/nix/store/z5bdj3iczgzm3qjgn6lvjswd0lmflkza-nixos-sd-image-24.11.20250119.107d5ef-aarch64-linux.img/sd-image/nixos-sd-image-24.11.20250119.107d5ef-aarch64-linux.img of=/dev/sda bs=10MB oflag=dsync status=progress; # this was copied from video: https://www.youtube.com/watch?v=6Le0IbPRzOE # time. 53.54 diff --git a/arm/pi5-1/configuration.nix b/arm/pi5-1/configuration.nix new file mode 100644 index 0000000..ebcc6db --- /dev/null +++ b/arm/pi5-1/configuration.nix @@ -0,0 +1,49 @@ +# +# arm/pi5-1/configuration.nix +# + +{ config, pkgs, lib, ... }: + +# https://nixos.wiki/wiki/FAQ#How_can_I_install_a_package_from_unstable_while_remaining_on_the_stable_channel.3F +# https://discourse.nixos.org/t/differences-between-nix-channels/13998 + +{ + # https://nixos.wiki/wiki/NixOS_modules + imports = + [ + ./sysctl.nix + ./services.ssh.nix + ./nodeExporter.nix + ./docker-daemon.nix + ]; + + # https://nixos.wiki/wiki/Nix_Cookbook + nix = { + settings = { + auto-optimise-store = true; + #experimental-features = [ "nix-command" "flakes" ]; + experimental-features = [ "nix-command" "flakes" ]; + + download-buffer-size = "100000000"; + }; + + gc = { + automatic = true; # Enable automatic execution of the task + dates = "weekly"; # Schedule the task to run weekly + options = "--delete-older-than 10d"; # Specify options for the task: delete files older than 10 days + randomizedDelaySec = "14m"; # Introduce a randomized delay of up to 14 minutes before executing the task + }; + }; + + networking.firewall.enable = true; + + services.lldpd.enable = true; + + services.timesyncd.enable = true; + + services.fstrim.enable = true; + + nixpkgs.config = { + allowUnfree = true; + }; +} \ No newline at end of file diff --git a/arm/pi5-1/docker-daemon.nix b/arm/pi5-1/docker-daemon.nix new file mode 100644 index 0000000..fe72a86 --- /dev/null +++ b/arm/pi5-1/docker-daemon.nix @@ -0,0 +1,27 @@ + +{ config, pkgs, ... }: + +{ + # https://nixos.wiki/wiki/Docker + # https://search.nixos.org/options?from=0&size=50&sort=alpha_asc&query=virtualisation.docker + # https://search.nixos.org/options?channel=24.05&show=virtualisation.docker.extraOptions&from=0&size=50&sort=alpha_asc&type=packages&query=virtualisation.docker + # https://github.com/NixOS/nixpkgs/issues/68349 + virtualisation.docker.enable = true; + virtualisation.docker.daemon.settings = { + data-root = "/home/das/docker/"; + userland-proxy = false; + experimental = true; + ipv6 = true; + fixed-cidr-v6 = "fd00::/80"; + metrics-addr = "0.0.0.0:9323"; + # log-driver = "json-file"; + # log-opts.max-size = "10m"; + # log-opts.max-file = "10"; + }; + #this doesn't work + #virtualisation.docker.daemon.settings.log-opts.max-size = "10m"; + # https://docs.docker.com/reference/cli/dockerd/ + #virtualisation.docker.extraOptions = "--userland-proxy=false"; + #virtualisation.docker.extraOptions = "--log-opt=max-size=10m"; + #virtualisation.docker.extraOptions = "--ipv6"; +} \ No newline at end of file diff --git a/arm/pi5-1/extra-config.nix b/arm/pi5-1/extra-config.nix deleted file mode 100644 index 1123fd4..0000000 --- a/arm/pi5-1/extra-config.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ config, lib, pkgs, ... }: -{ - networking.firewall.enable = false; - - nixpkgs.config.allowUnfree = true; - environment.systemPackages = with pkgs; [ - pkgs.openssh - ]; - - services.openssh.enable = true; -} diff --git a/arm/pi5-1/flake.nix b/arm/pi5-1/flake.nix index e3532b8..0f43b1f 100644 --- a/arm/pi5-1/flake.nix +++ b/arm/pi5-1/flake.nix @@ -1,13 +1,16 @@ { description = "Base system for raspberry pi 5"; inputs = { - nixpkgs.url = "nixpkgs/nixos-24.11"; + nixpkgs.url = "nixpkgs/nixos-unstable"; + # nixpkgs.url = "nixpkgs/nixos-24.11"; + # nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; nixos-generators = { url = "github:nix-community/nixos-generators"; inputs.nixpkgs.follows = "nixpkgs"; }; }; + #outputs = { self, nixpkgs, nixpkgs-unstable, nixos-generators, ... }: outputs = { self, nixpkgs, nixos-generators, ... }: { nixosModules = { @@ -28,6 +31,14 @@ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGMCFUMSCFJX95eLfm7P9r72NBp9I1FiXwNwJ+x/HGPV das@t" ]; }; + brent = { + password = "admin123"; + isNormalUser = true; + extraGroups = [ "wheel" ]; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBHhM04LlDK/gOItDXa2mzMof6LhXT9IBJ9liFPEn0xJ brent@mckee.is" + ]; + }; }; }; }; @@ -37,7 +48,7 @@ system = "aarch64-linux"; format = "sd-aarch64"; modules = [ - ./extra-config.nix + ./configuration.nix self.nixosModules.system self.nixosModules.users ( { ... }: { diff --git a/arm/pi5-1/nodeExporter.nix b/arm/pi5-1/nodeExporter.nix new file mode 100644 index 0000000..416ab9a --- /dev/null +++ b/arm/pi5-1/nodeExporter.nix @@ -0,0 +1,23 @@ +{ config, pkgs, ... }: +{ + # https://nixos.org/manual/nixos/stable/#module-services-prometheus-exporters + # https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/services/monitoring/prometheus/default.nix + services.prometheus.exporters.node = { + enable = true; + port = 9000; + # https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/services/monitoring/prometheus/exporters.nix + enabledCollectors = [ "systemd" ]; + # /nix/store/zgsw0yx18v10xa58psanfabmg95nl2bb-node_exporter-1.8.1/bin/node_exporter --help + extraFlags = [ + "--collector.ethtool" + "--collector.softirqs" + "--collector.tcpstat" + #"--collector.wifi" + "--collector.filesystem.ignored-mount-points='/nix/store'"]; + }; + + # https://search.nixos.org/options?channel=24.05&from=200&size=50&sort=relevance&type=packages&query=services.prometheus.exporters + services.prometheus.exporters.systemd.enable = true; + services.prometheus.exporters.smartctl.enable = true; + services.prometheus.exporters.process.enable = true; +} \ No newline at end of file diff --git a/arm/pi5-1/services.ssh.nix b/arm/pi5-1/services.ssh.nix new file mode 100644 index 0000000..06741ae --- /dev/null +++ b/arm/pi5-1/services.ssh.nix @@ -0,0 +1,51 @@ +{ pkgs, config, ... }: +{ + # https://nixos.wiki/wiki/SSH + # https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/networking/ssh/sshd.nix + # https://github.com/NixOS/nixpkgs/blob/47457869d5b12bdd72303d6d2ba4bfcc26fe8531/nixos/modules/services/security/sshguard.nix + services.openssh = { + enable = true; + openFirewall = true; + settings = { + # default key algos: https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/networking/ssh/sshd.nix#L546 + # KexAlgorithms = [ + # "mlkem768x25519-sha256" + # "sntrup761x25519-sha512" + # "sntrup761x25519-sha512@openssh.com" + # "curve25519-sha256" + # "curve25519-sha256@libssh.org" + # "diffie-hellman-group-exchange-sha256" + # ]; + Ciphers = [ + "chacha20-poly1305@openssh.com" + "aes256-gcm@openssh.com" + "aes128-gcm@openssh.com" + # shortned default list + ]; + Macs = [ + "hmac-sha2-512-etm@openssh.com" + "hmac-sha2-256-etm@openssh.com" + "umac-128-etm@openssh.com" + ]; + # HostKeyAlgorithms = [ + # "ssh-ed25519-cert-v01@openssh.com" + # "sk-ssh-ed25519-cert-v01@openssh.com" + # "rsa-sha2-512-cert-v01@openssh.com" + # "rsa-sha2-256-cert-v01@openssh.com" + # "ssh-ed25519" + # "sk-ssh-ed25519@openssh.com" + # "rsa-sha2-512" + # "rsa-sha2-256" + # ]; + UsePAM = true; + KbdInteractiveAuthentication = true; + PermitRootLogin = "prohibit-password"; + PasswordAuthentication = false; + ChallengeResponseAuthentication = false; + X11Forwarding = false; + GatewayPorts = "no"; + }; + }; + + services.sshguard.enable = true; +} \ No newline at end of file diff --git a/arm/pi5-1/sysctl.nix b/arm/pi5-1/sysctl.nix new file mode 100644 index 0000000..b6fa4a8 --- /dev/null +++ b/arm/pi5-1/sysctl.nix @@ -0,0 +1,43 @@ +{ config, pkgs, ... }: + +{ + # https://www.kernel.org/doc/html/latest/networking/ip-sysctl.html + boot.kernel.sysctl = { + # detect dead connections more quickly + "net.ipv4.tcp_keepalive_intvl" = 30; + #net.ipv4.tcp_keepalive_intvl = 75 + "net.ipv4.tcp_keepalive_probes" = 4; + #net.ipv4.tcp_keepalive_probes = 9 + "net.ipv4.tcp_keepalive_time" = 120; + #net.ipv4.tcp_keepalive_time = 7200 + # 30 * 4 = 120 seconds. / 60 = 2 minutes + # default: 75 seconds * 9 = 675 seconds. /60 = 11.25 minutes + "net.ipv4.tcp_rmem" = "4096 1000000 16000000"; + "net.ipv4.tcp_wmem" = "4096 1000000 16000000"; + #net.ipv4.tcp_rmem = 4096 131072 6291456 + #net.ipv4.tcp_wmem = 4096 16384 4194304 + # https://github.com/torvalds/linux/blob/master/Documentation/networking/ip-sysctl.rst?plain=1#L1042 + # https://lwn.net/Articles/560082/ + "net.ipv4.tcp_notsent_lowat" = "131072"; + #net.ipv4.tcp_notsent_lowat = 4294967295 + # enable Enable reuse of TIME-WAIT sockets globally + "net.ipv4.tcp_tw_reuse" = 1; + #net.ipv4.tcp_tw_reuse=2 + "net.ipv4.tcp_timestamps" = 1; + "net.ipv4.tcp_ecn" = 1; + "net.core.default_qdisc" = "cake"; + "net.ipv4.tcp_congestion_control" = "cubic"; + #net.ipv4.tcp_congestion_control=bbr + "net.core.rmem_default" = 26214400; + "net.core.rmem_max" = 26214400; + "net.core.wmem_default" = 26214400; + "net.core.wmem_max" = 26214400; + #net.core.optmem_max = 20480 + #net.core.rmem_default = 212992 + #net.core.rmem_max = 212992 + #net.core.wmem_default = 212992 + #net.core.wmem_max = 212992 + "net.ipv4.ip_local_port_range" = "1025 65535"; + #net.ipv4.ip_local_port_range ="32768 60999" + }; +} \ No newline at end of file diff --git a/hp/hp4/configuration.nix b/hp/hp4/configuration.nix index 08ef4a0..ce74630 100644 --- a/hp/hp4/configuration.nix +++ b/hp/hp4/configuration.nix @@ -47,6 +47,7 @@ ./trafficserver.nix ./athens.nix ./remote-builder.nix + ./services.ssh.nix ]; # Bootloader. @@ -190,54 +191,54 @@ enableSSHSupport = true; }; - # https://nixos.wiki/wiki/SSH - # https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/networking/ssh/sshd.nix - # https://github.com/NixOS/nixpkgs/blob/47457869d5b12bdd72303d6d2ba4bfcc26fe8531/nixos/modules/services/security/sshguard.nix - services.openssh = { - enable = true; - openFirewall = true; - settings = { - # default key algos: https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/networking/ssh/sshd.nix#L546 - # KexAlgorithms = [ - # "mlkem768x25519-sha256" - # "sntrup761x25519-sha512" - # "sntrup761x25519-sha512@openssh.com" - # "curve25519-sha256" - # "curve25519-sha256@libssh.org" - # "diffie-hellman-group-exchange-sha256" - # ]; - Ciphers = [ - "chacha20-poly1305@openssh.com" - "aes256-gcm@openssh.com" - "aes128-gcm@openssh.com" - # shortned default list - ]; - Macs = [ - "hmac-sha2-512-etm@openssh.com" - "hmac-sha2-256-etm@openssh.com" - "umac-128-etm@openssh.com" - ]; - # HostKeyAlgorithms = [ - # "ssh-ed25519-cert-v01@openssh.com" - # "sk-ssh-ed25519-cert-v01@openssh.com" - # "rsa-sha2-512-cert-v01@openssh.com" - # "rsa-sha2-256-cert-v01@openssh.com" - # "ssh-ed25519" - # "sk-ssh-ed25519@openssh.com" - # "rsa-sha2-512" - # "rsa-sha2-256" - # ]; - UsePAM = true; - KbdInteractiveAuthentication = true; - PermitRootLogin = "prohibit-password"; - PasswordAuthentication = false; - ChallengeResponseAuthentication = false; - X11Forwarding = false; - GatewayPorts = "no"; - }; - }; + # # https://nixos.wiki/wiki/SSH + # # https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/networking/ssh/sshd.nix + # # https://github.com/NixOS/nixpkgs/blob/47457869d5b12bdd72303d6d2ba4bfcc26fe8531/nixos/modules/services/security/sshguard.nix + # services.openssh = { + # enable = true; + # openFirewall = true; + # settings = { + # # default key algos: https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/networking/ssh/sshd.nix#L546 + # # KexAlgorithms = [ + # # "mlkem768x25519-sha256" + # # "sntrup761x25519-sha512" + # # "sntrup761x25519-sha512@openssh.com" + # # "curve25519-sha256" + # # "curve25519-sha256@libssh.org" + # # "diffie-hellman-group-exchange-sha256" + # # ]; + # Ciphers = [ + # "chacha20-poly1305@openssh.com" + # "aes256-gcm@openssh.com" + # "aes128-gcm@openssh.com" + # # shortned default list + # ]; + # Macs = [ + # "hmac-sha2-512-etm@openssh.com" + # "hmac-sha2-256-etm@openssh.com" + # "umac-128-etm@openssh.com" + # ]; + # # HostKeyAlgorithms = [ + # # "ssh-ed25519-cert-v01@openssh.com" + # # "sk-ssh-ed25519-cert-v01@openssh.com" + # # "rsa-sha2-512-cert-v01@openssh.com" + # # "rsa-sha2-256-cert-v01@openssh.com" + # # "ssh-ed25519" + # # "sk-ssh-ed25519@openssh.com" + # # "rsa-sha2-512" + # # "rsa-sha2-256" + # # ]; + # UsePAM = true; + # KbdInteractiveAuthentication = true; + # PermitRootLogin = "prohibit-password"; + # PasswordAuthentication = false; + # ChallengeResponseAuthentication = false; + # X11Forwarding = false; + # GatewayPorts = "no"; + # }; + # }; - services.sshguard.enable = true; + # services.sshguard.enable = true; # search for serivces url #https://github.com/search?q=repo%3ANixOS%2Fnixpkgs+path%3A%2F%5Enixos%5C%2Fmodules%5C%2Fservices%5C%2F%2F+openssh&type=code diff --git a/hp/hp4/services.ssh.nix b/hp/hp4/services.ssh.nix new file mode 100644 index 0000000..06741ae --- /dev/null +++ b/hp/hp4/services.ssh.nix @@ -0,0 +1,51 @@ +{ pkgs, config, ... }: +{ + # https://nixos.wiki/wiki/SSH + # https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/networking/ssh/sshd.nix + # https://github.com/NixOS/nixpkgs/blob/47457869d5b12bdd72303d6d2ba4bfcc26fe8531/nixos/modules/services/security/sshguard.nix + services.openssh = { + enable = true; + openFirewall = true; + settings = { + # default key algos: https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/networking/ssh/sshd.nix#L546 + # KexAlgorithms = [ + # "mlkem768x25519-sha256" + # "sntrup761x25519-sha512" + # "sntrup761x25519-sha512@openssh.com" + # "curve25519-sha256" + # "curve25519-sha256@libssh.org" + # "diffie-hellman-group-exchange-sha256" + # ]; + Ciphers = [ + "chacha20-poly1305@openssh.com" + "aes256-gcm@openssh.com" + "aes128-gcm@openssh.com" + # shortned default list + ]; + Macs = [ + "hmac-sha2-512-etm@openssh.com" + "hmac-sha2-256-etm@openssh.com" + "umac-128-etm@openssh.com" + ]; + # HostKeyAlgorithms = [ + # "ssh-ed25519-cert-v01@openssh.com" + # "sk-ssh-ed25519-cert-v01@openssh.com" + # "rsa-sha2-512-cert-v01@openssh.com" + # "rsa-sha2-256-cert-v01@openssh.com" + # "ssh-ed25519" + # "sk-ssh-ed25519@openssh.com" + # "rsa-sha2-512" + # "rsa-sha2-256" + # ]; + UsePAM = true; + KbdInteractiveAuthentication = true; + PermitRootLogin = "prohibit-password"; + PasswordAuthentication = false; + ChallengeResponseAuthentication = false; + X11Forwarding = false; + GatewayPorts = "no"; + }; + }; + + services.sshguard.enable = true; +} \ No newline at end of file diff --git a/laptops/t/home.nix b/laptops/t/home.nix index b0e56ca..e2edaee 100644 --- a/laptops/t/home.nix +++ b/laptops/t/home.nix @@ -169,6 +169,7 @@ unstable.bazel-buildtools unstable.bazelisk # https://github.com/buchgr/bazel-remote - maybe something to look at? + # https://github.com/buildfarm/buildfarm?tab=readme-ov-file#helm-chart # Debugging/Profiling graphviz # for pprof From 583b751e23f794c55aff3f22bf629f76f02c6394 Mon Sep 17 00:00:00 2001 From: "randomizedcoder dave.seddon.ca@gmail.com" Date: Wed, 23 Apr 2025 19:56:42 -0700 Subject: [PATCH 04/25] nix-os-raspberrypi --- arm/nixos-raspberrypi/Makefile | 22 ++ arm/nixos-raspberrypi/configuration.nix | 0 arm/nixos-raspberrypi/disko-nvme-zfs.nix | 181 ++++++++++++ arm/nixos-raspberrypi/disko-usb-btrfs.nix | 167 +++++++++++ arm/nixos-raspberrypi/flake.lock | 248 ++++++++++++++++ arm/nixos-raspberrypi/flake.nix | 268 ++++++++++++++++++ .../modules/nice-looking-console.nix | 32 +++ .../modules/server-networking.nix | 30 ++ arm/nixos-raspberrypi/pi02-configtxt.nix | 28 ++ arm/nixos-raspberrypi/pi5-configtxt.nix | 45 +++ arm/nixos-raspberrypi/readme.md | 11 + arm/pi5-1-os/Makefile | 2 +- arm/pi5-1-os/flake.nix | 4 +- arm/pi5-1/flake.lock | 12 +- arm/pi5-1/flake.nix | 15 +- arm/pi5-1/readme.md | 9 + 16 files changed, 1063 insertions(+), 11 deletions(-) create mode 100644 arm/nixos-raspberrypi/Makefile create mode 100644 arm/nixos-raspberrypi/configuration.nix create mode 100644 arm/nixos-raspberrypi/disko-nvme-zfs.nix create mode 100644 arm/nixos-raspberrypi/disko-usb-btrfs.nix create mode 100644 arm/nixos-raspberrypi/flake.lock create mode 100644 arm/nixos-raspberrypi/flake.nix create mode 100644 arm/nixos-raspberrypi/modules/nice-looking-console.nix create mode 100644 arm/nixos-raspberrypi/modules/server-networking.nix create mode 100644 arm/nixos-raspberrypi/pi02-configtxt.nix create mode 100644 arm/nixos-raspberrypi/pi5-configtxt.nix create mode 100644 arm/nixos-raspberrypi/readme.md diff --git a/arm/nixos-raspberrypi/Makefile b/arm/nixos-raspberrypi/Makefile new file mode 100644 index 0000000..52feec4 --- /dev/null +++ b/arm/nixos-raspberrypi/Makefile @@ -0,0 +1,22 @@ +# +# arm/nix-os-raspberrypi/Makefile +# + +# Fake targets +.PHONY: rpi2 rpi4 rpi4 + +all: rp5 + +rpi2: + nix build .#installerImages.rpi02 + +rp4: + nix build .#installerImages.rpi4 + +rp5: + nix build .#installerImages.rpi5 + +update: + sudo nix flake update; + +# end \ No newline at end of file diff --git a/arm/nixos-raspberrypi/configuration.nix b/arm/nixos-raspberrypi/configuration.nix new file mode 100644 index 0000000..e69de29 diff --git a/arm/nixos-raspberrypi/disko-nvme-zfs.nix b/arm/nixos-raspberrypi/disko-nvme-zfs.nix new file mode 100644 index 0000000..88a4334 --- /dev/null +++ b/arm/nixos-raspberrypi/disko-nvme-zfs.nix @@ -0,0 +1,181 @@ +{ config, lib, ... }: + +let + firmwarePartition = lib.recursiveUpdate { + # label = "FIRMWARE"; + priority = 1; + + type = "0700"; # Microsoft basic data + attributes = [ + 0 # Required Partition + ]; + + size = "1024M"; + content = { + type = "filesystem"; + format = "vfat"; + # mountpoint = "/boot/firmware"; + mountOptions = [ + "noatime" + "noauto" + "x-systemd.automount" + "x-systemd.idle-timeout=1min" + ]; + }; + }; + + espPartition = lib.recursiveUpdate { + # label = "ESP"; + + type = "EF00"; # EFI System Partition (ESP) + attributes = [ + 2 # Legacy BIOS Bootable, for U-Boot to find extlinux config + ]; + + size = "1024M"; + content = { + type = "filesystem"; + format = "vfat"; + # mountpoint = "/boot"; + mountOptions = [ + "noatime" + "noauto" + "x-systemd.automount" + "x-systemd.idle-timeout=1min" + "umask=0077" + ]; + }; + }; + +in { + + boot.supportedFilesystems = [ "zfs" ]; + # networking.hostId is set somewhere else + services.zfs.autoScrub.enable = true; + services.zfs.trim.enable = true; + + disko.devices = { + disk.nvme0 = { + type = "disk"; + device = "/dev/nvme0n1"; + content = { + type = "gpt"; + partitions = { + + FIRMWARE = firmwarePartition { + label = "FIRMWARE"; + content.mountpoint = "/boot/firmware"; + }; + + ESP = espPartition { + label = "ESP"; + content.mountpoint = "/boot"; + }; + + zfs = { + size = "100%"; + content = { + type = "zfs"; + pool = "rpool"; # zroot + }; + }; + + }; + }; + }; #nvme0 + + zpool = { + rpool = { + type = "zpool"; + + # zpool properties + options = { + ashift = "12"; + autotrim = "on"; # see also services.zfs.trim.enable + }; + + # zfs properties + rootFsOptions = { + # "com.sun:auto-snapshot" = "false"; + # https://jrs-s.net/2018/08/17/zfs-tuning-cheat-sheet/ + compression = "lz4"; + atime = "off"; + xattr = "sa"; + acltype = "posixacl"; + # https://rubenerd.com/forgetting-to-set-utf-normalisation-on-a-zfs-pool/ + normalization = "formD"; + dnodesize = "auto"; + mountpoint = "none"; + canmount = "off"; + }; + + postCreateHook = let + poolName = "rpool"; + in "zfs list -t snapshot -H -o name | grep -E '^${poolName}@blank$' || zfs snapshot ${poolName}@blank"; + + datasets = { + + # stuff which can be recomputed/easily redownloaded, e.g. nix store + local = { + type = "zfs_fs"; + options.mountpoint = "none"; + }; + "local/nix" = { + type = "zfs_fs"; + options = { + reservation = "128M"; + mountpoint = "legacy"; # to manage "with traditional tools" + }; + mountpoint = "/nix"; # nixos configuration mountpoint + }; + + # _system_ data + system = { + type = "zfs_fs"; + options = { + mountpoint = "none"; + }; + }; + "system/root" = { + type = "zfs_fs"; + options = { + mountpoint = "legacy"; + }; + mountpoint = "/"; + }; + "system/var" = { + type = "zfs_fs"; + options = { + mountpoint = "legacy"; + }; + mountpoint = "/var"; + }; + + # _user_ and _user service_ data. safest, long retention policy + safe = { + type = "zfs_fs"; + options = { + copies = "2"; + mountpoint = "none"; + }; + }; + "safe/home" = { + type = "zfs_fs"; + options = { + mountpoint = "legacy"; + }; + mountpoint = "/home"; + }; + "safe/var/lib" = { + type = "zfs_fs"; + options = { + mountpoint = "legacy"; + }; + mountpoint = "/var/lib"; + }; + + }; + }; + }; + }; +} \ No newline at end of file diff --git a/arm/nixos-raspberrypi/disko-usb-btrfs.nix b/arm/nixos-raspberrypi/disko-usb-btrfs.nix new file mode 100644 index 0000000..597fd91 --- /dev/null +++ b/arm/nixos-raspberrypi/disko-usb-btrfs.nix @@ -0,0 +1,167 @@ +{ config, lib, ... }: + +let + firmwarePartition = lib.recursiveUpdate { + # label = "FIRMWARE"; + priority = 1; + + type = "0700"; # Microsoft basic data + attributes = [ + 0 # Required Partition + ]; + + size = "1024M"; + content = { + type = "filesystem"; + format = "vfat"; + # mountpoint = "/boot/firmware"; + mountOptions = [ + "noatime" + "noauto" + "x-systemd.automount" + "x-systemd.idle-timeout=1min" + ]; + }; + }; + + espPartition = lib.recursiveUpdate { + # label = "ESP"; + + type = "EF00"; # EFI System Partition (ESP) + attributes = [ + 2 # Legacy BIOS Bootable, for U-Boot to find extlinux config + ]; + + size = "1024M"; + content = { + type = "filesystem"; + format = "vfat"; + # mountpoint = "/boot"; + mountOptions = [ + "noatime" + "noauto" + "x-systemd.automount" + "x-systemd.idle-timeout=1min" + "umask=0077" + ]; + }; + }; + +in { + + # https://nixos.wiki/wiki/Btrfs#Scrubbing + services.btrfs.autoScrub = { + enable = true; + interval = "monthly"; + fileSystems = [ "/" ]; + }; + + fileSystems = { + # mount early enough in the boot process so no logs will be lost + "/var/log".neededForBoot = true; + }; + + disko.devices.disk.main = { + type = "disk"; + device = "/dev/sda"; + + content = { + type = "gpt"; + partitions = { + + FIRMWARE = firmwarePartition { + label = "FIRMWARE"; + content.mountpoint = "/boot/firmware"; + }; + + ESP = espPartition { + label = "ESP"; + content.mountpoint = "/boot"; + }; + + system = { + type = "8305"; # Linux ARM64 root (/) + + size = "100%"; + content = { + type = "btrfs"; + extraArgs = [ + # "--label nixos" + "-f" # Override existing partition + ]; + postCreateHook = let + thisBtrfs = config.disko.devices.disk.main.content.partitions.system.content; + device = thisBtrfs.device; + subvolumes = thisBtrfs.subvolumes; + + makeBlankSnapshot = btrfsMntPoint: subvol: let + subvolAbsPath = lib.strings.normalizePath "${btrfsMntPoint}/${subvol.name}"; + dst = "${subvolAbsPath}-blank"; + # NOTE: this one-liner has the same functionality (inspired by zfs hook) + # btrfs subvolume list -s mnt/rootfs | grep -E ' rootfs-blank$' || btrfs subvolume snapshot -r mnt/rootfs mnt/rootfs-blank + in '' + if ! btrfs subvolume show "${dst}" > /dev/null 2>&1; then + btrfs subvolume snapshot -r "${subvolAbsPath}" "${dst}" + fi + ''; + # Mount top-level subvolume (/) with "subvol=/", without it + # the default subvolume will be mounted. They're the same in + # this case, though. So "subvol=/" isn't really necessary + in '' + MNTPOINT=$(mktemp -d) + mount ${device} "$MNTPOINT" -o subvol=/ + trap 'umount $MNTPOINT; rm -rf $MNTPOINT' EXIT + ${makeBlankSnapshot "$MNTPOINT" subvolumes."/rootfs"} + ''; + subvolumes = { + "/rootfs" = { + mountpoint = "/"; + mountOptions = [ "noatime" ]; + }; + "/nix" = { + mountpoint = "/nix"; + mountOptions = [ "noatime" ]; + }; + "/home" = { + mountpoint = "/home"; + mountOptions = [ "noatime" ]; + }; + "/log" = { + mountpoint = "/var/log"; + mountOptions = [ "noatime" ]; + }; + "/swap" = { + mountpoint = "/.swapvol"; + swap."swapfile" = { + size = "8G"; + priority = 3; # (higher number -> higher priority) + # to be used after zswap (set zramSwap.priority > this priority), + # but before "hibernation" swap + # https://github.com/nix-community/disko/issues/651 + }; + }; + }; + }; + }; # system + + swap = { + type = "8200"; # Linux swap + + size = "9G"; # RAM + 1GB + content = { + type = "swap"; + resumeDevice = true; # "hibernation" swap + # zram's swap will be used first, and this one only + # used when the system is under pressure enough that zram and + # "regular" swap above didn't work + # https://github.com/systemd/systemd/issues/16708#issuecomment-1632592375 + # (set zramSwap.priority > btrfs' .swapvol priority > this priority) + priority = 2; + }; + }; + + }; + }; + + }; # disko.devices.disk.main +} \ No newline at end of file diff --git a/arm/nixos-raspberrypi/flake.lock b/arm/nixos-raspberrypi/flake.lock new file mode 100644 index 0000000..e04887c --- /dev/null +++ b/arm/nixos-raspberrypi/flake.lock @@ -0,0 +1,248 @@ +{ + "nodes": { + "argononed": { + "flake": false, + "locked": { + "lastModified": 1729566243, + "narHash": "sha256-DPNI0Dpk5aym3Baf5UbEe5GENDrSmmXVdriRSWE+rgk=", + "owner": "nvmd", + "repo": "argononed", + "rev": "16dbee54d49b66d5654d228d1061246b440ef7cf", + "type": "github" + }, + "original": { + "owner": "nvmd", + "repo": "argononed", + "type": "github" + } + }, + "disko": { + "inputs": { + "nixpkgs": [ + "nixos-raspberrypi", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1742690494, + "narHash": "sha256-SFacEbSRMoTyWG5VXh4ieofJGge+cLq9lH8ifB+zjBg=", + "owner": "nvmd", + "repo": "disko", + "rev": "9dc58d4d49c9f74623a06e2fc20cdfd8bb3cbe8b", + "type": "github" + }, + "original": { + "owner": "nvmd", + "ref": "gpt-attrs", + "repo": "disko", + "type": "github" + } + }, + "disko_2": { + "inputs": { + "nixpkgs": [ + "nixos-anywhere", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1744145203, + "narHash": "sha256-I2oILRiJ6G+BOSjY+0dGrTPe080L3pbKpc+gCV3Nmyk=", + "owner": "nix-community", + "repo": "disko", + "rev": "76c0a6dba345490508f36c1aa3c7ba5b6b460989", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "master", + "repo": "disko", + "type": "github" + } + }, + "flake-parts": { + "inputs": { + "nixpkgs-lib": [ + "nixos-anywhere", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1743550720, + "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "c621e8422220273271f52058f618c94e405bb0f5", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "nixos-anywhere": { + "inputs": { + "disko": "disko_2", + "flake-parts": "flake-parts", + "nixos-images": "nixos-images", + "nixos-stable": "nixos-stable", + "nixpkgs": "nixpkgs", + "treefmt-nix": "treefmt-nix" + }, + "locked": { + "lastModified": 1744730157, + "narHash": "sha256-DGJ52K2cN3MRUlI/knH0tipGja0Agfk+QVfIQL1gWT4=", + "owner": "nix-community", + "repo": "nixos-anywhere", + "rev": "cc87f42535944efe15ce18a25f68595d40eb05c3", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixos-anywhere", + "type": "github" + } + }, + "nixos-images": { + "inputs": { + "nixos-stable": [ + "nixos-anywhere", + "nixos-stable" + ], + "nixos-unstable": [ + "nixos-anywhere", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1744247568, + "narHash": "sha256-u2k94yjX9RZhvUgKP3sdfra8cAJpRFe6IO8HVjAbsDA=", + "owner": "nix-community", + "repo": "nixos-images", + "rev": "55f83f47dde5a4457cfefc76c54463e570a67f3c", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixos-images", + "type": "github" + } + }, + "nixos-raspberrypi": { + "inputs": { + "argononed": "argononed", + "nixpkgs": "nixpkgs_2" + }, + "locked": { + "lastModified": 1744760965, + "narHash": "sha256-U6W7accGi6egFfAzVdDsEU9isjN0h4WxgGpKYHKoeM4=", + "owner": "nvmd", + "repo": "nixos-raspberrypi", + "rev": "423e8fc1ed409ee5f94c118fe6ba61136b30f18f", + "type": "github" + }, + "original": { + "owner": "nvmd", + "ref": "main", + "repo": "nixos-raspberrypi", + "type": "github" + } + }, + "nixos-stable": { + "locked": { + "lastModified": 1744309437, + "narHash": "sha256-QZnNHM823am8apCqKSPdtnzPGTy2ZB4zIXOVoBp5+W0=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "f9ebe33a928b5d529c895202263a5ce46bdf12f7", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1744501611, + "narHash": "sha256-H+Q/R9FKEuuBRjjgwP6GBPfQMA7rzH7UJm/+HSYZm5o=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "208645bf60302e4eea10f9b038043205b423de21", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable-small", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1744579458, + "narHash": "sha256-ywpXJotE1Cg0uUQ1/493wi0DokkkhOmqtH2JP55L2kg=", + "owner": "nvmd", + "repo": "nixpkgs", + "rev": "27e298704f0f167167cff3e237b3a2c68b66bda4", + "type": "github" + }, + "original": { + "owner": "nvmd", + "ref": "modules-with-keys", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { + "locked": { + "lastModified": 1744932701, + "narHash": "sha256-fusHbZCyv126cyArUwwKrLdCkgVAIaa/fQJYFlCEqiU=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "b024ced1aac25639f8ca8fdfc2f8c4fbd66c48ef", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "disko": "disko", + "nixos-anywhere": "nixos-anywhere", + "nixos-raspberrypi": "nixos-raspberrypi", + "nixpkgs": "nixpkgs_3" + } + }, + "treefmt-nix": { + "inputs": { + "nixpkgs": [ + "nixos-anywhere", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1743748085, + "narHash": "sha256-uhjnlaVTWo5iD3LXics1rp9gaKgDRQj6660+gbUU3cE=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "815e4121d6a5d504c0f96e5be2dd7f871e4fd99d", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/arm/nixos-raspberrypi/flake.nix b/arm/nixos-raspberrypi/flake.nix new file mode 100644 index 0000000..5f514e0 --- /dev/null +++ b/arm/nixos-raspberrypi/flake.nix @@ -0,0 +1,268 @@ +{ + description = '' + Examples of NixOS systems' configuration for Raspberry Pi boards + using nixos-raspberrypi + ''; + + nixConfig = { + bash-prompt = "\[nixos-raspberrypi-demo\] ➜ "; + extra-substituters = [ + "https://nixos-raspberrypi.cachix.org" + ]; + extra-trusted-public-keys = [ + "nixos-raspberrypi.cachix.org-1:4iMO9LXa8BqhU+Rpg6LQKiGa2lsNh/j2oiYLNOQ5sPI=" + ]; + connect-timeout = 5; + }; + + inputs = { + + nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; + nixos-raspberrypi = { + url = "github:nvmd/nixos-raspberrypi/main"; + }; + + disko = { + # the fork is needed for partition attributes support + url = "github:nvmd/disko/gpt-attrs"; + # url = "github:nix-community/disko"; + inputs.nixpkgs.follows = "nixos-raspberrypi/nixpkgs"; + }; + + nixos-anywhere = { + url = "github:nix-community/nixos-anywhere"; + }; + }; + + outputs = { self, nixpkgs + , nixos-raspberrypi, disko + , nixos-anywhere, ... }@inputs: let + allSystems = nixpkgs.lib.systems.flakeExposed; + forSystems = systems: f: nixpkgs.lib.genAttrs systems (system: f system); + in { + + devShells = forSystems allSystems (system: let + pkgs = nixpkgs.legacyPackages.${system}; + in { + default = pkgs.mkShell { + nativeBuildInputs = with pkgs; [ + nil # lsp language server for nix + nixpkgs-fmt + nix-output-monitor + nixos-anywhere.packages.${system}.default + ]; + }; + }); + + nixosConfigurations = let + + users-config-stub = { + # This is identical to what nixos installer does in + # (modulesPash + "profiles/installation-device.nix") + + # Use less privileged nixos user + users.users.nixos = { + isNormalUser = true; + extraGroups = [ + "wheel" + "networkmanager" + "video" + ]; + # Allow the graphical user to login without password + initialHashedPassword = ""; + }; + + # Allow the user to log in as root without a password. + users.users.root.initialHashedPassword = ""; + + # Don't require sudo/root to `reboot` or `poweroff`. + security.polkit.enable = true; + + # Allow passwordless sudo from nixos user + security.sudo = { + enable = true; + wheelNeedsPassword = false; + }; + + # Automatically log in at the virtual consoles. + services.getty.autologinUser = "nixos"; + + # We run sshd by default. Login is only possible after adding a + # password via "passwd" or by adding a ssh key to ~/.ssh/authorized_keys. + # The latter one is particular useful if keys are manually added to + # installation device for head-less systems i.e. arm boards by manually + # mounting the storage in a different system. + services.openssh = { + enable = true; + settings.PermitRootLogin = "yes"; + }; + + # allow nix-copy to live system + nix.settings.trusted-users = [ "nixos" ]; + }; + + common-user-config = {config, pkgs, ... }: { + imports = [ + ./modules/nice-looking-console.nix + users-config-stub + ]; + + time.timeZone = "UTC"; + networking.hostName = "rpi${config.boot.loader.raspberryPi.variant}-demo"; + + services.udev.extraRules = '' + # Ignore partitions with "Required Partition" GPT partition attribute + # On our RPis this is firmware (/boot/firmware) partition + ENV{ID_PART_ENTRY_SCHEME}=="gpt", \ + ENV{ID_PART_ENTRY_FLAGS}=="0x1", \ + ENV{UDISKS_IGNORE}="1" + ''; + + environment.systemPackages = with pkgs; [ + tree + ]; + + + users.users.nixos.openssh.authorizedKeys.keys = [ + # YOUR SSH PUB KEY HERE # + + ]; + users.users.root.openssh.authorizedKeys.keys = [ + # YOUR SSH PUB KEY HERE # + + ]; + + + system.nixos.tags = let + cfg = config.boot.loader.raspberryPi; + in [ + "raspberry-pi-${cfg.variant}" + cfg.bootloader + config.boot.kernelPackages.kernel.version + ]; + }; + in { + + rpi02 = nixos-raspberrypi.lib.nixosSystemFull { + specialArgs = inputs; + modules = [ + ({ config, pkgs, lib, nixos-raspberrypi, ... }: { + imports = with nixos-raspberrypi.nixosModules; [ + # Hardware configuration + raspberry-pi-02.base + usb-gadget-ethernet + # config.txt example + ./pi02-configtxt.nix + ]; + }) + # Disk configuration + # Assumes the system will continue to reside on the installation media (sd-card), + # as there're hardly other feasible options on RPi02. + # (see also https://github.com/nvmd/nixos-raspberrypi/issues/8#issuecomment-2804912881) + # `sd-image` has lots of dependencies unnecessary for the installed system, + # replicating its disk layout + ({ config, pkgs, ... }: { + fileSystems = { + "/boot/firmware" = { + device = "/dev/disk/by-label/FIRMWARE"; + fsType = "vfat"; + options = [ + "noatime" + "noauto" + "x-systemd.automount" + "x-systemd.idle-timeout=1min" + ]; + }; + "/" = { + device = "/dev/disk/by-label/NIXOS_SD"; + fsType = "ext4"; + options = [ "noatime" ]; + }; + }; + }) + # Further user configuration + common-user-config + ({ config, pkgs, ... }: { + environment.systemPackages = with pkgs; [ + i2c-tools + ]; + }) + ]; + }; + + rpi4 = nixos-raspberrypi.lib.nixosSystem { + specialArgs = inputs; + modules = [ + ({ config, pkgs, lib, nixos-raspberrypi, disko, ... }: { + imports = with nixos-raspberrypi.nixosModules; [ + # Hardware configuration + raspberry-pi-4.base + raspberry-pi-4.display-vc4 + raspberry-pi-4.bluetooth + ]; + }) + # Disk configuration + disko.nixosModules.disko + # WARNING: formatting disk with disko is DESTRUCTIVE, check if + # `disko.devices.disk.main.device` is set correctly! + ./disko-usb-btrfs.nix + # Further user configuration + common-user-config + { + boot.tmp.useTmpfs = true; + } + ]; + }; + + rpi5 = nixos-raspberrypi.lib.nixosSystemFull { + specialArgs = inputs; + modules = [ + ({ config, pkgs, lib, nixos-raspberrypi, disko, ... }: { + imports = with nixos-raspberrypi.nixosModules; [ + # Hardware configuration + raspberry-pi-5.base + raspberry-pi-5.display-vc4 + ./pi5-configtxt.nix + ]; + }) + # Disk configuration + disko.nixosModules.disko + # WARNING: formatting disk with disko is DESTRUCTIVE, check if + # `disko.devices.disk.nvme0.device` is set correctly! + ./disko-nvme-zfs.nix + { networking.hostId = "8821e309"; } # NOTE: for zfs, must be unique + # Further user configuration + common-user-config + { + boot.tmp.useTmpfs = true; + } + + # Advanced: Use non-default kernel from kernel-firmware bundle + ({ config, pkgs, lib, ... }: let + kernelBundle = pkgs.linuxAndFirmware.v6_6_31; + in { + boot = { + loader.raspberryPi.firmwarePackage = kernelBundle.raspberrypifw; + kernelPackages = kernelBundle.linuxPackages_rpi5; + }; + + nixpkgs.overlays = lib.mkAfter [ + (self: super: { + # This is used in (modulesPath + "/hardware/all-firmware.nix") when at least + # enableRedistributableFirmware is enabled + # I know no easier way to override this package + inherit (kernelBundle) raspberrypiWirelessFirmware; + # Some derivations want to use it as an input, + # e.g. raspberrypi-dtbs, omxplayer, sd-image-* modules + inherit (kernelBundle) raspberrypifw; + }) + ]; + }) + + ]; + }; + + }; + + }; +} \ No newline at end of file diff --git a/arm/nixos-raspberrypi/modules/nice-looking-console.nix b/arm/nixos-raspberrypi/modules/nice-looking-console.nix new file mode 100644 index 0000000..d30dd51 --- /dev/null +++ b/arm/nixos-raspberrypi/modules/nice-looking-console.nix @@ -0,0 +1,32 @@ +{ config, lib, pkgs, ... }: + +{ + # The following have been borrowed from: + # https://github.com/nix-community/nixos-images/blob/b733f0680a42cc01d6ad53896fb5ca40a66d5e79/nix/image-installer/module.nix#L84 + + console.earlySetup = true; + # ter-u22n is probably too big + console.font = lib.mkDefault "${pkgs.terminus_font}/share/consolefonts/ter-u16n.psf.gz"; + + # Make colored console output more readable + # for example, `ip addr`s (blues are too dark by default) + # Tango theme: https://yayachiken.net/en/posts/tango-colors-in-terminal/ + console.colors = lib.mkDefault [ + "000000" + "CC0000" + "4E9A06" + "C4A000" + "3465A4" + "75507B" + "06989A" + "D3D7CF" + "555753" + "EF2929" + "8AE234" + "FCE94F" + "739FCF" + "AD7FA8" + "34E2E2" + "EEEEEC" + ]; +} \ No newline at end of file diff --git a/arm/nixos-raspberrypi/modules/server-networking.nix b/arm/nixos-raspberrypi/modules/server-networking.nix new file mode 100644 index 0000000..613ba73 --- /dev/null +++ b/arm/nixos-raspberrypi/modules/server-networking.nix @@ -0,0 +1,30 @@ +{ lib, ... }: +{ + # https://github.com/nix-community/srvos/blob/fa814c65868d32f7bd4d13a87b191ace02feb7d8/nixos/common/networking.nix + # with some options disabled + + # Allow PMTU / DHCP + # networking.firewall.allowPing = true; + + # Keep dmesg/journalctl -k output readable by NOT logging + # each refused connection on the open internet. + networking.firewall.logRefusedConnections = lib.mkDefault false; + + # Use networkd instead of the pile of shell scripts + # NOTE: SK: is it safe to combine with NetworkManager on desktops? + networking.useNetworkd = lib.mkDefault true; + + # The notion of "online" is a broken concept + # https://github.com/systemd/systemd/blob/e1b45a756f71deac8c1aa9a008bd0dab47f64777/NEWS#L13 + # https://github.com/NixOS/nixpkgs/issues/247608 + systemd.services.NetworkManager-wait-online.enable = false; + systemd.network.wait-online.enable = false; + + # Do not take down the network for too long when upgrading, + # This also prevents failures of services that are restarted instead of stopped. + # It will use `systemctl restart` rather than stopping it with `systemctl stop` + # followed by a delayed `systemctl start`. + systemd.services.systemd-networkd.stopIfChanged = false; + # Services that are only restarted might be not able to resolve when resolved is stopped before + systemd.services.systemd-resolved.stopIfChanged = false; +} diff --git a/arm/nixos-raspberrypi/pi02-configtxt.nix b/arm/nixos-raspberrypi/pi02-configtxt.nix new file mode 100644 index 0000000..d6eff7b --- /dev/null +++ b/arm/nixos-raspberrypi/pi02-configtxt.nix @@ -0,0 +1,28 @@ +{ config, pkgs, lib, ... }: + +{ + hardware.raspberry-pi.config = { + all = { # [all] conditional filter, https://www.raspberrypi.com/documentation/computers/config_txt.html#conditional-filters + + base-dt-params = { + i2c = { + enable = true; + value = "on"; + }; + }; + + # dt-overlays = { + # i2c-rtc = { + # enable = true; + # params = { + # ds3231 = { + # enable = true; + # # value = ""; + # }; + # }; + # }; + # }; + + }; + }; +} \ No newline at end of file diff --git a/arm/nixos-raspberrypi/pi5-configtxt.nix b/arm/nixos-raspberrypi/pi5-configtxt.nix new file mode 100644 index 0000000..1f232a8 --- /dev/null +++ b/arm/nixos-raspberrypi/pi5-configtxt.nix @@ -0,0 +1,45 @@ +{ config, pkgs, lib, ... }: + +{ + hardware.raspberry-pi.config = { + all = { # [all] conditional filter, https://www.raspberrypi.com/documentation/computers/config_txt.html#conditional-filters + + options = { + # https://www.raspberrypi.com/documentation/computers/config_txt.html#enable_uart + # in conjunction with `console=serial0,115200` in kernel command line (`cmdline.txt`) + # creates a serial console, accessible using GPIOs 14 and 15 (pins + # 8 and 10 on the 40-pin header) + enable_uart = { + enable = true; + value = true; + }; + # https://www.raspberrypi.com/documentation/computers/config_txt.html#uart_2ndstage + # enable debug logging to the UART, also automatically enables + # UART logging in `start.elf` + uart_2ndstage = { + enable = true; + value = true; + }; + }; + + # Base DTB parameters + # https://github.com/raspberrypi/linux/blob/a1d3defcca200077e1e382fe049ca613d16efd2b/arch/arm/boot/dts/overlays/README#L132 + base-dt-params = { + + # https://www.raspberrypi.com/documentation/computers/raspberry-pi.html#enable-pcie + pciex1 = { + enable = true; + value = "on"; + }; + # PCIe Gen 3.0 + # https://www.raspberrypi.com/documentation/computers/raspberry-pi.html#pcie-gen-3-0 + pciex1_gen = { + enable = true; + value = "3"; + }; + + }; + + }; + }; +} \ No newline at end of file diff --git a/arm/nixos-raspberrypi/readme.md b/arm/nixos-raspberrypi/readme.md new file mode 100644 index 0000000..818d160 --- /dev/null +++ b/arm/nixos-raspberrypi/readme.md @@ -0,0 +1,11 @@ + + +https://github.com/nvmd/nixos-raspberrypi + + +Demo +https://github.com/nvmd/nixos-raspberrypi-demo/blob/main/flake.nix + + +Raspberry Pi 5 support +https://github.com/NixOS/nixpkgs/issues/260754#issuecomment-2797503311 \ No newline at end of file diff --git a/arm/pi5-1-os/Makefile b/arm/pi5-1-os/Makefile index 1dae1f4..4f74294 100644 --- a/arm/pi5-1-os/Makefile +++ b/arm/pi5-1-os/Makefile @@ -23,7 +23,7 @@ rebuild: #sudo nix flake update; sudo nix --extra-experimental-features nix-command --extra-experimental-features flakes flake update; #sudo nix-channel --update; - sudo nixos-rebuild switch --flake .#pi5-1 + sudo nixos-rebuild switch --flake .#pi5-1-os sync: rsync -av /home/das/nixos/arm/pi5-1-os/ pi5-1:/home/das/nixos/arm/pi5-1-os/ diff --git a/arm/pi5-1-os/flake.nix b/arm/pi5-1-os/flake.nix index ad65d9d..219834c 100644 --- a/arm/pi5-1-os/flake.nix +++ b/arm/pi5-1-os/flake.nix @@ -33,12 +33,12 @@ # https://www.raspberrypi.com/documentation/computers/linux_kernel.html#native-build-configuration raspberry-pi-nix.board = "bcm2712"; networking = { - hostName = "pi5-1"; + hostName = "pi5-1-os"; }; }; in { nixosConfigurations = { - pi5-1 = lib.nixosSystem { + pi5-1-os = lib.nixosSystem { #system ="x86_64-linux"; inherit system; modules = [ diff --git a/arm/pi5-1/flake.lock b/arm/pi5-1/flake.lock index 9e1930b..a817abf 100644 --- a/arm/pi5-1/flake.lock +++ b/arm/pi5-1/flake.lock @@ -23,11 +23,11 @@ ] }, "locked": { - "lastModified": 1737057290, - "narHash": "sha256-3Pe0yKlCc7EOeq1X/aJVDH0CtNL+tIBm49vpepwL1MQ=", + "lastModified": 1742568034, + "narHash": "sha256-QaMEhcnscfF2MqB7flZr+sLJMMYZPnvqO4NYf9B4G38=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "d002ce9b6e7eb467cd1c6bb9aef9c35d191b5453", + "rev": "42ee229088490e3777ed7d1162cb9e9d8c3dbb11", "type": "github" }, "original": { @@ -38,11 +38,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1737299813, - "narHash": "sha256-Qw2PwmkXDK8sPQ5YQ/y/icbQ+TYgbxfjhgnkNJyT1X8=", + "lastModified": 1745279238, + "narHash": "sha256-AQ7M9wTa/Pa/kK5pcGTgX/DGqMHyzsyINfN7ktsI7Fo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "107d5ef05c0b1119749e381451389eded30fb0d5", + "rev": "9684b53175fc6c09581e94cc85f05ab77464c7e3", "type": "github" }, "original": { diff --git a/arm/pi5-1/flake.nix b/arm/pi5-1/flake.nix index 0f43b1f..b722120 100644 --- a/arm/pi5-1/flake.nix +++ b/arm/pi5-1/flake.nix @@ -1,8 +1,19 @@ +# +# arm/pi5-1/flake.nix +# +# This is based on +# https://github.com/NixOS/nixpkgs/issues/260754#issuecomment-2501839916 +# +# My own success comment +# https://github.com/NixOS/nixpkgs/issues/260754#issuecomment-2614122573 +# +# https://nixos-and-flakes.thiscute.world/development/cross-platform-compilation#cross-compilation +# { description = "Base system for raspberry pi 5"; inputs = { - nixpkgs.url = "nixpkgs/nixos-unstable"; - # nixpkgs.url = "nixpkgs/nixos-24.11"; + # nixpkgs.url = "nixpkgs/nixos-unstable"; + nixpkgs.url = "nixpkgs/nixos-24.11"; # nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; nixos-generators = { url = "github:nix-community/nixos-generators"; diff --git a/arm/pi5-1/readme.md b/arm/pi5-1/readme.md index 8d7023c..6393bcf 100644 --- a/arm/pi5-1/readme.md +++ b/arm/pi5-1/readme.md @@ -78,3 +78,12 @@ lrwxrwxrwx 1 das users 99 Jan 21 08:55 result -> /nix/store/z5bdj3iczgzm ``` + + +https://discourse.nixos.org/t/cross-compiling-building-a-flake-for-raspberry-pi-taking-too-long/51951/2 + + +https://nixos-and-flakes.thiscute.world/development/cross-platform-compilation + + +https://nixos-and-flakes.thiscute.world/development/cross-platform-compilation#cross-compilation \ No newline at end of file From bf827ff284d94525a241a81685b5a171e1367a45 Mon Sep 17 00:00:00 2001 From: "randomizedcoder dave.seddon.ca@gmail.com" Date: Mon, 5 May 2025 07:48:10 -0700 Subject: [PATCH 05/25] sync --- .../Makefile | 8 ++- .../disko-nvme-zfs.nix | 0 .../disko-usb-btrfs.nix | 0 .../flake.lock | 42 +++++------ .../flake.nix | 18 ++--- .../modules/nice-looking-console.nix | 0 .../modules/server-networking.nix | 0 .../pi02-configtxt.nix | 0 .../pi5-configtxt.nix | 0 .../readme.md | 0 arm/nixos-raspberrypi/configuration.nix | 0 arm/pi5-1/readme.md | 2 +- hp/hp4/firewall.nix | 2 +- hp/hp4/flake.lock | 18 ++--- laptops/t/flake.lock | 72 +++++++++---------- laptops/t/home.nix | 29 ++++---- laptops/t/sysctl.nix | 12 ++++ 17 files changed, 111 insertions(+), 92 deletions(-) rename arm/{nixos-raspberrypi => nix-os-raspberrypi}/Makefile (55%) rename arm/{nixos-raspberrypi => nix-os-raspberrypi}/disko-nvme-zfs.nix (100%) rename arm/{nixos-raspberrypi => nix-os-raspberrypi}/disko-usb-btrfs.nix (100%) rename arm/{nixos-raspberrypi => nix-os-raspberrypi}/flake.lock (81%) rename arm/{nixos-raspberrypi => nix-os-raspberrypi}/flake.nix (96%) rename arm/{nixos-raspberrypi => nix-os-raspberrypi}/modules/nice-looking-console.nix (100%) rename arm/{nixos-raspberrypi => nix-os-raspberrypi}/modules/server-networking.nix (100%) rename arm/{nixos-raspberrypi => nix-os-raspberrypi}/pi02-configtxt.nix (100%) rename arm/{nixos-raspberrypi => nix-os-raspberrypi}/pi5-configtxt.nix (100%) rename arm/{nixos-raspberrypi => nix-os-raspberrypi}/readme.md (100%) delete mode 100644 arm/nixos-raspberrypi/configuration.nix diff --git a/arm/nixos-raspberrypi/Makefile b/arm/nix-os-raspberrypi/Makefile similarity index 55% rename from arm/nixos-raspberrypi/Makefile rename to arm/nix-os-raspberrypi/Makefile index 52feec4..ec9fbfb 100644 --- a/arm/nixos-raspberrypi/Makefile +++ b/arm/nix-os-raspberrypi/Makefile @@ -16,7 +16,13 @@ rp4: rp5: nix build .#installerImages.rpi5 +rp5_on_amd64: + sudo nix build .#nixosConfigurations.rpi5.config.system.build.sdImage --system aarch64-linux + update: sudo nix flake update; -# end \ No newline at end of file +sync: + rsync -avz ./ 172.16.40.122:/home/das/nixos/arm/nix-os-raspberrypi/ + +# end diff --git a/arm/nixos-raspberrypi/disko-nvme-zfs.nix b/arm/nix-os-raspberrypi/disko-nvme-zfs.nix similarity index 100% rename from arm/nixos-raspberrypi/disko-nvme-zfs.nix rename to arm/nix-os-raspberrypi/disko-nvme-zfs.nix diff --git a/arm/nixos-raspberrypi/disko-usb-btrfs.nix b/arm/nix-os-raspberrypi/disko-usb-btrfs.nix similarity index 100% rename from arm/nixos-raspberrypi/disko-usb-btrfs.nix rename to arm/nix-os-raspberrypi/disko-usb-btrfs.nix diff --git a/arm/nixos-raspberrypi/flake.lock b/arm/nix-os-raspberrypi/flake.lock similarity index 81% rename from arm/nixos-raspberrypi/flake.lock rename to arm/nix-os-raspberrypi/flake.lock index e04887c..4f3f964 100644 --- a/arm/nixos-raspberrypi/flake.lock +++ b/arm/nix-os-raspberrypi/flake.lock @@ -46,11 +46,11 @@ ] }, "locked": { - "lastModified": 1744145203, - "narHash": "sha256-I2oILRiJ6G+BOSjY+0dGrTPe080L3pbKpc+gCV3Nmyk=", + "lastModified": 1744940522, + "narHash": "sha256-TNoetfICvd29DhxRPpmyKItQBDlqSvKcV+wGNkn14jk=", "owner": "nix-community", "repo": "disko", - "rev": "76c0a6dba345490508f36c1aa3c7ba5b6b460989", + "rev": "51d33bbb7f1e74ba5f9d9a77357735149da99081", "type": "github" }, "original": { @@ -91,11 +91,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1744730157, - "narHash": "sha256-DGJ52K2cN3MRUlI/knH0tipGja0Agfk+QVfIQL1gWT4=", + "lastModified": 1745120626, + "narHash": "sha256-MqAi9oR5iaPbevV7B7WJWpFQaMloeHYQSX/lVL2XI7g=", "owner": "nix-community", "repo": "nixos-anywhere", - "rev": "cc87f42535944efe15ce18a25f68595d40eb05c3", + "rev": "736734245b9d386d3323acc97f46f585ff273bae", "type": "github" }, "original": { @@ -116,11 +116,11 @@ ] }, "locked": { - "lastModified": 1744247568, - "narHash": "sha256-u2k94yjX9RZhvUgKP3sdfra8cAJpRFe6IO8HVjAbsDA=", + "lastModified": 1744853194, + "narHash": "sha256-NBOdBdQdxb3FdM4Ywb4cATMLfFtkPqDYh0LIQMZ7eRY=", "owner": "nix-community", "repo": "nixos-images", - "rev": "55f83f47dde5a4457cfefc76c54463e570a67f3c", + "rev": "8f6f8060a13096934c2a502eb0508bdc3f1284a1", "type": "github" }, "original": { @@ -151,11 +151,11 @@ }, "nixos-stable": { "locked": { - "lastModified": 1744309437, - "narHash": "sha256-QZnNHM823am8apCqKSPdtnzPGTy2ZB4zIXOVoBp5+W0=", + "lastModified": 1744440957, + "narHash": "sha256-FHlSkNqFmPxPJvy+6fNLaNeWnF1lZSgqVCl/eWaJRc4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "f9ebe33a928b5d529c895202263a5ce46bdf12f7", + "rev": "26d499fc9f1d567283d5d56fcf367edd815dba1d", "type": "github" }, "original": { @@ -167,11 +167,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1744501611, - "narHash": "sha256-H+Q/R9FKEuuBRjjgwP6GBPfQMA7rzH7UJm/+HSYZm5o=", + "lastModified": 1745088452, + "narHash": "sha256-6SrsUiwNtyQtl+JJNcNKe98iediwPrY9Kldhszqggto=", "owner": "nixos", "repo": "nixpkgs", - "rev": "208645bf60302e4eea10f9b038043205b423de21", + "rev": "ae0c0ebf757121ee44bb98e70a71212a9961055d", "type": "github" }, "original": { @@ -199,11 +199,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1744932701, - "narHash": "sha256-fusHbZCyv126cyArUwwKrLdCkgVAIaa/fQJYFlCEqiU=", + "lastModified": 1745234285, + "narHash": "sha256-GfpyMzxwkfgRVN0cTGQSkTC0OHhEkv3Jf6Tcjm//qZ0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b024ced1aac25639f8ca8fdfc2f8c4fbd66c48ef", + "rev": "c11863f1e964833214b767f4a369c6e6a7aba141", "type": "github" }, "original": { @@ -229,11 +229,11 @@ ] }, "locked": { - "lastModified": 1743748085, - "narHash": "sha256-uhjnlaVTWo5iD3LXics1rp9gaKgDRQj6660+gbUU3cE=", + "lastModified": 1744961264, + "narHash": "sha256-aRmUh0AMwcbdjJHnytg1e5h5ECcaWtIFQa6d9gI85AI=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "815e4121d6a5d504c0f96e5be2dd7f871e4fd99d", + "rev": "8d404a69efe76146368885110f29a2ca3700bee6", "type": "github" }, "original": { diff --git a/arm/nixos-raspberrypi/flake.nix b/arm/nix-os-raspberrypi/flake.nix similarity index 96% rename from arm/nixos-raspberrypi/flake.nix rename to arm/nix-os-raspberrypi/flake.nix index 5f514e0..23d4db5 100644 --- a/arm/nixos-raspberrypi/flake.nix +++ b/arm/nix-os-raspberrypi/flake.nix @@ -38,7 +38,7 @@ , nixos-raspberrypi, disko , nixos-anywhere, ... }@inputs: let allSystems = nixpkgs.lib.systems.flakeExposed; - forSystems = systems: f: nixpkgs.lib.genAttrs systems (system: f system); + forSystems = systems: f: nixpkgs.lib.genAttrs systems (system: f system); in { devShells = forSystems allSystems (system: let @@ -123,14 +123,14 @@ ]; - users.users.nixos.openssh.authorizedKeys.keys = [ - # YOUR SSH PUB KEY HERE # + # users.users.nixos.openssh.authorizedKeys.keys = [ + # # YOUR SSH PUB KEY HERE # - ]; - users.users.root.openssh.authorizedKeys.keys = [ - # YOUR SSH PUB KEY HERE # - - ]; + # ]; + # users.users.root.openssh.authorizedKeys.keys = [ + # # YOUR SSH PUB KEY HERE # + + # ]; system.nixos.tags = let @@ -248,7 +248,7 @@ nixpkgs.overlays = lib.mkAfter [ (self: super: { - # This is used in (modulesPath + "/hardware/all-firmware.nix") when at least + # This is used in (modulesPath + "/hardware/all-firmware.nix") when at least # enableRedistributableFirmware is enabled # I know no easier way to override this package inherit (kernelBundle) raspberrypiWirelessFirmware; diff --git a/arm/nixos-raspberrypi/modules/nice-looking-console.nix b/arm/nix-os-raspberrypi/modules/nice-looking-console.nix similarity index 100% rename from arm/nixos-raspberrypi/modules/nice-looking-console.nix rename to arm/nix-os-raspberrypi/modules/nice-looking-console.nix diff --git a/arm/nixos-raspberrypi/modules/server-networking.nix b/arm/nix-os-raspberrypi/modules/server-networking.nix similarity index 100% rename from arm/nixos-raspberrypi/modules/server-networking.nix rename to arm/nix-os-raspberrypi/modules/server-networking.nix diff --git a/arm/nixos-raspberrypi/pi02-configtxt.nix b/arm/nix-os-raspberrypi/pi02-configtxt.nix similarity index 100% rename from arm/nixos-raspberrypi/pi02-configtxt.nix rename to arm/nix-os-raspberrypi/pi02-configtxt.nix diff --git a/arm/nixos-raspberrypi/pi5-configtxt.nix b/arm/nix-os-raspberrypi/pi5-configtxt.nix similarity index 100% rename from arm/nixos-raspberrypi/pi5-configtxt.nix rename to arm/nix-os-raspberrypi/pi5-configtxt.nix diff --git a/arm/nixos-raspberrypi/readme.md b/arm/nix-os-raspberrypi/readme.md similarity index 100% rename from arm/nixos-raspberrypi/readme.md rename to arm/nix-os-raspberrypi/readme.md diff --git a/arm/nixos-raspberrypi/configuration.nix b/arm/nixos-raspberrypi/configuration.nix deleted file mode 100644 index e69de29..0000000 diff --git a/arm/pi5-1/readme.md b/arm/pi5-1/readme.md index 6393bcf..e9376ee 100644 --- a/arm/pi5-1/readme.md +++ b/arm/pi5-1/readme.md @@ -77,7 +77,7 @@ lrwxrwxrwx 1 das users 99 Jan 21 08:55 result -> /nix/store/z5bdj3iczgzm -rw-r--r-- 1 das users 1013224749 Jan 21 13:44 sda2.tar.gz ``` - +dd if=/dev/mmcblk0 of=/dev/nvme0n1 bs=10MB oflag=dsync status=progress https://discourse.nixos.org/t/cross-compiling-building-a-flake-for-raspberry-pi-taking-too-long/51951/2 diff --git a/hp/hp4/firewall.nix b/hp/hp4/firewall.nix index 59e1d54..44cdaed 100644 --- a/hp/hp4/firewall.nix +++ b/hp/hp4/firewall.nix @@ -12,7 +12,7 @@ # sudo nft --stateless list table filter # sudo sudo iptables-save networking.firewall = { - enable = true; + enable = false; allowedTCPPorts = [ #22 # ssh 3000 # grafana diff --git a/hp/hp4/flake.lock b/hp/hp4/flake.lock index e120429..fe285b9 100644 --- a/hp/hp4/flake.lock +++ b/hp/hp4/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1744743431, - "narHash": "sha256-iyn/WBYDc7OtjSawbegINDe/gIkok888kQxk3aVnkgg=", + "lastModified": 1746171682, + "narHash": "sha256-EyXUNSa+H+YvGVuQJP1nZskXAowxKYp79RNUsNdQTj4=", "owner": "nix-community", "repo": "home-manager", - "rev": "c61bfe3ae692f42ce688b5865fac9e0de58e1387", + "rev": "50eee705bbdbac942074a8c120e8194185633675", "type": "github" }, "original": { @@ -23,11 +23,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1744440957, - "narHash": "sha256-FHlSkNqFmPxPJvy+6fNLaNeWnF1lZSgqVCl/eWaJRc4=", + "lastModified": 1746183838, + "narHash": "sha256-kwaaguGkAqTZ1oK0yXeQ3ayYjs8u/W7eEfrFpFfIDFA=", "owner": "nixos", "repo": "nixpkgs", - "rev": "26d499fc9f1d567283d5d56fcf367edd815dba1d", + "rev": "bf3287dac860542719fe7554e21e686108716879", "type": "github" }, "original": { @@ -39,11 +39,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1744932701, - "narHash": "sha256-fusHbZCyv126cyArUwwKrLdCkgVAIaa/fQJYFlCEqiU=", + "lastModified": 1746141548, + "narHash": "sha256-IgBWhX7A2oJmZFIrpRuMnw5RAufVnfvOgHWgIdds+hc=", "owner": "nixos", "repo": "nixpkgs", - "rev": "b024ced1aac25639f8ca8fdfc2f8c4fbd66c48ef", + "rev": "f02fddb8acef29a8b32f10a335d44828d7825b78", "type": "github" }, "original": { diff --git a/laptops/t/flake.lock b/laptops/t/flake.lock index c5f3364..6a828e3 100644 --- a/laptops/t/flake.lock +++ b/laptops/t/flake.lock @@ -20,11 +20,11 @@ ] }, "locked": { - "lastModified": 1744289235, - "narHash": "sha256-ZFkHLdimtFzQACsVVyZkZlfYdj4iNy3PkzXfrwmlse8=", + "lastModified": 1745357003, + "narHash": "sha256-jYwzQkv1r7HN/4qrAuKp+NR4YYNp2xDrOX5O9YVqkWo=", "owner": "hyprwm", "repo": "aquamarine", - "rev": "c8282f4982b56dfa5e9b9f659809da93f8d37e7a", + "rev": "a19cf76ee1a15c1c12083fa372747ce46387289f", "type": "github" }, "original": { @@ -78,11 +78,11 @@ ] }, "locked": { - "lastModified": 1744743431, - "narHash": "sha256-iyn/WBYDc7OtjSawbegINDe/gIkok888kQxk3aVnkgg=", + "lastModified": 1746171682, + "narHash": "sha256-EyXUNSa+H+YvGVuQJP1nZskXAowxKYp79RNUsNdQTj4=", "owner": "nix-community", "repo": "home-manager", - "rev": "c61bfe3ae692f42ce688b5865fac9e0de58e1387", + "rev": "50eee705bbdbac942074a8c120e8194185633675", "type": "github" }, "original": { @@ -108,11 +108,11 @@ ] }, "locked": { - "lastModified": 1742215578, - "narHash": "sha256-zfs71PXVVPEe56WEyNi2TJQPs0wabU4WAlq0XV7GcdE=", + "lastModified": 1745948457, + "narHash": "sha256-lzTV10FJTCGNtMdgW5YAhCAqezeAzKOd/97HbQK8GTU=", "owner": "hyprwm", "repo": "hyprcursor", - "rev": "2fd36421c21aa87e2fe3bee11067540ae612f719", + "rev": "ac903e80b33ba6a88df83d02232483d99f327573", "type": "github" }, "original": { @@ -166,11 +166,11 @@ "xdph": "xdph" }, "locked": { - "lastModified": 1745328209, - "narHash": "sha256-eP3x+JNE1T6RjXhimaEnoc4GvNJcyzppW1vpAs287Zg=", + "lastModified": 1746291290, + "narHash": "sha256-96SpKoIyUsRas+h6RhnPcgbduyH2j2YrujWpsuKdK8Q=", "owner": "hyprwm", "repo": "Hyprland", - "rev": "241a4935a244f403fa7108259075b04c81ed258f", + "rev": "46ac115bd19ee3aff5c816033de0b1d55a74e33f", "type": "github" }, "original": { @@ -196,11 +196,11 @@ ] }, "locked": { - "lastModified": 1745350310, - "narHash": "sha256-M9QKHcx6aFD2NVjD5pl3/VMxf8ZIDdaqplZL8YWwupA=", + "lastModified": 1746281365, + "narHash": "sha256-L5oTQib471A0zXhk6ed9y8UE19Sh7+WU3xQg0q3e+FI=", "owner": "hyprwm", "repo": "hyprland-plugins", - "rev": "8e5e53adefdd96158841ee5b23bce4fe631bf57e", + "rev": "0ca682bc2c2e10414e7de1fb6606226a45e76380", "type": "github" }, "original": { @@ -289,11 +289,11 @@ ] }, "locked": { - "lastModified": 1739048983, - "narHash": "sha256-REhTcXq4qs3B3cCDtLlYDz0GZvmsBSh947Ub6pQWGTQ=", + "lastModified": 1745951494, + "narHash": "sha256-2dModE32doiyQMmd6EDAQeZnz+5LOs6KXyE0qX76WIg=", "owner": "hyprwm", "repo": "hyprland-qtutils", - "rev": "3504a293c8f8db4127cb0f7cfc1a318ffb4316f8", + "rev": "4be1d324faf8d6e82c2be9f8510d299984dfdd2e", "type": "github" }, "original": { @@ -318,11 +318,11 @@ ] }, "locked": { - "lastModified": 1744468525, - "narHash": "sha256-9HySx+EtsbbKlZDlY+naqqOV679VdxP6x6fP3wxDXJk=", + "lastModified": 1745357019, + "narHash": "sha256-q/C3qj9FWHQenObXuw/nGIT8iIsWFjgmcQYcA+ZfpPs=", "owner": "hyprwm", "repo": "hyprlang", - "rev": "f1000c54d266e6e4e9d646df0774fac5b8a652df", + "rev": "397600c42b8d7a443a5b4e92aa15f46650a90f18", "type": "github" }, "original": { @@ -343,11 +343,11 @@ ] }, "locked": { - "lastModified": 1743950287, - "narHash": "sha256-/6IAEWyb8gC/NKZElxiHChkouiUOrVYNq9YqG0Pzm4Y=", + "lastModified": 1745975815, + "narHash": "sha256-s3GzsRxBL/N/xYgUXZhQh4t62uR1BN4zxXgWBtJ3lWM=", "owner": "hyprwm", "repo": "hyprutils", - "rev": "f2dc70e448b994cef627a157ee340135bd68fbc6", + "rev": "05878d9470c9e5cbc8807813f9ec2006627a0ca0", "type": "github" }, "original": { @@ -383,11 +383,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1744932701, - "narHash": "sha256-fusHbZCyv126cyArUwwKrLdCkgVAIaa/fQJYFlCEqiU=", + "lastModified": 1746141548, + "narHash": "sha256-IgBWhX7A2oJmZFIrpRuMnw5RAufVnfvOgHWgIdds+hc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b024ced1aac25639f8ca8fdfc2f8c4fbd66c48ef", + "rev": "f02fddb8acef29a8b32f10a335d44828d7825b78", "type": "github" }, "original": { @@ -399,11 +399,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1745234285, - "narHash": "sha256-GfpyMzxwkfgRVN0cTGQSkTC0OHhEkv3Jf6Tcjm//qZ0=", + "lastModified": 1746141548, + "narHash": "sha256-IgBWhX7A2oJmZFIrpRuMnw5RAufVnfvOgHWgIdds+hc=", "owner": "nixos", "repo": "nixpkgs", - "rev": "c11863f1e964833214b767f4a369c6e6a7aba141", + "rev": "f02fddb8acef29a8b32f10a335d44828d7825b78", "type": "github" }, "original": { @@ -415,11 +415,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1744440957, - "narHash": "sha256-FHlSkNqFmPxPJvy+6fNLaNeWnF1lZSgqVCl/eWaJRc4=", + "lastModified": 1746183838, + "narHash": "sha256-kwaaguGkAqTZ1oK0yXeQ3ayYjs8u/W7eEfrFpFfIDFA=", "owner": "nixos", "repo": "nixpkgs", - "rev": "26d499fc9f1d567283d5d56fcf367edd815dba1d", + "rev": "bf3287dac860542719fe7554e21e686108716879", "type": "github" }, "original": { @@ -504,11 +504,11 @@ ] }, "locked": { - "lastModified": 1744644585, - "narHash": "sha256-p0D/e4J6Sv6GSb+9u8OQcVHSE2gPNYB5ygIfGDyEiXQ=", + "lastModified": 1745871725, + "narHash": "sha256-M24SNc2flblWGXFkGQfqSlEOzAGZnMc9QG3GH4K/KbE=", "owner": "hyprwm", "repo": "xdg-desktop-portal-hyprland", - "rev": "be6771e754345f18244fb00aae5c9e5ab21ccc26", + "rev": "76bbf1a6b1378e4ab5230bad00ad04bc287c969e", "type": "github" }, "original": { diff --git a/laptops/t/home.nix b/laptops/t/home.nix index e2edaee..3d17fd5 100644 --- a/laptops/t/home.nix +++ b/laptops/t/home.nix @@ -33,9 +33,9 @@ GOPRIVATE = "gitlab.com/sidenio/*"; TERM = "xterm-256color"; - HTTP_PROXY = "http://hp4.home:3128"; - HTTPS_PROXY = "http://hp4.home:3128"; # Use http:// for the proxy address itself - NO_PROXY = "localhost,127.0.0.1,::1,172.16.0.0/16"; # Adjust CIDR if needed + #HTTP_PROXY = "http://hp4.home:3128"; + #HTTPS_PROXY = "http://hp4.home:3128"; + #NO_PROXY = "localhost,127.0.0.1,::1,172.16.0.0/16"; # You can also use ALL_PROXY or FTP_PROXY if needed # ALL_PROXY = "http://hp4:3128"; }; @@ -159,17 +159,18 @@ # https://tinygo.org/ #tinygo - # https://github.com/bazelbuild/bazel/tags - # https://github.com/NixOS/nixpkgs/blob/nixos-unstable/pkgs/development/tools/build-managers/bazel/bazel_7/default.nix#L524 - unstable.bazel_7 - - # https://github.com/bazel-contrib/bazel-gazelle/tags - # https://github.com/NixOS/nixpkgs/blob/nixos-unstable/pkgs/by-name/ba/bazel-gazelle/package.nix#L26 - unstable.bazel-gazelle - unstable.bazel-buildtools - unstable.bazelisk - # https://github.com/buchgr/bazel-remote - maybe something to look at? - # https://github.com/buildfarm/buildfarm?tab=readme-ov-file#helm-chart + # removing bazel and moving to the "nix develop" shell + # # https://github.com/bazelbuild/bazel/tags + # # https://github.com/NixOS/nixpkgs/blob/nixos-unstable/pkgs/development/tools/build-managers/bazel/bazel_7/default.nix#L524 + # unstable.bazel_7 + + # # https://github.com/bazel-contrib/bazel-gazelle/tags + # # https://github.com/NixOS/nixpkgs/blob/nixos-unstable/pkgs/by-name/ba/bazel-gazelle/package.nix#L26 + # unstable.bazel-gazelle + # unstable.bazel-buildtools + # unstable.bazelisk + # # https://github.com/buchgr/bazel-remote - maybe something to look at? + # # https://github.com/buildfarm/buildfarm?tab=readme-ov-file#helm-chart # Debugging/Profiling graphviz # for pprof diff --git a/laptops/t/sysctl.nix b/laptops/t/sysctl.nix index b6fa4a8..de472c7 100644 --- a/laptops/t/sysctl.nix +++ b/laptops/t/sysctl.nix @@ -2,6 +2,7 @@ { # https://www.kernel.org/doc/html/latest/networking/ip-sysctl.html + # https://www.l4sgear.com/ boot.kernel.sysctl = { # detect dead connections more quickly "net.ipv4.tcp_keepalive_intvl" = 30; @@ -39,5 +40,16 @@ #net.core.wmem_max = 212992 "net.ipv4.ip_local_port_range" = "1025 65535"; #net.ipv4.ip_local_port_range ="32768 60999" + # + #net.ipv4.inet_peer_maxttl = 600 + #net.ipv4.inet_peer_minttl = 120 + #net.ipv4.ip_default_ttl = 64 + # we DO want to save the slow start in the route cache + "net.ipv4.tcp_no_ssthresh_metrics_save" = 0; + #net.ipv4.tcp_no_ssthresh_metrics_save = 1 + "net.ipv4.tcp_reflect_tos" = 1; + #net.ipv4.tcp_reflect_tos = 0 + "net.ipv4.tcp_rto_min_us" = 50000; #50ms + #net.ipv4.tcp_rto_min_us = 200000 #200ms }; } \ No newline at end of file From 28cc8ea6ee1bfc6353f4dce3e44e1ddc3f3cb562 Mon Sep 17 00:00:00 2001 From: "randomizedcoder dave.seddon.ca@gmail.com" Date: Mon, 5 May 2025 10:15:39 -0700 Subject: [PATCH 06/25] fixed unfree --- laptops/t/configuration.nix | 39 ++-- laptops/t/configuration.nix.before | 314 ----------------------------- laptops/t/flake.nix | 32 ++- laptops/t/home.nix | 46 +++-- laptops/t/systemPackages.nix | 3 +- 5 files changed, 80 insertions(+), 354 deletions(-) delete mode 100644 laptops/t/configuration.nix.before diff --git a/laptops/t/configuration.nix b/laptops/t/configuration.nix index fd0ccdd..6bcbe88 100644 --- a/laptops/t/configuration.nix +++ b/laptops/t/configuration.nix @@ -247,20 +247,6 @@ # Or disable the firewall altogether. # networking.firewall.enable = false; - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - #system.stateVersion = "23.11"; - - system.stateVersion = "24.11"; - - virtualisation.containers = { - ociSeccompBpfHook.enable = true; - }; - # # https://nixos.wiki/wiki/Podman # virtualisation.podman = { # enable = true; @@ -282,11 +268,32 @@ programs.virt-manager.enable = true; virtualisation.spiceUSBRedirection.enable = true; + virtualisation.containers = { + ociSeccompBpfHook.enable = true; + }; + # guest # services.qemuGuest.enable = true; # services.spice-vdagentd.enable = true; - nixpkgs.config.allowUnfree = true; - # https://wiki.nixos.org/wiki/Laptop + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + #system.stateVersion = "23.11"; + + system.stateVersion = "24.11"; + + nixpkgs.config = { + allowUnfree = true; + allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ + "nvidia-x11" + "nvidia-settings" + "nvidia-persistenced" + ]; + }; } diff --git a/laptops/t/configuration.nix.before b/laptops/t/configuration.nix.before deleted file mode 100644 index 5cd5470..0000000 --- a/laptops/t/configuration.nix.before +++ /dev/null @@ -1,314 +0,0 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). - -# sudo nixos-rebuild switch -# sudo nix-channel --update -# nix-shell -p vim -# nmcli device wifi connect MYSSID password PWORD -# systemctl restart display-manager.service - -{ config, pkgs, ... }: - -# https://nixos.wiki/wiki/FAQ#How_can_I_install_a_package_from_unstable_while_remaining_on_the_stable_channel.3F - -{ - # https://nixos.wiki/wiki/NixOS_modules - imports = - [ # Include the results of the hardware scan. - ./hardware-configuration.nix - # sudo nix-channel --add https://github.com/nix-community/home-manager/archive/release-24.05.tar.gz home-manager - # sudo nix-channel --update - - # - ./sysctl.nix - ./wireless_desktop.nix - # sound removed for 24.11 - #./sound.nix - ./locale.nix - ./hosts.nix - ./firewall.nix - #./systemdSystem.nix - ./systemPackages.nix - ./home-manager.nix - ./nodeExporter.nix - ./prometheus.nix - ./grafana.nix - # clickhouse - #./docker-compose.nix - ./docker-daemon.nix - #./smokeping.nix - ]; - - - - # Bootloader. - boot.loader.systemd-boot = { - enable = true; - consoleMode = "max"; # Sets the console mode to the highest resolution supported by the firmware. - memtest86.enable = true; - }; - - boot.loader.efi.canTouchEfiVariables = true; - - # https://nixos.wiki/wiki/Linux_kernel - boot.kernelPackages = pkgs.linuxPackages_latest; - #boot.kernelPackages = pkgs.linuxPackages_rpi4 - - #boot.kernelParams = [ - # https://github.com/tolgaerok/nixos-2405-gnome/blob/main/core/boot/efi/efi.nix#L56C5-L56C21 - - nix = { - gc = { - automatic = true; # Enable automatic execution of the task - dates = "weekly"; # Schedule the task to run weekly - options = "--delete-older-than 10d"; # Specify options for the task: delete files older than 10 days - randomizedDelaySec = "14m"; # Introduce a randomized delay of up to 14 minutes before executing the task - }; - settings = { - auto-optimise-store = true; - experimental-features = [ "nix-command" "flakes" ]; - }; - }; - - # https://nixos.wiki/wiki/Networking - networking.hostName = "t"; - - services.lldpd.enable = true; - - # Set your time zone. - time.timeZone = "America/Los_Angeles"; - - # this option doesn't exist - # hardware.graphics.enable = true; - - # https://wiki.nixos.org/w/index.php?title=NVIDIA - # https://nixos.wiki/wiki/Nvidia - # https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/hardware/video/nvidia.nix - hardware.nvidia = { - - modesetting.enable = true; - - prime = { - # ([[:print:]]+[:@][0-9]{1,3}:[0-9]{1,2}:[0-9])?' - # 00:02.0 VGA compatible controller: Intel Corporation CometLake-H GT2 [UHD Graphics] (rev 05) - intelBusId = "PCI:0:2:0"; - # 01:00.0 VGA compatible controller: NVIDIA Corporation TU117GLM [Quadro T2000 Mobile / Max-Q] (rev a1) - nvidiaBusId = "PCI:1:0:0"; - offload = { - enable = true; - #sync.enable = true; - enableOffloadCmd = true; - }; - }; - - # Nvidia power management. Experimental, and can cause sleep/suspend to fail. - # Enable this if you have graphical corruption issues or application crashes after waking - # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead - # of just the bare essentials. - powerManagement = { - enable = true; - # Fine-grained power management. Turns off GPU when not in use. - # Experimental and only works on modern Nvidia GPUs (Turing or newer). - finegrained = true; - }; - - # Use the NVidia open source kernel module (not to be confused with the - # independent third-party "nouveau" open source driver). - # Support is limited to the Turing and later architectures. Full list of - # supported GPUs is at: - # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus - # Only available from driver 515.43.04+ - # Currently alpha-quality/buggy, so false is currently the recommended setting. - # prioritry drivers don't compile on 6.10.3 - open = true; - #open = false; - - # Enable the Nvidia settings menu, - # accessible via `nvidia-settings`. - # nvidiaSettings = true; - nvidiaSettings = false; - - # Optionally, you may need to select the appropriate driver version for your specific GPU. - # package = config.boot.kernelPackages.nvidiaPackages.stable; - #package = config.boot.kernelPackages.nvidiaPackages.stable; - package = config.boot.kernelPackages.nvidiaPackages.beta; - #package = config.boot.kernelPackages.nvidiaPackages.production; - # https://nixos.wiki/wiki/Nvidia#Determining_the_Correct_Driver_Version - }; - - # Nouveau is enabled by default whenever graphics are enabled - # This name will change to hardware.opengl.enable, with 24.11 - hardware.opengl = { - enable = true; - # removed in 24.11 - #driSupport = true; - }; - - services.xserver = { - enable = true; - # Load nvidia driver for Xorg and Wayland - videoDrivers = [ "nvidia-open" ]; - #videoDrivers = [ "nvidia" ]; - # Display Managers are responsible for handling user login - displayManager = { - gdm.enable = true; - }; - # Enable the GNOME Desktop Environment. - desktopManager = { - gnome.enable = true; - plasma5.enable = false; - xterm.enable = false; - }; - # https://discourse.nixos.org/t/help-with-setting-up-a-different-desktop-environment-window-manager/15025/6 - - # Configure keymap in X11 - xkb.layout = "us"; - xkb.variant = ""; - }; - - # https://theo.is-a.dev/blog/post/hyprland-adventure/ - #[das@t:~]$ lshw -c video | grep config - #WARNING: you should run this program as super-user. - # configuration: depth=32 driver=nouveau latency=0 resolution=3840,2160 - # configuration: depth=32 driver=i915 latency=0 resolution=3840,2160 - # - #[das@t:~]$ lspci -nnk | egrep -i --color 'vga|3d|2d' -A3 | grep 'in use' - #Kernel driver in use: i915 - #Kernel driver in use: nouveau - # - #[das@t:~]$ lspci -nnk | grep -i vga -A2 - #00:02.0 VGA compatible controller [0300]: Intel Corporation CometLake-H GT2 [UHD Graphics] [8086:9bc4] (rev 05) - #Subsystem: Lenovo Device [17aa:22c0] - #Kernel driver in use: i915 - #-- - #01:00.0 VGA compatible controller [0300]: NVIDIA Corporation TU117GLM [Quadro T2000 Mobile / Max-Q] [10de:1fb8] (rev a1) - #Subsystem: Lenovo Device [17aa:22c0] - #Kernel driver in use: nouveau - # - # hwinfo --gfxcard - - services.udev.packages = [ pkgs.gnome.gnome-settings-daemon ]; - - services.bpftune.enable = true; - - systemd.services.modem-manager.enable = false; - systemd.services."dbus-org.freedesktop.ModemManager1".enable = false; - - # https://discourse.nixos.org/t/unable-to-fix-too-many-open-files-error/27094/6 - systemd.extraConfig = "DefaultLimitNOFILE=2048"; # defaults to 1024 if unset - - # Enable touchpad support (enabled default in most desktopManager). - services.libinput.enable = true; - - # https://nixos.wiki/wiki/Printing - services.printing.enable = true; - services.avahi = { - enable = true; - nssmdns4 = true; - openFirewall = true; - }; - - environment.sessionVariables = { - TERM = "xterm-256color"; - #MY_VARIABLE = "my-value"; - #ANOTHER_VARIABLE = "another-value"; - }; - - users.users.das = { - isNormalUser = true; - description = "das"; - extraGroups = [ "wheel" "networkmanager" "kvm" "libvirtd" "docker" "video" ]; - # users.extraGroups.docker.members = [ "das" ]; - packages = with pkgs; [ - ]; - # https://nixos.wiki/wiki/SSH_public_key_authentication - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGMCFUMSCFJX95eLfm7P9r72NBp9I1FiXwNwJ+x/HGPV das@t" - ]; - }; - - # Allow unfree packages - nixpkgs.config.allowUnfree = true; - - # List packages installed in system profile. To search, run: - # $ nix search wget - environment.systemPackages = with pkgs; [ - # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. - # wget - vim - curl - wget - tcpdump - iproute2 - nftables - iptables - pciutils - usbutils - pciutils - virt-manager - cudatoolkit - pkgs.gnomeExtensions.appindicator - ]; - - # Some programs need SUID wrappers, can be configured further or are - # started in user sessions. - # programs.mtr.enable = true; - # programs.gnupg.agent = { - # enable = true; - # enableSSHSupport = true; - # }; - programs.gnupg.agent = { - enable = true; - enableSSHSupport = true; - }; - - #programs.hyprland.enable = true; - - services.openssh.enable = true; - - services.timesyncd.enable = true; - - services.fstrim.enable = true; - - # Open ports in the firewall. - # networking.firewall.allowedTCPPorts = [ ... ]; - # networking.firewall.allowedUDPPorts = [ ... ]; - # Or disable the firewall altogether. - # networking.firewall.enable = false; - - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - #system.stateVersion = "23.11"; - system.stateVersion = "24.05"; - - virtualisation.containers = { - ociSeccompBpfHook.enable = true; - }; - - # # https://nixos.wiki/wiki/Podman - # virtualisation.podman = { - # enable = true; - # dockerCompat = true; - # defaultNetwork.settings.dns_enabled = true; - # autoPrune.enable = true; - # }; - # #virtualisation.oci-containers.backend = "podman"; - # # virtualisation.oci-containers.containers = { - # # container-name = { - # # image = "container-image"; - # # autoStart = true; - # # ports = [ "127.0.0.1:1234:1234" ]; - # # }; - # # }; - - virtualisation.libvirtd.enable = true; - programs.virt-manager.enable = true; - # services.qemuGuest.enable = true; - - # https://wiki.nixos.org/wiki/Laptop -} diff --git a/laptops/t/flake.nix b/laptops/t/flake.nix index cf2ced4..43d0e08 100644 --- a/laptops/t/flake.nix +++ b/laptops/t/flake.nix @@ -36,7 +36,17 @@ system = "x86_64-linux"; pkgs = import nixpkgs { inherit system; - config = { allowUnfree = true; }; + config = { + allowUnfree = true; + allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ + "nvidia-x11" + "nvidia-settings" + "nvidia-persistenced" + "google-chrome" + "android-studio" + "android-studio-stable" + ]; + }; }; # https://nixos.wiki/wiki/Flakes#Importing_packages_from_multiple_channels # overlay-unstable = final: prev: { @@ -45,23 +55,35 @@ overlay-unstable = final: prev: { unstable = import nixpkgs-unstable { inherit system; - config = { allowUnfree = true; }; + config = { + allowUnfree = true; + # allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ + # "vscode" + # "code-cursor" + # "slack" + # "zoom-us" + # "nvidia-x11" + # ]; + }; }; }; lib = nixpkgs.lib; in { nixosConfigurations = { t = lib.nixosSystem rec { - #system ="x86_64-linux"; inherit system; - specialArgs = { inherit hyprland; }; + specialArgs = { + inherit hyprland; + inherit overlay-unstable; + }; modules = [ ({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay-unstable ]; }) ./configuration.nix hyprland.nixosModules.default home-manager.nixosModules.home-manager { - home-manager.useGlobalPkgs = true; + # https://nix-community.github.io/home-manager/nixos-options.xhtml#nixos-opt-home-manager.useGlobalPkgs + #home-manager.useGlobalPkgs = true; # This disables the Home Manager options nixpkgs.*. home-manager.useUserPackages = true; home-manager.users.das = import ./home.nix; home-manager.extraSpecialArgs = specialArgs; diff --git a/laptops/t/home.nix b/laptops/t/home.nix index 3d17fd5..d2e5f57 100644 --- a/laptops/t/home.nix +++ b/laptops/t/home.nix @@ -2,6 +2,7 @@ hyprland, config, pkgs, + overlay-unstable, ... }: #{ config, pkgs, ... }: @@ -26,18 +27,20 @@ # https://nix-community.github.io/home-manager/options.xhtml#opt-home.sessionVariables home.sessionVariables = { - QT_QPA_PLATFORM = "wayland"; - GI_TYPELIB_PATH = "/run/current-system/sw/lib/girepository-1.0"; - # disable wayland - NIXOS_OZONE_WL = "1"; - GOPRIVATE = "gitlab.com/sidenio/*"; - TERM = "xterm-256color"; - - #HTTP_PROXY = "http://hp4.home:3128"; - #HTTPS_PROXY = "http://hp4.home:3128"; - #NO_PROXY = "localhost,127.0.0.1,::1,172.16.0.0/16"; - # You can also use ALL_PROXY or FTP_PROXY if needed - # ALL_PROXY = "http://hp4:3128"; + NIXPKGS_ALLOW_UNFREE = "1"; + + QT_QPA_PLATFORM = "wayland"; + GI_TYPELIB_PATH = "/run/current-system/sw/lib/girepository-1.0"; + # disable wayland + NIXOS_OZONE_WL = "1"; + GOPRIVATE = "gitlab.com/sidenio/*"; + TERM = "xterm-256color"; + + #HTTP_PROXY = "http://hp4.home:3128"; + #HTTPS_PROXY = "http://hp4.home:3128"; + #NO_PROXY = "localhost,127.0.0.1,::1,172.16.0.0/16"; + # You can also use ALL_PROXY or FTP_PROXY if needed + # ALL_PROXY = "http://hp4:3128"; }; home.packages = with pkgs; [ @@ -164,6 +167,8 @@ # # https://github.com/NixOS/nixpkgs/blob/nixos-unstable/pkgs/development/tools/build-managers/bazel/bazel_7/default.nix#L524 # unstable.bazel_7 + unstable.code-cursor + # # https://github.com/bazel-contrib/bazel-gazelle/tags # # https://github.com/NixOS/nixpkgs/blob/nixos-unstable/pkgs/by-name/ba/bazel-gazelle/package.nix#L26 # unstable.bazel-gazelle @@ -249,8 +254,8 @@ # Communication # https://nixos.wiki/wiki/Slack - slack - zoom-us + unstable.slack + unstable.zoom-us # Screenshots/Screen Recording # https://wiki.nixos.org/wiki/Flameshot @@ -320,9 +325,11 @@ # https://mynixos.com/home-manager/options/programs.vscode programs.vscode = { enable = true; - package = pkgs.vscode; - extensions = with pkgs.vscode-extensions; [ - bbenoist.nix + # package = pkgs.vscode; + # extensions = with pkgs.vscode-extensions; [ + package = pkgs.unstable.vscode; + extensions = with pkgs.unstable.vscode-extensions; [ + #bbenoist.nix dart-code.dart-code dart-code.flutter golang.go @@ -356,7 +363,7 @@ zxh404.vscode-proto3 yzhang.markdown-all-in-one #platformio.platformio-ide - github.copilot + #github.copilot # nix #brettm12345.nixfmt.vscode jnoortheen.nix-ide @@ -568,8 +575,11 @@ }; # https://github.com/colemickens/nixcfg/blob/1915d408ea28a5b7279f94df7a982dbf2cf692ef/mixins/ghostty.nix#L19 + # set at flake.nix level nixpkgs.config.allowUnfree = true; + nixpkgs.overlays = [ overlay-unstable ]; + #home.stateVersion = "23.11"; home.stateVersion = "24.11"; } diff --git a/laptops/t/systemPackages.nix b/laptops/t/systemPackages.nix index 4378681..29c1758 100644 --- a/laptops/t/systemPackages.nix +++ b/laptops/t/systemPackages.nix @@ -4,7 +4,8 @@ ... }: { - nixpkgs.config.allowUnfree = true; + # set at flake.nix level + #nixpkgs.config.allowUnfree = true; # $ nix search wget environment.systemPackages = with pkgs; [ From 9f7456d0a68c093a809e3c16a97c9be48967def7 Mon Sep 17 00:00:00 2001 From: "randomizedcoder dave.seddon.ca@gmail.com" Date: Fri, 16 May 2025 14:18:08 -0700 Subject: [PATCH 07/25] nginx --- hp/hp4/nginx.nix | 110 ++++++--------------- laptops/t/Makefile | 3 + laptops/t/configuration.nix | 75 +++++++-------- laptops/t/hardware-graphics.nix | 128 +++++++++++-------------- laptops/t/home.nix | 22 ++++- laptops/t/systemPackages.nix | 36 ++----- laptops/t14/x.nix | 163 -------------------------------- 7 files changed, 147 insertions(+), 390 deletions(-) delete mode 100644 laptops/t14/x.nix diff --git a/hp/hp4/nginx.nix b/hp/hp4/nginx.nix index eeca782..9174cbe 100644 --- a/hp/hp4/nginx.nix +++ b/hp/hp4/nginx.nix @@ -9,104 +9,54 @@ # https://github.com/nixinator/cardano-ops/blob/8a7be334a476a80829e17c8a0ca6ec374347a937/roles/explorer.nix#L313 # grep ExecStartPre /etc/systemd/system/nginx.service services.nginx = { - enable = true; - - # package = mkOption { - # default = pkgs.nginxStable; - defaultHTTPListenPort = 8080; - defaultSSLListenPort = 8443; - - #openFirewall = true; # doesn't exist - statusPage = true; recommendedProxySettings = true; recommendedTlsSettings = true; - recommendedZstdSettings = true; recommendedGzipSettings = true; recommendedOptimisation = true; recommendedBrotliSettings = true; - resolver = { - addresses = [ "127.0.0.1" ]; # Point to local pdns-recursor - # valid = "30s"; # Optional: Override DNS cache TTL - # ipv6 = false; # Optional: Disable IPv6 lookups if desired - }; - - # proxyCachePath = { - # "main_cache" = { - # # Path will be /var/cache/nginx/main_cache - # levels = "1:2"; - # keysZoneName = "my_proxy_zone"; - # keysZoneSize = "10m"; - # maxSize = "10g"; - # inactive = "60m"; - # useTempPath = false; - # }; - # }; - - eventsConfig = '' - worker_connections 4096; - ''; - - appendHttpConfig = '' - proxy_cache_path /var/cache/nginx/main_cache levels=1:2 keys_zone=my_proxy_zone:10m max_size=10g inactive=60m use_temp_path=off; - ''; - + # Minimal configuration for serving files virtualHosts."_" = { - #listen = [{ addr = "0.0.0.0"; port = 3128; }]; - listen = [{ addr = "0.0.0.0"; port = 8080; }]; - - extraConfig = '' - #resolver 127.0.0.1; - - location / { - proxy_http_version 1.1; - proxy_pass $request_uri; - #proxy_pass http://$host$uri$is_args$args; - - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Real-IP $remote_addr; - - proxy_cache my_proxy_zone; - proxy_cache_key "$scheme$request_method$host$request_uri"; - proxy_cache_valid 200 302 10m; - proxy_cache_valid 404 1m; - proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504; - } - ''; + serverName = "_"; + root = "/var/www/html"; + default = true; + + locations."/" = { + extraConfig = '' + autoindex on; + autoindex_exact_size on; + autoindex_localtime on; + #index index.html; + ''; + }; + + locations."/nginx_status" = { + extraConfig = '' + stub_status on; + access_log off; + allow 127.0.0.1; + allow ::1; + allow 172.16.50.0/24; + deny all; + ''; + }; }; }; + + # Ensure the docRoot directory exists and has correct permissions + systemd.tmpfiles.rules = [ + "d /var/www/html 0755 nginx nginx - -" + ]; + # journalctl --follow --namespace nginx systemd.services.nginx.serviceConfig.LogNamespace = "nginx"; - # systemd.tmpfiles.rules = [ - # "d /var/cache/nginx 0700 nginx nginx - -" - # "d /var/log/nginx 0755 nginx nginx - -" - # ]; - systemd.tmpfiles.settings."nginx-dirs" = { - "/var/cache/nginx"."d" = { - mode = "0700"; - user = "nginx"; - group = "nginx"; - }; - "/var/log/nginx"."d" = { - mode = "0755"; - user = "nginx"; - group = "nginx"; - }; - "/run/nginx"."d" = { - mode = "0755"; - user = "nginx"; - group = "nginx"; - }; - }; - services.prometheus.exporters.nginx = { enable = true; openFirewall = true; diff --git a/laptops/t/Makefile b/laptops/t/Makefile index 7a0b23d..0f9e0a8 100644 --- a/laptops/t/Makefile +++ b/laptops/t/Makefile @@ -54,4 +54,7 @@ update_oldm.: sudo nixos-rebuild switch #nix-shell -p vim +restart_display_manager: + sudo systemctl restart display-manager.service + # end diff --git a/laptops/t/configuration.nix b/laptops/t/configuration.nix index 6bcbe88..7269869 100644 --- a/laptops/t/configuration.nix +++ b/laptops/t/configuration.nix @@ -1,6 +1,6 @@ # Edit this configuration file to define what should be installed on # your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). +# and in the NixOS manual (accessible by running 'nixos-help'). # sudo nixos-rebuild switch # sudo nix-channel --update @@ -46,7 +46,6 @@ ]; boot = { - loader.systemd-boot = { enable = true; consoleMode = "max"; @@ -63,8 +62,8 @@ # https://github.com/tolgaerok/nixos-2405-gnome/blob/main/core/boot/efi/efi.nix#L56C5-L56C21 kernelParams = [ - #"nvidia-drm.modeset=1" - #"nvidia-drm.fbdev=1" + "nvidia-drm.modeset=1" + "nvidia-drm.fbdev=1" # https://www.reddit.com/r/NixOS/comments/u5l3ya/cant_start_x_in_nixos/?rdt=56160 #"nomodeset" ]; @@ -78,50 +77,34 @@ # https://nixos.org/manual/nixos/stable/options#opt-boot.binfmt.emulatedSystems binfmt.emulatedSystems = [ "aarch64-linux" "riscv64-linux" ]; - extraModulePackages = with config.boot.kernelPackages; [ - v4l2loopback - #nvidia_x11 + extraModulePackages = [ + config.boot.kernelPackages.v4l2loopback + pkgs.unstable.linuxPackages.nvidiaPackages.production ]; - # https://nixos.wiki/wiki/Libvirt#Nested_virtualization - #extraModprobeConfig = "options kvm_intel nested=1"; - # https://gist.github.com/chrisheib/162c8cad466638f568f0fb7e5a6f4f6b#file-config_working-nix-L19 - extraModprobeConfig = - "options nvidia " - #"" - + lib.concatStringsSep " " [ - # nvidia assume that by default your CPU does not support PAT, - # but this is effectively never the case in 2023 - "NVreg_UsePageAttributeTable=1" - # This is sometimes needed for ddc/ci support, see - # https://www.ddcutil.com/nvidia/ - # - # Current monitor does not support it, but this is useful for - # the future - "NVreg_RegistryDwords=RMUseSwI2c=0x01;RMI2cSpeed=100" - "options kvm_intel nested=1" - # # https://nixos.wiki/wiki/OBS_Studio - '' - options v4l2loopback devices=1 video_nr=1 card_label="OBS Cam" exclusive_caps=1 - '' - ]; + extraModprobeConfig = '' + options nvidia NVreg_UsePageAttributeTable=1 + options nvidia NVreg_RegistryDwords=RMUseSwI2c=0x01;RMI2cSpeed=100 + options kvm_intel nested=1 + options v4l2loopback devices=1 video_nr=1 card_label="OBS Cam" exclusive_caps=1 + ''; }; # For OBS security.polkit.enable = true; nix = { - gc = { - automatic = true; # Enable automatic execution of the task - dates = "weekly"; # Schedule the task to run weekly - options = "--delete-older-than 10d"; # Specify options for the task: delete files older than 10 days - randomizedDelaySec = "14m"; # Introduce a randomized delay of up to 14 minutes before executing the task - }; settings = { auto-optimise-store = true; experimental-features = [ "nix-command" "flakes" ]; download-buffer-size = "500000000"; }; + gc = { + automatic = true; # Enable automatic execution of the task + dates = "daily"; # Schedule the task to run daily + options = "--delete-older-than 10d"; # Specify options for the task: delete files older than 10 days + randomizedDelaySec = "14m"; # Introduce a randomized delay of up to 14 minutes before executing the task + }; }; # https://nixos.wiki/wiki/Networking @@ -280,7 +263,7 @@ # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave + # on your system were taken. It's perfectly fine and recommended to leave # this value at the release version of the first install of this system. # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). @@ -290,10 +273,20 @@ nixpkgs.config = { allowUnfree = true; - allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ - "nvidia-x11" - "nvidia-settings" - "nvidia-persistenced" - ]; + # allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ + # "nvidia-x11" + # "nvidia-settings" + # "nvidia-persistenced" + # ]; }; + + # hardware.opengl = { + # enable = true; + # driSupport = true; + # driSupport32Bit = true; + # extraPackages = with pkgs; [ + # vaapiVdpau + # libvdpau-va-gl + # ]; + # }; } diff --git a/laptops/t/hardware-graphics.nix b/laptops/t/hardware-graphics.nix index 32d0f37..674dffd 100644 --- a/laptops/t/hardware-graphics.nix +++ b/laptops/t/hardware-graphics.nix @@ -10,24 +10,26 @@ ... }: { - # hardware.opengl.enable = true; - # was renamed to: + # Use hardware.graphics for graphics configuration hardware.graphics = { enable = true; - extraPackages = with pkgs; [ - # https://discourse.nixos.org/t/nvidia-open-breaks-hardware-acceleration/58770/2 - nvidia-vaapi-driver - vaapiVdpau - libvdpau - libvdpau-va-gl - vdpauinfo + enable32Bit = true; + extraPackages = with pkgs.unstable; [ + # VA-API support libva libva-utils - # https://wiki.nixos.org/wiki/Intel_Graphics - #vpl-gpu-rt - # added 2025/02/03 not tested vaapiIntel intel-media-driver + + # VDPAU support + vaapiVdpau + libvdpau + libvdpau-va-gl + vdpauinfo + + # OpenGL support + libGLU + libGL ]; }; @@ -36,72 +38,33 @@ # nix-prefetch-url --name displaylink-600.zip https://www.synaptics.com/sites/default/files/exe_files/2024-05/DisplayLink%20USB%20Graphics%20Software%20for%20Ubuntu6.0-EXE.zip #services.xserver.videoDrivers = [ "displaylink" "modesetting" ]; - # https://wiki.nixos.org/w/index.php?title=NVIDIA + # https://wiki.nixos.org/wiki/NVIDIA # https://nixos.wiki/wiki/Nvidia # https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/hardware/video/nvidia.nix # https://github.com/NixOS/nixpkgs/blob/nixos-24.11/nixos/modules/hardware/video/nvidia.nix hardware.nvidia = { - - # This will no longer be necessary when - # https://github.com/NixOS/nixpkgs/pull/326369 hits stable - #modesetting.enable = true; - modesetting.enable = lib.mkDefault true; - + modesetting.enable = true; powerManagement = { enable = true; - #finegrained = true; + finegrained = true; }; - # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus - # Only available from driver 515.43.04+ - # Currently alpha-quality/buggy, so false is currently the recommended setting. - # prioritry drivers don't compile on 6.10.3 - # Set to false for proprietary drivers -> https://download.nvidia.com/XFree86/Linux-x86_64/565.77/README/kernel_open.html - open = true; - + open = false; nvidiaSettings = true; - - #package = config.boot.kernelPackages.nvidiaPackages.stable; - #package = config.boot.kernelPackages.nvidiaPackages.stable; - #package = config.boot.kernelPackages.nvidiaPackages.beta; # <---------- was using this - #package = config.boot.kernelPackages.nvidiaPackages.production; - # https://nixos.wiki/wiki/Nvidia#Determining_the_Correct_Driver_Version - # https://github.com/NixOS/nixpkgs/blob/master/pkgs/by-name/nv/nvidia-modprobe/package.nix - #package = pkgs.linuxPackages.nvidia_x11; - package = pkgs.unstable.linuxPackages.nvidia_x11; + package = pkgs.unstable.linuxPackages.nvidiaPackages.production; + + prime = { + offload.enable = true; + # Intel GPU + intelBusId = "PCI:0:2:0"; + # NVIDIA is your secondary GPU + nvidiaBusId = "PCI:1:0:0"; + }; }; - # https://theo.is-a.dev/blog/post/hyprland-adventure/ - #[das@t:~]$ lshw -c video | grep config - #WARNING: you should run this program as super-user. - # configuration: depth=32 driver=nouveau latency=0 resolution=3840,2160 - # configuration: depth=32 driver=i915 latency=0 resolution=3840,2160 - # - #[das@t:~]$ lspci -nnk | egrep -i --color 'vga|3d|2d' -A3 | grep 'in use' - #Kernel driver in use: i915 - #Kernel driver in use: nouveau - # - #[das@t:~]$ lspci -nnk | grep -i vga -A2 - #00:02.0 VGA compatible controller [0300]: Intel Corporation CometLake-H GT2 [UHD Graphics] [8086:9bc4] (rev 05) - #Subsystem: Lenovo Device [17aa:22c0] - #Kernel driver in use: i915 - #-- - #01:00.0 VGA compatible controller [0300]: NVIDIA Corporation TU117GLM [Quadro T2000 Mobile / Max-Q] [10de:1fb8] (rev a1) - #Subsystem: Lenovo Device [17aa:22c0] - #Kernel driver in use: nouveau - # - # hwinfo --gfxcard - services.xserver = { enable = true; - - videoDrivers = [ "nvidia" "modesetting" ]; # modesetting ~= intel - # intel does NOT exist - # videoDrivers = [ "nvidia" "intel" ]; - # https://github.com/NixOS/nixpkgs/blob/nixos-24.11/nixos/modules/hardware/video/displaylink.nix - #videoDrivers = [ "nvidia" "displaylink" ]; - - # Display Managers are responsible for handling user login + videoDrivers = [ "modesetting" "nvidia" ]; displayManager = { gdm.enable = true; }; @@ -122,28 +85,45 @@ # https://discourse.nixos.org/t/nvidia-open-breaks-hardware-acceleration/58770/12?u=randomizedcoder # https://gist.github.com/chrisheib/162c8cad466638f568f0fb7e5a6f4f6b#file-config-nix-L193 environment.variables = { - MOZ_DISABLE_RDD_SANDBOX = "1"; - LIBVA_DRIVER_NAME = "nvidia"; + # VA-API configuration + LIBVA_DRIVER_NAME = "iHD"; + LIBVA_DRIVER_FALLBACK = "nvidia"; + + # NVIDIA configuration GBM_BACKEND = "nvidia-drm"; __GLX_VENDOR_LIBRARY_NAME = "nvidia"; NVD_BACKEND = "direct"; + + # Wayland configuration EGL_PLATFORM = "wayland"; - # prevents cursor disappear when using Nvidia drivers WLR_NO_HARDWARE_CURSORS = "1"; - MOZ_ENABLE_WAYLAND = "1"; XDG_SESSION_TYPE = "wayland"; NIXOS_OZONE_WL = "1"; - CUDA_PATH = "${pkgs.linuxPackages.nvidia_x11}/lib"; - # export LD_LIBRARY_PATH=${pkgs.linuxPackages.nvidia_x11}/lib - EXTRA_LDFLAGS = "-L/lib -L${pkgs.linuxPackages.nvidia_x11}/lib"; + # NVIDIA library paths + CUDA_PATH = "${config.hardware.nvidia.package}/lib"; + EXTRA_LDFLAGS = "-L/lib -L${config.hardware.nvidia.package}/lib"; EXTRA_CCFLAGS = "-I/usr/include"; - LD_LIBRARY_PATH = "$\{LD_LIBRARY_PATH\}:/run/opengl-driver/lib:${pkgs.linuxPackages.nvidia_x11}/lib"; + LD_LIBRARY_PATH = "/run/opengl-driver/lib:${config.hardware.nvidia.package}/lib"; - # flameshot + # Qt applications QT_QPA_PLATFORM = "wayland"; }; + + # Session variables for Electron apps + environment.sessionVariables = { + NIXOS_OZONE_WL = "1"; + MOZ_ENABLE_WAYLAND = "1"; + ELECTRON_OZONE_PLATFORM_HINT = "wayland"; + ELECTRON_EXTRA_LAUNCH_ARGS = "--enable-features=VaapiVideoDecoder,VaapiVideoEncoder,UseOzonePlatform --ozone-platform=wayland"; + }; + + # Browser configuration + nixpkgs.config.chromium.commandLineArgs = "--enable-features=VaapiVideoDecoder,VaapiVideoEncoder,UseOzonePlatform --ozone-platform=wayland"; + nixpkgs.config.firefox.commandLineArgs = "--enable-features=VaapiVideoDecoder,VaapiVideoEncoder,UseOzonePlatform --ozone-platform=wayland"; + + nixpkgs.config.allowAliases = false; } # i tried prime, but it didn't seem to work diff --git a/laptops/t/home.nix b/laptops/t/home.nix index d2e5f57..68e90ec 100644 --- a/laptops/t/home.nix +++ b/laptops/t/home.nix @@ -58,11 +58,24 @@ tmux screen + # LLVM/Clang toolchain (needed for race detection and C/C++ builds) + llvmPackages_19.libcxxClang + llvmPackages_19.lld + llvmPackages_19.libcxx.dev + + # Essential development libraries (minimal headers) + glibc.dev + stdenv.cc.cc.lib + zlib.dev + openssl.dev + ncurses.dev + libyaml.dev + # Build Tools libgcc # https://nixos.wiki/wiki/C # https://search.nixos.org/packages?channel=24.05&show=gcc&from=0&size=50&sort=relevance&type=packages&query=gcc - gcc + #gcc automake gnumake #cmake @@ -79,6 +92,8 @@ btop minicom + bc + # Compression bzip2 gzip @@ -88,6 +103,8 @@ xz zstd + gnutar + # File Transfer/Management rsync tree @@ -165,7 +182,8 @@ # removing bazel and moving to the "nix develop" shell # # https://github.com/bazelbuild/bazel/tags # # https://github.com/NixOS/nixpkgs/blob/nixos-unstable/pkgs/development/tools/build-managers/bazel/bazel_7/default.nix#L524 - # unstable.bazel_7 + unstable.bazel_7 + unstable.bazel-buildtools unstable.code-cursor diff --git a/laptops/t/systemPackages.nix b/laptops/t/systemPackages.nix index 29c1758..62720d8 100644 --- a/laptops/t/systemPackages.nix +++ b/laptops/t/systemPackages.nix @@ -5,12 +5,11 @@ }: { # set at flake.nix level - #nixpkgs.config.allowUnfree = true; + nixpkgs.config.allowUnfree = true; # $ nix search wget environment.systemPackages = with pkgs; [ - # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. - # wget + # Basic system tools psmisc vim curl @@ -21,45 +20,22 @@ iptables pciutils usbutils - pciutils - virt-manager - pkgs.gnomeExtensions.appindicator iw wirelesstools wpa_supplicant - #wpa_supplicant_ro_ssids lldpd #snmp seems to be needed by lldpd net-snmp - unstable.neofetch - - # https://wiki.nixos.org/wiki/Flameshot - #(flameshot.override { enableWlrSupport = true; }) + neofetch - # hyprland - unstable.hyprland - swww # for wallpapers - xdg-desktop-portal-gtk - xdg-desktop-portal-hyprland + # Wayland support xwayland meson wayland-protocols wayland-utils wl-clipboard - wlroots - # - #nvidia - unstable.vdpauinfo # sudo vainfo - unstable.libva-utils # sudo vainfo - # https://discourse.nixos.org/t/nvidia-open-breaks-hardware-acceleration/58770/2 - # - unstable.ffmpeg-full - # - # https://nixos.wiki/wiki/CUDA - unstable.cudatoolkit - unstable.linuxPackages.nvidia_x11 - unstable.libGLU - unstable.libGL + # https://wiki.nixos.org/wiki/Flameshot + #(flameshot.override { enableWlrSupport = true; }) ]; } \ No newline at end of file diff --git a/laptops/t14/x.nix b/laptops/t14/x.nix deleted file mode 100644 index 7fe7a23..0000000 --- a/laptops/t14/x.nix +++ /dev/null @@ -1,163 +0,0 @@ -# -# nixos/laptops/t/hardware-graphics.nix -# -{ config, - pkgs, - lib, - ... -}: -{ - # hardware.opengl.enable = true; - # was renamed to: - hardware.graphics = { - enable = true; - extraPackages = with pkgs; [ - # https://discourse.nixos.org/t/nvidia-open-breaks-hardware-acceleration/58770/2 - nvidia-vaapi-driver - vaapiVdpau - libvdpau - libvdpau-va-gl - vdpauinfo - libva - libva-utils - # https://wiki.nixos.org/wiki/Intel_Graphics - #vpl-gpu-rt - # added 2025/02/03 not tested - vaapiIntel - intel-media-driver - ]; - }; - - # TODO try displaylink - # https://nixos.wiki/wiki/Displaylink - # nix-prefetch-url --name displaylink-600.zip https://www.synaptics.com/sites/default/files/exe_files/2024-05/DisplayLink%20USB%20Graphics%20Software%20for%20Ubuntu6.0-EXE.zip - #services.xserver.videoDrivers = [ "displaylink" "modesetting" ]; - - # https://wiki.nixos.org/w/index.php?title=NVIDIA - # https://nixos.wiki/wiki/Nvidia - # https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/hardware/video/nvidia.nix - # https://github.com/NixOS/nixpkgs/blob/nixos-24.11/nixos/modules/hardware/video/nvidia.nix - hardware.nvidia = { - - # This will no longer be necessary when - # https://github.com/NixOS/nixpkgs/pull/326369 hits stable - #modesetting.enable = true; - modesetting.enable = lib.mkDefault true; - - powerManagement = { - enable = true; - #finegrained = true; - }; - - # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus - # Only available from driver 515.43.04+ - # Currently alpha-quality/buggy, so false is currently the recommended setting. - # prioritry drivers don't compile on 6.10.3 - # Set to false for proprietary drivers -> https://download.nvidia.com/XFree86/Linux-x86_64/565.77/README/kernel_open.html - open = true; - - nvidiaSettings = true; - - #package = config.boot.kernelPackages.nvidiaPackages.stable; - #package = config.boot.kernelPackages.nvidiaPackages.stable; - #package = config.boot.kernelPackages.nvidiaPackages.beta; # <---------- was using this - #package = config.boot.kernelPackages.nvidiaPackages.production; - # https://nixos.wiki/wiki/Nvidia#Determining_the_Correct_Driver_Version - # https://github.com/NixOS/nixpkgs/blob/master/pkgs/by-name/nv/nvidia-modprobe/package.nix - #package = pkgs.linuxPackages.nvidia_x11; - package = pkgs.unstable.linuxPackages.nvidia_x11; - }; - - # https://theo.is-a.dev/blog/post/hyprland-adventure/ - #[das@t:~]$ lshw -c video | grep config - #WARNING: you should run this program as super-user. - # configuration: depth=32 driver=nouveau latency=0 resolution=3840,2160 - # configuration: depth=32 driver=i915 latency=0 resolution=3840,2160 - # - #[das@t:~]$ lspci -nnk | egrep -i --color 'vga|3d|2d' -A3 | grep 'in use' - #Kernel driver in use: i915 - #Kernel driver in use: nouveau - # - #[das@t:~]$ lspci -nnk | grep -i vga -A2 - #00:02.0 VGA compatible controller [0300]: Intel Corporation CometLake-H GT2 [UHD Graphics] [8086:9bc4] (rev 05) - #Subsystem: Lenovo Device [17aa:22c0] - #Kernel driver in use: i915 - #-- - #01:00.0 VGA compatible controller [0300]: NVIDIA Corporation TU117GLM [Quadro T2000 Mobile / Max-Q] [10de:1fb8] (rev a1) - #Subsystem: Lenovo Device [17aa:22c0] - #Kernel driver in use: nouveau - # - # hwinfo --gfxcard - - services.xserver = { - enable = true; - - #videoDrivers = [ "nvidia" "modesetting" ]; # modesetting ~= intel - # intel does NOT exist - # videoDrivers = [ "nvidia" "intel" ]; - # https://github.com/NixOS/nixpkgs/blob/nixos-24.11/nixos/modules/hardware/video/displaylink.nix - #videoDrivers = [ "nvidia" "displaylink" ]; - - # Display Managers are responsible for handling user login - displayManager = { - gdm.enable = true; - }; - - # Enable the GNOME Desktop Environment - desktopManager = { - gnome.enable = true; - plasma5.enable = false; - xterm.enable = false; - }; - # https://discourse.nixos.org/t/help-with-setting-up-a-different-desktop-environment-window-manager/15025/6 - - # Configure keymap in X11 - xkb.layout = "us"; - xkb.variant = ""; - }; - - # https://discourse.nixos.org/t/nvidia-open-breaks-hardware-acceleration/58770/12?u=randomizedcoder - # https://gist.github.com/chrisheib/162c8cad466638f568f0fb7e5a6f4f6b#file-config-nix-L193 - environment.variables = { - # MOZ_DISABLE_RDD_SANDBOX = "1"; - # LIBVA_DRIVER_NAME = "nvidia"; - # GBM_BACKEND = "nvidia-drm"; - # __GLX_VENDOR_LIBRARY_NAME = "nvidia"; - #NVD_BACKEND = "direct"; - EGL_PLATFORM = "wayland"; - # prevents cursor disappear when using Nvidia drivers - WLR_NO_HARDWARE_CURSORS = "1"; - - MOZ_ENABLE_WAYLAND = "1"; - XDG_SESSION_TYPE = "wayland"; - NIXOS_OZONE_WL = "1"; - - # CUDA_PATH = "${pkgs.linuxPackages.nvidia_x11}/lib"; - # # export LD_LIBRARY_PATH=${pkgs.linuxPackages.nvidia_x11}/lib - # EXTRA_LDFLAGS = "-L/lib -L${pkgs.linuxPackages.nvidia_x11}/lib"; - # EXTRA_CCFLAGS = "-I/usr/include"; - # LD_LIBRARY_PATH = "$\{LD_LIBRARY_PATH\}:/run/opengl-driver/lib:${pkgs.linuxPackages.nvidia_x11}/lib"; - - # flameshot - QT_QPA_PLATFORM = "wayland"; - }; -} - - # i tried prime, but it didn't seem to work - # prime = { - # # ([[:print:]]+[:@][0-9]{1,3}:[0-9]{1,2}:[0-9])?' - # # 00:02.0 VGA compatible controller: Intel Corporation CometLake-H GT2 [UHD Graphics] (rev 05) - # intelBusId = "PCI:0:2:0"; - # # 01:00.0 VGA compatible controller: NVIDIA Corporation TU117GLM [Quadro T2000 Mobile / Max-Q] (rev a1) - # nvidiaBusId = "PCI:1:0:0"; - # sync.enable = true; - # #offload = { - # # enable = true; - # # #sync.enable = true; - # # enableOffloadCmd = true; - # #}; - # }; - -# [LOG] GPU information: -# 00:02.0 VGA compatible controller [0300]: Intel Corporation CometLake-H GT2 [UHD Graphics] [8086:9bc4] (rev 05) (prog-if 00 [VGA controller]) -# 01:00.0 VGA compatible controller [0300]: NVIDIA Corporation TU117GLM [Quadro T2000 Mobile / Max-Q] [10de:1fb8] (rev a1) (prog-if 00 [VGA controller]) \ No newline at end of file From 77997000c4775e5a8d7439e5aa74b945253eb6a2 Mon Sep 17 00:00:00 2001 From: "randomizedcoder dave.seddon.ca@gmail.com" Date: Sat, 31 May 2025 16:04:28 -0700 Subject: [PATCH 08/25] desktop --- desktop/l/Makefile | 60 ++ desktop/l/configuration.nix | 308 +++++++++ desktop/l/distributed-builds.nix | 19 + desktop/l/docker-daemon.nix | 27 + desktop/l/firewall.nix | 32 + desktop/l/flake.lock | 523 +++++++++++++++ desktop/l/flake.nix | 96 +++ desktop/l/grafana.nix | 23 + desktop/l/hardware-configuration.nix | 42 ++ desktop/l/home.nix | 604 ++++++++++++++++++ desktop/l/hosts.nix | 17 + desktop/l/locale.nix | 18 + desktop/l/nodeExporter.nix | 27 + desktop/l/original.configuration.nix | 131 ++++ desktop/l/original.hardware-configuration.nix | 42 ++ desktop/l/prometheus.nix | 70 ++ desktop/l/sysctl.nix | 55 ++ desktop/l/systemPackages.nix | 42 ++ desktop/l/wireless_desktop.nix | 20 + 19 files changed, 2156 insertions(+) create mode 100644 desktop/l/Makefile create mode 100644 desktop/l/configuration.nix create mode 100644 desktop/l/distributed-builds.nix create mode 100644 desktop/l/docker-daemon.nix create mode 100644 desktop/l/firewall.nix create mode 100644 desktop/l/flake.lock create mode 100644 desktop/l/flake.nix create mode 100644 desktop/l/grafana.nix create mode 100644 desktop/l/hardware-configuration.nix create mode 100644 desktop/l/home.nix create mode 100644 desktop/l/hosts.nix create mode 100644 desktop/l/locale.nix create mode 100644 desktop/l/nodeExporter.nix create mode 100644 desktop/l/original.configuration.nix create mode 100644 desktop/l/original.hardware-configuration.nix create mode 100644 desktop/l/prometheus.nix create mode 100644 desktop/l/sysctl.nix create mode 100644 desktop/l/systemPackages.nix create mode 100644 desktop/l/wireless_desktop.nix diff --git a/desktop/l/Makefile b/desktop/l/Makefile new file mode 100644 index 0000000..08a31a4 --- /dev/null +++ b/desktop/l/Makefile @@ -0,0 +1,60 @@ +# +# nixos/laptops/l/Makefile +# +EXPECTED_HOSTNAME := l + +ACTUAL_HOSTNAME := $(shell hostname) + +all: check_hostname rebuild + +check_hostname: +ifeq ($(ACTUAL_HOSTNAME),$(EXPECTED_HOSTNAME)) + @echo "Hostnames match: $(ACTUAL_HOSTNAME)" +else + @echo "Error: Hostname does not match. Expected: $(EXPECTED_HOSTNAME), Got: $(ACTUAL_HOSTNAME)" + @exit 1 +endif + +rebuild: + sudo nixos-rebuild switch --flake . + +rebuild_t: + sudo nixos-rebuild switch --flake .#t + +#https://nixos.org/manual/nixos/unstable/index.html#sec-nix-network-issues +#nixos-rebuild switch --option binary-caches http://my-cache.example.org/ + +impure: + sudo nixos-rebuild switch --impure --flake . + +rebuild_trace: + sudo nixos-rebuild switch --show-trace --flake . + +update: + sudo nix flake update; + +rebuild_old: + # sudo cp ./flake.nix /etc/nixos/ + # sudo cp ./flake.lock /etc/nixos/ + # sudo cp ../../modules/* /etc/nixos/ + # sudo cp ./configuration.nix /etc/nixos/ + # #sudo cp ./home-manager.nix /etc/nixos/ + # sudo cp ./home.nix /etc/nixos/ + # sudo cp ./prometheus.nix /etc/nixos/ + # sudo cp ./*.nix /etc/nixos/ + # sudo nix-channel --update + # sudo nixos-rebuild switch + #sudo cp ./* /etc/nixos/ + sudo nix flake update; + #sudo nix-channel --update; + sudo nixos-rebuild switch --flake . + +update_oldm.: + sudo nix-channel --update + sudo nixos-rebuild switch + #nix-shell -p vim + +restart_display_manager: + sudo systemctl restart display-manager.service + +# end diff --git a/desktop/l/configuration.nix b/desktop/l/configuration.nix new file mode 100644 index 0000000..510789d --- /dev/null +++ b/desktop/l/configuration.nix @@ -0,0 +1,308 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running 'nixos-help'). + +# sudo nixos-rebuild switch +# sudo nix-channel --update +# nix-shell -p vim +# nmcli device wifi connect MYSSID password PWORD +# systemctl restart display-manager.service + +{ + inputs, + config, + pkgs, + lib, + ... +}: + +# https://nixos.wiki/wiki/FAQ#How_can_I_install_a_package_from_unstable_while_remaining_on_the_stable_channel.3F +# https://discourse.nixos.org/t/differences-between-nix-channels/13998 + +{ + # https://nixos.wiki/wiki/NixOS_modules + # https://nixos-and-flakes.thiscute.world/nixos-with-flakes/start-using-home-manager + imports = + [ + ./hardware-configuration.nix + ./hardware-graphics.nix + ./sysctl.nix + ./wireless_desktop.nix + ./locale.nix + ./hosts.nix + ./firewall.nix + #./systemdSystem.nix + ./systemPackages.nix + # home manager is imported in the flake + #./home.nix + ./nodeExporter.nix + ./prometheus.nix + ./grafana.nix + # clickhouse + #./docker-compose.nix + ./docker-daemon.nix + #./smokeping.nix + ./distributed-builds.nix + ]; + + boot = { + loader.systemd-boot = { + enable = true; + consoleMode = "max"; + memtest86.enable = true; + }; + + loader.efi.canTouchEfiVariables = true; + + # https://nixos.wiki/wiki/Linux_kernel + #kernelPackages = pkgs.linuxPackages; # need to run this old kernel to allow nvidia driver to compile :( + kernelPackages = pkgs.unstable.linuxPackages; + #boot.kernelPackages = pkgs.linuxPackages_latest; + #boot.kernelPackages = pkgs.linuxPackages_rpi4 + + # # https://github.com/tolgaerok/nixos-2405-gnome/blob/main/core/boot/efi/efi.nix#L56C5-L56C21 + # kernelParams = [ + # "nvidia-drm.modeset=1" + # "nvidia-drm.fbdev=1" + # # https://www.reddit.com/r/NixOS/comments/u5l3ya/cant_start_x_in_nixos/?rdt=56160 + # #"nomodeset" + # ]; + + blacklistedKernelModules = [ + "nouveau" + #"i915" + ]; + + # https://wiki.nixos.org/wiki/NixOS_on_ARM/Building_Images#Compiling_through_binfmt_QEMU + # https://nixos.org/manual/nixos/stable/options#opt-boot.binfmt.emulatedSystems + binfmt.emulatedSystems = [ "aarch64-linux" "riscv64-linux" ]; + + extraModulePackages = [ + config.boot.kernelPackages.v4l2loopback + #pkgs.unstable.linuxPackages.nvidiaPackages.production + ]; + + extraModprobeConfig = '' + options kvm_intel nested=1 + options v4l2loopback devices=1 video_nr=1 card_label="OBS Cam" exclusive_caps=1 + ''; + }; + + # https://fzakaria.com/2025/02/26/nix-pragmatism-nix-ld-and-envfs + # Enable nix-ld for better compatibility with non-Nix binaries + programs.nix-ld = { + enable = false; + # Add commonly needed libraries + libraries = with pkgs; [ + stdenv.cc.cc.lib + zlib + libxml2 + # Add more libraries as needed + ]; + }; + + # Enable envfs for better compatibility with FHS expectations + services.envfs = { + enable = false; + }; + + # For OBS + security.polkit.enable = true; + + nix = { + settings = { + auto-optimise-store = true; + experimental-features = [ "nix-command" "flakes" ]; + download-buffer-size = "500000000"; + }; + gc = { + automatic = true; # Enable automatic execution of the task + dates = "daily"; # Schedule the task to run daily + options = "--delete-older-than 10d"; # Specify options for the task: delete files older than 10 days + randomizedDelaySec = "14m"; # Introduce a randomized delay of up to 14 minutes before executing the task + }; + }; + + # https://nixos.wiki/wiki/Networking + networking.hostName = "l"; + + time.timeZone = "America/Los_Angeles"; + + services.udev.packages = [ pkgs.gnome-settings-daemon ]; + # services.udev.packages = [ pkgs.gnome.gnome-settings-daemon ]; + + # https://nixos.wiki/wiki/NixOS_Wiki:Audio + hardware.pulseaudio.enable = false; # Use Pipewire, the modern sound subsystem + + security.rtkit.enable = true; # Enable RealtimeKit for audio purposes + + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + # Uncomment the following line if you want to use JACK applications + # jack.enable = true; + }; + + services.lldpd.enable = true; + services.openssh.enable = true; + services.timesyncd.enable = true; + services.fstrim.enable = true; + services.avahi = { + enable = true; + nssmdns4 = true; + ipv4 = true; + ipv6 = true; + openFirewall = true; + }; + + services.bpftune.enable = true; + # Enable touchpad support (enabled default in most desktopManager). + # services.libinput.enable = true; + + # https://nixos.wiki/wiki/Printing + services.printing.enable = true; + + # https://wiki.nixos.org/wiki/Flameshot + # services.flameshot = { + # enable = true; + # settings.General = { + # showStartupLaunchMessage = false; + # saveLastRegion = true; + # }; + # }; + + systemd.services.modem-manager.enable = false; + systemd.services."dbus-org.freedesktop.ModemManager1".enable = false; + + services.clickhouse.enable = false; + + # environment.variables defined in hardware-graphics.nix + environment.sessionVariables = { + TERM = "xterm-256color"; + #MY_VARIABLE = "my-value"; + #ANOTHER_VARIABLE = "another-value"; + }; + + users.users.das = { + isNormalUser = true; + description = "das"; + extraGroups = [ "wheel" "networkmanager" "kvm" "libvirtd" "docker" "video" ]; + packages = with pkgs; [ + ]; + # https://nixos.wiki/wiki/SSH_public_key_authentication + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGMCFUMSCFJX95eLfm7P9r72NBp9I1FiXwNwJ+x/HGPV das@t" + ]; + }; + + # package moved to systemPackages.nix + # environment.systemPackages = with pkgs; [ + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.mtr.enable = true; + + programs.gnupg.agent = { + enable = true; + enableSSHSupport = true; + }; + + # # https://wiki.hyprland.org/Nix/Hyprland-on-NixOS/ + programs.hyprland = { + enable = true; + # Nvidia patches are no longer needed + #nvidiaPatches = true; + xwayland.enable = true; + }; + # programs.hyprland = { + # enable = true; + # # set the flake package + # package = inputs.hyprland.packages.${pkgs.stdenv.hostPlatform.system}.hyprland; + # # make sure to also set the portal package, so that they are in sync + # portalPackage = inputs.hyprland.packages.${pkgs.stdenv.hostPlatform.system}.xdg-desktop-portal-hyprland; + # }; + + # programs.chromium.enable = true; + # # programs.chromium.package = pkgs.google-chrome; + # # https://nixos.wiki/wiki/Chromium#Enabling_native_Wayland_support + # nixpkgs.config.chromium.commandLineArgs = "--enable-features=UseOzonePlatform --ozone-platform=wayland"; + # #programs.chromium.commandLineArgs = "--enable-features=UseOzonePlatform --ozone-platform=wayland"; + + # programs.firefox.enable = true; + # # # https://github.com/TLATER/dotfiles/blob/master/nixos-modules/nvidia/default.nix + # programs.firefox.preferences = { + # "media.ffmpeg.vaapi.enabled" = true; + # "media.rdd-ffmpeg.enabled" = true; + # "media.av1.enabled" = true; # Won't work on the 2060 + # "gfx.x11-egl.force-enabled" = true; + # "widget.dmabuf.force-enabled" = true; + # }; + + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + # # https://nixos.wiki/wiki/Podman + # virtualisation.podman = { + # enable = true; + # dockerCompat = true; + # defaultNetwork.settings.dns_enabled = true; + # autoPrune.enable = true; + # }; + # #virtualisation.oci-containers.backend = "podman"; + # # virtualisation.oci-containers.containers = { + # # container-name = { + # # image = "container-image"; + # # autoStart = true; + # # ports = [ "127.0.0.1:1234:1234" ]; + # # }; + # # }; + + # https://nixos.wiki/wiki/Virt-manager + virtualisation.libvirtd.enable = true; + programs.virt-manager.enable = true; + virtualisation.spiceUSBRedirection.enable = true; + + virtualisation.containers = { + ociSeccompBpfHook.enable = true; + }; + + # guest + # services.qemuGuest.enable = true; + # services.spice-vdagentd.enable = true; + + # https://wiki.nixos.org/wiki/Laptop + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It's perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + #system.stateVersion = "23.11"; + + system.stateVersion = "24.11"; + + nixpkgs.config = { + allowUnfree = true; + # allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ + # "nvidia-x11" + # "nvidia-settings" + # "nvidia-persistenced" + # ]; + }; + + # hardware.opengl = { + # enable = true; + # driSupport = true; + # driSupport32Bit = true; + # extraPackages = with pkgs; [ + # vaapiVdpau + # libvdpau-va-gl + # ]; + # }; +} diff --git a/desktop/l/distributed-builds.nix b/desktop/l/distributed-builds.nix new file mode 100644 index 0000000..7989606 --- /dev/null +++ b/desktop/l/distributed-builds.nix @@ -0,0 +1,19 @@ +# +# latops/t/distributed-builds.nix +# +# https://nix.dev/tutorials/nixos/distributed-builds-setup.html#set-up-distributed-builds +{ pkgs, ... }: +{ + nix.distributedBuilds = true; + nix.settings.builders-use-substitutes = true; + + nix.buildMachines = [ + { + hostName = "hp4.home"; + sshUser = "remotebuild"; + sshKey = "/root/.ssh/remotebuild"; + system = pkgs.stdenv.hostPlatform.system; + supportedFeatures = [ "nixos-test" "big-parallel" "kvm" ]; + } + ]; +} \ No newline at end of file diff --git a/desktop/l/docker-daemon.nix b/desktop/l/docker-daemon.nix new file mode 100644 index 0000000..fe72a86 --- /dev/null +++ b/desktop/l/docker-daemon.nix @@ -0,0 +1,27 @@ + +{ config, pkgs, ... }: + +{ + # https://nixos.wiki/wiki/Docker + # https://search.nixos.org/options?from=0&size=50&sort=alpha_asc&query=virtualisation.docker + # https://search.nixos.org/options?channel=24.05&show=virtualisation.docker.extraOptions&from=0&size=50&sort=alpha_asc&type=packages&query=virtualisation.docker + # https://github.com/NixOS/nixpkgs/issues/68349 + virtualisation.docker.enable = true; + virtualisation.docker.daemon.settings = { + data-root = "/home/das/docker/"; + userland-proxy = false; + experimental = true; + ipv6 = true; + fixed-cidr-v6 = "fd00::/80"; + metrics-addr = "0.0.0.0:9323"; + # log-driver = "json-file"; + # log-opts.max-size = "10m"; + # log-opts.max-file = "10"; + }; + #this doesn't work + #virtualisation.docker.daemon.settings.log-opts.max-size = "10m"; + # https://docs.docker.com/reference/cli/dockerd/ + #virtualisation.docker.extraOptions = "--userland-proxy=false"; + #virtualisation.docker.extraOptions = "--log-opt=max-size=10m"; + #virtualisation.docker.extraOptions = "--ipv6"; +} \ No newline at end of file diff --git a/desktop/l/firewall.nix b/desktop/l/firewall.nix new file mode 100644 index 0000000..449b44f --- /dev/null +++ b/desktop/l/firewall.nix @@ -0,0 +1,32 @@ +{ config, pkgs, ... }: + +{ + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + # https://nixos.wiki/wiki/Firewall + # https://scvalex.net/posts/54/ + # sudo nft --stateless list table filter + # sudo sudo iptables-save + networking.firewall = { + enable = false; + allowedTCPPorts = [ + 22 # ssh + 5001 # iperf2 + ]; + # allowedTCPPorts = [ 22 5001 ]; + # #allowedUDPPortRanges = [ + # # { from = 4000; to = 4007; } + # # { from = 8000; to = 8010; } + # #]; + # NixOS automagically creates stateful connection tracking, which we don't want + # for performance reasons + # extraCommands = '' + # iptables --delete nixos-fw -m conntrack --ctstate RELATED,ESTABLISHED -j nixos-fw-accept || true + # ''; + }; + # networking.firewall.interfaces."eth0".allowedTCPPorts = [ 80 443 ]; +} \ No newline at end of file diff --git a/desktop/l/flake.lock b/desktop/l/flake.lock new file mode 100644 index 0000000..6a828e3 --- /dev/null +++ b/desktop/l/flake.lock @@ -0,0 +1,523 @@ +{ + "nodes": { + "aquamarine": { + "inputs": { + "hyprutils": [ + "hyprland", + "hyprutils" + ], + "hyprwayland-scanner": [ + "hyprland", + "hyprwayland-scanner" + ], + "nixpkgs": [ + "hyprland", + "nixpkgs" + ], + "systems": [ + "hyprland", + "systems" + ] + }, + "locked": { + "lastModified": 1745357003, + "narHash": "sha256-jYwzQkv1r7HN/4qrAuKp+NR4YYNp2xDrOX5O9YVqkWo=", + "owner": "hyprwm", + "repo": "aquamarine", + "rev": "a19cf76ee1a15c1c12083fa372747ce46387289f", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "aquamarine", + "type": "github" + } + }, + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "gitignore": { + "inputs": { + "nixpkgs": [ + "hyprland", + "pre-commit-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, + "home-manager": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1746171682, + "narHash": "sha256-EyXUNSa+H+YvGVuQJP1nZskXAowxKYp79RNUsNdQTj4=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "50eee705bbdbac942074a8c120e8194185633675", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "release-24.11", + "repo": "home-manager", + "type": "github" + } + }, + "hyprcursor": { + "inputs": { + "hyprlang": [ + "hyprland", + "hyprlang" + ], + "nixpkgs": [ + "hyprland", + "nixpkgs" + ], + "systems": [ + "hyprland", + "systems" + ] + }, + "locked": { + "lastModified": 1745948457, + "narHash": "sha256-lzTV10FJTCGNtMdgW5YAhCAqezeAzKOd/97HbQK8GTU=", + "owner": "hyprwm", + "repo": "hyprcursor", + "rev": "ac903e80b33ba6a88df83d02232483d99f327573", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "hyprcursor", + "type": "github" + } + }, + "hyprgraphics": { + "inputs": { + "hyprutils": [ + "hyprland", + "hyprutils" + ], + "nixpkgs": [ + "hyprland", + "nixpkgs" + ], + "systems": [ + "hyprland", + "systems" + ] + }, + "locked": { + "lastModified": 1745015490, + "narHash": "sha256-apEJ9zoSzmslhJ2vOKFcXTMZLUFYzh1ghfB6Rbw3Low=", + "owner": "hyprwm", + "repo": "hyprgraphics", + "rev": "60754910946b4e2dc1377b967b7156cb989c5873", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "hyprgraphics", + "type": "github" + } + }, + "hyprland": { + "inputs": { + "aquamarine": "aquamarine", + "hyprcursor": "hyprcursor", + "hyprgraphics": "hyprgraphics", + "hyprland-protocols": "hyprland-protocols", + "hyprland-qtutils": "hyprland-qtutils", + "hyprlang": "hyprlang", + "hyprutils": "hyprutils", + "hyprwayland-scanner": "hyprwayland-scanner", + "nixpkgs": "nixpkgs", + "pre-commit-hooks": "pre-commit-hooks", + "systems": "systems", + "xdph": "xdph" + }, + "locked": { + "lastModified": 1746291290, + "narHash": "sha256-96SpKoIyUsRas+h6RhnPcgbduyH2j2YrujWpsuKdK8Q=", + "owner": "hyprwm", + "repo": "Hyprland", + "rev": "46ac115bd19ee3aff5c816033de0b1d55a74e33f", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "Hyprland", + "type": "github" + } + }, + "hyprland-plugins": { + "inputs": { + "hyprland": [ + "hyprland" + ], + "nixpkgs": [ + "hyprland-plugins", + "hyprland", + "nixpkgs" + ], + "systems": [ + "hyprland-plugins", + "hyprland", + "systems" + ] + }, + "locked": { + "lastModified": 1746281365, + "narHash": "sha256-L5oTQib471A0zXhk6ed9y8UE19Sh7+WU3xQg0q3e+FI=", + "owner": "hyprwm", + "repo": "hyprland-plugins", + "rev": "0ca682bc2c2e10414e7de1fb6606226a45e76380", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "hyprland-plugins", + "type": "github" + } + }, + "hyprland-protocols": { + "inputs": { + "nixpkgs": [ + "hyprland", + "nixpkgs" + ], + "systems": [ + "hyprland", + "systems" + ] + }, + "locked": { + "lastModified": 1743714874, + "narHash": "sha256-yt8F7NhMFCFHUHy/lNjH/pjZyIDFNk52Q4tivQ31WFo=", + "owner": "hyprwm", + "repo": "hyprland-protocols", + "rev": "3a5c2bda1c1a4e55cc1330c782547695a93f05b2", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "hyprland-protocols", + "type": "github" + } + }, + "hyprland-qt-support": { + "inputs": { + "hyprlang": [ + "hyprland", + "hyprland-qtutils", + "hyprlang" + ], + "nixpkgs": [ + "hyprland", + "hyprland-qtutils", + "nixpkgs" + ], + "systems": [ + "hyprland", + "hyprland-qtutils", + "systems" + ] + }, + "locked": { + "lastModified": 1737634706, + "narHash": "sha256-nGCibkfsXz7ARx5R+SnisRtMq21IQIhazp6viBU8I/A=", + "owner": "hyprwm", + "repo": "hyprland-qt-support", + "rev": "8810df502cdee755993cb803eba7b23f189db795", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "hyprland-qt-support", + "type": "github" + } + }, + "hyprland-qtutils": { + "inputs": { + "hyprland-qt-support": "hyprland-qt-support", + "hyprlang": [ + "hyprland", + "hyprlang" + ], + "hyprutils": [ + "hyprland", + "hyprland-qtutils", + "hyprlang", + "hyprutils" + ], + "nixpkgs": [ + "hyprland", + "nixpkgs" + ], + "systems": [ + "hyprland", + "systems" + ] + }, + "locked": { + "lastModified": 1745951494, + "narHash": "sha256-2dModE32doiyQMmd6EDAQeZnz+5LOs6KXyE0qX76WIg=", + "owner": "hyprwm", + "repo": "hyprland-qtutils", + "rev": "4be1d324faf8d6e82c2be9f8510d299984dfdd2e", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "hyprland-qtutils", + "type": "github" + } + }, + "hyprlang": { + "inputs": { + "hyprutils": [ + "hyprland", + "hyprutils" + ], + "nixpkgs": [ + "hyprland", + "nixpkgs" + ], + "systems": [ + "hyprland", + "systems" + ] + }, + "locked": { + "lastModified": 1745357019, + "narHash": "sha256-q/C3qj9FWHQenObXuw/nGIT8iIsWFjgmcQYcA+ZfpPs=", + "owner": "hyprwm", + "repo": "hyprlang", + "rev": "397600c42b8d7a443a5b4e92aa15f46650a90f18", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "hyprlang", + "type": "github" + } + }, + "hyprutils": { + "inputs": { + "nixpkgs": [ + "hyprland", + "nixpkgs" + ], + "systems": [ + "hyprland", + "systems" + ] + }, + "locked": { + "lastModified": 1745975815, + "narHash": "sha256-s3GzsRxBL/N/xYgUXZhQh4t62uR1BN4zxXgWBtJ3lWM=", + "owner": "hyprwm", + "repo": "hyprutils", + "rev": "05878d9470c9e5cbc8807813f9ec2006627a0ca0", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "hyprutils", + "type": "github" + } + }, + "hyprwayland-scanner": { + "inputs": { + "nixpkgs": [ + "hyprland", + "nixpkgs" + ], + "systems": [ + "hyprland", + "systems" + ] + }, + "locked": { + "lastModified": 1739870480, + "narHash": "sha256-SiDN5BGxa/1hAsqhgJsS03C3t2QrLgBT8u+ENJ0Qzwc=", + "owner": "hyprwm", + "repo": "hyprwayland-scanner", + "rev": "206367a08dc5ac4ba7ad31bdca391d098082e64b", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "hyprwayland-scanner", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1746141548, + "narHash": "sha256-IgBWhX7A2oJmZFIrpRuMnw5RAufVnfvOgHWgIdds+hc=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "f02fddb8acef29a8b32f10a335d44828d7825b78", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-unstable": { + "locked": { + "lastModified": 1746141548, + "narHash": "sha256-IgBWhX7A2oJmZFIrpRuMnw5RAufVnfvOgHWgIdds+hc=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "f02fddb8acef29a8b32f10a335d44828d7825b78", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1746183838, + "narHash": "sha256-kwaaguGkAqTZ1oK0yXeQ3ayYjs8u/W7eEfrFpFfIDFA=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "bf3287dac860542719fe7554e21e686108716879", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-24.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "pre-commit-hooks": { + "inputs": { + "flake-compat": "flake-compat", + "gitignore": "gitignore", + "nixpkgs": [ + "hyprland", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1742649964, + "narHash": "sha256-DwOTp7nvfi8mRfuL1escHDXabVXFGT1VlPD1JHrtrco=", + "owner": "cachix", + "repo": "git-hooks.nix", + "rev": "dcf5072734cb576d2b0c59b2ac44f5050b5eac82", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "git-hooks.nix", + "type": "github" + } + }, + "root": { + "inputs": { + "home-manager": "home-manager", + "hyprland": "hyprland", + "hyprland-plugins": "hyprland-plugins", + "nixpkgs": "nixpkgs_2", + "nixpkgs-unstable": "nixpkgs-unstable" + } + }, + "systems": { + "locked": { + "lastModified": 1689347949, + "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", + "owner": "nix-systems", + "repo": "default-linux", + "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default-linux", + "type": "github" + } + }, + "xdph": { + "inputs": { + "hyprland-protocols": [ + "hyprland", + "hyprland-protocols" + ], + "hyprlang": [ + "hyprland", + "hyprlang" + ], + "hyprutils": [ + "hyprland", + "hyprutils" + ], + "hyprwayland-scanner": [ + "hyprland", + "hyprwayland-scanner" + ], + "nixpkgs": [ + "hyprland", + "nixpkgs" + ], + "systems": [ + "hyprland", + "systems" + ] + }, + "locked": { + "lastModified": 1745871725, + "narHash": "sha256-M24SNc2flblWGXFkGQfqSlEOzAGZnMc9QG3GH4K/KbE=", + "owner": "hyprwm", + "repo": "xdg-desktop-portal-hyprland", + "rev": "76bbf1a6b1378e4ab5230bad00ad04bc287c969e", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "xdg-desktop-portal-hyprland", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/desktop/l/flake.nix b/desktop/l/flake.nix new file mode 100644 index 0000000..43d0e08 --- /dev/null +++ b/desktop/l/flake.nix @@ -0,0 +1,96 @@ +{ + description = "t Flake"; + + # https://nix.dev/manual/nix/2.24/command-ref/new-cli/nix3-flake.html#flake-inputs + inputs = { + nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11"; + nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; + # https://docs.github.com/en/rest/branches/branches?apiVersion=2022-11-28#get-a-branch + # nixpkgs-unstable.url = "github:randomizedcoder/nixpkgs/8f146535307f0168d758fe6fee6f52663cb11695";#iperf2_2.2.1 + # nixpkgs-unstable.url = "github:randomizedcoder/nixpkgs/c9580e24eb621d72eda63355d7c8dbfb1654d333"; + # https://github.com/NixOS/nix/issues/12022 + #nix flake lock --override-input nixpkgs /home/eelco/Dev/nixpkgs + #nix flake lock --override-input nixpkgs "/home/das/Downloads/nixpkgs + #nixpkgs.url = "/home/das/Downloads/nixpkgs"; + #nixpkgs = "../../../Downloads/nixpkgs/"; + # https://nixos-and-flakes.thiscute.world/nixos-with-flakes/start-using-home-manager + home-manager = { + url = "github:nix-community/home-manager/release-24.11"; + # The `follows` keyword in inputs is used for inheritance. + # Here, `inputs.nixpkgs` of home-manager is kept consistent with + # the `inputs.nixpkgs` of the current flake, + # to avoid problems caused by different versions of nixpkgs. + inputs.nixpkgs.follows = "nixpkgs"; + }; + hyprland.url = "github:hyprwm/Hyprland"; + hyprland-plugins = { + url = "github:hyprwm/hyprland-plugins"; + # https://github.com/hyprwm/hyprland-plugins + inputs.hyprland.follows = "hyprland"; + }; + }; + + #outputs = inputs@{ nixpkgs, home-manager, hyprland, ... }: + outputs = { self, nixpkgs, nixpkgs-unstable, home-manager, hyprland, ... }: + let + system = "x86_64-linux"; + pkgs = import nixpkgs { + inherit system; + config = { + allowUnfree = true; + allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ + "nvidia-x11" + "nvidia-settings" + "nvidia-persistenced" + "google-chrome" + "android-studio" + "android-studio-stable" + ]; + }; + }; + # https://nixos.wiki/wiki/Flakes#Importing_packages_from_multiple_channels + # overlay-unstable = final: prev: { + # unstable = nixpkgs-unstable.legacyPackages.${prev.system}; + # }; + overlay-unstable = final: prev: { + unstable = import nixpkgs-unstable { + inherit system; + config = { + allowUnfree = true; + # allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ + # "vscode" + # "code-cursor" + # "slack" + # "zoom-us" + # "nvidia-x11" + # ]; + }; + }; + }; + lib = nixpkgs.lib; + in { + nixosConfigurations = { + t = lib.nixosSystem rec { + inherit system; + specialArgs = { + inherit hyprland; + inherit overlay-unstable; + }; + modules = [ + ({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay-unstable ]; }) + ./configuration.nix + hyprland.nixosModules.default + home-manager.nixosModules.home-manager + { + # https://nix-community.github.io/home-manager/nixos-options.xhtml#nixos-opt-home-manager.useGlobalPkgs + #home-manager.useGlobalPkgs = true; # This disables the Home Manager options nixpkgs.*. + home-manager.useUserPackages = true; + home-manager.users.das = import ./home.nix; + home-manager.extraSpecialArgs = specialArgs; + # see also: https://github.com/HeinzDev/Hyprland-dotfiles/blob/main/flake.nix + } + ]; + }; + }; + }; +} diff --git a/desktop/l/grafana.nix b/desktop/l/grafana.nix new file mode 100644 index 0000000..471b71d --- /dev/null +++ b/desktop/l/grafana.nix @@ -0,0 +1,23 @@ +{ config, pkgs, ... }: +{ + # https://nixos.wiki/wiki/Grafana + # https://search.nixos.org/options?query=services.grafana + # https://xeiaso.net/blog/prometheus-grafana-loki-nixos-2020-11-20/ + # https://grafana.com/grafana/dashboards/1860-node-exporter-full/ + services.grafana = { + enable = true; + settings = { + server = { + # Listening Address + http_addr = "0.0.0.0"; + # and Port + http_port = 3000; + # Grafana needs to know on which domain and URL it's running + #domain = "your.domain"; + #root_url = "https://your.domain/grafana/"; # Not needed if it is `https://your.domain/` + serve_from_sub_path = true; + enable_gzip = true; + }; + }; + }; +} \ No newline at end of file diff --git a/desktop/l/hardware-configuration.nix b/desktop/l/hardware-configuration.nix new file mode 100644 index 0000000..6608cdd --- /dev/null +++ b/desktop/l/hardware-configuration.nix @@ -0,0 +1,42 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/8722e7a6-a625-407f-9b1f-839bb52e7f8d"; + fsType = "ext4"; + }; + + boot.initrd.luks.devices."luks-67cf4e90-444f-4056-91a8-446fd6c42b09".device = "/dev/disk/by-uuid/67cf4e90-444f-4056-91a8-446fd6c42b09"; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/F732-675E"; + fsType = "vfat"; + options = [ "fmask=0077" "dmask=0077" ]; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/d762bfcb-e63b-47ad-ab8b-369c47e79833"; } + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/desktop/l/home.nix b/desktop/l/home.nix new file mode 100644 index 0000000..275ba73 --- /dev/null +++ b/desktop/l/home.nix @@ -0,0 +1,604 @@ +{ + hyprland, + config, + pkgs, + overlay-unstable, + ... +}: +#{ config, pkgs, ... }: +#{ config, inputs, pkgs, ... }: + +# sudo cp ./nixos/modules/* /etc/nixos/ +# sudo nixos-rebuild switch + +{ + imports = [ + hyprland.homeManagerModules.default + # other imports to go here + ]; + + home = { + username = "das"; + homeDirectory = "/home/das"; + }; + + # https://nix-community.github.io/home-manager/index.xhtml#ch-installation + #home-manager.users.das = { pkgs, ... }: { + + # https://nix-community.github.io/home-manager/options.xhtml#opt-home.sessionVariables + home.sessionVariables = { + NIXPKGS_ALLOW_UNFREE = "1"; + + QT_QPA_PLATFORM = "wayland"; + GI_TYPELIB_PATH = "/run/current-system/sw/lib/girepository-1.0"; + # disable wayland + NIXOS_OZONE_WL = "1"; + GOPRIVATE = "gitlab.com/sidenio/*"; + TERM = "xterm-256color"; + + #HTTP_PROXY = "http://hp4.home:3128"; + #HTTPS_PROXY = "http://hp4.home:3128"; + #NO_PROXY = "localhost,127.0.0.1,::1,172.16.0.0/16"; + # You can also use ALL_PROXY or FTP_PROXY if needed + # ALL_PROXY = "http://hp4:3128"; + }; + + home.packages = with pkgs; [ + # System/Info Tools + killall + hw-probe + lshw + hwloc + gparted + ncdu + neofetch + file + + # Terminal Multiplexers + tmux + screen + + # LLVM/Clang toolchain (needed for race detection and C/C++ builds) + llvmPackages_19.libcxxClang + llvmPackages_19.lld + llvmPackages_19.libcxx.dev + + # Essential development libraries (minimal headers) + glibc.dev + stdenv.cc.cc.lib + zlib.dev + openssl.dev + ncurses.dev + libyaml.dev + + # Build Tools + libgcc + # https://nixos.wiki/wiki/C + # https://search.nixos.org/packages?channel=24.05&show=gcc&from=0&size=50&sort=relevance&type=packages&query=gcc + #gcc + automake + gnumake + #cmake + pkg-config + + # Scripting/Utils + perl + #3.12.8 on 12th of Feb 2025 + python3Full + gawk + jq + git + htop + btop + minicom + + bc + + # Compression + bzip2 + gzip + lz4 + zip + unzip + xz + zstd + + gnutar + + # File Transfer/Management + rsync + tree + + # Terminals + alacritty + kitty + #https://ghostty.org/ + ghostty + + # Networking + ethtool + iproute2 + vlan + tcpdump + wireshark + unstable.iperf2 + netperf + flent + bpftools + fping + inetutils # Includes telnet + netcat-gnu + + # Filesystem/Monitoring + inotify-tools + + # Printing + hplip + #hplipWithPlugin + + # SDR + gnuradio + hackrf + gqrx + cubicsdr + + # Media + vlc + # ffmpeg moved to system package + #ffmpeg_7-full + #ffmpeg-full + + # Go Development + # https://nixos.wiki/wiki/Go + # https://nixos.org/manual/nixpkgs/stable/#sec-language-go + # https://nixos.wiki/wiki/FAQ#How_can_I_install_a_package_from_unstable_while_remaining_on_the_stable_channel.3F + libcap + #gcc_multi + #glibc_multi + # thunderbird + #go_1_23 + unstable.go + unstable.gopls + unstable.golint + golangci-lint + unstable.golangci-lint-langserver + # trunk is unfree, and i can't work out how to enable unfree + #trunk-io + # https://github.com/go-delve/delve + unstable.delve + # https://github.com/aarzilli/gdlv + gdlv + unstable.buf + protobuf_27 + grpcurl + # https://github.com/go-gorm/gen + # https://github.com/infobloxopen/protoc-gen-gorm/blob/main/example/postgres_arrays/buf.gen.yaml + gorm-gentool + # removed 24.11 + #buf-language-server + # https://tinygo.org/ + #tinygo + + # removing bazel and moving to the "nix develop" shell + # # https://github.com/bazelbuild/bazel/tags + # # https://github.com/NixOS/nixpkgs/blob/nixos-unstable/pkgs/development/tools/build-managers/bazel/bazel_7/default.nix#L524 + #unstable.bazel_7 + unstable.bazel-buildtools + unstable.bazelisk + + unstable.code-cursor + + # # https://github.com/bazel-contrib/bazel-gazelle/tags + # # https://github.com/NixOS/nixpkgs/blob/nixos-unstable/pkgs/by-name/ba/bazel-gazelle/package.nix#L26 + # unstable.bazel-gazelle + # unstable.bazel-buildtools + # unstable.bazelisk + # # https://github.com/buchgr/bazel-remote - maybe something to look at? + # # https://github.com/buildfarm/buildfarm?tab=readme-ov-file#helm-chart + + # Debugging/Profiling + graphviz # for pprof + strace + + # Diffing + meld + + # Editors + helix + + # Rust Development + # https://nixos.wiki/wiki/Rust + cargo + rustc + rustfmt + rust-analyzer + clippy + #clang_multi + + # Mobile Development + flutter + android-studio + android-tools + android-udev-rules + + # Gnome Related / Extensions + # gnomeExtensions.emoji-copy + # unstable.gnomeExtensions.workspace-switcher-manager + gnome-extension-manager + gnome-usage + dconf-editor + gnome-settings-daemon + gnome-disk-utility + gnome-software + gnome-tweaks + simple-scan + gnomeExtensions.appindicator + gnomeExtensions.settingscenter + gnomeExtensions.system-monitor + gnomeExtensions.dash-to-dock + gnomeExtensions.just-perfection + gnomeExtensions.logo-menu + gnomeExtensions.wifi-qrcode + gnomeExtensions.wireless-hid + gnomeExtensions.user-themes + gnomeExtensions.tray-icons-reloaded + gnomeExtensions.vitals + gnomeExtensions.dash-to-panel + gnomeExtensions.sound-output-device-chooser + gnomeExtensions.space-bar + # https://github.com/AstraExt/astra-monitor + gnomeExtensions.astra-monitor + libgtop + + # Office/Documents + libreoffice-qt + hunspell + hunspellDicts.en_AU + #hunspellDicts.en_US + evince + + # Browsers + # https://nixos.wiki/wiki/Firefox + firefox + # https://nixos.wiki/wiki/Chromium + chromium + #google-chrome + # https://discourse.nixos.org/t/google-chrome-not-working-after-recent-nixos-rebuild/43746 + (google-chrome.override { + commandLineArgs = [ + "--enable-features=UseOzonePlatform" + "--ozone-platform=wayland" + ]; + }) + + # Communication + # https://nixos.wiki/wiki/Slack + unstable.slack + unstable.zoom-us + + # Screenshots/Screen Recording + # https://wiki.nixos.org/wiki/Flameshot + (flameshot.override { enableWlrSupport = true; }) + grim # screenshot functionality + slurp # screenshot functionality + simplescreenrecorder + # https://wiki.nixos.org/wiki/Gpu-screen-recorder + gpu-screen-recorder # CLI + gpu-screen-recorder-gtk # GUI + + # Graphics + gimp-with-plugins + + # Text Editors + gedit + + # Containers + # https://nixos.wiki/wiki/Podman + dive + podman + runc + skopeo + podman-tui + podman-compose + docker-buildx + + # Kubernetes + #clickhouse + #clickhouse-cli + # https://github.com/int128/kubelogin + kubelogin-oidc + kubectl + kubernetes-helm + istioctl + krew + kubeshark + kubectl-ktop + kubectl-klock + kube-capacity + kubectl-images + kubectl-gadget + kdash + # k9s --kubeconfig=dev-d.kubeconfig + k9s + + # Misc + # https://github.com/jrincayc/ucblogo-code + ucblogo + # https://github.com/wagoodman/dive + # dive # Duplicate removed + # https://github.com/sharkdp/hyperfine + hyperfine + + # App Launchers + rofi-wayland + wofi + + # Raspberry Pi + rpi-imager + ]; + + # vscode + # https://nixos.wiki/wiki/Visual_Studio_Code + # https://github.com/thexyno/nixos-config/blob/main/hm-modules/vscode/default.nix + # nix run github:nix-community/nix-vscode-extensions# -- --list-extensions + # https://mynixos.com/home-manager/options/programs.vscode + programs.vscode = { + enable = true; + # package = pkgs.vscode; + # extensions = with pkgs.vscode-extensions; [ + package = pkgs.unstable.vscode; + extensions = with pkgs.unstable.vscode-extensions; [ + #bbenoist.nix + dart-code.dart-code + dart-code.flutter + golang.go + hashicorp.terraform + #k6.k6 + ms-azuretools.vscode-docker + # https://github.com/orgs/microsoft/repositories?q=vscode + ms-vscode-remote.remote-containers + ms-vscode-remote.remote-ssh + #ms-vscode-remote.remote-ssh-edit + ms-vscode.makefile-tools + ms-vscode.cmake-tools + ms-vscode.cpptools + #ms-vscode.cpptools-extension-pack + #ms-vscode.cpptools-themes + ms-vscode.hexeditor + ms-vscode.makefile-tools + ms-python.python + ms-python.vscode-pylance + #ms-vscode.remote-explorer + #ms-vscode.remote-repositories + #ms-vscode.remote-server + ms-kubernetes-tools.vscode-kubernetes-tools + redhat.vscode-yaml + rust-lang.rust-analyzer + #crates is depreciated + #serayuzgur.crates + tamasfe.even-better-toml + timonwong.shellcheck + #trunk.io + zxh404.vscode-proto3 + yzhang.markdown-all-in-one + #platformio.platformio-ide + #github.copilot + # nix + #brettm12345.nixfmt.vscode + jnoortheen.nix-ide + #jeff-hykin.better-nix-syntax + rust-lang.rust-analyzer + #bazel + bazelbuild.vscode-bazel + ]; + }; + + #fonts.fonts = with pkgs; [ + # nerdfonts + # meslo-lgs-nf + #]; + + programs.bash = { + enable = true; + enableCompletion = true; + shellAliases = { + k = "kubectl"; + }; + }; + + programs.vim = { + enable = true; + plugins = with pkgs.vimPlugins; [ vim-airline ]; + settings = { ignorecase = true; }; + extraConfig = '' + set mouse=a + ''; + }; + #ldflags = [ + # "-X main.Version=${version}" + # "-X main.Commit=${version}" + #]; + + programs.git = { + enable = true; + userEmail = "dave.seddon.ca@gmail.com"; + userName = "randomizedcoder"; + #signing.key = "GPG-KEY-ID"; + #signing.signByDefault = true; + }; + + # https://nixos.wiki/wiki/OBS_Studio + # TODO add kernel module for virtual camera + programs.obs-studio = { + enable = true; + plugins = with pkgs.obs-studio-plugins; [ + wlrobs + obs-backgroundremoval + obs-pipewire-audio-capture + ]; + }; + + # another example with dark colors: + # https://github.com/HeinzDev/Hyprland-dotfiles/blob/main/home/home.nix#L70 + # + # https://heywoodlh.io/nixos-gnome-settings-and-keyboard-shortcuts + # https://rycee.gitlab.io/home-manager/options.xhtml#opt-dconf.settings + dconf.settings = { + "org/gnome/desktop/wm/preferences" = { + #button-layout = "close,minimize,maximize,above:appmenu"; + button-layout = ":minimize,maximize,above,close"; + num-workspaces = 2; + }; + # "org/gnome/desktop/interface" = { + # color-scheme = "prefer-dark"; + # }; + "org/gnome/desktop/interface" = { + clock-show-seconds = true; + clock-show-weekday = true; + color-scheme = "prefer-dark"; + enable-hot-corners = false; + font-antialiasing = "grayscale"; + font-hinting = "slight"; + gtk-theme = "Nordic"; + # toolkit-accessibility = true; + toolkit-accessibility = false; + }; + "org/gnome/shell" = { + disable-user-extensions = false; + favorite-apps = [ + "firefox.desktop" + "google-chrome.desktop" + "code.desktop" + "chromium.desktop" + "alacritty.desktop" + #"kitty.desktop" + "slack.desktop" + "ghostty.desktop" + ]; + enabled-extensions = with pkgs.gnomeExtensions; [ + blur-my-shell.extensionUuid + gsconnect.extensionUuid + ]; + }; + }; + + # disable wayland + # # https://nixos.wiki/wiki/Hyprland + # # https://josiahalenbrown.substack.com/p/installing-nixos-with-hyprland + # #programs.hyprland.enable = true; + # wayland.windowManager.hyprland = { + # # Whether to enable Hyprland wayland compositor + # enable = true; + # # The hyprland package to use + # package = pkgs.hyprland; + # # Whether to enable XWayland + # xwayland.enable = true; + + # https://wiki.hyprland.org/Nix/Hyprland-on-Home-Manager/ + # wayland.windowManager.hyprland.enable = true; # enable Hyprland + # Example: https://github.com/JaKooLit/NixOS-configs/blob/main/Ja-OS%20(configs%20using%20install%20script)/Asus-G15/hosts/G15-NixOS/config.nix#L144 + wayland.windowManager.hyprland = { + enable = true; + xwayland.enable = true; + #extraConfig = '' plugin = ${inputs.hy3.packages.${pkgs.system}.hy3}/lib/libhy3.so ''; + # plugins = [ + # inputs.hyprland-plugins.packages.${pkgs.system}.hyprbars + # # ... + #]; + extraConfig = '' + # Monitor configuration (Example - replace with yours) + monitor=,preferred,auto,1 + + # Execute-once startup commands (Example) + exec-once = waybar & + exec-once = nm-applet --indicator + + # Keybindings (Example) + bind = SUPER, Q, killactive, + bind = SUPER, RETURN, exec, ${pkgs.alacritty}/bin/alacritty + + # Include other settings... + # input { ... } + # general { ... } + # decoration { ... } + # animations { ... } + # etc... + + # Source other files if needed (less common with inline config) + # source = ~/.config/hypr/myColors.conf + ''; + }; + + # # Optional + # # Whether to enable hyprland-session.target on hyprland startup + # systemd.enable = true; + # }; + # # home.file.".config/hypr/hyprland.conf".text = '' + # # ''; + + home.file."containers.conf" = { + target = ".config/containers/containers.conf"; + # https://docs.podman.io/en/v4.6.0/markdown/options/security-opt.html + # https://github.com/containers/common/blob/main/docs/containers.conf.5.md + text = '' + [containers] + annotations=["run.oci.keep_original_groups=1",] + label=false + #seccomp=unconfined + ''; + }; + home.file."registries.conf" = { + target = ".config/containers/registries.conf"; + text = '' + [registries.search] + registries = ['docker.io'] + ''; + # text = '' + # [registries.search] + # registries = ['docker.io', 'registry.gitlab.com'] + # ''; + }; + home.file."policy.json" = { + target = ".config/containers/policy.json"; + text = '' + { + "default": [ + { + "type": "insecureAcceptAnything" + } + ], + "transports": + { + "docker-daemon": + { + "": [{"type":"insecureAcceptAnything"}] + } + } + } + ''; + }; + # https://mynixos.com/home-manager/options/programs.ghostty + home.file.".config/ghostty/ghostty.toml" = { + target = ".config/ghostty/ghostty.toml"; + text = '' + [window] + # Whether to show the scrollback sidebar. + sidebar = true + + # The width of the scrollback sidebar. + sidebar_width = 10 + + # Whether to show the scrollback sidebar on the left or right. + sidebar_position = "right" + ''; + }; + # https://github.com/colemickens/nixcfg/blob/1915d408ea28a5b7279f94df7a982dbf2cf692ef/mixins/ghostty.nix#L19 + + # set at flake.nix level + nixpkgs.config.allowUnfree = true; + + nixpkgs.overlays = [ overlay-unstable ]; + + #home.stateVersion = "23.11"; + home.stateVersion = "24.11"; +} diff --git a/desktop/l/hosts.nix b/desktop/l/hosts.nix new file mode 100644 index 0000000..3af6575 --- /dev/null +++ b/desktop/l/hosts.nix @@ -0,0 +1,17 @@ +{ config, pkgs, ... }: + +{ + networking.hosts = { + "172.16.40.198" = ["hp0" "hp0eth"]; # adi's room + "172.16.40.141" = ["hp0wifi"]; + "172.16.40.142" = ["hp1" "hp1eth"]; + "172.16.40.212" = ["hp2" "hp2eth"]; + "172.16.40.146" = ["hp3" "hp3eth"]; # savi's room + "172.16.40.130" = ["hp3wifi"]; + "172.16.50.232" = ["hp4" "hp4eth"]; # rack + "172.16.40.70" = ["hp5" "hp5eth"]; + "172.16.40.122" = ["pi5-1" "pi5-1-eth"]; + "172.16.40.62" = ["chromebox3" "chromebox3-eth"]; + "127.0.0.1" = ["redpanda-0"]; + }; +} \ No newline at end of file diff --git a/desktop/l/locale.nix b/desktop/l/locale.nix new file mode 100644 index 0000000..6a67b6f --- /dev/null +++ b/desktop/l/locale.nix @@ -0,0 +1,18 @@ +{ config, pkgs, ... }: + +{ + # Select internationalisation properties. + i18n.defaultLocale = "en_US.UTF-8"; + + i18n.extraLocaleSettings = { + LC_ADDRESS = "en_US.UTF-8"; + LC_IDENTIFICATION = "en_US.UTF-8"; + LC_MEASUREMENT = "en_US.UTF-8"; + LC_MONETARY = "en_US.UTF-8"; + LC_NAME = "en_US.UTF-8"; + LC_NUMERIC = "en_US.UTF-8"; + LC_PAPER = "en_US.UTF-8"; + LC_TELEPHONE = "en_US.UTF-8"; + LC_TIME = "en_US.UTF-8"; + }; +} \ No newline at end of file diff --git a/desktop/l/nodeExporter.nix b/desktop/l/nodeExporter.nix new file mode 100644 index 0000000..f26d49b --- /dev/null +++ b/desktop/l/nodeExporter.nix @@ -0,0 +1,27 @@ +{ + config, + pkgs, + ... +}: +{ + # https://nixos.org/manual/nixos/stable/#module-services-prometheus-exporters + # https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/services/monitoring/prometheus/default.nix + services.prometheus.exporters.node = { + enable = true; + port = 19000; + # https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/services/monitoring/prometheus/exporters.nix + enabledCollectors = [ "systemd" ]; + # /nix/store/zgsw0yx18v10xa58psanfabmg95nl2bb-node_exporter-1.8.1/bin/node_exporter --help + extraFlags = [ + "--collector.ethtool" + "--collector.softirqs" + "--collector.tcpstat" + "--collector.wifi" + "--collector.filesystem.ignored-mount-points='/nix/store'"]; + }; + + # https://search.nixos.org/options?channel=24.05&from=200&size=50&sort=relevance&type=packages&query=services.prometheus.exporters + services.prometheus.exporters.systemd.enable = true; + services.prometheus.exporters.smartctl.enable = true; + services.prometheus.exporters.process.enable = true; +} \ No newline at end of file diff --git a/desktop/l/original.configuration.nix b/desktop/l/original.configuration.nix new file mode 100644 index 0000000..d326571 --- /dev/null +++ b/desktop/l/original.configuration.nix @@ -0,0 +1,131 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +{ config, pkgs, ... }: + +{ + imports = + [ # Include the results of the hardware scan. + ./hardware-configuration.nix + ]; + + # Bootloader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + boot.initrd.luks.devices."luks-16f90ee0-dd9b-43de-951b-57d7b9b1f265".device = "/dev/disk/by-uuid/16f90ee0-dd9b-43de-951b-57d7b9b1f265"; + networking.hostName = "nixos"; # Define your hostname. + # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. + + # Configure network proxy if necessary + # networking.proxy.default = "http://user:password@proxy:port/"; + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + + # Enable networking + networking.networkmanager.enable = true; + + # Set your time zone. + time.timeZone = "America/Los_Angeles"; + + # Select internationalisation properties. + i18n.defaultLocale = "en_US.UTF-8"; + + i18n.extraLocaleSettings = { + LC_ADDRESS = "en_US.UTF-8"; + LC_IDENTIFICATION = "en_US.UTF-8"; + LC_MEASUREMENT = "en_US.UTF-8"; + LC_MONETARY = "en_US.UTF-8"; + LC_NAME = "en_US.UTF-8"; + LC_NUMERIC = "en_US.UTF-8"; + LC_PAPER = "en_US.UTF-8"; + LC_TELEPHONE = "en_US.UTF-8"; + LC_TIME = "en_US.UTF-8"; + }; + + # Enable the X11 windowing system. + services.xserver.enable = true; + + # Enable the GNOME Desktop Environment. + services.xserver.displayManager.gdm.enable = true; + services.xserver.desktopManager.gnome.enable = true; + + # Configure keymap in X11 + services.xserver.xkb = { + layout = "us"; + variant = ""; + }; + + # Enable CUPS to print documents. + services.printing.enable = true; + + # Enable sound with pipewire. + hardware.pulseaudio.enable = false; + security.rtkit.enable = true; + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + # If you want to use JACK applications, uncomment this + #jack.enable = true; + + # use the example session manager (no others are packaged yet so this is enabled by default, + # no need to redefine it in your config for now) + #media-session.enable = true; + }; + + # Enable touchpad support (enabled default in most desktopManager). + # services.xserver.libinput.enable = true; + + # Define a user account. Don't forget to set a password with ‘passwd’. + users.users.das = { + isNormalUser = true; + description = "das"; + extraGroups = [ "networkmanager" "wheel" ]; + packages = with pkgs; [ + # thunderbird + ]; + }; + + # Install firefox. + programs.firefox.enable = true; + + # Allow unfree packages + nixpkgs.config.allowUnfree = true; + + # List packages installed in system profile. To search, run: + # $ nix search wget + environment.systemPackages = with pkgs; [ + # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. + # wget + ]; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.mtr.enable = true; + # programs.gnupg.agent = { + # enable = true; + # enableSSHSupport = true; + # }; + + # List services that you want to enable: + + # Enable the OpenSSH daemon. + services.openssh.enable = true; + + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "24.11"; # Did you read the comment? + +} diff --git a/desktop/l/original.hardware-configuration.nix b/desktop/l/original.hardware-configuration.nix new file mode 100644 index 0000000..6608cdd --- /dev/null +++ b/desktop/l/original.hardware-configuration.nix @@ -0,0 +1,42 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/8722e7a6-a625-407f-9b1f-839bb52e7f8d"; + fsType = "ext4"; + }; + + boot.initrd.luks.devices."luks-67cf4e90-444f-4056-91a8-446fd6c42b09".device = "/dev/disk/by-uuid/67cf4e90-444f-4056-91a8-446fd6c42b09"; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/F732-675E"; + fsType = "vfat"; + options = [ "fmask=0077" "dmask=0077" ]; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/d762bfcb-e63b-47ad-ab8b-369c47e79833"; } + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/desktop/l/prometheus.nix b/desktop/l/prometheus.nix new file mode 100644 index 0000000..24eabca --- /dev/null +++ b/desktop/l/prometheus.nix @@ -0,0 +1,70 @@ +{ config, pkgs, ... }: +{ + # https://wiki.nixos.org/wiki/Prometheus + # https://nixos.org/manual/nixos/stable/#module-services-prometheus-exporters-configuration + # https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/services/monitoring/prometheus/default.nix + # default port 9090 + services.prometheus = { + enable = true; + globalConfig.scrape_interval = "10s"; # "1m" + scrapeConfigs = [ + { + job_name = "node"; + static_configs = [{ + targets = [ "localhost:${toString config.services.prometheus.exporters.node.port}" ]; + }]; + } + { + job_name = "xtcp"; + static_configs = [{ + targets = [ "localhost:9088" ]; + }]; + } + { + job_name = "hp1_xtcp"; + static_configs = [{ + targets = [ "hp1:9088" ]; + }]; + } + { + job_name = "clickhouse"; + static_configs = [{ + #targets = [ "localhost:9363" ]; + targets = [ "localhost:19363" ]; + }]; + } + { + job_name = "hp1"; + static_configs = [{ + targets = [ "hp1:${toString config.services.prometheus.exporters.node.port}" ]; + }]; + } + { + job_name = "hp1_clickhouse"; + static_configs = [{ + #targets = [ "localhost:9363" ]; + targets = [ "hp1:19363" ]; + }]; + } + { + job_name = "hp2"; + static_configs = [{ + targets = [ "hp2:${toString config.services.prometheus.exporters.node.port}" ]; + }]; + } + { + job_name = "hp2_clickhouse"; + static_configs = [{ + #targets = [ "localhost:9363" ]; + targets = [ "hp2:19363" ]; + }]; + } + #{ + # job_name = "chromebox1"; + # static_configs = [{ + # targets = [ "172.16.40.179:9105" ]; + # }]; + #} + ]; + }; +} \ No newline at end of file diff --git a/desktop/l/sysctl.nix b/desktop/l/sysctl.nix new file mode 100644 index 0000000..de472c7 --- /dev/null +++ b/desktop/l/sysctl.nix @@ -0,0 +1,55 @@ +{ config, pkgs, ... }: + +{ + # https://www.kernel.org/doc/html/latest/networking/ip-sysctl.html + # https://www.l4sgear.com/ + boot.kernel.sysctl = { + # detect dead connections more quickly + "net.ipv4.tcp_keepalive_intvl" = 30; + #net.ipv4.tcp_keepalive_intvl = 75 + "net.ipv4.tcp_keepalive_probes" = 4; + #net.ipv4.tcp_keepalive_probes = 9 + "net.ipv4.tcp_keepalive_time" = 120; + #net.ipv4.tcp_keepalive_time = 7200 + # 30 * 4 = 120 seconds. / 60 = 2 minutes + # default: 75 seconds * 9 = 675 seconds. /60 = 11.25 minutes + "net.ipv4.tcp_rmem" = "4096 1000000 16000000"; + "net.ipv4.tcp_wmem" = "4096 1000000 16000000"; + #net.ipv4.tcp_rmem = 4096 131072 6291456 + #net.ipv4.tcp_wmem = 4096 16384 4194304 + # https://github.com/torvalds/linux/blob/master/Documentation/networking/ip-sysctl.rst?plain=1#L1042 + # https://lwn.net/Articles/560082/ + "net.ipv4.tcp_notsent_lowat" = "131072"; + #net.ipv4.tcp_notsent_lowat = 4294967295 + # enable Enable reuse of TIME-WAIT sockets globally + "net.ipv4.tcp_tw_reuse" = 1; + #net.ipv4.tcp_tw_reuse=2 + "net.ipv4.tcp_timestamps" = 1; + "net.ipv4.tcp_ecn" = 1; + "net.core.default_qdisc" = "cake"; + "net.ipv4.tcp_congestion_control" = "cubic"; + #net.ipv4.tcp_congestion_control=bbr + "net.core.rmem_default" = 26214400; + "net.core.rmem_max" = 26214400; + "net.core.wmem_default" = 26214400; + "net.core.wmem_max" = 26214400; + #net.core.optmem_max = 20480 + #net.core.rmem_default = 212992 + #net.core.rmem_max = 212992 + #net.core.wmem_default = 212992 + #net.core.wmem_max = 212992 + "net.ipv4.ip_local_port_range" = "1025 65535"; + #net.ipv4.ip_local_port_range ="32768 60999" + # + #net.ipv4.inet_peer_maxttl = 600 + #net.ipv4.inet_peer_minttl = 120 + #net.ipv4.ip_default_ttl = 64 + # we DO want to save the slow start in the route cache + "net.ipv4.tcp_no_ssthresh_metrics_save" = 0; + #net.ipv4.tcp_no_ssthresh_metrics_save = 1 + "net.ipv4.tcp_reflect_tos" = 1; + #net.ipv4.tcp_reflect_tos = 0 + "net.ipv4.tcp_rto_min_us" = 50000; #50ms + #net.ipv4.tcp_rto_min_us = 200000 #200ms + }; +} \ No newline at end of file diff --git a/desktop/l/systemPackages.nix b/desktop/l/systemPackages.nix new file mode 100644 index 0000000..4059747 --- /dev/null +++ b/desktop/l/systemPackages.nix @@ -0,0 +1,42 @@ +{ + config, + pkgs, + ... +}: +{ + # set at flake.nix level + nixpkgs.config.allowUnfree = true; + + # $ nix search wget + environment.systemPackages = with pkgs; [ + # Basic system tools + psmisc + vim + curl + wget + tcpdump + iproute2 + nftables + iptables + pciutils + usbutils + iw + wirelesstools + wpa_supplicant + lldpd + #snmp seems to be needed by lldpd + net-snmp + neofetch + libxml2 # Added for bazel/clang development + + # Wayland support + xwayland + meson + wayland-protocols + wayland-utils + wl-clipboard + + # https://wiki.nixos.org/wiki/Flameshot + #(flameshot.override { enableWlrSupport = true; }) + ]; +} \ No newline at end of file diff --git a/desktop/l/wireless_desktop.nix b/desktop/l/wireless_desktop.nix new file mode 100644 index 0000000..c8f4a68 --- /dev/null +++ b/desktop/l/wireless_desktop.nix @@ -0,0 +1,20 @@ +{ config, pkgs, ... }: + +{ + # networking.proxy.default = "http://user:password@proxy:port/"; + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + + networking = { + networkmanager = { + enable = true; + #wifi.powersave = true; + wifi.powersave = false; + }; + }; + + #networking.hosts = { + # "172.16.50.216" = ["hp0"]; + # "172.16.40.35" = ["hp1"]; + # "172.16.40.71" = ["hp2"]; + #}; +} \ No newline at end of file From c08bad8307ca5957b89cd44f8a1bfeedf4837c56 Mon Sep 17 00:00:00 2001 From: "randomizedcoder dave.seddon.ca@gmail.com" Date: Sat, 31 May 2025 16:04:35 -0700 Subject: [PATCH 09/25] ldd --- laptops/t/configuration.nix | 18 ++++++++++++++++++ laptops/t/home.nix | 3 ++- laptops/t/systemPackages.nix | 1 + 3 files changed, 21 insertions(+), 1 deletion(-) diff --git a/laptops/t/configuration.nix b/laptops/t/configuration.nix index 7269869..aa7de28 100644 --- a/laptops/t/configuration.nix +++ b/laptops/t/configuration.nix @@ -90,6 +90,24 @@ ''; }; + # https://fzakaria.com/2025/02/26/nix-pragmatism-nix-ld-and-envfs + # Enable nix-ld for better compatibility with non-Nix binaries + programs.nix-ld = { + enable = false; + # Add commonly needed libraries + libraries = with pkgs; [ + stdenv.cc.cc.lib + zlib + libxml2 + # Add more libraries as needed + ]; + }; + + # Enable envfs for better compatibility with FHS expectations + services.envfs = { + enable = false; + }; + # For OBS security.polkit.enable = true; diff --git a/laptops/t/home.nix b/laptops/t/home.nix index 68e90ec..275ba73 100644 --- a/laptops/t/home.nix +++ b/laptops/t/home.nix @@ -182,8 +182,9 @@ # removing bazel and moving to the "nix develop" shell # # https://github.com/bazelbuild/bazel/tags # # https://github.com/NixOS/nixpkgs/blob/nixos-unstable/pkgs/development/tools/build-managers/bazel/bazel_7/default.nix#L524 - unstable.bazel_7 + #unstable.bazel_7 unstable.bazel-buildtools + unstable.bazelisk unstable.code-cursor diff --git a/laptops/t/systemPackages.nix b/laptops/t/systemPackages.nix index 62720d8..34e8f82 100644 --- a/laptops/t/systemPackages.nix +++ b/laptops/t/systemPackages.nix @@ -27,6 +27,7 @@ #snmp seems to be needed by lldpd net-snmp neofetch + #libxml2 # Added for bazel/clang development # Wayland support xwayland From 7cf75f7cc38af74ff1dce1a39d0fc335d6be9717 Mon Sep 17 00:00:00 2001 From: "randomizedcoder dave.seddon.ca@gmail.com" Date: Thu, 5 Jun 2025 16:31:07 -0700 Subject: [PATCH 10/25] 2025 06 05 --- desktop/l/Makefile | 12 + desktop/l/configuration.nix | 105 ++++---- desktop/l/debug | 300 +++++++++++++++++++++ desktop/l/flake.lock | 82 +++--- desktop/l/flake.nix | 59 ++--- desktop/l/home-hyprland.nix | 316 +++++++++++++++++++++++ desktop/l/home.nix | 472 ++++++++++++++++++++++++++-------- desktop/l/hyprland.nix | 15 ++ desktop/l/root.id_ed25519.pub | 1 + desktop/l/root_ssh_config | 21 ++ desktop/l/systemPackages.nix | 7 +- 11 files changed, 1122 insertions(+), 268 deletions(-) create mode 100644 desktop/l/debug create mode 100644 desktop/l/home-hyprland.nix create mode 100644 desktop/l/hyprland.nix create mode 100644 desktop/l/root.id_ed25519.pub create mode 100644 desktop/l/root_ssh_config diff --git a/desktop/l/Makefile b/desktop/l/Makefile index 08a31a4..1e544ae 100644 --- a/desktop/l/Makefile +++ b/desktop/l/Makefile @@ -57,4 +57,16 @@ update_oldm.: restart_display_manager: sudo systemctl restart display-manager.service +#ls -l /run/opengl-driver/lib/gbm/ +#readlink /run/opengl-driver/lib/gbm/dri_gbm.so +#glxinfo | grep -i 'renderer' + +#journalctl -b | grep -Ei 'X.*fatal|gdm|wayland|mesa|amdgpu' --no-pager +#less /var/log/Xorg.0.log + +#nix-shell -p mesa-demos +#glxinfo | grep -i opengl + +# cat configuration.nix | grep -A 20 "hardware.graphics =" + # end diff --git a/desktop/l/configuration.nix b/desktop/l/configuration.nix index 510789d..6ccceb6 100644 --- a/desktop/l/configuration.nix +++ b/desktop/l/configuration.nix @@ -16,16 +16,13 @@ ... }: -# https://nixos.wiki/wiki/FAQ#How_can_I_install_a_package_from_unstable_while_remaining_on_the_stable_channel.3F -# https://discourse.nixos.org/t/differences-between-nix-channels/13998 - { # https://nixos.wiki/wiki/NixOS_modules # https://nixos-and-flakes.thiscute.world/nixos-with-flakes/start-using-home-manager imports = [ ./hardware-configuration.nix - ./hardware-graphics.nix + #./hardware-graphics.nix ./sysctl.nix ./wireless_desktop.nix ./locale.nix @@ -43,6 +40,7 @@ ./docker-daemon.nix #./smokeping.nix ./distributed-builds.nix + ./hyprland.nix ]; boot = { @@ -56,8 +54,8 @@ # https://nixos.wiki/wiki/Linux_kernel #kernelPackages = pkgs.linuxPackages; # need to run this old kernel to allow nvidia driver to compile :( - kernelPackages = pkgs.unstable.linuxPackages; - #boot.kernelPackages = pkgs.linuxPackages_latest; + #kernelPackages = pkgs.linuxPackages; + kernelPackages = pkgs.linuxPackages_latest; #boot.kernelPackages = pkgs.linuxPackages_rpi4 # # https://github.com/tolgaerok/nixos-2405-gnome/blob/main/core/boot/efi/efi.nix#L56C5-L56C21 @@ -68,6 +66,10 @@ # #"nomodeset" # ]; + initrd.kernelModules = [ + "amdgpu" + ]; + blacklistedKernelModules = [ "nouveau" #"i915" @@ -79,7 +81,6 @@ extraModulePackages = [ config.boot.kernelPackages.v4l2loopback - #pkgs.unstable.linuxPackages.nvidiaPackages.production ]; extraModprobeConfig = '' @@ -91,7 +92,7 @@ # https://fzakaria.com/2025/02/26/nix-pragmatism-nix-ld-and-envfs # Enable nix-ld for better compatibility with non-Nix binaries programs.nix-ld = { - enable = false; + enable = true; # Add commonly needed libraries libraries = with pkgs; [ stdenv.cc.cc.lib @@ -103,7 +104,7 @@ # Enable envfs for better compatibility with FHS expectations services.envfs = { - enable = false; + enable = true; }; # For OBS @@ -131,8 +132,8 @@ services.udev.packages = [ pkgs.gnome-settings-daemon ]; # services.udev.packages = [ pkgs.gnome.gnome-settings-daemon ]; - # https://nixos.wiki/wiki/NixOS_Wiki:Audio - hardware.pulseaudio.enable = false; # Use Pipewire, the modern sound subsystem + # # https://nixos.wiki/wiki/NixOS_Wiki:Audio + # services.pulseaudio.enable = false; # Use Pipewire, the modern sound subsystem security.rtkit.enable = true; # Enable RealtimeKit for audio purposes @@ -182,7 +183,6 @@ environment.sessionVariables = { TERM = "xterm-256color"; #MY_VARIABLE = "my-value"; - #ANOTHER_VARIABLE = "another-value"; }; users.users.das = { @@ -209,35 +209,44 @@ enableSSHSupport = true; }; - # # https://wiki.hyprland.org/Nix/Hyprland-on-NixOS/ - programs.hyprland = { + hardware.graphics = { + enable = true; # auto includes mesa + package = pkgs.mesa; + extraPackages = with pkgs; [ + libglvnd + libva-vdpau-driver + libvdpau-va-gl + rocmPackages.clr.icd + ]; + }; + services.xserver = { + enable = true; + videoDrivers = [ "amdgpu" ]; + xkb = { + layout = "us"; + variant = ""; + }; + }; + + services.desktopManager.gnome.enable = true; + services.displayManager.gdm.enable = true; + + # https://nixos.wiki/wiki/AMD_GPU + systemd.tmpfiles.rules = [ + "L+ /opt/rocm/hip - - - - ${pkgs.rocmPackages.clr}" + ]; + systemd.services.lactd.wantedBy = [ "multi-user.target" ]; + + xdg.portal = { enable = true; - # Nvidia patches are no longer needed - #nvidiaPatches = true; - xwayland.enable = true; + extraPortals = with pkgs; [ xdg-desktop-portal-gtk ]; + config.common.default = "gtk"; }; + + # # https://wiki.hyprland.org/Nix/Hyprland-on-NixOS/ # programs.hyprland = { # enable = true; - # # set the flake package - # package = inputs.hyprland.packages.${pkgs.stdenv.hostPlatform.system}.hyprland; - # # make sure to also set the portal package, so that they are in sync - # portalPackage = inputs.hyprland.packages.${pkgs.stdenv.hostPlatform.system}.xdg-desktop-portal-hyprland; - # }; - - # programs.chromium.enable = true; - # # programs.chromium.package = pkgs.google-chrome; - # # https://nixos.wiki/wiki/Chromium#Enabling_native_Wayland_support - # nixpkgs.config.chromium.commandLineArgs = "--enable-features=UseOzonePlatform --ozone-platform=wayland"; - # #programs.chromium.commandLineArgs = "--enable-features=UseOzonePlatform --ozone-platform=wayland"; - - # programs.firefox.enable = true; - # # # https://github.com/TLATER/dotfiles/blob/master/nixos-modules/nvidia/default.nix - # programs.firefox.preferences = { - # "media.ffmpeg.vaapi.enabled" = true; - # "media.rdd-ffmpeg.enabled" = true; - # "media.av1.enabled" = true; # Won't work on the 2060 - # "gfx.x11-egl.force-enabled" = true; - # "widget.dmabuf.force-enabled" = true; + # xwayland.enable = true; # }; # Open ports in the firewall. @@ -277,32 +286,10 @@ # https://wiki.nixos.org/wiki/Laptop - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It's perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - #system.stateVersion = "23.11"; - system.stateVersion = "24.11"; nixpkgs.config = { allowUnfree = true; - # allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ - # "nvidia-x11" - # "nvidia-settings" - # "nvidia-persistenced" - # ]; }; - # hardware.opengl = { - # enable = true; - # driSupport = true; - # driSupport32Bit = true; - # extraPackages = with pkgs; [ - # vaapiVdpau - # libvdpau-va-gl - # ]; - # }; } diff --git a/desktop/l/debug b/desktop/l/debug new file mode 100644 index 0000000..b06ba55 --- /dev/null +++ b/desktop/l/debug @@ -0,0 +1,300 @@ +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: X.Org ANSI C Emulation: 0.4 +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: X.Org Video Driver: 25.2 +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: X.Org XInput driver : 24.4 +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: X.Org Server Extension : 10.0 +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (++) using VT number 7 +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (II) systemd-logind: took control of session /org/freedesktop/login1/session/c23 +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (II) xfree86: Adding drm device (/dev/dri/card1) +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (II) Platform probe for /sys/devices/pci0000:60/0000:60:03.1/0000:61:00.0/0000:62:00.0/0000:63:00.0/drm/card1 +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (II) systemd-logind: got fd for /dev/dri/card1 226:1 fd 14 paused 0 +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (--) PCI:*(99@0:0:0) 1002:7312:1002:031e rev 0, Mem @ 0x13e00000000/8589934592, 0x14000000000/268435456, 0xcde00000/524288, I/O @ 0x0000f000/256, BIOS @ 0x????????/131072 +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (WW) Open ACPI failed (/var/run/acpid.socket) (No such file or directory) +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (II) "glx" will be loaded by default. +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (II) LoadModule: "glx" +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (II) Loading /nix/store/j93m21y17jbs7sa380gdyv5236q27rss-xorg-server-21.1.16/lib/xorg/modules/extensions/libglx.so +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (II) Module glx: vendor="X.Org Foundation" +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: compiled for 1.21.1.16, module version = 1.0.0 +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: ABI class: X.Org Server Extension, version 10.0 +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (II) LoadModule: "amdgpu" +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (II) Loading /nix/store/1syfpzn0s39fh62xcq5jaahar619gbds-xf86-video-amdgpu-23.0.0/lib/xorg/modules/drivers/amdgpu_drv.so +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (II) Module amdgpu: vendor="X.Org Foundation" +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: compiled for 1.21.1.16, module version = 23.0.0 +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: Module class: X.Org Video Driver +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: ABI class: X.Org Video Driver, version 25.2 +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (II) AMDGPU: Driver for AMD Radeon: +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: All GPUs supported by the amdgpu kernel driver +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (WW) VGA arbiter: cannot open kernel arbiter, no multi-card support +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (II) AMDGPU(0): Creating default Display subsection in Screen section +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: "Screen-amdgpu[0]" for depth/fbbpp 24/32 +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (==) AMDGPU(0): Depth 24, (--) framebuffer bpp 32 +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (II) AMDGPU(0): Pixel depth = 24 bits stored in 4 bytes (32 bpp pixmaps) +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (==) AMDGPU(0): Default visual is TrueColor +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (==) AMDGPU(0): RGB weight 888 +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (II) AMDGPU(0): Using 8 bits per RGB (8 bit DAC) +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (--) AMDGPU(0): Chipset: "AMD Radeon Pro W5700" (ChipID = 0x7312) +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (II) Loading sub module "fb" +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (II) LoadModule: "fb" +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (II) Module "fb" already built-in +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (II) Loading sub module "dri2" +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (II) LoadModule: "dri2" +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (II) Module "dri2" already built-in +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (II) Loading sub module "glamoregl" +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (II) LoadModule: "glamoregl" +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (II) Loading /nix/store/j93m21y17jbs7sa380gdyv5236q27rss-xorg-server-21.1.16/lib/xorg/modules/libglamoregl.so +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (II) Module glamoregl: vendor="X.Org Foundation" +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: compiled for 1.21.1.16, module version = 1.0.1 +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: ABI class: X.Org ANSI C Emulation, version 0.4 +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (EE) +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (EE) Backtrace: +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (EE) 0: /nix/store/j93m21y17jbs7sa380gdyv5236q27rss-xorg-server-21.1.16/bin/X (OsSigHandler+0x33) [0x5c35e3] +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (EE) unw_get_proc_name failed: no unwind info found [-10] +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (EE) 1: /nix/store/p9kdj55g5l39nbrxpjyz5wc1m0s7rzsx-glibc-2.40-66/lib/libc.so.6 (?+0x0) [0x7f321be49620] +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (EE) +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (EE) Segmentation fault at address 0x0 +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (EE) +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: Fatal server error: +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (EE) Caught signal 11 (Segmentation fault). Server aborting +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (EE) +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (EE) +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: Please consult the The X.Org Foundation support +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: at http://wiki.x.org +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: for help. +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (EE) Please also check the log file at "/dev/null" for additional information. +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (EE) +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (EE) Server terminated with error (1). Closing log file. + Module libdrm_amdgpu.so.1 without build-id. + Module amdgpu_drv.so without build-id. + #5 0x00000000005ccd95 FatalError (Xorg + 0x1ccd95) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54128]: Unable to run X server +Jun 02 13:22:24 l gdm[53976]: Gdm: GdmDisplay: Session never registered, failing +Jun 02 13:22:24 l gdm[53976]: Gdm: Child process -54128 was already dead. +Jun 02 13:22:24 l gdm[53976]: Gdm: GdmDisplay: Session never registered, failing +Jun 02 13:22:24 l gdm[53976]: Gdm: Child process -54128 was already dead. +Jun 02 13:22:24 l systemd-logind[1623]: New session c24 of user gdm. +Jun 02 13:22:24 l systemd[1]: Started Session c24 of User gdm. +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: X.Org X Server 1.21.1.16 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: X Protocol Version 11, Revision 0 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: Current Operating System: Linux l 6.12.25 #1-NixOS SMP PREEMPT_DYNAMIC Fri Apr 25 08:48:08 UTC 2025 x86_64 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: Kernel command line: initrd=\EFI\nixos\ddwdrb723gkjnw86zlcpzdzns53599kb-initrd-linux-6.12.25-initrd.efi init=/nix/store/zgv335j605i6kzm2r7hfca41029fdi12-nixos-system-l-24.11.20250502.bf3287d/init loglevel=4 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: Current version of pixman: 0.43.4 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: Before reporting problems, check http://wiki.x.org +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: to make sure that you have the latest version. +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: Markers: (--) probed, (**) from config file, (==) default setting, +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (++) from command line, (!!) notice, (II) informational, +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (WW) warning, (EE) error, (NI) not implemented, (??) unknown. +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (++) Log file: "/dev/null", Time: Mon Jun 2 13:22:24 2025 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (++) Using config file: "/nix/store/fym223impgdfyvxh0cpk9vnrk0lywbxm-xserver.conf" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (==) Using config directory: "/etc/X11/xorg.conf.d" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (==) Using system config directory "/nix/store/j93m21y17jbs7sa380gdyv5236q27rss-xorg-server-21.1.16/share/X11/xorg.conf.d" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (==) ServerLayout "Layout[all]" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (**) |-->Screen "Screen-amdgpu[0]" (0) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (**) | |-->Monitor "" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (**) | |-->Device "Device-amdgpu[0]" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (==) No monitor specified for screen "Screen-amdgpu[0]". +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: Using a default monitor configuration. +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (**) Option "DontZap" "on" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (**) Option "AllowMouseOpenFail" "on" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (**) Allowing byte-swapped clients +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (==) Automatically adding devices +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (==) Automatically enabling devices +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (==) Automatically adding GPU devices +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (==) Automatically binding GPU devices +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (==) Max clients allowed: 256, resource mask: 0x1fffff +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (**) FontPath set to: +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: /nix/store/xh83kpkqq7xvqyqlc7j4gmphf6jc8g5f-font-cursor-misc-1.0.4/lib/X11/fonts/misc, +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: /nix/store/p8zdmv713rmrjv0qdxv58cmy0nh427w3-font-misc-misc-1.1.3/lib/X11/fonts/misc, +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: /nix/store/lc9l1wg361h0zrw1hcv78aygzcyxsa88-unifont-16.0.01/share/fonts, +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: /nix/store/42350zvqxga4vfwdaky5mjhjrfh00y0m-font-adobe-100dpi-1.0.4/lib/X11/fonts/100dpi, +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: /nix/store/brzcaxpd0bq424cd7wqd59bvxfhxpmny-font-adobe-75dpi-1.0.4/lib/X11/fonts/75dpi +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (**) ModulePath set to "/nix/store/1syfpzn0s39fh62xcq5jaahar619gbds-xf86-video-amdgpu-23.0.0/lib/xorg/modules,/nix/store/j93m21y17jbs7sa380gdyv5236q27rss-xorg-server-21.1.16/lib/xorg/modules,/nix/store/1dx1w0hkdaycrcyjpwyq4i1nc0j6my36-xf86-input-evdev-2.11.0/lib/xorg/modules,/nix/store/hc4vy0scpvr0k10bm1sjqn40qql1725r-xf86-input-libinput-1.5.0/lib/xorg/modules" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) The server relies on udev to provide the list of input devices. +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: If no devices become available, reconfigure udev or disable AutoAddDevices. +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) Loader magic: 0x64fe40 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) Module ABI versions: +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: X.Org ANSI C Emulation: 0.4 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: X.Org Video Driver: 25.2 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: X.Org XInput driver : 24.4 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: X.Org Server Extension : 10.0 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (++) using VT number 7 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) systemd-logind: took control of session /org/freedesktop/login1/session/c24 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) xfree86: Adding drm device (/dev/dri/card1) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) Platform probe for /sys/devices/pci0000:60/0000:60:03.1/0000:61:00.0/0000:62:00.0/0000:63:00.0/drm/card1 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) systemd-logind: got fd for /dev/dri/card1 226:1 fd 14 paused 0 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (--) PCI:*(99@0:0:0) 1002:7312:1002:031e rev 0, Mem @ 0x13e00000000/8589934592, 0x14000000000/268435456, 0xcde00000/524288, I/O @ 0x0000f000/256, BIOS @ 0x????????/131072 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (WW) Open ACPI failed (/var/run/acpid.socket) (No such file or directory) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) "glx" will be loaded by default. +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) LoadModule: "glx" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) Loading /nix/store/j93m21y17jbs7sa380gdyv5236q27rss-xorg-server-21.1.16/lib/xorg/modules/extensions/libglx.so +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) Module glx: vendor="X.Org Foundation" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: compiled for 1.21.1.16, module version = 1.0.0 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: ABI class: X.Org Server Extension, version 10.0 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) LoadModule: "amdgpu" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) Loading /nix/store/1syfpzn0s39fh62xcq5jaahar619gbds-xf86-video-amdgpu-23.0.0/lib/xorg/modules/drivers/amdgpu_drv.so +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) Module amdgpu: vendor="X.Org Foundation" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: compiled for 1.21.1.16, module version = 23.0.0 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: Module class: X.Org Video Driver +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: ABI class: X.Org Video Driver, version 25.2 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) AMDGPU: Driver for AMD Radeon: +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: All GPUs supported by the amdgpu kernel driver +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (WW) VGA arbiter: cannot open kernel arbiter, no multi-card support +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) AMDGPU(0): Creating default Display subsection in Screen section +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: "Screen-amdgpu[0]" for depth/fbbpp 24/32 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (==) AMDGPU(0): Depth 24, (--) framebuffer bpp 32 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) AMDGPU(0): Pixel depth = 24 bits stored in 4 bytes (32 bpp pixmaps) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (==) AMDGPU(0): Default visual is TrueColor +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (==) AMDGPU(0): RGB weight 888 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) AMDGPU(0): Using 8 bits per RGB (8 bit DAC) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (--) AMDGPU(0): Chipset: "AMD Radeon Pro W5700" (ChipID = 0x7312) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) Loading sub module "fb" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) LoadModule: "fb" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) Module "fb" already built-in +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) Loading sub module "dri2" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) LoadModule: "dri2" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) Module "dri2" already built-in +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) Loading sub module "glamoregl" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) LoadModule: "glamoregl" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) Loading /nix/store/j93m21y17jbs7sa380gdyv5236q27rss-xorg-server-21.1.16/lib/xorg/modules/libglamoregl.so +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) Module glamoregl: vendor="X.Org Foundation" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: compiled for 1.21.1.16, module version = 1.0.1 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: ABI class: X.Org ANSI C Emulation, version 0.4 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (EE) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (EE) Backtrace: +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (EE) 0: /nix/store/j93m21y17jbs7sa380gdyv5236q27rss-xorg-server-21.1.16/bin/X (OsSigHandler+0x33) [0x5c35e3] +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (EE) unw_get_proc_name failed: no unwind info found [-10] +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (EE) 1: /nix/store/p9kdj55g5l39nbrxpjyz5wc1m0s7rzsx-glibc-2.40-66/lib/libc.so.6 (?+0x0) [0x7fbd5d795620] +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (EE) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (EE) Segmentation fault at address 0x0 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (EE) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: Fatal server error: +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (EE) Caught signal 11 (Segmentation fault). Server aborting +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (EE) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (EE) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: Please consult the The X.Org Foundation support +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: at http://wiki.x.org +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: for help. +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (EE) Please also check the log file at "/dev/null" for additional information. +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (EE) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (EE) Server terminated with error (1). Closing log file. + Module libdrm_amdgpu.so.1 without build-id. + Module amdgpu_drv.so without build-id. + #5 0x00000000005ccd95 FatalError (Xorg + 0x1ccd95) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54157]: Unable to run X server +Jun 02 13:22:24 l gdm[53976]: Gdm: GdmDisplay: Session never registered, failing +Jun 02 13:22:24 l gdm[53976]: Gdm: Child process -54157 was already dead. +Jun 02 13:22:24 l gdm[53976]: Gdm: GdmDisplay: Session never registered, failing +Jun 02 13:22:24 l gdm[53976]: Gdm: Child process -54157 was already dead. +Jun 02 13:22:24 l systemd-logind[1623]: New session c25 of user gdm. +Jun 02 13:22:24 l systemd[1]: Started Session c25 of User gdm. +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: X.Org X Server 1.21.1.16 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: X Protocol Version 11, Revision 0 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: Current Operating System: Linux l 6.12.25 #1-NixOS SMP PREEMPT_DYNAMIC Fri Apr 25 08:48:08 UTC 2025 x86_64 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: Kernel command line: initrd=\EFI\nixos\ddwdrb723gkjnw86zlcpzdzns53599kb-initrd-linux-6.12.25-initrd.efi init=/nix/store/zgv335j605i6kzm2r7hfca41029fdi12-nixos-system-l-24.11.20250502.bf3287d/init loglevel=4 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: Current version of pixman: 0.43.4 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: Before reporting problems, check http://wiki.x.org +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: to make sure that you have the latest version. +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: Markers: (--) probed, (**) from config file, (==) default setting, +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (++) from command line, (!!) notice, (II) informational, +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (WW) warning, (EE) error, (NI) not implemented, (??) unknown. +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (++) Log file: "/dev/null", Time: Mon Jun 2 13:22:24 2025 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (++) Using config file: "/nix/store/fym223impgdfyvxh0cpk9vnrk0lywbxm-xserver.conf" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (==) Using config directory: "/etc/X11/xorg.conf.d" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (==) Using system config directory "/nix/store/j93m21y17jbs7sa380gdyv5236q27rss-xorg-server-21.1.16/share/X11/xorg.conf.d" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (==) ServerLayout "Layout[all]" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (**) |-->Screen "Screen-amdgpu[0]" (0) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (**) | |-->Monitor "" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (**) | |-->Device "Device-amdgpu[0]" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (==) No monitor specified for screen "Screen-amdgpu[0]". +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: Using a default monitor configuration. +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (**) Option "DontZap" "on" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (**) Option "AllowMouseOpenFail" "on" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (**) Allowing byte-swapped clients +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (==) Automatically adding devices +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (==) Automatically enabling devices +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (==) Automatically adding GPU devices +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (==) Automatically binding GPU devices +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (==) Max clients allowed: 256, resource mask: 0x1fffff +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (**) FontPath set to: +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: /nix/store/xh83kpkqq7xvqyqlc7j4gmphf6jc8g5f-font-cursor-misc-1.0.4/lib/X11/fonts/misc, +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: /nix/store/p8zdmv713rmrjv0qdxv58cmy0nh427w3-font-misc-misc-1.1.3/lib/X11/fonts/misc, +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: /nix/store/lc9l1wg361h0zrw1hcv78aygzcyxsa88-unifont-16.0.01/share/fonts, +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: /nix/store/42350zvqxga4vfwdaky5mjhjrfh00y0m-font-adobe-100dpi-1.0.4/lib/X11/fonts/100dpi, +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: /nix/store/brzcaxpd0bq424cd7wqd59bvxfhxpmny-font-adobe-75dpi-1.0.4/lib/X11/fonts/75dpi +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (**) ModulePath set to "/nix/store/1syfpzn0s39fh62xcq5jaahar619gbds-xf86-video-amdgpu-23.0.0/lib/xorg/modules,/nix/store/j93m21y17jbs7sa380gdyv5236q27rss-xorg-server-21.1.16/lib/xorg/modules,/nix/store/1dx1w0hkdaycrcyjpwyq4i1nc0j6my36-xf86-input-evdev-2.11.0/lib/xorg/modules,/nix/store/hc4vy0scpvr0k10bm1sjqn40qql1725r-xf86-input-libinput-1.5.0/lib/xorg/modules" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) The server relies on udev to provide the list of input devices. +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: If no devices become available, reconfigure udev or disable AutoAddDevices. +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) Loader magic: 0x64fe40 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) Module ABI versions: +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: X.Org ANSI C Emulation: 0.4 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: X.Org Video Driver: 25.2 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: X.Org XInput driver : 24.4 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: X.Org Server Extension : 10.0 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (++) using VT number 7 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) systemd-logind: took control of session /org/freedesktop/login1/session/c25 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) xfree86: Adding drm device (/dev/dri/card1) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) Platform probe for /sys/devices/pci0000:60/0000:60:03.1/0000:61:00.0/0000:62:00.0/0000:63:00.0/drm/card1 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) systemd-logind: got fd for /dev/dri/card1 226:1 fd 14 paused 0 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (--) PCI:*(99@0:0:0) 1002:7312:1002:031e rev 0, Mem @ 0x13e00000000/8589934592, 0x14000000000/268435456, 0xcde00000/524288, I/O @ 0x0000f000/256, BIOS @ 0x????????/131072 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (WW) Open ACPI failed (/var/run/acpid.socket) (No such file or directory) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) "glx" will be loaded by default. +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) LoadModule: "glx" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) Loading /nix/store/j93m21y17jbs7sa380gdyv5236q27rss-xorg-server-21.1.16/lib/xorg/modules/extensions/libglx.so +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) Module glx: vendor="X.Org Foundation" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: compiled for 1.21.1.16, module version = 1.0.0 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: ABI class: X.Org Server Extension, version 10.0 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) LoadModule: "amdgpu" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) Loading /nix/store/1syfpzn0s39fh62xcq5jaahar619gbds-xf86-video-amdgpu-23.0.0/lib/xorg/modules/drivers/amdgpu_drv.so +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) Module amdgpu: vendor="X.Org Foundation" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: compiled for 1.21.1.16, module version = 23.0.0 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: Module class: X.Org Video Driver +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: ABI class: X.Org Video Driver, version 25.2 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) AMDGPU: Driver for AMD Radeon: +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: All GPUs supported by the amdgpu kernel driver +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (WW) VGA arbiter: cannot open kernel arbiter, no multi-card support +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) AMDGPU(0): Creating default Display subsection in Screen section +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: "Screen-amdgpu[0]" for depth/fbbpp 24/32 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (==) AMDGPU(0): Depth 24, (--) framebuffer bpp 32 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) AMDGPU(0): Pixel depth = 24 bits stored in 4 bytes (32 bpp pixmaps) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (==) AMDGPU(0): Default visual is TrueColor +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (==) AMDGPU(0): RGB weight 888 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) AMDGPU(0): Using 8 bits per RGB (8 bit DAC) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (--) AMDGPU(0): Chipset: "AMD Radeon Pro W5700" (ChipID = 0x7312) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) Loading sub module "fb" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) LoadModule: "fb" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) Module "fb" already built-in +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) Loading sub module "dri2" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) LoadModule: "dri2" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) Module "dri2" already built-in +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) Loading sub module "glamoregl" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) LoadModule: "glamoregl" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) Loading /nix/store/j93m21y17jbs7sa380gdyv5236q27rss-xorg-server-21.1.16/lib/xorg/modules/libglamoregl.so +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) Module glamoregl: vendor="X.Org Foundation" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: compiled for 1.21.1.16, module version = 1.0.1 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: ABI class: X.Org ANSI C Emulation, version 0.4 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (EE) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (EE) Backtrace: +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (EE) 0: /nix/store/j93m21y17jbs7sa380gdyv5236q27rss-xorg-server-21.1.16/bin/X (OsSigHandler+0x33) [0x5c35e3] +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (EE) unw_get_proc_name failed: no unwind info found [-10] +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (EE) 1: /nix/store/p9kdj55g5l39nbrxpjyz5wc1m0s7rzsx-glibc-2.40-66/lib/libc.so.6 (?+0x0) [0x7f2325759620] +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (EE) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (EE) Segmentation fault at address 0x0 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (EE) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: Fatal server error: +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (EE) Caught signal 11 (Segmentation fault). Server aborting +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (EE) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (EE) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: Please consult the The X.Org Foundation support +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: at http://wiki.x.org +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: for help. +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (EE) Please also check the log file at "/dev/null" for additional information. +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (EE) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (EE) Server terminated with error (1). Closing log file. + Module libdrm_amdgpu.so.1 without build-id. + Module amdgpu_drv.so without build-id. + #5 0x00000000005ccd95 FatalError (Xorg + 0x1ccd95) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54186]: Unable to run X server +Jun 02 13:22:24 l gdm[53976]: Gdm: GdmDisplay: Session never registered, failing +Jun 02 13:22:24 l gdm[53976]: Gdm: GdmLocalDisplayFactory: maximum number of X display failures reached: check X server log for errors +Jun 02 13:22:24 l gdm[53976]: Gdm: Child process -54186 was already dead. +Jun 02 13:22:35 l (sd-pam)[53991]: pam_unix(systemd-user:session): session closed for user gdm diff --git a/desktop/l/flake.lock b/desktop/l/flake.lock index 6a828e3..dc661a5 100644 --- a/desktop/l/flake.lock +++ b/desktop/l/flake.lock @@ -20,11 +20,11 @@ ] }, "locked": { - "lastModified": 1745357003, - "narHash": "sha256-jYwzQkv1r7HN/4qrAuKp+NR4YYNp2xDrOX5O9YVqkWo=", + "lastModified": 1747864449, + "narHash": "sha256-PIjVAWghZhr3L0EFM2UObhX84UQxIACbON0IC0zzSKA=", "owner": "hyprwm", "repo": "aquamarine", - "rev": "a19cf76ee1a15c1c12083fa372747ce46387289f", + "rev": "389372c5f4dc1ac0e7645ed29a35fd6d71672ef5", "type": "github" }, "original": { @@ -78,16 +78,15 @@ ] }, "locked": { - "lastModified": 1746171682, - "narHash": "sha256-EyXUNSa+H+YvGVuQJP1nZskXAowxKYp79RNUsNdQTj4=", + "lastModified": 1749160002, + "narHash": "sha256-IM3xKjsKxhu7Y1WdgTltrLKiOJS8nW7D4SUDEMNr7CI=", "owner": "nix-community", "repo": "home-manager", - "rev": "50eee705bbdbac942074a8c120e8194185633675", + "rev": "68cc9eeb3875ae9682c04629f20738e1e79d72aa", "type": "github" }, "original": { "owner": "nix-community", - "ref": "release-24.11", "repo": "home-manager", "type": "github" } @@ -166,11 +165,11 @@ "xdph": "xdph" }, "locked": { - "lastModified": 1746291290, - "narHash": "sha256-96SpKoIyUsRas+h6RhnPcgbduyH2j2YrujWpsuKdK8Q=", + "lastModified": 1749155341, + "narHash": "sha256-KE7qwOLzIsPFnXKh4Z72NwAzP8ZdRxxQKthLGJ30YHM=", "owner": "hyprwm", "repo": "Hyprland", - "rev": "46ac115bd19ee3aff5c816033de0b1d55a74e33f", + "rev": "fb7548cb41d82f12db2d51b50af29abe4704a1a4", "type": "github" }, "original": { @@ -196,11 +195,11 @@ ] }, "locked": { - "lastModified": 1746281365, - "narHash": "sha256-L5oTQib471A0zXhk6ed9y8UE19Sh7+WU3xQg0q3e+FI=", + "lastModified": 1748526041, + "narHash": "sha256-QyUACXhQJ2+K0YxwEuAfpyCXqbdCCHj1jNAWJy+vUxw=", "owner": "hyprwm", "repo": "hyprland-plugins", - "rev": "0ca682bc2c2e10414e7de1fb6606226a45e76380", + "rev": "2eee96fe52fa0923c0aae647eb7901b5b51df3db", "type": "github" }, "original": { @@ -318,11 +317,11 @@ ] }, "locked": { - "lastModified": 1745357019, - "narHash": "sha256-q/C3qj9FWHQenObXuw/nGIT8iIsWFjgmcQYcA+ZfpPs=", + "lastModified": 1747484975, + "narHash": "sha256-+LAQ81HBwG0lwshHlWe0kfWg4KcChIPpnwtnwqmnoEU=", "owner": "hyprwm", "repo": "hyprlang", - "rev": "397600c42b8d7a443a5b4e92aa15f46650a90f18", + "rev": "163c83b3db48a17c113729c220a60b94596c9291", "type": "github" }, "original": { @@ -343,11 +342,11 @@ ] }, "locked": { - "lastModified": 1745975815, - "narHash": "sha256-s3GzsRxBL/N/xYgUXZhQh4t62uR1BN4zxXgWBtJ3lWM=", + "lastModified": 1746635225, + "narHash": "sha256-W9G9bb0zRYDBRseHbVez0J8qVpD5QbizX67H/vsudhM=", "owner": "hyprwm", "repo": "hyprutils", - "rev": "05878d9470c9e5cbc8807813f9ec2006627a0ca0", + "rev": "674ea57373f08b7609ce93baff131117a0dfe70d", "type": "github" }, "original": { @@ -368,11 +367,11 @@ ] }, "locked": { - "lastModified": 1739870480, - "narHash": "sha256-SiDN5BGxa/1hAsqhgJsS03C3t2QrLgBT8u+ENJ0Qzwc=", + "lastModified": 1747584298, + "narHash": "sha256-PH9qZqWLHvSBQiUnA0NzAyQA3tu2no2z8kz0ZeHWj4w=", "owner": "hyprwm", "repo": "hyprwayland-scanner", - "rev": "206367a08dc5ac4ba7ad31bdca391d098082e64b", + "rev": "e511882b9c2e1d7a75d45d8fddd2160daeafcbc3", "type": "github" }, "original": { @@ -383,11 +382,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1746141548, - "narHash": "sha256-IgBWhX7A2oJmZFIrpRuMnw5RAufVnfvOgHWgIdds+hc=", + "lastModified": 1748460289, + "narHash": "sha256-7doLyJBzCllvqX4gszYtmZUToxKvMUrg45EUWaUYmBg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "f02fddb8acef29a8b32f10a335d44828d7825b78", + "rev": "96ec055edbe5ee227f28cdbc3f1ddf1df5965102", "type": "github" }, "original": { @@ -397,34 +396,18 @@ "type": "github" } }, - "nixpkgs-unstable": { - "locked": { - "lastModified": 1746141548, - "narHash": "sha256-IgBWhX7A2oJmZFIrpRuMnw5RAufVnfvOgHWgIdds+hc=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "f02fddb8acef29a8b32f10a335d44828d7825b78", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs_2": { "locked": { - "lastModified": 1746183838, - "narHash": "sha256-kwaaguGkAqTZ1oK0yXeQ3ayYjs8u/W7eEfrFpFfIDFA=", + "lastModified": 1748929857, + "narHash": "sha256-lcZQ8RhsmhsK8u7LIFsJhsLh/pzR9yZ8yqpTzyGdj+Q=", "owner": "nixos", "repo": "nixpkgs", - "rev": "bf3287dac860542719fe7554e21e686108716879", + "rev": "c2a03962b8e24e669fb37b7df10e7c79531ff1a4", "type": "github" }, "original": { "owner": "nixos", - "ref": "nixos-24.11", + "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } @@ -439,11 +422,11 @@ ] }, "locked": { - "lastModified": 1742649964, - "narHash": "sha256-DwOTp7nvfi8mRfuL1escHDXabVXFGT1VlPD1JHrtrco=", + "lastModified": 1747372754, + "narHash": "sha256-2Y53NGIX2vxfie1rOW0Qb86vjRZ7ngizoo+bnXU9D9k=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "dcf5072734cb576d2b0c59b2ac44f5050b5eac82", + "rev": "80479b6ec16fefd9c1db3ea13aeb038c60530f46", "type": "github" }, "original": { @@ -457,8 +440,7 @@ "home-manager": "home-manager", "hyprland": "hyprland", "hyprland-plugins": "hyprland-plugins", - "nixpkgs": "nixpkgs_2", - "nixpkgs-unstable": "nixpkgs-unstable" + "nixpkgs": "nixpkgs_2" } }, "systems": { diff --git a/desktop/l/flake.nix b/desktop/l/flake.nix index 43d0e08..8d3b012 100644 --- a/desktop/l/flake.nix +++ b/desktop/l/flake.nix @@ -1,37 +1,24 @@ { - description = "t Flake"; + description = "l Flake"; # https://nix.dev/manual/nix/2.24/command-ref/new-cli/nix3-flake.html#flake-inputs inputs = { - nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11"; - nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; - # https://docs.github.com/en/rest/branches/branches?apiVersion=2022-11-28#get-a-branch - # nixpkgs-unstable.url = "github:randomizedcoder/nixpkgs/8f146535307f0168d758fe6fee6f52663cb11695";#iperf2_2.2.1 - # nixpkgs-unstable.url = "github:randomizedcoder/nixpkgs/c9580e24eb621d72eda63355d7c8dbfb1654d333"; - # https://github.com/NixOS/nix/issues/12022 - #nix flake lock --override-input nixpkgs /home/eelco/Dev/nixpkgs - #nix flake lock --override-input nixpkgs "/home/das/Downloads/nixpkgs - #nixpkgs.url = "/home/das/Downloads/nixpkgs"; - #nixpkgs = "../../../Downloads/nixpkgs/"; + nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; + # https://nixos-and-flakes.thiscute.world/nixos-with-flakes/start-using-home-manager home-manager = { - url = "github:nix-community/home-manager/release-24.11"; - # The `follows` keyword in inputs is used for inheritance. - # Here, `inputs.nixpkgs` of home-manager is kept consistent with - # the `inputs.nixpkgs` of the current flake, - # to avoid problems caused by different versions of nixpkgs. + url = "github:nix-community/home-manager"; inputs.nixpkgs.follows = "nixpkgs"; }; hyprland.url = "github:hyprwm/Hyprland"; hyprland-plugins = { url = "github:hyprwm/hyprland-plugins"; - # https://github.com/hyprwm/hyprland-plugins inputs.hyprland.follows = "hyprland"; }; }; #outputs = inputs@{ nixpkgs, home-manager, hyprland, ... }: - outputs = { self, nixpkgs, nixpkgs-unstable, home-manager, hyprland, ... }: + outputs = { self, nixpkgs, home-manager, hyprland, ... }: let system = "x86_64-linux"; pkgs = import nixpkgs { @@ -39,45 +26,25 @@ config = { allowUnfree = true; allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ - "nvidia-x11" - "nvidia-settings" - "nvidia-persistenced" + # "nvidia-x11" + # "nvidia-settings" + # "nvidia-persistenced" "google-chrome" "android-studio" "android-studio-stable" ]; }; }; - # https://nixos.wiki/wiki/Flakes#Importing_packages_from_multiple_channels - # overlay-unstable = final: prev: { - # unstable = nixpkgs-unstable.legacyPackages.${prev.system}; - # }; - overlay-unstable = final: prev: { - unstable = import nixpkgs-unstable { - inherit system; - config = { - allowUnfree = true; - # allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ - # "vscode" - # "code-cursor" - # "slack" - # "zoom-us" - # "nvidia-x11" - # ]; - }; - }; - }; lib = nixpkgs.lib; in { nixosConfigurations = { - t = lib.nixosSystem rec { + l = lib.nixosSystem rec { inherit system; specialArgs = { inherit hyprland; - inherit overlay-unstable; + unstable = pkgs; }; modules = [ - ({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay-unstable ]; }) ./configuration.nix hyprland.nixosModules.default home-manager.nixosModules.home-manager @@ -85,7 +52,11 @@ # https://nix-community.github.io/home-manager/nixos-options.xhtml#nixos-opt-home-manager.useGlobalPkgs #home-manager.useGlobalPkgs = true; # This disables the Home Manager options nixpkgs.*. home-manager.useUserPackages = true; - home-manager.users.das = import ./home.nix; + home-manager.users.das = { config, pkgs, ... }: { + imports = [ + ./home.nix + ]; + }; home-manager.extraSpecialArgs = specialArgs; # see also: https://github.com/HeinzDev/Hyprland-dotfiles/blob/main/flake.nix } diff --git a/desktop/l/home-hyprland.nix b/desktop/l/home-hyprland.nix new file mode 100644 index 0000000..6ba1790 --- /dev/null +++ b/desktop/l/home-hyprland.nix @@ -0,0 +1,316 @@ +{ config, pkgs, ... }: + +{ + # Enable Hyprland + programs.hyprland = { + enable = true; + xwayland.enable = true; + }; + + # Enable XDG portal + xdg.portal = { + enable = true; + extraPortals = with pkgs; [ xdg-desktop-portal-gtk ]; + config.common.default = "gtk"; + }; + + # Hyprland window manager configuration + wayland.windowManager.hyprland = { + enable = true; + xwayland.enable = true; + extraConfig = '' + # Monitor configuration + monitor=,preferred,auto,1 + + # Execute-once startup commands + exec-once = waybar + exec-once = swaybg -i ~/.config/hypr/wallpaper.jpg + exec-once = hypridle + exec-once = wl-paste --type text --watch cliphist store + exec-once = wl-paste --type image --watch cliphist store + + # Input configuration + input { + kb_layout = us + kb_variant = + kb_model = + kb_options = + kb_rules = + + follow_mouse = 1 + touchpad { + natural_scroll = true + scroll_factor = 0.3 + } + sensitivity = 0 # -1.0 - 1.0, 0 means no modification. + } + + # General settings + general { + gaps_in = 5 + gaps_out = 10 + border_size = 2 + col.active_border = rgba(33ccffee) rgba(00ff99ee) 45deg + col.inactive_border = rgba(595959aa) + layout = dwindle + no_cursor_warps = true + } + + # Decoration settings + decoration { + rounding = 10 + blur { + enabled = true + size = 3 + passes = 1 + } + drop_shadow = true + shadow_range = 4 + shadow_render_power = 3 + col.shadow = rgba(1a1a1aee) + } + + # Animation settings + animations { + enabled = true + bezier = myBezier, 0.05, 0.9, 0.1, 1.05 + animation = windows, 1, 7, myBezier + animation = windowsOut, 1, 7, default, popin 80% + animation = border, 1, 10, default + animation = borderangle, 1, 8, default + animation = fade, 1, 7, default + animation = workspaces, 1, 6, default + } + + # Layout settings + dwindle { + pseudotile = true + preserve_split = true + } + + # Gesture settings + gestures { + workspace_swipe = true + workspace_swipe_fingers = 3 + } + + # Keybindings + bind = SUPER, Q, killactive, + bind = SUPER, RETURN, exec, ${pkgs.alacritty}/bin/alacritty + bind = SUPER, D, exec, wofi --show drun + bind = SUPER, F, fullscreen + bind = SUPER, H, movefocus, l + bind = SUPER, L, movefocus, r + bind = SUPER, K, movefocus, u + bind = SUPER, J, movefocus, d + bind = SUPER, left, movewindow, l + bind = SUPER, right, movewindow, r + bind = SUPER, up, movewindow, u + bind = SUPER, down, movewindow, d + bind = SUPER SHIFT, H, movewindow, l + bind = SUPER SHIFT, L, movewindow, r + bind = SUPER SHIFT, K, movewindow, u + bind = SUPER SHIFT, J, movewindow, d + bind = SUPER, 1, workspace, 1 + bind = SUPER, 2, workspace, 2 + bind = SUPER, 3, workspace, 3 + bind = SUPER, 4, workspace, 4 + bind = SUPER, 5, workspace, 5 + bind = SUPER, 6, workspace, 6 + bind = SUPER, 7, workspace, 7 + bind = SUPER, 8, workspace, 8 + bind = SUPER, 9, workspace, 9 + bind = SUPER, 0, workspace, 10 + bind = SUPER SHIFT, 1, movetoworkspace, 1 + bind = SUPER SHIFT, 2, movetoworkspace, 2 + bind = SUPER SHIFT, 3, movetoworkspace, 3 + bind = SUPER SHIFT, 4, movetoworkspace, 4 + bind = SUPER SHIFT, 5, movetoworkspace, 5 + bind = SUPER SHIFT, 6, movetoworkspace, 6 + bind = SUPER SHIFT, 7, movetoworkspace, 7 + bind = SUPER SHIFT, 8, movetoworkspace, 8 + bind = SUPER SHIFT, 9, movetoworkspace, 9 + bind = SUPER SHIFT, 0, movetoworkspace, 10 + bind = SUPER, mouse_down, workspace, e+1 + bind = SUPER, mouse_up, workspace, e-1 + bind = SUPER, period, togglespecialworkspace, magic + bind = SUPER SHIFT, period, movetoworkspace, special:magic + bind = SUPER, S, togglesplit, + bind = SUPER, P, pseudo, + bind = SUPER, V, togglefloating, + bind = SUPER, R, exec, wofi --show run + bind = SUPER, Print, exec, grimblast --notify copysave area + bind = SUPER SHIFT, Print, exec, grimblast --notify copysave screen + bind = SUPER, X, exec, wl-clipboard-manager + bind = SUPER, C, exec, cliphist list | wofi --dmenu | cliphist decode | wl-copy + ''; + }; + + # Waybar configuration + programs.waybar = { + enable = true; + settings = { + mainBar = { + layer = "top"; + position = "top"; + height = 30; + spacing = 4; + modules-left = [ + "hyprland/workspaces" + "hyprland/submap" + ]; + modules-center = [ + "hyprland/window" + ]; + modules-right = [ + "pulseaudio" + "network" + "cpu" + "memory" + "battery" + "clock" + ]; + "hyprland/workspaces" = { + format = "{name}"; + on-click = "activate"; + sort-by-number = true; + }; + "hyprland/window" = { + format = "{}"; + separate-outputs = true; + }; + "pulseaudio" = { + format = "{icon} {volume}%"; + format-muted = "🔇"; + format-icons = { + headphone = "🎧"; + handsfree = "📱"; + headset = "🎧"; + phone = "☎️"; + portable = "📱"; + car = "🚗"; + default = ["🔈" "🔉" "🔊"]; + }; + on-click = "pavucontrol"; + }; + "network" = { + format-wifi = "📶 {essid}"; + format-ethernet = "🌐 {ipaddr}/{cidr}"; + format-linked = "🌐 {ifname} (No IP)"; + format-disconnected = "⚠️ Disconnected"; + format-alt = "{ifname}: {ipaddr}/{cidr}"; + }; + "cpu" = { + format = "🖥️ {usage}%"; + tooltip-format = "{usage}% used"; + }; + "memory" = { + format = "🧠 {percentage}%"; + tooltip-format = "{used:0.1f}GB/{total:0.1f}GB used"; + }; + "battery" = { + states = { + warning = 30; + critical = 15; + }; + format = "{icon} {capacity}%"; + format-charging = "⚡ {capacity}%"; + format-plugged = "🔌 {capacity}%"; + format-icons = ["🔋" "🔋" "🔋" "🔋" "🔋"]; + }; + "clock" = { + format = "🕒 {:%H:%M}"; + format-alt = "🕒 {:%Y-%m-%d %H:%M}"; + tooltip-format = "{:%Y %B}\n{calendar}"; + }; + }; + }; + style = '' + * { + border: none; + border-radius: 0; + font-family: "JetBrainsMono Nerd Font"; + font-size: 13px; + font-weight: bold; + min-height: 0; + } + + window#waybar { + background: rgba(21, 18, 27, 0.8); + color: #cdd6f4; + } + + #workspaces button { + padding: 0 5px; + background: transparent; + color: #cdd6f4; + } + + #workspaces button:hover { + background: rgba(0, 0, 0, 0.2); + } + + #workspaces button.active { + background: #7aa2f7; + color: #1e1e2e; + } + + #workspaces button.urgent { + background: #f38ba8; + color: #1e1e2e; + } + + #battery, + #cpu, + #memory, + #network, + #pulseaudio, + #clock { + padding: 0 10px; + margin: 0 5px; + } + + #battery { + color: #a6e3a1; + } + + #battery.warning { + color: #f9e2af; + } + + #battery.critical { + color: #f38ba8; + } + + #network { + color: #89b4fa; + } + + #pulseaudio { + color: #cba6f7; + } + + #cpu { + color: #f5c2e7; + } + + #memory { + color: #fab387; + } + + #clock { + color: #89dceb; + } + ''; + }; + + # Ghostty configuration + programs.ghostty = { + enable = true; + settings = { + scrollback-sidebar = true; + scrollback-sidebar-width = 20; + scrollback-sidebar-position = "right"; + }; + }; +} \ No newline at end of file diff --git a/desktop/l/home.nix b/desktop/l/home.nix index 275ba73..fb7385f 100644 --- a/desktop/l/home.nix +++ b/desktop/l/home.nix @@ -2,21 +2,314 @@ hyprland, config, pkgs, - overlay-unstable, ... }: -#{ config, pkgs, ... }: -#{ config, inputs, pkgs, ... }: - -# sudo cp ./nixos/modules/* /etc/nixos/ -# sudo nixos-rebuild switch { imports = [ hyprland.homeManagerModules.default - # other imports to go here ]; + # Hyprland window manager configuration + wayland.windowManager.hyprland = { + enable = true; + xwayland.enable = true; + extraConfig = '' + # Monitor configuration + monitor=,preferred,auto,1 + + # Execute-once startup commands + exec-once = waybar + exec-once = swaybg -i ~/.config/hypr/wallpaper.jpg + exec-once = hypridle + exec-once = wl-paste --type text --watch cliphist store + exec-once = wl-paste --type image --watch cliphist store + + # Input configuration + input { + kb_layout = us + kb_variant = + kb_model = + kb_options = + kb_rules = + + follow_mouse = 1 + touchpad { + natural_scroll = true + scroll_factor = 0.3 + } + sensitivity = 0 # -1.0 - 1.0, 0 means no modification. + } + + # General settings + general { + gaps_in = 5 + gaps_out = 10 + border_size = 2 + col.active_border = rgba(33ccffee) rgba(00ff99ee) 45deg + col.inactive_border = rgba(595959aa) + layout = dwindle + no_cursor_warps = true + } + + # Decoration settings + decoration { + rounding = 10 + blur { + enabled = true + size = 3 + passes = 1 + } + drop_shadow = true + shadow_range = 4 + shadow_render_power = 3 + col.shadow = rgba(1a1a1aee) + } + + # Animation settings + animations { + enabled = true + bezier = myBezier, 0.05, 0.9, 0.1, 1.05 + animation = windows, 1, 7, myBezier + animation = windowsOut, 1, 7, default, popin 80% + animation = border, 1, 10, default + animation = borderangle, 1, 8, default + animation = fade, 1, 7, default + animation = workspaces, 1, 6, default + } + + # Layout settings + dwindle { + pseudotile = true + preserve_split = true + } + + # Gesture settings + gestures { + workspace_swipe = true + workspace_swipe_fingers = 3 + } + + # Keybindings + bind = SUPER, Q, killactive, + bind = SUPER, RETURN, exec, ${pkgs.alacritty}/bin/alacritty + bind = SUPER, D, exec, wofi --show drun + bind = SUPER, F, fullscreen + bind = SUPER, H, movefocus, l + bind = SUPER, L, movefocus, r + bind = SUPER, K, movefocus, u + bind = SUPER, J, movefocus, d + bind = SUPER, left, movewindow, l + bind = SUPER, right, movewindow, r + bind = SUPER, up, movewindow, u + bind = SUPER, down, movewindow, d + bind = SUPER SHIFT, H, movewindow, l + bind = SUPER SHIFT, L, movewindow, r + bind = SUPER SHIFT, K, movewindow, u + bind = SUPER SHIFT, J, movewindow, d + bind = SUPER, 1, workspace, 1 + bind = SUPER, 2, workspace, 2 + bind = SUPER, 3, workspace, 3 + bind = SUPER, 4, workspace, 4 + bind = SUPER, 5, workspace, 5 + bind = SUPER, 6, workspace, 6 + bind = SUPER, 7, workspace, 7 + bind = SUPER, 8, workspace, 8 + bind = SUPER, 9, workspace, 9 + bind = SUPER, 0, workspace, 10 + bind = SUPER SHIFT, 1, movetoworkspace, 1 + bind = SUPER SHIFT, 2, movetoworkspace, 2 + bind = SUPER SHIFT, 3, movetoworkspace, 3 + bind = SUPER SHIFT, 4, movetoworkspace, 4 + bind = SUPER SHIFT, 5, movetoworkspace, 5 + bind = SUPER SHIFT, 6, movetoworkspace, 6 + bind = SUPER SHIFT, 7, movetoworkspace, 7 + bind = SUPER SHIFT, 8, movetoworkspace, 8 + bind = SUPER SHIFT, 9, movetoworkspace, 9 + bind = SUPER SHIFT, 0, movetoworkspace, 10 + bind = SUPER, mouse_down, workspace, e+1 + bind = SUPER, mouse_up, workspace, e-1 + bind = SUPER, period, togglespecialworkspace, magic + bind = SUPER SHIFT, period, movetoworkspace, special:magic + bind = SUPER, S, togglesplit, + bind = SUPER, P, pseudo, + bind = SUPER, V, togglefloating, + bind = SUPER, R, exec, wofi --show run + bind = SUPER, Print, exec, grimblast --notify copysave area + bind = SUPER SHIFT, Print, exec, grimblast --notify copysave screen + bind = SUPER, X, exec, wl-clipboard-manager + bind = SUPER, C, exec, cliphist list | wofi --dmenu | cliphist decode | wl-copy + ''; + }; + + # Waybar configuration + programs.waybar = { + enable = true; + settings = { + mainBar = { + layer = "top"; + position = "top"; + height = 30; + spacing = 4; + modules-left = [ + "hyprland/workspaces" + "hyprland/submap" + ]; + modules-center = [ + "hyprland/window" + ]; + modules-right = [ + "pulseaudio" + "network" + "cpu" + "memory" + "battery" + "clock" + ]; + "hyprland/workspaces" = { + format = "{name}"; + on-click = "activate"; + sort-by-number = true; + }; + "hyprland/window" = { + format = "{}"; + separate-outputs = true; + }; + "pulseaudio" = { + format = "{icon} {volume}%"; + format-muted = "🔇"; + format-icons = { + headphone = "🎧"; + handsfree = "📱"; + headset = "🎧"; + phone = "☎️"; + portable = "📱"; + car = "🚗"; + default = ["🔈" "🔉" "🔊"]; + }; + on-click = "pavucontrol"; + }; + "network" = { + format-wifi = "📶 {essid}"; + format-ethernet = "🌐 {ipaddr}/{cidr}"; + format-linked = "🌐 {ifname} (No IP)"; + format-disconnected = "⚠️ Disconnected"; + format-alt = "{ifname}: {ipaddr}/{cidr}"; + }; + "cpu" = { + format = "🖥️ {usage}%"; + tooltip-format = "{usage}% used"; + }; + "memory" = { + format = "🧠 {percentage}%"; + tooltip-format = "{used:0.1f}GB/{total:0.1f}GB used"; + }; + "battery" = { + states = { + warning = 30; + critical = 15; + }; + format = "{icon} {capacity}%"; + format-charging = "⚡ {capacity}%"; + format-plugged = "🔌 {capacity}%"; + format-icons = ["🔋" "🔋" "🔋" "🔋" "🔋"]; + }; + "clock" = { + format = "🕒 {:%H:%M}"; + format-alt = "🕒 {:%Y-%m-%d %H:%M}"; + tooltip-format = "{:%Y %B}\n{calendar}"; + }; + }; + }; + style = '' + * { + border: none; + border-radius: 0; + font-family: "JetBrainsMono Nerd Font"; + font-size: 13px; + font-weight: bold; + min-height: 0; + } + + window#waybar { + background: rgba(21, 18, 27, 0.8); + color: #cdd6f4; + } + + #workspaces button { + padding: 0 5px; + background: transparent; + color: #cdd6f4; + } + + #workspaces button:hover { + background: rgba(0, 0, 0, 0.2); + } + + #workspaces button.active { + background: #7aa2f7; + color: #1e1e2e; + } + + #workspaces button.urgent { + background: #f38ba8; + color: #1e1e2e; + } + + #battery, + #cpu, + #memory, + #network, + #pulseaudio, + #clock { + padding: 0 10px; + margin: 0 5px; + } + + #battery { + color: #a6e3a1; + } + + #battery.warning { + color: #f9e2af; + } + + #battery.critical { + color: #f38ba8; + } + + #network { + color: #89b4fa; + } + + #pulseaudio { + color: #cba6f7; + } + + #cpu { + color: #f5c2e7; + } + + #memory { + color: #fab387; + } + + #clock { + color: #89dceb; + } + ''; + }; + + # Ghostty configuration + programs.ghostty = { + enable = true; + settings = { + scrollback-sidebar = true; + scrollback-sidebar-width = 20; + scrollback-sidebar-position = "right"; + }; + }; + home = { username = "das"; homeDirectory = "/home/das"; @@ -27,12 +320,13 @@ # https://nix-community.github.io/home-manager/options.xhtml#opt-home.sessionVariables home.sessionVariables = { - NIXPKGS_ALLOW_UNFREE = "1"; + #NIXPKGS_ALLOW_UNFREE = "1"; + ELECTRON_OZONE_PLATFORM_HINT = "auto"; QT_QPA_PLATFORM = "wayland"; - GI_TYPELIB_PATH = "/run/current-system/sw/lib/girepository-1.0"; + # GI_TYPELIB_PATH = "/run/current-system/sw/lib/girepository-1.0"; # disable wayland - NIXOS_OZONE_WL = "1"; + # NIXOS_OZONE_WL = "1"; GOPRIVATE = "gitlab.com/sidenio/*"; TERM = "xterm-256color"; @@ -54,14 +348,25 @@ neofetch file + # Hyprland related + waybar + swaybg + swaylock + wl-clipboard + wf-recorder + grimblast + hyprpaper + hyprpicker + hypridle + hyprlock + # Terminal Multiplexers tmux screen # LLVM/Clang toolchain (needed for race detection and C/C++ builds) - llvmPackages_19.libcxxClang - llvmPackages_19.lld - llvmPackages_19.libcxx.dev + llvmPackages_20.clang-tools + llvmPackages_20.lld # Essential development libraries (minimal headers) glibc.dev @@ -100,8 +405,8 @@ lz4 zip unzip - xz - zstd + #xz + #zstd gnutar @@ -121,7 +426,7 @@ vlan tcpdump wireshark - unstable.iperf2 + iperf2 netperf flent bpftools @@ -157,18 +462,18 @@ #glibc_multi # thunderbird #go_1_23 - unstable.go - unstable.gopls - unstable.golint + go + gopls + golint golangci-lint - unstable.golangci-lint-langserver + golangci-lint-langserver # trunk is unfree, and i can't work out how to enable unfree #trunk-io # https://github.com/go-delve/delve - unstable.delve + delve # https://github.com/aarzilli/gdlv gdlv - unstable.buf + buf protobuf_27 grpcurl # https://github.com/go-gorm/gen @@ -182,17 +487,17 @@ # removing bazel and moving to the "nix develop" shell # # https://github.com/bazelbuild/bazel/tags # # https://github.com/NixOS/nixpkgs/blob/nixos-unstable/pkgs/development/tools/build-managers/bazel/bazel_7/default.nix#L524 - #unstable.bazel_7 - unstable.bazel-buildtools - unstable.bazelisk + #bazel_7 + bazel-buildtools + bazelisk - unstable.code-cursor + code-cursor # # https://github.com/bazel-contrib/bazel-gazelle/tags # # https://github.com/NixOS/nixpkgs/blob/nixos-unstable/pkgs/by-name/ba/bazel-gazelle/package.nix#L26 - # unstable.bazel-gazelle - # unstable.bazel-buildtools - # unstable.bazelisk + # bazel-gazelle + # bazel-buildtools + # bazelisk # # https://github.com/buchgr/bazel-remote - maybe something to look at? # # https://github.com/buildfarm/buildfarm?tab=readme-ov-file#helm-chart @@ -221,9 +526,13 @@ android-tools android-udev-rules + nordic + gnome-themes-extra + #gnome-shell-extensions + # Gnome Related / Extensions # gnomeExtensions.emoji-copy - # unstable.gnomeExtensions.workspace-switcher-manager + # gnomeExtensions.workspace-switcher-manager gnome-extension-manager gnome-usage dconf-editor @@ -273,12 +582,13 @@ # Communication # https://nixos.wiki/wiki/Slack - unstable.slack - unstable.zoom-us + slack + zoom-us # Screenshots/Screen Recording # https://wiki.nixos.org/wiki/Flameshot - (flameshot.override { enableWlrSupport = true; }) + flameshot + #(flameshot.override { enableWlrSupport = true; }) grim # screenshot functionality slurp # screenshot functionality simplescreenrecorder @@ -334,7 +644,14 @@ wofi # Raspberry Pi - rpi-imager + #rpi-imager + + #silly + cmatrix + sl + + #gpu monitoring + lact ]; # vscode @@ -344,51 +661,31 @@ # https://mynixos.com/home-manager/options/programs.vscode programs.vscode = { enable = true; - # package = pkgs.vscode; - # extensions = with pkgs.vscode-extensions; [ - package = pkgs.unstable.vscode; - extensions = with pkgs.unstable.vscode-extensions; [ - #bbenoist.nix + package = pkgs.vscode; + profiles.default.extensions = with pkgs.vscode-extensions; [ dart-code.dart-code dart-code.flutter golang.go hashicorp.terraform - #k6.k6 ms-azuretools.vscode-docker - # https://github.com/orgs/microsoft/repositories?q=vscode ms-vscode-remote.remote-containers ms-vscode-remote.remote-ssh - #ms-vscode-remote.remote-ssh-edit ms-vscode.makefile-tools ms-vscode.cmake-tools ms-vscode.cpptools - #ms-vscode.cpptools-extension-pack - #ms-vscode.cpptools-themes ms-vscode.hexeditor ms-vscode.makefile-tools ms-python.python ms-python.vscode-pylance - #ms-vscode.remote-explorer - #ms-vscode.remote-repositories - #ms-vscode.remote-server ms-kubernetes-tools.vscode-kubernetes-tools redhat.vscode-yaml rust-lang.rust-analyzer - #crates is depreciated - #serayuzgur.crates tamasfe.even-better-toml timonwong.shellcheck - #trunk.io zxh404.vscode-proto3 yzhang.markdown-all-in-one - #platformio.platformio-ide - #github.copilot - # nix - #brettm12345.nixfmt.vscode jnoortheen.nix-ide - #jeff-hykin.better-nix-syntax rust-lang.rust-analyzer - #bazel bazelbuild.vscode-bazel ]; }; @@ -460,7 +757,8 @@ font-antialiasing = "grayscale"; font-hinting = "slight"; gtk-theme = "Nordic"; - # toolkit-accessibility = true; + icon-theme = "Papirus-Dark"; + cursor-theme = "Adwaita"; toolkit-accessibility = false; }; "org/gnome/shell" = { @@ -475,6 +773,9 @@ "slack.desktop" "ghostty.desktop" ]; + # "org/gnome/shell/extensions/user-theme" = { + # name = "Nordic"; + # }; enabled-extensions = with pkgs.gnomeExtensions; [ blur-my-shell.extensionUuid gsconnect.extensionUuid @@ -482,60 +783,6 @@ }; }; - # disable wayland - # # https://nixos.wiki/wiki/Hyprland - # # https://josiahalenbrown.substack.com/p/installing-nixos-with-hyprland - # #programs.hyprland.enable = true; - # wayland.windowManager.hyprland = { - # # Whether to enable Hyprland wayland compositor - # enable = true; - # # The hyprland package to use - # package = pkgs.hyprland; - # # Whether to enable XWayland - # xwayland.enable = true; - - # https://wiki.hyprland.org/Nix/Hyprland-on-Home-Manager/ - # wayland.windowManager.hyprland.enable = true; # enable Hyprland - # Example: https://github.com/JaKooLit/NixOS-configs/blob/main/Ja-OS%20(configs%20using%20install%20script)/Asus-G15/hosts/G15-NixOS/config.nix#L144 - wayland.windowManager.hyprland = { - enable = true; - xwayland.enable = true; - #extraConfig = '' plugin = ${inputs.hy3.packages.${pkgs.system}.hy3}/lib/libhy3.so ''; - # plugins = [ - # inputs.hyprland-plugins.packages.${pkgs.system}.hyprbars - # # ... - #]; - extraConfig = '' - # Monitor configuration (Example - replace with yours) - monitor=,preferred,auto,1 - - # Execute-once startup commands (Example) - exec-once = waybar & - exec-once = nm-applet --indicator - - # Keybindings (Example) - bind = SUPER, Q, killactive, - bind = SUPER, RETURN, exec, ${pkgs.alacritty}/bin/alacritty - - # Include other settings... - # input { ... } - # general { ... } - # decoration { ... } - # animations { ... } - # etc... - - # Source other files if needed (less common with inline config) - # source = ~/.config/hypr/myColors.conf - ''; - }; - - # # Optional - # # Whether to enable hyprland-session.target on hyprland startup - # systemd.enable = true; - # }; - # # home.file.".config/hypr/hyprland.conf".text = '' - # # ''; - home.file."containers.conf" = { target = ".config/containers/containers.conf"; # https://docs.podman.io/en/v4.6.0/markdown/options/security-opt.html @@ -597,8 +844,5 @@ # set at flake.nix level nixpkgs.config.allowUnfree = true; - nixpkgs.overlays = [ overlay-unstable ]; - - #home.stateVersion = "23.11"; home.stateVersion = "24.11"; } diff --git a/desktop/l/hyprland.nix b/desktop/l/hyprland.nix new file mode 100644 index 0000000..c4970d4 --- /dev/null +++ b/desktop/l/hyprland.nix @@ -0,0 +1,15 @@ +{ config, pkgs, ... }: +{ + # Enable Hyprland system-wide + programs.hyprland = { + enable = true; + xwayland.enable = true; + }; + + # Enable XDG portal for Wayland + xdg.portal = { + enable = true; + extraPortals = with pkgs; [ xdg-desktop-portal-gtk ]; + config.common.default = "gtk"; + }; +} \ No newline at end of file diff --git a/desktop/l/root.id_ed25519.pub b/desktop/l/root.id_ed25519.pub new file mode 100644 index 0000000..4176adb --- /dev/null +++ b/desktop/l/root.id_ed25519.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIBUWTELKL25XhSi+le+KNqaeAQvZ4Sh0/+lmRpiJzKn root@l diff --git a/desktop/l/root_ssh_config b/desktop/l/root_ssh_config new file mode 100644 index 0000000..6bea619 --- /dev/null +++ b/desktop/l/root_ssh_config @@ -0,0 +1,21 @@ +host hp4 hp4.home + user remotebuild + IdentityFile ~/.ssh/remotebuild + ServerAliveInterval 10 + Protocol 2 + #UseRoaming no + ForwardAgent yes + # Modern Key Exchange Algorithms (Kex) - Prioritizes Post-Quantum (if available) and Curve25519 + KexAlgorithms sntrup761x25519-sha512@openssh.com,curve25519-sha256@libssh.org,curve25519-sha256,diffie-hellman-group-exchange-sha256 + # Modern Ciphers - Prioritizes ChaCha20 and AES-GCM (Authenticated Encryption) + Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com + # Modern MACs - Prioritizes Encrypt-then-MAC (EtM) modes + MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com + # temp hmac-md5 + #MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-md5 + ControlMaster auto + ControlPath ~/.ssh/master-%r@%h:%p + ControlPersist 10m + Compression yes + Connecttimeout 10 + HashKnownHosts no \ No newline at end of file diff --git a/desktop/l/systemPackages.nix b/desktop/l/systemPackages.nix index 4059747..c9fa23e 100644 --- a/desktop/l/systemPackages.nix +++ b/desktop/l/systemPackages.nix @@ -36,7 +36,12 @@ wayland-utils wl-clipboard + xscreensaver + + clinfo + lact + # https://wiki.nixos.org/wiki/Flameshot #(flameshot.override { enableWlrSupport = true; }) ]; -} \ No newline at end of file +} From fbba16c7891a09aedd1b0dce83f06f88473d8048 Mon Sep 17 00:00:00 2001 From: "randomizedcoder dave.seddon.ca@gmail.com" Date: Sat, 14 Jun 2025 20:32:56 -0700 Subject: [PATCH 11/25] l2 --- desktop/l/configuration.nix | 9 +- desktop/l/distributed-builds.nix | 11 +- desktop/l/home.nix | 34 +- desktop/l2/Makefile | 72 ++ desktop/l2/configuration.nix | 302 +++++++ desktop/l2/distributed-builds.nix | 28 + desktop/l2/docker-daemon.nix | 27 + desktop/l2/firewall.nix | 32 + desktop/l2/flake.lock | 505 +++++++++++ desktop/l2/flake.nix | 67 ++ desktop/l2/grafana.nix | 23 + desktop/l2/hardware-configuration.nix | 42 + desktop/l2/home.nix | 842 ++++++++++++++++++ desktop/l2/hosts.nix | 17 + desktop/l2/hyprland.nix | 15 + desktop/l2/locale.nix | 18 + desktop/l2/nodeExporter.nix | 27 + desktop/l2/prometheus.nix | 70 ++ desktop/l2/sysctl.nix | 55 ++ desktop/l2/systemPackages.nix | 47 + desktop/l2/wireless_desktop.nix | 20 + desktop/old.l/Makefile | 72 ++ desktop/old.l/configuration.nix | 311 +++++++ desktop/old.l/debug | 300 +++++++ desktop/old.l/distributed-builds.nix | 19 + desktop/old.l/docker-daemon.nix | 27 + desktop/old.l/firewall.nix | 32 + desktop/old.l/flake.lock | 523 +++++++++++ desktop/old.l/flake.nix | 96 ++ desktop/old.l/grafana.nix | 23 + desktop/old.l/hardware-configuration.nix | 42 + desktop/old.l/home.nix | 612 +++++++++++++ desktop/old.l/hosts.nix | 17 + desktop/old.l/locale.nix | 18 + desktop/old.l/nodeExporter.nix | 27 + desktop/old.l/original.configuration.nix | 131 +++ .../old.l/original.hardware-configuration.nix | 42 + desktop/old.l/prometheus.nix | 70 ++ desktop/old.l/root.id_ed25519.pub | 1 + desktop/old.l/root_ssh_config | 21 + desktop/old.l/sysctl.nix | 55 ++ desktop/old.l/systemPackages.nix | 47 + desktop/old.l/wireless_desktop.nix | 20 + 43 files changed, 4747 insertions(+), 22 deletions(-) create mode 100644 desktop/l2/Makefile create mode 100644 desktop/l2/configuration.nix create mode 100644 desktop/l2/distributed-builds.nix create mode 100644 desktop/l2/docker-daemon.nix create mode 100644 desktop/l2/firewall.nix create mode 100644 desktop/l2/flake.lock create mode 100644 desktop/l2/flake.nix create mode 100644 desktop/l2/grafana.nix create mode 100644 desktop/l2/hardware-configuration.nix create mode 100644 desktop/l2/home.nix create mode 100644 desktop/l2/hosts.nix create mode 100644 desktop/l2/hyprland.nix create mode 100644 desktop/l2/locale.nix create mode 100644 desktop/l2/nodeExporter.nix create mode 100644 desktop/l2/prometheus.nix create mode 100644 desktop/l2/sysctl.nix create mode 100644 desktop/l2/systemPackages.nix create mode 100644 desktop/l2/wireless_desktop.nix create mode 100644 desktop/old.l/Makefile create mode 100644 desktop/old.l/configuration.nix create mode 100644 desktop/old.l/debug create mode 100644 desktop/old.l/distributed-builds.nix create mode 100644 desktop/old.l/docker-daemon.nix create mode 100644 desktop/old.l/firewall.nix create mode 100644 desktop/old.l/flake.lock create mode 100644 desktop/old.l/flake.nix create mode 100644 desktop/old.l/grafana.nix create mode 100644 desktop/old.l/hardware-configuration.nix create mode 100644 desktop/old.l/home.nix create mode 100644 desktop/old.l/hosts.nix create mode 100644 desktop/old.l/locale.nix create mode 100644 desktop/old.l/nodeExporter.nix create mode 100644 desktop/old.l/original.configuration.nix create mode 100644 desktop/old.l/original.hardware-configuration.nix create mode 100644 desktop/old.l/prometheus.nix create mode 100644 desktop/old.l/root.id_ed25519.pub create mode 100644 desktop/old.l/root_ssh_config create mode 100644 desktop/old.l/sysctl.nix create mode 100644 desktop/old.l/systemPackages.nix create mode 100644 desktop/old.l/wireless_desktop.nix diff --git a/desktop/l/configuration.nix b/desktop/l/configuration.nix index 6ccceb6..4bc55c8 100644 --- a/desktop/l/configuration.nix +++ b/desktop/l/configuration.nix @@ -146,8 +146,15 @@ # jack.enable = true; }; - services.lldpd.enable = true; services.openssh.enable = true; + programs.ssh.extraConfig = '' + Host hp4.home + PubkeyAcceptedKeyTypes ssh-ed25519 + ServerAliveInterval 60 + IPQoS throughput + ''; + + services.lldpd.enable = true; services.timesyncd.enable = true; services.fstrim.enable = true; services.avahi = { diff --git a/desktop/l/distributed-builds.nix b/desktop/l/distributed-builds.nix index 7989606..cd2717d 100644 --- a/desktop/l/distributed-builds.nix +++ b/desktop/l/distributed-builds.nix @@ -2,6 +2,7 @@ # latops/t/distributed-builds.nix # # https://nix.dev/tutorials/nixos/distributed-builds-setup.html#set-up-distributed-builds +# https://docs.nixbuild.net/getting-started/#quick-nixos-configuration { pkgs, ... }: { nix.distributedBuilds = true; @@ -13,7 +14,15 @@ sshUser = "remotebuild"; sshKey = "/root/.ssh/remotebuild"; system = pkgs.stdenv.hostPlatform.system; + maxJobs = 100; supportedFeatures = [ "nixos-test" "big-parallel" "kvm" ]; } ]; -} \ No newline at end of file +} + +# https://docs.nixbuild.net/getting-started/#your-first-build +# nix-build \ +# --max-jobs 0 \ +# --builders "ssh://hp4 x86_64-linux - 100 1 big-parallel,benchmark" \ +# -I nixpkgs=channel:nixos-20.03 \ +# --expr '((import {}).runCommand "test${toString builtins.currentTime}" {} "echo Hello nixbuild.net; touch $out")' \ No newline at end of file diff --git a/desktop/l/home.nix b/desktop/l/home.nix index fb7385f..30ad06f 100644 --- a/desktop/l/home.nix +++ b/desktop/l/home.nix @@ -303,12 +303,21 @@ # Ghostty configuration programs.ghostty = { enable = true; - settings = { - scrollback-sidebar = true; - scrollback-sidebar-width = 20; - scrollback-sidebar-position = "right"; - }; + # settings = { + # settings doesn't work }; + # https://ghostty.zerebos.com/app/import-export + # no scorllback limit + # https://github.com/ghostty-org/ghostty/issues/111 + xdg.configFile."ghostty/config.toml".text = '' + term = xterm-256color + scrollback-limit = 10000001 + image-storage-limit = 320000001 + clipboard-write = allow + window-subtitle = working-directory + background-opacity = 0.91 + background-blur = 20 + ''; home = { username = "das"; @@ -824,21 +833,6 @@ } ''; }; - # https://mynixos.com/home-manager/options/programs.ghostty - home.file.".config/ghostty/ghostty.toml" = { - target = ".config/ghostty/ghostty.toml"; - text = '' - [window] - # Whether to show the scrollback sidebar. - sidebar = true - - # The width of the scrollback sidebar. - sidebar_width = 10 - - # Whether to show the scrollback sidebar on the left or right. - sidebar_position = "right" - ''; - }; # https://github.com/colemickens/nixcfg/blob/1915d408ea28a5b7279f94df7a982dbf2cf692ef/mixins/ghostty.nix#L19 # set at flake.nix level diff --git a/desktop/l2/Makefile b/desktop/l2/Makefile new file mode 100644 index 0000000..3a40b24 --- /dev/null +++ b/desktop/l2/Makefile @@ -0,0 +1,72 @@ +# +# nixos/laptops/l/Makefile +# +EXPECTED_HOSTNAME := l2 + +ACTUAL_HOSTNAME := $(shell hostname) + +all: check_hostname rebuild + +check_hostname: +ifeq ($(ACTUAL_HOSTNAME),$(EXPECTED_HOSTNAME)) + @echo "Hostnames match: $(ACTUAL_HOSTNAME)" +else + @echo "Error: Hostname does not match. Expected: $(EXPECTED_HOSTNAME), Got: $(ACTUAL_HOSTNAME)" + @exit 1 +endif + +rebuild: + sudo nixos-rebuild switch --flake . + +rebuild_t: + sudo nixos-rebuild switch --flake .#t + +#https://nixos.org/manual/nixos/unstable/index.html#sec-nix-network-issues +#nixos-rebuild switch --option binary-caches http://my-cache.example.org/ + +impure: + sudo nixos-rebuild switch --impure --flake . + +rebuild_trace: + sudo nixos-rebuild switch --show-trace --flake . + +update: + sudo nix flake update; + +rebuild_old: + # sudo cp ./flake.nix /etc/nixos/ + # sudo cp ./flake.lock /etc/nixos/ + # sudo cp ../../modules/* /etc/nixos/ + # sudo cp ./configuration.nix /etc/nixos/ + # #sudo cp ./home-manager.nix /etc/nixos/ + # sudo cp ./home.nix /etc/nixos/ + # sudo cp ./prometheus.nix /etc/nixos/ + # sudo cp ./*.nix /etc/nixos/ + # sudo nix-channel --update + # sudo nixos-rebuild switch + #sudo cp ./* /etc/nixos/ + sudo nix flake update; + #sudo nix-channel --update; + sudo nixos-rebuild switch --flake . + +update_oldm.: + sudo nix-channel --update + sudo nixos-rebuild switch + #nix-shell -p vim + +restart_display_manager: + sudo systemctl restart display-manager.service + +#ls -l /run/opengl-driver/lib/gbm/ +#readlink /run/opengl-driver/lib/gbm/dri_gbm.so +#glxinfo | grep -i 'renderer' + +#journalctl -b | grep -Ei 'X.*fatal|gdm|wayland|mesa|amdgpu' --no-pager +#less /var/log/Xorg.0.log + +#nix-shell -p mesa-demos +#glxinfo | grep -i opengl + +# cat configuration.nix | grep -A 20 "hardware.graphics =" + +# end diff --git a/desktop/l2/configuration.nix b/desktop/l2/configuration.nix new file mode 100644 index 0000000..4bc55c8 --- /dev/null +++ b/desktop/l2/configuration.nix @@ -0,0 +1,302 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running 'nixos-help'). + +# sudo nixos-rebuild switch +# sudo nix-channel --update +# nix-shell -p vim +# nmcli device wifi connect MYSSID password PWORD +# systemctl restart display-manager.service + +{ + inputs, + config, + pkgs, + lib, + ... +}: + +{ + # https://nixos.wiki/wiki/NixOS_modules + # https://nixos-and-flakes.thiscute.world/nixos-with-flakes/start-using-home-manager + imports = + [ + ./hardware-configuration.nix + #./hardware-graphics.nix + ./sysctl.nix + ./wireless_desktop.nix + ./locale.nix + ./hosts.nix + ./firewall.nix + #./systemdSystem.nix + ./systemPackages.nix + # home manager is imported in the flake + #./home.nix + ./nodeExporter.nix + ./prometheus.nix + ./grafana.nix + # clickhouse + #./docker-compose.nix + ./docker-daemon.nix + #./smokeping.nix + ./distributed-builds.nix + ./hyprland.nix + ]; + + boot = { + loader.systemd-boot = { + enable = true; + consoleMode = "max"; + memtest86.enable = true; + }; + + loader.efi.canTouchEfiVariables = true; + + # https://nixos.wiki/wiki/Linux_kernel + #kernelPackages = pkgs.linuxPackages; # need to run this old kernel to allow nvidia driver to compile :( + #kernelPackages = pkgs.linuxPackages; + kernelPackages = pkgs.linuxPackages_latest; + #boot.kernelPackages = pkgs.linuxPackages_rpi4 + + # # https://github.com/tolgaerok/nixos-2405-gnome/blob/main/core/boot/efi/efi.nix#L56C5-L56C21 + # kernelParams = [ + # "nvidia-drm.modeset=1" + # "nvidia-drm.fbdev=1" + # # https://www.reddit.com/r/NixOS/comments/u5l3ya/cant_start_x_in_nixos/?rdt=56160 + # #"nomodeset" + # ]; + + initrd.kernelModules = [ + "amdgpu" + ]; + + blacklistedKernelModules = [ + "nouveau" + #"i915" + ]; + + # https://wiki.nixos.org/wiki/NixOS_on_ARM/Building_Images#Compiling_through_binfmt_QEMU + # https://nixos.org/manual/nixos/stable/options#opt-boot.binfmt.emulatedSystems + binfmt.emulatedSystems = [ "aarch64-linux" "riscv64-linux" ]; + + extraModulePackages = [ + config.boot.kernelPackages.v4l2loopback + ]; + + extraModprobeConfig = '' + options kvm_intel nested=1 + options v4l2loopback devices=1 video_nr=1 card_label="OBS Cam" exclusive_caps=1 + ''; + }; + + # https://fzakaria.com/2025/02/26/nix-pragmatism-nix-ld-and-envfs + # Enable nix-ld for better compatibility with non-Nix binaries + programs.nix-ld = { + enable = true; + # Add commonly needed libraries + libraries = with pkgs; [ + stdenv.cc.cc.lib + zlib + libxml2 + # Add more libraries as needed + ]; + }; + + # Enable envfs for better compatibility with FHS expectations + services.envfs = { + enable = true; + }; + + # For OBS + security.polkit.enable = true; + + nix = { + settings = { + auto-optimise-store = true; + experimental-features = [ "nix-command" "flakes" ]; + download-buffer-size = "500000000"; + }; + gc = { + automatic = true; # Enable automatic execution of the task + dates = "daily"; # Schedule the task to run daily + options = "--delete-older-than 10d"; # Specify options for the task: delete files older than 10 days + randomizedDelaySec = "14m"; # Introduce a randomized delay of up to 14 minutes before executing the task + }; + }; + + # https://nixos.wiki/wiki/Networking + networking.hostName = "l"; + + time.timeZone = "America/Los_Angeles"; + + services.udev.packages = [ pkgs.gnome-settings-daemon ]; + # services.udev.packages = [ pkgs.gnome.gnome-settings-daemon ]; + + # # https://nixos.wiki/wiki/NixOS_Wiki:Audio + # services.pulseaudio.enable = false; # Use Pipewire, the modern sound subsystem + + security.rtkit.enable = true; # Enable RealtimeKit for audio purposes + + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + # Uncomment the following line if you want to use JACK applications + # jack.enable = true; + }; + + services.openssh.enable = true; + programs.ssh.extraConfig = '' + Host hp4.home + PubkeyAcceptedKeyTypes ssh-ed25519 + ServerAliveInterval 60 + IPQoS throughput + ''; + + services.lldpd.enable = true; + services.timesyncd.enable = true; + services.fstrim.enable = true; + services.avahi = { + enable = true; + nssmdns4 = true; + ipv4 = true; + ipv6 = true; + openFirewall = true; + }; + + services.bpftune.enable = true; + # Enable touchpad support (enabled default in most desktopManager). + # services.libinput.enable = true; + + # https://nixos.wiki/wiki/Printing + services.printing.enable = true; + + # https://wiki.nixos.org/wiki/Flameshot + # services.flameshot = { + # enable = true; + # settings.General = { + # showStartupLaunchMessage = false; + # saveLastRegion = true; + # }; + # }; + + systemd.services.modem-manager.enable = false; + systemd.services."dbus-org.freedesktop.ModemManager1".enable = false; + + services.clickhouse.enable = false; + + # environment.variables defined in hardware-graphics.nix + environment.sessionVariables = { + TERM = "xterm-256color"; + #MY_VARIABLE = "my-value"; + }; + + users.users.das = { + isNormalUser = true; + description = "das"; + extraGroups = [ "wheel" "networkmanager" "kvm" "libvirtd" "docker" "video" ]; + packages = with pkgs; [ + ]; + # https://nixos.wiki/wiki/SSH_public_key_authentication + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGMCFUMSCFJX95eLfm7P9r72NBp9I1FiXwNwJ+x/HGPV das@t" + ]; + }; + + # package moved to systemPackages.nix + # environment.systemPackages = with pkgs; [ + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.mtr.enable = true; + + programs.gnupg.agent = { + enable = true; + enableSSHSupport = true; + }; + + hardware.graphics = { + enable = true; # auto includes mesa + package = pkgs.mesa; + extraPackages = with pkgs; [ + libglvnd + libva-vdpau-driver + libvdpau-va-gl + rocmPackages.clr.icd + ]; + }; + services.xserver = { + enable = true; + videoDrivers = [ "amdgpu" ]; + xkb = { + layout = "us"; + variant = ""; + }; + }; + + services.desktopManager.gnome.enable = true; + services.displayManager.gdm.enable = true; + + # https://nixos.wiki/wiki/AMD_GPU + systemd.tmpfiles.rules = [ + "L+ /opt/rocm/hip - - - - ${pkgs.rocmPackages.clr}" + ]; + systemd.services.lactd.wantedBy = [ "multi-user.target" ]; + + xdg.portal = { + enable = true; + extraPortals = with pkgs; [ xdg-desktop-portal-gtk ]; + config.common.default = "gtk"; + }; + + # # https://wiki.hyprland.org/Nix/Hyprland-on-NixOS/ + # programs.hyprland = { + # enable = true; + # xwayland.enable = true; + # }; + + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + # # https://nixos.wiki/wiki/Podman + # virtualisation.podman = { + # enable = true; + # dockerCompat = true; + # defaultNetwork.settings.dns_enabled = true; + # autoPrune.enable = true; + # }; + # #virtualisation.oci-containers.backend = "podman"; + # # virtualisation.oci-containers.containers = { + # # container-name = { + # # image = "container-image"; + # # autoStart = true; + # # ports = [ "127.0.0.1:1234:1234" ]; + # # }; + # # }; + + # https://nixos.wiki/wiki/Virt-manager + virtualisation.libvirtd.enable = true; + programs.virt-manager.enable = true; + virtualisation.spiceUSBRedirection.enable = true; + + virtualisation.containers = { + ociSeccompBpfHook.enable = true; + }; + + # guest + # services.qemuGuest.enable = true; + # services.spice-vdagentd.enable = true; + + # https://wiki.nixos.org/wiki/Laptop + + system.stateVersion = "24.11"; + + nixpkgs.config = { + allowUnfree = true; + }; + +} diff --git a/desktop/l2/distributed-builds.nix b/desktop/l2/distributed-builds.nix new file mode 100644 index 0000000..cd2717d --- /dev/null +++ b/desktop/l2/distributed-builds.nix @@ -0,0 +1,28 @@ +# +# latops/t/distributed-builds.nix +# +# https://nix.dev/tutorials/nixos/distributed-builds-setup.html#set-up-distributed-builds +# https://docs.nixbuild.net/getting-started/#quick-nixos-configuration +{ pkgs, ... }: +{ + nix.distributedBuilds = true; + nix.settings.builders-use-substitutes = true; + + nix.buildMachines = [ + { + hostName = "hp4.home"; + sshUser = "remotebuild"; + sshKey = "/root/.ssh/remotebuild"; + system = pkgs.stdenv.hostPlatform.system; + maxJobs = 100; + supportedFeatures = [ "nixos-test" "big-parallel" "kvm" ]; + } + ]; +} + +# https://docs.nixbuild.net/getting-started/#your-first-build +# nix-build \ +# --max-jobs 0 \ +# --builders "ssh://hp4 x86_64-linux - 100 1 big-parallel,benchmark" \ +# -I nixpkgs=channel:nixos-20.03 \ +# --expr '((import {}).runCommand "test${toString builtins.currentTime}" {} "echo Hello nixbuild.net; touch $out")' \ No newline at end of file diff --git a/desktop/l2/docker-daemon.nix b/desktop/l2/docker-daemon.nix new file mode 100644 index 0000000..fe72a86 --- /dev/null +++ b/desktop/l2/docker-daemon.nix @@ -0,0 +1,27 @@ + +{ config, pkgs, ... }: + +{ + # https://nixos.wiki/wiki/Docker + # https://search.nixos.org/options?from=0&size=50&sort=alpha_asc&query=virtualisation.docker + # https://search.nixos.org/options?channel=24.05&show=virtualisation.docker.extraOptions&from=0&size=50&sort=alpha_asc&type=packages&query=virtualisation.docker + # https://github.com/NixOS/nixpkgs/issues/68349 + virtualisation.docker.enable = true; + virtualisation.docker.daemon.settings = { + data-root = "/home/das/docker/"; + userland-proxy = false; + experimental = true; + ipv6 = true; + fixed-cidr-v6 = "fd00::/80"; + metrics-addr = "0.0.0.0:9323"; + # log-driver = "json-file"; + # log-opts.max-size = "10m"; + # log-opts.max-file = "10"; + }; + #this doesn't work + #virtualisation.docker.daemon.settings.log-opts.max-size = "10m"; + # https://docs.docker.com/reference/cli/dockerd/ + #virtualisation.docker.extraOptions = "--userland-proxy=false"; + #virtualisation.docker.extraOptions = "--log-opt=max-size=10m"; + #virtualisation.docker.extraOptions = "--ipv6"; +} \ No newline at end of file diff --git a/desktop/l2/firewall.nix b/desktop/l2/firewall.nix new file mode 100644 index 0000000..449b44f --- /dev/null +++ b/desktop/l2/firewall.nix @@ -0,0 +1,32 @@ +{ config, pkgs, ... }: + +{ + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + # https://nixos.wiki/wiki/Firewall + # https://scvalex.net/posts/54/ + # sudo nft --stateless list table filter + # sudo sudo iptables-save + networking.firewall = { + enable = false; + allowedTCPPorts = [ + 22 # ssh + 5001 # iperf2 + ]; + # allowedTCPPorts = [ 22 5001 ]; + # #allowedUDPPortRanges = [ + # # { from = 4000; to = 4007; } + # # { from = 8000; to = 8010; } + # #]; + # NixOS automagically creates stateful connection tracking, which we don't want + # for performance reasons + # extraCommands = '' + # iptables --delete nixos-fw -m conntrack --ctstate RELATED,ESTABLISHED -j nixos-fw-accept || true + # ''; + }; + # networking.firewall.interfaces."eth0".allowedTCPPorts = [ 80 443 ]; +} \ No newline at end of file diff --git a/desktop/l2/flake.lock b/desktop/l2/flake.lock new file mode 100644 index 0000000..dc661a5 --- /dev/null +++ b/desktop/l2/flake.lock @@ -0,0 +1,505 @@ +{ + "nodes": { + "aquamarine": { + "inputs": { + "hyprutils": [ + "hyprland", + "hyprutils" + ], + "hyprwayland-scanner": [ + "hyprland", + "hyprwayland-scanner" + ], + "nixpkgs": [ + "hyprland", + "nixpkgs" + ], + "systems": [ + "hyprland", + "systems" + ] + }, + "locked": { + "lastModified": 1747864449, + "narHash": "sha256-PIjVAWghZhr3L0EFM2UObhX84UQxIACbON0IC0zzSKA=", + "owner": "hyprwm", + "repo": "aquamarine", + "rev": "389372c5f4dc1ac0e7645ed29a35fd6d71672ef5", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "aquamarine", + "type": "github" + } + }, + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "gitignore": { + "inputs": { + "nixpkgs": [ + "hyprland", + "pre-commit-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, + "home-manager": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1749160002, + "narHash": "sha256-IM3xKjsKxhu7Y1WdgTltrLKiOJS8nW7D4SUDEMNr7CI=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "68cc9eeb3875ae9682c04629f20738e1e79d72aa", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "hyprcursor": { + "inputs": { + "hyprlang": [ + "hyprland", + "hyprlang" + ], + "nixpkgs": [ + "hyprland", + "nixpkgs" + ], + "systems": [ + "hyprland", + "systems" + ] + }, + "locked": { + "lastModified": 1745948457, + "narHash": "sha256-lzTV10FJTCGNtMdgW5YAhCAqezeAzKOd/97HbQK8GTU=", + "owner": "hyprwm", + "repo": "hyprcursor", + "rev": "ac903e80b33ba6a88df83d02232483d99f327573", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "hyprcursor", + "type": "github" + } + }, + "hyprgraphics": { + "inputs": { + "hyprutils": [ + "hyprland", + "hyprutils" + ], + "nixpkgs": [ + "hyprland", + "nixpkgs" + ], + "systems": [ + "hyprland", + "systems" + ] + }, + "locked": { + "lastModified": 1745015490, + "narHash": "sha256-apEJ9zoSzmslhJ2vOKFcXTMZLUFYzh1ghfB6Rbw3Low=", + "owner": "hyprwm", + "repo": "hyprgraphics", + "rev": "60754910946b4e2dc1377b967b7156cb989c5873", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "hyprgraphics", + "type": "github" + } + }, + "hyprland": { + "inputs": { + "aquamarine": "aquamarine", + "hyprcursor": "hyprcursor", + "hyprgraphics": "hyprgraphics", + "hyprland-protocols": "hyprland-protocols", + "hyprland-qtutils": "hyprland-qtutils", + "hyprlang": "hyprlang", + "hyprutils": "hyprutils", + "hyprwayland-scanner": "hyprwayland-scanner", + "nixpkgs": "nixpkgs", + "pre-commit-hooks": "pre-commit-hooks", + "systems": "systems", + "xdph": "xdph" + }, + "locked": { + "lastModified": 1749155341, + "narHash": "sha256-KE7qwOLzIsPFnXKh4Z72NwAzP8ZdRxxQKthLGJ30YHM=", + "owner": "hyprwm", + "repo": "Hyprland", + "rev": "fb7548cb41d82f12db2d51b50af29abe4704a1a4", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "Hyprland", + "type": "github" + } + }, + "hyprland-plugins": { + "inputs": { + "hyprland": [ + "hyprland" + ], + "nixpkgs": [ + "hyprland-plugins", + "hyprland", + "nixpkgs" + ], + "systems": [ + "hyprland-plugins", + "hyprland", + "systems" + ] + }, + "locked": { + "lastModified": 1748526041, + "narHash": "sha256-QyUACXhQJ2+K0YxwEuAfpyCXqbdCCHj1jNAWJy+vUxw=", + "owner": "hyprwm", + "repo": "hyprland-plugins", + "rev": "2eee96fe52fa0923c0aae647eb7901b5b51df3db", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "hyprland-plugins", + "type": "github" + } + }, + "hyprland-protocols": { + "inputs": { + "nixpkgs": [ + "hyprland", + "nixpkgs" + ], + "systems": [ + "hyprland", + "systems" + ] + }, + "locked": { + "lastModified": 1743714874, + "narHash": "sha256-yt8F7NhMFCFHUHy/lNjH/pjZyIDFNk52Q4tivQ31WFo=", + "owner": "hyprwm", + "repo": "hyprland-protocols", + "rev": "3a5c2bda1c1a4e55cc1330c782547695a93f05b2", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "hyprland-protocols", + "type": "github" + } + }, + "hyprland-qt-support": { + "inputs": { + "hyprlang": [ + "hyprland", + "hyprland-qtutils", + "hyprlang" + ], + "nixpkgs": [ + "hyprland", + "hyprland-qtutils", + "nixpkgs" + ], + "systems": [ + "hyprland", + "hyprland-qtutils", + "systems" + ] + }, + "locked": { + "lastModified": 1737634706, + "narHash": "sha256-nGCibkfsXz7ARx5R+SnisRtMq21IQIhazp6viBU8I/A=", + "owner": "hyprwm", + "repo": "hyprland-qt-support", + "rev": "8810df502cdee755993cb803eba7b23f189db795", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "hyprland-qt-support", + "type": "github" + } + }, + "hyprland-qtutils": { + "inputs": { + "hyprland-qt-support": "hyprland-qt-support", + "hyprlang": [ + "hyprland", + "hyprlang" + ], + "hyprutils": [ + "hyprland", + "hyprland-qtutils", + "hyprlang", + "hyprutils" + ], + "nixpkgs": [ + "hyprland", + "nixpkgs" + ], + "systems": [ + "hyprland", + "systems" + ] + }, + "locked": { + "lastModified": 1745951494, + "narHash": "sha256-2dModE32doiyQMmd6EDAQeZnz+5LOs6KXyE0qX76WIg=", + "owner": "hyprwm", + "repo": "hyprland-qtutils", + "rev": "4be1d324faf8d6e82c2be9f8510d299984dfdd2e", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "hyprland-qtutils", + "type": "github" + } + }, + "hyprlang": { + "inputs": { + "hyprutils": [ + "hyprland", + "hyprutils" + ], + "nixpkgs": [ + "hyprland", + "nixpkgs" + ], + "systems": [ + "hyprland", + "systems" + ] + }, + "locked": { + "lastModified": 1747484975, + "narHash": "sha256-+LAQ81HBwG0lwshHlWe0kfWg4KcChIPpnwtnwqmnoEU=", + "owner": "hyprwm", + "repo": "hyprlang", + "rev": "163c83b3db48a17c113729c220a60b94596c9291", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "hyprlang", + "type": "github" + } + }, + "hyprutils": { + "inputs": { + "nixpkgs": [ + "hyprland", + "nixpkgs" + ], + "systems": [ + "hyprland", + "systems" + ] + }, + "locked": { + "lastModified": 1746635225, + "narHash": "sha256-W9G9bb0zRYDBRseHbVez0J8qVpD5QbizX67H/vsudhM=", + "owner": "hyprwm", + "repo": "hyprutils", + "rev": "674ea57373f08b7609ce93baff131117a0dfe70d", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "hyprutils", + "type": "github" + } + }, + "hyprwayland-scanner": { + "inputs": { + "nixpkgs": [ + "hyprland", + "nixpkgs" + ], + "systems": [ + "hyprland", + "systems" + ] + }, + "locked": { + "lastModified": 1747584298, + "narHash": "sha256-PH9qZqWLHvSBQiUnA0NzAyQA3tu2no2z8kz0ZeHWj4w=", + "owner": "hyprwm", + "repo": "hyprwayland-scanner", + "rev": "e511882b9c2e1d7a75d45d8fddd2160daeafcbc3", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "hyprwayland-scanner", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1748460289, + "narHash": "sha256-7doLyJBzCllvqX4gszYtmZUToxKvMUrg45EUWaUYmBg=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "96ec055edbe5ee227f28cdbc3f1ddf1df5965102", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1748929857, + "narHash": "sha256-lcZQ8RhsmhsK8u7LIFsJhsLh/pzR9yZ8yqpTzyGdj+Q=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "c2a03962b8e24e669fb37b7df10e7c79531ff1a4", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "pre-commit-hooks": { + "inputs": { + "flake-compat": "flake-compat", + "gitignore": "gitignore", + "nixpkgs": [ + "hyprland", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1747372754, + "narHash": "sha256-2Y53NGIX2vxfie1rOW0Qb86vjRZ7ngizoo+bnXU9D9k=", + "owner": "cachix", + "repo": "git-hooks.nix", + "rev": "80479b6ec16fefd9c1db3ea13aeb038c60530f46", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "git-hooks.nix", + "type": "github" + } + }, + "root": { + "inputs": { + "home-manager": "home-manager", + "hyprland": "hyprland", + "hyprland-plugins": "hyprland-plugins", + "nixpkgs": "nixpkgs_2" + } + }, + "systems": { + "locked": { + "lastModified": 1689347949, + "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", + "owner": "nix-systems", + "repo": "default-linux", + "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default-linux", + "type": "github" + } + }, + "xdph": { + "inputs": { + "hyprland-protocols": [ + "hyprland", + "hyprland-protocols" + ], + "hyprlang": [ + "hyprland", + "hyprlang" + ], + "hyprutils": [ + "hyprland", + "hyprutils" + ], + "hyprwayland-scanner": [ + "hyprland", + "hyprwayland-scanner" + ], + "nixpkgs": [ + "hyprland", + "nixpkgs" + ], + "systems": [ + "hyprland", + "systems" + ] + }, + "locked": { + "lastModified": 1745871725, + "narHash": "sha256-M24SNc2flblWGXFkGQfqSlEOzAGZnMc9QG3GH4K/KbE=", + "owner": "hyprwm", + "repo": "xdg-desktop-portal-hyprland", + "rev": "76bbf1a6b1378e4ab5230bad00ad04bc287c969e", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "xdg-desktop-portal-hyprland", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/desktop/l2/flake.nix b/desktop/l2/flake.nix new file mode 100644 index 0000000..021c620 --- /dev/null +++ b/desktop/l2/flake.nix @@ -0,0 +1,67 @@ +{ + description = "l2 Flake"; + + # https://nix.dev/manual/nix/2.24/command-ref/new-cli/nix3-flake.html#flake-inputs + inputs = { + nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; + + # https://nixos-and-flakes.thiscute.world/nixos-with-flakes/start-using-home-manager + home-manager = { + url = "github:nix-community/home-manager"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + hyprland.url = "github:hyprwm/Hyprland"; + hyprland-plugins = { + url = "github:hyprwm/hyprland-plugins"; + inputs.hyprland.follows = "hyprland"; + }; + }; + + #outputs = inputs@{ nixpkgs, home-manager, hyprland, ... }: + outputs = { self, nixpkgs, home-manager, hyprland, ... }: + let + system = "x86_64-linux"; + pkgs = import nixpkgs { + inherit system; + config = { + allowUnfree = true; + allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ + # "nvidia-x11" + # "nvidia-settings" + # "nvidia-persistenced" + "google-chrome" + "android-studio" + "android-studio-stable" + ]; + }; + }; + lib = nixpkgs.lib; + in { + nixosConfigurations = { + l2 = lib.nixosSystem rec { + inherit system; + specialArgs = { + inherit hyprland; + unstable = pkgs; + }; + modules = [ + ./configuration.nix + hyprland.nixosModules.default + home-manager.nixosModules.home-manager + { + # https://nix-community.github.io/home-manager/nixos-options.xhtml#nixos-opt-home-manager.useGlobalPkgs + #home-manager.useGlobalPkgs = true; # This disables the Home Manager options nixpkgs.*. + home-manager.useUserPackages = true; + home-manager.users.das = { config, pkgs, ... }: { + imports = [ + ./home.nix + ]; + }; + home-manager.extraSpecialArgs = specialArgs; + # see also: https://github.com/HeinzDev/Hyprland-dotfiles/blob/main/flake.nix + } + ]; + }; + }; + }; +} diff --git a/desktop/l2/grafana.nix b/desktop/l2/grafana.nix new file mode 100644 index 0000000..471b71d --- /dev/null +++ b/desktop/l2/grafana.nix @@ -0,0 +1,23 @@ +{ config, pkgs, ... }: +{ + # https://nixos.wiki/wiki/Grafana + # https://search.nixos.org/options?query=services.grafana + # https://xeiaso.net/blog/prometheus-grafana-loki-nixos-2020-11-20/ + # https://grafana.com/grafana/dashboards/1860-node-exporter-full/ + services.grafana = { + enable = true; + settings = { + server = { + # Listening Address + http_addr = "0.0.0.0"; + # and Port + http_port = 3000; + # Grafana needs to know on which domain and URL it's running + #domain = "your.domain"; + #root_url = "https://your.domain/grafana/"; # Not needed if it is `https://your.domain/` + serve_from_sub_path = true; + enable_gzip = true; + }; + }; + }; +} \ No newline at end of file diff --git a/desktop/l2/hardware-configuration.nix b/desktop/l2/hardware-configuration.nix new file mode 100644 index 0000000..a771efe --- /dev/null +++ b/desktop/l2/hardware-configuration.nix @@ -0,0 +1,42 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/f72013eb-dba3-48d6-80cd-65a1684ba502"; + fsType = "ext4"; + }; + + boot.initrd.luks.devices."luks-6fd137fa-aa82-4200-9ca1-cd049de90418".device = "/dev/disk/by-uuid/6fd137fa-aa82-4200-9ca1-cd049de90418"; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/4C7A-4843"; + fsType = "vfat"; + options = [ "fmask=0077" "dmask=0077" ]; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/979a4a5a-8724-4c06-8173-13e72cb49a9d"; } + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/desktop/l2/home.nix b/desktop/l2/home.nix new file mode 100644 index 0000000..30ad06f --- /dev/null +++ b/desktop/l2/home.nix @@ -0,0 +1,842 @@ +{ + hyprland, + config, + pkgs, + ... +}: + +{ + imports = [ + hyprland.homeManagerModules.default + ]; + + # Hyprland window manager configuration + wayland.windowManager.hyprland = { + enable = true; + xwayland.enable = true; + extraConfig = '' + # Monitor configuration + monitor=,preferred,auto,1 + + # Execute-once startup commands + exec-once = waybar + exec-once = swaybg -i ~/.config/hypr/wallpaper.jpg + exec-once = hypridle + exec-once = wl-paste --type text --watch cliphist store + exec-once = wl-paste --type image --watch cliphist store + + # Input configuration + input { + kb_layout = us + kb_variant = + kb_model = + kb_options = + kb_rules = + + follow_mouse = 1 + touchpad { + natural_scroll = true + scroll_factor = 0.3 + } + sensitivity = 0 # -1.0 - 1.0, 0 means no modification. + } + + # General settings + general { + gaps_in = 5 + gaps_out = 10 + border_size = 2 + col.active_border = rgba(33ccffee) rgba(00ff99ee) 45deg + col.inactive_border = rgba(595959aa) + layout = dwindle + no_cursor_warps = true + } + + # Decoration settings + decoration { + rounding = 10 + blur { + enabled = true + size = 3 + passes = 1 + } + drop_shadow = true + shadow_range = 4 + shadow_render_power = 3 + col.shadow = rgba(1a1a1aee) + } + + # Animation settings + animations { + enabled = true + bezier = myBezier, 0.05, 0.9, 0.1, 1.05 + animation = windows, 1, 7, myBezier + animation = windowsOut, 1, 7, default, popin 80% + animation = border, 1, 10, default + animation = borderangle, 1, 8, default + animation = fade, 1, 7, default + animation = workspaces, 1, 6, default + } + + # Layout settings + dwindle { + pseudotile = true + preserve_split = true + } + + # Gesture settings + gestures { + workspace_swipe = true + workspace_swipe_fingers = 3 + } + + # Keybindings + bind = SUPER, Q, killactive, + bind = SUPER, RETURN, exec, ${pkgs.alacritty}/bin/alacritty + bind = SUPER, D, exec, wofi --show drun + bind = SUPER, F, fullscreen + bind = SUPER, H, movefocus, l + bind = SUPER, L, movefocus, r + bind = SUPER, K, movefocus, u + bind = SUPER, J, movefocus, d + bind = SUPER, left, movewindow, l + bind = SUPER, right, movewindow, r + bind = SUPER, up, movewindow, u + bind = SUPER, down, movewindow, d + bind = SUPER SHIFT, H, movewindow, l + bind = SUPER SHIFT, L, movewindow, r + bind = SUPER SHIFT, K, movewindow, u + bind = SUPER SHIFT, J, movewindow, d + bind = SUPER, 1, workspace, 1 + bind = SUPER, 2, workspace, 2 + bind = SUPER, 3, workspace, 3 + bind = SUPER, 4, workspace, 4 + bind = SUPER, 5, workspace, 5 + bind = SUPER, 6, workspace, 6 + bind = SUPER, 7, workspace, 7 + bind = SUPER, 8, workspace, 8 + bind = SUPER, 9, workspace, 9 + bind = SUPER, 0, workspace, 10 + bind = SUPER SHIFT, 1, movetoworkspace, 1 + bind = SUPER SHIFT, 2, movetoworkspace, 2 + bind = SUPER SHIFT, 3, movetoworkspace, 3 + bind = SUPER SHIFT, 4, movetoworkspace, 4 + bind = SUPER SHIFT, 5, movetoworkspace, 5 + bind = SUPER SHIFT, 6, movetoworkspace, 6 + bind = SUPER SHIFT, 7, movetoworkspace, 7 + bind = SUPER SHIFT, 8, movetoworkspace, 8 + bind = SUPER SHIFT, 9, movetoworkspace, 9 + bind = SUPER SHIFT, 0, movetoworkspace, 10 + bind = SUPER, mouse_down, workspace, e+1 + bind = SUPER, mouse_up, workspace, e-1 + bind = SUPER, period, togglespecialworkspace, magic + bind = SUPER SHIFT, period, movetoworkspace, special:magic + bind = SUPER, S, togglesplit, + bind = SUPER, P, pseudo, + bind = SUPER, V, togglefloating, + bind = SUPER, R, exec, wofi --show run + bind = SUPER, Print, exec, grimblast --notify copysave area + bind = SUPER SHIFT, Print, exec, grimblast --notify copysave screen + bind = SUPER, X, exec, wl-clipboard-manager + bind = SUPER, C, exec, cliphist list | wofi --dmenu | cliphist decode | wl-copy + ''; + }; + + # Waybar configuration + programs.waybar = { + enable = true; + settings = { + mainBar = { + layer = "top"; + position = "top"; + height = 30; + spacing = 4; + modules-left = [ + "hyprland/workspaces" + "hyprland/submap" + ]; + modules-center = [ + "hyprland/window" + ]; + modules-right = [ + "pulseaudio" + "network" + "cpu" + "memory" + "battery" + "clock" + ]; + "hyprland/workspaces" = { + format = "{name}"; + on-click = "activate"; + sort-by-number = true; + }; + "hyprland/window" = { + format = "{}"; + separate-outputs = true; + }; + "pulseaudio" = { + format = "{icon} {volume}%"; + format-muted = "🔇"; + format-icons = { + headphone = "🎧"; + handsfree = "📱"; + headset = "🎧"; + phone = "☎️"; + portable = "📱"; + car = "🚗"; + default = ["🔈" "🔉" "🔊"]; + }; + on-click = "pavucontrol"; + }; + "network" = { + format-wifi = "📶 {essid}"; + format-ethernet = "🌐 {ipaddr}/{cidr}"; + format-linked = "🌐 {ifname} (No IP)"; + format-disconnected = "⚠️ Disconnected"; + format-alt = "{ifname}: {ipaddr}/{cidr}"; + }; + "cpu" = { + format = "🖥️ {usage}%"; + tooltip-format = "{usage}% used"; + }; + "memory" = { + format = "🧠 {percentage}%"; + tooltip-format = "{used:0.1f}GB/{total:0.1f}GB used"; + }; + "battery" = { + states = { + warning = 30; + critical = 15; + }; + format = "{icon} {capacity}%"; + format-charging = "⚡ {capacity}%"; + format-plugged = "🔌 {capacity}%"; + format-icons = ["🔋" "🔋" "🔋" "🔋" "🔋"]; + }; + "clock" = { + format = "🕒 {:%H:%M}"; + format-alt = "🕒 {:%Y-%m-%d %H:%M}"; + tooltip-format = "{:%Y %B}\n{calendar}"; + }; + }; + }; + style = '' + * { + border: none; + border-radius: 0; + font-family: "JetBrainsMono Nerd Font"; + font-size: 13px; + font-weight: bold; + min-height: 0; + } + + window#waybar { + background: rgba(21, 18, 27, 0.8); + color: #cdd6f4; + } + + #workspaces button { + padding: 0 5px; + background: transparent; + color: #cdd6f4; + } + + #workspaces button:hover { + background: rgba(0, 0, 0, 0.2); + } + + #workspaces button.active { + background: #7aa2f7; + color: #1e1e2e; + } + + #workspaces button.urgent { + background: #f38ba8; + color: #1e1e2e; + } + + #battery, + #cpu, + #memory, + #network, + #pulseaudio, + #clock { + padding: 0 10px; + margin: 0 5px; + } + + #battery { + color: #a6e3a1; + } + + #battery.warning { + color: #f9e2af; + } + + #battery.critical { + color: #f38ba8; + } + + #network { + color: #89b4fa; + } + + #pulseaudio { + color: #cba6f7; + } + + #cpu { + color: #f5c2e7; + } + + #memory { + color: #fab387; + } + + #clock { + color: #89dceb; + } + ''; + }; + + # Ghostty configuration + programs.ghostty = { + enable = true; + # settings = { + # settings doesn't work + }; + # https://ghostty.zerebos.com/app/import-export + # no scorllback limit + # https://github.com/ghostty-org/ghostty/issues/111 + xdg.configFile."ghostty/config.toml".text = '' + term = xterm-256color + scrollback-limit = 10000001 + image-storage-limit = 320000001 + clipboard-write = allow + window-subtitle = working-directory + background-opacity = 0.91 + background-blur = 20 + ''; + + home = { + username = "das"; + homeDirectory = "/home/das"; + }; + + # https://nix-community.github.io/home-manager/index.xhtml#ch-installation + #home-manager.users.das = { pkgs, ... }: { + + # https://nix-community.github.io/home-manager/options.xhtml#opt-home.sessionVariables + home.sessionVariables = { + #NIXPKGS_ALLOW_UNFREE = "1"; + ELECTRON_OZONE_PLATFORM_HINT = "auto"; + + QT_QPA_PLATFORM = "wayland"; + # GI_TYPELIB_PATH = "/run/current-system/sw/lib/girepository-1.0"; + # disable wayland + # NIXOS_OZONE_WL = "1"; + GOPRIVATE = "gitlab.com/sidenio/*"; + TERM = "xterm-256color"; + + #HTTP_PROXY = "http://hp4.home:3128"; + #HTTPS_PROXY = "http://hp4.home:3128"; + #NO_PROXY = "localhost,127.0.0.1,::1,172.16.0.0/16"; + # You can also use ALL_PROXY or FTP_PROXY if needed + # ALL_PROXY = "http://hp4:3128"; + }; + + home.packages = with pkgs; [ + # System/Info Tools + killall + hw-probe + lshw + hwloc + gparted + ncdu + neofetch + file + + # Hyprland related + waybar + swaybg + swaylock + wl-clipboard + wf-recorder + grimblast + hyprpaper + hyprpicker + hypridle + hyprlock + + # Terminal Multiplexers + tmux + screen + + # LLVM/Clang toolchain (needed for race detection and C/C++ builds) + llvmPackages_20.clang-tools + llvmPackages_20.lld + + # Essential development libraries (minimal headers) + glibc.dev + stdenv.cc.cc.lib + zlib.dev + openssl.dev + ncurses.dev + libyaml.dev + + # Build Tools + libgcc + # https://nixos.wiki/wiki/C + # https://search.nixos.org/packages?channel=24.05&show=gcc&from=0&size=50&sort=relevance&type=packages&query=gcc + #gcc + automake + gnumake + #cmake + pkg-config + + # Scripting/Utils + perl + #3.12.8 on 12th of Feb 2025 + python3Full + gawk + jq + git + htop + btop + minicom + + bc + + # Compression + bzip2 + gzip + lz4 + zip + unzip + #xz + #zstd + + gnutar + + # File Transfer/Management + rsync + tree + + # Terminals + alacritty + kitty + #https://ghostty.org/ + ghostty + + # Networking + ethtool + iproute2 + vlan + tcpdump + wireshark + iperf2 + netperf + flent + bpftools + fping + inetutils # Includes telnet + netcat-gnu + + # Filesystem/Monitoring + inotify-tools + + # Printing + hplip + #hplipWithPlugin + + # SDR + gnuradio + hackrf + gqrx + cubicsdr + + # Media + vlc + # ffmpeg moved to system package + #ffmpeg_7-full + #ffmpeg-full + + # Go Development + # https://nixos.wiki/wiki/Go + # https://nixos.org/manual/nixpkgs/stable/#sec-language-go + # https://nixos.wiki/wiki/FAQ#How_can_I_install_a_package_from_unstable_while_remaining_on_the_stable_channel.3F + libcap + #gcc_multi + #glibc_multi + # thunderbird + #go_1_23 + go + gopls + golint + golangci-lint + golangci-lint-langserver + # trunk is unfree, and i can't work out how to enable unfree + #trunk-io + # https://github.com/go-delve/delve + delve + # https://github.com/aarzilli/gdlv + gdlv + buf + protobuf_27 + grpcurl + # https://github.com/go-gorm/gen + # https://github.com/infobloxopen/protoc-gen-gorm/blob/main/example/postgres_arrays/buf.gen.yaml + gorm-gentool + # removed 24.11 + #buf-language-server + # https://tinygo.org/ + #tinygo + + # removing bazel and moving to the "nix develop" shell + # # https://github.com/bazelbuild/bazel/tags + # # https://github.com/NixOS/nixpkgs/blob/nixos-unstable/pkgs/development/tools/build-managers/bazel/bazel_7/default.nix#L524 + #bazel_7 + bazel-buildtools + bazelisk + + code-cursor + + # # https://github.com/bazel-contrib/bazel-gazelle/tags + # # https://github.com/NixOS/nixpkgs/blob/nixos-unstable/pkgs/by-name/ba/bazel-gazelle/package.nix#L26 + # bazel-gazelle + # bazel-buildtools + # bazelisk + # # https://github.com/buchgr/bazel-remote - maybe something to look at? + # # https://github.com/buildfarm/buildfarm?tab=readme-ov-file#helm-chart + + # Debugging/Profiling + graphviz # for pprof + strace + + # Diffing + meld + + # Editors + helix + + # Rust Development + # https://nixos.wiki/wiki/Rust + cargo + rustc + rustfmt + rust-analyzer + clippy + #clang_multi + + # Mobile Development + flutter + android-studio + android-tools + android-udev-rules + + nordic + gnome-themes-extra + #gnome-shell-extensions + + # Gnome Related / Extensions + # gnomeExtensions.emoji-copy + # gnomeExtensions.workspace-switcher-manager + gnome-extension-manager + gnome-usage + dconf-editor + gnome-settings-daemon + gnome-disk-utility + gnome-software + gnome-tweaks + simple-scan + gnomeExtensions.appindicator + gnomeExtensions.settingscenter + gnomeExtensions.system-monitor + gnomeExtensions.dash-to-dock + gnomeExtensions.just-perfection + gnomeExtensions.logo-menu + gnomeExtensions.wifi-qrcode + gnomeExtensions.wireless-hid + gnomeExtensions.user-themes + gnomeExtensions.tray-icons-reloaded + gnomeExtensions.vitals + gnomeExtensions.dash-to-panel + gnomeExtensions.sound-output-device-chooser + gnomeExtensions.space-bar + # https://github.com/AstraExt/astra-monitor + gnomeExtensions.astra-monitor + libgtop + + # Office/Documents + libreoffice-qt + hunspell + hunspellDicts.en_AU + #hunspellDicts.en_US + evince + + # Browsers + # https://nixos.wiki/wiki/Firefox + firefox + # https://nixos.wiki/wiki/Chromium + chromium + #google-chrome + # https://discourse.nixos.org/t/google-chrome-not-working-after-recent-nixos-rebuild/43746 + (google-chrome.override { + commandLineArgs = [ + "--enable-features=UseOzonePlatform" + "--ozone-platform=wayland" + ]; + }) + + # Communication + # https://nixos.wiki/wiki/Slack + slack + zoom-us + + # Screenshots/Screen Recording + # https://wiki.nixos.org/wiki/Flameshot + flameshot + #(flameshot.override { enableWlrSupport = true; }) + grim # screenshot functionality + slurp # screenshot functionality + simplescreenrecorder + # https://wiki.nixos.org/wiki/Gpu-screen-recorder + gpu-screen-recorder # CLI + gpu-screen-recorder-gtk # GUI + + # Graphics + gimp-with-plugins + + # Text Editors + gedit + + # Containers + # https://nixos.wiki/wiki/Podman + dive + podman + runc + skopeo + podman-tui + podman-compose + docker-buildx + + # Kubernetes + #clickhouse + #clickhouse-cli + # https://github.com/int128/kubelogin + kubelogin-oidc + kubectl + kubernetes-helm + istioctl + krew + kubeshark + kubectl-ktop + kubectl-klock + kube-capacity + kubectl-images + kubectl-gadget + kdash + # k9s --kubeconfig=dev-d.kubeconfig + k9s + + # Misc + # https://github.com/jrincayc/ucblogo-code + ucblogo + # https://github.com/wagoodman/dive + # dive # Duplicate removed + # https://github.com/sharkdp/hyperfine + hyperfine + + # App Launchers + rofi-wayland + wofi + + # Raspberry Pi + #rpi-imager + + #silly + cmatrix + sl + + #gpu monitoring + lact + ]; + + # vscode + # https://nixos.wiki/wiki/Visual_Studio_Code + # https://github.com/thexyno/nixos-config/blob/main/hm-modules/vscode/default.nix + # nix run github:nix-community/nix-vscode-extensions# -- --list-extensions + # https://mynixos.com/home-manager/options/programs.vscode + programs.vscode = { + enable = true; + package = pkgs.vscode; + profiles.default.extensions = with pkgs.vscode-extensions; [ + dart-code.dart-code + dart-code.flutter + golang.go + hashicorp.terraform + ms-azuretools.vscode-docker + ms-vscode-remote.remote-containers + ms-vscode-remote.remote-ssh + ms-vscode.makefile-tools + ms-vscode.cmake-tools + ms-vscode.cpptools + ms-vscode.hexeditor + ms-vscode.makefile-tools + ms-python.python + ms-python.vscode-pylance + ms-kubernetes-tools.vscode-kubernetes-tools + redhat.vscode-yaml + rust-lang.rust-analyzer + tamasfe.even-better-toml + timonwong.shellcheck + zxh404.vscode-proto3 + yzhang.markdown-all-in-one + jnoortheen.nix-ide + rust-lang.rust-analyzer + bazelbuild.vscode-bazel + ]; + }; + + #fonts.fonts = with pkgs; [ + # nerdfonts + # meslo-lgs-nf + #]; + + programs.bash = { + enable = true; + enableCompletion = true; + shellAliases = { + k = "kubectl"; + }; + }; + + programs.vim = { + enable = true; + plugins = with pkgs.vimPlugins; [ vim-airline ]; + settings = { ignorecase = true; }; + extraConfig = '' + set mouse=a + ''; + }; + #ldflags = [ + # "-X main.Version=${version}" + # "-X main.Commit=${version}" + #]; + + programs.git = { + enable = true; + userEmail = "dave.seddon.ca@gmail.com"; + userName = "randomizedcoder"; + #signing.key = "GPG-KEY-ID"; + #signing.signByDefault = true; + }; + + # https://nixos.wiki/wiki/OBS_Studio + # TODO add kernel module for virtual camera + programs.obs-studio = { + enable = true; + plugins = with pkgs.obs-studio-plugins; [ + wlrobs + obs-backgroundremoval + obs-pipewire-audio-capture + ]; + }; + + # another example with dark colors: + # https://github.com/HeinzDev/Hyprland-dotfiles/blob/main/home/home.nix#L70 + # + # https://heywoodlh.io/nixos-gnome-settings-and-keyboard-shortcuts + # https://rycee.gitlab.io/home-manager/options.xhtml#opt-dconf.settings + dconf.settings = { + "org/gnome/desktop/wm/preferences" = { + #button-layout = "close,minimize,maximize,above:appmenu"; + button-layout = ":minimize,maximize,above,close"; + num-workspaces = 2; + }; + # "org/gnome/desktop/interface" = { + # color-scheme = "prefer-dark"; + # }; + "org/gnome/desktop/interface" = { + clock-show-seconds = true; + clock-show-weekday = true; + color-scheme = "prefer-dark"; + enable-hot-corners = false; + font-antialiasing = "grayscale"; + font-hinting = "slight"; + gtk-theme = "Nordic"; + icon-theme = "Papirus-Dark"; + cursor-theme = "Adwaita"; + toolkit-accessibility = false; + }; + "org/gnome/shell" = { + disable-user-extensions = false; + favorite-apps = [ + "firefox.desktop" + "google-chrome.desktop" + "code.desktop" + "chromium.desktop" + "alacritty.desktop" + #"kitty.desktop" + "slack.desktop" + "ghostty.desktop" + ]; + # "org/gnome/shell/extensions/user-theme" = { + # name = "Nordic"; + # }; + enabled-extensions = with pkgs.gnomeExtensions; [ + blur-my-shell.extensionUuid + gsconnect.extensionUuid + ]; + }; + }; + + home.file."containers.conf" = { + target = ".config/containers/containers.conf"; + # https://docs.podman.io/en/v4.6.0/markdown/options/security-opt.html + # https://github.com/containers/common/blob/main/docs/containers.conf.5.md + text = '' + [containers] + annotations=["run.oci.keep_original_groups=1",] + label=false + #seccomp=unconfined + ''; + }; + home.file."registries.conf" = { + target = ".config/containers/registries.conf"; + text = '' + [registries.search] + registries = ['docker.io'] + ''; + # text = '' + # [registries.search] + # registries = ['docker.io', 'registry.gitlab.com'] + # ''; + }; + home.file."policy.json" = { + target = ".config/containers/policy.json"; + text = '' + { + "default": [ + { + "type": "insecureAcceptAnything" + } + ], + "transports": + { + "docker-daemon": + { + "": [{"type":"insecureAcceptAnything"}] + } + } + } + ''; + }; + # https://github.com/colemickens/nixcfg/blob/1915d408ea28a5b7279f94df7a982dbf2cf692ef/mixins/ghostty.nix#L19 + + # set at flake.nix level + nixpkgs.config.allowUnfree = true; + + home.stateVersion = "24.11"; +} diff --git a/desktop/l2/hosts.nix b/desktop/l2/hosts.nix new file mode 100644 index 0000000..3af6575 --- /dev/null +++ b/desktop/l2/hosts.nix @@ -0,0 +1,17 @@ +{ config, pkgs, ... }: + +{ + networking.hosts = { + "172.16.40.198" = ["hp0" "hp0eth"]; # adi's room + "172.16.40.141" = ["hp0wifi"]; + "172.16.40.142" = ["hp1" "hp1eth"]; + "172.16.40.212" = ["hp2" "hp2eth"]; + "172.16.40.146" = ["hp3" "hp3eth"]; # savi's room + "172.16.40.130" = ["hp3wifi"]; + "172.16.50.232" = ["hp4" "hp4eth"]; # rack + "172.16.40.70" = ["hp5" "hp5eth"]; + "172.16.40.122" = ["pi5-1" "pi5-1-eth"]; + "172.16.40.62" = ["chromebox3" "chromebox3-eth"]; + "127.0.0.1" = ["redpanda-0"]; + }; +} \ No newline at end of file diff --git a/desktop/l2/hyprland.nix b/desktop/l2/hyprland.nix new file mode 100644 index 0000000..c4970d4 --- /dev/null +++ b/desktop/l2/hyprland.nix @@ -0,0 +1,15 @@ +{ config, pkgs, ... }: +{ + # Enable Hyprland system-wide + programs.hyprland = { + enable = true; + xwayland.enable = true; + }; + + # Enable XDG portal for Wayland + xdg.portal = { + enable = true; + extraPortals = with pkgs; [ xdg-desktop-portal-gtk ]; + config.common.default = "gtk"; + }; +} \ No newline at end of file diff --git a/desktop/l2/locale.nix b/desktop/l2/locale.nix new file mode 100644 index 0000000..6a67b6f --- /dev/null +++ b/desktop/l2/locale.nix @@ -0,0 +1,18 @@ +{ config, pkgs, ... }: + +{ + # Select internationalisation properties. + i18n.defaultLocale = "en_US.UTF-8"; + + i18n.extraLocaleSettings = { + LC_ADDRESS = "en_US.UTF-8"; + LC_IDENTIFICATION = "en_US.UTF-8"; + LC_MEASUREMENT = "en_US.UTF-8"; + LC_MONETARY = "en_US.UTF-8"; + LC_NAME = "en_US.UTF-8"; + LC_NUMERIC = "en_US.UTF-8"; + LC_PAPER = "en_US.UTF-8"; + LC_TELEPHONE = "en_US.UTF-8"; + LC_TIME = "en_US.UTF-8"; + }; +} \ No newline at end of file diff --git a/desktop/l2/nodeExporter.nix b/desktop/l2/nodeExporter.nix new file mode 100644 index 0000000..f26d49b --- /dev/null +++ b/desktop/l2/nodeExporter.nix @@ -0,0 +1,27 @@ +{ + config, + pkgs, + ... +}: +{ + # https://nixos.org/manual/nixos/stable/#module-services-prometheus-exporters + # https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/services/monitoring/prometheus/default.nix + services.prometheus.exporters.node = { + enable = true; + port = 19000; + # https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/services/monitoring/prometheus/exporters.nix + enabledCollectors = [ "systemd" ]; + # /nix/store/zgsw0yx18v10xa58psanfabmg95nl2bb-node_exporter-1.8.1/bin/node_exporter --help + extraFlags = [ + "--collector.ethtool" + "--collector.softirqs" + "--collector.tcpstat" + "--collector.wifi" + "--collector.filesystem.ignored-mount-points='/nix/store'"]; + }; + + # https://search.nixos.org/options?channel=24.05&from=200&size=50&sort=relevance&type=packages&query=services.prometheus.exporters + services.prometheus.exporters.systemd.enable = true; + services.prometheus.exporters.smartctl.enable = true; + services.prometheus.exporters.process.enable = true; +} \ No newline at end of file diff --git a/desktop/l2/prometheus.nix b/desktop/l2/prometheus.nix new file mode 100644 index 0000000..24eabca --- /dev/null +++ b/desktop/l2/prometheus.nix @@ -0,0 +1,70 @@ +{ config, pkgs, ... }: +{ + # https://wiki.nixos.org/wiki/Prometheus + # https://nixos.org/manual/nixos/stable/#module-services-prometheus-exporters-configuration + # https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/services/monitoring/prometheus/default.nix + # default port 9090 + services.prometheus = { + enable = true; + globalConfig.scrape_interval = "10s"; # "1m" + scrapeConfigs = [ + { + job_name = "node"; + static_configs = [{ + targets = [ "localhost:${toString config.services.prometheus.exporters.node.port}" ]; + }]; + } + { + job_name = "xtcp"; + static_configs = [{ + targets = [ "localhost:9088" ]; + }]; + } + { + job_name = "hp1_xtcp"; + static_configs = [{ + targets = [ "hp1:9088" ]; + }]; + } + { + job_name = "clickhouse"; + static_configs = [{ + #targets = [ "localhost:9363" ]; + targets = [ "localhost:19363" ]; + }]; + } + { + job_name = "hp1"; + static_configs = [{ + targets = [ "hp1:${toString config.services.prometheus.exporters.node.port}" ]; + }]; + } + { + job_name = "hp1_clickhouse"; + static_configs = [{ + #targets = [ "localhost:9363" ]; + targets = [ "hp1:19363" ]; + }]; + } + { + job_name = "hp2"; + static_configs = [{ + targets = [ "hp2:${toString config.services.prometheus.exporters.node.port}" ]; + }]; + } + { + job_name = "hp2_clickhouse"; + static_configs = [{ + #targets = [ "localhost:9363" ]; + targets = [ "hp2:19363" ]; + }]; + } + #{ + # job_name = "chromebox1"; + # static_configs = [{ + # targets = [ "172.16.40.179:9105" ]; + # }]; + #} + ]; + }; +} \ No newline at end of file diff --git a/desktop/l2/sysctl.nix b/desktop/l2/sysctl.nix new file mode 100644 index 0000000..de472c7 --- /dev/null +++ b/desktop/l2/sysctl.nix @@ -0,0 +1,55 @@ +{ config, pkgs, ... }: + +{ + # https://www.kernel.org/doc/html/latest/networking/ip-sysctl.html + # https://www.l4sgear.com/ + boot.kernel.sysctl = { + # detect dead connections more quickly + "net.ipv4.tcp_keepalive_intvl" = 30; + #net.ipv4.tcp_keepalive_intvl = 75 + "net.ipv4.tcp_keepalive_probes" = 4; + #net.ipv4.tcp_keepalive_probes = 9 + "net.ipv4.tcp_keepalive_time" = 120; + #net.ipv4.tcp_keepalive_time = 7200 + # 30 * 4 = 120 seconds. / 60 = 2 minutes + # default: 75 seconds * 9 = 675 seconds. /60 = 11.25 minutes + "net.ipv4.tcp_rmem" = "4096 1000000 16000000"; + "net.ipv4.tcp_wmem" = "4096 1000000 16000000"; + #net.ipv4.tcp_rmem = 4096 131072 6291456 + #net.ipv4.tcp_wmem = 4096 16384 4194304 + # https://github.com/torvalds/linux/blob/master/Documentation/networking/ip-sysctl.rst?plain=1#L1042 + # https://lwn.net/Articles/560082/ + "net.ipv4.tcp_notsent_lowat" = "131072"; + #net.ipv4.tcp_notsent_lowat = 4294967295 + # enable Enable reuse of TIME-WAIT sockets globally + "net.ipv4.tcp_tw_reuse" = 1; + #net.ipv4.tcp_tw_reuse=2 + "net.ipv4.tcp_timestamps" = 1; + "net.ipv4.tcp_ecn" = 1; + "net.core.default_qdisc" = "cake"; + "net.ipv4.tcp_congestion_control" = "cubic"; + #net.ipv4.tcp_congestion_control=bbr + "net.core.rmem_default" = 26214400; + "net.core.rmem_max" = 26214400; + "net.core.wmem_default" = 26214400; + "net.core.wmem_max" = 26214400; + #net.core.optmem_max = 20480 + #net.core.rmem_default = 212992 + #net.core.rmem_max = 212992 + #net.core.wmem_default = 212992 + #net.core.wmem_max = 212992 + "net.ipv4.ip_local_port_range" = "1025 65535"; + #net.ipv4.ip_local_port_range ="32768 60999" + # + #net.ipv4.inet_peer_maxttl = 600 + #net.ipv4.inet_peer_minttl = 120 + #net.ipv4.ip_default_ttl = 64 + # we DO want to save the slow start in the route cache + "net.ipv4.tcp_no_ssthresh_metrics_save" = 0; + #net.ipv4.tcp_no_ssthresh_metrics_save = 1 + "net.ipv4.tcp_reflect_tos" = 1; + #net.ipv4.tcp_reflect_tos = 0 + "net.ipv4.tcp_rto_min_us" = 50000; #50ms + #net.ipv4.tcp_rto_min_us = 200000 #200ms + }; +} \ No newline at end of file diff --git a/desktop/l2/systemPackages.nix b/desktop/l2/systemPackages.nix new file mode 100644 index 0000000..c9fa23e --- /dev/null +++ b/desktop/l2/systemPackages.nix @@ -0,0 +1,47 @@ +{ + config, + pkgs, + ... +}: +{ + # set at flake.nix level + nixpkgs.config.allowUnfree = true; + + # $ nix search wget + environment.systemPackages = with pkgs; [ + # Basic system tools + psmisc + vim + curl + wget + tcpdump + iproute2 + nftables + iptables + pciutils + usbutils + iw + wirelesstools + wpa_supplicant + lldpd + #snmp seems to be needed by lldpd + net-snmp + neofetch + libxml2 # Added for bazel/clang development + + # Wayland support + xwayland + meson + wayland-protocols + wayland-utils + wl-clipboard + + xscreensaver + + clinfo + lact + + # https://wiki.nixos.org/wiki/Flameshot + #(flameshot.override { enableWlrSupport = true; }) + ]; +} diff --git a/desktop/l2/wireless_desktop.nix b/desktop/l2/wireless_desktop.nix new file mode 100644 index 0000000..c8f4a68 --- /dev/null +++ b/desktop/l2/wireless_desktop.nix @@ -0,0 +1,20 @@ +{ config, pkgs, ... }: + +{ + # networking.proxy.default = "http://user:password@proxy:port/"; + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + + networking = { + networkmanager = { + enable = true; + #wifi.powersave = true; + wifi.powersave = false; + }; + }; + + #networking.hosts = { + # "172.16.50.216" = ["hp0"]; + # "172.16.40.35" = ["hp1"]; + # "172.16.40.71" = ["hp2"]; + #}; +} \ No newline at end of file diff --git a/desktop/old.l/Makefile b/desktop/old.l/Makefile new file mode 100644 index 0000000..1e544ae --- /dev/null +++ b/desktop/old.l/Makefile @@ -0,0 +1,72 @@ +# +# nixos/laptops/l/Makefile +# +EXPECTED_HOSTNAME := l + +ACTUAL_HOSTNAME := $(shell hostname) + +all: check_hostname rebuild + +check_hostname: +ifeq ($(ACTUAL_HOSTNAME),$(EXPECTED_HOSTNAME)) + @echo "Hostnames match: $(ACTUAL_HOSTNAME)" +else + @echo "Error: Hostname does not match. Expected: $(EXPECTED_HOSTNAME), Got: $(ACTUAL_HOSTNAME)" + @exit 1 +endif + +rebuild: + sudo nixos-rebuild switch --flake . + +rebuild_t: + sudo nixos-rebuild switch --flake .#t + +#https://nixos.org/manual/nixos/unstable/index.html#sec-nix-network-issues +#nixos-rebuild switch --option binary-caches http://my-cache.example.org/ + +impure: + sudo nixos-rebuild switch --impure --flake . + +rebuild_trace: + sudo nixos-rebuild switch --show-trace --flake . + +update: + sudo nix flake update; + +rebuild_old: + # sudo cp ./flake.nix /etc/nixos/ + # sudo cp ./flake.lock /etc/nixos/ + # sudo cp ../../modules/* /etc/nixos/ + # sudo cp ./configuration.nix /etc/nixos/ + # #sudo cp ./home-manager.nix /etc/nixos/ + # sudo cp ./home.nix /etc/nixos/ + # sudo cp ./prometheus.nix /etc/nixos/ + # sudo cp ./*.nix /etc/nixos/ + # sudo nix-channel --update + # sudo nixos-rebuild switch + #sudo cp ./* /etc/nixos/ + sudo nix flake update; + #sudo nix-channel --update; + sudo nixos-rebuild switch --flake . + +update_oldm.: + sudo nix-channel --update + sudo nixos-rebuild switch + #nix-shell -p vim + +restart_display_manager: + sudo systemctl restart display-manager.service + +#ls -l /run/opengl-driver/lib/gbm/ +#readlink /run/opengl-driver/lib/gbm/dri_gbm.so +#glxinfo | grep -i 'renderer' + +#journalctl -b | grep -Ei 'X.*fatal|gdm|wayland|mesa|amdgpu' --no-pager +#less /var/log/Xorg.0.log + +#nix-shell -p mesa-demos +#glxinfo | grep -i opengl + +# cat configuration.nix | grep -A 20 "hardware.graphics =" + +# end diff --git a/desktop/old.l/configuration.nix b/desktop/old.l/configuration.nix new file mode 100644 index 0000000..90684b7 --- /dev/null +++ b/desktop/old.l/configuration.nix @@ -0,0 +1,311 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running 'nixos-help'). + +# sudo nixos-rebuild switch +# sudo nix-channel --update +# nix-shell -p vim +# nmcli device wifi connect MYSSID password PWORD +# systemctl restart display-manager.service + +{ + inputs, + config, + pkgs, + unstable, + lib, + ... +}: + +# https://nixos.wiki/wiki/FAQ#How_can_I_install_a_package_from_unstable_while_remaining_on_the_stable_channel.3F +# https://discourse.nixos.org/t/differences-between-nix-channels/13998 + +{ + # https://nixos.wiki/wiki/NixOS_modules + # https://nixos-and-flakes.thiscute.world/nixos-with-flakes/start-using-home-manager + imports = + [ + ./hardware-configuration.nix + #./hardware-graphics.nix + ./sysctl.nix + ./wireless_desktop.nix + ./locale.nix + ./hosts.nix + ./firewall.nix + #./systemdSystem.nix + ./systemPackages.nix + # home manager is imported in the flake + #./home.nix + ./nodeExporter.nix + ./prometheus.nix + ./grafana.nix + # clickhouse + #./docker-compose.nix + ./docker-daemon.nix + #./smokeping.nix + ./distributed-builds.nix + ]; + + boot = { + loader.systemd-boot = { + enable = true; + consoleMode = "max"; + memtest86.enable = true; + }; + + loader.efi.canTouchEfiVariables = true; + + # https://nixos.wiki/wiki/Linux_kernel + #kernelPackages = pkgs.linuxPackages; # need to run this old kernel to allow nvidia driver to compile :( + kernelPackages = pkgs.unstable.linuxPackages; + #boot.kernelPackages = pkgs.linuxPackages_latest; + #boot.kernelPackages = pkgs.linuxPackages_rpi4 + + # # https://github.com/tolgaerok/nixos-2405-gnome/blob/main/core/boot/efi/efi.nix#L56C5-L56C21 + # kernelParams = [ + # "nvidia-drm.modeset=1" + # "nvidia-drm.fbdev=1" + # # https://www.reddit.com/r/NixOS/comments/u5l3ya/cant_start_x_in_nixos/?rdt=56160 + # #"nomodeset" + # ]; + + initrd.kernelModules = [ + "amdgpu" + ]; + + blacklistedKernelModules = [ + "nouveau" + #"i915" + ]; + + # https://wiki.nixos.org/wiki/NixOS_on_ARM/Building_Images#Compiling_through_binfmt_QEMU + # https://nixos.org/manual/nixos/stable/options#opt-boot.binfmt.emulatedSystems + binfmt.emulatedSystems = [ "aarch64-linux" "riscv64-linux" ]; + + extraModulePackages = [ + config.boot.kernelPackages.v4l2loopback + #pkgs.unstable.linuxPackages.nvidiaPackages.production + ]; + + extraModprobeConfig = '' + options kvm_intel nested=1 + options v4l2loopback devices=1 video_nr=1 card_label="OBS Cam" exclusive_caps=1 + ''; + }; + + # https://fzakaria.com/2025/02/26/nix-pragmatism-nix-ld-and-envfs + # Enable nix-ld for better compatibility with non-Nix binaries + programs.nix-ld = { + enable = false; + # Add commonly needed libraries + libraries = with pkgs; [ + stdenv.cc.cc.lib + zlib + libxml2 + # Add more libraries as needed + ]; + }; + + # Enable envfs for better compatibility with FHS expectations + services.envfs = { + enable = false; + }; + + # For OBS + security.polkit.enable = true; + + nix = { + settings = { + auto-optimise-store = true; + experimental-features = [ "nix-command" "flakes" ]; + download-buffer-size = "500000000"; + }; + gc = { + automatic = true; # Enable automatic execution of the task + dates = "daily"; # Schedule the task to run daily + options = "--delete-older-than 10d"; # Specify options for the task: delete files older than 10 days + randomizedDelaySec = "14m"; # Introduce a randomized delay of up to 14 minutes before executing the task + }; + }; + + # https://nixos.wiki/wiki/Networking + networking.hostName = "l"; + + time.timeZone = "America/Los_Angeles"; + + services.udev.packages = [ pkgs.gnome-settings-daemon ]; + # services.udev.packages = [ pkgs.gnome.gnome-settings-daemon ]; + + # https://nixos.wiki/wiki/NixOS_Wiki:Audio + hardware.pulseaudio.enable = false; # Use Pipewire, the modern sound subsystem + + security.rtkit.enable = true; # Enable RealtimeKit for audio purposes + + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + # Uncomment the following line if you want to use JACK applications + # jack.enable = true; + }; + + services.lldpd.enable = true; + services.openssh.enable = true; + services.timesyncd.enable = true; + services.fstrim.enable = true; + services.avahi = { + enable = true; + nssmdns4 = true; + ipv4 = true; + ipv6 = true; + openFirewall = true; + }; + + services.bpftune.enable = true; + # Enable touchpad support (enabled default in most desktopManager). + # services.libinput.enable = true; + + # https://nixos.wiki/wiki/Printing + services.printing.enable = true; + + # https://wiki.nixos.org/wiki/Flameshot + # services.flameshot = { + # enable = true; + # settings.General = { + # showStartupLaunchMessage = false; + # saveLastRegion = true; + # }; + # }; + + systemd.services.modem-manager.enable = false; + systemd.services."dbus-org.freedesktop.ModemManager1".enable = false; + + services.clickhouse.enable = false; + + # environment.variables defined in hardware-graphics.nix + environment.sessionVariables = { + TERM = "xterm-256color"; + #MY_VARIABLE = "my-value"; + }; + + users.users.das = { + isNormalUser = true; + description = "das"; + extraGroups = [ "wheel" "networkmanager" "kvm" "libvirtd" "docker" "video" ]; + packages = with pkgs; [ + ]; + # https://nixos.wiki/wiki/SSH_public_key_authentication + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGMCFUMSCFJX95eLfm7P9r72NBp9I1FiXwNwJ+x/HGPV das@t" + ]; + }; + + # package moved to systemPackages.nix + # environment.systemPackages = with pkgs; [ + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.mtr.enable = true; + + programs.gnupg.agent = { + enable = true; + enableSSHSupport = true; + }; + + hardware.graphics = { + enable = true; # auto includes mesa + package = unstable.mesa; + extraPackages = with pkgs; [ + unstable.libglvnd + unstable.libva-vdpau-driver + unstable.libvdpau-va-gl + unstable.rocmPackages.clr.icd + ]; + }; + services.xserver = { + enable = true; + displayManager.gdm.enable = true; + #displayManager.gdm.wayland = true; + desktopManager.gnome.enable = true; + videoDrivers = [ "amdgpu" ]; + }; + + # https://nixos.wiki/wiki/AMD_GPU + systemd.tmpfiles.rules = [ + "L+ /opt/rocm/hip - - - - ${pkgs.rocmPackages.clr}" + ]; + systemd.services.lactd.wantedBy = [ "multi-user.target" ]; + + # Configure keymap in X11 + services.xserver.xkb = { + layout = "us"; + variant = ""; + }; + + # # https://wiki.hyprland.org/Nix/Hyprland-on-NixOS/ + programs.hyprland = { + enable = true; + # Nvidia patches are no longer needed + #nvidiaPatches = true; + xwayland.enable = true; + }; + + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + # # https://nixos.wiki/wiki/Podman + # virtualisation.podman = { + # enable = true; + # dockerCompat = true; + # defaultNetwork.settings.dns_enabled = true; + # autoPrune.enable = true; + # }; + # #virtualisation.oci-containers.backend = "podman"; + # # virtualisation.oci-containers.containers = { + # # container-name = { + # # image = "container-image"; + # # autoStart = true; + # # ports = [ "127.0.0.1:1234:1234" ]; + # # }; + # # }; + + # https://nixos.wiki/wiki/Virt-manager + virtualisation.libvirtd.enable = true; + programs.virt-manager.enable = true; + virtualisation.spiceUSBRedirection.enable = true; + + virtualisation.containers = { + ociSeccompBpfHook.enable = true; + }; + + # guest + # services.qemuGuest.enable = true; + # services.spice-vdagentd.enable = true; + + # https://wiki.nixos.org/wiki/Laptop + + system.stateVersion = "24.11"; + + nixpkgs.config = { + allowUnfree = true; + # allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ + # "nvidia-x11" + # "nvidia-settings" + # "nvidia-persistenced" + # ]; + }; + + # hardware.opengl = { + # enable = true; + # driSupport = true; + # driSupport32Bit = true; + # extraPackages = with pkgs; [ + # vaapiVdpau + # libvdpau-va-gl + # ]; + # }; +} diff --git a/desktop/old.l/debug b/desktop/old.l/debug new file mode 100644 index 0000000..b06ba55 --- /dev/null +++ b/desktop/old.l/debug @@ -0,0 +1,300 @@ +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: X.Org ANSI C Emulation: 0.4 +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: X.Org Video Driver: 25.2 +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: X.Org XInput driver : 24.4 +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: X.Org Server Extension : 10.0 +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (++) using VT number 7 +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (II) systemd-logind: took control of session /org/freedesktop/login1/session/c23 +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (II) xfree86: Adding drm device (/dev/dri/card1) +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (II) Platform probe for /sys/devices/pci0000:60/0000:60:03.1/0000:61:00.0/0000:62:00.0/0000:63:00.0/drm/card1 +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (II) systemd-logind: got fd for /dev/dri/card1 226:1 fd 14 paused 0 +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (--) PCI:*(99@0:0:0) 1002:7312:1002:031e rev 0, Mem @ 0x13e00000000/8589934592, 0x14000000000/268435456, 0xcde00000/524288, I/O @ 0x0000f000/256, BIOS @ 0x????????/131072 +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (WW) Open ACPI failed (/var/run/acpid.socket) (No such file or directory) +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (II) "glx" will be loaded by default. +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (II) LoadModule: "glx" +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (II) Loading /nix/store/j93m21y17jbs7sa380gdyv5236q27rss-xorg-server-21.1.16/lib/xorg/modules/extensions/libglx.so +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (II) Module glx: vendor="X.Org Foundation" +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: compiled for 1.21.1.16, module version = 1.0.0 +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: ABI class: X.Org Server Extension, version 10.0 +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (II) LoadModule: "amdgpu" +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (II) Loading /nix/store/1syfpzn0s39fh62xcq5jaahar619gbds-xf86-video-amdgpu-23.0.0/lib/xorg/modules/drivers/amdgpu_drv.so +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (II) Module amdgpu: vendor="X.Org Foundation" +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: compiled for 1.21.1.16, module version = 23.0.0 +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: Module class: X.Org Video Driver +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: ABI class: X.Org Video Driver, version 25.2 +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (II) AMDGPU: Driver for AMD Radeon: +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: All GPUs supported by the amdgpu kernel driver +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (WW) VGA arbiter: cannot open kernel arbiter, no multi-card support +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (II) AMDGPU(0): Creating default Display subsection in Screen section +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: "Screen-amdgpu[0]" for depth/fbbpp 24/32 +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (==) AMDGPU(0): Depth 24, (--) framebuffer bpp 32 +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (II) AMDGPU(0): Pixel depth = 24 bits stored in 4 bytes (32 bpp pixmaps) +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (==) AMDGPU(0): Default visual is TrueColor +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (==) AMDGPU(0): RGB weight 888 +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (II) AMDGPU(0): Using 8 bits per RGB (8 bit DAC) +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (--) AMDGPU(0): Chipset: "AMD Radeon Pro W5700" (ChipID = 0x7312) +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (II) Loading sub module "fb" +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (II) LoadModule: "fb" +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (II) Module "fb" already built-in +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (II) Loading sub module "dri2" +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (II) LoadModule: "dri2" +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (II) Module "dri2" already built-in +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (II) Loading sub module "glamoregl" +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (II) LoadModule: "glamoregl" +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (II) Loading /nix/store/j93m21y17jbs7sa380gdyv5236q27rss-xorg-server-21.1.16/lib/xorg/modules/libglamoregl.so +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (II) Module glamoregl: vendor="X.Org Foundation" +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: compiled for 1.21.1.16, module version = 1.0.1 +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: ABI class: X.Org ANSI C Emulation, version 0.4 +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (EE) +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (EE) Backtrace: +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (EE) 0: /nix/store/j93m21y17jbs7sa380gdyv5236q27rss-xorg-server-21.1.16/bin/X (OsSigHandler+0x33) [0x5c35e3] +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (EE) unw_get_proc_name failed: no unwind info found [-10] +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (EE) 1: /nix/store/p9kdj55g5l39nbrxpjyz5wc1m0s7rzsx-glibc-2.40-66/lib/libc.so.6 (?+0x0) [0x7f321be49620] +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (EE) +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (EE) Segmentation fault at address 0x0 +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (EE) +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: Fatal server error: +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (EE) Caught signal 11 (Segmentation fault). Server aborting +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (EE) +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (EE) +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: Please consult the The X.Org Foundation support +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: at http://wiki.x.org +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: for help. +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (EE) Please also check the log file at "/dev/null" for additional information. +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (EE) +Jun 02 13:22:23 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54130]: (EE) Server terminated with error (1). Closing log file. + Module libdrm_amdgpu.so.1 without build-id. + Module amdgpu_drv.so without build-id. + #5 0x00000000005ccd95 FatalError (Xorg + 0x1ccd95) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54128]: Unable to run X server +Jun 02 13:22:24 l gdm[53976]: Gdm: GdmDisplay: Session never registered, failing +Jun 02 13:22:24 l gdm[53976]: Gdm: Child process -54128 was already dead. +Jun 02 13:22:24 l gdm[53976]: Gdm: GdmDisplay: Session never registered, failing +Jun 02 13:22:24 l gdm[53976]: Gdm: Child process -54128 was already dead. +Jun 02 13:22:24 l systemd-logind[1623]: New session c24 of user gdm. +Jun 02 13:22:24 l systemd[1]: Started Session c24 of User gdm. +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: X.Org X Server 1.21.1.16 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: X Protocol Version 11, Revision 0 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: Current Operating System: Linux l 6.12.25 #1-NixOS SMP PREEMPT_DYNAMIC Fri Apr 25 08:48:08 UTC 2025 x86_64 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: Kernel command line: initrd=\EFI\nixos\ddwdrb723gkjnw86zlcpzdzns53599kb-initrd-linux-6.12.25-initrd.efi init=/nix/store/zgv335j605i6kzm2r7hfca41029fdi12-nixos-system-l-24.11.20250502.bf3287d/init loglevel=4 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: Current version of pixman: 0.43.4 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: Before reporting problems, check http://wiki.x.org +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: to make sure that you have the latest version. +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: Markers: (--) probed, (**) from config file, (==) default setting, +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (++) from command line, (!!) notice, (II) informational, +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (WW) warning, (EE) error, (NI) not implemented, (??) unknown. +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (++) Log file: "/dev/null", Time: Mon Jun 2 13:22:24 2025 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (++) Using config file: "/nix/store/fym223impgdfyvxh0cpk9vnrk0lywbxm-xserver.conf" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (==) Using config directory: "/etc/X11/xorg.conf.d" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (==) Using system config directory "/nix/store/j93m21y17jbs7sa380gdyv5236q27rss-xorg-server-21.1.16/share/X11/xorg.conf.d" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (==) ServerLayout "Layout[all]" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (**) |-->Screen "Screen-amdgpu[0]" (0) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (**) | |-->Monitor "" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (**) | |-->Device "Device-amdgpu[0]" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (==) No monitor specified for screen "Screen-amdgpu[0]". +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: Using a default monitor configuration. +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (**) Option "DontZap" "on" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (**) Option "AllowMouseOpenFail" "on" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (**) Allowing byte-swapped clients +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (==) Automatically adding devices +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (==) Automatically enabling devices +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (==) Automatically adding GPU devices +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (==) Automatically binding GPU devices +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (==) Max clients allowed: 256, resource mask: 0x1fffff +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (**) FontPath set to: +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: /nix/store/xh83kpkqq7xvqyqlc7j4gmphf6jc8g5f-font-cursor-misc-1.0.4/lib/X11/fonts/misc, +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: /nix/store/p8zdmv713rmrjv0qdxv58cmy0nh427w3-font-misc-misc-1.1.3/lib/X11/fonts/misc, +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: /nix/store/lc9l1wg361h0zrw1hcv78aygzcyxsa88-unifont-16.0.01/share/fonts, +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: /nix/store/42350zvqxga4vfwdaky5mjhjrfh00y0m-font-adobe-100dpi-1.0.4/lib/X11/fonts/100dpi, +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: /nix/store/brzcaxpd0bq424cd7wqd59bvxfhxpmny-font-adobe-75dpi-1.0.4/lib/X11/fonts/75dpi +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (**) ModulePath set to "/nix/store/1syfpzn0s39fh62xcq5jaahar619gbds-xf86-video-amdgpu-23.0.0/lib/xorg/modules,/nix/store/j93m21y17jbs7sa380gdyv5236q27rss-xorg-server-21.1.16/lib/xorg/modules,/nix/store/1dx1w0hkdaycrcyjpwyq4i1nc0j6my36-xf86-input-evdev-2.11.0/lib/xorg/modules,/nix/store/hc4vy0scpvr0k10bm1sjqn40qql1725r-xf86-input-libinput-1.5.0/lib/xorg/modules" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) The server relies on udev to provide the list of input devices. +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: If no devices become available, reconfigure udev or disable AutoAddDevices. +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) Loader magic: 0x64fe40 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) Module ABI versions: +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: X.Org ANSI C Emulation: 0.4 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: X.Org Video Driver: 25.2 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: X.Org XInput driver : 24.4 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: X.Org Server Extension : 10.0 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (++) using VT number 7 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) systemd-logind: took control of session /org/freedesktop/login1/session/c24 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) xfree86: Adding drm device (/dev/dri/card1) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) Platform probe for /sys/devices/pci0000:60/0000:60:03.1/0000:61:00.0/0000:62:00.0/0000:63:00.0/drm/card1 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) systemd-logind: got fd for /dev/dri/card1 226:1 fd 14 paused 0 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (--) PCI:*(99@0:0:0) 1002:7312:1002:031e rev 0, Mem @ 0x13e00000000/8589934592, 0x14000000000/268435456, 0xcde00000/524288, I/O @ 0x0000f000/256, BIOS @ 0x????????/131072 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (WW) Open ACPI failed (/var/run/acpid.socket) (No such file or directory) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) "glx" will be loaded by default. +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) LoadModule: "glx" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) Loading /nix/store/j93m21y17jbs7sa380gdyv5236q27rss-xorg-server-21.1.16/lib/xorg/modules/extensions/libglx.so +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) Module glx: vendor="X.Org Foundation" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: compiled for 1.21.1.16, module version = 1.0.0 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: ABI class: X.Org Server Extension, version 10.0 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) LoadModule: "amdgpu" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) Loading /nix/store/1syfpzn0s39fh62xcq5jaahar619gbds-xf86-video-amdgpu-23.0.0/lib/xorg/modules/drivers/amdgpu_drv.so +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) Module amdgpu: vendor="X.Org Foundation" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: compiled for 1.21.1.16, module version = 23.0.0 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: Module class: X.Org Video Driver +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: ABI class: X.Org Video Driver, version 25.2 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) AMDGPU: Driver for AMD Radeon: +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: All GPUs supported by the amdgpu kernel driver +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (WW) VGA arbiter: cannot open kernel arbiter, no multi-card support +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) AMDGPU(0): Creating default Display subsection in Screen section +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: "Screen-amdgpu[0]" for depth/fbbpp 24/32 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (==) AMDGPU(0): Depth 24, (--) framebuffer bpp 32 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) AMDGPU(0): Pixel depth = 24 bits stored in 4 bytes (32 bpp pixmaps) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (==) AMDGPU(0): Default visual is TrueColor +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (==) AMDGPU(0): RGB weight 888 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) AMDGPU(0): Using 8 bits per RGB (8 bit DAC) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (--) AMDGPU(0): Chipset: "AMD Radeon Pro W5700" (ChipID = 0x7312) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) Loading sub module "fb" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) LoadModule: "fb" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) Module "fb" already built-in +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) Loading sub module "dri2" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) LoadModule: "dri2" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) Module "dri2" already built-in +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) Loading sub module "glamoregl" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) LoadModule: "glamoregl" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) Loading /nix/store/j93m21y17jbs7sa380gdyv5236q27rss-xorg-server-21.1.16/lib/xorg/modules/libglamoregl.so +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (II) Module glamoregl: vendor="X.Org Foundation" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: compiled for 1.21.1.16, module version = 1.0.1 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: ABI class: X.Org ANSI C Emulation, version 0.4 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (EE) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (EE) Backtrace: +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (EE) 0: /nix/store/j93m21y17jbs7sa380gdyv5236q27rss-xorg-server-21.1.16/bin/X (OsSigHandler+0x33) [0x5c35e3] +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (EE) unw_get_proc_name failed: no unwind info found [-10] +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (EE) 1: /nix/store/p9kdj55g5l39nbrxpjyz5wc1m0s7rzsx-glibc-2.40-66/lib/libc.so.6 (?+0x0) [0x7fbd5d795620] +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (EE) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (EE) Segmentation fault at address 0x0 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (EE) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: Fatal server error: +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (EE) Caught signal 11 (Segmentation fault). Server aborting +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (EE) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (EE) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: Please consult the The X.Org Foundation support +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: at http://wiki.x.org +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: for help. +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (EE) Please also check the log file at "/dev/null" for additional information. +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (EE) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54159]: (EE) Server terminated with error (1). Closing log file. + Module libdrm_amdgpu.so.1 without build-id. + Module amdgpu_drv.so without build-id. + #5 0x00000000005ccd95 FatalError (Xorg + 0x1ccd95) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54157]: Unable to run X server +Jun 02 13:22:24 l gdm[53976]: Gdm: GdmDisplay: Session never registered, failing +Jun 02 13:22:24 l gdm[53976]: Gdm: Child process -54157 was already dead. +Jun 02 13:22:24 l gdm[53976]: Gdm: GdmDisplay: Session never registered, failing +Jun 02 13:22:24 l gdm[53976]: Gdm: Child process -54157 was already dead. +Jun 02 13:22:24 l systemd-logind[1623]: New session c25 of user gdm. +Jun 02 13:22:24 l systemd[1]: Started Session c25 of User gdm. +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: X.Org X Server 1.21.1.16 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: X Protocol Version 11, Revision 0 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: Current Operating System: Linux l 6.12.25 #1-NixOS SMP PREEMPT_DYNAMIC Fri Apr 25 08:48:08 UTC 2025 x86_64 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: Kernel command line: initrd=\EFI\nixos\ddwdrb723gkjnw86zlcpzdzns53599kb-initrd-linux-6.12.25-initrd.efi init=/nix/store/zgv335j605i6kzm2r7hfca41029fdi12-nixos-system-l-24.11.20250502.bf3287d/init loglevel=4 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: Current version of pixman: 0.43.4 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: Before reporting problems, check http://wiki.x.org +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: to make sure that you have the latest version. +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: Markers: (--) probed, (**) from config file, (==) default setting, +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (++) from command line, (!!) notice, (II) informational, +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (WW) warning, (EE) error, (NI) not implemented, (??) unknown. +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (++) Log file: "/dev/null", Time: Mon Jun 2 13:22:24 2025 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (++) Using config file: "/nix/store/fym223impgdfyvxh0cpk9vnrk0lywbxm-xserver.conf" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (==) Using config directory: "/etc/X11/xorg.conf.d" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (==) Using system config directory "/nix/store/j93m21y17jbs7sa380gdyv5236q27rss-xorg-server-21.1.16/share/X11/xorg.conf.d" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (==) ServerLayout "Layout[all]" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (**) |-->Screen "Screen-amdgpu[0]" (0) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (**) | |-->Monitor "" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (**) | |-->Device "Device-amdgpu[0]" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (==) No monitor specified for screen "Screen-amdgpu[0]". +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: Using a default monitor configuration. +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (**) Option "DontZap" "on" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (**) Option "AllowMouseOpenFail" "on" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (**) Allowing byte-swapped clients +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (==) Automatically adding devices +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (==) Automatically enabling devices +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (==) Automatically adding GPU devices +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (==) Automatically binding GPU devices +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (==) Max clients allowed: 256, resource mask: 0x1fffff +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (**) FontPath set to: +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: /nix/store/xh83kpkqq7xvqyqlc7j4gmphf6jc8g5f-font-cursor-misc-1.0.4/lib/X11/fonts/misc, +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: /nix/store/p8zdmv713rmrjv0qdxv58cmy0nh427w3-font-misc-misc-1.1.3/lib/X11/fonts/misc, +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: /nix/store/lc9l1wg361h0zrw1hcv78aygzcyxsa88-unifont-16.0.01/share/fonts, +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: /nix/store/42350zvqxga4vfwdaky5mjhjrfh00y0m-font-adobe-100dpi-1.0.4/lib/X11/fonts/100dpi, +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: /nix/store/brzcaxpd0bq424cd7wqd59bvxfhxpmny-font-adobe-75dpi-1.0.4/lib/X11/fonts/75dpi +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (**) ModulePath set to "/nix/store/1syfpzn0s39fh62xcq5jaahar619gbds-xf86-video-amdgpu-23.0.0/lib/xorg/modules,/nix/store/j93m21y17jbs7sa380gdyv5236q27rss-xorg-server-21.1.16/lib/xorg/modules,/nix/store/1dx1w0hkdaycrcyjpwyq4i1nc0j6my36-xf86-input-evdev-2.11.0/lib/xorg/modules,/nix/store/hc4vy0scpvr0k10bm1sjqn40qql1725r-xf86-input-libinput-1.5.0/lib/xorg/modules" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) The server relies on udev to provide the list of input devices. +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: If no devices become available, reconfigure udev or disable AutoAddDevices. +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) Loader magic: 0x64fe40 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) Module ABI versions: +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: X.Org ANSI C Emulation: 0.4 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: X.Org Video Driver: 25.2 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: X.Org XInput driver : 24.4 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: X.Org Server Extension : 10.0 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (++) using VT number 7 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) systemd-logind: took control of session /org/freedesktop/login1/session/c25 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) xfree86: Adding drm device (/dev/dri/card1) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) Platform probe for /sys/devices/pci0000:60/0000:60:03.1/0000:61:00.0/0000:62:00.0/0000:63:00.0/drm/card1 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) systemd-logind: got fd for /dev/dri/card1 226:1 fd 14 paused 0 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (--) PCI:*(99@0:0:0) 1002:7312:1002:031e rev 0, Mem @ 0x13e00000000/8589934592, 0x14000000000/268435456, 0xcde00000/524288, I/O @ 0x0000f000/256, BIOS @ 0x????????/131072 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (WW) Open ACPI failed (/var/run/acpid.socket) (No such file or directory) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) "glx" will be loaded by default. +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) LoadModule: "glx" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) Loading /nix/store/j93m21y17jbs7sa380gdyv5236q27rss-xorg-server-21.1.16/lib/xorg/modules/extensions/libglx.so +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) Module glx: vendor="X.Org Foundation" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: compiled for 1.21.1.16, module version = 1.0.0 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: ABI class: X.Org Server Extension, version 10.0 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) LoadModule: "amdgpu" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) Loading /nix/store/1syfpzn0s39fh62xcq5jaahar619gbds-xf86-video-amdgpu-23.0.0/lib/xorg/modules/drivers/amdgpu_drv.so +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) Module amdgpu: vendor="X.Org Foundation" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: compiled for 1.21.1.16, module version = 23.0.0 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: Module class: X.Org Video Driver +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: ABI class: X.Org Video Driver, version 25.2 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) AMDGPU: Driver for AMD Radeon: +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: All GPUs supported by the amdgpu kernel driver +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (WW) VGA arbiter: cannot open kernel arbiter, no multi-card support +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) AMDGPU(0): Creating default Display subsection in Screen section +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: "Screen-amdgpu[0]" for depth/fbbpp 24/32 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (==) AMDGPU(0): Depth 24, (--) framebuffer bpp 32 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) AMDGPU(0): Pixel depth = 24 bits stored in 4 bytes (32 bpp pixmaps) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (==) AMDGPU(0): Default visual is TrueColor +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (==) AMDGPU(0): RGB weight 888 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) AMDGPU(0): Using 8 bits per RGB (8 bit DAC) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (--) AMDGPU(0): Chipset: "AMD Radeon Pro W5700" (ChipID = 0x7312) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) Loading sub module "fb" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) LoadModule: "fb" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) Module "fb" already built-in +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) Loading sub module "dri2" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) LoadModule: "dri2" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) Module "dri2" already built-in +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) Loading sub module "glamoregl" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) LoadModule: "glamoregl" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) Loading /nix/store/j93m21y17jbs7sa380gdyv5236q27rss-xorg-server-21.1.16/lib/xorg/modules/libglamoregl.so +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (II) Module glamoregl: vendor="X.Org Foundation" +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: compiled for 1.21.1.16, module version = 1.0.1 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: ABI class: X.Org ANSI C Emulation, version 0.4 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (EE) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (EE) Backtrace: +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (EE) 0: /nix/store/j93m21y17jbs7sa380gdyv5236q27rss-xorg-server-21.1.16/bin/X (OsSigHandler+0x33) [0x5c35e3] +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (EE) unw_get_proc_name failed: no unwind info found [-10] +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (EE) 1: /nix/store/p9kdj55g5l39nbrxpjyz5wc1m0s7rzsx-glibc-2.40-66/lib/libc.so.6 (?+0x0) [0x7f2325759620] +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (EE) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (EE) Segmentation fault at address 0x0 +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (EE) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: Fatal server error: +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (EE) Caught signal 11 (Segmentation fault). Server aborting +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (EE) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (EE) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: Please consult the The X.Org Foundation support +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: at http://wiki.x.org +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: for help. +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (EE) Please also check the log file at "/dev/null" for additional information. +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (EE) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54188]: (EE) Server terminated with error (1). Closing log file. + Module libdrm_amdgpu.so.1 without build-id. + Module amdgpu_drv.so without build-id. + #5 0x00000000005ccd95 FatalError (Xorg + 0x1ccd95) +Jun 02 13:22:24 l /nix/store/jwdv2db2wqvnm1c5fjjav0iqq2764dfp-gdm-47.0/libexec/gdm-x-session[54186]: Unable to run X server +Jun 02 13:22:24 l gdm[53976]: Gdm: GdmDisplay: Session never registered, failing +Jun 02 13:22:24 l gdm[53976]: Gdm: GdmLocalDisplayFactory: maximum number of X display failures reached: check X server log for errors +Jun 02 13:22:24 l gdm[53976]: Gdm: Child process -54186 was already dead. +Jun 02 13:22:35 l (sd-pam)[53991]: pam_unix(systemd-user:session): session closed for user gdm diff --git a/desktop/old.l/distributed-builds.nix b/desktop/old.l/distributed-builds.nix new file mode 100644 index 0000000..7989606 --- /dev/null +++ b/desktop/old.l/distributed-builds.nix @@ -0,0 +1,19 @@ +# +# latops/t/distributed-builds.nix +# +# https://nix.dev/tutorials/nixos/distributed-builds-setup.html#set-up-distributed-builds +{ pkgs, ... }: +{ + nix.distributedBuilds = true; + nix.settings.builders-use-substitutes = true; + + nix.buildMachines = [ + { + hostName = "hp4.home"; + sshUser = "remotebuild"; + sshKey = "/root/.ssh/remotebuild"; + system = pkgs.stdenv.hostPlatform.system; + supportedFeatures = [ "nixos-test" "big-parallel" "kvm" ]; + } + ]; +} \ No newline at end of file diff --git a/desktop/old.l/docker-daemon.nix b/desktop/old.l/docker-daemon.nix new file mode 100644 index 0000000..fe72a86 --- /dev/null +++ b/desktop/old.l/docker-daemon.nix @@ -0,0 +1,27 @@ + +{ config, pkgs, ... }: + +{ + # https://nixos.wiki/wiki/Docker + # https://search.nixos.org/options?from=0&size=50&sort=alpha_asc&query=virtualisation.docker + # https://search.nixos.org/options?channel=24.05&show=virtualisation.docker.extraOptions&from=0&size=50&sort=alpha_asc&type=packages&query=virtualisation.docker + # https://github.com/NixOS/nixpkgs/issues/68349 + virtualisation.docker.enable = true; + virtualisation.docker.daemon.settings = { + data-root = "/home/das/docker/"; + userland-proxy = false; + experimental = true; + ipv6 = true; + fixed-cidr-v6 = "fd00::/80"; + metrics-addr = "0.0.0.0:9323"; + # log-driver = "json-file"; + # log-opts.max-size = "10m"; + # log-opts.max-file = "10"; + }; + #this doesn't work + #virtualisation.docker.daemon.settings.log-opts.max-size = "10m"; + # https://docs.docker.com/reference/cli/dockerd/ + #virtualisation.docker.extraOptions = "--userland-proxy=false"; + #virtualisation.docker.extraOptions = "--log-opt=max-size=10m"; + #virtualisation.docker.extraOptions = "--ipv6"; +} \ No newline at end of file diff --git a/desktop/old.l/firewall.nix b/desktop/old.l/firewall.nix new file mode 100644 index 0000000..449b44f --- /dev/null +++ b/desktop/old.l/firewall.nix @@ -0,0 +1,32 @@ +{ config, pkgs, ... }: + +{ + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + # https://nixos.wiki/wiki/Firewall + # https://scvalex.net/posts/54/ + # sudo nft --stateless list table filter + # sudo sudo iptables-save + networking.firewall = { + enable = false; + allowedTCPPorts = [ + 22 # ssh + 5001 # iperf2 + ]; + # allowedTCPPorts = [ 22 5001 ]; + # #allowedUDPPortRanges = [ + # # { from = 4000; to = 4007; } + # # { from = 8000; to = 8010; } + # #]; + # NixOS automagically creates stateful connection tracking, which we don't want + # for performance reasons + # extraCommands = '' + # iptables --delete nixos-fw -m conntrack --ctstate RELATED,ESTABLISHED -j nixos-fw-accept || true + # ''; + }; + # networking.firewall.interfaces."eth0".allowedTCPPorts = [ 80 443 ]; +} \ No newline at end of file diff --git a/desktop/old.l/flake.lock b/desktop/old.l/flake.lock new file mode 100644 index 0000000..6a828e3 --- /dev/null +++ b/desktop/old.l/flake.lock @@ -0,0 +1,523 @@ +{ + "nodes": { + "aquamarine": { + "inputs": { + "hyprutils": [ + "hyprland", + "hyprutils" + ], + "hyprwayland-scanner": [ + "hyprland", + "hyprwayland-scanner" + ], + "nixpkgs": [ + "hyprland", + "nixpkgs" + ], + "systems": [ + "hyprland", + "systems" + ] + }, + "locked": { + "lastModified": 1745357003, + "narHash": "sha256-jYwzQkv1r7HN/4qrAuKp+NR4YYNp2xDrOX5O9YVqkWo=", + "owner": "hyprwm", + "repo": "aquamarine", + "rev": "a19cf76ee1a15c1c12083fa372747ce46387289f", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "aquamarine", + "type": "github" + } + }, + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "gitignore": { + "inputs": { + "nixpkgs": [ + "hyprland", + "pre-commit-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, + "home-manager": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1746171682, + "narHash": "sha256-EyXUNSa+H+YvGVuQJP1nZskXAowxKYp79RNUsNdQTj4=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "50eee705bbdbac942074a8c120e8194185633675", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "release-24.11", + "repo": "home-manager", + "type": "github" + } + }, + "hyprcursor": { + "inputs": { + "hyprlang": [ + "hyprland", + "hyprlang" + ], + "nixpkgs": [ + "hyprland", + "nixpkgs" + ], + "systems": [ + "hyprland", + "systems" + ] + }, + "locked": { + "lastModified": 1745948457, + "narHash": "sha256-lzTV10FJTCGNtMdgW5YAhCAqezeAzKOd/97HbQK8GTU=", + "owner": "hyprwm", + "repo": "hyprcursor", + "rev": "ac903e80b33ba6a88df83d02232483d99f327573", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "hyprcursor", + "type": "github" + } + }, + "hyprgraphics": { + "inputs": { + "hyprutils": [ + "hyprland", + "hyprutils" + ], + "nixpkgs": [ + "hyprland", + "nixpkgs" + ], + "systems": [ + "hyprland", + "systems" + ] + }, + "locked": { + "lastModified": 1745015490, + "narHash": "sha256-apEJ9zoSzmslhJ2vOKFcXTMZLUFYzh1ghfB6Rbw3Low=", + "owner": "hyprwm", + "repo": "hyprgraphics", + "rev": "60754910946b4e2dc1377b967b7156cb989c5873", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "hyprgraphics", + "type": "github" + } + }, + "hyprland": { + "inputs": { + "aquamarine": "aquamarine", + "hyprcursor": "hyprcursor", + "hyprgraphics": "hyprgraphics", + "hyprland-protocols": "hyprland-protocols", + "hyprland-qtutils": "hyprland-qtutils", + "hyprlang": "hyprlang", + "hyprutils": "hyprutils", + "hyprwayland-scanner": "hyprwayland-scanner", + "nixpkgs": "nixpkgs", + "pre-commit-hooks": "pre-commit-hooks", + "systems": "systems", + "xdph": "xdph" + }, + "locked": { + "lastModified": 1746291290, + "narHash": "sha256-96SpKoIyUsRas+h6RhnPcgbduyH2j2YrujWpsuKdK8Q=", + "owner": "hyprwm", + "repo": "Hyprland", + "rev": "46ac115bd19ee3aff5c816033de0b1d55a74e33f", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "Hyprland", + "type": "github" + } + }, + "hyprland-plugins": { + "inputs": { + "hyprland": [ + "hyprland" + ], + "nixpkgs": [ + "hyprland-plugins", + "hyprland", + "nixpkgs" + ], + "systems": [ + "hyprland-plugins", + "hyprland", + "systems" + ] + }, + "locked": { + "lastModified": 1746281365, + "narHash": "sha256-L5oTQib471A0zXhk6ed9y8UE19Sh7+WU3xQg0q3e+FI=", + "owner": "hyprwm", + "repo": "hyprland-plugins", + "rev": "0ca682bc2c2e10414e7de1fb6606226a45e76380", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "hyprland-plugins", + "type": "github" + } + }, + "hyprland-protocols": { + "inputs": { + "nixpkgs": [ + "hyprland", + "nixpkgs" + ], + "systems": [ + "hyprland", + "systems" + ] + }, + "locked": { + "lastModified": 1743714874, + "narHash": "sha256-yt8F7NhMFCFHUHy/lNjH/pjZyIDFNk52Q4tivQ31WFo=", + "owner": "hyprwm", + "repo": "hyprland-protocols", + "rev": "3a5c2bda1c1a4e55cc1330c782547695a93f05b2", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "hyprland-protocols", + "type": "github" + } + }, + "hyprland-qt-support": { + "inputs": { + "hyprlang": [ + "hyprland", + "hyprland-qtutils", + "hyprlang" + ], + "nixpkgs": [ + "hyprland", + "hyprland-qtutils", + "nixpkgs" + ], + "systems": [ + "hyprland", + "hyprland-qtutils", + "systems" + ] + }, + "locked": { + "lastModified": 1737634706, + "narHash": "sha256-nGCibkfsXz7ARx5R+SnisRtMq21IQIhazp6viBU8I/A=", + "owner": "hyprwm", + "repo": "hyprland-qt-support", + "rev": "8810df502cdee755993cb803eba7b23f189db795", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "hyprland-qt-support", + "type": "github" + } + }, + "hyprland-qtutils": { + "inputs": { + "hyprland-qt-support": "hyprland-qt-support", + "hyprlang": [ + "hyprland", + "hyprlang" + ], + "hyprutils": [ + "hyprland", + "hyprland-qtutils", + "hyprlang", + "hyprutils" + ], + "nixpkgs": [ + "hyprland", + "nixpkgs" + ], + "systems": [ + "hyprland", + "systems" + ] + }, + "locked": { + "lastModified": 1745951494, + "narHash": "sha256-2dModE32doiyQMmd6EDAQeZnz+5LOs6KXyE0qX76WIg=", + "owner": "hyprwm", + "repo": "hyprland-qtutils", + "rev": "4be1d324faf8d6e82c2be9f8510d299984dfdd2e", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "hyprland-qtutils", + "type": "github" + } + }, + "hyprlang": { + "inputs": { + "hyprutils": [ + "hyprland", + "hyprutils" + ], + "nixpkgs": [ + "hyprland", + "nixpkgs" + ], + "systems": [ + "hyprland", + "systems" + ] + }, + "locked": { + "lastModified": 1745357019, + "narHash": "sha256-q/C3qj9FWHQenObXuw/nGIT8iIsWFjgmcQYcA+ZfpPs=", + "owner": "hyprwm", + "repo": "hyprlang", + "rev": "397600c42b8d7a443a5b4e92aa15f46650a90f18", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "hyprlang", + "type": "github" + } + }, + "hyprutils": { + "inputs": { + "nixpkgs": [ + "hyprland", + "nixpkgs" + ], + "systems": [ + "hyprland", + "systems" + ] + }, + "locked": { + "lastModified": 1745975815, + "narHash": "sha256-s3GzsRxBL/N/xYgUXZhQh4t62uR1BN4zxXgWBtJ3lWM=", + "owner": "hyprwm", + "repo": "hyprutils", + "rev": "05878d9470c9e5cbc8807813f9ec2006627a0ca0", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "hyprutils", + "type": "github" + } + }, + "hyprwayland-scanner": { + "inputs": { + "nixpkgs": [ + "hyprland", + "nixpkgs" + ], + "systems": [ + "hyprland", + "systems" + ] + }, + "locked": { + "lastModified": 1739870480, + "narHash": "sha256-SiDN5BGxa/1hAsqhgJsS03C3t2QrLgBT8u+ENJ0Qzwc=", + "owner": "hyprwm", + "repo": "hyprwayland-scanner", + "rev": "206367a08dc5ac4ba7ad31bdca391d098082e64b", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "hyprwayland-scanner", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1746141548, + "narHash": "sha256-IgBWhX7A2oJmZFIrpRuMnw5RAufVnfvOgHWgIdds+hc=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "f02fddb8acef29a8b32f10a335d44828d7825b78", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-unstable": { + "locked": { + "lastModified": 1746141548, + "narHash": "sha256-IgBWhX7A2oJmZFIrpRuMnw5RAufVnfvOgHWgIdds+hc=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "f02fddb8acef29a8b32f10a335d44828d7825b78", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1746183838, + "narHash": "sha256-kwaaguGkAqTZ1oK0yXeQ3ayYjs8u/W7eEfrFpFfIDFA=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "bf3287dac860542719fe7554e21e686108716879", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-24.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "pre-commit-hooks": { + "inputs": { + "flake-compat": "flake-compat", + "gitignore": "gitignore", + "nixpkgs": [ + "hyprland", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1742649964, + "narHash": "sha256-DwOTp7nvfi8mRfuL1escHDXabVXFGT1VlPD1JHrtrco=", + "owner": "cachix", + "repo": "git-hooks.nix", + "rev": "dcf5072734cb576d2b0c59b2ac44f5050b5eac82", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "git-hooks.nix", + "type": "github" + } + }, + "root": { + "inputs": { + "home-manager": "home-manager", + "hyprland": "hyprland", + "hyprland-plugins": "hyprland-plugins", + "nixpkgs": "nixpkgs_2", + "nixpkgs-unstable": "nixpkgs-unstable" + } + }, + "systems": { + "locked": { + "lastModified": 1689347949, + "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", + "owner": "nix-systems", + "repo": "default-linux", + "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default-linux", + "type": "github" + } + }, + "xdph": { + "inputs": { + "hyprland-protocols": [ + "hyprland", + "hyprland-protocols" + ], + "hyprlang": [ + "hyprland", + "hyprlang" + ], + "hyprutils": [ + "hyprland", + "hyprutils" + ], + "hyprwayland-scanner": [ + "hyprland", + "hyprwayland-scanner" + ], + "nixpkgs": [ + "hyprland", + "nixpkgs" + ], + "systems": [ + "hyprland", + "systems" + ] + }, + "locked": { + "lastModified": 1745871725, + "narHash": "sha256-M24SNc2flblWGXFkGQfqSlEOzAGZnMc9QG3GH4K/KbE=", + "owner": "hyprwm", + "repo": "xdg-desktop-portal-hyprland", + "rev": "76bbf1a6b1378e4ab5230bad00ad04bc287c969e", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "xdg-desktop-portal-hyprland", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/desktop/old.l/flake.nix b/desktop/old.l/flake.nix new file mode 100644 index 0000000..9a24cec --- /dev/null +++ b/desktop/old.l/flake.nix @@ -0,0 +1,96 @@ +{ + description = "l Flake"; + + # https://nix.dev/manual/nix/2.24/command-ref/new-cli/nix3-flake.html#flake-inputs + inputs = { + nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11"; + nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; + # https://docs.github.com/en/rest/branches/branches?apiVersion=2022-11-28#get-a-branch + # nixpkgs-unstable.url = "github:randomizedcoder/nixpkgs/8f146535307f0168d758fe6fee6f52663cb11695";#iperf2_2.2.1 + # nixpkgs-unstable.url = "github:randomizedcoder/nixpkgs/c9580e24eb621d72eda63355d7c8dbfb1654d333"; + # https://github.com/NixOS/nix/issues/12022 + #nix flake lock --override-input nixpkgs /home/eelco/Dev/nixpkgs + #nix flake lock --override-input nixpkgs "/home/das/Downloads/nixpkgs + #nixpkgs.url = "/home/das/Downloads/nixpkgs"; + #nixpkgs = "../../../Downloads/nixpkgs/"; + # https://nixos-and-flakes.thiscute.world/nixos-with-flakes/start-using-home-manager + home-manager = { + url = "github:nix-community/home-manager/release-24.11"; + # The `follows` keyword in inputs is used for inheritance. + # Here, `inputs.nixpkgs` of home-manager is kept consistent with + # the `inputs.nixpkgs` of the current flake, + # to avoid problems caused by different versions of nixpkgs. + inputs.nixpkgs.follows = "nixpkgs"; + }; + hyprland.url = "github:hyprwm/Hyprland"; + hyprland-plugins = { + url = "github:hyprwm/hyprland-plugins"; + # https://github.com/hyprwm/hyprland-plugins + inputs.hyprland.follows = "hyprland"; + }; + }; + + #outputs = inputs@{ nixpkgs, home-manager, hyprland, ... }: + outputs = { self, nixpkgs, nixpkgs-unstable, home-manager, hyprland, ... }: + let + system = "x86_64-linux"; + pkgs = import nixpkgs { + inherit system; + config = { + allowUnfree = true; + allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ + # "nvidia-x11" + # "nvidia-settings" + # "nvidia-persistenced" + "google-chrome" + "android-studio" + "android-studio-stable" + ]; + }; + }; + # https://nixos.wiki/wiki/Flakes#Importing_packages_from_multiple_channels + # overlay-unstable = final: prev: { + # unstable = nixpkgs-unstable.legacyPackages.${prev.system}; + # }; + overlay-unstable = final: prev: { + unstable = import nixpkgs-unstable { + inherit system; + config = { + allowUnfree = true; + # allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ + # "vscode" + # "code-cursor" + # "slack" + # "zoom-us" + # "nvidia-x11" + # ]; + }; + }; + }; + lib = nixpkgs.lib; + in { + nixosConfigurations = { + l = lib.nixosSystem rec { + inherit system; + specialArgs = { + inherit hyprland overlay-unstable; + unstable = import nixpkgs-unstable { inherit system; config.allowUnfree = true; }; + }; + modules = [ + ({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay-unstable ]; }) + ./configuration.nix + hyprland.nixosModules.default + home-manager.nixosModules.home-manager + { + # https://nix-community.github.io/home-manager/nixos-options.xhtml#nixos-opt-home-manager.useGlobalPkgs + #home-manager.useGlobalPkgs = true; # This disables the Home Manager options nixpkgs.*. + home-manager.useUserPackages = true; + home-manager.users.das = import ./home.nix; + home-manager.extraSpecialArgs = specialArgs; + # see also: https://github.com/HeinzDev/Hyprland-dotfiles/blob/main/flake.nix + } + ]; + }; + }; + }; +} diff --git a/desktop/old.l/grafana.nix b/desktop/old.l/grafana.nix new file mode 100644 index 0000000..471b71d --- /dev/null +++ b/desktop/old.l/grafana.nix @@ -0,0 +1,23 @@ +{ config, pkgs, ... }: +{ + # https://nixos.wiki/wiki/Grafana + # https://search.nixos.org/options?query=services.grafana + # https://xeiaso.net/blog/prometheus-grafana-loki-nixos-2020-11-20/ + # https://grafana.com/grafana/dashboards/1860-node-exporter-full/ + services.grafana = { + enable = true; + settings = { + server = { + # Listening Address + http_addr = "0.0.0.0"; + # and Port + http_port = 3000; + # Grafana needs to know on which domain and URL it's running + #domain = "your.domain"; + #root_url = "https://your.domain/grafana/"; # Not needed if it is `https://your.domain/` + serve_from_sub_path = true; + enable_gzip = true; + }; + }; + }; +} \ No newline at end of file diff --git a/desktop/old.l/hardware-configuration.nix b/desktop/old.l/hardware-configuration.nix new file mode 100644 index 0000000..6608cdd --- /dev/null +++ b/desktop/old.l/hardware-configuration.nix @@ -0,0 +1,42 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/8722e7a6-a625-407f-9b1f-839bb52e7f8d"; + fsType = "ext4"; + }; + + boot.initrd.luks.devices."luks-67cf4e90-444f-4056-91a8-446fd6c42b09".device = "/dev/disk/by-uuid/67cf4e90-444f-4056-91a8-446fd6c42b09"; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/F732-675E"; + fsType = "vfat"; + options = [ "fmask=0077" "dmask=0077" ]; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/d762bfcb-e63b-47ad-ab8b-369c47e79833"; } + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/desktop/old.l/home.nix b/desktop/old.l/home.nix new file mode 100644 index 0000000..be84c15 --- /dev/null +++ b/desktop/old.l/home.nix @@ -0,0 +1,612 @@ +{ + hyprland, + config, + pkgs, + overlay-unstable, + ... +}: +#{ config, pkgs, ... }: +#{ config, inputs, pkgs, ... }: + +# sudo cp ./nixos/modules/* /etc/nixos/ +# sudo nixos-rebuild switch + +{ + imports = [ + hyprland.homeManagerModules.default + # other imports to go here + ]; + + home = { + username = "das"; + homeDirectory = "/home/das"; + }; + + # https://nix-community.github.io/home-manager/index.xhtml#ch-installation + #home-manager.users.das = { pkgs, ... }: { + + # https://nix-community.github.io/home-manager/options.xhtml#opt-home.sessionVariables + home.sessionVariables = { + NIXPKGS_ALLOW_UNFREE = "1"; + ELECTRON_OZONE_PLATFORM_HINT = "auto"; + + QT_QPA_PLATFORM = "wayland"; + # GI_TYPELIB_PATH = "/run/current-system/sw/lib/girepository-1.0"; + # disable wayland + NIXOS_OZONE_WL = "1"; + GOPRIVATE = "gitlab.com/sidenio/*"; + TERM = "xterm-256color"; + + #HTTP_PROXY = "http://hp4.home:3128"; + #HTTPS_PROXY = "http://hp4.home:3128"; + #NO_PROXY = "localhost,127.0.0.1,::1,172.16.0.0/16"; + # You can also use ALL_PROXY or FTP_PROXY if needed + # ALL_PROXY = "http://hp4:3128"; + }; + + home.packages = with pkgs; [ + # System/Info Tools + killall + hw-probe + lshw + hwloc + gparted + ncdu + neofetch + file + + # Terminal Multiplexers + tmux + screen + + # LLVM/Clang toolchain (needed for race detection and C/C++ builds) + unstable.llvmPackages_20.clang-tools + unstable.llvmPackages_20.lld + + # Essential development libraries (minimal headers) + glibc.dev + stdenv.cc.cc.lib + zlib.dev + openssl.dev + ncurses.dev + libyaml.dev + + # Build Tools + libgcc + # https://nixos.wiki/wiki/C + # https://search.nixos.org/packages?channel=24.05&show=gcc&from=0&size=50&sort=relevance&type=packages&query=gcc + #gcc + automake + gnumake + #cmake + pkg-config + + # Scripting/Utils + perl + #3.12.8 on 12th of Feb 2025 + python3Full + gawk + jq + git + htop + btop + minicom + + bc + + # Compression + bzip2 + gzip + lz4 + zip + unzip + xz + zstd + + gnutar + + # File Transfer/Management + rsync + tree + + # Terminals + alacritty + kitty + #https://ghostty.org/ + unstable.ghostty + + # Networking + ethtool + iproute2 + vlan + tcpdump + wireshark + unstable.iperf2 + netperf + flent + bpftools + fping + inetutils # Includes telnet + netcat-gnu + + # Filesystem/Monitoring + inotify-tools + + # Printing + hplip + #hplipWithPlugin + + # SDR + gnuradio + hackrf + gqrx + cubicsdr + + # Media + unstable.vlc + # ffmpeg moved to system package + #ffmpeg_7-full + #ffmpeg-full + + # Go Development + # https://nixos.wiki/wiki/Go + # https://nixos.org/manual/nixpkgs/stable/#sec-language-go + # https://nixos.wiki/wiki/FAQ#How_can_I_install_a_package_from_unstable_while_remaining_on_the_stable_channel.3F + libcap + #gcc_multi + #glibc_multi + # thunderbird + #go_1_23 + unstable.go + unstable.gopls + unstable.golint + unstable.golangci-lint + unstable.golangci-lint-langserver + # trunk is unfree, and i can't work out how to enable unfree + #trunk-io + # https://github.com/go-delve/delve + unstable.delve + # https://github.com/aarzilli/gdlv + gdlv + unstable.buf + protobuf_27 + grpcurl + # https://github.com/go-gorm/gen + # https://github.com/infobloxopen/protoc-gen-gorm/blob/main/example/postgres_arrays/buf.gen.yaml + gorm-gentool + # removed 24.11 + #buf-language-server + # https://tinygo.org/ + #tinygo + + # removing bazel and moving to the "nix develop" shell + # # https://github.com/bazelbuild/bazel/tags + # # https://github.com/NixOS/nixpkgs/blob/nixos-unstable/pkgs/development/tools/build-managers/bazel/bazel_7/default.nix#L524 + #unstable.bazel_7 + unstable.bazel-buildtools + unstable.bazelisk + + unstable.code-cursor + + # # https://github.com/bazel-contrib/bazel-gazelle/tags + # # https://github.com/NixOS/nixpkgs/blob/nixos-unstable/pkgs/by-name/ba/bazel-gazelle/package.nix#L26 + # unstable.bazel-gazelle + # unstable.bazel-buildtools + # unstable.bazelisk + # # https://github.com/buchgr/bazel-remote - maybe something to look at? + # # https://github.com/buildfarm/buildfarm?tab=readme-ov-file#helm-chart + + # Debugging/Profiling + graphviz # for pprof + strace + + # Diffing + meld + + # Editors + helix + + # Rust Development + # https://nixos.wiki/wiki/Rust + cargo + rustc + rustfmt + rust-analyzer + clippy + #clang_multi + + # Mobile Development + flutter + android-studio + android-tools + android-udev-rules + + # Gnome Related / Extensions + # gnomeExtensions.emoji-copy + # unstable.gnomeExtensions.workspace-switcher-manager + gnome-extension-manager + gnome-usage + dconf-editor + gnome-settings-daemon + gnome-disk-utility + gnome-software + gnome-tweaks + simple-scan + gnomeExtensions.appindicator + gnomeExtensions.settingscenter + gnomeExtensions.system-monitor + gnomeExtensions.dash-to-dock + gnomeExtensions.just-perfection + gnomeExtensions.logo-menu + gnomeExtensions.wifi-qrcode + gnomeExtensions.wireless-hid + gnomeExtensions.user-themes + gnomeExtensions.tray-icons-reloaded + gnomeExtensions.vitals + gnomeExtensions.dash-to-panel + gnomeExtensions.sound-output-device-chooser + gnomeExtensions.space-bar + # https://github.com/AstraExt/astra-monitor + gnomeExtensions.astra-monitor + libgtop + + # Office/Documents + libreoffice-qt + hunspell + hunspellDicts.en_AU + #hunspellDicts.en_US + evince + + # Browsers + # https://nixos.wiki/wiki/Firefox + firefox + # https://nixos.wiki/wiki/Chromium + chromium + #google-chrome + # https://discourse.nixos.org/t/google-chrome-not-working-after-recent-nixos-rebuild/43746 + (google-chrome.override { + commandLineArgs = [ + "--enable-features=UseOzonePlatform" + "--ozone-platform=wayland" + ]; + }) + + # Communication + # https://nixos.wiki/wiki/Slack + unstable.slack + unstable.zoom-us + + # Screenshots/Screen Recording + # https://wiki.nixos.org/wiki/Flameshot + unstable.flameshot + #(flameshot.override { enableWlrSupport = true; }) + grim # screenshot functionality + slurp # screenshot functionality + simplescreenrecorder + # https://wiki.nixos.org/wiki/Gpu-screen-recorder + gpu-screen-recorder # CLI + gpu-screen-recorder-gtk # GUI + + # Graphics + gimp-with-plugins + + # Text Editors + gedit + + # Containers + # https://nixos.wiki/wiki/Podman + dive + podman + runc + skopeo + podman-tui + podman-compose + docker-buildx + + # Kubernetes + #clickhouse + #clickhouse-cli + # https://github.com/int128/kubelogin + kubelogin-oidc + kubectl + kubernetes-helm + istioctl + krew + kubeshark + kubectl-ktop + kubectl-klock + kube-capacity + kubectl-images + kubectl-gadget + kdash + # k9s --kubeconfig=dev-d.kubeconfig + k9s + + # Misc + # https://github.com/jrincayc/ucblogo-code + ucblogo + # https://github.com/wagoodman/dive + # dive # Duplicate removed + # https://github.com/sharkdp/hyperfine + hyperfine + + # App Launchers + rofi-wayland + wofi + + # Raspberry Pi + rpi-imager + + #silly + cmatrix + sl + + #gpu monitoring + lact + ]; + + # vscode + # https://nixos.wiki/wiki/Visual_Studio_Code + # https://github.com/thexyno/nixos-config/blob/main/hm-modules/vscode/default.nix + # nix run github:nix-community/nix-vscode-extensions# -- --list-extensions + # https://mynixos.com/home-manager/options/programs.vscode + programs.vscode = { + enable = true; + # package = pkgs.vscode; + # extensions = with pkgs.vscode-extensions; [ + package = pkgs.unstable.vscode; + extensions = with pkgs.unstable.vscode-extensions; [ + #bbenoist.nix + dart-code.dart-code + dart-code.flutter + golang.go + hashicorp.terraform + #k6.k6 + ms-azuretools.vscode-docker + # https://github.com/orgs/microsoft/repositories?q=vscode + ms-vscode-remote.remote-containers + ms-vscode-remote.remote-ssh + #ms-vscode-remote.remote-ssh-edit + ms-vscode.makefile-tools + ms-vscode.cmake-tools + ms-vscode.cpptools + #ms-vscode.cpptools-extension-pack + #ms-vscode.cpptools-themes + ms-vscode.hexeditor + ms-vscode.makefile-tools + ms-python.python + ms-python.vscode-pylance + #ms-vscode.remote-explorer + #ms-vscode.remote-repositories + #ms-vscode.remote-server + ms-kubernetes-tools.vscode-kubernetes-tools + redhat.vscode-yaml + rust-lang.rust-analyzer + #crates is depreciated + #serayuzgur.crates + tamasfe.even-better-toml + timonwong.shellcheck + #trunk.io + zxh404.vscode-proto3 + yzhang.markdown-all-in-one + #platformio.platformio-ide + #github.copilot + # nix + #brettm12345.nixfmt.vscode + jnoortheen.nix-ide + #jeff-hykin.better-nix-syntax + rust-lang.rust-analyzer + #bazel + bazelbuild.vscode-bazel + ]; + }; + + #fonts.fonts = with pkgs; [ + # nerdfonts + # meslo-lgs-nf + #]; + + programs.bash = { + enable = true; + enableCompletion = true; + shellAliases = { + k = "kubectl"; + }; + }; + + programs.vim = { + enable = true; + plugins = with pkgs.vimPlugins; [ vim-airline ]; + settings = { ignorecase = true; }; + extraConfig = '' + set mouse=a + ''; + }; + #ldflags = [ + # "-X main.Version=${version}" + # "-X main.Commit=${version}" + #]; + + programs.git = { + enable = true; + userEmail = "dave.seddon.ca@gmail.com"; + userName = "randomizedcoder"; + #signing.key = "GPG-KEY-ID"; + #signing.signByDefault = true; + }; + + # https://nixos.wiki/wiki/OBS_Studio + # TODO add kernel module for virtual camera + programs.obs-studio = { + enable = true; + plugins = with pkgs.obs-studio-plugins; [ + wlrobs + obs-backgroundremoval + obs-pipewire-audio-capture + ]; + }; + + # another example with dark colors: + # https://github.com/HeinzDev/Hyprland-dotfiles/blob/main/home/home.nix#L70 + # + # https://heywoodlh.io/nixos-gnome-settings-and-keyboard-shortcuts + # https://rycee.gitlab.io/home-manager/options.xhtml#opt-dconf.settings + dconf.settings = { + "org/gnome/desktop/wm/preferences" = { + #button-layout = "close,minimize,maximize,above:appmenu"; + button-layout = ":minimize,maximize,above,close"; + num-workspaces = 2; + }; + # "org/gnome/desktop/interface" = { + # color-scheme = "prefer-dark"; + # }; + "org/gnome/desktop/interface" = { + clock-show-seconds = true; + clock-show-weekday = true; + color-scheme = "prefer-dark"; + enable-hot-corners = false; + font-antialiasing = "grayscale"; + font-hinting = "slight"; + gtk-theme = "Nordic"; + # toolkit-accessibility = true; + toolkit-accessibility = false; + }; + "org/gnome/shell" = { + disable-user-extensions = false; + favorite-apps = [ + "firefox.desktop" + "google-chrome.desktop" + "code.desktop" + "chromium.desktop" + "alacritty.desktop" + #"kitty.desktop" + "slack.desktop" + "ghostty.desktop" + ]; + enabled-extensions = with pkgs.gnomeExtensions; [ + blur-my-shell.extensionUuid + gsconnect.extensionUuid + ]; + }; + }; + + # disable wayland + # # https://nixos.wiki/wiki/Hyprland + # # https://josiahalenbrown.substack.com/p/installing-nixos-with-hyprland + # #programs.hyprland.enable = true; + # wayland.windowManager.hyprland = { + # # Whether to enable Hyprland wayland compositor + # enable = true; + # # The hyprland package to use + # package = pkgs.hyprland; + # # Whether to enable XWayland + # xwayland.enable = true; + + # https://wiki.hyprland.org/Nix/Hyprland-on-Home-Manager/ + # wayland.windowManager.hyprland.enable = true; # enable Hyprland + # Example: https://github.com/JaKooLit/NixOS-configs/blob/main/Ja-OS%20(configs%20using%20install%20script)/Asus-G15/hosts/G15-NixOS/config.nix#L144 + wayland.windowManager.hyprland = { + enable = true; + xwayland.enable = true; + #extraConfig = '' plugin = ${inputs.hy3.packages.${pkgs.system}.hy3}/lib/libhy3.so ''; + # plugins = [ + # inputs.hyprland-plugins.packages.${pkgs.system}.hyprbars + # # ... + #]; + extraConfig = '' + # Monitor configuration (Example - replace with yours) + monitor=,preferred,auto,1 + + # Execute-once startup commands (Example) + exec-once = waybar & + exec-once = nm-applet --indicator + + # Keybindings (Example) + bind = SUPER, Q, killactive, + bind = SUPER, RETURN, exec, ${pkgs.alacritty}/bin/alacritty + + # Include other settings... + # input { ... } + # general { ... } + # decoration { ... } + # animations { ... } + # etc... + + # Source other files if needed (less common with inline config) + # source = ~/.config/hypr/myColors.conf + ''; + }; + + # # Optional + # # Whether to enable hyprland-session.target on hyprland startup + # systemd.enable = true; + # }; + # # home.file.".config/hypr/hyprland.conf".text = '' + # # ''; + + home.file."containers.conf" = { + target = ".config/containers/containers.conf"; + # https://docs.podman.io/en/v4.6.0/markdown/options/security-opt.html + # https://github.com/containers/common/blob/main/docs/containers.conf.5.md + text = '' + [containers] + annotations=["run.oci.keep_original_groups=1",] + label=false + #seccomp=unconfined + ''; + }; + home.file."registries.conf" = { + target = ".config/containers/registries.conf"; + text = '' + [registries.search] + registries = ['docker.io'] + ''; + # text = '' + # [registries.search] + # registries = ['docker.io', 'registry.gitlab.com'] + # ''; + }; + home.file."policy.json" = { + target = ".config/containers/policy.json"; + text = '' + { + "default": [ + { + "type": "insecureAcceptAnything" + } + ], + "transports": + { + "docker-daemon": + { + "": [{"type":"insecureAcceptAnything"}] + } + } + } + ''; + }; + # https://mynixos.com/home-manager/options/programs.ghostty + home.file.".config/ghostty/ghostty.toml" = { + target = ".config/ghostty/ghostty.toml"; + text = '' + [window] + # Whether to show the scrollback sidebar. + sidebar = true + + # The width of the scrollback sidebar. + sidebar_width = 10 + + # Whether to show the scrollback sidebar on the left or right. + sidebar_position = "right" + ''; + }; + # https://github.com/colemickens/nixcfg/blob/1915d408ea28a5b7279f94df7a982dbf2cf692ef/mixins/ghostty.nix#L19 + + # set at flake.nix level + nixpkgs.config.allowUnfree = true; + + nixpkgs.overlays = [ overlay-unstable ]; + + #home.stateVersion = "23.11"; + home.stateVersion = "24.11"; +} diff --git a/desktop/old.l/hosts.nix b/desktop/old.l/hosts.nix new file mode 100644 index 0000000..3af6575 --- /dev/null +++ b/desktop/old.l/hosts.nix @@ -0,0 +1,17 @@ +{ config, pkgs, ... }: + +{ + networking.hosts = { + "172.16.40.198" = ["hp0" "hp0eth"]; # adi's room + "172.16.40.141" = ["hp0wifi"]; + "172.16.40.142" = ["hp1" "hp1eth"]; + "172.16.40.212" = ["hp2" "hp2eth"]; + "172.16.40.146" = ["hp3" "hp3eth"]; # savi's room + "172.16.40.130" = ["hp3wifi"]; + "172.16.50.232" = ["hp4" "hp4eth"]; # rack + "172.16.40.70" = ["hp5" "hp5eth"]; + "172.16.40.122" = ["pi5-1" "pi5-1-eth"]; + "172.16.40.62" = ["chromebox3" "chromebox3-eth"]; + "127.0.0.1" = ["redpanda-0"]; + }; +} \ No newline at end of file diff --git a/desktop/old.l/locale.nix b/desktop/old.l/locale.nix new file mode 100644 index 0000000..6a67b6f --- /dev/null +++ b/desktop/old.l/locale.nix @@ -0,0 +1,18 @@ +{ config, pkgs, ... }: + +{ + # Select internationalisation properties. + i18n.defaultLocale = "en_US.UTF-8"; + + i18n.extraLocaleSettings = { + LC_ADDRESS = "en_US.UTF-8"; + LC_IDENTIFICATION = "en_US.UTF-8"; + LC_MEASUREMENT = "en_US.UTF-8"; + LC_MONETARY = "en_US.UTF-8"; + LC_NAME = "en_US.UTF-8"; + LC_NUMERIC = "en_US.UTF-8"; + LC_PAPER = "en_US.UTF-8"; + LC_TELEPHONE = "en_US.UTF-8"; + LC_TIME = "en_US.UTF-8"; + }; +} \ No newline at end of file diff --git a/desktop/old.l/nodeExporter.nix b/desktop/old.l/nodeExporter.nix new file mode 100644 index 0000000..f26d49b --- /dev/null +++ b/desktop/old.l/nodeExporter.nix @@ -0,0 +1,27 @@ +{ + config, + pkgs, + ... +}: +{ + # https://nixos.org/manual/nixos/stable/#module-services-prometheus-exporters + # https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/services/monitoring/prometheus/default.nix + services.prometheus.exporters.node = { + enable = true; + port = 19000; + # https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/services/monitoring/prometheus/exporters.nix + enabledCollectors = [ "systemd" ]; + # /nix/store/zgsw0yx18v10xa58psanfabmg95nl2bb-node_exporter-1.8.1/bin/node_exporter --help + extraFlags = [ + "--collector.ethtool" + "--collector.softirqs" + "--collector.tcpstat" + "--collector.wifi" + "--collector.filesystem.ignored-mount-points='/nix/store'"]; + }; + + # https://search.nixos.org/options?channel=24.05&from=200&size=50&sort=relevance&type=packages&query=services.prometheus.exporters + services.prometheus.exporters.systemd.enable = true; + services.prometheus.exporters.smartctl.enable = true; + services.prometheus.exporters.process.enable = true; +} \ No newline at end of file diff --git a/desktop/old.l/original.configuration.nix b/desktop/old.l/original.configuration.nix new file mode 100644 index 0000000..d326571 --- /dev/null +++ b/desktop/old.l/original.configuration.nix @@ -0,0 +1,131 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +{ config, pkgs, ... }: + +{ + imports = + [ # Include the results of the hardware scan. + ./hardware-configuration.nix + ]; + + # Bootloader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + boot.initrd.luks.devices."luks-16f90ee0-dd9b-43de-951b-57d7b9b1f265".device = "/dev/disk/by-uuid/16f90ee0-dd9b-43de-951b-57d7b9b1f265"; + networking.hostName = "nixos"; # Define your hostname. + # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. + + # Configure network proxy if necessary + # networking.proxy.default = "http://user:password@proxy:port/"; + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + + # Enable networking + networking.networkmanager.enable = true; + + # Set your time zone. + time.timeZone = "America/Los_Angeles"; + + # Select internationalisation properties. + i18n.defaultLocale = "en_US.UTF-8"; + + i18n.extraLocaleSettings = { + LC_ADDRESS = "en_US.UTF-8"; + LC_IDENTIFICATION = "en_US.UTF-8"; + LC_MEASUREMENT = "en_US.UTF-8"; + LC_MONETARY = "en_US.UTF-8"; + LC_NAME = "en_US.UTF-8"; + LC_NUMERIC = "en_US.UTF-8"; + LC_PAPER = "en_US.UTF-8"; + LC_TELEPHONE = "en_US.UTF-8"; + LC_TIME = "en_US.UTF-8"; + }; + + # Enable the X11 windowing system. + services.xserver.enable = true; + + # Enable the GNOME Desktop Environment. + services.xserver.displayManager.gdm.enable = true; + services.xserver.desktopManager.gnome.enable = true; + + # Configure keymap in X11 + services.xserver.xkb = { + layout = "us"; + variant = ""; + }; + + # Enable CUPS to print documents. + services.printing.enable = true; + + # Enable sound with pipewire. + hardware.pulseaudio.enable = false; + security.rtkit.enable = true; + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + # If you want to use JACK applications, uncomment this + #jack.enable = true; + + # use the example session manager (no others are packaged yet so this is enabled by default, + # no need to redefine it in your config for now) + #media-session.enable = true; + }; + + # Enable touchpad support (enabled default in most desktopManager). + # services.xserver.libinput.enable = true; + + # Define a user account. Don't forget to set a password with ‘passwd’. + users.users.das = { + isNormalUser = true; + description = "das"; + extraGroups = [ "networkmanager" "wheel" ]; + packages = with pkgs; [ + # thunderbird + ]; + }; + + # Install firefox. + programs.firefox.enable = true; + + # Allow unfree packages + nixpkgs.config.allowUnfree = true; + + # List packages installed in system profile. To search, run: + # $ nix search wget + environment.systemPackages = with pkgs; [ + # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. + # wget + ]; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.mtr.enable = true; + # programs.gnupg.agent = { + # enable = true; + # enableSSHSupport = true; + # }; + + # List services that you want to enable: + + # Enable the OpenSSH daemon. + services.openssh.enable = true; + + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "24.11"; # Did you read the comment? + +} diff --git a/desktop/old.l/original.hardware-configuration.nix b/desktop/old.l/original.hardware-configuration.nix new file mode 100644 index 0000000..6608cdd --- /dev/null +++ b/desktop/old.l/original.hardware-configuration.nix @@ -0,0 +1,42 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/8722e7a6-a625-407f-9b1f-839bb52e7f8d"; + fsType = "ext4"; + }; + + boot.initrd.luks.devices."luks-67cf4e90-444f-4056-91a8-446fd6c42b09".device = "/dev/disk/by-uuid/67cf4e90-444f-4056-91a8-446fd6c42b09"; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/F732-675E"; + fsType = "vfat"; + options = [ "fmask=0077" "dmask=0077" ]; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/d762bfcb-e63b-47ad-ab8b-369c47e79833"; } + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/desktop/old.l/prometheus.nix b/desktop/old.l/prometheus.nix new file mode 100644 index 0000000..24eabca --- /dev/null +++ b/desktop/old.l/prometheus.nix @@ -0,0 +1,70 @@ +{ config, pkgs, ... }: +{ + # https://wiki.nixos.org/wiki/Prometheus + # https://nixos.org/manual/nixos/stable/#module-services-prometheus-exporters-configuration + # https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/services/monitoring/prometheus/default.nix + # default port 9090 + services.prometheus = { + enable = true; + globalConfig.scrape_interval = "10s"; # "1m" + scrapeConfigs = [ + { + job_name = "node"; + static_configs = [{ + targets = [ "localhost:${toString config.services.prometheus.exporters.node.port}" ]; + }]; + } + { + job_name = "xtcp"; + static_configs = [{ + targets = [ "localhost:9088" ]; + }]; + } + { + job_name = "hp1_xtcp"; + static_configs = [{ + targets = [ "hp1:9088" ]; + }]; + } + { + job_name = "clickhouse"; + static_configs = [{ + #targets = [ "localhost:9363" ]; + targets = [ "localhost:19363" ]; + }]; + } + { + job_name = "hp1"; + static_configs = [{ + targets = [ "hp1:${toString config.services.prometheus.exporters.node.port}" ]; + }]; + } + { + job_name = "hp1_clickhouse"; + static_configs = [{ + #targets = [ "localhost:9363" ]; + targets = [ "hp1:19363" ]; + }]; + } + { + job_name = "hp2"; + static_configs = [{ + targets = [ "hp2:${toString config.services.prometheus.exporters.node.port}" ]; + }]; + } + { + job_name = "hp2_clickhouse"; + static_configs = [{ + #targets = [ "localhost:9363" ]; + targets = [ "hp2:19363" ]; + }]; + } + #{ + # job_name = "chromebox1"; + # static_configs = [{ + # targets = [ "172.16.40.179:9105" ]; + # }]; + #} + ]; + }; +} \ No newline at end of file diff --git a/desktop/old.l/root.id_ed25519.pub b/desktop/old.l/root.id_ed25519.pub new file mode 100644 index 0000000..4176adb --- /dev/null +++ b/desktop/old.l/root.id_ed25519.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIBUWTELKL25XhSi+le+KNqaeAQvZ4Sh0/+lmRpiJzKn root@l diff --git a/desktop/old.l/root_ssh_config b/desktop/old.l/root_ssh_config new file mode 100644 index 0000000..6bea619 --- /dev/null +++ b/desktop/old.l/root_ssh_config @@ -0,0 +1,21 @@ +host hp4 hp4.home + user remotebuild + IdentityFile ~/.ssh/remotebuild + ServerAliveInterval 10 + Protocol 2 + #UseRoaming no + ForwardAgent yes + # Modern Key Exchange Algorithms (Kex) - Prioritizes Post-Quantum (if available) and Curve25519 + KexAlgorithms sntrup761x25519-sha512@openssh.com,curve25519-sha256@libssh.org,curve25519-sha256,diffie-hellman-group-exchange-sha256 + # Modern Ciphers - Prioritizes ChaCha20 and AES-GCM (Authenticated Encryption) + Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com + # Modern MACs - Prioritizes Encrypt-then-MAC (EtM) modes + MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com + # temp hmac-md5 + #MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-md5 + ControlMaster auto + ControlPath ~/.ssh/master-%r@%h:%p + ControlPersist 10m + Compression yes + Connecttimeout 10 + HashKnownHosts no \ No newline at end of file diff --git a/desktop/old.l/sysctl.nix b/desktop/old.l/sysctl.nix new file mode 100644 index 0000000..de472c7 --- /dev/null +++ b/desktop/old.l/sysctl.nix @@ -0,0 +1,55 @@ +{ config, pkgs, ... }: + +{ + # https://www.kernel.org/doc/html/latest/networking/ip-sysctl.html + # https://www.l4sgear.com/ + boot.kernel.sysctl = { + # detect dead connections more quickly + "net.ipv4.tcp_keepalive_intvl" = 30; + #net.ipv4.tcp_keepalive_intvl = 75 + "net.ipv4.tcp_keepalive_probes" = 4; + #net.ipv4.tcp_keepalive_probes = 9 + "net.ipv4.tcp_keepalive_time" = 120; + #net.ipv4.tcp_keepalive_time = 7200 + # 30 * 4 = 120 seconds. / 60 = 2 minutes + # default: 75 seconds * 9 = 675 seconds. /60 = 11.25 minutes + "net.ipv4.tcp_rmem" = "4096 1000000 16000000"; + "net.ipv4.tcp_wmem" = "4096 1000000 16000000"; + #net.ipv4.tcp_rmem = 4096 131072 6291456 + #net.ipv4.tcp_wmem = 4096 16384 4194304 + # https://github.com/torvalds/linux/blob/master/Documentation/networking/ip-sysctl.rst?plain=1#L1042 + # https://lwn.net/Articles/560082/ + "net.ipv4.tcp_notsent_lowat" = "131072"; + #net.ipv4.tcp_notsent_lowat = 4294967295 + # enable Enable reuse of TIME-WAIT sockets globally + "net.ipv4.tcp_tw_reuse" = 1; + #net.ipv4.tcp_tw_reuse=2 + "net.ipv4.tcp_timestamps" = 1; + "net.ipv4.tcp_ecn" = 1; + "net.core.default_qdisc" = "cake"; + "net.ipv4.tcp_congestion_control" = "cubic"; + #net.ipv4.tcp_congestion_control=bbr + "net.core.rmem_default" = 26214400; + "net.core.rmem_max" = 26214400; + "net.core.wmem_default" = 26214400; + "net.core.wmem_max" = 26214400; + #net.core.optmem_max = 20480 + #net.core.rmem_default = 212992 + #net.core.rmem_max = 212992 + #net.core.wmem_default = 212992 + #net.core.wmem_max = 212992 + "net.ipv4.ip_local_port_range" = "1025 65535"; + #net.ipv4.ip_local_port_range ="32768 60999" + # + #net.ipv4.inet_peer_maxttl = 600 + #net.ipv4.inet_peer_minttl = 120 + #net.ipv4.ip_default_ttl = 64 + # we DO want to save the slow start in the route cache + "net.ipv4.tcp_no_ssthresh_metrics_save" = 0; + #net.ipv4.tcp_no_ssthresh_metrics_save = 1 + "net.ipv4.tcp_reflect_tos" = 1; + #net.ipv4.tcp_reflect_tos = 0 + "net.ipv4.tcp_rto_min_us" = 50000; #50ms + #net.ipv4.tcp_rto_min_us = 200000 #200ms + }; +} \ No newline at end of file diff --git a/desktop/old.l/systemPackages.nix b/desktop/old.l/systemPackages.nix new file mode 100644 index 0000000..c9fa23e --- /dev/null +++ b/desktop/old.l/systemPackages.nix @@ -0,0 +1,47 @@ +{ + config, + pkgs, + ... +}: +{ + # set at flake.nix level + nixpkgs.config.allowUnfree = true; + + # $ nix search wget + environment.systemPackages = with pkgs; [ + # Basic system tools + psmisc + vim + curl + wget + tcpdump + iproute2 + nftables + iptables + pciutils + usbutils + iw + wirelesstools + wpa_supplicant + lldpd + #snmp seems to be needed by lldpd + net-snmp + neofetch + libxml2 # Added for bazel/clang development + + # Wayland support + xwayland + meson + wayland-protocols + wayland-utils + wl-clipboard + + xscreensaver + + clinfo + lact + + # https://wiki.nixos.org/wiki/Flameshot + #(flameshot.override { enableWlrSupport = true; }) + ]; +} diff --git a/desktop/old.l/wireless_desktop.nix b/desktop/old.l/wireless_desktop.nix new file mode 100644 index 0000000..c8f4a68 --- /dev/null +++ b/desktop/old.l/wireless_desktop.nix @@ -0,0 +1,20 @@ +{ config, pkgs, ... }: + +{ + # networking.proxy.default = "http://user:password@proxy:port/"; + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + + networking = { + networkmanager = { + enable = true; + #wifi.powersave = true; + wifi.powersave = false; + }; + }; + + #networking.hosts = { + # "172.16.50.216" = ["hp0"]; + # "172.16.40.35" = ["hp1"]; + # "172.16.40.71" = ["hp2"]; + #}; +} \ No newline at end of file From 27b5c246c299e138f5988abdd910278c3d79e5b9 Mon Sep 17 00:00:00 2001 From: "randomizedcoder dave.seddon.ca@gmail.com" Date: Sat, 14 Jun 2025 20:32:59 -0700 Subject: [PATCH 12/25] l2 --- desktop/l2/Makefile | 2 +- desktop/l2/configuration.nix | 2 +- hp/hp4/remote-builder.nix | 24 ++++++++++++++++++++++-- 3 files changed, 24 insertions(+), 4 deletions(-) diff --git a/desktop/l2/Makefile b/desktop/l2/Makefile index 3a40b24..d03e982 100644 --- a/desktop/l2/Makefile +++ b/desktop/l2/Makefile @@ -19,7 +19,7 @@ rebuild: sudo nixos-rebuild switch --flake . rebuild_t: - sudo nixos-rebuild switch --flake .#t + sudo nixos-rebuild switch --flake .#l2 #https://nixos.org/manual/nixos/unstable/index.html#sec-nix-network-issues #nixos-rebuild switch --option binary-caches http://my-cache.example.org/ diff --git a/desktop/l2/configuration.nix b/desktop/l2/configuration.nix index 4bc55c8..0afe5e3 100644 --- a/desktop/l2/configuration.nix +++ b/desktop/l2/configuration.nix @@ -125,7 +125,7 @@ }; # https://nixos.wiki/wiki/Networking - networking.hostName = "l"; + networking.hostName = "l2"; time.timeZone = "America/Los_Angeles"; diff --git a/hp/hp4/remote-builder.nix b/hp/hp4/remote-builder.nix index aec585c..98c19e5 100644 --- a/hp/hp4/remote-builder.nix +++ b/hp/hp4/remote-builder.nix @@ -15,10 +15,30 @@ openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINjiY/MIQUyp58JXt+fuy1mQWCZfFhbYoRK6jJN5ZxeV root@t" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMO7liZykpeI/ggPRBXQswdLAZWNWj+h8QA3hzQLi0ai das@hp1" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIBUWTELKL25XhSi+le+KNqaeAQvZ4Sh0/+lmRpiJzKn root@l" ]; }; users.groups.remotebuild = {}; - nix.settings.trusted-users = [ "remotebuild" ]; -} \ No newline at end of file + # https://nix.dev/tutorials/nixos/distributed-builds-setup.html#optimise-the-remote-builder-configuration + # nix.settings.trusted-users = [ "remotebuild" ]; + nix = { + nrBuildUsers = 64; + settings = { + trusted-users = [ "remotebuild" ]; + + min-free = 10 * 1024 * 1024; + max-free = 200 * 1024 * 1024; + + max-jobs = "auto"; + cores = 0; + }; + }; + + systemd.services.nix-daemon.serviceConfig = { + MemoryAccounting = true; + MemoryMax = "90%"; + OOMScoreAdjust = 500; + }; +} From 5d74a921c746d54eb13208900e4b6e146179d684 Mon Sep 17 00:00:00 2001 From: "randomizedcoder dave.seddon.ca@gmail.com" Date: Tue, 17 Jun 2025 11:46:17 -0700 Subject: [PATCH 13/25] remove remote builds --- desktop/l/home.nix | 3 +++ desktop/l2/configuration.nix | 7 ++++++- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/desktop/l/home.nix b/desktop/l/home.nix index 30ad06f..e02e4e3 100644 --- a/desktop/l/home.nix +++ b/desktop/l/home.nix @@ -658,6 +658,9 @@ #silly cmatrix sl + vectoroids # game + # https://feralinteractive.github.io/gamemode/ + # sameboy #gpu monitoring lact diff --git a/desktop/l2/configuration.nix b/desktop/l2/configuration.nix index 0afe5e3..5d44e51 100644 --- a/desktop/l2/configuration.nix +++ b/desktop/l2/configuration.nix @@ -39,7 +39,7 @@ #./docker-compose.nix ./docker-daemon.nix #./smokeping.nix - ./distributed-builds.nix + #./distributed-builds.nix ./hyprland.nix ]; @@ -115,6 +115,11 @@ auto-optimise-store = true; experimental-features = [ "nix-command" "flakes" ]; download-buffer-size = "500000000"; + # https://nix.dev/manual/nix/2.28/command-ref/conf-file#conf-max-jobs + max-jobs = 12; # default = 1. Setting this to 1/2 my cores + http-connections = 100; # default 25 + # https://nix.dev/manual/nix/2.28/command-ref/conf-file#conf-max-substitution-jobs + max-substitution-jobs = 64; # default 16 }; gc = { automatic = true; # Enable automatic execution of the task From 1e14ebf190779b68bd73d7235875483bb732c5d8 Mon Sep 17 00:00:00 2001 From: "randomizedcoder dave.seddon.ca@gmail.com" Date: Fri, 20 Jun 2025 21:45:20 -0700 Subject: [PATCH 14/25] l2 hostapd.nix --- desktop/l/home.nix | 2 + desktop/l2/Makefile | 4 ++ desktop/l2/configuration.nix | 1 + desktop/l2/hostapd.nix | 82 ++++++++++++++++++++++++++++++++++++ 4 files changed, 89 insertions(+) create mode 100644 desktop/l2/hostapd.nix diff --git a/desktop/l/home.nix b/desktop/l/home.nix index e02e4e3..3e14be7 100644 --- a/desktop/l/home.nix +++ b/desktop/l/home.nix @@ -395,6 +395,8 @@ #cmake pkg-config + gdb + # Scripting/Utils perl #3.12.8 on 12th of Feb 2025 diff --git a/desktop/l2/Makefile b/desktop/l2/Makefile index d03e982..368f8dc 100644 --- a/desktop/l2/Makefile +++ b/desktop/l2/Makefile @@ -33,6 +33,10 @@ rebuild_trace: update: sudo nix flake update; +sync: + rsync -av /home/das/nixos/desktop/"${EXPECTED_HOSTNAME}"/ "${EXPECTED_HOSTNAME}":/home/das/nixos/desktop/"${EXPECTED_HOSTNAME}"/ + #rsync -av /home/das/nixos/modules/ hp1:/home/das/nixos/modules/ + rebuild_old: # sudo cp ./flake.nix /etc/nixos/ # sudo cp ./flake.lock /etc/nixos/ diff --git a/desktop/l2/configuration.nix b/desktop/l2/configuration.nix index 5d44e51..7b510c3 100644 --- a/desktop/l2/configuration.nix +++ b/desktop/l2/configuration.nix @@ -41,6 +41,7 @@ #./smokeping.nix #./distributed-builds.nix ./hyprland.nix + ./hostapd.nix ]; boot = { diff --git a/desktop/l2/hostapd.nix b/desktop/l2/hostapd.nix new file mode 100644 index 0000000..96ea97f --- /dev/null +++ b/desktop/l2/hostapd.nix @@ -0,0 +1,82 @@ +# +# hostapd.nix +# + +{ config, pkgs, ... }: + +let + interface1 = "wlp35s0"; # e.g. 2.4GHz channel 6 + interface2 = "wlp65s0"; # e.g. 5GHz channel 100 + interface3 = "wlp70s0"; # e.g. 5GHz channel 149 + + commonHostapdSettings = '' + ssid=myssid + wpa=2 + wpa_key_mgmt=SAE + rsn_pairwise=CCMP + sae_require_mfp=1 + ieee80211w=2 + ieee80211n=1 + ieee80211ac=1 + ieee80211ax=1 + wmm_enabled=1 + + # WMM tuning for Best Effort (AC_BE) + wmm_ac_be_aifs=1 + wmm_ac_be_cwmin=4 + wmm_ac_be_cwmax=4 + wmm_ac_be_txop_limit=32 + wmm_ac_be_acm=0 + + # 802.11r (Fast BSS Transition) + ieee80211r=1 + mobility_domain=4f57 + ft_over_ds=1 + ft_psk_generate_local=1 + nas_identifier=myssid-ap + ''; +in +{ + services.hostapd = { + enable = true; + radios = { + "${interface1}" = { + config = pkgs.writeText "hostapd-1.conf" ('' + interface=${interface1} + hw_mode=g + channel=6 + ${commonHostapdSettings} + ''); + }; + "${interface2}" = { + config = pkgs.writeText "hostapd-2.conf" ('' + interface=${interface2} + hw_mode=a + channel=100 + ${commonHostapdSettings} + ''); + }; + "${interface3}" = { + config = pkgs.writeText "hostapd-3.conf" ('' + interface=${interface3} + hw_mode=a + channel=149 + ${commonHostapdSettings} + ''); + }; + }; + }; + + # Disable DHCP on all interfaces, use static IP or bridge later + networking.interfaces.${interface1}.useDHCP = false; + networking.interfaces.${interface2}.useDHCP = false; + networking.interfaces.${interface3}.useDHCP = false; + + networking.interfaces.${interface1}.ipv4.addresses = [ { address = "192.168.30.1"; prefixLength = 24; } ]; + networking.interfaces.${interface2}.ipv4.addresses = [ { address = "192.168.31.1"; prefixLength = 24; } ]; + networking.interfaces.${interface3}.ipv4.addresses = [ { address = "192.168.32.1"; prefixLength = 24; } ]; + + networking.firewall.enable = true; + networking.nat.enable = true; + networking.nat.externalInterface = "enp1s0"; +} From e93e3e8872c16a793df32109429e09cdd48ebd16 Mon Sep 17 00:00:00 2001 From: "randomizedcoder dave.seddon.ca@gmail.com" Date: Sun, 22 Jun 2025 11:34:15 -0700 Subject: [PATCH 15/25] hostapd basic --- desktop/l/hosts.nix | 23 +++--- desktop/l2/Makefile | 3 +- desktop/l2/flake.nix | 13 ++- desktop/l2/hostapd-80211r.nix | 27 +++++++ desktop/l2/hostapd.nix | 148 ++++++++++++++++++---------------- desktop/l2/hostapd.notes | 129 +++++++++++++++++++++++++++++ desktop/l2/hosts.nix | 23 +++--- desktop/l2/systemPackages.nix | 2 + 8 files changed, 274 insertions(+), 94 deletions(-) create mode 100644 desktop/l2/hostapd-80211r.nix create mode 100644 desktop/l2/hostapd.notes diff --git a/desktop/l/hosts.nix b/desktop/l/hosts.nix index 3af6575..ae89d39 100644 --- a/desktop/l/hosts.nix +++ b/desktop/l/hosts.nix @@ -2,16 +2,17 @@ { networking.hosts = { - "172.16.40.198" = ["hp0" "hp0eth"]; # adi's room - "172.16.40.141" = ["hp0wifi"]; - "172.16.40.142" = ["hp1" "hp1eth"]; - "172.16.40.212" = ["hp2" "hp2eth"]; - "172.16.40.146" = ["hp3" "hp3eth"]; # savi's room - "172.16.40.130" = ["hp3wifi"]; - "172.16.50.232" = ["hp4" "hp4eth"]; # rack - "172.16.40.70" = ["hp5" "hp5eth"]; - "172.16.40.122" = ["pi5-1" "pi5-1-eth"]; - "172.16.40.62" = ["chromebox3" "chromebox3-eth"]; - "127.0.0.1" = ["redpanda-0"]; + "172.16.40.198" = [ "hp0" "hp0eth" ]; # adi's room + "172.16.40.141" = [ "hp0wifi" ]; + "172.16.40.142" = [ "hp1" "hp1eth" ]; + "172.16.40.212" = [ "hp2" "hp2eth" ]; + "172.16.40.146" = [ "hp3" "hp3eth" ]; # savi's room + "172.16.40.130" = [ "hp3wifi" ]; + "172.16.50.232" = [ "hp4" "hp4eth" ]; # rack + "172.16.40.70" = [ "hp5" "hp5eth" ]; + "172.16.40.122" = [ "pi5-1" "pi5-1-eth" ]; + "172.16.40.62" = [ "chromebox3" "chromebox3-eth" ]; + "172.16.40.46" = [ "l2" ]; + "127.0.0.1" = ["redpanda-0" ]; }; } \ No newline at end of file diff --git a/desktop/l2/Makefile b/desktop/l2/Makefile index 368f8dc..da37477 100644 --- a/desktop/l2/Makefile +++ b/desktop/l2/Makefile @@ -34,8 +34,7 @@ update: sudo nix flake update; sync: - rsync -av /home/das/nixos/desktop/"${EXPECTED_HOSTNAME}"/ "${EXPECTED_HOSTNAME}":/home/das/nixos/desktop/"${EXPECTED_HOSTNAME}"/ - #rsync -av /home/das/nixos/modules/ hp1:/home/das/nixos/modules/ + rsync -avz /home/das/nixos/ "${EXPECTED_HOSTNAME}":/home/das/nixos/ rebuild_old: # sudo cp ./flake.nix /etc/nixos/ diff --git a/desktop/l2/flake.nix b/desktop/l2/flake.nix index 021c620..0ce737a 100644 --- a/desktop/l2/flake.nix +++ b/desktop/l2/flake.nix @@ -21,8 +21,13 @@ outputs = { self, nixpkgs, home-manager, hyprland, ... }: let system = "x86_64-linux"; + overlays = [ + (final: prev: { + hostapd = import ./hostapd-80211r.nix { pkgs = prev; }; + }) + ]; pkgs = import nixpkgs { - inherit system; + inherit system overlays; config = { allowUnfree = true; allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ @@ -35,6 +40,7 @@ ]; }; }; + lib = nixpkgs.lib; in { nixosConfigurations = { @@ -63,5 +69,10 @@ ]; }; }; + packages = { + x86_64-linux = { + hostapd = pkgs.hostapd; + }; + }; }; } diff --git a/desktop/l2/hostapd-80211r.nix b/desktop/l2/hostapd-80211r.nix new file mode 100644 index 0000000..02f7744 --- /dev/null +++ b/desktop/l2/hostapd-80211r.nix @@ -0,0 +1,27 @@ +# +# hostapd-80211r.nix +# + +{ pkgs ? import {} }: + +pkgs.hostapd.override { + extraConfig = '' + CONFIG_DRIVER_NL80211=y + CONFIG_IEEE80211R=y + CONFIG_IEEE80211W=y + CONFIG_IEEE80211N=y + CONFIG_IEEE80211AC=y + CONFIG_IEEE80211AX=y + CONFIG_ACS=y + CONFIG_SAE=y + CONFIG_FULL_DYNAMIC_VLAN=y + CONFIG_VLAN_NETLINK=y + CONFIG_RADIUS_SERVER=y + CONFIG_HS20=y + CONFIG_WNM=y + CONFIG_MBO=y + CONFIG_FST=y + CONFIG_FST_TEST=y + CONFIG_CTRL_IFACE=y + ''; +} diff --git a/desktop/l2/hostapd.nix b/desktop/l2/hostapd.nix index 96ea97f..9f5a13e 100644 --- a/desktop/l2/hostapd.nix +++ b/desktop/l2/hostapd.nix @@ -2,81 +2,91 @@ # hostapd.nix # -{ config, pkgs, ... }: +# +# NOT using service.hostapd, because it has limited configuration capabilities +# https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/networking/hostapd.nix +# +# Using custom systemd services to run hostapd per interface +# +# systemctl status hostapd-wlp35s0 +# systemctl status hostapd-wlp65s0 +# systemctl status hostapd-wlp70s0 +# +# nix pkgs source +# https://github.com/NixOS/nixpkgs/blob/master/pkgs/by-name/ho/hostapd/package.nix +# https://w1.fi/hostapd/ +# https://github.com/latelee/hostapd +# +# Giant NixPkgs PR: https://github.com/NixOS/nixpkgs/pull/222536 +# +# +{ config, pkgs, lib, ... }: let - interface1 = "wlp35s0"; # e.g. 2.4GHz channel 6 - interface2 = "wlp65s0"; # e.g. 5GHz channel 100 - interface3 = "wlp70s0"; # e.g. 5GHz channel 149 + radios = { + wlp35s0 = { + channel = 6; + hwMode = "g"; + }; + wlp65s0 = { + channel = 100; + hwMode = "a"; + }; + wlp70s0 = { + channel = 149; + hwMode = "a"; + }; + }; - commonHostapdSettings = '' - ssid=myssid - wpa=2 - wpa_key_mgmt=SAE - rsn_pairwise=CCMP - sae_require_mfp=1 - ieee80211w=2 - ieee80211n=1 - ieee80211ac=1 - ieee80211ax=1 - wmm_enabled=1 + mkHostapdConf = iface: cfg: - # WMM tuning for Best Effort (AC_BE) - wmm_ac_be_aifs=1 - wmm_ac_be_cwmin=4 - wmm_ac_be_cwmax=4 - wmm_ac_be_txop_limit=32 - wmm_ac_be_acm=0 + pkgs.writeText "hostapd-${iface}.conf" '' + driver=nl80211 + ssid=myssid + hw_mode=${cfg.hwMode} + channel=${toString cfg.channel} + ctrl_interface=/run/hostapd-${iface} + ctrl_interface_group=0 - # 802.11r (Fast BSS Transition) - ieee80211r=1 - mobility_domain=4f57 - ft_over_ds=1 - ft_psk_generate_local=1 - nas_identifier=myssid-ap - ''; -in -{ - services.hostapd = { - enable = true; - radios = { - "${interface1}" = { - config = pkgs.writeText "hostapd-1.conf" ('' - interface=${interface1} - hw_mode=g - channel=6 - ${commonHostapdSettings} - ''); - }; - "${interface2}" = { - config = pkgs.writeText "hostapd-2.conf" ('' - interface=${interface2} - hw_mode=a - channel=100 - ${commonHostapdSettings} - ''); - }; - "${interface3}" = { - config = pkgs.writeText "hostapd-3.conf" ('' - interface=${interface3} - hw_mode=a - channel=149 - ${commonHostapdSettings} - ''); - }; - }; - }; + # WPA3 (SAE) configuration + wpa=2 + wpa_key_mgmt=SAE + rsn_pairwise=CCMP + sae_require_mfp=1 + ieee80211w=2 + wpa_passphrase=mysecurepassword - # Disable DHCP on all interfaces, use static IP or bridge later - networking.interfaces.${interface1}.useDHCP = false; - networking.interfaces.${interface2}.useDHCP = false; - networking.interfaces.${interface3}.useDHCP = false; + # Enable 802.11n/ac/ax + ieee80211n=1 + ieee80211ac=1 + ieee80211ax=1 - networking.interfaces.${interface1}.ipv4.addresses = [ { address = "192.168.30.1"; prefixLength = 24; } ]; - networking.interfaces.${interface2}.ipv4.addresses = [ { address = "192.168.31.1"; prefixLength = 24; } ]; - networking.interfaces.${interface3}.ipv4.addresses = [ { address = "192.168.32.1"; prefixLength = 24; } ]; + wmm_enabled=1 - networking.firewall.enable = true; - networking.nat.enable = true; - networking.nat.externalInterface = "enp1s0"; + # Optional WMM tuning + wmm_ac_be_aifs=1 + wmm_ac_be_cwmin=4 + wmm_ac_be_cwmax=4 + wmm_ac_be_txop_limit=32 + wmm_ac_be_acm=0 + ''; + + hostapdConfigs = lib.mapAttrs (iface: cfg: mkHostapdConf iface cfg) radios; + +in { + systemd.services = lib.mapAttrs' (iface: confPath: { + name = "hostapd-${iface}"; + value = { + description = "Hostapd on ${iface}"; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + serviceConfig = { + ExecStart = "${pkgs.hostapd}/bin/hostapd -i ${iface} ${confPath}"; + Restart = "on-failure"; + RuntimeDirectory = "hostapd-${iface}"; + }; + }; + }) hostapdConfigs; } + +# end \ No newline at end of file diff --git a/desktop/l2/hostapd.notes b/desktop/l2/hostapd.notes new file mode 100644 index 0000000..fb8545c --- /dev/null +++ b/desktop/l2/hostapd.notes @@ -0,0 +1,129 @@ +# +# hostapd.nix +# + +# +# NOT using service.hostapd, because it has limited configuration capabilities +# https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/networking/hostapd.nix +# +# Using custom systemd services to run hostapd per interface +# +# systemctl status hostapd-wlp35s0 +# systemctl status hostapd-wlp65s0 +# systemctl status hostapd-wlp70s0 +# +# nix pkgs source +# https://github.com/NixOS/nixpkgs/blob/master/pkgs/by-name/ho/hostapd/package.nix +# https://w1.fi/hostapd/ +# https://github.com/latelee/hostapd +# +{ config, pkgs, lib, ... }: + +let + radios = { + wlp35s0 = { + channel = 6; + hwMode = "g"; + mac = "8E:37:6C:2E:40:FA"; + }; + wlp65s0 = { + channel = 100; + hwMode = "a"; + mac = "F6:FB:A4:06:06:82"; + }; + wlp70s0 = { + channel = 149; + hwMode = "a"; + mac = "AA:72:0E:90:28:4A"; + }; + }; + + # # 🔐 Secure unique R1KH keys per destination MAC + # r1khSecrets = { + # "8E:37:6C:2E:40:FA" = "fdeadbeef00000000000000000000001"; + # "F6:FB:A4:06:06:82" = "cafef00dbabe00000000000000000002"; + # "AA:72:0E:90:28:4A" = "facefeedfeed00000000000000000003"; + # }; + + # normalizeMac = mac: builtins.replaceStrings [":"] + # [""] (lib.strings.toLower mac); + + # safeNASID = mac: "ap-${normalizeMac mac}"; + + # r0khLines = lib.concatStringsSep "\n" ( + # lib.mapAttrsToList (_iface: cfg: + # let mac = normalizeMac cfg.mac; + # in "r0kh=${normalizeMac peer.mac},${safeNASID peer.mac},${r1khSecrets.${peer.mac}}" + # ) radios + # ); + + # mkHostapdConf = iface: cfg: let + # r1khLines = lib.concatStringsSep "\n" ( + # lib.mapAttrsToList (_peerIface: peerCfg: + # if peerCfg.mac != cfg.mac then + # "r1kh=${normalizeMac peerCfg.mac},${r1khSecrets.${peerCfg.mac}}" + # else + # "" + # ) radios + # ); + #\${r0khLines} + #\${r1khLines} + + in + pkgs.writeText "hostapd-${iface}.conf" '' + driver=nl80211 + ssid=myssid + hw_mode=${cfg.hwMode} + channel=${toString cfg.channel} + ctrl_interface=/run/hostapd-${iface} + ctrl_interface_group=0 + + wpa=2 + wpa_key_mgmt=SAE + rsn_pairwise=CCMP + sae_require_mfp=1 + ieee80211w=2 + ieee80211n=1 + ieee80211ac=1 + ieee80211ax=1 + wmm_enabled=1 + + # Fast BSS Transition with push mode + #ieee80211r=1 + pmk_r1_push=1 + mobility_domain=4f57 + ft_over_ds=1 + ft_psk_generate_local=1 + nas_identifier=myssid-ap + + #r0khLines + #r1khLines + + # WMM tuning + wmm_ac_be_aifs=1 + wmm_ac_be_cwmin=4 + wmm_ac_be_cwmax=4 + wmm_ac_be_txop_limit=32 + wmm_ac_be_acm=0 + ''; + + hostapdConfigs = lib.mapAttrs (iface: cfg: mkHostapdConf iface cfg) radios; + +in { + systemd.services = lib.mapAttrs' (iface: confPath: { + name = "hostapd-${iface}"; + value = { + description = "Hostapd on ${iface}"; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + serviceConfig = { + ExecStart = "${pkgs.hostapd}/bin/hostapd -i ${iface} ${confPath}"; + Restart = "on-failure"; + RuntimeDirectory = "hostapd-${iface}"; + }; + }; + }) hostapdConfigs; +} + + +# end \ No newline at end of file diff --git a/desktop/l2/hosts.nix b/desktop/l2/hosts.nix index 3af6575..ae89d39 100644 --- a/desktop/l2/hosts.nix +++ b/desktop/l2/hosts.nix @@ -2,16 +2,17 @@ { networking.hosts = { - "172.16.40.198" = ["hp0" "hp0eth"]; # adi's room - "172.16.40.141" = ["hp0wifi"]; - "172.16.40.142" = ["hp1" "hp1eth"]; - "172.16.40.212" = ["hp2" "hp2eth"]; - "172.16.40.146" = ["hp3" "hp3eth"]; # savi's room - "172.16.40.130" = ["hp3wifi"]; - "172.16.50.232" = ["hp4" "hp4eth"]; # rack - "172.16.40.70" = ["hp5" "hp5eth"]; - "172.16.40.122" = ["pi5-1" "pi5-1-eth"]; - "172.16.40.62" = ["chromebox3" "chromebox3-eth"]; - "127.0.0.1" = ["redpanda-0"]; + "172.16.40.198" = [ "hp0" "hp0eth" ]; # adi's room + "172.16.40.141" = [ "hp0wifi" ]; + "172.16.40.142" = [ "hp1" "hp1eth" ]; + "172.16.40.212" = [ "hp2" "hp2eth" ]; + "172.16.40.146" = [ "hp3" "hp3eth" ]; # savi's room + "172.16.40.130" = [ "hp3wifi" ]; + "172.16.50.232" = [ "hp4" "hp4eth" ]; # rack + "172.16.40.70" = [ "hp5" "hp5eth" ]; + "172.16.40.122" = [ "pi5-1" "pi5-1-eth" ]; + "172.16.40.62" = [ "chromebox3" "chromebox3-eth" ]; + "172.16.40.46" = [ "l2" ]; + "127.0.0.1" = ["redpanda-0" ]; }; } \ No newline at end of file diff --git a/desktop/l2/systemPackages.nix b/desktop/l2/systemPackages.nix index c9fa23e..4fc86de 100644 --- a/desktop/l2/systemPackages.nix +++ b/desktop/l2/systemPackages.nix @@ -41,6 +41,8 @@ clinfo lact + hostapd + # https://wiki.nixos.org/wiki/Flameshot #(flameshot.override { enableWlrSupport = true; }) ]; From 937831b992df13d63b445b5319c4a70ac499c5b8 Mon Sep 17 00:00:00 2001 From: "randomizedcoder dave.seddon.ca@gmail.com" Date: Sun, 22 Jun 2025 11:34:24 -0700 Subject: [PATCH 16/25] basic hostapd --- desktop/l2/flake.nix | 12 +----------- desktop/l2/hostapd-80211r.nix | 27 --------------------------- 2 files changed, 1 insertion(+), 38 deletions(-) delete mode 100644 desktop/l2/hostapd-80211r.nix diff --git a/desktop/l2/flake.nix b/desktop/l2/flake.nix index 0ce737a..789e968 100644 --- a/desktop/l2/flake.nix +++ b/desktop/l2/flake.nix @@ -21,13 +21,8 @@ outputs = { self, nixpkgs, home-manager, hyprland, ... }: let system = "x86_64-linux"; - overlays = [ - (final: prev: { - hostapd = import ./hostapd-80211r.nix { pkgs = prev; }; - }) - ]; pkgs = import nixpkgs { - inherit system overlays; + inherit system; config = { allowUnfree = true; allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ @@ -69,10 +64,5 @@ ]; }; }; - packages = { - x86_64-linux = { - hostapd = pkgs.hostapd; - }; - }; }; } diff --git a/desktop/l2/hostapd-80211r.nix b/desktop/l2/hostapd-80211r.nix deleted file mode 100644 index 02f7744..0000000 --- a/desktop/l2/hostapd-80211r.nix +++ /dev/null @@ -1,27 +0,0 @@ -# -# hostapd-80211r.nix -# - -{ pkgs ? import {} }: - -pkgs.hostapd.override { - extraConfig = '' - CONFIG_DRIVER_NL80211=y - CONFIG_IEEE80211R=y - CONFIG_IEEE80211W=y - CONFIG_IEEE80211N=y - CONFIG_IEEE80211AC=y - CONFIG_IEEE80211AX=y - CONFIG_ACS=y - CONFIG_SAE=y - CONFIG_FULL_DYNAMIC_VLAN=y - CONFIG_VLAN_NETLINK=y - CONFIG_RADIUS_SERVER=y - CONFIG_HS20=y - CONFIG_WNM=y - CONFIG_MBO=y - CONFIG_FST=y - CONFIG_FST_TEST=y - CONFIG_CTRL_IFACE=y - ''; -} From 207e60a611723658814fa2f7ce0213b109a52b29 Mon Sep 17 00:00:00 2001 From: "randomizedcoder dave.seddon.ca@gmail.com" Date: Mon, 23 Jun 2025 21:29:17 -0700 Subject: [PATCH 17/25] hostapd working with multiple radios --- desktop/l/home.nix | 21 +- desktop/l2/configuration.nix | 89 +-- desktop/l2/home.nix | 1306 ++++++++++++++++----------------- desktop/l2/hostapd-multi.nix | 89 +++ desktop/l2/hostapd.nix | 235 ++++-- desktop/l2/hosts.nix | 2 +- desktop/l2/network.nix.not | 98 +++ desktop/l2/not.hostapd.nix | 173 +++++ desktop/l2/sysctl.nix | 6 + desktop/l2/systemPackages.nix | 1 + 10 files changed, 1258 insertions(+), 762 deletions(-) create mode 100644 desktop/l2/hostapd-multi.nix create mode 100644 desktop/l2/network.nix.not create mode 100644 desktop/l2/not.hostapd.nix diff --git a/desktop/l/home.nix b/desktop/l/home.nix index 3e14be7..58384fc 100644 --- a/desktop/l/home.nix +++ b/desktop/l/home.nix @@ -377,11 +377,28 @@ llvmPackages_20.clang-tools llvmPackages_20.lld + # LLVM C++ Standard Library, compiler runtime, and unwind library + llvmPackages_20.stdenv + llvmPackages_20.libcxxStdenv + llvmPackages_20.libcxxClang + llvmPackages_20.libcxx # Provides libc++.so, libc++.a (libraries) + llvmPackages_20.libcxx.dev # Provides C++ headers + # do NOT include llvm.libc-full, because it will override glibc + #llvm.libc-full + llvmPackages_20.compiler-rt # Provides libclang_rt.builtins*.a + llvmPackages_20.compiler-rt.dev # Provides libclang_rt headers + llvmPackages_20.libunwind # Provides libunwind for exception handling + llvmPackages_20.libunwind.dev # Provides libunwind headers + + libclang libclang.dev libclang.lib + # Essential development libraries (minimal headers) - glibc.dev + glibc glibc.dev glibc.static + libgcc libgcc.lib + gcc-unwrapped gcc-unwrapped.lib gcc-unwrapped.libgcc stdenv.cc.cc.lib zlib.dev - openssl.dev + openssl openssl.dev openssl.out ncurses.dev libyaml.dev diff --git a/desktop/l2/configuration.nix b/desktop/l2/configuration.nix index 7b510c3..0781370 100644 --- a/desktop/l2/configuration.nix +++ b/desktop/l2/configuration.nix @@ -24,7 +24,7 @@ ./hardware-configuration.nix #./hardware-graphics.nix ./sysctl.nix - ./wireless_desktop.nix + #./wireless_desktop.nix ./locale.nix ./hosts.nix ./firewall.nix @@ -40,8 +40,9 @@ ./docker-daemon.nix #./smokeping.nix #./distributed-builds.nix - ./hyprland.nix - ./hostapd.nix + #./hyprland.nix + #./hostapd.nix + ./hostapd-multi.nix ]; boot = { @@ -141,16 +142,16 @@ # # https://nixos.wiki/wiki/NixOS_Wiki:Audio # services.pulseaudio.enable = false; # Use Pipewire, the modern sound subsystem - security.rtkit.enable = true; # Enable RealtimeKit for audio purposes + # security.rtkit.enable = true; # Enable RealtimeKit for audio purposes - services.pipewire = { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - # Uncomment the following line if you want to use JACK applications - # jack.enable = true; - }; + # services.pipewire = { + # enable = true; + # alsa.enable = true; + # alsa.support32Bit = true; + # pulse.enable = true; + # # Uncomment the following line if you want to use JACK applications + # # jack.enable = true; + # }; services.openssh.enable = true; programs.ssh.extraConfig = '' @@ -176,7 +177,7 @@ # services.libinput.enable = true; # https://nixos.wiki/wiki/Printing - services.printing.enable = true; + #services.printing.enable = true; # https://wiki.nixos.org/wiki/Flameshot # services.flameshot = { @@ -222,39 +223,39 @@ enableSSHSupport = true; }; - hardware.graphics = { - enable = true; # auto includes mesa - package = pkgs.mesa; - extraPackages = with pkgs; [ - libglvnd - libva-vdpau-driver - libvdpau-va-gl - rocmPackages.clr.icd - ]; - }; - services.xserver = { - enable = true; - videoDrivers = [ "amdgpu" ]; - xkb = { - layout = "us"; - variant = ""; - }; - }; + # hardware.graphics = { + # enable = true; # auto includes mesa + # package = pkgs.mesa; + # extraPackages = with pkgs; [ + # libglvnd + # libva-vdpau-driver + # libvdpau-va-gl + # rocmPackages.clr.icd + # ]; + # }; + # services.xserver = { + # enable = true; + # videoDrivers = [ "amdgpu" ]; + # xkb = { + # layout = "us"; + # variant = ""; + # }; + # }; - services.desktopManager.gnome.enable = true; - services.displayManager.gdm.enable = true; + # services.desktopManager.gnome.enable = true; + # services.displayManager.gdm.enable = true; - # https://nixos.wiki/wiki/AMD_GPU - systemd.tmpfiles.rules = [ - "L+ /opt/rocm/hip - - - - ${pkgs.rocmPackages.clr}" - ]; - systemd.services.lactd.wantedBy = [ "multi-user.target" ]; + # # https://nixos.wiki/wiki/AMD_GPU + # systemd.tmpfiles.rules = [ + # "L+ /opt/rocm/hip - - - - ${pkgs.rocmPackages.clr}" + # ]; + # systemd.services.lactd.wantedBy = [ "multi-user.target" ]; - xdg.portal = { - enable = true; - extraPortals = with pkgs; [ xdg-desktop-portal-gtk ]; - config.common.default = "gtk"; - }; + # xdg.portal = { + # enable = true; + # extraPortals = with pkgs; [ xdg-desktop-portal-gtk ]; + # config.common.default = "gtk"; + # }; # # https://wiki.hyprland.org/Nix/Hyprland-on-NixOS/ # programs.hyprland = { @@ -286,7 +287,7 @@ # https://nixos.wiki/wiki/Virt-manager virtualisation.libvirtd.enable = true; - programs.virt-manager.enable = true; + #programs.virt-manager.enable = true; virtualisation.spiceUSBRedirection.enable = true; virtualisation.containers = { diff --git a/desktop/l2/home.nix b/desktop/l2/home.nix index 30ad06f..8459949 100644 --- a/desktop/l2/home.nix +++ b/desktop/l2/home.nix @@ -10,314 +10,314 @@ hyprland.homeManagerModules.default ]; - # Hyprland window manager configuration - wayland.windowManager.hyprland = { - enable = true; - xwayland.enable = true; - extraConfig = '' - # Monitor configuration - monitor=,preferred,auto,1 - - # Execute-once startup commands - exec-once = waybar - exec-once = swaybg -i ~/.config/hypr/wallpaper.jpg - exec-once = hypridle - exec-once = wl-paste --type text --watch cliphist store - exec-once = wl-paste --type image --watch cliphist store - - # Input configuration - input { - kb_layout = us - kb_variant = - kb_model = - kb_options = - kb_rules = - - follow_mouse = 1 - touchpad { - natural_scroll = true - scroll_factor = 0.3 - } - sensitivity = 0 # -1.0 - 1.0, 0 means no modification. - } - - # General settings - general { - gaps_in = 5 - gaps_out = 10 - border_size = 2 - col.active_border = rgba(33ccffee) rgba(00ff99ee) 45deg - col.inactive_border = rgba(595959aa) - layout = dwindle - no_cursor_warps = true - } - - # Decoration settings - decoration { - rounding = 10 - blur { - enabled = true - size = 3 - passes = 1 - } - drop_shadow = true - shadow_range = 4 - shadow_render_power = 3 - col.shadow = rgba(1a1a1aee) - } - - # Animation settings - animations { - enabled = true - bezier = myBezier, 0.05, 0.9, 0.1, 1.05 - animation = windows, 1, 7, myBezier - animation = windowsOut, 1, 7, default, popin 80% - animation = border, 1, 10, default - animation = borderangle, 1, 8, default - animation = fade, 1, 7, default - animation = workspaces, 1, 6, default - } - - # Layout settings - dwindle { - pseudotile = true - preserve_split = true - } - - # Gesture settings - gestures { - workspace_swipe = true - workspace_swipe_fingers = 3 - } - - # Keybindings - bind = SUPER, Q, killactive, - bind = SUPER, RETURN, exec, ${pkgs.alacritty}/bin/alacritty - bind = SUPER, D, exec, wofi --show drun - bind = SUPER, F, fullscreen - bind = SUPER, H, movefocus, l - bind = SUPER, L, movefocus, r - bind = SUPER, K, movefocus, u - bind = SUPER, J, movefocus, d - bind = SUPER, left, movewindow, l - bind = SUPER, right, movewindow, r - bind = SUPER, up, movewindow, u - bind = SUPER, down, movewindow, d - bind = SUPER SHIFT, H, movewindow, l - bind = SUPER SHIFT, L, movewindow, r - bind = SUPER SHIFT, K, movewindow, u - bind = SUPER SHIFT, J, movewindow, d - bind = SUPER, 1, workspace, 1 - bind = SUPER, 2, workspace, 2 - bind = SUPER, 3, workspace, 3 - bind = SUPER, 4, workspace, 4 - bind = SUPER, 5, workspace, 5 - bind = SUPER, 6, workspace, 6 - bind = SUPER, 7, workspace, 7 - bind = SUPER, 8, workspace, 8 - bind = SUPER, 9, workspace, 9 - bind = SUPER, 0, workspace, 10 - bind = SUPER SHIFT, 1, movetoworkspace, 1 - bind = SUPER SHIFT, 2, movetoworkspace, 2 - bind = SUPER SHIFT, 3, movetoworkspace, 3 - bind = SUPER SHIFT, 4, movetoworkspace, 4 - bind = SUPER SHIFT, 5, movetoworkspace, 5 - bind = SUPER SHIFT, 6, movetoworkspace, 6 - bind = SUPER SHIFT, 7, movetoworkspace, 7 - bind = SUPER SHIFT, 8, movetoworkspace, 8 - bind = SUPER SHIFT, 9, movetoworkspace, 9 - bind = SUPER SHIFT, 0, movetoworkspace, 10 - bind = SUPER, mouse_down, workspace, e+1 - bind = SUPER, mouse_up, workspace, e-1 - bind = SUPER, period, togglespecialworkspace, magic - bind = SUPER SHIFT, period, movetoworkspace, special:magic - bind = SUPER, S, togglesplit, - bind = SUPER, P, pseudo, - bind = SUPER, V, togglefloating, - bind = SUPER, R, exec, wofi --show run - bind = SUPER, Print, exec, grimblast --notify copysave area - bind = SUPER SHIFT, Print, exec, grimblast --notify copysave screen - bind = SUPER, X, exec, wl-clipboard-manager - bind = SUPER, C, exec, cliphist list | wofi --dmenu | cliphist decode | wl-copy - ''; - }; - - # Waybar configuration - programs.waybar = { - enable = true; - settings = { - mainBar = { - layer = "top"; - position = "top"; - height = 30; - spacing = 4; - modules-left = [ - "hyprland/workspaces" - "hyprland/submap" - ]; - modules-center = [ - "hyprland/window" - ]; - modules-right = [ - "pulseaudio" - "network" - "cpu" - "memory" - "battery" - "clock" - ]; - "hyprland/workspaces" = { - format = "{name}"; - on-click = "activate"; - sort-by-number = true; - }; - "hyprland/window" = { - format = "{}"; - separate-outputs = true; - }; - "pulseaudio" = { - format = "{icon} {volume}%"; - format-muted = "🔇"; - format-icons = { - headphone = "🎧"; - handsfree = "📱"; - headset = "🎧"; - phone = "☎️"; - portable = "📱"; - car = "🚗"; - default = ["🔈" "🔉" "🔊"]; - }; - on-click = "pavucontrol"; - }; - "network" = { - format-wifi = "📶 {essid}"; - format-ethernet = "🌐 {ipaddr}/{cidr}"; - format-linked = "🌐 {ifname} (No IP)"; - format-disconnected = "⚠️ Disconnected"; - format-alt = "{ifname}: {ipaddr}/{cidr}"; - }; - "cpu" = { - format = "🖥️ {usage}%"; - tooltip-format = "{usage}% used"; - }; - "memory" = { - format = "🧠 {percentage}%"; - tooltip-format = "{used:0.1f}GB/{total:0.1f}GB used"; - }; - "battery" = { - states = { - warning = 30; - critical = 15; - }; - format = "{icon} {capacity}%"; - format-charging = "⚡ {capacity}%"; - format-plugged = "🔌 {capacity}%"; - format-icons = ["🔋" "🔋" "🔋" "🔋" "🔋"]; - }; - "clock" = { - format = "🕒 {:%H:%M}"; - format-alt = "🕒 {:%Y-%m-%d %H:%M}"; - tooltip-format = "{:%Y %B}\n{calendar}"; - }; - }; - }; - style = '' - * { - border: none; - border-radius: 0; - font-family: "JetBrainsMono Nerd Font"; - font-size: 13px; - font-weight: bold; - min-height: 0; - } - - window#waybar { - background: rgba(21, 18, 27, 0.8); - color: #cdd6f4; - } - - #workspaces button { - padding: 0 5px; - background: transparent; - color: #cdd6f4; - } - - #workspaces button:hover { - background: rgba(0, 0, 0, 0.2); - } - - #workspaces button.active { - background: #7aa2f7; - color: #1e1e2e; - } - - #workspaces button.urgent { - background: #f38ba8; - color: #1e1e2e; - } - - #battery, - #cpu, - #memory, - #network, - #pulseaudio, - #clock { - padding: 0 10px; - margin: 0 5px; - } - - #battery { - color: #a6e3a1; - } - - #battery.warning { - color: #f9e2af; - } - - #battery.critical { - color: #f38ba8; - } - - #network { - color: #89b4fa; - } - - #pulseaudio { - color: #cba6f7; - } - - #cpu { - color: #f5c2e7; - } - - #memory { - color: #fab387; - } - - #clock { - color: #89dceb; - } - ''; - }; - - # Ghostty configuration - programs.ghostty = { - enable = true; - # settings = { - # settings doesn't work - }; - # https://ghostty.zerebos.com/app/import-export - # no scorllback limit - # https://github.com/ghostty-org/ghostty/issues/111 - xdg.configFile."ghostty/config.toml".text = '' - term = xterm-256color - scrollback-limit = 10000001 - image-storage-limit = 320000001 - clipboard-write = allow - window-subtitle = working-directory - background-opacity = 0.91 - background-blur = 20 - ''; + # # Hyprland window manager configuration + # wayland.windowManager.hyprland = { + # enable = true; + # xwayland.enable = true; + # extraConfig = '' + # # Monitor configuration + # monitor=,preferred,auto,1 + + # # Execute-once startup commands + # exec-once = waybar + # exec-once = swaybg -i ~/.config/hypr/wallpaper.jpg + # exec-once = hypridle + # exec-once = wl-paste --type text --watch cliphist store + # exec-once = wl-paste --type image --watch cliphist store + + # # Input configuration + # input { + # kb_layout = us + # kb_variant = + # kb_model = + # kb_options = + # kb_rules = + + # follow_mouse = 1 + # touchpad { + # natural_scroll = true + # scroll_factor = 0.3 + # } + # sensitivity = 0 # -1.0 - 1.0, 0 means no modification. + # } + + # # General settings + # general { + # gaps_in = 5 + # gaps_out = 10 + # border_size = 2 + # col.active_border = rgba(33ccffee) rgba(00ff99ee) 45deg + # col.inactive_border = rgba(595959aa) + # layout = dwindle + # no_cursor_warps = true + # } + + # # Decoration settings + # decoration { + # rounding = 10 + # blur { + # enabled = true + # size = 3 + # passes = 1 + # } + # drop_shadow = true + # shadow_range = 4 + # shadow_render_power = 3 + # col.shadow = rgba(1a1a1aee) + # } + + # # Animation settings + # animations { + # enabled = true + # bezier = myBezier, 0.05, 0.9, 0.1, 1.05 + # animation = windows, 1, 7, myBezier + # animation = windowsOut, 1, 7, default, popin 80% + # animation = border, 1, 10, default + # animation = borderangle, 1, 8, default + # animation = fade, 1, 7, default + # animation = workspaces, 1, 6, default + # } + + # # Layout settings + # dwindle { + # pseudotile = true + # preserve_split = true + # } + + # # Gesture settings + # gestures { + # workspace_swipe = true + # workspace_swipe_fingers = 3 + # } + + # # Keybindings + # bind = SUPER, Q, killactive, + # bind = SUPER, RETURN, exec, ${pkgs.alacritty}/bin/alacritty + # bind = SUPER, D, exec, wofi --show drun + # bind = SUPER, F, fullscreen + # bind = SUPER, H, movefocus, l + # bind = SUPER, L, movefocus, r + # bind = SUPER, K, movefocus, u + # bind = SUPER, J, movefocus, d + # bind = SUPER, left, movewindow, l + # bind = SUPER, right, movewindow, r + # bind = SUPER, up, movewindow, u + # bind = SUPER, down, movewindow, d + # bind = SUPER SHIFT, H, movewindow, l + # bind = SUPER SHIFT, L, movewindow, r + # bind = SUPER SHIFT, K, movewindow, u + # bind = SUPER SHIFT, J, movewindow, d + # bind = SUPER, 1, workspace, 1 + # bind = SUPER, 2, workspace, 2 + # bind = SUPER, 3, workspace, 3 + # bind = SUPER, 4, workspace, 4 + # bind = SUPER, 5, workspace, 5 + # bind = SUPER, 6, workspace, 6 + # bind = SUPER, 7, workspace, 7 + # bind = SUPER, 8, workspace, 8 + # bind = SUPER, 9, workspace, 9 + # bind = SUPER, 0, workspace, 10 + # bind = SUPER SHIFT, 1, movetoworkspace, 1 + # bind = SUPER SHIFT, 2, movetoworkspace, 2 + # bind = SUPER SHIFT, 3, movetoworkspace, 3 + # bind = SUPER SHIFT, 4, movetoworkspace, 4 + # bind = SUPER SHIFT, 5, movetoworkspace, 5 + # bind = SUPER SHIFT, 6, movetoworkspace, 6 + # bind = SUPER SHIFT, 7, movetoworkspace, 7 + # bind = SUPER SHIFT, 8, movetoworkspace, 8 + # bind = SUPER SHIFT, 9, movetoworkspace, 9 + # bind = SUPER SHIFT, 0, movetoworkspace, 10 + # bind = SUPER, mouse_down, workspace, e+1 + # bind = SUPER, mouse_up, workspace, e-1 + # bind = SUPER, period, togglespecialworkspace, magic + # bind = SUPER SHIFT, period, movetoworkspace, special:magic + # bind = SUPER, S, togglesplit, + # bind = SUPER, P, pseudo, + # bind = SUPER, V, togglefloating, + # bind = SUPER, R, exec, wofi --show run + # bind = SUPER, Print, exec, grimblast --notify copysave area + # bind = SUPER SHIFT, Print, exec, grimblast --notify copysave screen + # bind = SUPER, X, exec, wl-clipboard-manager + # bind = SUPER, C, exec, cliphist list | wofi --dmenu | cliphist decode | wl-copy + # ''; + # }; + + # # Waybar configuration + # programs.waybar = { + # enable = true; + # settings = { + # mainBar = { + # layer = "top"; + # position = "top"; + # height = 30; + # spacing = 4; + # modules-left = [ + # "hyprland/workspaces" + # "hyprland/submap" + # ]; + # modules-center = [ + # "hyprland/window" + # ]; + # modules-right = [ + # "pulseaudio" + # "network" + # "cpu" + # "memory" + # "battery" + # "clock" + # ]; + # "hyprland/workspaces" = { + # format = "{name}"; + # on-click = "activate"; + # sort-by-number = true; + # }; + # "hyprland/window" = { + # format = "{}"; + # separate-outputs = true; + # }; + # "pulseaudio" = { + # format = "{icon} {volume}%"; + # format-muted = "🔇"; + # format-icons = { + # headphone = "🎧"; + # handsfree = "📱"; + # headset = "🎧"; + # phone = "☎️"; + # portable = "📱"; + # car = "🚗"; + # default = ["🔈" "🔉" "🔊"]; + # }; + # on-click = "pavucontrol"; + # }; + # "network" = { + # format-wifi = "📶 {essid}"; + # format-ethernet = "🌐 {ipaddr}/{cidr}"; + # format-linked = "🌐 {ifname} (No IP)"; + # format-disconnected = "⚠️ Disconnected"; + # format-alt = "{ifname}: {ipaddr}/{cidr}"; + # }; + # "cpu" = { + # format = "🖥️ {usage}%"; + # tooltip-format = "{usage}% used"; + # }; + # "memory" = { + # format = "🧠 {percentage}%"; + # tooltip-format = "{used:0.1f}GB/{total:0.1f}GB used"; + # }; + # "battery" = { + # states = { + # warning = 30; + # critical = 15; + # }; + # format = "{icon} {capacity}%"; + # format-charging = "⚡ {capacity}%"; + # format-plugged = "🔌 {capacity}%"; + # format-icons = ["🔋" "🔋" "🔋" "🔋" "🔋"]; + # }; + # "clock" = { + # format = "🕒 {:%H:%M}"; + # format-alt = "🕒 {:%Y-%m-%d %H:%M}"; + # tooltip-format = "{:%Y %B}\n{calendar}"; + # }; + # }; + # }; + # style = '' + # * { + # border: none; + # border-radius: 0; + # font-family: "JetBrainsMono Nerd Font"; + # font-size: 13px; + # font-weight: bold; + # min-height: 0; + # } + + # window#waybar { + # background: rgba(21, 18, 27, 0.8); + # color: #cdd6f4; + # } + + # #workspaces button { + # padding: 0 5px; + # background: transparent; + # color: #cdd6f4; + # } + + # #workspaces button:hover { + # background: rgba(0, 0, 0, 0.2); + # } + + # #workspaces button.active { + # background: #7aa2f7; + # color: #1e1e2e; + # } + + # #workspaces button.urgent { + # background: #f38ba8; + # color: #1e1e2e; + # } + + # #battery, + # #cpu, + # #memory, + # #network, + # #pulseaudio, + # #clock { + # padding: 0 10px; + # margin: 0 5px; + # } + + # #battery { + # color: #a6e3a1; + # } + + # #battery.warning { + # color: #f9e2af; + # } + + # #battery.critical { + # color: #f38ba8; + # } + + # #network { + # color: #89b4fa; + # } + + # #pulseaudio { + # color: #cba6f7; + # } + + # #cpu { + # color: #f5c2e7; + # } + + # #memory { + # color: #fab387; + # } + + # #clock { + # color: #89dceb; + # } + # ''; + # }; + + # # Ghostty configuration + # programs.ghostty = { + # enable = true; + # # settings = { + # # settings doesn't work + # }; + # # https://ghostty.zerebos.com/app/import-export + # # no scorllback limit + # # https://github.com/ghostty-org/ghostty/issues/111 + # xdg.configFile."ghostty/config.toml".text = '' + # term = xterm-256color + # scrollback-limit = 10000001 + # image-storage-limit = 320000001 + # clipboard-write = allow + # window-subtitle = working-directory + # background-opacity = 0.91 + # background-blur = 20 + # ''; home = { username = "das"; @@ -357,17 +357,17 @@ neofetch file - # Hyprland related - waybar - swaybg - swaylock - wl-clipboard - wf-recorder - grimblast - hyprpaper - hyprpicker - hypridle - hyprlock + # # Hyprland related + # waybar + # swaybg + # swaylock + # wl-clipboard + # wf-recorder + # grimblast + # hyprpaper + # hyprpicker + # hypridle + # hyprlock # Terminal Multiplexers tmux @@ -423,11 +423,11 @@ rsync tree - # Terminals - alacritty - kitty - #https://ghostty.org/ - ghostty + # # Terminals + # alacritty + # kitty + # #https://ghostty.org/ + # ghostty # Networking ethtool @@ -446,61 +446,61 @@ # Filesystem/Monitoring inotify-tools - # Printing - hplip - #hplipWithPlugin + # # Printing + # hplip + # #hplipWithPlugin - # SDR - gnuradio - hackrf - gqrx - cubicsdr + # # SDR + # gnuradio + # hackrf + # gqrx + # cubicsdr # Media - vlc + #vlc # ffmpeg moved to system package #ffmpeg_7-full #ffmpeg-full - # Go Development - # https://nixos.wiki/wiki/Go - # https://nixos.org/manual/nixpkgs/stable/#sec-language-go - # https://nixos.wiki/wiki/FAQ#How_can_I_install_a_package_from_unstable_while_remaining_on_the_stable_channel.3F - libcap - #gcc_multi - #glibc_multi - # thunderbird - #go_1_23 - go - gopls - golint - golangci-lint - golangci-lint-langserver - # trunk is unfree, and i can't work out how to enable unfree - #trunk-io - # https://github.com/go-delve/delve - delve - # https://github.com/aarzilli/gdlv - gdlv - buf - protobuf_27 - grpcurl - # https://github.com/go-gorm/gen - # https://github.com/infobloxopen/protoc-gen-gorm/blob/main/example/postgres_arrays/buf.gen.yaml - gorm-gentool - # removed 24.11 - #buf-language-server - # https://tinygo.org/ - #tinygo - - # removing bazel and moving to the "nix develop" shell - # # https://github.com/bazelbuild/bazel/tags - # # https://github.com/NixOS/nixpkgs/blob/nixos-unstable/pkgs/development/tools/build-managers/bazel/bazel_7/default.nix#L524 - #bazel_7 - bazel-buildtools - bazelisk - - code-cursor + # # Go Development + # # https://nixos.wiki/wiki/Go + # # https://nixos.org/manual/nixpkgs/stable/#sec-language-go + # # https://nixos.wiki/wiki/FAQ#How_can_I_install_a_package_from_unstable_while_remaining_on_the_stable_channel.3F + # libcap + # #gcc_multi + # #glibc_multi + # # thunderbird + # #go_1_23 + # go + # gopls + # golint + # golangci-lint + # golangci-lint-langserver + # # trunk is unfree, and i can't work out how to enable unfree + # #trunk-io + # # https://github.com/go-delve/delve + # delve + # # https://github.com/aarzilli/gdlv + # gdlv + # buf + # protobuf_27 + # grpcurl + # # https://github.com/go-gorm/gen + # # https://github.com/infobloxopen/protoc-gen-gorm/blob/main/example/postgres_arrays/buf.gen.yaml + # gorm-gentool + # # removed 24.11 + # #buf-language-server + # # https://tinygo.org/ + # #tinygo + + # # removing bazel and moving to the "nix develop" shell + # # # https://github.com/bazelbuild/bazel/tags + # # # https://github.com/NixOS/nixpkgs/blob/nixos-unstable/pkgs/development/tools/build-managers/bazel/bazel_7/default.nix#L524 + # #bazel_7 + # bazel-buildtools + # bazelisk + + # code-cursor # # https://github.com/bazel-contrib/bazel-gazelle/tags # # https://github.com/NixOS/nixpkgs/blob/nixos-unstable/pkgs/by-name/ba/bazel-gazelle/package.nix#L26 @@ -510,194 +510,194 @@ # # https://github.com/buchgr/bazel-remote - maybe something to look at? # # https://github.com/buildfarm/buildfarm?tab=readme-ov-file#helm-chart - # Debugging/Profiling - graphviz # for pprof - strace - - # Diffing - meld - - # Editors - helix - - # Rust Development - # https://nixos.wiki/wiki/Rust - cargo - rustc - rustfmt - rust-analyzer - clippy - #clang_multi - - # Mobile Development - flutter - android-studio - android-tools - android-udev-rules - - nordic - gnome-themes-extra - #gnome-shell-extensions - - # Gnome Related / Extensions - # gnomeExtensions.emoji-copy - # gnomeExtensions.workspace-switcher-manager - gnome-extension-manager - gnome-usage - dconf-editor - gnome-settings-daemon - gnome-disk-utility - gnome-software - gnome-tweaks - simple-scan - gnomeExtensions.appindicator - gnomeExtensions.settingscenter - gnomeExtensions.system-monitor - gnomeExtensions.dash-to-dock - gnomeExtensions.just-perfection - gnomeExtensions.logo-menu - gnomeExtensions.wifi-qrcode - gnomeExtensions.wireless-hid - gnomeExtensions.user-themes - gnomeExtensions.tray-icons-reloaded - gnomeExtensions.vitals - gnomeExtensions.dash-to-panel - gnomeExtensions.sound-output-device-chooser - gnomeExtensions.space-bar - # https://github.com/AstraExt/astra-monitor - gnomeExtensions.astra-monitor - libgtop - - # Office/Documents - libreoffice-qt - hunspell - hunspellDicts.en_AU - #hunspellDicts.en_US - evince - - # Browsers - # https://nixos.wiki/wiki/Firefox - firefox - # https://nixos.wiki/wiki/Chromium - chromium - #google-chrome - # https://discourse.nixos.org/t/google-chrome-not-working-after-recent-nixos-rebuild/43746 - (google-chrome.override { - commandLineArgs = [ - "--enable-features=UseOzonePlatform" - "--ozone-platform=wayland" - ]; - }) - - # Communication - # https://nixos.wiki/wiki/Slack - slack - zoom-us - - # Screenshots/Screen Recording - # https://wiki.nixos.org/wiki/Flameshot - flameshot - #(flameshot.override { enableWlrSupport = true; }) - grim # screenshot functionality - slurp # screenshot functionality - simplescreenrecorder - # https://wiki.nixos.org/wiki/Gpu-screen-recorder - gpu-screen-recorder # CLI - gpu-screen-recorder-gtk # GUI - - # Graphics - gimp-with-plugins - - # Text Editors - gedit - - # Containers - # https://nixos.wiki/wiki/Podman - dive - podman - runc - skopeo - podman-tui - podman-compose - docker-buildx - - # Kubernetes - #clickhouse - #clickhouse-cli - # https://github.com/int128/kubelogin - kubelogin-oidc - kubectl - kubernetes-helm - istioctl - krew - kubeshark - kubectl-ktop - kubectl-klock - kube-capacity - kubectl-images - kubectl-gadget - kdash - # k9s --kubeconfig=dev-d.kubeconfig - k9s - - # Misc - # https://github.com/jrincayc/ucblogo-code - ucblogo - # https://github.com/wagoodman/dive - # dive # Duplicate removed - # https://github.com/sharkdp/hyperfine - hyperfine - - # App Launchers - rofi-wayland - wofi - - # Raspberry Pi - #rpi-imager + # # Debugging/Profiling + # graphviz # for pprof + # strace + + # # Diffing + # meld + + # # Editors + # helix + + # # Rust Development + # # https://nixos.wiki/wiki/Rust + # cargo + # rustc + # rustfmt + # rust-analyzer + # clippy + # #clang_multi + + # # Mobile Development + # flutter + # android-studio + # android-tools + # android-udev-rules + + # nordic + # gnome-themes-extra + # #gnome-shell-extensions + + # # Gnome Related / Extensions + # # gnomeExtensions.emoji-copy + # # gnomeExtensions.workspace-switcher-manager + # gnome-extension-manager + # gnome-usage + # dconf-editor + # gnome-settings-daemon + # gnome-disk-utility + # gnome-software + # gnome-tweaks + # simple-scan + # gnomeExtensions.appindicator + # gnomeExtensions.settingscenter + # gnomeExtensions.system-monitor + # gnomeExtensions.dash-to-dock + # gnomeExtensions.just-perfection + # gnomeExtensions.logo-menu + # gnomeExtensions.wifi-qrcode + # gnomeExtensions.wireless-hid + # gnomeExtensions.user-themes + # gnomeExtensions.tray-icons-reloaded + # gnomeExtensions.vitals + # gnomeExtensions.dash-to-panel + # gnomeExtensions.sound-output-device-chooser + # gnomeExtensions.space-bar + # # https://github.com/AstraExt/astra-monitor + # gnomeExtensions.astra-monitor + # libgtop + + # # Office/Documents + # libreoffice-qt + # hunspell + # hunspellDicts.en_AU + # #hunspellDicts.en_US + # evince + + # # Browsers + # # https://nixos.wiki/wiki/Firefox + # firefox + # # https://nixos.wiki/wiki/Chromium + # chromium + # #google-chrome + # # https://discourse.nixos.org/t/google-chrome-not-working-after-recent-nixos-rebuild/43746 + # (google-chrome.override { + # commandLineArgs = [ + # "--enable-features=UseOzonePlatform" + # "--ozone-platform=wayland" + # ]; + # }) + + # # Communication + # # https://nixos.wiki/wiki/Slack + # slack + # zoom-us + + # # Screenshots/Screen Recording + # # https://wiki.nixos.org/wiki/Flameshot + # flameshot + # #(flameshot.override { enableWlrSupport = true; }) + # grim # screenshot functionality + # slurp # screenshot functionality + # simplescreenrecorder + # # https://wiki.nixos.org/wiki/Gpu-screen-recorder + # gpu-screen-recorder # CLI + # gpu-screen-recorder-gtk # GUI + + # # Graphics + # gimp-with-plugins + + # # Text Editors + # gedit + + # # Containers + # # https://nixos.wiki/wiki/Podman + # dive + # podman + # runc + # skopeo + # podman-tui + # podman-compose + # docker-buildx + + # # Kubernetes + # #clickhouse + # #clickhouse-cli + # # https://github.com/int128/kubelogin + # kubelogin-oidc + # kubectl + # kubernetes-helm + # istioctl + # krew + # kubeshark + # kubectl-ktop + # kubectl-klock + # kube-capacity + # kubectl-images + # kubectl-gadget + # kdash + # # k9s --kubeconfig=dev-d.kubeconfig + # k9s + + # # Misc + # # https://github.com/jrincayc/ucblogo-code + # ucblogo + # # https://github.com/wagoodman/dive + # # dive # Duplicate removed + # # https://github.com/sharkdp/hyperfine + # hyperfine + + # # App Launchers + # rofi-wayland + # wofi + + # # Raspberry Pi + # #rpi-imager #silly cmatrix sl #gpu monitoring - lact + #lact ]; - # vscode - # https://nixos.wiki/wiki/Visual_Studio_Code - # https://github.com/thexyno/nixos-config/blob/main/hm-modules/vscode/default.nix - # nix run github:nix-community/nix-vscode-extensions# -- --list-extensions - # https://mynixos.com/home-manager/options/programs.vscode - programs.vscode = { - enable = true; - package = pkgs.vscode; - profiles.default.extensions = with pkgs.vscode-extensions; [ - dart-code.dart-code - dart-code.flutter - golang.go - hashicorp.terraform - ms-azuretools.vscode-docker - ms-vscode-remote.remote-containers - ms-vscode-remote.remote-ssh - ms-vscode.makefile-tools - ms-vscode.cmake-tools - ms-vscode.cpptools - ms-vscode.hexeditor - ms-vscode.makefile-tools - ms-python.python - ms-python.vscode-pylance - ms-kubernetes-tools.vscode-kubernetes-tools - redhat.vscode-yaml - rust-lang.rust-analyzer - tamasfe.even-better-toml - timonwong.shellcheck - zxh404.vscode-proto3 - yzhang.markdown-all-in-one - jnoortheen.nix-ide - rust-lang.rust-analyzer - bazelbuild.vscode-bazel - ]; - }; + # # vscode + # # https://nixos.wiki/wiki/Visual_Studio_Code + # # https://github.com/thexyno/nixos-config/blob/main/hm-modules/vscode/default.nix + # # nix run github:nix-community/nix-vscode-extensions# -- --list-extensions + # # https://mynixos.com/home-manager/options/programs.vscode + # programs.vscode = { + # enable = true; + # package = pkgs.vscode; + # profiles.default.extensions = with pkgs.vscode-extensions; [ + # dart-code.dart-code + # dart-code.flutter + # golang.go + # hashicorp.terraform + # ms-azuretools.vscode-docker + # ms-vscode-remote.remote-containers + # ms-vscode-remote.remote-ssh + # ms-vscode.makefile-tools + # ms-vscode.cmake-tools + # ms-vscode.cpptools + # ms-vscode.hexeditor + # ms-vscode.makefile-tools + # ms-python.python + # ms-python.vscode-pylance + # ms-kubernetes-tools.vscode-kubernetes-tools + # redhat.vscode-yaml + # rust-lang.rust-analyzer + # tamasfe.even-better-toml + # timonwong.shellcheck + # zxh404.vscode-proto3 + # yzhang.markdown-all-in-one + # jnoortheen.nix-ide + # rust-lang.rust-analyzer + # bazelbuild.vscode-bazel + # ]; + # }; #fonts.fonts = with pkgs; [ # nerdfonts @@ -733,107 +733,107 @@ #signing.signByDefault = true; }; - # https://nixos.wiki/wiki/OBS_Studio - # TODO add kernel module for virtual camera - programs.obs-studio = { - enable = true; - plugins = with pkgs.obs-studio-plugins; [ - wlrobs - obs-backgroundremoval - obs-pipewire-audio-capture - ]; - }; - - # another example with dark colors: - # https://github.com/HeinzDev/Hyprland-dotfiles/blob/main/home/home.nix#L70 - # - # https://heywoodlh.io/nixos-gnome-settings-and-keyboard-shortcuts - # https://rycee.gitlab.io/home-manager/options.xhtml#opt-dconf.settings - dconf.settings = { - "org/gnome/desktop/wm/preferences" = { - #button-layout = "close,minimize,maximize,above:appmenu"; - button-layout = ":minimize,maximize,above,close"; - num-workspaces = 2; - }; - # "org/gnome/desktop/interface" = { - # color-scheme = "prefer-dark"; - # }; - "org/gnome/desktop/interface" = { - clock-show-seconds = true; - clock-show-weekday = true; - color-scheme = "prefer-dark"; - enable-hot-corners = false; - font-antialiasing = "grayscale"; - font-hinting = "slight"; - gtk-theme = "Nordic"; - icon-theme = "Papirus-Dark"; - cursor-theme = "Adwaita"; - toolkit-accessibility = false; - }; - "org/gnome/shell" = { - disable-user-extensions = false; - favorite-apps = [ - "firefox.desktop" - "google-chrome.desktop" - "code.desktop" - "chromium.desktop" - "alacritty.desktop" - #"kitty.desktop" - "slack.desktop" - "ghostty.desktop" - ]; - # "org/gnome/shell/extensions/user-theme" = { - # name = "Nordic"; - # }; - enabled-extensions = with pkgs.gnomeExtensions; [ - blur-my-shell.extensionUuid - gsconnect.extensionUuid - ]; - }; - }; - - home.file."containers.conf" = { - target = ".config/containers/containers.conf"; - # https://docs.podman.io/en/v4.6.0/markdown/options/security-opt.html - # https://github.com/containers/common/blob/main/docs/containers.conf.5.md - text = '' - [containers] - annotations=["run.oci.keep_original_groups=1",] - label=false - #seccomp=unconfined - ''; - }; - home.file."registries.conf" = { - target = ".config/containers/registries.conf"; - text = '' - [registries.search] - registries = ['docker.io'] - ''; - # text = '' - # [registries.search] - # registries = ['docker.io', 'registry.gitlab.com'] - # ''; - }; - home.file."policy.json" = { - target = ".config/containers/policy.json"; - text = '' - { - "default": [ - { - "type": "insecureAcceptAnything" - } - ], - "transports": - { - "docker-daemon": - { - "": [{"type":"insecureAcceptAnything"}] - } - } - } - ''; - }; - # https://github.com/colemickens/nixcfg/blob/1915d408ea28a5b7279f94df7a982dbf2cf692ef/mixins/ghostty.nix#L19 + # # https://nixos.wiki/wiki/OBS_Studio + # # TODO add kernel module for virtual camera + # programs.obs-studio = { + # enable = true; + # plugins = with pkgs.obs-studio-plugins; [ + # wlrobs + # obs-backgroundremoval + # obs-pipewire-audio-capture + # ]; + # }; + + # # another example with dark colors: + # # https://github.com/HeinzDev/Hyprland-dotfiles/blob/main/home/home.nix#L70 + # # + # # https://heywoodlh.io/nixos-gnome-settings-and-keyboard-shortcuts + # # https://rycee.gitlab.io/home-manager/options.xhtml#opt-dconf.settings + # dconf.settings = { + # "org/gnome/desktop/wm/preferences" = { + # #button-layout = "close,minimize,maximize,above:appmenu"; + # button-layout = ":minimize,maximize,above,close"; + # num-workspaces = 2; + # }; + # # "org/gnome/desktop/interface" = { + # # color-scheme = "prefer-dark"; + # # }; + # "org/gnome/desktop/interface" = { + # clock-show-seconds = true; + # clock-show-weekday = true; + # color-scheme = "prefer-dark"; + # enable-hot-corners = false; + # font-antialiasing = "grayscale"; + # font-hinting = "slight"; + # gtk-theme = "Nordic"; + # icon-theme = "Papirus-Dark"; + # cursor-theme = "Adwaita"; + # toolkit-accessibility = false; + # }; + # "org/gnome/shell" = { + # disable-user-extensions = false; + # favorite-apps = [ + # "firefox.desktop" + # "google-chrome.desktop" + # "code.desktop" + # "chromium.desktop" + # "alacritty.desktop" + # #"kitty.desktop" + # "slack.desktop" + # "ghostty.desktop" + # ]; + # # "org/gnome/shell/extensions/user-theme" = { + # # name = "Nordic"; + # # }; + # enabled-extensions = with pkgs.gnomeExtensions; [ + # blur-my-shell.extensionUuid + # gsconnect.extensionUuid + # ]; + # }; + # }; + + # home.file."containers.conf" = { + # target = ".config/containers/containers.conf"; + # # https://docs.podman.io/en/v4.6.0/markdown/options/security-opt.html + # # https://github.com/containers/common/blob/main/docs/containers.conf.5.md + # text = '' + # [containers] + # annotations=["run.oci.keep_original_groups=1",] + # label=false + # #seccomp=unconfined + # ''; + # }; + # home.file."registries.conf" = { + # target = ".config/containers/registries.conf"; + # text = '' + # [registries.search] + # registries = ['docker.io'] + # ''; + # # text = '' + # # [registries.search] + # # registries = ['docker.io', 'registry.gitlab.com'] + # # ''; + # }; + # home.file."policy.json" = { + # target = ".config/containers/policy.json"; + # text = '' + # { + # "default": [ + # { + # "type": "insecureAcceptAnything" + # } + # ], + # "transports": + # { + # "docker-daemon": + # { + # "": [{"type":"insecureAcceptAnything"}] + # } + # } + # } + # ''; + # }; + # # https://github.com/colemickens/nixcfg/blob/1915d408ea28a5b7279f94df7a982dbf2cf692ef/mixins/ghostty.nix#L19 # set at flake.nix level nixpkgs.config.allowUnfree = true; diff --git a/desktop/l2/hostapd-multi.nix b/desktop/l2/hostapd-multi.nix new file mode 100644 index 0000000..f0e019e --- /dev/null +++ b/desktop/l2/hostapd-multi.nix @@ -0,0 +1,89 @@ +# +# hostapd-multi.nix +# + +{ config, lib, pkgs, ... }: + +{ + services.hostapd.enable = true; + + services.hostapd.radios = { + wlp35s0 = { + interface = "wlp35s0"; + ssid = "myssid"; + countryCode = "US"; + channel = 52; # 5.26 GHz + hwMode = "a"; + bridge = "br0"; + auth.algo = "open"; + wpa.enable = true; + wpa.passphrase = "strongpassword"; + wpa.keyMgmt = [ "WPA-PSK" ]; + }; + + wlp65s0 = { + interface = "wlp65s0"; + ssid = "myssid"; + countryCode = "US"; + channel = 56; # 5.28 GHz + hwMode = "a"; + bridge = "br0"; + auth.algo = "open"; + wpa.enable = true; + wpa.passphrase = "strongpassword"; + wpa.keyMgmt = [ "WPA-PSK" ]; + }; + + wlp66s0 = { + interface = "wlp66s0"; + ssid = "myssid"; + countryCode = "US"; + channel = 60; # 5.30 GHz + hwMode = "a"; + bridge = "br0"; + auth.algo = "open"; + wpa.enable = true; + wpa.passphrase = "strongpassword"; + wpa.keyMgmt = [ "WPA-PSK" ]; + }; + + wlp97s0 = { + interface = "wlp97s0"; + ssid = "myssid"; + countryCode = "US"; + channel = 64; # 5.32 GHz + hwMode = "a"; + bridge = "br0"; + auth.algo = "open"; + wpa.enable = true; + wpa.passphrase = "strongpassword"; + wpa.keyMgmt = [ "WPA-PSK" ]; + }; + }; + + networking = { + networkmanager.enable = false; + useDHCP = false; + + bridges.br0.interfaces = [ ]; + + interfaces."br0" = { + ipv4.addresses = [{ + address = "192.168.1.1"; + prefixLength = 24; + }]; + ipv6.addresses = [{ + address = "fd00::1"; + prefixLength = 64; + }]; + }; + + interfaces."enp1s0".useDHCP = true; + + nat = { + enable = true; + externalInterface = "enp1s0"; + internalInterfaces = [ "br0" ]; + }; + }; +} diff --git a/desktop/l2/hostapd.nix b/desktop/l2/hostapd.nix index 9f5a13e..f6514e1 100644 --- a/desktop/l2/hostapd.nix +++ b/desktop/l2/hostapd.nix @@ -18,75 +18,186 @@ # https://github.com/latelee/hostapd # # Giant NixPkgs PR: https://github.com/NixOS/nixpkgs/pull/222536 -# -# -{ config, pkgs, lib, ... }: + +# [das@l2:~]$ lspci | grep -iE '(net|wi)' +# 01:00.0 Ethernet controller: Aquantia Corp. AQtion AQC107 NBase-T/IEEE 802.3an Ethernet Controller [Atlantic 10G] (rev 02) +# 02:00.0 PCI bridge: Advanced Micro Devices, Inc. [AMD] Matisse Switch Upstream +# 23:00.0 Network controller: Intel Corporation Wi-Fi 6E(802.11ax) AX210/AX1675* 2x2 [Typhoon Peak] (rev 1a) +# 41:00.0 Network controller: Intel Corporation Wi-Fi 6E(802.11ax) AX210/AX1675* 2x2 [Typhoon Peak] (rev 1a) +# 42:00.0 Network controller: Intel Corporation Wi-Fi 6E(802.11ax) AX210/AX1675* 2x2 [Typhoon Peak] (rev 1a) +# 61:00.0 Network controller: Intel Corporation Wi-Fi 6E(802.11ax) AX210/AX1675* 2x2 [Typhoon Peak] (rev 1a) + +# [das@l2:~]$ ifconfig -a | grep Ether +# br0 Link encap:Ethernet HWaddr 6A:9C:34:61:21:28 +# docker0 Link encap:Ethernet HWaddr 02:42:DE:0F:7E:B0 +# enp1s0 Link encap:Ethernet HWaddr E0:4F:43:E6:2D:B0 +# wlp35s0 Link encap:Ethernet HWaddr 28:A4:4A:27:E7:7D +# wlp65s0 Link encap:Ethernet HWaddr 28:A4:4A:D7:86:74 +# wlp66s0 Link encap:Ethernet HWaddr 28:A4:4A:27:E7:73 +# wlp97s0 Link encap:Ethernet HWaddr 28:A4:4A:01:73:D6 + +# [das@l2:~/nixos/desktop/l2]$ iw dev | grep -A5 phy +# phy#15 +# Interface wlp35s0 +# ifindex 27 +# wdev 0xf00000001 +# addr 28:a4:4a:27:e7:7d +# type managed +# -- +# phy#14 +# Interface wlp66s0 +# ifindex 26 +# wdev 0xe00000001 +# addr 28:a4:4a:27:e7:73 +# type managed +# -- +# phy#13 +# Interface wlp65s0 +# ifindex 25 +# wdev 0xd00000001 +# addr 28:a4:4a:d7:86:74 +# type managed +# -- +# phy#12 +# Interface wlp97s0 +# ifindex 24 +# wdev 0xc00000001 +# addr 28:a4:4a:01:73:d6 +# type managed + +# [das@l2:~/nixos/desktop/l2]$ + +# systemctl status hostapd.service +# journalctl -xeu hostapd.service + +# remove +# sudo sh -c "rmmod iwlmvm || true && rmmod iwlwifi || true && rmmod mac80211 || true" +# add +# sudo sh -c "modprobe iwlmvm || true && modprobe iwlwifi || true && modprobe mac80211 || true" + +# sudo strace -f -tt -s 256 -o hostapd_strace.log /nix/store/px5q7qqnrpw981i8ccg1cgx8p5pf4nc6-hostapd-2.11/bin/hostapd -dd /nix/store/1dbx6njz2acsw5hv5rw5x21pybr9nsb3-hostapd.conf + +# cat /etc/systemd/system/hostapd.service + +{ config, lib, pkgs, ... }: let - radios = { - wlp35s0 = { - channel = 6; - hwMode = "g"; - }; - wlp65s0 = { - channel = 100; - hwMode = "a"; - }; - wlp70s0 = { - channel = 149; - hwMode = "a"; - }; + # List of Wi-Fi interfaces to manage + wifiInterfaces = [ "wlp35s0" "wlp65s0" "wlp66s0" "wlp97s0" ]; + + # Real MAC addresses for each interface (used for bssid=) + ifaceMacs = { + wlp35s0 = "28:A4:4A:27:E7:7D"; + wlp65s0 = "28:A4:4A:D7:86:74"; + wlp66s0 = "28:A4:4A:27:E7:73"; + wlp97s0 = "28:A4:4A:01:73:D6"; }; - mkHostapdConf = iface: cfg: - - pkgs.writeText "hostapd-${iface}.conf" '' - driver=nl80211 - ssid=myssid - hw_mode=${cfg.hwMode} - channel=${toString cfg.channel} - ctrl_interface=/run/hostapd-${iface} - ctrl_interface_group=0 - - # WPA3 (SAE) configuration - wpa=2 - wpa_key_mgmt=SAE - rsn_pairwise=CCMP - sae_require_mfp=1 - ieee80211w=2 - wpa_passphrase=mysecurepassword - - # Enable 802.11n/ac/ax - ieee80211n=1 - ieee80211ac=1 - ieee80211ax=1 - - wmm_enabled=1 - - # Optional WMM tuning - wmm_ac_be_aifs=1 - wmm_ac_be_cwmin=4 - wmm_ac_be_cwmax=4 - wmm_ac_be_txop_limit=32 - wmm_ac_be_acm=0 - ''; - - hostapdConfigs = lib.mapAttrs (iface: cfg: mkHostapdConf iface cfg) radios; + # Common SSID and WPA3 settings + ssid = "myssid"; + psk = "supersecure"; + + # Common AP parameters + commonParams = iface: '' + # + ##### Configuration for ${iface} ##### + # + ${if iface == builtins.elemAt wifiInterfaces 0 then "interface=${iface}" else "bss=${iface}"} + bssid=${ifaceMacs.${iface}} + ssid=${ssid} + hw_mode=g + channel=6 + ieee80211n=1 + ieee80211ac=1 + ieee80211ax=1 + wmm_enabled=1 + + # WMM tuning + wmm_ac_be_aifs=1 + wmm_ac_be_cwmin=4 + wmm_ac_be_cwmax=4 + wmm_ac_be_txop_limit=32 + wmm_ac_be_acm=0 + + # WPA3-SAE settings + wpa=2 + wpa_key_mgmt=SAE + rsn_pairwise=CCMP + sae_require_mfp=1 + ieee80211w=2 + ft_psk_generate_local=1 + mobility_domain=4f57 + ft_over_ds=1 + nas_identifier=${iface}-ap + sae_password=${psk} + bridge=br0 + macaddr_acl=0 + ''; + + # Generate a single hostapd.conf for all BSSes + hostapdConf = pkgs.writeText "hostapd.conf" ( + '' + ctrl_interface=/run/hostapd + country_code=US + ieee80211d=1 + logger_syslog=-1 + logger_syslog_level=2 + logger_stdout=-1 + logger_stdout_level=2 + '' + + lib.concatMapStringsSep "\n" commonParams wifiInterfaces + ); in { - systemd.services = lib.mapAttrs' (iface: confPath: { - name = "hostapd-${iface}"; - value = { - description = "Hostapd on ${iface}"; - wantedBy = [ "multi-user.target" ]; - after = [ "network.target" ]; - serviceConfig = { - ExecStart = "${pkgs.hostapd}/bin/hostapd -i ${iface} ${confPath}"; - Restart = "on-failure"; - RuntimeDirectory = "hostapd-${iface}"; - }; + systemd.services.hostapd = { + description = "Unified hostapd service for multi-interface Wi-Fi"; + wantedBy = [ "multi-user.target" ]; + after = [ "network-online.target" ]; + requires = [ "network-online.target" ]; + + path = [ pkgs.hostapd pkgs.iproute2 pkgs.iw ]; + + serviceConfig = { + ExecStart = "${pkgs.hostapd}/bin/hostapd -dd ${hostapdConf}"; + Restart = "on-failure"; + + Type = "simple"; + + LimitNOFILE = 65535; + + MemoryMax = "1024M"; + CPUQuota = "100%"; }; - }) hostapdConfigs; + }; + + networking = { + networkmanager.enable = false; + useDHCP = false; + + # Define empty bridge device, do not enslave wifi interfaces directly + bridges.br0.interfaces = [ ]; + + interfaces."br0" = { + ipv4.addresses = [{ address = "192.168.1.1"; prefixLength = 24; }]; + ipv6.addresses = [{ address = "fd00::1"; prefixLength = 64; }]; + }; + + interfaces."enp1s0".useDHCP = true; + + nat.enable = true; + nat.externalInterface = "enp1s0"; + nat.internalInterfaces = [ "br0" ]; + }; } +# modprobe nlmon +# sudo modprobe nlmon +# lsmod | grep nlmon +# sudo ip link add nlmon0 type nlmon +# sudo ip link set dev nlmon0 up +# sudo tcpdump -i nlmon0 -w netlink.pcap +# sudo chown das:das *.pcap + +# https://jvns.ca/blog/2017/09/03/debugging-netlink-requests/ + # end \ No newline at end of file diff --git a/desktop/l2/hosts.nix b/desktop/l2/hosts.nix index ae89d39..62a2951 100644 --- a/desktop/l2/hosts.nix +++ b/desktop/l2/hosts.nix @@ -13,6 +13,6 @@ "172.16.40.122" = [ "pi5-1" "pi5-1-eth" ]; "172.16.40.62" = [ "chromebox3" "chromebox3-eth" ]; "172.16.40.46" = [ "l2" ]; - "127.0.0.1" = ["redpanda-0" ]; + #"127.0.0.1" = ["redpanda-0" ]; }; } \ No newline at end of file diff --git a/desktop/l2/network.nix.not b/desktop/l2/network.nix.not new file mode 100644 index 0000000..81d67df --- /dev/null +++ b/desktop/l2/network.nix.not @@ -0,0 +1,98 @@ +{ config, pkgs, lib, ... }: + +{ + networking = { + useNetworkd = true; + useDHCP = false; + interfaces = { + enp1s0 = { + useDHCP = true; + ipv6 = { + enable = true; + acceptRA = true; + }; + }; + + wlp35s0 = { + ipv4.addresses = [{ + address = "10.0.35.1"; + prefixLength = 24; + }]; + ipv6.addresses = []; + }; + + wlp65s0 = { + ipv4.addresses = [{ + address = "10.0.65.1"; + prefixLength = 24; + }]; + ipv6.addresses = []; + }; + + wlp70s0 = { + ipv4.addresses = [{ + address = "10.0.70.1"; + prefixLength = 24; + }]; + ipv6.addresses = []; + }; + }; + + firewall = { + enable = true; + allowedTCPPorts = [ 22 53 67 ]; # SSH, DNS, DHCP + allowedUDPPorts = [ 53 67 68 ]; # DNS, DHCP client/server + }; + + enableIPv6 = true; + ipForward = true; + ipv6 = { + enable = true; + forward = true; + }; + }; + + # Enable kea DHCP server + services.kea = { + enable = true; + dhcp4 = { + enable = true; + settings = { + interfaces-config.interfaces = [ "wlp35s0" "wlp65s0" "wlp70s0" ]; + subnet4 = [ + { + subnet = "10.0.35.0/24"; + pools = [{ pool = "10.0.35.100 - 10.0.35.200"; }]; + option-data = [ + { name = "routers"; data = "10.0.35.1"; } + { name = "domain-name-servers"; data = "10.0.35.1"; } + ]; + } + { + subnet = "10.0.65.0/24"; + pools = [{ pool = "10.0.65.100 - 10.0.65.200"; }]; + option-data = [ + { name = "routers"; data = "10.0.65.1"; } + { name = "domain-name-servers"; data = "10.0.65.1"; } + ]; + } + { + subnet = "10.0.70.0/24"; + pools = [{ pool = "10.0.70.100 - 10.0.70.200"; }]; + option-data = [ + { name = "routers"; data = "10.0.70.1"; } + { name = "domain-name-servers"; data = "10.0.70.1"; } + ]; + } + ]; + }; + }; + }; + + # Enable PowerDNS recursor + services.pdns-recursor = { + enable = true; + localAddress = "127.0.0.1"; + allowFrom = [ "127.0.0.0/8" "10.0.35.0/24" "10.0.65.0/24" "10.0.70.0/24" ]; + }; +} diff --git a/desktop/l2/not.hostapd.nix b/desktop/l2/not.hostapd.nix new file mode 100644 index 0000000..56b7c3b --- /dev/null +++ b/desktop/l2/not.hostapd.nix @@ -0,0 +1,173 @@ +# +# hostapd.nix +# + +# +# NOT using service.hostapd, because it has limited configuration capabilities +# https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/networking/hostapd.nix +# +# Using custom systemd services to run hostapd per interface +# +# systemctl status hostapd-wlp35s0 +# systemctl status hostapd-wlp65s0 +# systemctl status hostapd-wlp70s0 +# +# nix pkgs source +# https://github.com/NixOS/nixpkgs/blob/master/pkgs/by-name/ho/hostapd/package.nix +# https://w1.fi/hostapd/ +# https://github.com/latelee/hostapd +# +# Giant NixPkgs PR: https://github.com/NixOS/nixpkgs/pull/222536 +# +# +# hostapd.nix + +{ config, lib, pkgs, ... }: + +let + # List of Wi-Fi interfaces to manage + wifiInterfaces = [ "wlp35s0" "wlp65s0" "wlp70s0" ]; + + # Real MAC addresses for each interface (used for bssid=) + ifaceMacs = { + wlp35s0 = "28:A4:4A:27:E7:7D"; + wlp65s0 = "28:A4:4A:D7:86:74"; + wlp70s0 = "90:65:84:5E:6F:D2"; + }; + + # Common SSID and WPA3 settings + ssid = "myssid"; + psk = "supersecurepassword"; + + # Common AP parameters + commonParams = iface: '' + # + ##### Configuration for ${iface} ##### + # + ${if iface == builtins.elemAt wifiInterfaces 0 then "interface=${iface}" else "bss=${iface}"} + bssid=${ifaceMacs.${iface}} + ssid=${ssid} + hw_mode=g + channel=6 + ieee80211n=1 + ieee80211ac=1 + ieee80211ax=1 + wmm_enabled=1 + + # WMM tuning + wmm_ac_be_aifs=1 + wmm_ac_be_cwmin=4 + wmm_ac_be_cwmax=4 + wmm_ac_be_txop_limit=32 + wmm_ac_be_acm=0 + + # WPA3-SAE settings + wpa=2 + wpa_key_mgmt=SAE + rsn_pairwise=CCMP + sae_require_mfp=1 + ieee80211w=2 + ft_psk_generate_local=1 + mobility_domain=4f57 + ft_over_ds=1 + nas_identifier=${iface}-ap + sae_password=${psk} + bridge=br0 + macaddr_acl=0 + ''; + + # Generate a single hostapd.conf for all BSSes + hostapdConf = pkgs.writeText "hostapd.conf" ( + '' + ctrl_interface=/run/hostapd + country_code=US + ieee80211d=1 + logger_syslog=-1 + logger_syslog_level=2 + logger_stdout=-1 + logger_stdout_level=2 + '' + + lib.concatMapStringsSep "\n" commonParams wifiInterfaces + ); + +in { + systemd.services.hostapd = { + description = "Unified hostapd service for multi-interface Wi-Fi"; + wantedBy = [ "multi-user.target" ]; + after = [ "network-online.target" ]; + requires = [ "network-online.target" ]; + + preStart = '' + for iface in ${builtins.concatStringsSep " " wifiInterfaces}; do + ip link set dev "$iface" down || true + iw dev "$iface" set type __ap || true + ip link set dev "$iface" up + done + sleep 5 + ''; + + path = [ pkgs.iproute2 pkgs.iw ]; + + serviceConfig = { + ExecStart = "${pkgs.hostapd}/bin/hostapd -d ${hostapdConf}"; + Restart = "on-failure"; + RuntimeDirectory = "hostapd"; + Type = "simple"; + LimitNOFILE = 65535; + #CapabilityBoundingSet = [ "CAP_NET_ADMIN" "CAP_NET_BIND_SERVICE" ]; + #AmbientCapabilities = [ "CAP_NET_ADMIN" "CAP_NET_BIND_SERVICE" ]; + # ProtectSystem = "strict"; + # ProtectHome = true; + # PrivateTmp = true; + # NoNewPrivileges = true; + # ReadWritePaths = [ "/run/hostapd" ]; + # DeviceAllow = [ + # "/dev/wlp35s0" + # "/dev/wlp65s0" + # "/dev/wlp70s0" + # "/dev/rfkill" + # ]; + # DevicePolicy = "auto"; + # DevicePolicy = "closed"; + # RestrictAddressFamilies = [ + # "AF_UNIX" + # "AF_NETLINK" + # "AF_INET" + # "AF_INET6" + # ]; + # ProtectKernelModules = true; + # ProtectControlGroups = true; + # ProtectKernelTunables = true; + # ProtectClock = true; + # LockPersonality = true; + # RemoveIPC = true; + # RestrictRealtime = true; + # SystemCallArchitectures = "native"; + # RestrictNamespaces = true; + + MemoryMax = "1024M"; + CPUQuota = "100%"; + }; + }; + + networking = { + networkmanager.enable = false; + useDHCP = false; + + # Define empty bridge device, do not enslave wifi interfaces directly + bridges.br0.interfaces = [ ]; + + interfaces."br0" = { + ipv4.addresses = [{ address = "192.168.1.1"; prefixLength = 24; }]; + ipv6.addresses = [{ address = "fd00::1"; prefixLength = 64; }]; + }; + + interfaces."enp1s0".useDHCP = true; + + nat.enable = true; + nat.externalInterface = "enp1s0"; + nat.internalInterfaces = [ "br0" ]; + }; +} + +# end \ No newline at end of file diff --git a/desktop/l2/sysctl.nix b/desktop/l2/sysctl.nix index de472c7..fb31883 100644 --- a/desktop/l2/sysctl.nix +++ b/desktop/l2/sysctl.nix @@ -1,3 +1,6 @@ +# +# sysctl.nix +# { config, pkgs, ... }: { @@ -51,5 +54,8 @@ #net.ipv4.tcp_reflect_tos = 0 "net.ipv4.tcp_rto_min_us" = 50000; #50ms #net.ipv4.tcp_rto_min_us = 200000 #200ms + + "net.ipv4.ip_forward" = 1; + "net.ipv6.conf.all.forwarding" = 1; }; } \ No newline at end of file diff --git a/desktop/l2/systemPackages.nix b/desktop/l2/systemPackages.nix index 4fc86de..3efe32c 100644 --- a/desktop/l2/systemPackages.nix +++ b/desktop/l2/systemPackages.nix @@ -42,6 +42,7 @@ lact hostapd + bridge-utils # https://wiki.nixos.org/wiki/Flameshot #(flameshot.override { enableWlrSupport = true; }) From 3d0b93b1ee3f7d9a587da1e6e84784400cd86b09 Mon Sep 17 00:00:00 2001 From: "randomizedcoder dave.seddon.ca@gmail.com" Date: Mon, 23 Jun 2025 21:29:27 -0700 Subject: [PATCH 18/25] multiple radios --- desktop/l2/hostapd-multi.nix | 102 ++++++++++++++++++++++------------- 1 file changed, 66 insertions(+), 36 deletions(-) diff --git a/desktop/l2/hostapd-multi.nix b/desktop/l2/hostapd-multi.nix index f0e019e..81644e3 100644 --- a/desktop/l2/hostapd-multi.nix +++ b/desktop/l2/hostapd-multi.nix @@ -9,55 +9,83 @@ services.hostapd.radios = { wlp35s0 = { - interface = "wlp35s0"; - ssid = "myssid"; countryCode = "US"; - channel = 52; # 5.26 GHz - hwMode = "a"; - bridge = "br0"; - auth.algo = "open"; - wpa.enable = true; - wpa.passphrase = "strongpassword"; - wpa.keyMgmt = [ "WPA-PSK" ]; + band = "5g"; + channel = 52; + + networks.wlp35s0 = { + ssid = "myssid"; + authentication = { + mode = "wpa3-sae"; + saePasswords = [ + { password = "strongpassword"; } + ]; + }; + settings = { + bridge = "br0"; + ieee80211w = 2; + }; + }; }; wlp65s0 = { - interface = "wlp65s0"; - ssid = "myssid"; countryCode = "US"; - channel = 56; # 5.28 GHz - hwMode = "a"; - bridge = "br0"; - auth.algo = "open"; - wpa.enable = true; - wpa.passphrase = "strongpassword"; - wpa.keyMgmt = [ "WPA-PSK" ]; + band = "5g"; + channel = 56; + + networks.wlp65s0 = { + ssid = "myssid"; + authentication = { + mode = "wpa3-sae"; + saePasswords = [ + { password = "strongpassword"; } + ]; + }; + settings = { + bridge = "br0"; + ieee80211w = 2; + }; + }; }; wlp66s0 = { - interface = "wlp66s0"; - ssid = "myssid"; countryCode = "US"; - channel = 60; # 5.30 GHz - hwMode = "a"; - bridge = "br0"; - auth.algo = "open"; - wpa.enable = true; - wpa.passphrase = "strongpassword"; - wpa.keyMgmt = [ "WPA-PSK" ]; + band = "5g"; + channel = 60; + + networks.wlp66s0 = { + ssid = "myssid"; + authentication = { + mode = "wpa3-sae"; + saePasswords = [ + { password = "strongpassword"; } + ]; + }; + settings = { + bridge = "br0"; + ieee80211w = 2; + }; + }; }; wlp97s0 = { - interface = "wlp97s0"; - ssid = "myssid"; countryCode = "US"; - channel = 64; # 5.32 GHz - hwMode = "a"; - bridge = "br0"; - auth.algo = "open"; - wpa.enable = true; - wpa.passphrase = "strongpassword"; - wpa.keyMgmt = [ "WPA-PSK" ]; + band = "5g"; + channel = 64; + + networks.wlp97s0 = { + ssid = "myssid"; + authentication = { + mode = "wpa3-sae"; + saePasswords = [ + { password = "strongpassword"; } + ]; + }; + settings = { + bridge = "br0"; + ieee80211w = 2; + }; + }; }; }; @@ -87,3 +115,5 @@ }; }; } + +# end \ No newline at end of file From 9f8a3fde305b75016bab861b60142b6e40428274 Mon Sep 17 00:00:00 2001 From: "randomizedcoder dave.seddon.ca@gmail.com" Date: Tue, 24 Jun 2025 16:56:13 -0700 Subject: [PATCH 19/25] networkd working --- desktop/l2/flake.lock | 459 +----------------------- desktop/l2/flake.nix | 33 +- desktop/l2/home.nix | 670 +---------------------------------- desktop/l2/hostapd-multi.nix | 314 +++++++++++----- 4 files changed, 231 insertions(+), 1245 deletions(-) diff --git a/desktop/l2/flake.lock b/desktop/l2/flake.lock index dc661a5..d442d19 100644 --- a/desktop/l2/flake.lock +++ b/desktop/l2/flake.lock @@ -1,76 +1,5 @@ { "nodes": { - "aquamarine": { - "inputs": { - "hyprutils": [ - "hyprland", - "hyprutils" - ], - "hyprwayland-scanner": [ - "hyprland", - "hyprwayland-scanner" - ], - "nixpkgs": [ - "hyprland", - "nixpkgs" - ], - "systems": [ - "hyprland", - "systems" - ] - }, - "locked": { - "lastModified": 1747864449, - "narHash": "sha256-PIjVAWghZhr3L0EFM2UObhX84UQxIACbON0IC0zzSKA=", - "owner": "hyprwm", - "repo": "aquamarine", - "rev": "389372c5f4dc1ac0e7645ed29a35fd6d71672ef5", - "type": "github" - }, - "original": { - "owner": "hyprwm", - "repo": "aquamarine", - "type": "github" - } - }, - "flake-compat": { - "flake": false, - "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, - "gitignore": { - "inputs": { - "nixpkgs": [ - "hyprland", - "pre-commit-hooks", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1709087332, - "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", - "owner": "hercules-ci", - "repo": "gitignore.nix", - "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "gitignore.nix", - "type": "github" - } - }, "home-manager": { "inputs": { "nixpkgs": [ @@ -91,312 +20,7 @@ "type": "github" } }, - "hyprcursor": { - "inputs": { - "hyprlang": [ - "hyprland", - "hyprlang" - ], - "nixpkgs": [ - "hyprland", - "nixpkgs" - ], - "systems": [ - "hyprland", - "systems" - ] - }, - "locked": { - "lastModified": 1745948457, - "narHash": "sha256-lzTV10FJTCGNtMdgW5YAhCAqezeAzKOd/97HbQK8GTU=", - "owner": "hyprwm", - "repo": "hyprcursor", - "rev": "ac903e80b33ba6a88df83d02232483d99f327573", - "type": "github" - }, - "original": { - "owner": "hyprwm", - "repo": "hyprcursor", - "type": "github" - } - }, - "hyprgraphics": { - "inputs": { - "hyprutils": [ - "hyprland", - "hyprutils" - ], - "nixpkgs": [ - "hyprland", - "nixpkgs" - ], - "systems": [ - "hyprland", - "systems" - ] - }, - "locked": { - "lastModified": 1745015490, - "narHash": "sha256-apEJ9zoSzmslhJ2vOKFcXTMZLUFYzh1ghfB6Rbw3Low=", - "owner": "hyprwm", - "repo": "hyprgraphics", - "rev": "60754910946b4e2dc1377b967b7156cb989c5873", - "type": "github" - }, - "original": { - "owner": "hyprwm", - "repo": "hyprgraphics", - "type": "github" - } - }, - "hyprland": { - "inputs": { - "aquamarine": "aquamarine", - "hyprcursor": "hyprcursor", - "hyprgraphics": "hyprgraphics", - "hyprland-protocols": "hyprland-protocols", - "hyprland-qtutils": "hyprland-qtutils", - "hyprlang": "hyprlang", - "hyprutils": "hyprutils", - "hyprwayland-scanner": "hyprwayland-scanner", - "nixpkgs": "nixpkgs", - "pre-commit-hooks": "pre-commit-hooks", - "systems": "systems", - "xdph": "xdph" - }, - "locked": { - "lastModified": 1749155341, - "narHash": "sha256-KE7qwOLzIsPFnXKh4Z72NwAzP8ZdRxxQKthLGJ30YHM=", - "owner": "hyprwm", - "repo": "Hyprland", - "rev": "fb7548cb41d82f12db2d51b50af29abe4704a1a4", - "type": "github" - }, - "original": { - "owner": "hyprwm", - "repo": "Hyprland", - "type": "github" - } - }, - "hyprland-plugins": { - "inputs": { - "hyprland": [ - "hyprland" - ], - "nixpkgs": [ - "hyprland-plugins", - "hyprland", - "nixpkgs" - ], - "systems": [ - "hyprland-plugins", - "hyprland", - "systems" - ] - }, - "locked": { - "lastModified": 1748526041, - "narHash": "sha256-QyUACXhQJ2+K0YxwEuAfpyCXqbdCCHj1jNAWJy+vUxw=", - "owner": "hyprwm", - "repo": "hyprland-plugins", - "rev": "2eee96fe52fa0923c0aae647eb7901b5b51df3db", - "type": "github" - }, - "original": { - "owner": "hyprwm", - "repo": "hyprland-plugins", - "type": "github" - } - }, - "hyprland-protocols": { - "inputs": { - "nixpkgs": [ - "hyprland", - "nixpkgs" - ], - "systems": [ - "hyprland", - "systems" - ] - }, - "locked": { - "lastModified": 1743714874, - "narHash": "sha256-yt8F7NhMFCFHUHy/lNjH/pjZyIDFNk52Q4tivQ31WFo=", - "owner": "hyprwm", - "repo": "hyprland-protocols", - "rev": "3a5c2bda1c1a4e55cc1330c782547695a93f05b2", - "type": "github" - }, - "original": { - "owner": "hyprwm", - "repo": "hyprland-protocols", - "type": "github" - } - }, - "hyprland-qt-support": { - "inputs": { - "hyprlang": [ - "hyprland", - "hyprland-qtutils", - "hyprlang" - ], - "nixpkgs": [ - "hyprland", - "hyprland-qtutils", - "nixpkgs" - ], - "systems": [ - "hyprland", - "hyprland-qtutils", - "systems" - ] - }, - "locked": { - "lastModified": 1737634706, - "narHash": "sha256-nGCibkfsXz7ARx5R+SnisRtMq21IQIhazp6viBU8I/A=", - "owner": "hyprwm", - "repo": "hyprland-qt-support", - "rev": "8810df502cdee755993cb803eba7b23f189db795", - "type": "github" - }, - "original": { - "owner": "hyprwm", - "repo": "hyprland-qt-support", - "type": "github" - } - }, - "hyprland-qtutils": { - "inputs": { - "hyprland-qt-support": "hyprland-qt-support", - "hyprlang": [ - "hyprland", - "hyprlang" - ], - "hyprutils": [ - "hyprland", - "hyprland-qtutils", - "hyprlang", - "hyprutils" - ], - "nixpkgs": [ - "hyprland", - "nixpkgs" - ], - "systems": [ - "hyprland", - "systems" - ] - }, - "locked": { - "lastModified": 1745951494, - "narHash": "sha256-2dModE32doiyQMmd6EDAQeZnz+5LOs6KXyE0qX76WIg=", - "owner": "hyprwm", - "repo": "hyprland-qtutils", - "rev": "4be1d324faf8d6e82c2be9f8510d299984dfdd2e", - "type": "github" - }, - "original": { - "owner": "hyprwm", - "repo": "hyprland-qtutils", - "type": "github" - } - }, - "hyprlang": { - "inputs": { - "hyprutils": [ - "hyprland", - "hyprutils" - ], - "nixpkgs": [ - "hyprland", - "nixpkgs" - ], - "systems": [ - "hyprland", - "systems" - ] - }, - "locked": { - "lastModified": 1747484975, - "narHash": "sha256-+LAQ81HBwG0lwshHlWe0kfWg4KcChIPpnwtnwqmnoEU=", - "owner": "hyprwm", - "repo": "hyprlang", - "rev": "163c83b3db48a17c113729c220a60b94596c9291", - "type": "github" - }, - "original": { - "owner": "hyprwm", - "repo": "hyprlang", - "type": "github" - } - }, - "hyprutils": { - "inputs": { - "nixpkgs": [ - "hyprland", - "nixpkgs" - ], - "systems": [ - "hyprland", - "systems" - ] - }, - "locked": { - "lastModified": 1746635225, - "narHash": "sha256-W9G9bb0zRYDBRseHbVez0J8qVpD5QbizX67H/vsudhM=", - "owner": "hyprwm", - "repo": "hyprutils", - "rev": "674ea57373f08b7609ce93baff131117a0dfe70d", - "type": "github" - }, - "original": { - "owner": "hyprwm", - "repo": "hyprutils", - "type": "github" - } - }, - "hyprwayland-scanner": { - "inputs": { - "nixpkgs": [ - "hyprland", - "nixpkgs" - ], - "systems": [ - "hyprland", - "systems" - ] - }, - "locked": { - "lastModified": 1747584298, - "narHash": "sha256-PH9qZqWLHvSBQiUnA0NzAyQA3tu2no2z8kz0ZeHWj4w=", - "owner": "hyprwm", - "repo": "hyprwayland-scanner", - "rev": "e511882b9c2e1d7a75d45d8fddd2160daeafcbc3", - "type": "github" - }, - "original": { - "owner": "hyprwm", - "repo": "hyprwayland-scanner", - "type": "github" - } - }, "nixpkgs": { - "locked": { - "lastModified": 1748460289, - "narHash": "sha256-7doLyJBzCllvqX4gszYtmZUToxKvMUrg45EUWaUYmBg=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "96ec055edbe5ee227f28cdbc3f1ddf1df5965102", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_2": { "locked": { "lastModified": 1748929857, "narHash": "sha256-lcZQ8RhsmhsK8u7LIFsJhsLh/pzR9yZ8yqpTzyGdj+Q=", @@ -412,91 +36,10 @@ "type": "github" } }, - "pre-commit-hooks": { - "inputs": { - "flake-compat": "flake-compat", - "gitignore": "gitignore", - "nixpkgs": [ - "hyprland", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1747372754, - "narHash": "sha256-2Y53NGIX2vxfie1rOW0Qb86vjRZ7ngizoo+bnXU9D9k=", - "owner": "cachix", - "repo": "git-hooks.nix", - "rev": "80479b6ec16fefd9c1db3ea13aeb038c60530f46", - "type": "github" - }, - "original": { - "owner": "cachix", - "repo": "git-hooks.nix", - "type": "github" - } - }, "root": { "inputs": { "home-manager": "home-manager", - "hyprland": "hyprland", - "hyprland-plugins": "hyprland-plugins", - "nixpkgs": "nixpkgs_2" - } - }, - "systems": { - "locked": { - "lastModified": 1689347949, - "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", - "owner": "nix-systems", - "repo": "default-linux", - "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default-linux", - "type": "github" - } - }, - "xdph": { - "inputs": { - "hyprland-protocols": [ - "hyprland", - "hyprland-protocols" - ], - "hyprlang": [ - "hyprland", - "hyprlang" - ], - "hyprutils": [ - "hyprland", - "hyprutils" - ], - "hyprwayland-scanner": [ - "hyprland", - "hyprwayland-scanner" - ], - "nixpkgs": [ - "hyprland", - "nixpkgs" - ], - "systems": [ - "hyprland", - "systems" - ] - }, - "locked": { - "lastModified": 1745871725, - "narHash": "sha256-M24SNc2flblWGXFkGQfqSlEOzAGZnMc9QG3GH4K/KbE=", - "owner": "hyprwm", - "repo": "xdg-desktop-portal-hyprland", - "rev": "76bbf1a6b1378e4ab5230bad00ad04bc287c969e", - "type": "github" - }, - "original": { - "owner": "hyprwm", - "repo": "xdg-desktop-portal-hyprland", - "type": "github" + "nixpkgs": "nixpkgs" } } }, diff --git a/desktop/l2/flake.nix b/desktop/l2/flake.nix index 789e968..d50124a 100644 --- a/desktop/l2/flake.nix +++ b/desktop/l2/flake.nix @@ -1,3 +1,6 @@ +# +# l2/flake.nix +# { description = "l2 Flake"; @@ -10,56 +13,30 @@ url = "github:nix-community/home-manager"; inputs.nixpkgs.follows = "nixpkgs"; }; - hyprland.url = "github:hyprwm/Hyprland"; - hyprland-plugins = { - url = "github:hyprwm/hyprland-plugins"; - inputs.hyprland.follows = "hyprland"; - }; }; - #outputs = inputs@{ nixpkgs, home-manager, hyprland, ... }: - outputs = { self, nixpkgs, home-manager, hyprland, ... }: + outputs = { self, nixpkgs, home-manager, ... }: let system = "x86_64-linux"; pkgs = import nixpkgs { inherit system; config = { allowUnfree = true; - allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ - # "nvidia-x11" - # "nvidia-settings" - # "nvidia-persistenced" - "google-chrome" - "android-studio" - "android-studio-stable" - ]; }; }; - lib = nixpkgs.lib; in { nixosConfigurations = { l2 = lib.nixosSystem rec { inherit system; - specialArgs = { - inherit hyprland; - unstable = pkgs; - }; modules = [ ./configuration.nix - hyprland.nixosModules.default home-manager.nixosModules.home-manager { - # https://nix-community.github.io/home-manager/nixos-options.xhtml#nixos-opt-home-manager.useGlobalPkgs - #home-manager.useGlobalPkgs = true; # This disables the Home Manager options nixpkgs.*. home-manager.useUserPackages = true; home-manager.users.das = { config, pkgs, ... }: { - imports = [ - ./home.nix - ]; + imports = [ ./home.nix ]; }; - home-manager.extraSpecialArgs = specialArgs; - # see also: https://github.com/HeinzDev/Hyprland-dotfiles/blob/main/flake.nix } ]; }; diff --git a/desktop/l2/home.nix b/desktop/l2/home.nix index 8459949..f36f1bf 100644 --- a/desktop/l2/home.nix +++ b/desktop/l2/home.nix @@ -1,323 +1,10 @@ { - hyprland, config, pkgs, ... }: { - imports = [ - hyprland.homeManagerModules.default - ]; - - # # Hyprland window manager configuration - # wayland.windowManager.hyprland = { - # enable = true; - # xwayland.enable = true; - # extraConfig = '' - # # Monitor configuration - # monitor=,preferred,auto,1 - - # # Execute-once startup commands - # exec-once = waybar - # exec-once = swaybg -i ~/.config/hypr/wallpaper.jpg - # exec-once = hypridle - # exec-once = wl-paste --type text --watch cliphist store - # exec-once = wl-paste --type image --watch cliphist store - - # # Input configuration - # input { - # kb_layout = us - # kb_variant = - # kb_model = - # kb_options = - # kb_rules = - - # follow_mouse = 1 - # touchpad { - # natural_scroll = true - # scroll_factor = 0.3 - # } - # sensitivity = 0 # -1.0 - 1.0, 0 means no modification. - # } - - # # General settings - # general { - # gaps_in = 5 - # gaps_out = 10 - # border_size = 2 - # col.active_border = rgba(33ccffee) rgba(00ff99ee) 45deg - # col.inactive_border = rgba(595959aa) - # layout = dwindle - # no_cursor_warps = true - # } - - # # Decoration settings - # decoration { - # rounding = 10 - # blur { - # enabled = true - # size = 3 - # passes = 1 - # } - # drop_shadow = true - # shadow_range = 4 - # shadow_render_power = 3 - # col.shadow = rgba(1a1a1aee) - # } - - # # Animation settings - # animations { - # enabled = true - # bezier = myBezier, 0.05, 0.9, 0.1, 1.05 - # animation = windows, 1, 7, myBezier - # animation = windowsOut, 1, 7, default, popin 80% - # animation = border, 1, 10, default - # animation = borderangle, 1, 8, default - # animation = fade, 1, 7, default - # animation = workspaces, 1, 6, default - # } - - # # Layout settings - # dwindle { - # pseudotile = true - # preserve_split = true - # } - - # # Gesture settings - # gestures { - # workspace_swipe = true - # workspace_swipe_fingers = 3 - # } - - # # Keybindings - # bind = SUPER, Q, killactive, - # bind = SUPER, RETURN, exec, ${pkgs.alacritty}/bin/alacritty - # bind = SUPER, D, exec, wofi --show drun - # bind = SUPER, F, fullscreen - # bind = SUPER, H, movefocus, l - # bind = SUPER, L, movefocus, r - # bind = SUPER, K, movefocus, u - # bind = SUPER, J, movefocus, d - # bind = SUPER, left, movewindow, l - # bind = SUPER, right, movewindow, r - # bind = SUPER, up, movewindow, u - # bind = SUPER, down, movewindow, d - # bind = SUPER SHIFT, H, movewindow, l - # bind = SUPER SHIFT, L, movewindow, r - # bind = SUPER SHIFT, K, movewindow, u - # bind = SUPER SHIFT, J, movewindow, d - # bind = SUPER, 1, workspace, 1 - # bind = SUPER, 2, workspace, 2 - # bind = SUPER, 3, workspace, 3 - # bind = SUPER, 4, workspace, 4 - # bind = SUPER, 5, workspace, 5 - # bind = SUPER, 6, workspace, 6 - # bind = SUPER, 7, workspace, 7 - # bind = SUPER, 8, workspace, 8 - # bind = SUPER, 9, workspace, 9 - # bind = SUPER, 0, workspace, 10 - # bind = SUPER SHIFT, 1, movetoworkspace, 1 - # bind = SUPER SHIFT, 2, movetoworkspace, 2 - # bind = SUPER SHIFT, 3, movetoworkspace, 3 - # bind = SUPER SHIFT, 4, movetoworkspace, 4 - # bind = SUPER SHIFT, 5, movetoworkspace, 5 - # bind = SUPER SHIFT, 6, movetoworkspace, 6 - # bind = SUPER SHIFT, 7, movetoworkspace, 7 - # bind = SUPER SHIFT, 8, movetoworkspace, 8 - # bind = SUPER SHIFT, 9, movetoworkspace, 9 - # bind = SUPER SHIFT, 0, movetoworkspace, 10 - # bind = SUPER, mouse_down, workspace, e+1 - # bind = SUPER, mouse_up, workspace, e-1 - # bind = SUPER, period, togglespecialworkspace, magic - # bind = SUPER SHIFT, period, movetoworkspace, special:magic - # bind = SUPER, S, togglesplit, - # bind = SUPER, P, pseudo, - # bind = SUPER, V, togglefloating, - # bind = SUPER, R, exec, wofi --show run - # bind = SUPER, Print, exec, grimblast --notify copysave area - # bind = SUPER SHIFT, Print, exec, grimblast --notify copysave screen - # bind = SUPER, X, exec, wl-clipboard-manager - # bind = SUPER, C, exec, cliphist list | wofi --dmenu | cliphist decode | wl-copy - # ''; - # }; - - # # Waybar configuration - # programs.waybar = { - # enable = true; - # settings = { - # mainBar = { - # layer = "top"; - # position = "top"; - # height = 30; - # spacing = 4; - # modules-left = [ - # "hyprland/workspaces" - # "hyprland/submap" - # ]; - # modules-center = [ - # "hyprland/window" - # ]; - # modules-right = [ - # "pulseaudio" - # "network" - # "cpu" - # "memory" - # "battery" - # "clock" - # ]; - # "hyprland/workspaces" = { - # format = "{name}"; - # on-click = "activate"; - # sort-by-number = true; - # }; - # "hyprland/window" = { - # format = "{}"; - # separate-outputs = true; - # }; - # "pulseaudio" = { - # format = "{icon} {volume}%"; - # format-muted = "🔇"; - # format-icons = { - # headphone = "🎧"; - # handsfree = "📱"; - # headset = "🎧"; - # phone = "☎️"; - # portable = "📱"; - # car = "🚗"; - # default = ["🔈" "🔉" "🔊"]; - # }; - # on-click = "pavucontrol"; - # }; - # "network" = { - # format-wifi = "📶 {essid}"; - # format-ethernet = "🌐 {ipaddr}/{cidr}"; - # format-linked = "🌐 {ifname} (No IP)"; - # format-disconnected = "⚠️ Disconnected"; - # format-alt = "{ifname}: {ipaddr}/{cidr}"; - # }; - # "cpu" = { - # format = "🖥️ {usage}%"; - # tooltip-format = "{usage}% used"; - # }; - # "memory" = { - # format = "🧠 {percentage}%"; - # tooltip-format = "{used:0.1f}GB/{total:0.1f}GB used"; - # }; - # "battery" = { - # states = { - # warning = 30; - # critical = 15; - # }; - # format = "{icon} {capacity}%"; - # format-charging = "⚡ {capacity}%"; - # format-plugged = "🔌 {capacity}%"; - # format-icons = ["🔋" "🔋" "🔋" "🔋" "🔋"]; - # }; - # "clock" = { - # format = "🕒 {:%H:%M}"; - # format-alt = "🕒 {:%Y-%m-%d %H:%M}"; - # tooltip-format = "{:%Y %B}\n{calendar}"; - # }; - # }; - # }; - # style = '' - # * { - # border: none; - # border-radius: 0; - # font-family: "JetBrainsMono Nerd Font"; - # font-size: 13px; - # font-weight: bold; - # min-height: 0; - # } - - # window#waybar { - # background: rgba(21, 18, 27, 0.8); - # color: #cdd6f4; - # } - - # #workspaces button { - # padding: 0 5px; - # background: transparent; - # color: #cdd6f4; - # } - - # #workspaces button:hover { - # background: rgba(0, 0, 0, 0.2); - # } - - # #workspaces button.active { - # background: #7aa2f7; - # color: #1e1e2e; - # } - - # #workspaces button.urgent { - # background: #f38ba8; - # color: #1e1e2e; - # } - - # #battery, - # #cpu, - # #memory, - # #network, - # #pulseaudio, - # #clock { - # padding: 0 10px; - # margin: 0 5px; - # } - - # #battery { - # color: #a6e3a1; - # } - - # #battery.warning { - # color: #f9e2af; - # } - - # #battery.critical { - # color: #f38ba8; - # } - - # #network { - # color: #89b4fa; - # } - - # #pulseaudio { - # color: #cba6f7; - # } - - # #cpu { - # color: #f5c2e7; - # } - - # #memory { - # color: #fab387; - # } - - # #clock { - # color: #89dceb; - # } - # ''; - # }; - - # # Ghostty configuration - # programs.ghostty = { - # enable = true; - # # settings = { - # # settings doesn't work - # }; - # # https://ghostty.zerebos.com/app/import-export - # # no scorllback limit - # # https://github.com/ghostty-org/ghostty/issues/111 - # xdg.configFile."ghostty/config.toml".text = '' - # term = xterm-256color - # scrollback-limit = 10000001 - # image-storage-limit = 320000001 - # clipboard-write = allow - # window-subtitle = working-directory - # background-opacity = 0.91 - # background-blur = 20 - # ''; home = { username = "das"; @@ -352,7 +39,7 @@ hw-probe lshw hwloc - gparted + #gparted ncdu neofetch file @@ -446,264 +133,12 @@ # Filesystem/Monitoring inotify-tools - # # Printing - # hplip - # #hplipWithPlugin - - # # SDR - # gnuradio - # hackrf - # gqrx - # cubicsdr - - # Media - #vlc - # ffmpeg moved to system package - #ffmpeg_7-full - #ffmpeg-full - - # # Go Development - # # https://nixos.wiki/wiki/Go - # # https://nixos.org/manual/nixpkgs/stable/#sec-language-go - # # https://nixos.wiki/wiki/FAQ#How_can_I_install_a_package_from_unstable_while_remaining_on_the_stable_channel.3F - # libcap - # #gcc_multi - # #glibc_multi - # # thunderbird - # #go_1_23 - # go - # gopls - # golint - # golangci-lint - # golangci-lint-langserver - # # trunk is unfree, and i can't work out how to enable unfree - # #trunk-io - # # https://github.com/go-delve/delve - # delve - # # https://github.com/aarzilli/gdlv - # gdlv - # buf - # protobuf_27 - # grpcurl - # # https://github.com/go-gorm/gen - # # https://github.com/infobloxopen/protoc-gen-gorm/blob/main/example/postgres_arrays/buf.gen.yaml - # gorm-gentool - # # removed 24.11 - # #buf-language-server - # # https://tinygo.org/ - # #tinygo - - # # removing bazel and moving to the "nix develop" shell - # # # https://github.com/bazelbuild/bazel/tags - # # # https://github.com/NixOS/nixpkgs/blob/nixos-unstable/pkgs/development/tools/build-managers/bazel/bazel_7/default.nix#L524 - # #bazel_7 - # bazel-buildtools - # bazelisk - - # code-cursor - - # # https://github.com/bazel-contrib/bazel-gazelle/tags - # # https://github.com/NixOS/nixpkgs/blob/nixos-unstable/pkgs/by-name/ba/bazel-gazelle/package.nix#L26 - # bazel-gazelle - # bazel-buildtools - # bazelisk - # # https://github.com/buchgr/bazel-remote - maybe something to look at? - # # https://github.com/buildfarm/buildfarm?tab=readme-ov-file#helm-chart - - # # Debugging/Profiling - # graphviz # for pprof - # strace - - # # Diffing - # meld - - # # Editors - # helix - - # # Rust Development - # # https://nixos.wiki/wiki/Rust - # cargo - # rustc - # rustfmt - # rust-analyzer - # clippy - # #clang_multi - - # # Mobile Development - # flutter - # android-studio - # android-tools - # android-udev-rules - - # nordic - # gnome-themes-extra - # #gnome-shell-extensions - - # # Gnome Related / Extensions - # # gnomeExtensions.emoji-copy - # # gnomeExtensions.workspace-switcher-manager - # gnome-extension-manager - # gnome-usage - # dconf-editor - # gnome-settings-daemon - # gnome-disk-utility - # gnome-software - # gnome-tweaks - # simple-scan - # gnomeExtensions.appindicator - # gnomeExtensions.settingscenter - # gnomeExtensions.system-monitor - # gnomeExtensions.dash-to-dock - # gnomeExtensions.just-perfection - # gnomeExtensions.logo-menu - # gnomeExtensions.wifi-qrcode - # gnomeExtensions.wireless-hid - # gnomeExtensions.user-themes - # gnomeExtensions.tray-icons-reloaded - # gnomeExtensions.vitals - # gnomeExtensions.dash-to-panel - # gnomeExtensions.sound-output-device-chooser - # gnomeExtensions.space-bar - # # https://github.com/AstraExt/astra-monitor - # gnomeExtensions.astra-monitor - # libgtop - - # # Office/Documents - # libreoffice-qt - # hunspell - # hunspellDicts.en_AU - # #hunspellDicts.en_US - # evince - - # # Browsers - # # https://nixos.wiki/wiki/Firefox - # firefox - # # https://nixos.wiki/wiki/Chromium - # chromium - # #google-chrome - # # https://discourse.nixos.org/t/google-chrome-not-working-after-recent-nixos-rebuild/43746 - # (google-chrome.override { - # commandLineArgs = [ - # "--enable-features=UseOzonePlatform" - # "--ozone-platform=wayland" - # ]; - # }) - - # # Communication - # # https://nixos.wiki/wiki/Slack - # slack - # zoom-us - - # # Screenshots/Screen Recording - # # https://wiki.nixos.org/wiki/Flameshot - # flameshot - # #(flameshot.override { enableWlrSupport = true; }) - # grim # screenshot functionality - # slurp # screenshot functionality - # simplescreenrecorder - # # https://wiki.nixos.org/wiki/Gpu-screen-recorder - # gpu-screen-recorder # CLI - # gpu-screen-recorder-gtk # GUI - - # # Graphics - # gimp-with-plugins - - # # Text Editors - # gedit - - # # Containers - # # https://nixos.wiki/wiki/Podman - # dive - # podman - # runc - # skopeo - # podman-tui - # podman-compose - # docker-buildx - - # # Kubernetes - # #clickhouse - # #clickhouse-cli - # # https://github.com/int128/kubelogin - # kubelogin-oidc - # kubectl - # kubernetes-helm - # istioctl - # krew - # kubeshark - # kubectl-ktop - # kubectl-klock - # kube-capacity - # kubectl-images - # kubectl-gadget - # kdash - # # k9s --kubeconfig=dev-d.kubeconfig - # k9s - - # # Misc - # # https://github.com/jrincayc/ucblogo-code - # ucblogo - # # https://github.com/wagoodman/dive - # # dive # Duplicate removed - # # https://github.com/sharkdp/hyperfine - # hyperfine - - # # App Launchers - # rofi-wayland - # wofi - - # # Raspberry Pi - # #rpi-imager - #silly cmatrix sl - #gpu monitoring - #lact ]; - # # vscode - # # https://nixos.wiki/wiki/Visual_Studio_Code - # # https://github.com/thexyno/nixos-config/blob/main/hm-modules/vscode/default.nix - # # nix run github:nix-community/nix-vscode-extensions# -- --list-extensions - # # https://mynixos.com/home-manager/options/programs.vscode - # programs.vscode = { - # enable = true; - # package = pkgs.vscode; - # profiles.default.extensions = with pkgs.vscode-extensions; [ - # dart-code.dart-code - # dart-code.flutter - # golang.go - # hashicorp.terraform - # ms-azuretools.vscode-docker - # ms-vscode-remote.remote-containers - # ms-vscode-remote.remote-ssh - # ms-vscode.makefile-tools - # ms-vscode.cmake-tools - # ms-vscode.cpptools - # ms-vscode.hexeditor - # ms-vscode.makefile-tools - # ms-python.python - # ms-python.vscode-pylance - # ms-kubernetes-tools.vscode-kubernetes-tools - # redhat.vscode-yaml - # rust-lang.rust-analyzer - # tamasfe.even-better-toml - # timonwong.shellcheck - # zxh404.vscode-proto3 - # yzhang.markdown-all-in-one - # jnoortheen.nix-ide - # rust-lang.rust-analyzer - # bazelbuild.vscode-bazel - # ]; - # }; - - #fonts.fonts = with pkgs; [ - # nerdfonts - # meslo-lgs-nf - #]; - programs.bash = { enable = true; enableCompletion = true; @@ -733,109 +168,6 @@ #signing.signByDefault = true; }; - # # https://nixos.wiki/wiki/OBS_Studio - # # TODO add kernel module for virtual camera - # programs.obs-studio = { - # enable = true; - # plugins = with pkgs.obs-studio-plugins; [ - # wlrobs - # obs-backgroundremoval - # obs-pipewire-audio-capture - # ]; - # }; - - # # another example with dark colors: - # # https://github.com/HeinzDev/Hyprland-dotfiles/blob/main/home/home.nix#L70 - # # - # # https://heywoodlh.io/nixos-gnome-settings-and-keyboard-shortcuts - # # https://rycee.gitlab.io/home-manager/options.xhtml#opt-dconf.settings - # dconf.settings = { - # "org/gnome/desktop/wm/preferences" = { - # #button-layout = "close,minimize,maximize,above:appmenu"; - # button-layout = ":minimize,maximize,above,close"; - # num-workspaces = 2; - # }; - # # "org/gnome/desktop/interface" = { - # # color-scheme = "prefer-dark"; - # # }; - # "org/gnome/desktop/interface" = { - # clock-show-seconds = true; - # clock-show-weekday = true; - # color-scheme = "prefer-dark"; - # enable-hot-corners = false; - # font-antialiasing = "grayscale"; - # font-hinting = "slight"; - # gtk-theme = "Nordic"; - # icon-theme = "Papirus-Dark"; - # cursor-theme = "Adwaita"; - # toolkit-accessibility = false; - # }; - # "org/gnome/shell" = { - # disable-user-extensions = false; - # favorite-apps = [ - # "firefox.desktop" - # "google-chrome.desktop" - # "code.desktop" - # "chromium.desktop" - # "alacritty.desktop" - # #"kitty.desktop" - # "slack.desktop" - # "ghostty.desktop" - # ]; - # # "org/gnome/shell/extensions/user-theme" = { - # # name = "Nordic"; - # # }; - # enabled-extensions = with pkgs.gnomeExtensions; [ - # blur-my-shell.extensionUuid - # gsconnect.extensionUuid - # ]; - # }; - # }; - - # home.file."containers.conf" = { - # target = ".config/containers/containers.conf"; - # # https://docs.podman.io/en/v4.6.0/markdown/options/security-opt.html - # # https://github.com/containers/common/blob/main/docs/containers.conf.5.md - # text = '' - # [containers] - # annotations=["run.oci.keep_original_groups=1",] - # label=false - # #seccomp=unconfined - # ''; - # }; - # home.file."registries.conf" = { - # target = ".config/containers/registries.conf"; - # text = '' - # [registries.search] - # registries = ['docker.io'] - # ''; - # # text = '' - # # [registries.search] - # # registries = ['docker.io', 'registry.gitlab.com'] - # # ''; - # }; - # home.file."policy.json" = { - # target = ".config/containers/policy.json"; - # text = '' - # { - # "default": [ - # { - # "type": "insecureAcceptAnything" - # } - # ], - # "transports": - # { - # "docker-daemon": - # { - # "": [{"type":"insecureAcceptAnything"}] - # } - # } - # } - # ''; - # }; - # # https://github.com/colemickens/nixcfg/blob/1915d408ea28a5b7279f94df7a982dbf2cf692ef/mixins/ghostty.nix#L19 - - # set at flake.nix level nixpkgs.config.allowUnfree = true; home.stateVersion = "24.11"; diff --git a/desktop/l2/hostapd-multi.nix b/desktop/l2/hostapd-multi.nix index 81644e3..359dc1b 100644 --- a/desktop/l2/hostapd-multi.nix +++ b/desktop/l2/hostapd-multi.nix @@ -4,116 +4,250 @@ { config, lib, pkgs, ... }: -{ +let + radioIfaces = { + # non-DFS channels + wlp35s0 = 36; + wlp65s0 = 40; + wlp66s0 = 44; + wlp97s0 = 48; + }; + + commonSettings = { + bridge = "br0"; + ieee80211w = 2; + + # WMM tuning + wmm_ac_be_aifs = 1; + wmm_ac_be_cwmin = 4; + wmm_ac_be_cwmax = 4; + wmm_ac_be_txop_limit = 32; + wmm_ac_be_acm = 0; + }; + + commonAuth = { + mode = "wpa3-sae"; + saePasswords = [{ password = "strongpassword"; }]; + }; + + genRadio = iface: channel: { + countryCode = "US"; + band = "5g"; + channel = channel; + + networks.${iface} = { + ssid = "myssid"; + authentication = commonAuth; + settings = commonSettings; + }; + }; + +in { + # systemctl status kea services.hostapd.enable = true; + services.hostapd.radios = lib.genAttrs (builtins.attrNames radioIfaces) + (iface: genRadio iface radioIfaces.${iface}); - services.hostapd.radios = { - wlp35s0 = { - countryCode = "US"; - band = "5g"; - channel = 52; - - networks.wlp35s0 = { - ssid = "myssid"; - authentication = { - mode = "wpa3-sae"; - saePasswords = [ - { password = "strongpassword"; } - ]; - }; - settings = { - bridge = "br0"; - ieee80211w = 2; + # systemctl status kea-dhcp4-server.service + services.kea = { + dhcp4 = { + enable = true; + settings = { + valid-lifetime = 3600; + renew-timer = 900; + rebind-timer = 1800; + interfaces-config.interfaces = [ "br0" ]; + lease-database = { + type = "memfile"; + persist = true; + name = "/var/lib/kea/dhcp4.leases"; }; + subnet4 = [ + { + id = 1; + subnet = "192.168.1.0/24"; + pools = [{ pool = "192.168.1.100 - 192.168.1.200"; }]; + option-data = [ + { name = "routers"; data = "192.168.1.1"; } + { name = "domain-name-servers"; data = "192.168.1.1"; } + ]; + } + ]; }; }; + }; - wlp65s0 = { - countryCode = "US"; - band = "5g"; - channel = 56; - - networks.wlp65s0 = { - ssid = "myssid"; - authentication = { - mode = "wpa3-sae"; - saePasswords = [ - { password = "strongpassword"; } - ]; - }; - settings = { - bridge = "br0"; - ieee80211w = 2; - }; + # services.dnsmasq = { + # enable = true; + # resolveLocalQueries = false; + + # settings = { + # port = 0; # disable dns + # interface = "br0"; + # bind-interfaces = true; + + # dhcp-range = "192.168.1.100,192.168.1.199,12h"; + # dhcp-option = [ + # "option:router,192.168.1.1" + # "option:dns-server,192.168.1.1" + # ]; + # }; + # }; + + # PowerDNS Recursor + # sudo lsof -i :53 + # systemctl status pdns-recursor + services.pdns-recursor = { + enable = true; + dns.address = [ "127.0.0.1" "::1" "192.168.1.1" "fd00::1" ]; + dns.allowFrom = [ "127.0.0.1/32" "::1/128" "192.168.1.0/24" "fd00::/64" ]; + yaml-settings = { + recursor = { + serve_rfc1918 = true; }; }; + }; - wlp66s0 = { - countryCode = "US"; - band = "5g"; - channel = 60; - - networks.wlp66s0 = { - ssid = "myssid"; - authentication = { - mode = "wpa3-sae"; - saePasswords = [ - { password = "strongpassword"; } - ]; - }; - settings = { - bridge = "br0"; - ieee80211w = 2; - }; + # # IPv6 SLAAC via radvd + # # systemctl status radvd + # services.radvd = { + # enable = true; + # config = '' + # interface br0 { + # AdvSendAdvert on; + # prefix fd00::/64 { + # AdvOnLink on; + # AdvAutonomous on; + # }; + # RDNSS fd00::1 { + # AdvRDNSSLifetime 600; + # }; + # }; + # ''; + # }; + + # https://nixos.wiki/wiki/Systemd-networkd + networking.useNetworkd = true; + networking.useDHCP = false; + systemd.network.enable = true; + + #https://www.freedesktop.org/software/systemd/man/latest/systemd.netdev.html + systemd.network.netdevs = { + "br0" = { + netdevConfig = { + Kind = "bridge"; + Name = "br0"; }; }; + }; - wlp97s0 = { - countryCode = "US"; - band = "5g"; - channel = 64; - - networks.wlp97s0 = { - ssid = "myssid"; - authentication = { - mode = "wpa3-sae"; - saePasswords = [ - { password = "strongpassword"; } - ]; - }; - settings = { - bridge = "br0"; - ieee80211w = 2; - }; - }; + # add dummy0 to force br0 up + systemd.network.netdevs."dummy0" = { + netdevConfig = { + Kind = "dummy"; + Name = "dummy0"; }; }; - networking = { - networkmanager.enable = false; - useDHCP = false; - - bridges.br0.interfaces = [ ]; - - interfaces."br0" = { - ipv4.addresses = [{ - address = "192.168.1.1"; - prefixLength = 24; - }]; - ipv6.addresses = [{ - address = "fd00::1"; - prefixLength = 64; - }]; +systemd.network.networks."dummy0" = { + matchConfig.Name = "dummy0"; + networkConfig = { + Bridge = "br0"; + }; +}; + + # https://www.freedesktop.org/software/systemd/man/latest/systemd.network.html + systemd.network.networks = { + "enp1s0" = { + matchConfig.Name = "enp1s0"; + networkConfig = { + DHCP = "ipv4"; + IPv6AcceptRA = true; + IPv6PrivacyExtensions = true; + #IPMasquerade = true; + LLDP = true; + EmitLLDP = true; + }; }; - interfaces."enp1s0".useDHCP = true; + "br0" = { + matchConfig.Name = "br0"; + networkConfig = { + Address = [ + "192.168.1.1/24" + "fd00::1/64" + ]; + ConfigureWithoutCarrier = true; + }; + linkConfig = { + ActivationPolicy = "always-up"; + }; + cakeConfig = { + Bandwidth = "100M"; # Set your desired bandwidth + OverheadBytes = 8; + CompensationMode = "ptm"; # e.g. for DSL, change as needed + NAT = true; + FlowIsolationMode = "triple"; + PriorityQueueingPreset = "besteffort"; + }; + }; - nat = { - enable = true; - externalInterface = "enp1s0"; - internalInterfaces = [ "br0" ]; + "wlan" = { + matchConfig.Type = "wlan"; + linkConfig = { + Unmanaged = true; + }; }; }; + + # # Networking setup + # networking = { + + # networkmanager.enable = false; + + # # useNetworkd = true; + + # # useDHCP = false; + + # # # Need an interface to bring it up, to allow the IP assignment + # # bridges.br0.interfaces = [ ]; + + # # interfaces.br0 = { + # # ipv4.addresses = [{ + # # address = "192.168.1.1"; + # # prefixLength = 24; + # # }]; + # # ipv6.addresses = [{ + # # address = "fd00::1"; + # # prefixLength = 64; + # # }]; + # # }; + + # # interfaces.enp1s0.useDHCP = true; + + # nat = { + # enable = true; + # externalInterface = "enp1s0"; + # internalInterfaces = [ "br0" ]; + # }; + # }; + + # Disable conflicting resolvers and provide local one + services.resolved.enable = false; + networking.nameservers = [ "127.0.0.1" "::1" ]; + + environment.etc."resolv.conf".text = '' + # dnsmasq + nameserver 127.0.0.1 + nameserver ::1 + # emergency cloudflare + nameserver 1.1.1.1 + nameserver 2606:4700:4700::1111 + ''; } +#systemctl status kea +#systemctl status pdns-recursor +#systemctl status radvd + # end \ No newline at end of file From 98185dcc4852da2ff6f32e1c6d37197beddafd63 Mon Sep 17 00:00:00 2001 From: "randomizedcoder dave.seddon.ca@gmail.com" Date: Thu, 26 Jun 2025 15:40:36 -0700 Subject: [PATCH 20/25] more work --- desktop/l2/configuration.nix | 157 ++++---------------------- desktop/l2/flake.lock | 12 +- desktop/l2/hardware-configuration.nix | 2 +- desktop/l2/hostapd-multi.nix | 119 ++++++++++++------- desktop/l2/systemPackages.nix | 13 +-- 5 files changed, 109 insertions(+), 194 deletions(-) diff --git a/desktop/l2/configuration.nix b/desktop/l2/configuration.nix index 0781370..23fcf3c 100644 --- a/desktop/l2/configuration.nix +++ b/desktop/l2/configuration.nix @@ -1,12 +1,7 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running 'nixos-help'). - -# sudo nixos-rebuild switch -# sudo nix-channel --update -# nix-shell -p vim -# nmcli device wifi connect MYSSID password PWORD -# systemctl restart display-manager.service +# +# +# l2/configuration.nix +# { inputs, @@ -50,23 +45,14 @@ enable = true; consoleMode = "max"; memtest86.enable = true; + configurationLimit = 20; }; loader.efi.canTouchEfiVariables = true; # https://nixos.wiki/wiki/Linux_kernel - #kernelPackages = pkgs.linuxPackages; # need to run this old kernel to allow nvidia driver to compile :( #kernelPackages = pkgs.linuxPackages; kernelPackages = pkgs.linuxPackages_latest; - #boot.kernelPackages = pkgs.linuxPackages_rpi4 - - # # https://github.com/tolgaerok/nixos-2405-gnome/blob/main/core/boot/efi/efi.nix#L56C5-L56C21 - # kernelParams = [ - # "nvidia-drm.modeset=1" - # "nvidia-drm.fbdev=1" - # # https://www.reddit.com/r/NixOS/comments/u5l3ya/cant_start_x_in_nixos/?rdt=56160 - # #"nomodeset" - # ]; initrd.kernelModules = [ "amdgpu" @@ -77,18 +63,19 @@ #"i915" ]; - # https://wiki.nixos.org/wiki/NixOS_on_ARM/Building_Images#Compiling_through_binfmt_QEMU - # https://nixos.org/manual/nixos/stable/options#opt-boot.binfmt.emulatedSystems - binfmt.emulatedSystems = [ "aarch64-linux" "riscv64-linux" ]; - - extraModulePackages = [ - config.boot.kernelPackages.v4l2loopback - ]; + initrd.preDeviceCommands = '' + echo "Loading regulatory database early" + cp ${pkgs.wireless-regdb}/lib/firmware/regulatory.db /lib/firmware/ + cp ${pkgs.wireless-regdb}/lib/firmware/regulatory.db.p7s /lib/firmware/ + ''; + # cat /proc/cmdline + # cat /etc/modprobe.d/nixos.conf extraModprobeConfig = '' - options kvm_intel nested=1 - options v4l2loopback devices=1 video_nr=1 card_label="OBS Cam" exclusive_caps=1 + options cfg80211 ieee80211_regdom=US + options iwlwifi lar_disable=1 ''; + }; # https://fzakaria.com/2025/02/26/nix-pragmatism-nix-ld-and-envfs @@ -100,7 +87,6 @@ stdenv.cc.cc.lib zlib libxml2 - # Add more libraries as needed ]; }; @@ -109,9 +95,6 @@ enable = true; }; - # For OBS - security.polkit.enable = true; - nix = { settings = { auto-optimise-store = true; @@ -136,22 +119,7 @@ time.timeZone = "America/Los_Angeles"; - services.udev.packages = [ pkgs.gnome-settings-daemon ]; - # services.udev.packages = [ pkgs.gnome.gnome-settings-daemon ]; - - # # https://nixos.wiki/wiki/NixOS_Wiki:Audio - # services.pulseaudio.enable = false; # Use Pipewire, the modern sound subsystem - - # security.rtkit.enable = true; # Enable RealtimeKit for audio purposes - - # services.pipewire = { - # enable = true; - # alsa.enable = true; - # alsa.support32Bit = true; - # pulse.enable = true; - # # Uncomment the following line if you want to use JACK applications - # # jack.enable = true; - # }; + systemd.services.systemd-udev-settle.enable = false; services.openssh.enable = true; programs.ssh.extraConfig = '' @@ -164,6 +132,7 @@ services.lldpd.enable = true; services.timesyncd.enable = true; services.fstrim.enable = true; + services.avahi = { enable = true; nssmdns4 = true; @@ -172,27 +141,6 @@ openFirewall = true; }; - services.bpftune.enable = true; - # Enable touchpad support (enabled default in most desktopManager). - # services.libinput.enable = true; - - # https://nixos.wiki/wiki/Printing - #services.printing.enable = true; - - # https://wiki.nixos.org/wiki/Flameshot - # services.flameshot = { - # enable = true; - # settings.General = { - # showStartupLaunchMessage = false; - # saveLastRegion = true; - # }; - # }; - - systemd.services.modem-manager.enable = false; - systemd.services."dbus-org.freedesktop.ModemManager1".enable = false; - - services.clickhouse.enable = false; - # environment.variables defined in hardware-graphics.nix environment.sessionVariables = { TERM = "xterm-256color"; @@ -211,80 +159,11 @@ ]; }; - # package moved to systemPackages.nix - # environment.systemPackages = with pkgs; [ - - # Some programs need SUID wrappers, can be configured further or are - # started in user sessions. - # programs.mtr.enable = true; - programs.gnupg.agent = { enable = true; enableSSHSupport = true; }; - # hardware.graphics = { - # enable = true; # auto includes mesa - # package = pkgs.mesa; - # extraPackages = with pkgs; [ - # libglvnd - # libva-vdpau-driver - # libvdpau-va-gl - # rocmPackages.clr.icd - # ]; - # }; - # services.xserver = { - # enable = true; - # videoDrivers = [ "amdgpu" ]; - # xkb = { - # layout = "us"; - # variant = ""; - # }; - # }; - - # services.desktopManager.gnome.enable = true; - # services.displayManager.gdm.enable = true; - - # # https://nixos.wiki/wiki/AMD_GPU - # systemd.tmpfiles.rules = [ - # "L+ /opt/rocm/hip - - - - ${pkgs.rocmPackages.clr}" - # ]; - # systemd.services.lactd.wantedBy = [ "multi-user.target" ]; - - # xdg.portal = { - # enable = true; - # extraPortals = with pkgs; [ xdg-desktop-portal-gtk ]; - # config.common.default = "gtk"; - # }; - - # # https://wiki.hyprland.org/Nix/Hyprland-on-NixOS/ - # programs.hyprland = { - # enable = true; - # xwayland.enable = true; - # }; - - # Open ports in the firewall. - # networking.firewall.allowedTCPPorts = [ ... ]; - # networking.firewall.allowedUDPPorts = [ ... ]; - # Or disable the firewall altogether. - # networking.firewall.enable = false; - - # # https://nixos.wiki/wiki/Podman - # virtualisation.podman = { - # enable = true; - # dockerCompat = true; - # defaultNetwork.settings.dns_enabled = true; - # autoPrune.enable = true; - # }; - # #virtualisation.oci-containers.backend = "podman"; - # # virtualisation.oci-containers.containers = { - # # container-name = { - # # image = "container-image"; - # # autoStart = true; - # # ports = [ "127.0.0.1:1234:1234" ]; - # # }; - # # }; - # https://nixos.wiki/wiki/Virt-manager virtualisation.libvirtd.enable = true; #programs.virt-manager.enable = true; @@ -307,3 +186,5 @@ }; } + +# end \ No newline at end of file diff --git a/desktop/l2/flake.lock b/desktop/l2/flake.lock index d442d19..cb18004 100644 --- a/desktop/l2/flake.lock +++ b/desktop/l2/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1749160002, - "narHash": "sha256-IM3xKjsKxhu7Y1WdgTltrLKiOJS8nW7D4SUDEMNr7CI=", + "lastModified": 1750798083, + "narHash": "sha256-DTCCcp6WCFaYXWKFRA6fiI2zlvOLCf5Vwx8+/0R8Wc4=", "owner": "nix-community", "repo": "home-manager", - "rev": "68cc9eeb3875ae9682c04629f20738e1e79d72aa", + "rev": "ff31a4677c1a8ae506aa7e003a3dba08cb203f82", "type": "github" }, "original": { @@ -22,11 +22,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1748929857, - "narHash": "sha256-lcZQ8RhsmhsK8u7LIFsJhsLh/pzR9yZ8yqpTzyGdj+Q=", + "lastModified": 1750741721, + "narHash": "sha256-Z0djmTa1YmnGMfE9jEe05oO4zggjDmxOGKwt844bUhE=", "owner": "nixos", "repo": "nixpkgs", - "rev": "c2a03962b8e24e669fb37b7df10e7c79531ff1a4", + "rev": "4b1164c3215f018c4442463a27689d973cffd750", "type": "github" }, "original": { diff --git a/desktop/l2/hardware-configuration.nix b/desktop/l2/hardware-configuration.nix index a771efe..6533ac6 100644 --- a/desktop/l2/hardware-configuration.nix +++ b/desktop/l2/hardware-configuration.nix @@ -34,7 +34,7 @@ # (the default) this is the recommended approach. When using systemd-networkd it's # still possible to use this option, but it's recommended to use it in conjunction # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; + # networking.useDHCP = lib.mkDefault true; # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; diff --git a/desktop/l2/hostapd-multi.nix b/desktop/l2/hostapd-multi.nix index 359dc1b..e52850d 100644 --- a/desktop/l2/hostapd-multi.nix +++ b/desktop/l2/hostapd-multi.nix @@ -1,5 +1,5 @@ # -# hostapd-multi.nix +# l2/hostapd-multi.nix # { config, lib, pkgs, ... }: @@ -32,8 +32,18 @@ let genRadio = iface: channel: { countryCode = "US"; - band = "5g"; + band = "2g"; + # 5g isn't working for some reason. Can't set the region to US. + #band = "5g"; channel = channel; + # settings = { + # country_code = "US"; + # ieee80211d = true; + # ieee80211h = false; + # # he_su_beamformer = 1; + # # he_su_beamformee = 1; + # # he_bss_color = 8; + # }; networks.${iface} = { ssid = "myssid"; @@ -43,7 +53,51 @@ let }; in { - # systemctl status kea + + # AX210 kernel bug + # https://bugzilla.kernel.org/show_bug.cgi?id=206469#c2 + + # Moved to configuration.nix + #boot.initrd.preDeviceCommands = '' + # echo "Loading regulatory database early" + # cp ${pkgs.wireless-regdb}/lib/firmware/regulatory.db /lib/firmware/ + # cp ${pkgs.wireless-regdb}/lib/firmware/regulatory.db.p7s /lib/firmware/ + #''; + + # This is now set in the configuration.nix + # boot.extraModprobeConfig = '' + # options cfg80211 ieee80211_regdom=US + # options iwlwifi lar_disable=1 + # ''; + + # install the firmware for the wireless interface + # ls /lib/firmware/regulatory.db + # see also: https://discourse.nixos.org/t/direct-firmware-load-for-regulatory-db-failed/16317 + hardware = { + enableAllFirmware = true; + enableRedistributableFirmware = true; + wirelessRegulatoryDatabase = true; + #firmware = with pkgs; [ wireless-regdb ]; + }; + + systemd.tmpfiles.rules = [ + "L+ /lib/firmware/regulatory.db - - - - ${pkgs.wireless-regdb}/lib/firmware/regulatory.db" + "L+ /lib/firmware/regulatory.db.p7s - - - - ${pkgs.wireless-regdb}/lib/firmware/regulatory.db.p7s" + ]; + + systemd.services.set-regdom = { + description = "Force regulatory domain before hostapd"; + wantedBy = [ "multi-user.target" ]; + after = [ "network-pre.target" "sysinit.target" ]; # Ensure network stack and devices are ready + before = [ "hostapd.service" "network-online.target" ]; # Run before hostapd and general network comes up + serviceConfig = { + Type = "oneshot"; + ExecStart = "${pkgs.iw}/bin/iw reg set US"; + ExecStopPost = "${pkgs.iw}/bin/iw reg get"; + }; + }; + + # systemctl status hostapd services.hostapd.enable = true; services.hostapd.radios = lib.genAttrs (builtins.attrNames radioIfaces) (iface: genRadio iface radioIfaces.${iface}); @@ -76,23 +130,12 @@ in { }; }; }; - - # services.dnsmasq = { - # enable = true; - # resolveLocalQueries = false; - - # settings = { - # port = 0; # disable dns - # interface = "br0"; - # bind-interfaces = true; - - # dhcp-range = "192.168.1.100,192.168.1.199,12h"; - # dhcp-option = [ - # "option:router,192.168.1.1" - # "option:dns-server,192.168.1.1" - # ]; - # }; - # }; + services.prometheus.exporters.kea = { + enable = true; + openFirewall = true; + #port = 9547; # default port ( https://mynixos.com/nixpkgs/option/services.prometheus.exporters.kea.port ) + targets = [ "/run/kea/kea-dhcp4.socket" ]; + }; # PowerDNS Recursor # sudo lsof -i :53 @@ -108,23 +151,23 @@ in { }; }; - # # IPv6 SLAAC via radvd - # # systemctl status radvd - # services.radvd = { - # enable = true; - # config = '' - # interface br0 { - # AdvSendAdvert on; - # prefix fd00::/64 { - # AdvOnLink on; - # AdvAutonomous on; - # }; - # RDNSS fd00::1 { - # AdvRDNSSLifetime 600; - # }; - # }; - # ''; - # }; + # IPv6 SLAAC via radvd + # systemctl status radvd + services.radvd = { + enable = true; + config = '' + interface br0 { + AdvSendAdvert on; + prefix fd00::/64 { + AdvOnLink on; + AdvAutonomous on; + }; + RDNSS fd00::1 { + AdvRDNSSLifetime 600; + }; + }; + ''; + }; # https://nixos.wiki/wiki/Systemd-networkd networking.useNetworkd = true; @@ -183,7 +226,7 @@ systemd.network.networks."dummy0" = { ActivationPolicy = "always-up"; }; cakeConfig = { - Bandwidth = "100M"; # Set your desired bandwidth + Bandwidth = "1000M"; # Set your desired bandwidth OverheadBytes = 8; CompensationMode = "ptm"; # e.g. for DSL, change as needed NAT = true; diff --git a/desktop/l2/systemPackages.nix b/desktop/l2/systemPackages.nix index 3efe32c..38a0c56 100644 --- a/desktop/l2/systemPackages.nix +++ b/desktop/l2/systemPackages.nix @@ -29,22 +29,13 @@ neofetch libxml2 # Added for bazel/clang development - # Wayland support - xwayland - meson - wayland-protocols - wayland-utils - wl-clipboard - - xscreensaver - clinfo lact hostapd bridge-utils + wireless-regdb + linux-firmware - # https://wiki.nixos.org/wiki/Flameshot - #(flameshot.override { enableWlrSupport = true; }) ]; } From 9e6214769bc22e677f7bb6fcc5a67554021f913a Mon Sep 17 00:00:00 2001 From: "randomizedcoder dave.seddon.ca@gmail.com" Date: Thu, 26 Jun 2025 15:40:42 -0700 Subject: [PATCH 21/25] more work --- desktop/l2/hostapd-multi.nix | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/desktop/l2/hostapd-multi.nix b/desktop/l2/hostapd-multi.nix index e52850d..05a790c 100644 --- a/desktop/l2/hostapd-multi.nix +++ b/desktop/l2/hostapd-multi.nix @@ -130,12 +130,12 @@ in { }; }; }; - services.prometheus.exporters.kea = { - enable = true; - openFirewall = true; - #port = 9547; # default port ( https://mynixos.com/nixpkgs/option/services.prometheus.exporters.kea.port ) - targets = [ "/run/kea/kea-dhcp4.socket" ]; - }; + # services.prometheus.exporters.kea = { + # enable = true; + # openFirewall = true; + # #port = 9547; # default port ( https://mynixos.com/nixpkgs/option/services.prometheus.exporters.kea.port ) + # targets = [ "/run/kea/kea-dhcp4.socket" ]; + # }; # PowerDNS Recursor # sudo lsof -i :53 From d6dd3177e5c19d3bd0ec1d2d0d3e56f1e7c03188 Mon Sep 17 00:00:00 2001 From: "randomizedcoder dave.seddon.ca@gmail.com" Date: Fri, 27 Jun 2025 17:18:31 -0700 Subject: [PATCH 22/25] l2 ap working --- desktop/l/flake.nix | 16 +-- desktop/l/home.nix | 36 +++--- desktop/l2/configuration.nix | 27 ++-- desktop/l2/firewall.nix | 105 +++++++++++---- desktop/l2/flake.nix | 64 +++++++--- desktop/l2/hardware-configuration.nix | 3 +- desktop/l2/hostapd-multi.nix | 176 ++++++++++++++++++++------ desktop/l2/network-optimization.nix | 33 +++++ desktop/l2/sysctl.nix | 23 +++- desktop/l2/systemPackages.nix | 6 +- hostapd/Makefile | 24 ++++ hostapd/flake.lock | 27 ++++ hostapd/flake.nix | 45 +++++++ hp/hp1/hosts.nix | 1 - hp/hp4/hosts.nix | 1 - laptops/t/hosts.nix | 1 - laptops/t14/hosts.nix | 1 - 17 files changed, 454 insertions(+), 135 deletions(-) create mode 100644 desktop/l2/network-optimization.nix create mode 100644 hostapd/Makefile create mode 100644 hostapd/flake.lock create mode 100644 hostapd/flake.nix diff --git a/desktop/l/flake.nix b/desktop/l/flake.nix index 8d3b012..947553c 100644 --- a/desktop/l/flake.nix +++ b/desktop/l/flake.nix @@ -25,14 +25,14 @@ inherit system; config = { allowUnfree = true; - allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ - # "nvidia-x11" - # "nvidia-settings" - # "nvidia-persistenced" - "google-chrome" - "android-studio" - "android-studio-stable" - ]; + allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ + # "nvidia-x11" + # "nvidia-settings" + # "nvidia-persistenced" + "google-chrome" + "android-studio" + "android-studio-stable" + ]; }; }; lib = nixpkgs.lib; diff --git a/desktop/l/home.nix b/desktop/l/home.nix index 58384fc..d45c1a7 100644 --- a/desktop/l/home.nix +++ b/desktop/l/home.nix @@ -373,24 +373,24 @@ tmux screen - # LLVM/Clang toolchain (needed for race detection and C/C++ builds) - llvmPackages_20.clang-tools - llvmPackages_20.lld - - # LLVM C++ Standard Library, compiler runtime, and unwind library - llvmPackages_20.stdenv - llvmPackages_20.libcxxStdenv - llvmPackages_20.libcxxClang - llvmPackages_20.libcxx # Provides libc++.so, libc++.a (libraries) - llvmPackages_20.libcxx.dev # Provides C++ headers - # do NOT include llvm.libc-full, because it will override glibc - #llvm.libc-full - llvmPackages_20.compiler-rt # Provides libclang_rt.builtins*.a - llvmPackages_20.compiler-rt.dev # Provides libclang_rt headers - llvmPackages_20.libunwind # Provides libunwind for exception handling - llvmPackages_20.libunwind.dev # Provides libunwind headers - - libclang libclang.dev libclang.lib + # # LLVM/Clang toolchain (needed for race detection and C/C++ builds) + # llvmPackages_20.clang-tools + # llvmPackages_20.lld + + # # LLVM C++ Standard Library, compiler runtime, and unwind library + # #llvmPackages_20.stdenv + # llvmPackages_20.libcxxStdenv + # llvmPackages_20.libcxxClang + # llvmPackages_20.libcxx # Provides libc++.so, libc++.a (libraries) + # llvmPackages_20.libcxx.dev # Provides C++ headers + # # do NOT include llvm.libc-full, because it will override glibc + # #llvm.libc-full + # llvmPackages_20.compiler-rt # Provides libclang_rt.builtins*.a + # llvmPackages_20.compiler-rt.dev # Provides libclang_rt headers + # llvmPackages_20.libunwind # Provides libunwind for exception handling + # llvmPackages_20.libunwind.dev # Provides libunwind headers + + # llvmPackages_20.libclang llvmPackages_20.libclang.dev llvmPackages_20.libclang.lib # Essential development libraries (minimal headers) glibc glibc.dev glibc.static diff --git a/desktop/l2/configuration.nix b/desktop/l2/configuration.nix index 23fcf3c..e0822fb 100644 --- a/desktop/l2/configuration.nix +++ b/desktop/l2/configuration.nix @@ -32,12 +32,13 @@ ./grafana.nix # clickhouse #./docker-compose.nix - ./docker-daemon.nix + #./docker-daemon.nix #./smokeping.nix #./distributed-builds.nix #./hyprland.nix #./hostapd.nix ./hostapd-multi.nix + ./network-optimization.nix ]; boot = { @@ -164,27 +165,17 @@ enableSSHSupport = true; }; - # https://nixos.wiki/wiki/Virt-manager - virtualisation.libvirtd.enable = true; - #programs.virt-manager.enable = true; - virtualisation.spiceUSBRedirection.enable = true; + # # https://nixos.wiki/wiki/Virt-manager + # virtualisation.libvirtd.enable = true; + # #programs.virt-manager.enable = true; + # virtualisation.spiceUSBRedirection.enable = true; - virtualisation.containers = { - ociSeccompBpfHook.enable = true; - }; - - # guest - # services.qemuGuest.enable = true; - # services.spice-vdagentd.enable = true; - - # https://wiki.nixos.org/wiki/Laptop + # virtualisation.containers = { + # ociSeccompBpfHook.enable = true; + # }; system.stateVersion = "24.11"; - nixpkgs.config = { - allowUnfree = true; - }; - } # end \ No newline at end of file diff --git a/desktop/l2/firewall.nix b/desktop/l2/firewall.nix index 449b44f..93b693d 100644 --- a/desktop/l2/firewall.nix +++ b/desktop/l2/firewall.nix @@ -1,32 +1,83 @@ { config, pkgs, ... }: { - # Open ports in the firewall. - # networking.firewall.allowedTCPPorts = [ ... ]; - # networking.firewall.allowedUDPPorts = [ ... ]; - # Or disable the firewall altogether. - # networking.firewall.enable = false; - - # https://nixos.wiki/wiki/Firewall - # https://scvalex.net/posts/54/ - # sudo nft --stateless list table filter - # sudo sudo iptables-save - networking.firewall = { - enable = false; - allowedTCPPorts = [ - 22 # ssh - 5001 # iperf2 - ]; - # allowedTCPPorts = [ 22 5001 ]; - # #allowedUDPPortRanges = [ - # # { from = 4000; to = 4007; } - # # { from = 8000; to = 8010; } - # #]; - # NixOS automagically creates stateful connection tracking, which we don't want - # for performance reasons - # extraCommands = '' - # iptables --delete nixos-fw -m conntrack --ctstate RELATED,ESTABLISHED -j nixos-fw-accept || true - # ''; + # Disable the default iptables firewall since we're using nftables + networking.firewall.enable = false; + + # Enable nftables with connection tracking for maximum security + networking.nftables = { + enable = true; + ruleset = '' + table inet filter { + chain input { + type filter hook input priority 0; policy drop; + + # Enable connection tracking + ct state established,related accept + ct state invalid drop + + # Allow loopback + iif lo accept + oif lo accept + + # Allow SSH from anywhere + tcp dport 22 accept + + # Allow DNS queries + udp dport 53 accept + tcp dport 53 accept + + # Allow DHCP + udp dport 67 accept + udp dport 547 accept + + # Allow ICMP (ping, etc.) + icmp type echo-request accept + icmpv6 type echo-request accept + + # Allow RA (Router Advertisement) + icmpv6 type nd-router-advert accept + } + + chain forward { + type filter hook forward priority 0; policy drop; + + # Allow traffic from internal network to external + # Use meta iifname to avoid interface existence check at load time + meta iifname "br0" oifname "enp1s0" accept + + # Allow return traffic from external to internal + meta iifname "enp1s0" oifname "br0" ct state established,related accept + } + + chain output { + type filter hook output priority 0; policy accept; + } + } + + table ip nat { + chain prerouting { + type nat hook prerouting priority dstnat; + } + + chain postrouting { + type nat hook postrouting priority srcnat; + # IPv4 masquerading + meta oifname "enp1s0" masquerade + } + } + + table ip6 nat { + chain prerouting { + type nat hook prerouting priority dstnat; + } + + chain postrouting { + type nat hook postrouting priority srcnat; + # IPv6 masquerading + meta oifname "enp1s0" masquerade + } + } + ''; }; - # networking.firewall.interfaces."eth0".allowedTCPPorts = [ 80 443 ]; } \ No newline at end of file diff --git a/desktop/l2/flake.nix b/desktop/l2/flake.nix index d50124a..2d609cc 100644 --- a/desktop/l2/flake.nix +++ b/desktop/l2/flake.nix @@ -18,28 +18,56 @@ outputs = { self, nixpkgs, home-manager, ... }: let system = "x86_64-linux"; + + lib = nixpkgs.lib; + + overlays = { + default = final: prev: { + hostapd = prev.hostapd.overrideDerivation (old: { + version = "2.10"; + src = final.fetchurl { + url = "https://w1.fi/releases/hostapd-2.10.tar.gz"; + sha256 = "0pcik0a6yin9nib02frjhaglmg44hwik086iwg1751b7kdwpqvi0"; + # nix-prefetch-url https://w1.fi/releases/hostapd-2.10.tar.gz + }; + patches = [ + (final.fetchpatch { + url = "https://tildearrow.org/storage/hostapd-2.10-lar.patch"; + sha256 = "USiHBZH5QcUJfZSxGoFwUefq3ARc4S/KliwUm8SqvoI="; + }) + ]; + }); + }; + }; + pkgs = import nixpkgs { inherit system; - config = { - allowUnfree = true; - }; + overlays = [ overlays.default ]; + config.allowUnfree = true; }; - lib = nixpkgs.lib; + in { - nixosConfigurations = { - l2 = lib.nixosSystem rec { - inherit system; - modules = [ - ./configuration.nix - home-manager.nixosModules.home-manager - { - home-manager.useUserPackages = true; - home-manager.users.das = { config, pkgs, ... }: { - imports = [ ./home.nix ]; - }; - } - ]; + nixosConfigurations = { + l2 = lib.nixosSystem { + + inherit system; + + modules = [ + ./configuration.nix + { + nixpkgs.pkgs = pkgs; + } + home-manager.nixosModules.home-manager + { + home-manager.useUserPackages = true; + home-manager.users.das = { config, pkgs, ... }: { + imports = [ ./home.nix ]; + }; + } + ]; + }; }; }; - }; } + +# end \ No newline at end of file diff --git a/desktop/l2/hardware-configuration.nix b/desktop/l2/hardware-configuration.nix index 6533ac6..e1b1083 100644 --- a/desktop/l2/hardware-configuration.nix +++ b/desktop/l2/hardware-configuration.nix @@ -1,4 +1,4 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ +# Do not modify this file! It was generated by 'nixos-generate-config' # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. { config, lib, pkgs, modulesPath, ... }: @@ -37,6 +37,5 @@ # networking.useDHCP = lib.mkDefault true; # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true; - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; } diff --git a/desktop/l2/hostapd-multi.nix b/desktop/l2/hostapd-multi.nix index 05a790c..abe57a2 100644 --- a/desktop/l2/hostapd-multi.nix +++ b/desktop/l2/hostapd-multi.nix @@ -32,9 +32,8 @@ let genRadio = iface: channel: { countryCode = "US"; - band = "2g"; - # 5g isn't working for some reason. Can't set the region to US. - #band = "5g"; + #band = "2g"; + band = "5g"; channel = channel; # settings = { # country_code = "US"; @@ -207,7 +206,7 @@ systemd.network.networks."dummy0" = { DHCP = "ipv4"; IPv6AcceptRA = true; IPv6PrivacyExtensions = true; - #IPMasquerade = true; + # IPMasquerade handled by nftables for better control LLDP = true; EmitLLDP = true; }; @@ -243,38 +242,6 @@ systemd.network.networks."dummy0" = { }; }; - # # Networking setup - # networking = { - - # networkmanager.enable = false; - - # # useNetworkd = true; - - # # useDHCP = false; - - # # # Need an interface to bring it up, to allow the IP assignment - # # bridges.br0.interfaces = [ ]; - - # # interfaces.br0 = { - # # ipv4.addresses = [{ - # # address = "192.168.1.1"; - # # prefixLength = 24; - # # }]; - # # ipv6.addresses = [{ - # # address = "fd00::1"; - # # prefixLength = 64; - # # }]; - # # }; - - # # interfaces.enp1s0.useDHCP = true; - - # nat = { - # enable = true; - # externalInterface = "enp1s0"; - # internalInterfaces = [ "br0" ]; - # }; - # }; - # Disable conflicting resolvers and provide local one services.resolved.enable = false; networking.nameservers = [ "127.0.0.1" "::1" ]; @@ -293,4 +260,141 @@ systemd.network.networks."dummy0" = { #systemctl status pdns-recursor #systemctl status radvd +# [das@l2:~/nixos/desktop/l2]$ sudo ethtool --driver enp1s0 +# driver: atlantic +# version: 6.15.3 +# firmware-version: 4.2.32 +# expansion-rom-version: +# bus-info: 0000:01:00.0 +# supports-statistics: yes +# supports-test: no +# supports-eeprom-access: no +# supports-register-dump: yes +# supports-priv-flags: yes + +# [das@l2:~/nixos/desktop/l2]$ sudo ethtool --show-ring enp1s0 +# Ring parameters for enp1s0: +# Pre-set maximums: +# RX: 8184 +# RX Mini: n/a +# RX Jumbo: n/a +# TX: 8184 +# TX push buff len: n/a +# Current hardware settings: +# RX: 2048 +# RX Mini: n/a +# RX Jumbo: n/a +# TX: 4096 +# RX Buf Len: n/a +# CQE Size: n/a +# TX Push: off +# RX Push: off +# TX push buff len: n/a +# TCP data split: n/a + +# [das@l2:~/nixos/desktop/l2]$ sudo ethtool --show-features enp1s0 +# Features for enp1s0: +# rx-checksumming: on +# tx-checksumming: on +# tx-checksum-ipv4: off [fixed] +# tx-checksum-ip-generic: on +# tx-checksum-ipv6: off [fixed] +# tx-checksum-fcoe-crc: off [fixed] +# tx-checksum-sctp: off [fixed] +# scatter-gather: on +# tx-scatter-gather: on +# tx-scatter-gather-fraglist: off [fixed] +# tcp-segmentation-offload: on +# tx-tcp-segmentation: on +# tx-tcp-ecn-segmentation: off [fixed] +# tx-tcp-mangleid-segmentation: off +# tx-tcp6-segmentation: on +# tx-tcp-accecn-segmentation: off [fixed] +# generic-segmentation-offload: on +# generic-receive-offload: on +# large-receive-offload: off +# rx-vlan-offload: on +# tx-vlan-offload: on +# ntuple-filters: on +# receive-hashing: on +# highdma: off [fixed] +# rx-vlan-filter: on +# vlan-challenged: off [fixed] +# tx-gso-robust: off [fixed] +# tx-fcoe-segmentation: off [fixed] +# tx-gre-segmentation: off [fixed] +# tx-gre-csum-segmentation: off [fixed] +# tx-ipxip4-segmentation: off [fixed] +# tx-ipxip6-segmentation: off [fixed] +# tx-udp_tnl-segmentation: off [fixed] +# tx-udp_tnl-csum-segmentation: off [fixed] +# tx-gso-partial: on +# tx-tunnel-remcsum-segmentation: off [fixed] +# tx-sctp-segmentation: off [fixed] +# tx-esp-segmentation: off [fixed] +# tx-udp-segmentation: on +# tx-gso-list: off [fixed] +# tx-nocache-copy: off +# loopback: off [fixed] +# rx-fcs: off [fixed] +# rx-all: off [fixed] +# tx-vlan-stag-hw-insert: off [fixed] +# rx-vlan-stag-hw-parse: off [fixed] +# rx-vlan-stag-filter: off [fixed] +# l2-fwd-offload: off [fixed] +# hw-tc-offload: on +# esp-hw-offload: off [fixed] +# esp-tx-csum-hw-offload: off [fixed] +# rx-udp_tunnel-port-offload: off [fixed] +# tls-hw-tx-offload: off [fixed] +# tls-hw-rx-offload: off [fixed] +# rx-gro-hw: off [fixed] +# tls-hw-record: off [fixed] +# rx-gro-list: off +# macsec-hw-offload: off [fixed] +# rx-udp-gro-forwarding: off +# hsr-tag-ins-offload: off [fixed] +# hsr-tag-rm-offload: off [fixed] +# hsr-fwd-offload: off [fixed] +# hsr-dup-offload: off [fixed] + +# [das@l2:~/nixos/desktop/l2]$ + +# [das@l2:~/nixos/desktop/l2]$ sudo ethtool --show-coalesce enp1s0 +# Coalesce parameters for enp1s0: +# Adaptive RX: n/a TX: n/a +# stats-block-usecs: n/a +# sample-interval: n/a +# pkt-rate-low: n/a +# pkt-rate-high: n/a + +# rx-usecs: 256 +# rx-frames: 0 +# rx-usecs-irq: n/a +# rx-frames-irq: n/a + +# tx-usecs: 1022 +# tx-frames: 0 +# tx-usecs-irq: n/a +# tx-frames-irq: n/a + +# rx-usecs-low: n/a +# rx-frame-low: n/a +# tx-usecs-low: n/a +# tx-frame-low: n/a + +# rx-usecs-high: n/a +# rx-frame-high: n/a +# tx-usecs-high: n/a +# tx-frame-high: n/a + +# CQE mode RX: n/a TX: n/a + +# tx-aggr-max-bytes: n/a +# tx-aggr-max-frames: n/a +# tx-aggr-time-usecs: n/a + + +# [das@l2:~/nixos/desktop/l2]$ + # end \ No newline at end of file diff --git a/desktop/l2/network-optimization.nix b/desktop/l2/network-optimization.nix new file mode 100644 index 0000000..3ed4a4c --- /dev/null +++ b/desktop/l2/network-optimization.nix @@ -0,0 +1,33 @@ +{ config, pkgs, ... }: + +{ + # Network interface optimizations for Atlantic NIC + # Run before network-online.target to avoid driver reinitialization + systemd.services.network-optimization = { + description = "Optimize network interface settings"; + wantedBy = [ "multi-user.target" ]; + before = [ "network-online.target" ]; + after = [ "network-pre.target" ]; + serviceConfig = { + Type = "oneshot"; + ExecStart = '' + # Ring buffer optimizations + ${pkgs.ethtool}/bin/ethtool -G enp1s0 rx 8184 tx 8184 + + # Feature optimizations + ${pkgs.ethtool}/bin/ethtool -K enp1s0 lro on + ${pkgs.ethtool}/bin/ethtool -K enp1s0 tx-checksum-ipv4 on + ${pkgs.ethtool}/bin/ethtool -K enp1s0 tx-tcp-ecn-segmentation on + ${pkgs.ethtool}/bin/ethtool -K enp1s0 rx-gro-list on + + # Interrupt coalescing optimizations for WiFi access point + # Reduce interrupt frequency for better performance with multiple clients + # Defaults: rx-usecs=256 rx-frames=0 tx-usecs=1022 tx-frames=0 + # Changes: rx-usecs=512 rx-frames=32 tx-usecs=1024 tx-frames=32 + ${pkgs.ethtool}/bin/ethtool -C enp1s0 rx-usecs 512 rx-frames 32 + ${pkgs.ethtool}/bin/ethtool -C enp1s0 tx-usecs 1024 tx-frames 32 + ''; + RemainAfterExit = true; + }; + }; +} \ No newline at end of file diff --git a/desktop/l2/sysctl.nix b/desktop/l2/sysctl.nix index fb31883..3f7519e 100644 --- a/desktop/l2/sysctl.nix +++ b/desktop/l2/sysctl.nix @@ -41,7 +41,8 @@ #net.core.rmem_max = 212992 #net.core.wmem_default = 212992 #net.core.wmem_max = 212992 - "net.ipv4.ip_local_port_range" = "1025 65535"; + #not using 1025 because the kernel complains about wanting different parity + "net.ipv4.ip_local_port_range" = "1026 65535"; #net.ipv4.ip_local_port_range ="32768 60999" # #net.ipv4.inet_peer_maxttl = 600 @@ -57,5 +58,25 @@ "net.ipv4.ip_forward" = 1; "net.ipv6.conf.all.forwarding" = 1; + + # Additional network optimizations for WiFi access point + # TCP optimizations + "net.ipv4.tcp_window_scaling" = 1; + "net.ipv4.tcp_sack" = 1; + "net.ipv4.tcp_fack" = 1; + "net.ipv4.tcp_fin_timeout" = 30; + + # Increase connection tracking table size for multiple WiFi clients + "net.netfilter.nf_conntrack_max" = 262144; + "net.netfilter.nf_conntrack_tcp_timeout_established" = 86400; + + # Network interface optimizations + "net.core.netdev_max_backlog" = 5000; + "net.core.netdev_budget" = 600; # default 300 + "net.core.netdev_budget_usecs" = 8000; #default 2000, increasing to 8ms + + # IPv6 optimizations + "net.ipv6.tcp_rmem" = "4096 1000000 16000000"; + "net.ipv6.tcp_wmem" = "4096 1000000 16000000"; }; } \ No newline at end of file diff --git a/desktop/l2/systemPackages.nix b/desktop/l2/systemPackages.nix index 38a0c56..c02c920 100644 --- a/desktop/l2/systemPackages.nix +++ b/desktop/l2/systemPackages.nix @@ -1,12 +1,12 @@ +# +# l2/systemPackages.nix +# { config, pkgs, ... }: { - # set at flake.nix level - nixpkgs.config.allowUnfree = true; - # $ nix search wget environment.systemPackages = with pkgs; [ # Basic system tools diff --git a/hostapd/Makefile b/hostapd/Makefile new file mode 100644 index 0000000..13d2ac6 --- /dev/null +++ b/hostapd/Makefile @@ -0,0 +1,24 @@ +# +# nixos/hostapd/Makefile +# +EXPECTED_HOSTNAME := l2 + +ACTUAL_HOSTNAME := $(shell hostname) + +all: check_hostname rebuild + +check_hostname: +ifeq ($(ACTUAL_HOSTNAME),$(EXPECTED_HOSTNAME)) + @echo "Hostnames match: $(ACTUAL_HOSTNAME)" +else + @echo "Error: Hostname does not match. Expected: $(EXPECTED_HOSTNAME), Got: $(ACTUAL_HOSTNAME)" + @exit 1 +endif + +rebuild: + sudo nixos-rebuild switch --flake . + +update: + sudo nix flake update; + +# end \ No newline at end of file diff --git a/hostapd/flake.lock b/hostapd/flake.lock new file mode 100644 index 0000000..58966e9 --- /dev/null +++ b/hostapd/flake.lock @@ -0,0 +1,27 @@ +{ + "nodes": { + "nixpkgs": { + "locked": { + "lastModified": 1750776420, + "narHash": "sha256-/CG+w0o0oJ5itVklOoLbdn2dGB0wbZVOoDm4np6w09A=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "30a61f056ac492e3b7cdcb69c1e6abdcf00e39cf", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "nixpkgs": "nixpkgs" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/hostapd/flake.nix b/hostapd/flake.nix new file mode 100644 index 0000000..4e250fe --- /dev/null +++ b/hostapd/flake.nix @@ -0,0 +1,45 @@ +# +# nixos/hostapd/flake.nix +# +{ + description = "NixOS with hostapd 2.10 + patch"; + + inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; + + outputs = { self, nixpkgs }: { + nixosConfigurations.l2 = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + + pkgs = import nixpkgs { + system = "x86_64-linux"; + overlays = [ + (final: prev: { + hostapd = prev.hostapd.overrideDerivation (old: { + version = "2.10"; + src = final.fetchurl { + url = "https://w1.fi/releases/hostapd-2.10.tar.gz"; + sha256 = "0pcik0a6yin9nib02frjhaglmg44hwik086iwg1751b7kdwpqvi0"; + }; + patches = (old.patches or []) ++ [ + (final.fetchpatch { + url = "https://tildearrow.org/storage/hostapd-2.10-lar.patch"; + sha256 = "USiHBZH5QcUJfZSxGoFwUefq3ARc4S/KliwUm8SqvoI="; + }) + ]; + }); + }) + ]; + config.allowUnfree = true; + }; + + modules = [ + ({ config, pkgs, ... }: { + environment.systemPackages = [ pkgs.hostapd ]; + services.hostapd.enable = false; + }) + ]; + }; + }; +} + +# end \ No newline at end of file diff --git a/hp/hp1/hosts.nix b/hp/hp1/hosts.nix index 3af6575..b60a4f0 100644 --- a/hp/hp1/hosts.nix +++ b/hp/hp1/hosts.nix @@ -12,6 +12,5 @@ "172.16.40.70" = ["hp5" "hp5eth"]; "172.16.40.122" = ["pi5-1" "pi5-1-eth"]; "172.16.40.62" = ["chromebox3" "chromebox3-eth"]; - "127.0.0.1" = ["redpanda-0"]; }; } \ No newline at end of file diff --git a/hp/hp4/hosts.nix b/hp/hp4/hosts.nix index 3af6575..b60a4f0 100644 --- a/hp/hp4/hosts.nix +++ b/hp/hp4/hosts.nix @@ -12,6 +12,5 @@ "172.16.40.70" = ["hp5" "hp5eth"]; "172.16.40.122" = ["pi5-1" "pi5-1-eth"]; "172.16.40.62" = ["chromebox3" "chromebox3-eth"]; - "127.0.0.1" = ["redpanda-0"]; }; } \ No newline at end of file diff --git a/laptops/t/hosts.nix b/laptops/t/hosts.nix index 3af6575..b60a4f0 100644 --- a/laptops/t/hosts.nix +++ b/laptops/t/hosts.nix @@ -12,6 +12,5 @@ "172.16.40.70" = ["hp5" "hp5eth"]; "172.16.40.122" = ["pi5-1" "pi5-1-eth"]; "172.16.40.62" = ["chromebox3" "chromebox3-eth"]; - "127.0.0.1" = ["redpanda-0"]; }; } \ No newline at end of file diff --git a/laptops/t14/hosts.nix b/laptops/t14/hosts.nix index 3af6575..b60a4f0 100644 --- a/laptops/t14/hosts.nix +++ b/laptops/t14/hosts.nix @@ -12,6 +12,5 @@ "172.16.40.70" = ["hp5" "hp5eth"]; "172.16.40.122" = ["pi5-1" "pi5-1-eth"]; "172.16.40.62" = ["chromebox3" "chromebox3-eth"]; - "127.0.0.1" = ["redpanda-0"]; }; } \ No newline at end of file From 05b769a0280298537b11a05e8e06570c1c794289 Mon Sep 17 00:00:00 2001 From: "randomizedcoder dave.seddon.ca@gmail.com" Date: Fri, 27 Jun 2025 17:18:37 -0700 Subject: [PATCH 23/25] working --- desktop/l2/CPU_and_IRQ_optimization.md | 427 +++++++++++++++++++++++++ desktop/l2/README.md | 318 ++++++++++++++++++ desktop/l2/configuration.nix | 4 + desktop/l2/firewall.nix | 38 +++ desktop/l2/irq-affinity.nix | 243 ++++++++++++++ desktop/l2/kernel-params.nix | 119 +++++++ desktop/l2/monitoring.nix | 373 +++++++++++++++++++++ desktop/l2/network-optimization.nix | 83 +++-- desktop/l2/sysctl.nix | 43 +++ 9 files changed, 1630 insertions(+), 18 deletions(-) create mode 100644 desktop/l2/CPU_and_IRQ_optimization.md create mode 100644 desktop/l2/README.md create mode 100644 desktop/l2/irq-affinity.nix create mode 100644 desktop/l2/kernel-params.nix create mode 100644 desktop/l2/monitoring.nix diff --git a/desktop/l2/CPU_and_IRQ_optimization.md b/desktop/l2/CPU_and_IRQ_optimization.md new file mode 100644 index 0000000..044d67a --- /dev/null +++ b/desktop/l2/CPU_and_IRQ_optimization.md @@ -0,0 +1,427 @@ +# CPU and IRQ Optimization for L2 WiFi Access Point + +## System Overview + +The L2 system is equipped with an **AMD Ryzen Threadripper PRO 3945WX** featuring: +- **12 physical cores** with **24 logical threads** (SMT enabled) +- **4 NUMA nodes** with **64 MiB L3 cache** total +- **6 MiB L2 cache** (12 instances) +- **384 KiB L1 cache** per core (data + instruction) + +## Current Interrupt Distribution Analysis + +### Network Interface Interrupts + +#### Ethernet Interface (enp1s0) - Atlantic Driver +- **IRQ 168-175**: 8 MSI-X vectors distributed across cores 16-23 +- **Current distribution**: + - IRQ 168: CPU 16 (5,051 interrupts) + - IRQ 169: CPU 17 (706 interrupts) + - IRQ 170: CPU 18 (4,608 interrupts) + - IRQ 171: CPU 20 (85 interrupts) + - IRQ 172: CPU 22 (115 interrupts) + - IRQ 173: CPU 23 (521 interrupts) + - IRQ 174: CPU 14 (108 interrupts) + - IRQ 175: CPU 15 (3,924 interrupts) + +#### WiFi Interfaces (4x Intel iwlwifi) +- **wlp35s0** (IRQ 179-194): 16 MSI-X vectors, mostly on CPU 21 +- **wlp65s0** (IRQ 198-213): 16 MSI-X vectors, mostly on CPU 23 +- **wlp66s0** (IRQ 214-229): 16 MSI-X vectors, mostly on CPU 14 +- **wlp97s0** (IRQ 231-246): 16 MSI-X vectors, mostly on CPU 15 + +### Storage and Other Interrupts +- **NVMe drives**: Heavy interrupt load on cores 8-13, 20-23 +- **USB controllers**: Scattered across cores 5-6, 18 +- **GPU**: Core 3 (19,866 interrupts) + +## Current Issues + +### 1. **Interrupt Contention** +- Network interrupts are competing with storage I/O on the same cores +- WiFi interfaces are clustered on a few cores (14, 15, 21, 23) +- No isolation between network processing and userland workloads + +### 2. **Cache Inefficiency** +- Network interrupts and userland processes share the same CPU caches +- SMT threads on the same physical core compete for cache resources +- No NUMA awareness for network processing + +### 3. **Suboptimal Core Utilization** +- Cores 0-7, 9, 11, 13, 16-19, 22 have minimal network interrupt load +- Heavy network processing concentrated on cores 14, 15, 21, 23 +- No dedicated cores for network processing + +## Proposed Optimization Strategy + +### Phase 1: Core Isolation and Dedication + +#### Network Processing Cores (0-7) +**Dedicated cores for critical network interrupts and processing:** +- **Cores 0-3**: Primary network processing (4 physical cores, 8 logical threads) +- **Cores 4-7**: Secondary network processing (4 physical cores, 8 logical threads) +- **Services**: hostapd, nftables, network-optimization +- **Slice**: network-processing +- **Benefits**: + - Dedicated L1/L2 cache for network processing + - No competition with userland workloads + - Better cache locality for network data structures + +#### Network Services Cores (8-15) +**Dedicated cores for network infrastructure services:** +- **Cores 8-15**: Network services (8 logical threads) +- **Services**: DHCP (Kea), DNS (PowerDNS), IPv6 RA (radvd) +- **Slice**: network-services +- **Benefits**: + - Dedicated resources for network infrastructure + - Isolated from critical network processing + - Better performance for network services + +#### Userland Processing Cores (16-23) +**Remaining cores for system services and userland:** +- **Cores 16-23**: Userland processes, monitoring, system services +- **Slice**: userland-processing +- **Benefits**: + - Isolated from network interrupt processing + - Dedicated resources for monitoring and system services + - Better performance for non-network workloads + +### Phase 2: IRQ Affinity Optimization + +#### Ethernet Interface (enp1s0) +```bash +# Distribute across dedicated network cores +echo 0 > /proc/irq/168/smp_affinity_list # Core 0 +echo 1 > /proc/irq/169/smp_affinity_list # Core 1 +echo 2 > /proc/irq/170/smp_affinity_list # Core 2 +echo 3 > /proc/irq/171/smp_affinity_list # Core 3 +echo 4 > /proc/irq/172/smp_affinity_list # Core 4 +echo 5 > /proc/irq/173/smp_affinity_list # Core 5 +echo 6 > /proc/irq/174/smp_affinity_list # Core 6 +echo 7 > /proc/irq/175/smp_affinity_list # Core 7 +``` + +#### WiFi Interfaces +**wlp35s0 (IRQ 179-194):** +```bash +# Distribute across cores 0-3 +for irq in {179..194}; do + echo $((irq - 179)) > /proc/irq/$irq/smp_affinity_list +done +``` + +**wlp65s0 (IRQ 198-213):** +```bash +# Distribute across cores 4-7 +for irq in {198..213}; do + echo $((irq - 198 + 4)) > /proc/irq/$irq/smp_affinity_list +done +``` + +**wlp66s0 (IRQ 214-229):** +```bash +# Distribute across cores 0-3 (alternating pattern) +for irq in {214..229}; do + echo $(((irq - 214) % 4)) > /proc/irq/$irq/smp_affinity_list +done +``` + +**wlp97s0 (IRQ 231-246):** +```bash +# Distribute across cores 4-7 (alternating pattern) +for irq in {231..246}; do + echo $(((irq - 231) % 4 + 4)) > /proc/irq/$irq/smp_affinity_list +done +``` + +### Phase 3: Systemd Slice Configuration + +#### Network Processing Slice +Create a dedicated slice for critical network processing: + +```nix +systemd.slices = { + network-processing = { + description = "Critical network processing (hostapd, nftables)"; + sliceConfig = { + CPUAffinity = "0-7"; # Dedicated network cores + Nice = -10; # Higher priority + IOSchedulingClass = 1; # Real-time I/O + IOSchedulingPriority = 4; + MemoryHigh = "2G"; # Limit memory usage + MemoryMax = "4G"; # Hard memory limit + }; + }; +}; +``` + +#### Network Services Slice +```nix +systemd.slices = { + network-services = { + description = "Network services (DHCP, DNS, RA)"; + sliceConfig = { + CPUAffinity = "8-15"; # Dedicated network services cores + Nice = -5; # High priority + MemoryHigh = "1G"; # Limit memory usage + MemoryMax = "2G"; # Hard memory limit + }; + }; +}; +``` + +#### Userland Processing Slice +```nix +systemd.slices = { + userland-processing = { + description = "Userland processing (monitoring, system services)"; + sliceConfig = { + CPUAffinity = "16-23"; # Remaining cores + Nice = 0; # Normal priority + MemoryHigh = "4G"; # Limit memory usage + MemoryMax = "8G"; # Hard memory limit + }; + }; +}; +``` + +### Phase 4: Kernel Parameter Optimization + +#### CPU Isolation +```bash +# Boot parameters +isolcpus=0-7 # Isolate network cores from scheduler +nohz_full=0-7 # Disable tick for network cores +rcu_nocbs=0-7 # Disable RCU callbacks on network cores +``` + +#### Network Stack Optimization +```bash +# Kernel parameters for network performance +net.core.netdev_budget = 600 +net.core.netdev_budget_usecs = 8000 +net.core.netdev_tstamp_prequeue = 0 +net.core.rps_sock_flow_entries = 32768 +``` + +### Phase 5: NUMA Optimization + +#### Memory Allocation +```bash +# Bind network processes to NUMA node 0 +numactl --cpunodebind=0 --membind=0 +``` + +#### Network Buffer Allocation +```bash +# Allocate network buffers from local NUMA node +echo 0 > /proc/sys/vm/numa_balancing +``` + +## Implementation Plan + +### Step 1: Create IRQ Affinity Script +Create a systemd service to set IRQ affinities at boot: + +```nix +systemd.services.irq-affinity = { + description = "Set IRQ affinity for network optimization"; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" "systemd-udev-settle.service" ]; + before = [ "hostapd.service" "kea-dhcp4-server.service" ]; + + serviceConfig = { + Type = "oneshot"; + ExecStart = "${pkgs.writeShellScript "irq-affinity" '' + #!/bin/bash + # Ethernet interface IRQs + echo 0 > /proc/irq/168/smp_affinity_list + echo 1 > /proc/irq/169/smp_affinity_list + # ... (complete script) + ''}"; + RemainAfterExit = true; + }; +}; +``` + +### Step 2: CPU Affinity for Network Services +```nix +systemd.services = { + # Critical network processing (network-processing slice) + hostapd = { + serviceConfig = { + Slice = "network-processing"; + CPUAffinity = "0-7"; + Nice = -10; + }; + }; + + nftables = { + serviceConfig = { + Slice = "network-processing"; + CPUAffinity = "0-7"; + Nice = -5; + }; + }; + + # Network services (network-services slice) + kea-dhcp4-server = { + serviceConfig = { + Slice = "network-services"; + CPUAffinity = "8-15"; + Nice = -5; + }; + }; + + pdns-recursor = { + serviceConfig = { + Slice = "network-services"; + CPUAffinity = "8-15"; + Nice = -5; + }; + }; + + radvd = { + serviceConfig = { + Slice = "network-services"; + CPUAffinity = "8-15"; + Nice = -5; + }; + }; + + # Monitoring services (userland-processing slice) + network-monitoring = { + serviceConfig = { + Slice = "userland-processing"; + CPUAffinity = "16-23"; + Nice = 0; + }; + }; +}; +``` + +### Step 3: Kernel Boot Parameters +```nix +boot.kernelParams = [ + "isolcpus=0-7" + "nohz_full=0-7" + "rcu_nocbs=0-7" + "net.core.netdev_budget=600" + "net.core.netdev_budget_usecs=8000" +]; +``` + +## Expected Performance Improvements + +### 1. **Reduced Interrupt Latency** +- Dedicated cores eliminate competition for CPU resources +- Better cache locality reduces memory access latency +- SMT isolation prevents cache pollution + +### 2. **Improved Throughput** +- Parallel processing across 8 dedicated network cores +- Better interrupt distribution reduces bottlenecks +- Optimized cache utilization for network data structures + +### 3. **Lower CPU Overhead** +- Reduced context switching on network cores +- Better interrupt coalescing effectiveness +- Optimized memory allocation patterns + +### 4. **Enhanced Scalability** +- Better support for multiple concurrent WiFi clients +- Improved handling of burst traffic +- More predictable performance under load + +### 5. **Better Resource Management** +- Memory limits prevent resource contention +- Slice-based isolation improves system stability +- Automatic restart policies for critical services + +## Monitoring and Verification + +### IRQ Distribution Check +```bash +# Monitor IRQ distribution +watch -n 1 'cat /proc/interrupts | grep -E "(enp1s0|iwlwifi)"' +``` + +### CPU Utilization Monitoring +```bash +# Monitor CPU usage per core +mpstat -P ALL 1 +``` + +### Slice Status Monitoring +```bash +# Check slice status and resource usage +systemctl status network-processing.slice network-services.slice userland-processing.slice +``` + +### Network Performance Testing +```bash +# Test network throughput +iperf3 -s # On network cores +iperf3 -c # From client +``` + +### Cache Performance +```bash +# Monitor cache misses +perf stat -e cache-misses,cache-references -p +``` + +## Configuration Files + +### 1. `irq-affinity.nix` +Network IRQ affinity configuration and slice definitions + +### 2. `kernel-params.nix` +Kernel boot parameters for optimization + +### 3. `monitoring.nix` +Performance monitoring and logging configuration + +### 4. `sysctl.nix` +Runtime kernel network parameters + +## System Architecture + +``` +Internet (enp1s0) + ↓ +[NAT/Firewall] ← nftables with connection tracking (cores 0-7, network-processing slice) + ↓ +[Bridge (br0)] ← 192.168.1.1/24, fd00::1/64 + ↓ +[WiFi Clients] ← 4x WiFi interfaces with hostapd 2.10 (cores 0-7, network-processing slice) + ↓ +[Network Services] ← DHCP, DNS, RA (cores 8-15, network-services slice) + ↓ +[Userland Services] ← Monitoring, system services (cores 16-23, userland-processing slice) +``` + +## Services Overview + +| Service | Purpose | CPU Cores | Priority | Slice | +|---------|---------|-----------|----------|-------| +| hostapd | WiFi access point | 0-7 | -10 (RT) | network-processing | +| nftables | Firewall/NAT | 0-7 | -5 | network-processing | +| Kea | DHCP server | 8-15 | -5 | network-services | +| PowerDNS | DNS resolver | 8-15 | -5 | network-services | +| radvd | IPv6 RA | 8-15 | -5 | network-services | +| CAKE | QoS | 0-7 | -5 | network-processing | +| Monitoring | Performance tracking | 16-23 | 0 | userland-processing | + +## Conclusion + +This optimization strategy provides: +- **Dedicated network processing cores** (0-7) for maximum performance +- **Dedicated network services cores** (8-15) for infrastructure services +- **Isolated userland processing** (16-23) for system stability +- **Optimized IRQ distribution** across dedicated cores +- **Slice-based resource management** with memory limits +- **NUMA-aware memory allocation** for better locality +- **Kernel parameter tuning** for network performance + +The result is a high-performance WiFi access point optimized for maximum network throughput with minimal latency and CPU overhead, featuring a clean and maintainable systemd hierarchy with proper resource isolation. \ No newline at end of file diff --git a/desktop/l2/README.md b/desktop/l2/README.md new file mode 100644 index 0000000..6f5ab64 --- /dev/null +++ b/desktop/l2/README.md @@ -0,0 +1,318 @@ +# L2 WiFi Access Point Configuration + +This directory contains the NixOS configuration for a high-performance WiFi access point with 4x WiFi NICs, designed to handle multiple concurrent clients with optimized network performance. + +## Overview + +The L2 system is configured as a dedicated WiFi access point with: +- **4x WiFi NICs** for high-capacity wireless networking +- **Custom hostapd 2.10** with LAR (License Assisted Radar) patch +- **Advanced network services** (DHCP, DNS, IPv6 RA) +- **nftables firewall** with connection tracking and NAT +- **Network interface optimizations** for maximum performance +- **CPU and IRQ optimizations** for dedicated network processing + +## WiFi Configuration + +### Hostapd 2.10 with LAR Patch + +The system uses a custom hostapd 2.10 build with the LAR (License Assisted Radar) patch applied. This is configured in `flake.nix`: + +```nix +overlays = { + default = final: prev: { + hostapd = prev.hostapd.overrideDerivation (old: { + version = "2.10"; + src = final.fetchurl { + url = "https://w1.fi/releases/hostapd-2.10.tar.gz"; + sha256 = "0pcik0a6yin9nib02frjhaglmg44hwik086iwg1751b7kdwpqvi0"; + }; + # Replace all patches with just the LAR patch + patches = [ + (final.fetchpatch { + url = "https://tildearrow.org/storage/hostapd-2.10-lar.patch"; + sha256 = "USiHBZH5QcUJfZSxGoFwUefq3ARc4S/KliwUm8SqvoI="; + }) + ]; + }); + }; +}; +``` + +**Why hostapd 2.10?** +- Better support for modern WiFi features +- Improved performance and stability +- LAR patch enables License Assisted Radar functionality +- **Note**: Default nixpkgs hostapd version is 2.11, but the LAR patch can only be applied to 2.10 + +**LAR Patch Benefits:** +- Enables radar detection and avoidance +- Required for certain regulatory domains +- Improves coexistence with radar systems +- **Reference**: [Making hostapd LAR-friendly on Intel 5GHz wireless cards](https://tildearrow.org/?p=post&month=7&year=2022&item=lar) + +The LAR patch addresses issues with Intel wireless cards that use Location-Aware Regulatory (LAR) to automatically detect the country/regulatory domain. The patch modifies hostapd to scan for nearby networks before setting up the access point, which helps the card properly detect the regulatory domain and enable 5GHz channels. + +### WiFi Interface Configuration + +The system manages 4 WiFi interfaces: +- `wlp35s0` - Channel 36 (non-DFS) +- `wlp65s0` - Channel 40 (non-DFS) +- `wlp66s0` - Channel 44 (non-DFS) +- `wlp97s0` - Channel 48 (non-DFS) + +All interfaces operate in 5GHz band with WPA3-SAE authentication. + +## CPU and IRQ Optimization + +### System Architecture + +The L2 system features an **AMD Ryzen Threadripper PRO 3945WX** with: +- **12 physical cores** (24 logical threads with SMT) +- **4 NUMA nodes** with **64 MiB L3 cache** +- **6 MiB L2 cache** (12 instances) +- **384 KiB L1 cache** per core + +### Core Dedication Strategy + +#### Network Processing Cores (0-7) +- **Dedicated cores** for network interrupts and processing +- **Isolated from scheduler** (`isolcpus=0-7`) +- **No tick processing** (`nohz_full=0-7`) +- **Disabled RCU callbacks** (`rcu_nocbs=0-7`) +- **Performance governor** with maximum frequency +- **Benefits**: + - Dedicated L1/L2 cache for network processing + - No competition with userland workloads + - Better cache locality for network data structures + - Reduced interrupt latency + +#### Userland Processing Cores (8-23) +- **Remaining cores** for system services and userland +- **Normal scheduling** and power management +- **Benefits**: + - Isolated from network interrupt processing + - Dedicated resources for DHCP, DNS, firewall processing + - Better performance for non-network workloads + +### IRQ Affinity Configuration + +#### Ethernet Interface (enp1s0) +- **8 MSI-X vectors** distributed across cores 0-7 +- **Atlantic driver** with optimized interrupt handling + +#### WiFi Interfaces +- **wlp35s0**: 16 MSI-X vectors → cores 0-3 +- **wlp65s0**: 16 MSI-X vectors → cores 4-7 +- **wlp66s0**: 16 MSI-X vectors → cores 0-3 (alternating) +- **wlp97s0**: 16 MSI-X vectors → cores 4-7 (alternating) + +### Service CPU Affinity + +#### Network Processing Services (Cores 0-7) +- **hostapd**: High priority (-10), real-time I/O, network-processing slice +- **nftables**: High priority (-5), network-processing slice +- **network-optimization**: High priority (-5), network-processing slice + +#### Network Services (Cores 8-15) +- **kea-dhcp4-server**: High priority (-5), network-services slice +- **pdns-recursor**: High priority (-5), network-services slice +- **radvd**: High priority (-5), network-services slice + +#### Userland Services (Cores 16-23) +- **Monitoring services**: Normal priority, userland-processing slice +- **System services**: Normal priority, userland-processing slice +- **User processes**: Normal priority, userland-processing slice + +## Network Services (`hostapd-multi.nix`) + +### DHCP Server (Kea) +- **Purpose**: Provides IPv4 addresses to WiFi clients +- **Subnet**: 192.168.1.0/24 +- **Range**: 192.168.1.100 - 192.168.1.200 +- **Gateway**: 192.168.1.1 +- **DNS**: 192.168.1.1 + +### DNS Resolver (PowerDNS Recursor) +- **Purpose**: Local DNS resolution for WiFi clients +- **Listen addresses**: 127.0.0.1, ::1, 192.168.1.1, fd00::1 +- **Features**: RFC1918 support, recursive resolution +- **Fallback**: Cloudflare DNS (1.1.1.1, 2606:4700:4700::1111) + +### IPv6 Router Advertisement (radvd) +- **Purpose**: IPv6 SLAAC for WiFi clients +- **Prefix**: fd00::/64 +- **Features**: Autonomous address configuration +- **DNS**: fd00::1 + +### Network Bridge (br0) +- **Purpose**: Bridges all WiFi interfaces +- **IPv4**: 192.168.1.1/24 +- **IPv6**: fd00::1/64 +- **QoS**: CAKE (Common Applications Kept Enhanced) for traffic shaping + +## Firewall and NAT (`firewall.nix`) + +### nftables Configuration +The system uses nftables with connection tracking for maximum security and performance: + +#### Filter Table (inet) +- **Input Chain**: Handles incoming traffic to the router + - SSH (port 22) + - DNS (port 53) + - DHCP (ports 67 for DHCPv4, 547 for DHCPv6) + - ICMP (ping) + - IPv6 RA +- **Forward Chain**: Handles traffic between networks + - Allow internal to external (br0 → enp1s0) + - Allow return traffic for established connections +- **Output Chain**: Allow all outgoing traffic + +#### NAT Tables +- **IPv4 NAT**: Masquerades traffic from br0 to enp1s0 +- **IPv6 NAT**: Masquerades IPv6 traffic from br0 to enp1s0 + +### Connection Tracking +- **Purpose**: Stateful packet filtering +- **Benefits**: + - Only legitimate return traffic is allowed + - Better security than stateless filtering + - Improved performance for established connections + +## Network Optimizations (`network-optimization.nix`) + +### Hardware Optimizations +Applied via ethtool during boot: + +#### Ring Buffers +- **RX/TX**: Increased to maximum (8184) +- **Benefit**: Higher throughput, better burst handling + +#### Feature Enables +- **LRO (Large Receive Offload)**: Combines packets for CPU efficiency +- **IPv4 Checksum Offload**: Hardware handles checksum calculation +- **TCP ECN Segmentation**: Better ECN packet handling +- **GRO List**: Generic Receive Offload with list support + +#### Interrupt Coalescing +- **RX**: 512μs, 32 frames (was 256μs, 0 frames) +- **TX**: 1024μs, 32 frames (was 1022μs, 0 frames) +- **Benefits**: Fewer interrupts, better batch processing + +### Kernel Optimizations (`sysctl.nix`) +- **TCP buffers**: Optimized for high throughput +- **Connection tracking**: 262K entries for multiple clients +- **Network backlog**: Increased for burst traffic handling +- **Congestion control**: BBR for better performance + +### Verification +Network optimization results are logged to `/tmp/network-optimization.log` and include: +- Ring buffer settings +- Feature status +- Interrupt coalescing configuration +- Driver information + +## Performance Monitoring (`monitoring.nix`) + +### Automated Monitoring +- **IRQ distribution**: Tracks interrupt distribution across cores +- **CPU utilization**: Monitors per-core usage patterns +- **Network statistics**: Tracks interface performance +- **Cache performance**: Monitors cache misses for network processes +- **System load**: Tracks overall system performance + +### Performance Testing +- **Throughput testing**: Automated iperf3 testing +- **Latency testing**: Ping latency measurements +- **IRQ distribution testing**: Validates interrupt affinity +- **CPU utilization testing**: Monitors during network activity + +### Logging and Analysis +- **Log directory**: `/var/log/network-performance/` +- **Real-time monitoring**: Continuous performance tracking +- **Historical data**: sysstat integration for trend analysis +- **Log rotation**: Automated log management + +## System Architecture + +``` +Internet (enp1s0) + ↓ +[NAT/Firewall] ← nftables with connection tracking (cores 0-7, network-processing slice) + ↓ +[Bridge (br0)] ← 192.168.1.1/24, fd00::1/64 + ↓ +[WiFi Clients] ← 4x WiFi interfaces with hostapd 2.10 (cores 0-7, network-processing slice) + ↓ +[Network Services] ← DHCP, DNS, RA (cores 8-15, network-services slice) + ↓ +[Userland Services] ← Monitoring, system services (cores 16-23, userland-processing slice) +``` + +## Services Overview + +| Service | Purpose | CPU Cores | Priority | Slice | +|---------|---------|-----------|----------|-------| +| hostapd | WiFi access point | 0-7 | -10 (RT) | network-processing | +| nftables | Firewall/NAT | 0-7 | -5 | network-processing | +| Kea | DHCP server | 8-15 | -5 | network-services | +| PowerDNS | DNS resolver | 8-15 | -5 | network-services | +| radvd | IPv6 RA | 8-15 | -5 | network-services | +| CAKE | QoS | 0-7 | -5 | network-processing | +| Monitoring | Performance tracking | 16-23 | 0 | userland-processing | + +## Performance Features + +- **Multi-interface WiFi**: 4x concurrent access points +- **Hardware offloading**: Checksums, segmentation, GRO +- **Connection tracking**: Stateful firewall with 262K entries +- **Optimized buffers**: Maximum ring buffers and TCP windows +- **Interrupt coalescing**: Reduced CPU overhead +- **BBR congestion control**: Better throughput and latency +- **CPU isolation**: Dedicated network processing cores +- **IRQ affinity**: Optimized interrupt distribution +- **Cache optimization**: Dedicated L1/L2 cache for network processing + +## Expected Performance Improvements + +### 1. **Reduced Interrupt Latency** +- Dedicated cores eliminate competition for CPU resources +- Better cache locality reduces memory access latency +- SMT isolation prevents cache pollution + +### 2. **Improved Throughput** +- Parallel processing across 8 dedicated network cores +- Better interrupt distribution reduces bottlenecks +- Optimized cache utilization for network data structures + +### 3. **Lower CPU Overhead** +- Reduced context switching on network cores +- Better interrupt coalescing effectiveness +- Optimized memory allocation patterns + +### 4. **Enhanced Scalability** +- Better support for multiple concurrent WiFi clients +- Improved handling of burst traffic +- More predictable performance under load + +## Monitoring + +- **Network optimization log**: `/tmp/network-optimization.log` +- **Performance monitoring**: `/var/log/network-performance/` +- **nftables rules**: `sudo nft list ruleset` +- **Service status**: `systemctl status hostapd kea-dhcp4-server pdns-recursor radvd nftables` +- **IRQ distribution**: `cat /proc/interrupts | grep -E "(enp1s0|iwlwifi)"` +- **CPU utilization**: `mpstat -P ALL 1` + +## Files Overview + +- `flake.nix` - Hostapd 2.10 overlay and flake configuration +- `hostapd-multi.nix` - WiFi, DHCP, DNS, and IPv6 services +- `firewall.nix` - nftables firewall and NAT configuration +- `network-optimization.nix` - Hardware and kernel optimizations +- `irq-affinity.nix` - IRQ affinity and CPU dedication configuration +- `kernel-params.nix` - Kernel boot parameters and runtime optimizations +- `monitoring.nix` - Performance monitoring and testing services +- `sysctl.nix` - Kernel network parameters +- `configuration.nix` - Main system configuration +- `CPU_and_IRQ_optimization.md` - Detailed optimization documentation \ No newline at end of file diff --git a/desktop/l2/configuration.nix b/desktop/l2/configuration.nix index e0822fb..ced9164 100644 --- a/desktop/l2/configuration.nix +++ b/desktop/l2/configuration.nix @@ -39,6 +39,10 @@ #./hostapd.nix ./hostapd-multi.nix ./network-optimization.nix + # CPU and IRQ optimization modules + ./irq-affinity.nix + ./kernel-params.nix + ./monitoring.nix ]; boot = { diff --git a/desktop/l2/firewall.nix b/desktop/l2/firewall.nix index 93b693d..479db85 100644 --- a/desktop/l2/firewall.nix +++ b/desktop/l2/firewall.nix @@ -1,3 +1,41 @@ +# +# l2/firewall.nix +# +# Firewall configuration for WiFi access point +# +# # List all rules (most common) +# sudo nft list ruleset + +# # List specific table +# sudo nft list table inet filter + +# # List specific chain +# sudo nft list chain inet filter input + +# # Show rules with handles (useful for deleting specific rules) +# sudo nft list ruleset -a + +# # Monitor nftables events in real-time +# sudo nft monitor + +# # Monitor specific events (new rules, deleted rules, etc.) +# sudo nft monitor new rules +# sudo nft monitor destroy rules + +# # Show packet counters +# sudo nft list ruleset -n + +# # Show rules with statistics +# sudo nft list ruleset -s +# # +# # See all filter rules (input, forward, output chains) +# sudo nft list table inet filter + +# # See NAT rules +# sudo nft list table ip nat +# sudo nft list table ip6 nat +# + { config, pkgs, ... }: { diff --git a/desktop/l2/irq-affinity.nix b/desktop/l2/irq-affinity.nix new file mode 100644 index 0000000..594cb00 --- /dev/null +++ b/desktop/l2/irq-affinity.nix @@ -0,0 +1,243 @@ +# IRQ Affinity Configuration for L2 WiFi Access Point +# Optimizes interrupt distribution across dedicated network cores + +{ config, lib, pkgs, ... }: + +let + # Network core assignments + networkCores = "0-7"; # Dedicated network processing cores + userlandCores = "8-23"; # Remaining cores for userland + + # IRQ affinity script + irqAffinityScript = pkgs.writeShellScript "irq-affinity" '' + #!/bin/bash + set -euo pipefail + + echo "Setting IRQ affinity for network optimization..." + + # Function to set IRQ affinity + set_irq_affinity() { + local irq=$1 + local cpu=$2 + if [[ -e "/proc/irq/$irq/smp_affinity_list" ]]; then + echo "$cpu" > "/proc/irq/$irq/smp_affinity_list" + echo "IRQ $irq -> CPU $cpu" + else + echo "Warning: IRQ $irq not found" + fi + } + + # Ethernet interface (enp1s0) - Atlantic driver + # Distribute across cores 0-7 + set_irq_affinity 168 0 # Core 0 + set_irq_affinity 169 1 # Core 1 + set_irq_affinity 170 2 # Core 2 + set_irq_affinity 171 3 # Core 3 + set_irq_affinity 172 4 # Core 4 + set_irq_affinity 173 5 # Core 5 + set_irq_affinity 174 6 # Core 6 + set_irq_affinity 175 7 # Core 7 + + # WiFi interface wlp35s0 (IRQ 179-194) + # Distribute across cores 0-3 + for irq in {179..194}; do + cpu=$((irq - 179)) + set_irq_affinity $irq $cpu + done + + # WiFi interface wlp65s0 (IRQ 198-213) + # Distribute across cores 4-7 + for irq in {198..213}; do + cpu=$((irq - 198 + 4)) + set_irq_affinity $irq $cpu + done + + # WiFi interface wlp66s0 (IRQ 214-229) + # Distribute across cores 0-3 (alternating pattern) + for irq in {214..229}; do + cpu=$(((irq - 214) % 4)) + set_irq_affinity $irq $cpu + done + + # WiFi interface wlp97s0 (IRQ 231-246) + # Distribute across cores 4-7 (alternating pattern) + for irq in {231..246}; do + cpu=$(((irq - 231) % 4 + 4)) + set_irq_affinity $irq $cpu + done + + echo "IRQ affinity configuration complete" + + # Verify configuration + echo "Current IRQ distribution:" + cat /proc/interrupts | grep -E "(enp1s0|iwlwifi)" | head -20 + ''; + +in { + # IRQ Affinity Service + systemd.services.irq-affinity = { + description = "Set IRQ affinity for network optimization"; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" "systemd-udev-settle.service" ]; + before = [ "hostapd.service" "kea-dhcp4-server.service" ]; + + serviceConfig = { + Type = "oneshot"; + ExecStart = "${irqAffinityScript}"; + RemainAfterExit = true; + StandardOutput = "journal"; + StandardError = "journal"; + }; + }; + + # Systemd slices for better resource organization + systemd.slices = { + # Network processing slice - Critical network services (cores 0-7) + network-processing = { + description = "Critical network processing (hostapd, nftables)"; + sliceConfig = { + CPUAffinity = networkCores; + Nice = -10; + IOSchedulingClass = 1; # Real-time I/O + IOSchedulingPriority = 4; + MemoryHigh = "2G"; # Limit memory usage + MemoryMax = "4G"; # Hard memory limit + }; + }; + + # Network services slice - DHCP, DNS, RA (cores 8-15) + network-services = { + description = "Network services (DHCP, DNS, RA)"; + sliceConfig = { + CPUAffinity = "8-15"; # Dedicated subset of userland cores + Nice = -5; + MemoryHigh = "1G"; # Limit memory usage + MemoryMax = "2G"; # Hard memory limit + }; + }; + + # Userland processing slice - Everything else (cores 16-23) + userland-processing = { + description = "Userland processing (monitoring, system services)"; + sliceConfig = { + CPUAffinity = "16-23"; # Remaining cores + Nice = 0; + MemoryHigh = "4G"; # Limit memory usage + MemoryMax = "8G"; # Hard memory limit + }; + }; + }; + + # CPU Affinity for Network Services + systemd.services = { + # Critical network processing services (network-processing slice) + hostapd = { + serviceConfig = { + Slice = "network-processing"; + CPUAffinity = networkCores; + Nice = -10; + IOSchedulingClass = 1; # Real-time I/O + IOSchedulingPriority = 4; + LimitNOFILE = 65536; + Restart = "always"; + RestartSec = "5s"; + }; + }; + + nftables = { + serviceConfig = { + Slice = "network-processing"; + CPUAffinity = networkCores; + Nice = -5; + LimitNOFILE = 65536; + Restart = "always"; + RestartSec = "5s"; + }; + }; + + # Network services (network-services slice) + kea-dhcp4-server = { + serviceConfig = { + Slice = "network-services"; + CPUAffinity = "8-15"; + Nice = -5; + LimitNOFILE = 65536; + Restart = "always"; + RestartSec = "10s"; + }; + }; + + pdns-recursor = { + serviceConfig = { + Slice = "network-services"; + CPUAffinity = "8-15"; + Nice = -5; + LimitNOFILE = 65536; + Restart = "always"; + RestartSec = "10s"; + }; + }; + + radvd = { + serviceConfig = { + Slice = "network-services"; + CPUAffinity = "8-15"; + Nice = -5; + Restart = "always"; + RestartSec = "10s"; + }; + }; + + # Network optimization service (network-processing slice) + network-optimization = { + serviceConfig = { + Slice = "network-processing"; + CPUAffinity = networkCores; + Nice = -5; + }; + }; + + # IRQ affinity service (system slice - runs early) + irq-affinity = { + serviceConfig = { + Slice = "system.slice"; # Keep in system slice for early execution + CPUAffinity = networkCores; + Nice = -10; + }; + }; + + # Monitoring services (userland-processing slice) + network-monitoring = { + serviceConfig = { + Slice = "userland-processing"; + CPUAffinity = "16-23"; + Nice = 0; + }; + }; + + performance-test = { + serviceConfig = { + Slice = "userland-processing"; + CPUAffinity = "16-23"; + Nice = 0; + }; + }; + + realtime-monitoring = { + serviceConfig = { + Slice = "userland-processing"; + CPUAffinity = "16-23"; + Nice = 0; + }; + }; + + # CPU performance service (system slice - runs early) + cpu-performance = { + serviceConfig = { + Slice = "system.slice"; # Keep in system slice for early execution + CPUAffinity = networkCores; + Nice = -10; + }; + }; + }; +} \ No newline at end of file diff --git a/desktop/l2/kernel-params.nix b/desktop/l2/kernel-params.nix new file mode 100644 index 0000000..36ef5f8 --- /dev/null +++ b/desktop/l2/kernel-params.nix @@ -0,0 +1,119 @@ +# Kernel Parameters for L2 WiFi Access Point Optimization +# CPU isolation, network performance, and interrupt handling + +{ config, lib, pkgs, ... }: + +{ + # Boot kernel parameters for network optimization + boot.kernelParams = [ + # CPU isolation for network cores + "isolcpus=0-7" # Isolate cores 0-7 from scheduler + "nohz_full=0-7" # Disable tick for network cores + "rcu_nocbs=0-7" # Disable RCU callbacks on network cores + + # Interrupt handling + "irqaffinity=0-7" # Default IRQ affinity to network cores + "threadirqs" # Threaded IRQs for better performance + + # Memory management + "hugepagesz=1G" # 1GB huge pages for network buffers + "hugepages=4" # Allocate 4 huge pages + + # CPU frequency scaling + "intel_pstate=performance" # Performance governor + "cpufreq.default_governor=performance" + + # NUMA optimization + "numa_balancing=0" # Disable automatic NUMA balancing + + # I/O scheduler + "elevator=bfq" # Budget Fair Queueing scheduler + + # Security mitigations (minimal impact on network performance) + "mitigations=off" # Disable security mitigations for performance + "spectre_v2=off" + "spec_store_bypass_disable=off" + "retbleed=off" + + # WiFi optimizations + "cfg80211.ieee80211_regdom=US" # Set regulatory domain + "iwlwifi.power_save=0" # Disable power saving + "iwlwifi.11n_disable=0" # Enable 802.11n + "iwlwifi.bt_coex_active=0" # Disable Bluetooth coexistence + + # PCIe optimizations + "pcie_aspm=off" # Disable ASPM for performance + "pcie_aspm.policy=performance" # Performance policy + + # Bluetooth disabling + "bluetooth.blacklist=1" # Disable Bluetooth + "btusb.blacklist=1" # Disable USB Bluetooth + "btintel.blacklist=1" # Disable Intel Bluetooth + + # Debugging (disable for production) + "quiet" # Quiet boot + "loglevel=3" # Reduce log level + ]; + + # CPU frequency scaling + powerManagement.cpuFreqGovernor = "performance"; + + # Disable CPU frequency scaling for network cores + systemd.services.cpu-performance = { + description = "Set CPU performance governor for network cores"; + wantedBy = [ "multi-user.target" ]; + after = [ "systemd-udev-settle.service" ]; + + serviceConfig = { + Type = "oneshot"; + ExecStart = pkgs.writeShellScript "cpu-performance" '' + #!/bin/bash + # Set performance governor for all CPUs + for cpu in /sys/devices/system/cpu/cpu*/cpufreq/scaling_governor; do + echo performance > "$cpu" 2>/dev/null || true + done + + # Set minimum and maximum frequency to maximum for network cores + for cpu in {0..7}; do + if [[ -e "/sys/devices/system/cpu/cpu$cpu/cpufreq/cpuinfo_max_freq" ]]; then + max_freq=$(cat "/sys/devices/system/cpu/cpu$cpu/cpufreq/cpuinfo_max_freq") + echo "$max_freq" > "/sys/devices/system/cpu/cpu$cpu/cpufreq/scaling_min_freq" 2>/dev/null || true + echo "$max_freq" > "/sys/devices/system/cpu/cpu$cpu/cpufreq/scaling_max_freq" 2>/dev/null || true + fi + done + + echo "CPU performance governor set for network optimization" + ''; + RemainAfterExit = true; + StandardOutput = "journal"; + StandardError = "journal"; + }; + }; + + # Disable Bluetooth completely + hardware.bluetooth.enable = false; + + # Disable Bluetooth kernel modules + boot.blacklistedKernelModules = [ + "bluetooth" + "btusb" + "btintel" + "btrtl" + "btbcm" + "btqca" + "hci_uart" + "hci_vhci" + "hci_h4" + "hci_bcsp" + "hci_ll" + "hci_mrvl" + "hci_qca" + "hci_uart" + "hci_vhci" + "hci_h4" + "hci_bcsp" + "hci_ll" + "hci_mrvl" + "hci_qca" + ]; +} \ No newline at end of file diff --git a/desktop/l2/monitoring.nix b/desktop/l2/monitoring.nix new file mode 100644 index 0000000..1a38958 --- /dev/null +++ b/desktop/l2/monitoring.nix @@ -0,0 +1,373 @@ +# Monitoring Configuration for L2 WiFi Access Point +# Performance monitoring and logging for CPU/IRQ optimizations + +{ config, lib, pkgs, ... }: + +let + # Monitoring script for IRQ and CPU performance + monitoringScript = pkgs.writeShellScript "network-monitoring" '' + #!/bin/bash + set -euo pipefail + + LOG_DIR="/var/log/network-performance" + mkdir -p "$LOG_DIR" + + # Function to log with timestamp + log() { + echo "$(date '+%Y-%m-%d %H:%M:%S') - $1" | tee -a "$LOG_DIR/performance.log" + } + + # Function to monitor IRQ distribution + monitor_irqs() { + log "=== IRQ Distribution ===" + cat /proc/interrupts | grep -E "(enp1s0|iwlwifi)" | while read line; do + log "IRQ: $line" + done + } + + # Function to monitor CPU utilization + monitor_cpu() { + log "=== CPU Utilization ===" + mpstat -P ALL 1 1 | grep -E "(CPU|Average)" | while read line; do + log "CPU: $line" + done + } + + # Function to monitor network statistics + monitor_network() { + log "=== Network Statistics ===" + for interface in enp1s0 wlp35s0 wlp65s0 wlp66s0 wlp97s0; do + if [[ -e "/sys/class/net/$interface/statistics/rx_packets" ]]; then + rx_packets=$(cat "/sys/class/net/$interface/statistics/rx_packets") + tx_packets=$(cat "/sys/class/net/$interface/statistics/tx_packets") + rx_bytes=$(cat "/sys/class/net/$interface/statistics/rx_bytes") + tx_bytes=$(cat "/sys/class/net/$interface/statistics/tx_bytes") + log "Interface $interface: RX=$rx_packets pkts ($rx_bytes bytes), TX=$tx_packets pkts ($tx_bytes bytes)" + fi + done + } + + # Function to monitor memory usage + monitor_memory() { + log "=== Memory Usage ===" + free -h | while read line; do + log "Memory: $line" + done + } + + # Function to monitor cache performance + monitor_cache() { + log "=== Cache Performance ===" + if command -v perf >/dev/null 2>&1; then + # Monitor cache misses for network processes + for pid in $(pgrep -f "hostapd|nftables"); do + if [[ -n "$pid" ]]; then + cache_stats=$(perf stat -e cache-misses,cache-references -p "$pid" sleep 1 2>&1 | grep -E "(cache-misses|cache-references)" || true) + log "PID $pid cache stats: $cache_stats" + fi + done + fi + } + + # Function to monitor system load + monitor_load() { + log "=== System Load ===" + uptime | while read line; do + log "Load: $line" + done + } + + # Function to monitor network optimization status + monitor_optimization() { + log "=== Network Optimization Status ===" + + # Check IRQ affinity + log "IRQ Affinity Check:" + for irq in 168 169 170 171 172 173 174 175; do + if [[ -e "/proc/irq/$irq/smp_affinity_list" ]]; then + affinity=$(cat "/proc/irq/$irq/smp_affinity_list") + log " IRQ $irq -> CPU $affinity" + fi + done + + # Check CPU frequency + log "CPU Frequency Check:" + for cpu in {0..7}; do + if [[ -e "/sys/devices/system/cpu/cpu$cpu/cpufreq/scaling_cur_freq" ]]; then + freq=$(cat "/sys/devices/system/cpu/cpu$cpu/cpufreq/scaling_cur_freq") + governor=$(cat "/sys/devices/system/cpu/cpu$cpu/cpufreq/scaling_governor") + log " CPU $cpu: ${freq}kHz ($governor)" + fi + done + + # Check network optimization log + if [[ -e "/tmp/network-optimization.log" ]]; then + log "Network optimization log (last 10 lines):" + tail -10 "/tmp/network-optimization.log" | while read line; do + log " $line" + done + fi + } + + # Main monitoring function + main() { + log "Starting network performance monitoring" + + monitor_irqs + monitor_cpu + monitor_network + monitor_memory + monitor_cache + monitor_load + monitor_optimization + + log "Monitoring complete" + } + + # Run monitoring + main "$@" + ''; + + # Performance testing script + performanceTestScript = pkgs.writeShellScript "performance-test" '' + #!/bin/bash + set -euo pipefail + + LOG_DIR="/var/log/network-performance" + mkdir -p "$LOG_DIR" + + log() { + echo "$(date '+%Y-%m-%d %H:%M:%S') - $1" | tee -a "$LOG_DIR/performance-test.log" + } + + # Function to test network throughput + test_throughput() { + log "=== Network Throughput Test ===" + + # Start iperf3 server if not running + if ! pgrep -f "iperf3 -s" >/dev/null; then + log "Starting iperf3 server" + iperf3 -s -D + sleep 2 + fi + + # Test localhost throughput + log "Testing localhost throughput..." + iperf3 -c localhost -t 10 -J | jq -r '.end.sum_received.bits_per_second' | while read throughput; do + log "Localhost throughput: $throughput bps" + done + } + + # Function to test latency + test_latency() { + log "=== Latency Test ===" + + # Test ping to localhost + log "Testing ping latency to localhost..." + ping -c 10 localhost | grep -E "(min|avg|max)" | while read line; do + log "Ping: $line" + done + } + + # Function to test IRQ distribution + test_irq_distribution() { + log "=== IRQ Distribution Test ===" + + # Generate some network traffic + log "Generating network traffic for IRQ testing..." + + # Start background ping + ping -i 0.1 localhost >/dev/null 2>&1 & + ping_pid=$! + + # Wait and check IRQ distribution + sleep 5 + + log "IRQ distribution during traffic:" + cat /proc/interrupts | grep -E "(enp1s0|iwlwifi)" | head -10 | while read line; do + log " $line" + done + + # Stop ping + kill $ping_pid 2>/dev/null || true + } + + # Function to test CPU utilization + test_cpu_utilization() { + log "=== CPU Utilization Test ===" + + # Monitor CPU usage during network activity + log "Monitoring CPU usage for 10 seconds..." + mpstat -P ALL 1 10 | grep -E "(CPU|Average)" | while read line; do + log "CPU: $line" + done + } + + # Main test function + main() { + log "Starting performance tests" + + test_throughput + test_latency + test_irq_distribution + test_cpu_utilization + + log "Performance tests complete" + } + + main "$@" + ''; + +in { + # Monitoring service + systemd.services.network-monitoring = { + description = "Network performance monitoring"; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" "irq-affinity.service" ]; + + serviceConfig = { + Type = "oneshot"; + ExecStart = "${monitoringScript}"; + StandardOutput = "journal"; + StandardError = "journal"; + }; + }; + + # Periodic monitoring timer + systemd.timers.network-monitoring = { + description = "Periodic network performance monitoring"; + wantedBy = [ "timers.target" ]; + timerConfig = { + OnBootSec = "5min"; + OnUnitActiveSec = "15min"; + Persistent = true; + }; + }; + + # Performance testing service + systemd.services.performance-test = { + description = "Network performance testing"; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" "irq-affinity.service" ]; + + serviceConfig = { + Type = "oneshot"; + ExecStart = "${performanceTestScript}"; + StandardOutput = "journal"; + StandardError = "journal"; + }; + }; + + # Periodic performance testing timer + systemd.timers.performance-test = { + description = "Periodic network performance testing"; + wantedBy = [ "timers.target" ]; + timerConfig = { + OnBootSec = "10min"; + OnUnitActiveSec = "1h"; + Persistent = true; + }; + }; + + # Real-time monitoring service + systemd.services.realtime-monitoring = { + description = "Real-time network performance monitoring"; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" "irq-affinity.service" ]; + + serviceConfig = { + Type = "simple"; + ExecStart = pkgs.writeShellScript "realtime-monitoring" '' + #!/bin/bash + set -euo pipefail + + LOG_DIR="/var/log/network-performance" + mkdir -p "$LOG_DIR" + + log() { + echo "$(date '+%Y-%m-%d %H:%M:%S') - $1" >> "$LOG_DIR/realtime.log" + } + + # Monitor IRQ distribution every 30 seconds + while true; do + log "=== IRQ Distribution ===" + cat /proc/interrupts | grep -E "(enp1s0|iwlwifi)" | while read line; do + log "$line" + done + + log "=== CPU Utilization ===" + mpstat -P ALL 1 1 | grep -E "(CPU|Average)" | while read line; do + log "$line" + done + + sleep 30 + done + ''; + Restart = "always"; + RestartSec = "10"; + }; + }; + + # Log rotation for monitoring logs + services.logrotate.settings."network-performance" = { + files = "/var/log/network-performance/*.log"; + rotate = 7; + daily = true; + compress = true; + missingok = true; + notifempty = true; + postrotate = "systemctl reload rsyslog"; + }; + + # Additional monitoring tools + environment.systemPackages = with pkgs; [ + # Performance monitoring tools + htop + iotop + iftop + nethogs + nload + nmon + sysstat + perf-tools + bpftrace + + # Network testing tools + iperf3 + netperf + wrk + apache-bench + + # System analysis tools + strace + ltrace + valgrind + gdb + + # JSON processing for logs + jq + + # Additional monitoring + dstat + glances + s-tui + stress-ng + ]; + + # Enable sysstat for historical monitoring + services.sysstat = { + enable = true; + interval = 60; # Collect stats every minute + }; + + # Configure rsyslog for monitoring + services.rsyslogd = { + enable = true; + extraConfig = '' + # Network performance monitoring + if $programname == 'network-monitoring' then /var/log/network-performance/monitoring.log + if $programname == 'performance-test' then /var/log/network-performance/test.log + if $programname == 'realtime-monitoring' then /var/log/network-performance/realtime.log + ''; + }; +} \ No newline at end of file diff --git a/desktop/l2/network-optimization.nix b/desktop/l2/network-optimization.nix index 3ed4a4c..fb4f573 100644 --- a/desktop/l2/network-optimization.nix +++ b/desktop/l2/network-optimization.nix @@ -1,6 +1,69 @@ +# +# l2/network-optimization.nix +# +# Network interface optimizations for Atlantic NIC in WiFi access point configuration +# +# Ring Buffer Optimizations: +# - Increase RX/TX ring buffers to maximum (8184) for better throughput +# +# Feature Optimizations: +# - LRO (Large Receive Offload): Combine multiple packets for better CPU efficiency +# - IPv4 checksum offload: Hardware handles checksum calculation +# - TCP ECN segmentation: Better handling of ECN-marked packets +# - GRO list: Generic Receive Offload with list support +# +# Interrupt Coalescing Optimizations: +# - Defaults: rx-usecs=256 rx-frames=0 tx-usecs=1022 tx-frames=0 +# - Changes: rx-usecs=512 rx-frames=32 tx-usecs=1024 tx-frames=32 +# - Purpose: Reduce interrupt frequency for better performance with multiple WiFi clients +# - Benefits: Fewer CPU context switches, better batch processing +# + { config, pkgs, ... }: -{ +let + # Create a shell script for network optimizations + networkOptimizationScript = pkgs.writeShellScript "network-optimization.sh" '' + #!/bin/sh + # Network interface optimizations for Atlantic NIC + + # Ring buffer optimizations + ${pkgs.ethtool}/bin/ethtool -G enp1s0 rx 8184 tx 8184 + + # Feature optimizations + ${pkgs.ethtool}/bin/ethtool -K enp1s0 lro on + ${pkgs.ethtool}/bin/ethtool -K enp1s0 tx-checksum-ipv4 on + ${pkgs.ethtool}/bin/ethtool -K enp1s0 tx-tcp-ecn-segmentation on + ${pkgs.ethtool}/bin/ethtool -K enp1s0 rx-gro-list on + + # Interrupt coalescing optimizations + # Defaults: rx-usecs=256 rx-frames=0 tx-usecs=1022 tx-frames=0 + # Changes: rx-usecs=512 rx-frames=32 tx-usecs=1024 tx-frames=32 + ${pkgs.ethtool}/bin/ethtool -C enp1s0 rx-usecs 512 rx-frames 32 + ${pkgs.ethtool}/bin/ethtool -C enp1s0 tx-usecs 1024 tx-frames 32 + + # Save verification output to /tmp (cleaned up on reboot) + echo "=== Network Optimization Results ===" > /tmp/network-optimization.log + echo "Timestamp: $(date)" >> /tmp/network-optimization.log + echo "" >> /tmp/network-optimization.log + + echo "=== Ring Buffer Settings ===" >> /tmp/network-optimization.log + ${pkgs.ethtool}/bin/ethtool --show-ring enp1s0 >> /tmp/network-optimization.log 2>&1 + echo "" >> /tmp/network-optimization.log + + echo "=== Feature Settings ===" >> /tmp/network-optimization.log + ${pkgs.ethtool}/bin/ethtool --show-features enp1s0 >> /tmp/network-optimization.log 2>&1 + echo "" >> /tmp/network-optimization.log + + echo "=== Interrupt Coalescing Settings ===" >> /tmp/network-optimization.log + ${pkgs.ethtool}/bin/ethtool --show-coalesce enp1s0 >> /tmp/network-optimization.log 2>&1 + echo "" >> /tmp/network-optimization.log + + echo "=== Driver Information ===" >> /tmp/network-optimization.log + ${pkgs.ethtool}/bin/ethtool --driver enp1s0 >> /tmp/network-optimization.log 2>&1 + ''; + +in { # Network interface optimizations for Atlantic NIC # Run before network-online.target to avoid driver reinitialization systemd.services.network-optimization = { @@ -10,23 +73,7 @@ after = [ "network-pre.target" ]; serviceConfig = { Type = "oneshot"; - ExecStart = '' - # Ring buffer optimizations - ${pkgs.ethtool}/bin/ethtool -G enp1s0 rx 8184 tx 8184 - - # Feature optimizations - ${pkgs.ethtool}/bin/ethtool -K enp1s0 lro on - ${pkgs.ethtool}/bin/ethtool -K enp1s0 tx-checksum-ipv4 on - ${pkgs.ethtool}/bin/ethtool -K enp1s0 tx-tcp-ecn-segmentation on - ${pkgs.ethtool}/bin/ethtool -K enp1s0 rx-gro-list on - - # Interrupt coalescing optimizations for WiFi access point - # Reduce interrupt frequency for better performance with multiple clients - # Defaults: rx-usecs=256 rx-frames=0 tx-usecs=1022 tx-frames=0 - # Changes: rx-usecs=512 rx-frames=32 tx-usecs=1024 tx-frames=32 - ${pkgs.ethtool}/bin/ethtool -C enp1s0 rx-usecs 512 rx-frames 32 - ${pkgs.ethtool}/bin/ethtool -C enp1s0 tx-usecs 1024 tx-frames 32 - ''; + ExecStart = networkOptimizationScript; RemainAfterExit = true; }; }; diff --git a/desktop/l2/sysctl.nix b/desktop/l2/sysctl.nix index 3f7519e..7ff020e 100644 --- a/desktop/l2/sysctl.nix +++ b/desktop/l2/sysctl.nix @@ -78,5 +78,48 @@ # IPv6 optimizations "net.ipv6.tcp_rmem" = "4096 1000000 16000000"; "net.ipv6.tcp_wmem" = "4096 1000000 16000000"; + + # Additional network stack optimizations + "net.core.netdev_tstamp_prequeue" = 0; # Disable prequeue timestamping + "net.core.rps_sock_flow_entries" = 32768; # RPS flow entries + + # TCP optimizations for high performance + "net.ipv4.tcp_slow_start_after_idle" = 0; # Disable slow start after idle + "net.ipv4.tcp_fastopen" = 3; # Enable TCP Fast Open + + # IPv6 parameters + "net.ipv6.conf.all.accept_ra" = 2; # Accept RA + "net.ipv6.conf.default.accept_ra" = 2; # Accept RA + "net.ipv6.conf.all.autoconf" = 1; # Enable autoconf + "net.ipv6.conf.default.autoconf" = 1; # Enable autoconf + + # Connection tracking optimizations + "net.netfilter.nf_conntrack_tcp_timeout_time_wait" = 120; + "net.netfilter.nf_conntrack_tcp_timeout_close_wait" = 60; + "net.netfilter.nf_conntrack_tcp_timeout_fin_wait" = 120; + "net.netfilter.nf_conntrack_udp_timeout" = 30; + "net.netfilter.nf_conntrack_udp_timeout_stream" = 180; + + # Memory management optimizations + "vm.swappiness" = 1; # Minimize swapping + "vm.dirty_ratio" = 15; # Dirty page ratio + "vm.dirty_background_ratio" = 5; # Background dirty ratio + "vm.dirty_writeback_centisecs" = 500; # Writeback interval + "vm.dirty_expire_centisecs" = 3000; # Expire interval + "vm.vfs_cache_pressure" = 50; # Cache pressure + "vm.overcommit_memory" = 1; # Allow overcommit + + # NUMA optimization + "vm.numa_balancing" = 0; # Disable NUMA balancing + + # Process limits + "kernel.pid_max" = 65536; # Increase PID limit + "kernel.threads-max" = 2097152; # Increase thread limit + "kernel.sched_rt_runtime_us" = -1; # Disable RT throttling + "kernel.sched_rt_period_us" = 1000000; # RT period + + # Security (minimal impact) + "kernel.kptr_restrict" = 0; # Allow kptr access + "kernel.perf_event_paranoid" = 0; # Allow perf events }; } \ No newline at end of file From 71c382c92f737b7ed8bd3dfb8f810f93b1d5b01b Mon Sep 17 00:00:00 2001 From: "randomizedcoder dave.seddon.ca@gmail.com" Date: Sat, 28 Jun 2025 19:02:07 -0700 Subject: [PATCH 24/25] cpu affinity --- desktop/l2/CPU_and_IRQ_optimization.md | 686 ++++++++++++++++++++----- desktop/l2/README.md | 15 + desktop/l2/configuration.nix | 1 + desktop/l2/hostapd-multi.nix | 5 +- desktop/l2/hostapd.nix | 203 -------- desktop/l2/hostapd.notes | 129 ----- desktop/l2/hyprland.nix | 15 - desktop/l2/irq-affinity.nix | 215 +------- desktop/l2/kernel-params.nix | 52 +- desktop/l2/network-optimization.nix | 1 + desktop/l2/systemPackages.nix | 27 +- desktop/l2/systemd-slices.nix | 169 ++++++ 12 files changed, 815 insertions(+), 703 deletions(-) delete mode 100644 desktop/l2/hostapd.nix delete mode 100644 desktop/l2/hostapd.notes delete mode 100644 desktop/l2/hyprland.nix create mode 100644 desktop/l2/systemd-slices.nix diff --git a/desktop/l2/CPU_and_IRQ_optimization.md b/desktop/l2/CPU_and_IRQ_optimization.md index 044d67a..fda8049 100644 --- a/desktop/l2/CPU_and_IRQ_optimization.md +++ b/desktop/l2/CPU_and_IRQ_optimization.md @@ -4,36 +4,40 @@ The L2 system is equipped with an **AMD Ryzen Threadripper PRO 3945WX** featuring: - **12 physical cores** with **24 logical threads** (SMT enabled) -- **4 NUMA nodes** with **64 MiB L3 cache** total -- **6 MiB L2 cache** (12 instances) -- **384 KiB L1 cache** per core (data + instruction) +- **4 NUMA nodes** +- **L3 cache**: 16MB per core complex (4x 16MB, each shared among 6 cores) +- **L2 cache**: 512KB per core +- **L1 cache**: 32KB instruction + 32KB data per core +- **128 GB RAM** for optimal network buffer allocation + +## Cache-Aware Core Pairing for Network Optimization + +On this architecture, each physical core is split into two logical processors (SMT siblings), e.g., P0/P12, P1/P13, ..., P11/P23. Both siblings share the same L1, L2, and L3 cache. To maximize cache locality and avoid cache pollution from userland processes, **network processing and IRQs should be grouped by physical core, using paired SMT siblings**. + +**Recommended pattern:** +- Use one or both SMT siblings per physical core for network processing (e.g., 0,12,1,13,2,14,3,15,4,16,5,17,6,18,7,19 for 8 physical cores) +- Assign userland to the remaining SMT siblings (e.g., 8,20,9,21,10,22,11,23) ## Current Interrupt Distribution Analysis ### Network Interface Interrupts #### Ethernet Interface (enp1s0) - Atlantic Driver -- **IRQ 168-175**: 8 MSI-X vectors distributed across cores 16-23 -- **Current distribution**: - - IRQ 168: CPU 16 (5,051 interrupts) - - IRQ 169: CPU 17 (706 interrupts) - - IRQ 170: CPU 18 (4,608 interrupts) - - IRQ 171: CPU 20 (85 interrupts) - - IRQ 172: CPU 22 (115 interrupts) - - IRQ 173: CPU 23 (521 interrupts) - - IRQ 174: CPU 14 (108 interrupts) - - IRQ 175: CPU 15 (3,924 interrupts) +- **8 MSI-X vectors** distributed across cores 16-23 +- **Current distribution**: Interrupts are clustered on cores 14, 15, 16, 17, 18, 20, 22, 23 +- **Issue**: Competing with storage I/O and userland processes #### WiFi Interfaces (4x Intel iwlwifi) -- **wlp35s0** (IRQ 179-194): 16 MSI-X vectors, mostly on CPU 21 -- **wlp65s0** (IRQ 198-213): 16 MSI-X vectors, mostly on CPU 23 -- **wlp66s0** (IRQ 214-229): 16 MSI-X vectors, mostly on CPU 14 -- **wlp97s0** (IRQ 231-246): 16 MSI-X vectors, mostly on CPU 15 +- **wlp35s0**: 16 MSI-X vectors, mostly on CPU 21 +- **wlp65s0**: 16 MSI-X vectors, mostly on CPU 23 +- **wlp66s0**: 16 MSI-X vectors, mostly on CPU 14 +- **wlp97s0**: 16 MSI-X vectors, mostly on CPU 15 +- **Issue**: All WiFi interfaces clustered on a few cores ### Storage and Other Interrupts - **NVMe drives**: Heavy interrupt load on cores 8-13, 20-23 - **USB controllers**: Scattered across cores 5-6, 18 -- **GPU**: Core 3 (19,866 interrupts) +- **GPU**: Core 3 (heavy interrupt load) ## Current Issues @@ -56,15 +60,15 @@ The L2 system is equipped with an **AMD Ryzen Threadripper PRO 3945WX** featurin ### Phase 1: Core Isolation and Dedication -#### Network Processing Cores (0-7) -**Dedicated cores for critical network interrupts and processing:** -- **Cores 0-3**: Primary network processing (4 physical cores, 8 logical threads) -- **Cores 4-7**: Secondary network processing (4 physical cores, 8 logical threads) +#### Network Processing Cores (Paired SMT Siblings) +**Dedicated SMT sibling pairs for critical network interrupts and processing:** +- **Network cores**: 0,12,1,13,2,14,3,15,4,16,5,17,6,18,7,19 (one or both SMT siblings per physical core) +- **Userland cores**: 8,20,9,21,10,22,11,23 - **Services**: hostapd, nftables, network-optimization - **Slice**: network-processing - **Benefits**: - - Dedicated L1/L2 cache for network processing - - No competition with userland workloads + - Dedicated L1/L2/L3 cache for network processing + - No competition with userland workloads on the same physical core - Better cache locality for network data structures #### Network Services Cores (8-15) @@ -88,68 +92,33 @@ The L2 system is equipped with an **AMD Ryzen Threadripper PRO 3945WX** featurin ### Phase 2: IRQ Affinity Optimization -#### Ethernet Interface (enp1s0) -```bash -# Distribute across dedicated network cores -echo 0 > /proc/irq/168/smp_affinity_list # Core 0 -echo 1 > /proc/irq/169/smp_affinity_list # Core 1 -echo 2 > /proc/irq/170/smp_affinity_list # Core 2 -echo 3 > /proc/irq/171/smp_affinity_list # Core 3 -echo 4 > /proc/irq/172/smp_affinity_list # Core 4 -echo 5 > /proc/irq/173/smp_affinity_list # Core 5 -echo 6 > /proc/irq/174/smp_affinity_list # Core 6 -echo 7 > /proc/irq/175/smp_affinity_list # Core 7 -``` - -#### WiFi Interfaces -**wlp35s0 (IRQ 179-194):** -```bash -# Distribute across cores 0-3 -for irq in {179..194}; do - echo $((irq - 179)) > /proc/irq/$irq/smp_affinity_list -done -``` - -**wlp65s0 (IRQ 198-213):** -```bash -# Distribute across cores 4-7 -for irq in {198..213}; do - echo $((irq - 198 + 4)) > /proc/irq/$irq/smp_affinity_list -done -``` - -**wlp66s0 (IRQ 214-229):** -```bash -# Distribute across cores 0-3 (alternating pattern) -for irq in {214..229}; do - echo $(((irq - 214) % 4)) > /proc/irq/$irq/smp_affinity_list -done -``` - -**wlp97s0 (IRQ 231-246):** +#### Ethernet and WiFi Interfaces ```bash -# Distribute across cores 4-7 (alternating pattern) -for irq in {231..246}; do - echo $(((irq - 231) % 4 + 4)) > /proc/irq/$irq/smp_affinity_list +# Distribute IRQs across paired SMT siblings for network processing +# Example: 0,12,1,13,2,14,3,15,4,16,5,17,6,18,7,19 +network_cores=(0 12 1 13 2 14 3 15 4 16 5 17 6 18 7 19) +irq_index=0 +for irq in $(grep -E '(enp|wlp)' /proc/interrupts | awk '{print $1}' | sed 's/://'); do + cpu=${network_cores[$((irq_index % ${#network_cores[@]}))]} + echo $cpu > /proc/irq/$irq/smp_affinity_list + irq_index=$((irq_index + 1)) done ``` ### Phase 3: Systemd Slice Configuration #### Network Processing Slice -Create a dedicated slice for critical network processing: - ```nix systemd.slices = { network-processing = { description = "Critical network processing (hostapd, nftables)"; sliceConfig = { - CPUAffinity = "0-7"; # Dedicated network cores - Nice = -10; # Higher priority - IOSchedulingClass = 1; # Real-time I/O + CPUAffinity = "0,12,1,13,2,14,3,15,4,16,5,17,6,18,7,19"; # Paired SMT siblings + Nice = -10; + IOSchedulingClass = 1; IOSchedulingPriority = 4; - MemoryHigh = "2G"; # Limit memory usage - MemoryMax = "4G"; # Hard memory limit + MemoryHigh = "8G"; + MemoryMax = "16G"; }; }; }; @@ -163,8 +132,8 @@ systemd.slices = { sliceConfig = { CPUAffinity = "8-15"; # Dedicated network services cores Nice = -5; # High priority - MemoryHigh = "1G"; # Limit memory usage - MemoryMax = "2G"; # Hard memory limit + MemoryHigh = "4G"; # Limit memory usage (3% of 128GB) + MemoryMax = "8G"; # Hard memory limit (6% of 128GB) }; }; }; @@ -176,32 +145,36 @@ systemd.slices = { userland-processing = { description = "Userland processing (monitoring, system services)"; sliceConfig = { - CPUAffinity = "16-23"; # Remaining cores - Nice = 0; # Normal priority - MemoryHigh = "4G"; # Limit memory usage - MemoryMax = "8G"; # Hard memory limit + CPUAffinity = "8,20,9,21,10,22,11,23"; # Remaining SMT siblings + Nice = 0; + MemoryHigh = "32G"; + MemoryMax = "64G"; }; }; }; ``` -### Phase 4: Kernel Parameter Optimization +### Phase 4: Kernel Parameter and Sysctl Optimization -#### CPU Isolation +#### CPU Isolation (Kernel Boot Parameters) ```bash -# Boot parameters -isolcpus=0-7 # Isolate network cores from scheduler -nohz_full=0-7 # Disable tick for network cores -rcu_nocbs=0-7 # Disable RCU callbacks on network cores +# Boot parameters (set in boot.kernelParams) +# Isolate both SMT siblings of each physical core used for network processing +isolcpus=0,12,1,13,2,14,3,15,4,16,5,17,6,18,7,19 +nohz_full=0,12,1,13,2,14,3,15,4,16,5,17,6,18,7,19 +rcu_nocbs=0,12,1,13,2,14,3,15,4,16,5,17,6,18,7,19 ``` -#### Network Stack Optimization -```bash -# Kernel parameters for network performance -net.core.netdev_budget = 600 -net.core.netdev_budget_usecs = 8000 -net.core.netdev_tstamp_prequeue = 0 -net.core.rps_sock_flow_entries = 32768 +#### Network Stack Optimization (Sysctl) +> **Note:** Network stack tunables such as `net.core.netdev_budget`, `net.core.netdev_budget_usecs`, and similar should be set via sysctl (NixOS: `boot.kernel.sysctl` or sysctl.nix), **not** as kernel boot parameters. These are runtime tunables and are not recognized as boot parameters. + +```nix +# In sysctl.nix or boot.kernel.sysctl +boot.kernel.sysctl = { + "net.core.netdev_budget" = 600; + "net.core.netdev_budget_usecs" = 8000; + # ... other network tunables ... +}; ``` ### Phase 5: NUMA Optimization @@ -234,9 +207,8 @@ systemd.services.irq-affinity = { Type = "oneshot"; ExecStart = "${pkgs.writeShellScript "irq-affinity" '' #!/bin/bash - # Ethernet interface IRQs - echo 0 > /proc/irq/168/smp_affinity_list - echo 1 > /proc/irq/169/smp_affinity_list + # Dynamic IRQ affinity distribution script + # Automatically detects network interfaces and distributes IRQs # ... (complete script) ''}"; RemainAfterExit = true; @@ -251,7 +223,7 @@ systemd.services = { hostapd = { serviceConfig = { Slice = "network-processing"; - CPUAffinity = "0-7"; + CPUAffinity = "0,12,1,13,2,14,3,15,4,16,5,17,6,18,7,19"; Nice = -10; }; }; @@ -259,7 +231,7 @@ systemd.services = { nftables = { serviceConfig = { Slice = "network-processing"; - CPUAffinity = "0-7"; + CPUAffinity = "0,12,1,13,2,14,3,15,4,16,5,17,6,18,7,19"; Nice = -5; }; }; @@ -293,7 +265,7 @@ systemd.services = { network-monitoring = { serviceConfig = { Slice = "userland-processing"; - CPUAffinity = "16-23"; + CPUAffinity = "8,20,9,21,10,22,11,23"; Nice = 0; }; }; @@ -303,11 +275,9 @@ systemd.services = { ### Step 3: Kernel Boot Parameters ```nix boot.kernelParams = [ - "isolcpus=0-7" - "nohz_full=0-7" - "rcu_nocbs=0-7" - "net.core.netdev_budget=600" - "net.core.netdev_budget_usecs=8000" + "isolcpus=0,12,1,13,2,14,3,15,4,16,5,17,6,18,7,19" + "nohz_full=0,12,1,13,2,14,3,15,4,16,5,17,6,18,7,19" + "rcu_nocbs=0,12,1,13,2,14,3,15,4,16,5,17,6,18,7,19" ]; ``` @@ -360,9 +330,16 @@ systemctl status network-processing.slice network-services.slice userland-proces ### Network Performance Testing ```bash -# Test network throughput -iperf3 -s # On network cores -iperf3 -c # From client +# Test network throughput with iperf2 +iperf -s # On network cores +iperf -c # From client + +# Test with flent (FLExible Network Tester) +flent rrul -H -l 60 + +# Test with netperf +netserver # On server +netperf -H -t TCP_STREAM ``` ### Cache Performance @@ -371,20 +348,34 @@ iperf3 -c # From client perf stat -e cache-misses,cache-references -p ``` +### Real-time Network Monitoring +```bash +# Monitor network interfaces +iftop -i br0 +nethogs +nload br0 +``` + ## Configuration Files ### 1. `irq-affinity.nix` -Network IRQ affinity configuration and slice definitions +Network IRQ affinity configuration and service for distributing interrupts across dedicated network cores -### 2. `kernel-params.nix` -Kernel boot parameters for optimization +### 2. `systemd-slices.nix` +Systemd slice definitions with CPU affinity, resource limits, and service assignments for hierarchical resource management -### 3. `monitoring.nix` +### 3. `kernel-params.nix` +Kernel boot parameters for optimization (complements existing boot config in configuration.nix) + +### 4. `monitoring.nix` Performance monitoring and logging configuration -### 4. `sysctl.nix` +### 5. `sysctl.nix` Runtime kernel network parameters +### 6. `systemPackages.nix` +Network testing tools: iperf2, flent, netperf, ethtool, sysstat, htop, iftop, nethogs, nload, speedtest-cli, mtr, traceroute, nmap, wireshark, tshark, perf-tools, perf + ## System Architecture ``` @@ -403,15 +394,379 @@ Internet (enp1s0) ## Services Overview -| Service | Purpose | CPU Cores | Priority | Slice | -|---------|---------|-----------|----------|-------| -| hostapd | WiFi access point | 0-7 | -10 (RT) | network-processing | -| nftables | Firewall/NAT | 0-7 | -5 | network-processing | -| Kea | DHCP server | 8-15 | -5 | network-services | -| PowerDNS | DNS resolver | 8-15 | -5 | network-services | -| radvd | IPv6 RA | 8-15 | -5 | network-services | -| CAKE | QoS | 0-7 | -5 | network-processing | -| Monitoring | Performance tracking | 16-23 | 0 | userland-processing | +| Service | Purpose | Slice | Slice CPU Affinity | Priority | +|--------------|------------------------|-------------------------|-------------------------------------|----------| +| hostapd | WiFi access point | network-processing.slice| 0,12,1,13,2,14,3,15,4,16,5,17,6,18,7,19 | -10 (RT) | +| Kea | DHCP server | kea.slice (child of network-services.slice) | 8,20,9,21,10,22,11,23 | -5 | +| PowerDNS | DNS resolver | pdns.slice (child of network-services.slice)| 8,20,9,21,10,22,11,23 | -5 | +| radvd | IPv6 RA | radvd.slice (child of network-services.slice)| 8,20,9,21,10,22,11,23 | -5 | +| Monitoring | Performance tracking | system.slice | 8,20,9,21,10,22,11,23 | 0 | + +**Note:** All services inherit CPU affinity and resource limits from their assigned slice. Only the three main parent slices need explicit CPU affinity settings. Kernel-level components like nftables and CAKE (QoS) are not managed by systemd slices; their performance is influenced by CPU isolation, IRQ affinity, and kernel boot parameters, not by systemd. + +## Integration with Existing Configuration + +### Boot Configuration +The system already has boot configuration in `configuration.nix`: +- **systemd-boot** with EFI support +- **linuxPackages_latest** kernel +- **Regulatory database** loading in initrd +- **cfg80211** and **iwlwifi** module options +- **Blacklisted modules** (nouveau) + +The `kernel-params.nix` module complements this existing configuration by adding: +- CPU isolation parameters +- Network performance optimizations +- Bluetooth disabling +- Security mitigation adjustments + +### System Packages +Network testing tools are installed via `systemPackages.nix`: +- **iperf2**: Traditional network performance testing +- **flent**: FLExible Network Tester for advanced network analysis +- **netperf**: Comprehensive network performance testing +- **Additional tools**: ethtool, sysstat, htop, iftop, nethogs, nload, speedtest-cli, mtr, traceroute, nmap, wireshark, tshark, perf-tools, perf + +## System Assessment and Adaptation Guide + +This section describes how to assess a different system and adapt the CPU/IRQ optimization configuration for different hardware configurations. + +### Step 1: System Hardware Assessment + +#### CPU Information +```bash +# Get CPU details +lscpu + +# Expected output example: +# CPU(s): 24 +# Thread(s) per core: 2 +# Core(s) per socket: 12 +# Socket(s): 1 +# NUMA node(s): 4 +# NUMA node0 CPU(s): 0-5 +# NUMA node1 CPU(s): 6-11 +# NUMA node2 CPU(s): 12-17 +# NUMA node3 CPU(s): 18-23 +``` + +**Key information to extract:** +- Total CPU cores and threads +- Physical cores vs logical threads (SMT/Hyperthreading) +- NUMA node configuration +- Cache sizes (L1, L2, L3) + +#### Memory Information +```bash +# Get memory details +cat /proc/meminfo | grep -E "(MemTotal|MemFree|HugePages)" + +# Expected output example: +# MemTotal: 131750188 kB +# MemFree: 128223008 kB +# HugePages_Total: 0 +# Hugepagesize: 2048 kB +``` + +**Key information to extract:** +- Total system memory +- Available memory +- Huge page configuration + +#### Network Interface Assessment +```bash +# List network interfaces +ip link show + +# Get detailed interface information +lspci | grep -i ethernet +lspci | grep -i network + +# Check WiFi interfaces +iw dev + +# Expected output example: +# Interface wlp35s0 +# Interface wlp65s0 +# Interface wlp66s0 +# Interface wlp97s0 +``` + +**Key information to extract:** +- Ethernet interface names and drivers +- WiFi interface names and drivers +- Number of network interfaces + +### Step 2: Current Interrupt Distribution Analysis + +#### IRQ Distribution +```bash +# View current interrupt distribution +cat /proc/interrupts + +# Filter for network interfaces +cat /proc/interrupts | grep -E "(enp|wlp|eth|wlan)" + +# Expected output example: +# 168: 5051 706 4608 85 115 521 108 3924 IR-PCI-MSI 65536-edge enp1s0 +# 179: 1234 567 890 234 456 789 123 456 IR-PCI-MSI 65536-edge wlp35s0 +``` + +**Key information to extract:** +- IRQ numbers for each network interface +- Current CPU distribution of interrupts +- Number of MSI-X vectors per interface + +#### CPU Utilization Patterns +```bash +# Monitor CPU usage during network activity +mpstat -P ALL 1 10 + +# Check CPU topology +cat /proc/cpuinfo | grep -E "(processor|physical id|core id)" + +# Expected output example: +# processor : 0 +# physical id : 0 +# core id : 0 +# processor : 1 +# physical id : 0 +# core id : 0 +``` + +**Key information to extract:** +- CPU topology (physical cores vs logical threads) +- Current CPU utilization patterns +- Identify cores with high interrupt load + +### Step 3: Storage and Other Interrupt Analysis + +#### Storage Interrupts +```bash +# Check storage device interrupts +cat /proc/interrupts | grep -E "(nvme|ahci|scsi)" + +# Check storage devices +lsblk +lspci | grep -i storage +``` + +#### Other System Interrupts +```bash +# Check USB, GPU, and other interrupts +cat /proc/interrupts | grep -E "(usb|gpu|pcie)" + +# Check PCIe devices +lspci -t +``` + +### Step 4: Core Allocation Strategy (Assessment Guide) + +Based on the assessment, determine the optimal core allocation: + +#### For Different CPU Configurations (Paired SMT Siblings) + +**Example: 8 physical cores, 16 logical threads** +```bash +# Assessment shows: 8 physical cores, 16 logical threads +# Strategy: Use paired SMT siblings for network processing +network_cores="0,8,1,9,2,10,3,11,4,12,5,13,6,14,7,15" +userland_cores="remaining SMT siblings" +``` + +**For your system (12 physical cores, 24 threads):** +```bash +network_cores="0,12,1,13,2,14,3,15,4,16,5,17,6,18,7,19" +userland_cores="8,20,9,21,10,22,11,23" +``` + +> **Rationale:** This pattern ensures that network processing and IRQs are always on separate physical cores (and their SMT siblings) from userland, maximizing cache locality and minimizing cross-core interference. + +### Step 5: Memory Limit Calculations + +**Formula for memory limits:** +```bash +# Calculate memory limits based on total system memory +total_memory_gb=$(($(grep MemTotal /proc/meminfo | awk '{print $2}') / 1024 / 1024)) + +# Network processing slice: 6-12% of total memory +network_processing_memory_high=$((total_memory_gb * 6 / 100)) +network_processing_memory_max=$((total_memory_gb * 12 / 100)) + +# Network services slice: 3-6% of total memory +network_services_memory_high=$((total_memory_gb * 3 / 100)) +network_services_memory_max=$((total_memory_gb * 6 / 100)) + +# Userland processing slice: 25-50% of total memory +userland_memory_high=$((total_memory_gb * 25 / 100)) +userland_memory_max=$((total_memory_gb * 50 / 100)) +``` + +### Step 6: IRQ Affinity Script Generation + +#### Dynamic IRQ Detection Script +```bash +#!/bin/bash +# Generate IRQ affinity script for the target system + +# Detect network interfaces +ethernet_interfaces=$(ip link show | grep -E "enp|eth" | awk -F: '{print $2}' | tr -d ' ') +wifi_interfaces=$(iw dev | grep Interface | awk '{print $2}') + +echo "#!/bin/bash" +echo "set -euo pipefail" +echo "" +echo "echo \"Setting IRQ affinity for network optimization...\"" +echo "" + +# Ethernet interfaces - distribute across network cores +for interface in $ethernet_interfaces; do + echo "# Ethernet interface $interface" + echo "for irq in \$(grep $interface /proc/interrupts | awk '{print \$1}' | sed 's/://'); do" + echo " cpu=\$((irq % 8)) # Distribute across cores 0-7" + echo " echo \$cpu > /proc/irq/\$irq/smp_affinity_list" + echo "done" + echo "" +done + +# WiFi interfaces - distribute across network cores +echo "# WiFi interfaces - distribute across network cores" +wifi_count=0 +for interface in $wifi_interfaces; do + if [ $((wifi_count % 2)) -eq 0 ]; then + echo "# $interface -> cores 0-3" + echo "for irq in \$(grep $interface /proc/interrupts | awk '{print \$1}' | sed 's/://'); do" + echo " cpu=\$((irq % 4)) # Distribute across cores 0-3" + echo " echo \$cpu > /proc/irq/\$irq/smp_affinity_list" + echo "done" + else + echo "# $interface -> cores 4-7" + echo "for irq in \$(grep $interface /proc/interrupts | awk '{print \$1}' | sed 's/://'); do" + echo " cpu=\$((irq % 4 + 4)) # Distribute across cores 4-7" + echo " echo \$cpu > /proc/irq/\$irq/smp_affinity_list" + echo "done" + fi + echo "" + wifi_count=$((wifi_count + 1)) +done + +echo "echo \"IRQ affinity configuration complete\"" +``` + +### Step 7: Configuration File Adaptation + +#### Kernel Parameters Adaptation +```bash +# Generate kernel parameters based on CPU configuration +cpu_count=$(nproc) +physical_cores=$(lscpu | grep "Core(s) per socket" | awk '{print $4}') +network_cores_count=$((physical_cores / 2)) # Use half of physical cores for network + +# Generate isolcpus parameter +isolcpus_range="0-$((network_cores_count * 2 - 1))" # Account for SMT + +echo "# Generated kernel parameters for $(hostname)" +echo "boot.kernelParams = [" +echo " # CPU isolation for network cores" +echo " \"isolcpus=$isolcpus_range\"" +echo " \"nohz_full=$isolcpus_range\"" +echo " \"rcu_nocbs=$isolcpus_range\"" +echo " # ... additional parameters" +echo "];" +``` + +#### Slice Configuration Adaptation +```bash +# Generate slice configuration based on system resources +total_memory_gb=$(($(grep MemTotal /proc/meminfo | awk '{print $2}') / 1024 / 1024)) +network_cores_count=$((physical_cores / 2)) + +echo "systemd.slices = {" +echo " network-processing = {" +echo " description = \"Critical network processing\";" +echo " sliceConfig = {" +echo " CPUAffinity = \"0-$((network_cores_count * 2 - 1))\";" +echo " MemoryHigh = \"${network_processing_memory_high}G\";" +echo " MemoryMax = \"${network_processing_memory_max}G\";" +echo " };" +echo " };" +echo " # ... additional slices" +echo "};" +``` + +### Step 8: Validation and Testing + +#### Pre-optimization Baseline +```bash +# Capture baseline performance +iperf -s & +sleep 5 +iperf -c localhost -t 30 > baseline_results.txt +killall iperf + +# Capture baseline IRQ distribution +cat /proc/interrupts > baseline_interrupts.txt +``` + +#### Post-optimization Validation +```bash +# Verify IRQ distribution +echo "Verifying IRQ distribution..." +cat /proc/interrupts | grep -E "(enp|wlp|eth|wlan)" + +# Verify CPU isolation +echo "Verifying CPU isolation..." +cat /proc/cmdline | grep isolcpus + +# Verify slice configuration +echo "Verifying slice configuration..." +systemctl status network-processing.slice network-services.slice userland-processing.slice + +# Performance testing +iperf -s & +sleep 5 +iperf -c localhost -t 30 > optimized_results.txt +killall iperf + +# Compare results +echo "Performance comparison:" +echo "Baseline: $(grep -E "SUM.*Gbits/sec" baseline_results.txt)" +echo "Optimized: $(grep -E "SUM.*Gbits/sec" optimized_results.txt)" +``` + +### Step 9: Documentation Template + +Create a system-specific documentation file: + +```bash +cat > system_assessment_$(hostname).md << EOF +# System Assessment for $(hostname) + +## Hardware Configuration +- **CPU**: $(lscpu | grep "Model name" | cut -d: -f2 | xargs) +- **Cores**: $(nproc) logical, $(lscpu | grep "Core(s) per socket" | awk '{print $4}') physical +- **Memory**: $(($(grep MemTotal /proc/meminfo | awk '{print $2}') / 1024 / 1024)) GB +- **NUMA Nodes**: $(lscpu | grep "NUMA node(s)" | awk '{print $3}') + +## Network Interfaces +$(ip link show | grep -E "enp|eth|wlp" | awk '{print " - " $2}') + +## Optimization Strategy +- **Network Cores**: 0-$((network_cores_count * 2 - 1)) +- **Userland Cores**: $((network_cores_count * 2))-$((nproc - 1)) +- **Memory Limits**: Network=${network_processing_memory_high}G/${network_processing_memory_max}G, Services=${network_services_memory_high}G/${network_services_memory_max}G + +## Configuration Files +- Modified: kernel-params.nix, irq-affinity.nix, sysctl.nix +- Generated: system-specific IRQ affinity script + +## Performance Results +- Baseline: [To be measured] +- Optimized: [To be measured] +EOF +``` + +This assessment guide provides a systematic approach to adapting the CPU/IRQ optimization configuration for different hardware configurations, ensuring optimal performance regardless of the specific system architecture. ## Conclusion @@ -420,8 +775,95 @@ This optimization strategy provides: - **Dedicated network services cores** (8-15) for infrastructure services - **Isolated userland processing** (16-23) for system stability - **Optimized IRQ distribution** across dedicated cores -- **Slice-based resource management** with memory limits +- **Slice-based resource management** with memory limits optimized for 128GB RAM - **NUMA-aware memory allocation** for better locality - **Kernel parameter tuning** for network performance +- **Comprehensive network testing tools** for performance validation +- **Systematic assessment methodology** for adapting to different hardware configurations + +The result is a high-performance WiFi access point optimized for maximum network throughput with minimal latency and CPU overhead, featuring a clean and maintainable systemd hierarchy with proper resource isolation and extensive monitoring capabilities. + +## Per-Daemon Systemd Slices for Maximum Visibility and Control + +To achieve the highest level of resource isolation, monitoring, and control, this design uses a dedicated systemd slice for each major network service (daemon). This approach leverages systemd's hierarchical cgroup model, allowing you to: +- Set CPU, memory, and IO limits per service +- Monitor each service's resource usage independently +- Apply fine-grained policies and priorities +- Optionally group related slices under a parent slice for aggregate monitoring + +### Three Main Parent Slices with CPU Affinity + +The configuration defines three main parent slices, each with its own CPU affinity and resource limits: +- **network-processing.slice**: For critical network processing (hostapd, nftables, etc.) +- **network-services.slice**: For network infrastructure services (Kea, PowerDNS, radvd, etc.) +- **system.slice**: For userland/system services + +**CPU affinity and resource limits are set only on these three main slices.** + +### Per-Daemon Subordinate Slices Inherit from Main Slices + +Each major daemon gets its own subordinate slice (e.g., `kea.slice`, `pdns.slice`, `radvd.slice`), which is attached as a child to the appropriate main slice. The per-daemon slices inherit CPU affinity and other limits from their parent, so you only need to set these on the main slices. + +#### Example NixOS Configuration + +```nix +# Main parent slices with CPU affinity +systemd.slices.network-processing = { + description = "Critical network processing"; + sliceConfig = { + CPUAffinity = "0,12,1,13,2,14,3,15,4,16,5,17,6,18,7,19"; + MemoryHigh = "8G"; + MemoryMax = "16G"; + }; +}; +systemd.slices.network-services = { + description = "Network infrastructure services"; + sliceConfig = { + CPUAffinity = "8,20,9,21,10,22,11,23"; + MemoryHigh = "4G"; + MemoryMax = "8G"; + }; +}; +# Use the existing system.slice for userland/system services +systemd.slices.system = { + description = "System and userland services"; + sliceConfig = { + CPUAffinity = "8,20,9,21,10,22,11,23"; + MemoryHigh = "32G"; + MemoryMax = "64G"; + }; +}; + +# Per-daemon slices inherit from main slices +systemd.slices.kea = { + description = "KEA DHCP server slice"; + sliceConfig = { + Slice = "network-services.slice"; + }; +}; +systemd.slices.pdns = { + description = "PowerDNS Recursor slice"; + sliceConfig = { + Slice = "network-services.slice"; + }; +}; +systemd.slices.radvd = { + description = "radvd IPv6 RA slice"; + sliceConfig = { + Slice = "network-services.slice"; + }; +}; + +# Assign each service to its per-daemon slice +systemd.services.kea-dhcp4-server.serviceConfig.Slice = "kea.slice"; +systemd.services.pdns-recursor.serviceConfig.Slice = "pdns.slice"; +systemd.services.radvd.serviceConfig.Slice = "radvd.slice"; +``` + +### Benefits +- **Simplicity**: Only set CPU affinity and main limits on three main slices +- **Visibility**: Each daemon is tracked and controlled independently +- **Hierarchy**: Per-daemon slices inherit from main slices, keeping configuration clear and maintainable +- **Flexibility**: You can still override or add limits on a per-daemon basis if needed -The result is a high-performance WiFi access point optimized for maximum network throughput with minimal latency and CPU overhead, featuring a clean and maintainable systemd hierarchy with proper resource isolation. \ No newline at end of file +This hierarchical slice design is recommended for maximum clarity, control, and monitoring in high-performance NixOS network systems. \ No newline at end of file diff --git a/desktop/l2/README.md b/desktop/l2/README.md index 6f5ab64..db16f7b 100644 --- a/desktop/l2/README.md +++ b/desktop/l2/README.md @@ -63,6 +63,21 @@ The system manages 4 WiFi interfaces: All interfaces operate in 5GHz band with WPA3-SAE authentication. +### WiFi WMM (QoS) Configuration + +This system uses specific WMM (Wi-Fi Multimedia) settings for the best effort (AC_BE) access category, as suggested by Nokia WiFi engineer Koen De Schepper, to optimize WiFi performance for normal-priority traffic: + +``` +# Normal priority / AC_BE = best effort +wmm_ac_be_aifs=1 +wmm_ac_be_cwmin=4 +wmm_ac_be_cwmax=4 +wmm_ac_be_txop_limit=32 +wmm_ac_be_acm=0 +``` + +These values are set in the `hostapd-multi.nix` configuration and ensure that best effort traffic is handled with optimal latency and fairness, as recommended by industry experts. + ## CPU and IRQ Optimization ### System Architecture diff --git a/desktop/l2/configuration.nix b/desktop/l2/configuration.nix index ced9164..4822628 100644 --- a/desktop/l2/configuration.nix +++ b/desktop/l2/configuration.nix @@ -41,6 +41,7 @@ ./network-optimization.nix # CPU and IRQ optimization modules ./irq-affinity.nix + ./systemd-slices.nix ./kernel-params.nix ./monitoring.nix ]; diff --git a/desktop/l2/hostapd-multi.nix b/desktop/l2/hostapd-multi.nix index abe57a2..b963c94 100644 --- a/desktop/l2/hostapd-multi.nix +++ b/desktop/l2/hostapd-multi.nix @@ -17,7 +17,7 @@ let bridge = "br0"; ieee80211w = 2; - # WMM tuning + # WMM tuning (as recommended by Koen De Schepper, Nokia) wmm_ac_be_aifs = 1; wmm_ac_be_cwmin = 4; wmm_ac_be_cwmax = 4; @@ -127,6 +127,7 @@ in { } ]; }; + serviceConfig.Slice = "kea.slice"; }; }; # services.prometheus.exporters.kea = { @@ -148,6 +149,7 @@ in { serve_rfc1918 = true; }; }; + serviceConfig.Slice = "pdns.slice"; }; # IPv6 SLAAC via radvd @@ -166,6 +168,7 @@ in { }; }; ''; + serviceConfig.Slice = "radvd.slice"; }; # https://nixos.wiki/wiki/Systemd-networkd diff --git a/desktop/l2/hostapd.nix b/desktop/l2/hostapd.nix deleted file mode 100644 index f6514e1..0000000 --- a/desktop/l2/hostapd.nix +++ /dev/null @@ -1,203 +0,0 @@ -# -# hostapd.nix -# - -# -# NOT using service.hostapd, because it has limited configuration capabilities -# https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/networking/hostapd.nix -# -# Using custom systemd services to run hostapd per interface -# -# systemctl status hostapd-wlp35s0 -# systemctl status hostapd-wlp65s0 -# systemctl status hostapd-wlp70s0 -# -# nix pkgs source -# https://github.com/NixOS/nixpkgs/blob/master/pkgs/by-name/ho/hostapd/package.nix -# https://w1.fi/hostapd/ -# https://github.com/latelee/hostapd -# -# Giant NixPkgs PR: https://github.com/NixOS/nixpkgs/pull/222536 - -# [das@l2:~]$ lspci | grep -iE '(net|wi)' -# 01:00.0 Ethernet controller: Aquantia Corp. AQtion AQC107 NBase-T/IEEE 802.3an Ethernet Controller [Atlantic 10G] (rev 02) -# 02:00.0 PCI bridge: Advanced Micro Devices, Inc. [AMD] Matisse Switch Upstream -# 23:00.0 Network controller: Intel Corporation Wi-Fi 6E(802.11ax) AX210/AX1675* 2x2 [Typhoon Peak] (rev 1a) -# 41:00.0 Network controller: Intel Corporation Wi-Fi 6E(802.11ax) AX210/AX1675* 2x2 [Typhoon Peak] (rev 1a) -# 42:00.0 Network controller: Intel Corporation Wi-Fi 6E(802.11ax) AX210/AX1675* 2x2 [Typhoon Peak] (rev 1a) -# 61:00.0 Network controller: Intel Corporation Wi-Fi 6E(802.11ax) AX210/AX1675* 2x2 [Typhoon Peak] (rev 1a) - -# [das@l2:~]$ ifconfig -a | grep Ether -# br0 Link encap:Ethernet HWaddr 6A:9C:34:61:21:28 -# docker0 Link encap:Ethernet HWaddr 02:42:DE:0F:7E:B0 -# enp1s0 Link encap:Ethernet HWaddr E0:4F:43:E6:2D:B0 -# wlp35s0 Link encap:Ethernet HWaddr 28:A4:4A:27:E7:7D -# wlp65s0 Link encap:Ethernet HWaddr 28:A4:4A:D7:86:74 -# wlp66s0 Link encap:Ethernet HWaddr 28:A4:4A:27:E7:73 -# wlp97s0 Link encap:Ethernet HWaddr 28:A4:4A:01:73:D6 - -# [das@l2:~/nixos/desktop/l2]$ iw dev | grep -A5 phy -# phy#15 -# Interface wlp35s0 -# ifindex 27 -# wdev 0xf00000001 -# addr 28:a4:4a:27:e7:7d -# type managed -# -- -# phy#14 -# Interface wlp66s0 -# ifindex 26 -# wdev 0xe00000001 -# addr 28:a4:4a:27:e7:73 -# type managed -# -- -# phy#13 -# Interface wlp65s0 -# ifindex 25 -# wdev 0xd00000001 -# addr 28:a4:4a:d7:86:74 -# type managed -# -- -# phy#12 -# Interface wlp97s0 -# ifindex 24 -# wdev 0xc00000001 -# addr 28:a4:4a:01:73:d6 -# type managed - -# [das@l2:~/nixos/desktop/l2]$ - -# systemctl status hostapd.service -# journalctl -xeu hostapd.service - -# remove -# sudo sh -c "rmmod iwlmvm || true && rmmod iwlwifi || true && rmmod mac80211 || true" -# add -# sudo sh -c "modprobe iwlmvm || true && modprobe iwlwifi || true && modprobe mac80211 || true" - -# sudo strace -f -tt -s 256 -o hostapd_strace.log /nix/store/px5q7qqnrpw981i8ccg1cgx8p5pf4nc6-hostapd-2.11/bin/hostapd -dd /nix/store/1dbx6njz2acsw5hv5rw5x21pybr9nsb3-hostapd.conf - -# cat /etc/systemd/system/hostapd.service - -{ config, lib, pkgs, ... }: - -let - # List of Wi-Fi interfaces to manage - wifiInterfaces = [ "wlp35s0" "wlp65s0" "wlp66s0" "wlp97s0" ]; - - # Real MAC addresses for each interface (used for bssid=) - ifaceMacs = { - wlp35s0 = "28:A4:4A:27:E7:7D"; - wlp65s0 = "28:A4:4A:D7:86:74"; - wlp66s0 = "28:A4:4A:27:E7:73"; - wlp97s0 = "28:A4:4A:01:73:D6"; - }; - - # Common SSID and WPA3 settings - ssid = "myssid"; - psk = "supersecure"; - - # Common AP parameters - commonParams = iface: '' - # - ##### Configuration for ${iface} ##### - # - ${if iface == builtins.elemAt wifiInterfaces 0 then "interface=${iface}" else "bss=${iface}"} - bssid=${ifaceMacs.${iface}} - ssid=${ssid} - hw_mode=g - channel=6 - ieee80211n=1 - ieee80211ac=1 - ieee80211ax=1 - wmm_enabled=1 - - # WMM tuning - wmm_ac_be_aifs=1 - wmm_ac_be_cwmin=4 - wmm_ac_be_cwmax=4 - wmm_ac_be_txop_limit=32 - wmm_ac_be_acm=0 - - # WPA3-SAE settings - wpa=2 - wpa_key_mgmt=SAE - rsn_pairwise=CCMP - sae_require_mfp=1 - ieee80211w=2 - ft_psk_generate_local=1 - mobility_domain=4f57 - ft_over_ds=1 - nas_identifier=${iface}-ap - sae_password=${psk} - bridge=br0 - macaddr_acl=0 - ''; - - # Generate a single hostapd.conf for all BSSes - hostapdConf = pkgs.writeText "hostapd.conf" ( - '' - ctrl_interface=/run/hostapd - country_code=US - ieee80211d=1 - logger_syslog=-1 - logger_syslog_level=2 - logger_stdout=-1 - logger_stdout_level=2 - '' + - lib.concatMapStringsSep "\n" commonParams wifiInterfaces - ); - -in { - systemd.services.hostapd = { - description = "Unified hostapd service for multi-interface Wi-Fi"; - wantedBy = [ "multi-user.target" ]; - after = [ "network-online.target" ]; - requires = [ "network-online.target" ]; - - path = [ pkgs.hostapd pkgs.iproute2 pkgs.iw ]; - - serviceConfig = { - ExecStart = "${pkgs.hostapd}/bin/hostapd -dd ${hostapdConf}"; - Restart = "on-failure"; - - Type = "simple"; - - LimitNOFILE = 65535; - - MemoryMax = "1024M"; - CPUQuota = "100%"; - }; - }; - - networking = { - networkmanager.enable = false; - useDHCP = false; - - # Define empty bridge device, do not enslave wifi interfaces directly - bridges.br0.interfaces = [ ]; - - interfaces."br0" = { - ipv4.addresses = [{ address = "192.168.1.1"; prefixLength = 24; }]; - ipv6.addresses = [{ address = "fd00::1"; prefixLength = 64; }]; - }; - - interfaces."enp1s0".useDHCP = true; - - nat.enable = true; - nat.externalInterface = "enp1s0"; - nat.internalInterfaces = [ "br0" ]; - }; -} - -# modprobe nlmon -# sudo modprobe nlmon -# lsmod | grep nlmon -# sudo ip link add nlmon0 type nlmon -# sudo ip link set dev nlmon0 up -# sudo tcpdump -i nlmon0 -w netlink.pcap -# sudo chown das:das *.pcap - -# https://jvns.ca/blog/2017/09/03/debugging-netlink-requests/ - -# end \ No newline at end of file diff --git a/desktop/l2/hostapd.notes b/desktop/l2/hostapd.notes deleted file mode 100644 index fb8545c..0000000 --- a/desktop/l2/hostapd.notes +++ /dev/null @@ -1,129 +0,0 @@ -# -# hostapd.nix -# - -# -# NOT using service.hostapd, because it has limited configuration capabilities -# https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/networking/hostapd.nix -# -# Using custom systemd services to run hostapd per interface -# -# systemctl status hostapd-wlp35s0 -# systemctl status hostapd-wlp65s0 -# systemctl status hostapd-wlp70s0 -# -# nix pkgs source -# https://github.com/NixOS/nixpkgs/blob/master/pkgs/by-name/ho/hostapd/package.nix -# https://w1.fi/hostapd/ -# https://github.com/latelee/hostapd -# -{ config, pkgs, lib, ... }: - -let - radios = { - wlp35s0 = { - channel = 6; - hwMode = "g"; - mac = "8E:37:6C:2E:40:FA"; - }; - wlp65s0 = { - channel = 100; - hwMode = "a"; - mac = "F6:FB:A4:06:06:82"; - }; - wlp70s0 = { - channel = 149; - hwMode = "a"; - mac = "AA:72:0E:90:28:4A"; - }; - }; - - # # 🔐 Secure unique R1KH keys per destination MAC - # r1khSecrets = { - # "8E:37:6C:2E:40:FA" = "fdeadbeef00000000000000000000001"; - # "F6:FB:A4:06:06:82" = "cafef00dbabe00000000000000000002"; - # "AA:72:0E:90:28:4A" = "facefeedfeed00000000000000000003"; - # }; - - # normalizeMac = mac: builtins.replaceStrings [":"] - # [""] (lib.strings.toLower mac); - - # safeNASID = mac: "ap-${normalizeMac mac}"; - - # r0khLines = lib.concatStringsSep "\n" ( - # lib.mapAttrsToList (_iface: cfg: - # let mac = normalizeMac cfg.mac; - # in "r0kh=${normalizeMac peer.mac},${safeNASID peer.mac},${r1khSecrets.${peer.mac}}" - # ) radios - # ); - - # mkHostapdConf = iface: cfg: let - # r1khLines = lib.concatStringsSep "\n" ( - # lib.mapAttrsToList (_peerIface: peerCfg: - # if peerCfg.mac != cfg.mac then - # "r1kh=${normalizeMac peerCfg.mac},${r1khSecrets.${peerCfg.mac}}" - # else - # "" - # ) radios - # ); - #\${r0khLines} - #\${r1khLines} - - in - pkgs.writeText "hostapd-${iface}.conf" '' - driver=nl80211 - ssid=myssid - hw_mode=${cfg.hwMode} - channel=${toString cfg.channel} - ctrl_interface=/run/hostapd-${iface} - ctrl_interface_group=0 - - wpa=2 - wpa_key_mgmt=SAE - rsn_pairwise=CCMP - sae_require_mfp=1 - ieee80211w=2 - ieee80211n=1 - ieee80211ac=1 - ieee80211ax=1 - wmm_enabled=1 - - # Fast BSS Transition with push mode - #ieee80211r=1 - pmk_r1_push=1 - mobility_domain=4f57 - ft_over_ds=1 - ft_psk_generate_local=1 - nas_identifier=myssid-ap - - #r0khLines - #r1khLines - - # WMM tuning - wmm_ac_be_aifs=1 - wmm_ac_be_cwmin=4 - wmm_ac_be_cwmax=4 - wmm_ac_be_txop_limit=32 - wmm_ac_be_acm=0 - ''; - - hostapdConfigs = lib.mapAttrs (iface: cfg: mkHostapdConf iface cfg) radios; - -in { - systemd.services = lib.mapAttrs' (iface: confPath: { - name = "hostapd-${iface}"; - value = { - description = "Hostapd on ${iface}"; - wantedBy = [ "multi-user.target" ]; - after = [ "network.target" ]; - serviceConfig = { - ExecStart = "${pkgs.hostapd}/bin/hostapd -i ${iface} ${confPath}"; - Restart = "on-failure"; - RuntimeDirectory = "hostapd-${iface}"; - }; - }; - }) hostapdConfigs; -} - - -# end \ No newline at end of file diff --git a/desktop/l2/hyprland.nix b/desktop/l2/hyprland.nix deleted file mode 100644 index c4970d4..0000000 --- a/desktop/l2/hyprland.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ config, pkgs, ... }: -{ - # Enable Hyprland system-wide - programs.hyprland = { - enable = true; - xwayland.enable = true; - }; - - # Enable XDG portal for Wayland - xdg.portal = { - enable = true; - extraPortals = with pkgs; [ xdg-desktop-portal-gtk ]; - config.common.default = "gtk"; - }; -} \ No newline at end of file diff --git a/desktop/l2/irq-affinity.nix b/desktop/l2/irq-affinity.nix index 594cb00..8a33ba7 100644 --- a/desktop/l2/irq-affinity.nix +++ b/desktop/l2/irq-affinity.nix @@ -4,73 +4,33 @@ { config, lib, pkgs, ... }: let - # Network core assignments - networkCores = "0-7"; # Dedicated network processing cores - userlandCores = "8-23"; # Remaining cores for userland + # Network core assignments (cache-aware, paired SMT siblings) + networkCores = "0,12,1,13,2,14,3,15,4,16,5,17,6,18,7,19"; # Dedicated network processing cores - # IRQ affinity script + # IRQ affinity script (distribute across paired SMT siblings) irqAffinityScript = pkgs.writeShellScript "irq-affinity" '' #!/bin/bash set -euo pipefail - echo "Setting IRQ affinity for network optimization..." + echo "Setting IRQ affinity for network optimization (cache-aware, paired SMT siblings)..." - # Function to set IRQ affinity - set_irq_affinity() { - local irq=$1 - local cpu=$2 + # List of network cores (paired SMT siblings) + network_cores=(0 12 1 13 2 14 3 15 4 16 5 17 6 18 7 19) + irq_index=0 + for irq in $(grep -E '(enp|wlp)' /proc/interrupts | awk '{print $1}' | sed 's/://'); do + cpu=${network_cores[$((irq_index % ${#network_cores[@]}))]} if [[ -e "/proc/irq/$irq/smp_affinity_list" ]]; then echo "$cpu" > "/proc/irq/$irq/smp_affinity_list" echo "IRQ $irq -> CPU $cpu" else echo "Warning: IRQ $irq not found" fi - } - - # Ethernet interface (enp1s0) - Atlantic driver - # Distribute across cores 0-7 - set_irq_affinity 168 0 # Core 0 - set_irq_affinity 169 1 # Core 1 - set_irq_affinity 170 2 # Core 2 - set_irq_affinity 171 3 # Core 3 - set_irq_affinity 172 4 # Core 4 - set_irq_affinity 173 5 # Core 5 - set_irq_affinity 174 6 # Core 6 - set_irq_affinity 175 7 # Core 7 - - # WiFi interface wlp35s0 (IRQ 179-194) - # Distribute across cores 0-3 - for irq in {179..194}; do - cpu=$((irq - 179)) - set_irq_affinity $irq $cpu - done - - # WiFi interface wlp65s0 (IRQ 198-213) - # Distribute across cores 4-7 - for irq in {198..213}; do - cpu=$((irq - 198 + 4)) - set_irq_affinity $irq $cpu - done - - # WiFi interface wlp66s0 (IRQ 214-229) - # Distribute across cores 0-3 (alternating pattern) - for irq in {214..229}; do - cpu=$(((irq - 214) % 4)) - set_irq_affinity $irq $cpu - done - - # WiFi interface wlp97s0 (IRQ 231-246) - # Distribute across cores 4-7 (alternating pattern) - for irq in {231..246}; do - cpu=$(((irq - 231) % 4 + 4)) - set_irq_affinity $irq $cpu + irq_index=$((irq_index + 1)) done echo "IRQ affinity configuration complete" - - # Verify configuration echo "Current IRQ distribution:" - cat /proc/interrupts | grep -E "(enp1s0|iwlwifi)" | head -20 + cat /proc/interrupts | grep -E "(enp|wlp)" | head -20 ''; in { @@ -89,155 +49,6 @@ in { StandardError = "journal"; }; }; +} - # Systemd slices for better resource organization - systemd.slices = { - # Network processing slice - Critical network services (cores 0-7) - network-processing = { - description = "Critical network processing (hostapd, nftables)"; - sliceConfig = { - CPUAffinity = networkCores; - Nice = -10; - IOSchedulingClass = 1; # Real-time I/O - IOSchedulingPriority = 4; - MemoryHigh = "2G"; # Limit memory usage - MemoryMax = "4G"; # Hard memory limit - }; - }; - - # Network services slice - DHCP, DNS, RA (cores 8-15) - network-services = { - description = "Network services (DHCP, DNS, RA)"; - sliceConfig = { - CPUAffinity = "8-15"; # Dedicated subset of userland cores - Nice = -5; - MemoryHigh = "1G"; # Limit memory usage - MemoryMax = "2G"; # Hard memory limit - }; - }; - - # Userland processing slice - Everything else (cores 16-23) - userland-processing = { - description = "Userland processing (monitoring, system services)"; - sliceConfig = { - CPUAffinity = "16-23"; # Remaining cores - Nice = 0; - MemoryHigh = "4G"; # Limit memory usage - MemoryMax = "8G"; # Hard memory limit - }; - }; - }; - - # CPU Affinity for Network Services - systemd.services = { - # Critical network processing services (network-processing slice) - hostapd = { - serviceConfig = { - Slice = "network-processing"; - CPUAffinity = networkCores; - Nice = -10; - IOSchedulingClass = 1; # Real-time I/O - IOSchedulingPriority = 4; - LimitNOFILE = 65536; - Restart = "always"; - RestartSec = "5s"; - }; - }; - - nftables = { - serviceConfig = { - Slice = "network-processing"; - CPUAffinity = networkCores; - Nice = -5; - LimitNOFILE = 65536; - Restart = "always"; - RestartSec = "5s"; - }; - }; - - # Network services (network-services slice) - kea-dhcp4-server = { - serviceConfig = { - Slice = "network-services"; - CPUAffinity = "8-15"; - Nice = -5; - LimitNOFILE = 65536; - Restart = "always"; - RestartSec = "10s"; - }; - }; - - pdns-recursor = { - serviceConfig = { - Slice = "network-services"; - CPUAffinity = "8-15"; - Nice = -5; - LimitNOFILE = 65536; - Restart = "always"; - RestartSec = "10s"; - }; - }; - - radvd = { - serviceConfig = { - Slice = "network-services"; - CPUAffinity = "8-15"; - Nice = -5; - Restart = "always"; - RestartSec = "10s"; - }; - }; - - # Network optimization service (network-processing slice) - network-optimization = { - serviceConfig = { - Slice = "network-processing"; - CPUAffinity = networkCores; - Nice = -5; - }; - }; - - # IRQ affinity service (system slice - runs early) - irq-affinity = { - serviceConfig = { - Slice = "system.slice"; # Keep in system slice for early execution - CPUAffinity = networkCores; - Nice = -10; - }; - }; - - # Monitoring services (userland-processing slice) - network-monitoring = { - serviceConfig = { - Slice = "userland-processing"; - CPUAffinity = "16-23"; - Nice = 0; - }; - }; - - performance-test = { - serviceConfig = { - Slice = "userland-processing"; - CPUAffinity = "16-23"; - Nice = 0; - }; - }; - - realtime-monitoring = { - serviceConfig = { - Slice = "userland-processing"; - CPUAffinity = "16-23"; - Nice = 0; - }; - }; - - # CPU performance service (system slice - runs early) - cpu-performance = { - serviceConfig = { - Slice = "system.slice"; # Keep in system slice for early execution - CPUAffinity = networkCores; - Nice = -10; - }; - }; - }; -} \ No newline at end of file +# end \ No newline at end of file diff --git a/desktop/l2/kernel-params.nix b/desktop/l2/kernel-params.nix index 36ef5f8..3f523c9 100644 --- a/desktop/l2/kernel-params.nix +++ b/desktop/l2/kernel-params.nix @@ -6,53 +6,53 @@ { # Boot kernel parameters for network optimization boot.kernelParams = [ - # CPU isolation for network cores - "isolcpus=0-7" # Isolate cores 0-7 from scheduler - "nohz_full=0-7" # Disable tick for network cores - "rcu_nocbs=0-7" # Disable RCU callbacks on network cores + # CPU isolation for network cores (cache-aware, paired SMT siblings) + "isolcpus=0,12,1,13,2,14,3,15,4,16,5,17,6,18,7,19" + "nohz_full=0,12,1,13,2,14,3,15,4,16,5,17,6,18,7,19" + "rcu_nocbs=0,12,1,13,2,14,3,15,4,16,5,17,6,18,7,19" # Interrupt handling - "irqaffinity=0-7" # Default IRQ affinity to network cores - "threadirqs" # Threaded IRQs for better performance + "irqaffinity=0,12,1,13,2,14,3,15,4,16,5,17,6,18,7,19" + "threadirqs" # Memory management - "hugepagesz=1G" # 1GB huge pages for network buffers - "hugepages=4" # Allocate 4 huge pages + "hugepagesz=1G" + "hugepages=4" # CPU frequency scaling - "intel_pstate=performance" # Performance governor + "intel_pstate=performance" "cpufreq.default_governor=performance" # NUMA optimization - "numa_balancing=0" # Disable automatic NUMA balancing + "numa_balancing=0" # I/O scheduler - "elevator=bfq" # Budget Fair Queueing scheduler + "elevator=bfq" # Security mitigations (minimal impact on network performance) - "mitigations=off" # Disable security mitigations for performance + "mitigations=off" "spectre_v2=off" "spec_store_bypass_disable=off" "retbleed=off" # WiFi optimizations - "cfg80211.ieee80211_regdom=US" # Set regulatory domain - "iwlwifi.power_save=0" # Disable power saving - "iwlwifi.11n_disable=0" # Enable 802.11n - "iwlwifi.bt_coex_active=0" # Disable Bluetooth coexistence + "cfg80211.ieee80211_regdom=US" + "iwlwifi.power_save=0" + "iwlwifi.11n_disable=0" + "iwlwifi.bt_coex_active=0" # PCIe optimizations - "pcie_aspm=off" # Disable ASPM for performance - "pcie_aspm.policy=performance" # Performance policy + "pcie_aspm=off" + "pcie_aspm.policy=performance" # Bluetooth disabling - "bluetooth.blacklist=1" # Disable Bluetooth - "btusb.blacklist=1" # Disable USB Bluetooth - "btintel.blacklist=1" # Disable Intel Bluetooth + "bluetooth.blacklist=1" + "btusb.blacklist=1" + "btintel.blacklist=1" # Debugging (disable for production) - "quiet" # Quiet boot - "loglevel=3" # Reduce log level + "quiet" + "loglevel=3" ]; # CPU frequency scaling @@ -73,8 +73,8 @@ echo performance > "$cpu" 2>/dev/null || true done - # Set minimum and maximum frequency to maximum for network cores - for cpu in {0..7}; do + # Set min/max frequency to maximum for network cores (paired SMT siblings) + for cpu in 0 12 1 13 2 14 3 15 4 16 5 17 6 18 7 19; do if [[ -e "/sys/devices/system/cpu/cpu$cpu/cpufreq/cpuinfo_max_freq" ]]; then max_freq=$(cat "/sys/devices/system/cpu/cpu$cpu/cpufreq/cpuinfo_max_freq") echo "$max_freq" > "/sys/devices/system/cpu/cpu$cpu/cpufreq/scaling_min_freq" 2>/dev/null || true @@ -82,7 +82,7 @@ fi done - echo "CPU performance governor set for network optimization" + echo "CPU performance governor set for network optimization (paired SMT siblings)" ''; RemainAfterExit = true; StandardOutput = "journal"; diff --git a/desktop/l2/network-optimization.nix b/desktop/l2/network-optimization.nix index fb4f573..2a9088d 100644 --- a/desktop/l2/network-optimization.nix +++ b/desktop/l2/network-optimization.nix @@ -1,6 +1,7 @@ # # l2/network-optimization.nix # + # Network interface optimizations for Atlantic NIC in WiFi access point configuration # # Ring Buffer Optimizations: diff --git a/desktop/l2/systemPackages.nix b/desktop/l2/systemPackages.nix index c02c920..c3a9296 100644 --- a/desktop/l2/systemPackages.nix +++ b/desktop/l2/systemPackages.nix @@ -9,6 +9,7 @@ { # $ nix search wget environment.systemPackages = with pkgs; [ + # Basic system tools psmisc vim @@ -17,25 +18,41 @@ tcpdump iproute2 nftables - iptables + #iptables pciutils usbutils iw wirelesstools - wpa_supplicant + #wpa_supplicant lldpd #snmp seems to be needed by lldpd net-snmp neofetch - libxml2 # Added for bazel/clang development - clinfo - lact hostapd bridge-utils wireless-regdb linux-firmware + # Network testing and performance tools + iperf2 + flent + netperf + ethtool + sysstat + htop + iftop + nethogs + nload + speedtest-cli + mtr + traceroute + nmap + tshark + perf-tools + linuxPackages_latest.perf ]; } + +# end \ No newline at end of file diff --git a/desktop/l2/systemd-slices.nix b/desktop/l2/systemd-slices.nix new file mode 100644 index 0000000..f99b02b --- /dev/null +++ b/desktop/l2/systemd-slices.nix @@ -0,0 +1,169 @@ +# Systemd Slices Configuration for L2 WiFi Access Point +# Defines hierarchical slice structure with CPU affinity and resource limits + +{ config, lib, pkgs, ... }: + +let + # Network core assignments (cache-aware, paired SMT siblings) + networkCores = "0,12,1,13,2,14,3,15,4,16,5,17,6,18,7,19"; # Dedicated network processing cores + userlandCores = "8,20,9,21,10,22,11,23"; # Remaining cores for userland + +in { + # Systemd slices for better resource organization + systemd.slices = { + # Network processing slice - Critical network services (paired SMT siblings) + network-processing = { + description = "Critical network processing (hostapd)"; + sliceConfig = { + CPUAffinity = networkCores; + Nice = -10; + IOSchedulingClass = 1; # Real-time I/O + IOSchedulingPriority = 4; + MemoryHigh = "8G"; + MemoryMax = "16G"; + }; + }; + + # Network services slice - DHCP, DNS, RA (userland cores) + network-services = { + description = "Network services (DHCP, DNS, RA)"; + sliceConfig = { + CPUAffinity = userlandCores; + Nice = -5; + MemoryHigh = "4G"; + MemoryMax = "8G"; + }; + }; + + # Use the existing system.slice for userland/system services + system = { + description = "System and userland services"; + sliceConfig = { + CPUAffinity = userlandCores; + Nice = 0; + MemoryHigh = "32G"; + MemoryMax = "64G"; + }; + }; + + # Per-daemon slices (inherit from main slices) + kea = { + description = "KEA DHCP server slice"; + sliceConfig = { + Slice = "network-services.slice"; + }; + }; + pdns = { + description = "PowerDNS Recursor slice"; + sliceConfig = { + Slice = "network-services.slice"; + }; + }; + radvd = { + description = "radvd IPv6 RA slice"; + sliceConfig = { + Slice = "network-services.slice"; + }; + }; + }; + + # CPU Affinity for Network Services + systemd.services = { + # Critical network processing services (network-processing slice) + hostapd = { + serviceConfig = { + Slice = "network-processing.slice"; + Nice = -10; + IOSchedulingClass = 1; # Real-time I/O + IOSchedulingPriority = 4; + LimitNOFILE = 65536; + Restart = "always"; + RestartSec = "5s"; + }; + }; + + # Network services (network-services slice, via per-daemon slices) + kea-dhcp4-server = { + serviceConfig = { + Slice = "kea.slice"; + Nice = -5; + LimitNOFILE = 65536; + Restart = "always"; + RestartSec = "10s"; + }; + }; + pdns-recursor = { + serviceConfig = { + Slice = "pdns.slice"; + Nice = -5; + LimitNOFILE = 65536; + Restart = "always"; + RestartSec = "10s"; + }; + }; + radvd = { + serviceConfig = { + Slice = "radvd.slice"; + Nice = -5; + Restart = "always"; + RestartSec = "10s"; + }; + }; + + # Monitoring and userland services (system.slice) + network-monitoring = { + serviceConfig = { + Slice = "system.slice"; + Nice = 0; + }; + }; + performance-test = { + serviceConfig = { + Slice = "system.slice"; + Nice = 0; + }; + }; + realtime-monitoring = { + serviceConfig = { + Slice = "system.slice"; + Nice = 0; + }; + }; + + # IRQ affinity service (system.slice - runs early) + irq-affinity = { + serviceConfig = { + Slice = "system.slice"; + Nice = -10; + }; + }; + # CPU performance service (system.slice - runs early) + cpu-performance = { + serviceConfig = { + Slice = "system.slice"; + Nice = -10; + }; + }; + }; +} + +# end + +# [das@l2:~/nixos/desktop/l2]$ systemctl list-units --type=slice +# UNIT LOAD ACTIVE SUB DESCRIPTION +# -.slice loaded active active Root Slice +# system-getty.slice loaded active active Slice /system/getty +# system-modprobe.slice loaded active active Slice /system/modprobe +# system-systemd\x2dfsck.slice loaded active active Slice /system/systemd-fsck +# system.slice loaded active active System Slice +# user-1000.slice loaded active active Slice /user/1000 +# user.slice loaded active active User and Session Slice + +# Legend: LOAD → Reflects whether the unit definition was properly loaded. +# ACTIVE → The high-level unit activation state, i.e. generalization of SUB. +# SUB → The low-level unit activation state, values depend on unit type. + +# 7 loaded units listed. Pass --all to see loaded but inactive units, too. +# To show all installed unit files use 'systemctl list-unit-files'. + +# [das@l2:~/nixos/desktop/l2]$ \ No newline at end of file From e3429e3770689b9c938936c794a81eb1a1590015 Mon Sep 17 00:00:00 2001 From: "randomizedcoder dave.seddon.ca@gmail.com" Date: Sat, 28 Jun 2025 19:02:14 -0700 Subject: [PATCH 25/25] cpu --- desktop/l/home.nix | 3 - desktop/l2/CPU_and_IRQ_optimization.md | 489 +++++++++++++++++-------- desktop/l2/configuration.nix | 5 +- desktop/l2/hostapd-multi.nix | 3 - desktop/l2/irq-affinity.nix | 94 ++++- desktop/l2/irq-slice-analysis.sh | 217 +++++++++++ desktop/l2/kernel-params.nix | 106 +++--- desktop/l2/l2_2025_06_28.svg | 316 ++++++++++++++++ desktop/l2/monitoring.nix | 8 +- desktop/l2/systemd-slices.nix | 73 +--- 10 files changed, 1017 insertions(+), 297 deletions(-) create mode 100755 desktop/l2/irq-slice-analysis.sh create mode 100644 desktop/l2/l2_2025_06_28.svg diff --git a/desktop/l/home.nix b/desktop/l/home.nix index d45c1a7..638fd40 100644 --- a/desktop/l/home.nix +++ b/desktop/l/home.nix @@ -465,9 +465,6 @@ # Filesystem/Monitoring inotify-tools - # Printing - hplip - #hplipWithPlugin # SDR gnuradio diff --git a/desktop/l2/CPU_and_IRQ_optimization.md b/desktop/l2/CPU_and_IRQ_optimization.md index fda8049..38e4aab 100644 --- a/desktop/l2/CPU_and_IRQ_optimization.md +++ b/desktop/l2/CPU_and_IRQ_optimization.md @@ -60,95 +60,149 @@ On this architecture, each physical core is split into two logical processors (S ### Phase 1: Core Isolation and Dedication -#### Network Processing Cores (Paired SMT Siblings) -**Dedicated SMT sibling pairs for critical network interrupts and processing:** -- **Network cores**: 0,12,1,13,2,14,3,15,4,16,5,17,6,18,7,19 (one or both SMT siblings per physical core) -- **Userland cores**: 8,20,9,21,10,22,11,23 -- **Services**: hostapd, nftables, network-optimization -- **Slice**: network-processing +#### Network IRQ Processing Cores (Isolated from Scheduler) +**Dedicated cores for network interrupt handling:** +- **Ethernet IRQ cores**: 0,12,1,13,2,14,3,15 (first 4 L cores) + - **IRQs**: 168-176 (enp1s0 queues 0-8) + - **Distribution**: 9 IRQs across 8 logical cores +- **WiFi IRQ cores**: 4,5,6,7 (dedicated L cores for default queues) + - **IRQs**: 4 default queues (179, 198, 214, 231) - one per L core + - **Distribution**: Each WiFi interface gets dedicated L core for default queue + all other queues + - **Strategy**: Prioritize default queues (95%+ of WiFi traffic) across separate L cores +- **Isolation**: These cores are isolated by `isolcpus` kernel parameter - **Benefits**: - - Dedicated L1/L2/L3 cache for network processing - - No competition with userland workloads on the same physical core - - Better cache locality for network data structures - -#### Network Services Cores (8-15) -**Dedicated cores for network infrastructure services:** -- **Cores 8-15**: Network services (8 logical threads) -- **Services**: DHCP (Kea), DNS (PowerDNS), IPv6 RA (radvd) -- **Slice**: network-services -- **Benefits**: - - Dedicated resources for network infrastructure - - Isolated from critical network processing - - Better performance for network services + - Dedicated cores for interrupt processing + - No competition from userland processes + - Better interrupt coalescing and latency + - Optimized WiFi default queue distribution for maximum parallelism -#### Userland Processing Cores (16-23) +#### Userland Processing Cores (8-23) **Remaining cores for system services and userland:** -- **Cores 16-23**: Userland processes, monitoring, system services -- **Slice**: userland-processing +- **Cores 8,20,9,21,10,22,11,23**: Userland processes, system services +- **Services**: hostapd, DHCP (Kea), DNS (PowerDNS), IPv6 RA (radvd) +- **Slice**: system.slice and network-services.slice - **Benefits**: - Isolated from network interrupt processing - - Dedicated resources for monitoring and system services - - Better performance for non-network workloads + - Dedicated resources for network services + - Better performance for non-interrupt workloads ### Phase 2: IRQ Affinity Optimization -#### Ethernet and WiFi Interfaces +#### WiFi Default Queue Optimization Strategy + +**Analysis of WiFi Interrupt Distribution:** +Based on `/proc/interrupts` analysis, WiFi interfaces show a clear pattern: +- **Default queues** (IRQs 179, 198, 214, 231): 23K-25K interrupts each - these are the critical path +- **Data queues** (IRQs 181-194, 199-212, 215-228, 232-245): 0-10 interrupts each - minimal load +- **Exception queues** (IRQs 195, 213, 229, 246): 1K-1.2K interrupts each - moderate load + +**Strategy: Prioritize Default Queues** +Since the default queues handle the vast majority of WiFi traffic (95%+ of interrupts), we optimize by: +1. **Distribute 4 default queues across 4 different L cores** (4,5,6,7) for maximum parallelism +2. **Group remaining queues** from each interface on the same core as their default queue +3. **Exception queues** follow their respective default queue + +**Rationale:** +- Default queues are the primary data path for WiFi packets +- Distributing them across separate L cores eliminates contention +- Each WiFi interface gets dedicated L core resources +- Better cache locality and reduced cross-core interference + +#### Dynamic IRQ Detection and Distribution +The IRQ affinity script dynamically detects network interfaces and distributes IRQs: + ```bash -# Distribute IRQs across paired SMT siblings for network processing -# Example: 0,12,1,13,2,14,3,15,4,16,5,17,6,18,7,19 -network_cores=(0 12 1 13 2 14 3 15 4 16 5 17 6 18 7 19) -irq_index=0 -for irq in $(grep -E '(enp|wlp)' /proc/interrupts | awk '{print $1}' | sed 's/://'); do - cpu=${network_cores[$((irq_index % ${#network_cores[@]}))]} - echo $cpu > /proc/irq/$irq/smp_affinity_list - irq_index=$((irq_index + 1)) +# Ethernet interfaces - distribute across first 4 L cores (0,12,1,13,2,14,3,15) +for interface in $(ip link show | grep -E "enp|eth" | awk -F: '{print $2}' | tr -d ' '); do + for irq in $(grep $interface /proc/interrupts | awk '{print $1}' | sed 's/://'); do + cpu=$((irq % 8)) # Distribute across cores 0-7 + echo $cpu > /proc/irq/$irq/smp_affinity_list + done +done + +# WiFi interfaces - optimize default queues across L cores 4,5,6,7 +wifi_count=0 +for interface in $(iw dev | grep Interface | awk '{print $2}'); do + # Assign each WiFi interface to a dedicated L core (4,5,6,7) + case $wifi_count in + 0) default_core=4 ;; # First WiFi interface -> L core 4 + 1) default_core=5 ;; # Second WiFi interface -> L core 5 + 2) default_core=6 ;; # Third WiFi interface -> L core 6 + 3) default_core=7 ;; # Fourth WiFi interface -> L core 7 + esac + + # Set default queue to dedicated L core + default_irq=$(grep "$interface.*default_queue" /proc/interrupts | awk '{print $1}' | sed 's/://') + if [ -n "$default_irq" ]; then + echo $default_core > /proc/irq/$default_irq/smp_affinity_list + fi + + # Set all other queues (1-14, exception) to same core as default queue + for irq in $(grep "$interface" /proc/interrupts | grep -v "default_queue" | awk '{print $1}' | sed 's/://'); do + echo $default_core > /proc/irq/$irq/smp_affinity_list + done + + wifi_count=$((wifi_count + 1)) done ``` ### Phase 3: Systemd Slice Configuration -#### Network Processing Slice +#### Network Services Slice ```nix systemd.slices = { - network-processing = { - description = "Critical network processing (hostapd, nftables)"; + network-services = { + description = "Network services (DHCP, DNS, RA, hostapd)"; sliceConfig = { - CPUAffinity = "0,12,1,13,2,14,3,15,4,16,5,17,6,18,7,19"; # Paired SMT siblings - Nice = -10; - IOSchedulingClass = 1; - IOSchedulingPriority = 4; - MemoryHigh = "8G"; - MemoryMax = "16G"; + CPUAffinity = "8,20,9,21,10,22,11,23"; # Userland cores only + Nice = -5; + MemoryHigh = "4G"; + MemoryMax = "8G"; }; }; }; ``` -#### Network Services Slice +#### System Slice ```nix systemd.slices = { - network-services = { - description = "Network services (DHCP, DNS, RA)"; + system = { + description = "System and userland services"; sliceConfig = { - CPUAffinity = "8-15"; # Dedicated network services cores - Nice = -5; # High priority - MemoryHigh = "4G"; # Limit memory usage (3% of 128GB) - MemoryMax = "8G"; # Hard memory limit (6% of 128GB) + CPUAffinity = "8,20,9,21,10,22,11,23"; # Userland cores only + Nice = 0; + MemoryHigh = "32G"; + MemoryMax = "64G"; }; }; }; ``` -#### Userland Processing Slice +#### Per-Daemon Slices (Inherit from Main Slices) ```nix systemd.slices = { - userland-processing = { - description = "Userland processing (monitoring, system services)"; + kea = { + description = "KEA DHCP server slice"; sliceConfig = { - CPUAffinity = "8,20,9,21,10,22,11,23"; # Remaining SMT siblings - Nice = 0; - MemoryHigh = "32G"; - MemoryMax = "64G"; + Slice = "network-services.slice"; + }; + }; + pdns = { + description = "PowerDNS Recursor slice"; + sliceConfig = { + Slice = "network-services.slice"; + }; + }; + radvd = { + description = "radvd IPv6 RA slice"; + sliceConfig = { + Slice = "network-services.slice"; + }; + }; + hostapd = { + description = "hostapd WiFi access point slice"; + sliceConfig = { + Slice = "network-services.slice"; }; }; }; @@ -160,11 +214,27 @@ systemd.slices = { ```bash # Boot parameters (set in boot.kernelParams) # Isolate both SMT siblings of each physical core used for network processing -isolcpus=0,12,1,13,2,14,3,15,4,16,5,17,6,18,7,19 -nohz_full=0,12,1,13,2,14,3,15,4,16,5,17,6,18,7,19 -rcu_nocbs=0,12,1,13,2,14,3,15,4,16,5,17,6,18,7,19 +# Ethernet cores: 0,12,1,13,2,14,3,15 (first 4 L cores) +# WiFi cores: 4,5,6,7 (dedicated L cores for default queues) +isolcpus=0,12,1,13,2,14,3,15,4,5,6,7 +nohz_full=0,12,1,13,2,14,3,15,4,5,6,7 +rcu_nocbs=0,12,1,13,2,14,3,15,4,5,6,7 ``` +**Parameter Explanations:** + +- **`isolcpus`**: Isolates specified CPUs from the Linux scheduler. These cores will not run any userland processes, only kernel threads and IRQs. This prevents userland processes from interfering with network interrupt processing. + +- **`nohz_full`**: Disables the tick (timer interrupt) on specified CPUs when they have only one runnable task. This eliminates periodic timer interrupts that can cause jitter and latency spikes in network processing. Critical for achieving consistent low-latency network performance. + +- **`rcu_nocbs`**: Disables RCU (Read-Copy Update) callback processing on specified CPUs. RCU is a synchronization mechanism that can cause periodic CPU wakeups and cache line bouncing. By disabling it on network cores, we eliminate this source of interference and improve cache locality for network data structures. + +**Performance Benefits:** +- **Reduced Latency**: Eliminates timer and RCU interrupts that cause jitter +- **Better Cache Locality**: Prevents cache pollution from RCU callbacks +- **Consistent Performance**: Isolated cores provide predictable network processing +- **Lower CPU Overhead**: Network cores focus exclusively on interrupt handling + #### Network Stack Optimization (Sysctl) > **Note:** Network stack tunables such as `net.core.netdev_budget`, `net.core.netdev_budget_usecs`, and similar should be set via sysctl (NixOS: `boot.kernel.sysctl` or sysctl.nix), **not** as kernel boot parameters. These are runtime tunables and are not recognized as boot parameters. @@ -219,54 +289,45 @@ systemd.services.irq-affinity = { ### Step 2: CPU Affinity for Network Services ```nix systemd.services = { - # Critical network processing (network-processing slice) + # Network services (network-services slice, via per-daemon slices) hostapd = { serviceConfig = { - Slice = "network-processing"; - CPUAffinity = "0,12,1,13,2,14,3,15,4,16,5,17,6,18,7,19"; + Slice = "hostapd.slice"; Nice = -10; + IOSchedulingClass = 1; # Real-time I/O + IOSchedulingPriority = 4; + LimitNOFILE = 65536; + Restart = "always"; + RestartSec = "5s"; }; }; - nftables = { - serviceConfig = { - Slice = "network-processing"; - CPUAffinity = "0,12,1,13,2,14,3,15,4,16,5,17,6,18,7,19"; - Nice = -5; - }; - }; - - # Network services (network-services slice) kea-dhcp4-server = { serviceConfig = { - Slice = "network-services"; - CPUAffinity = "8-15"; + Slice = "kea.slice"; Nice = -5; + LimitNOFILE = 65536; + Restart = "always"; + RestartSec = "10s"; }; }; pdns-recursor = { serviceConfig = { - Slice = "network-services"; - CPUAffinity = "8-15"; + Slice = "pdns.slice"; Nice = -5; + LimitNOFILE = 65536; + Restart = "always"; + RestartSec = "10s"; }; }; radvd = { serviceConfig = { - Slice = "network-services"; - CPUAffinity = "8-15"; + Slice = "radvd.slice"; Nice = -5; - }; - }; - - # Monitoring services (userland-processing slice) - network-monitoring = { - serviceConfig = { - Slice = "userland-processing"; - CPUAffinity = "8,20,9,21,10,22,11,23"; - Nice = 0; + Restart = "always"; + RestartSec = "10s"; }; }; }; @@ -275,9 +336,9 @@ systemd.services = { ### Step 3: Kernel Boot Parameters ```nix boot.kernelParams = [ - "isolcpus=0,12,1,13,2,14,3,15,4,16,5,17,6,18,7,19" - "nohz_full=0,12,1,13,2,14,3,15,4,16,5,17,6,18,7,19" - "rcu_nocbs=0,12,1,13,2,14,3,15,4,16,5,17,6,18,7,19" + "isolcpus=0,12,1,13,2,14,3,15,4,5,6,7" + "nohz_full=0,12,1,13,2,14,3,15,4,5,6,7" + "rcu_nocbs=0,12,1,13,2,14,3,15,4,5,6,7" ]; ``` @@ -325,7 +386,7 @@ mpstat -P ALL 1 ### Slice Status Monitoring ```bash # Check slice status and resource usage -systemctl status network-processing.slice network-services.slice userland-processing.slice +systemctl status network-services.slice system.slice ``` ### Network Performance Testing @@ -367,13 +428,10 @@ Systemd slice definitions with CPU affinity, resource limits, and service assign ### 3. `kernel-params.nix` Kernel boot parameters for optimization (complements existing boot config in configuration.nix) -### 4. `monitoring.nix` -Performance monitoring and logging configuration - -### 5. `sysctl.nix` +### 4. `sysctl.nix` Runtime kernel network parameters -### 6. `systemPackages.nix` +### 5. `systemPackages.nix` Network testing tools: iperf2, flent, netperf, ethtool, sysstat, htop, iftop, nethogs, nload, speedtest-cli, mtr, traceroute, nmap, wireshark, tshark, perf-tools, perf ## System Architecture @@ -381,28 +439,32 @@ Network testing tools: iperf2, flent, netperf, ethtool, sysstat, htop, iftop, ne ``` Internet (enp1s0) ↓ -[NAT/Firewall] ← nftables with connection tracking (cores 0-7, network-processing slice) +[NAT/Firewall] ← nftables with connection tracking (isolated network cores 0-7) ↓ [Bridge (br0)] ← 192.168.1.1/24, fd00::1/64 ↓ -[WiFi Clients] ← 4x WiFi interfaces with hostapd 2.10 (cores 0-7, network-processing slice) +[WiFi Clients] ← 4x WiFi interfaces with hostapd 2.10 (network-services slice, userland cores) ↓ -[Network Services] ← DHCP, DNS, RA (cores 8-15, network-services slice) +[Network Services] ← DHCP, DNS, RA (network-services slice, userland cores) ↓ -[Userland Services] ← Monitoring, system services (cores 16-23, userland-processing slice) +[System Services] ← System services (system.slice, userland cores) + +Core Allocation: +- Ethernet IRQs: cores 0,12,1,13,2,14,3,15 (first 4 L cores) +- WiFi IRQs: cores 4,5,6,7 (dedicated L cores for default queues) +- Services: cores 8,20,9,21,10,22,11,23 (userland cores) ``` ## Services Overview | Service | Purpose | Slice | Slice CPU Affinity | Priority | |--------------|------------------------|-------------------------|-------------------------------------|----------| -| hostapd | WiFi access point | network-processing.slice| 0,12,1,13,2,14,3,15,4,16,5,17,6,18,7,19 | -10 (RT) | +| hostapd | WiFi access point | hostapd.slice (child of network-services.slice) | 8,20,9,21,10,22,11,23 | -10 (RT) | | Kea | DHCP server | kea.slice (child of network-services.slice) | 8,20,9,21,10,22,11,23 | -5 | | PowerDNS | DNS resolver | pdns.slice (child of network-services.slice)| 8,20,9,21,10,22,11,23 | -5 | | radvd | IPv6 RA | radvd.slice (child of network-services.slice)| 8,20,9,21,10,22,11,23 | -5 | -| Monitoring | Performance tracking | system.slice | 8,20,9,21,10,22,11,23 | 0 | -**Note:** All services inherit CPU affinity and resource limits from their assigned slice. Only the three main parent slices need explicit CPU affinity settings. Kernel-level components like nftables and CAKE (QoS) are not managed by systemd slices; their performance is influenced by CPU isolation, IRQ affinity, and kernel boot parameters, not by systemd. +**Note:** All services inherit CPU affinity and resource limits from their assigned slice. Only the two main parent slices (network-services and system) need explicit CPU affinity settings. **Network cores (0,12,1,13,2,14,3,15,4,5,6,7) are isolated by `isolcpus` and can only be used for IRQ affinity, not for systemd slice CPU affinity.** Kernel-level components like nftables and CAKE (QoS) are not managed by systemd slices; their performance is influenced by CPU isolation, IRQ affinity, and kernel boot parameters, not by systemd. ## Integration with Existing Configuration @@ -456,6 +518,23 @@ lscpu - NUMA node configuration - Cache sizes (L1, L2, L3) +**CPU Layout Visualization:** +For a visual representation of the CPU topology, use: +```bash +hwloc-ls l2_2025_06_28.svg +``` + +This generates an SVG file showing the complete CPU layout, including: +- Physical core distribution +- SMT thread pairing +- NUMA node boundaries +- Cache hierarchy +- PCIe topology + +The generated `l2_2025_06_28.svg` file provides a detailed visual map of the system's CPU architecture, which is invaluable for understanding core relationships and optimizing IRQ affinity assignments. + +![CPU Layout Diagram](l2_2025_06_28.svg) + #### Memory Information ```bash # Get memory details @@ -589,17 +668,13 @@ userland_cores="8,20,9,21,10,22,11,23" # Calculate memory limits based on total system memory total_memory_gb=$(($(grep MemTotal /proc/meminfo | awk '{print $2}') / 1024 / 1024)) -# Network processing slice: 6-12% of total memory -network_processing_memory_high=$((total_memory_gb * 6 / 100)) -network_processing_memory_max=$((total_memory_gb * 12 / 100)) - # Network services slice: 3-6% of total memory network_services_memory_high=$((total_memory_gb * 3 / 100)) network_services_memory_max=$((total_memory_gb * 6 / 100)) -# Userland processing slice: 25-50% of total memory -userland_memory_high=$((total_memory_gb * 25 / 100)) -userland_memory_max=$((total_memory_gb * 50 / 100)) +# System slice: 25-50% of total memory +system_memory_high=$((total_memory_gb * 25 / 100)) +system_memory_max=$((total_memory_gb * 50 / 100)) ``` ### Step 6: IRQ Affinity Script Generation @@ -682,15 +757,22 @@ total_memory_gb=$(($(grep MemTotal /proc/meminfo | awk '{print $2}') / 1024 / 10 network_cores_count=$((physical_cores / 2)) echo "systemd.slices = {" -echo " network-processing = {" -echo " description = \"Critical network processing\";" +echo " network-services = {" +echo " description = \"Network services (DHCP, DNS, RA, hostapd)\";" echo " sliceConfig = {" -echo " CPUAffinity = \"0-$((network_cores_count * 2 - 1))\";" -echo " MemoryHigh = \"${network_processing_memory_high}G\";" -echo " MemoryMax = \"${network_processing_memory_max}G\";" +echo " CPUAffinity = \"8,20,9,21,10,22,11,23\"; # Userland cores only" +echo " MemoryHigh = \"${network_services_memory_high}G\";" +echo " MemoryMax = \"${network_services_memory_max}G\";" +echo " };" +echo " };" +echo " system = {" +echo " description = \"System and userland services\";" +echo " sliceConfig = {" +echo " CPUAffinity = \"8,20,9,21,10,22,11,23\"; # Userland cores only" +echo " MemoryHigh = \"${system_memory_high}G\";" +echo " MemoryMax = \"${system_memory_max}G\";" echo " };" echo " };" -echo " # ... additional slices" echo "};" ``` @@ -720,7 +802,7 @@ cat /proc/cmdline | grep isolcpus # Verify slice configuration echo "Verifying slice configuration..." -systemctl status network-processing.slice network-services.slice userland-processing.slice +systemctl status network-services.slice system.slice # Performance testing iperf -s & @@ -754,7 +836,7 @@ $(ip link show | grep -E "enp|eth|wlp" | awk '{print " - " $2}') ## Optimization Strategy - **Network Cores**: 0-$((network_cores_count * 2 - 1)) - **Userland Cores**: $((network_cores_count * 2))-$((nproc - 1)) -- **Memory Limits**: Network=${network_processing_memory_high}G/${network_processing_memory_max}G, Services=${network_services_memory_high}G/${network_services_memory_max}G +- **Memory Limits**: Services=${network_services_memory_high}G/${network_services_memory_max}G, System=${system_memory_high}G/${system_memory_max}G ## Configuration Files - Modified: kernel-params.nix, irq-affinity.nix, sysctl.nix @@ -772,8 +854,8 @@ This assessment guide provides a systematic approach to adapting the CPU/IRQ opt This optimization strategy provides: - **Dedicated network processing cores** (0-7) for maximum performance -- **Dedicated network services cores** (8-15) for infrastructure services -- **Isolated userland processing** (16-23) for system stability +- **Dedicated network services cores** (8-23) for infrastructure services +- **Isolated userland processing** (8-23) for system stability - **Optimized IRQ distribution** across dedicated cores - **Slice-based resource management** with memory limits optimized for 128GB RAM - **NUMA-aware memory allocation** for better locality @@ -791,44 +873,34 @@ To achieve the highest level of resource isolation, monitoring, and control, thi - Apply fine-grained policies and priorities - Optionally group related slices under a parent slice for aggregate monitoring -### Three Main Parent Slices with CPU Affinity +### Two Main Parent Slices with CPU Affinity -The configuration defines three main parent slices, each with its own CPU affinity and resource limits: -- **network-processing.slice**: For critical network processing (hostapd, nftables, etc.) -- **network-services.slice**: For network infrastructure services (Kea, PowerDNS, radvd, etc.) +The configuration defines two main parent slices, each with its own CPU affinity and resource limits: +- **network-services.slice**: For network infrastructure services (hostapd, Kea, PowerDNS, radvd, etc.) - **system.slice**: For userland/system services -**CPU affinity and resource limits are set only on these three main slices.** +**CPU affinity and resource limits are set only on these two main slices.** ### Per-Daemon Subordinate Slices Inherit from Main Slices -Each major daemon gets its own subordinate slice (e.g., `kea.slice`, `pdns.slice`, `radvd.slice`), which is attached as a child to the appropriate main slice. The per-daemon slices inherit CPU affinity and other limits from their parent, so you only need to set these on the main slices. +Each major daemon gets its own subordinate slice (e.g., `kea.slice`, `pdns.slice`, `radvd.slice`, `hostapd.slice`), which is attached as a child to the appropriate main slice. The per-daemon slices inherit CPU affinity and other limits from their parent, so you only need to set these on the main slices. #### Example NixOS Configuration ```nix -# Main parent slices with CPU affinity -systemd.slices.network-processing = { - description = "Critical network processing"; - sliceConfig = { - CPUAffinity = "0,12,1,13,2,14,3,15,4,16,5,17,6,18,7,19"; - MemoryHigh = "8G"; - MemoryMax = "16G"; - }; -}; +# Main parent slices with CPU affinity (userland cores only) systemd.slices.network-services = { - description = "Network infrastructure services"; + description = "Network services (DHCP, DNS, RA, hostapd)"; sliceConfig = { - CPUAffinity = "8,20,9,21,10,22,11,23"; + CPUAffinity = "8,20,9,21,10,22,11,23"; # Userland cores only MemoryHigh = "4G"; MemoryMax = "8G"; }; }; -# Use the existing system.slice for userland/system services systemd.slices.system = { description = "System and userland services"; sliceConfig = { - CPUAffinity = "8,20,9,21,10,22,11,23"; + CPUAffinity = "8,20,9,21,10,22,11,23"; # Userland cores only MemoryHigh = "32G"; MemoryMax = "64G"; }; @@ -841,29 +913,126 @@ systemd.slices.kea = { Slice = "network-services.slice"; }; }; -systemd.slices.pdns = { - description = "PowerDNS Recursor slice"; - sliceConfig = { - Slice = "network-services.slice"; - }; -}; -systemd.slices.radvd = { - description = "radvd IPv6 RA slice"; - sliceConfig = { - Slice = "network-services.slice"; - }; -}; +``` + +**Note:** Network cores (0,12,1,13,2,14,3,15,4,5,6,7) are isolated by `isolcpus` and can only be used for IRQ affinity, not for systemd slice CPU affinity. All services run on userland cores (8,20,9,21,10,22,11,23) to ensure they can be scheduled by the kernel. + +## Recent Discoveries and Configuration Refinements + +### WiFi IRQ Detection and Assignment Issues + +During implementation and testing, we discovered several important issues with the initial WiFi IRQ affinity approach: + +#### Issue 1: WiFi IRQs Organized by PCI Device, Not Interface Name +**Discovery:** WiFi IRQs are organized by PCI device identifier (e.g., `0000:61:00.0`, `0000:41:00.0`) rather than by interface name (e.g., `wlp35s0`, `wlp66s0`). The original script attempted to match IRQs by interface name, which failed because: +- Multiple IRQs per interface are grouped under the same PCI device +- Interface names don't directly map to IRQ entries in `/proc/interrupts` +- The `iwlwifi:default_queue` pattern is the correct identifier -# Assign each service to its per-daemon slice -systemd.services.kea-dhcp4-server.serviceConfig.Slice = "kea.slice"; -systemd.services.pdns-recursor.serviceConfig.Slice = "pdns.slice"; -systemd.services.radvd.serviceConfig.Slice = "radvd.slice"; +**Solution:** Updated the IRQ affinity script to: +1. **Detect WiFi default queues by PCI device**: `cat /proc/interrupts | grep "iwlwifi:default_queue"` +2. **Assign each PCI device to a dedicated L core**: 4 default queues across L cores 4,5,6,7 +3. **Group all queues from the same PCI device** on the same core as their default queue + +#### Issue 2: Systemd Slice Configuration Syntax Errors +**Discovery:** The `Nice` property is not valid in systemd slice configuration. Attempting to set `Nice` in the `[Slice]` section causes systemd to ignore the entire slice configuration. + +**Solution:** Removed the invalid `Nice` property from slice configurations. Nice values are set at the service level instead: +```nix +systemd.services.hostapd.serviceConfig.Nice = -10; +systemd.services.kea-dhcp4-server.serviceConfig.Nice = -5; +``` + +#### Issue 3: WiFi IRQ Distribution Not Following Expected Pattern +**Discovery:** Initial testing showed WiFi IRQs distributed across cores 1, 10, 12, 3, 4, 5, 8 instead of the expected L cores 4,5,6,7. This indicated the IRQ affinity script was not working correctly. + +**Root Cause:** The script was trying to match IRQs by interface name instead of PCI device, and the WiFi IRQ detection logic was flawed. + +**Solution:** Completely rewrote the WiFi IRQ detection and assignment logic to work with PCI devices and properly distribute the 4 default queues across L cores 4,5,6,7. + +### IRQ and Slice Analysis Script + +To monitor and verify the optimization configuration, we created a comprehensive analysis script: `irq-slice-analysis.sh` + +#### Purpose +The script provides a concise runtime analysis of: +- Kernel command line parameters (CPU isolation, NoHz, RCU settings) +- Ethernet IRQ L core distribution +- WiFi IRQ L core distribution with validation against expected cores +- Systemd slice CPU affinity and status +- Service status and slice assignments +- IRQ affinity service status + +#### Key Features +- **Concise output**: Focuses on essential information in a compact format +- **L core mapping**: Converts logical CPU numbers to physical L core numbers +- **Status indicators**: Color-coded status messages (✓, ⚠, ✗, ℹ) +- **Validation**: Checks if WiFi IRQs are using expected L cores 4,5,6,7 +- **Service monitoring**: Shows active services with their slice assignments and nice values + +#### Usage +```bash +# Run the analysis script +./irq-slice-analysis.sh + +# Example output: +=== L2 WiFi Access Point - IRQ and Slice Analysis === +ℹ Isolated cores: 0,12,1,13,2,14,3,15,4,16,5,17,6,18,7,19 + +=== Ethernet IRQ L Cores === +enp1s0 IRQs using L cores: 11 12 3 4 5 6 7 9 + +=== WiFi IRQ L Cores === +iwlwifi IRQs using L cores: 1 10 12 3 4 5 8 +✓ L core 4: used +✓ L core 5: used +⚠ L core 6: not used +⚠ L core 7: not used + +=== Systemd Slice L Cores === +network-services.slice: L cores 8 9 10 11 +system.slice: L cores 8 9 10 11 +kea.slice: inherits from parent +pdns.slice: inherits from parent +radvd.slice: inherits from parent +hostapd.slice: inherits from parent + +=== Service Status === +✓ hostapd: active (slice: hostapd.slice, nice: -10) +✓ kea-dhcp4-server: active (slice: kea.slice, nice: -5) +✓ pdns-recursor: active (slice: pdns.slice, nice: -5) +✓ radvd: active (slice: radvd.slice, nice: -5) + +✓ IRQ affinity service: active ``` -### Benefits -- **Simplicity**: Only set CPU affinity and main limits on three main slices -- **Visibility**: Each daemon is tracked and controlled independently -- **Hierarchy**: Per-daemon slices inherit from main slices, keeping configuration clear and maintainable -- **Flexibility**: You can still override or add limits on a per-daemon basis if needed +#### Design Decisions Captured +1. **WiFi IRQ Detection**: Use PCI device-based detection instead of interface name matching +2. **Default Queue Prioritization**: Focus on distributing 4 default queues across L cores 4,5,6,7 +3. **Systemd Slice Syntax**: Remove invalid `Nice` property from slice configurations +4. **Analysis Script**: Provide concise, actionable output for monitoring optimization status +5. **L Core Mapping**: Convert logical CPU numbers to physical core numbers for clarity -This hierarchical slice design is recommended for maximum clarity, control, and monitoring in high-performance NixOS network systems. \ No newline at end of file +These discoveries and refinements ensure the optimization configuration works correctly across different hardware configurations and provides reliable monitoring capabilities for ongoing performance validation. + +## Global CPU Affinity for Systemd Services (NixOS) + +To ensure all userland/systemd services run only on the designated userland cores, we use the following NixOS options: + +```nix +systemd.extraConfig = "CPUAffinity=8,20,9,21,10,22,11,23"; +systemd.user.extraConfig = "CPUAffinity=8,20,9,21,10,22,11,23"; +``` + +This sets the default CPU affinity for all systemd-managed services and user services to the userland cores. This is written to `/etc/systemd/system.conf` and `/etc/systemd/user.conf` respectively. Individual services can still override this if needed, but by default, all systemd services will be restricted to these cores. + +> **Note:** There is no global `Nice` setting in systemd. Nice values must be set per-service using the `Nice` property in the service's `serviceConfig` block. + + +## cpu layout + +To see the cpu layout + +``` +hwloc-ls l2_2025_06_28.svg + ``` \ No newline at end of file diff --git a/desktop/l2/configuration.nix b/desktop/l2/configuration.nix index 4822628..bb4ab57 100644 --- a/desktop/l2/configuration.nix +++ b/desktop/l2/configuration.nix @@ -43,7 +43,7 @@ ./irq-affinity.nix ./systemd-slices.nix ./kernel-params.nix - ./monitoring.nix + #./monitoring.nix ]; boot = { @@ -181,6 +181,9 @@ system.stateVersion = "24.11"; + systemd.extraConfig = "CPUAffinity=8,20,9,21,10,22,11,23"; + systemd.user.extraConfig = "CPUAffinity=8,20,9,21,10,22,11,23"; + } # end \ No newline at end of file diff --git a/desktop/l2/hostapd-multi.nix b/desktop/l2/hostapd-multi.nix index b963c94..7eea848 100644 --- a/desktop/l2/hostapd-multi.nix +++ b/desktop/l2/hostapd-multi.nix @@ -127,7 +127,6 @@ in { } ]; }; - serviceConfig.Slice = "kea.slice"; }; }; # services.prometheus.exporters.kea = { @@ -149,7 +148,6 @@ in { serve_rfc1918 = true; }; }; - serviceConfig.Slice = "pdns.slice"; }; # IPv6 SLAAC via radvd @@ -168,7 +166,6 @@ in { }; }; ''; - serviceConfig.Slice = "radvd.slice"; }; # https://nixos.wiki/wiki/Systemd-networkd diff --git a/desktop/l2/irq-affinity.nix b/desktop/l2/irq-affinity.nix index 8a33ba7..098c82b 100644 --- a/desktop/l2/irq-affinity.nix +++ b/desktop/l2/irq-affinity.nix @@ -5,32 +5,96 @@ let # Network core assignments (cache-aware, paired SMT siblings) - networkCores = "0,12,1,13,2,14,3,15,4,16,5,17,6,18,7,19"; # Dedicated network processing cores + # Ethernet IRQs: cores 0,12,1,13,2,14,3,15 (first 4 L cores) + # WiFi IRQs: cores 4,5,6,7 (dedicated L cores for default queues) + # Userland: cores 8,20,9,21,10,22,11,23 (remaining 4 L cores) + ethernetCores = "0,12,1,13,2,14,3,15"; # Ethernet IRQ cores + wifiCores = "4,5,6,7"; # WiFi default queue cores (L cores) + userlandCores = "8,20,9,21,10,22,11,23"; # Userland cores - # IRQ affinity script (distribute across paired SMT siblings) + # IRQ affinity script (optimize WiFi default queues across dedicated L cores) irqAffinityScript = pkgs.writeShellScript "irq-affinity" '' #!/bin/bash set -euo pipefail - echo "Setting IRQ affinity for network optimization (cache-aware, paired SMT siblings)..." + echo "Setting IRQ affinity for network optimization..." - # List of network cores (paired SMT siblings) - network_cores=(0 12 1 13 2 14 3 15 4 16 5 17 6 18 7 19) + # Ethernet cores (first 4 L cores) + ethernet_cores="0 12 1 13 2 14 3 15" + # WiFi default queue cores (L cores 4,5,6,7) + wifi_default_cores="4 5 6 7" + + # Distribute Ethernet IRQs across ethernet cores + echo "Distributing Ethernet IRQs across cores: ${ethernetCores}" irq_index=0 - for irq in $(grep -E '(enp|wlp)' /proc/interrupts | awk '{print $1}' | sed 's/://'); do - cpu=${network_cores[$((irq_index % ${#network_cores[@]}))]} - if [[ -e "/proc/irq/$irq/smp_affinity_list" ]]; then - echo "$cpu" > "/proc/irq/$irq/smp_affinity_list" - echo "IRQ $irq -> CPU $cpu" - else - echo "Warning: IRQ $irq not found" - fi - irq_index=$((irq_index + 1)) + for interface in $(${pkgs.iproute2}/bin/ip link show | ${pkgs.gnugrep}/bin/grep -E "enp|eth" | ${pkgs.gawk}/bin/awk -F: '{print $2}' | ${pkgs.gnused}/bin/sed 's/ //g'); do + for irq in $(${pkgs.gnugrep}/bin/grep "$interface" /proc/interrupts | ${pkgs.gawk}/bin/awk '{print $1}' | ${pkgs.gnused}/bin/sed 's/://'); do + cpu_index=$((irq_index % 8)) + # Convert index to actual CPU number + case $cpu_index in + 0) cpu=0 ;; + 1) cpu=12 ;; + 2) cpu=1 ;; + 3) cpu=13 ;; + 4) cpu=2 ;; + 5) cpu=14 ;; + 6) cpu=3 ;; + 7) cpu=15 ;; + esac + if [[ -e "/proc/irq/$irq/smp_affinity_list" ]]; then + echo "$cpu" > "/proc/irq/$irq/smp_affinity_list" + echo "Ethernet IRQ $irq ($interface) -> CPU $cpu" + else + echo "Warning: Ethernet IRQ $irq not found" + fi + irq_index=$((irq_index + 1)) + done done + # Optimize WiFi default queues across dedicated L cores + echo "Optimizing WiFi default queues across cores: ${wifiCores}" + + # Get all WiFi default queue IRQs by PCI device + wifi_default_irqs=$(cat /proc/interrupts | ${pkgs.gnugrep}/bin/grep "iwlwifi:default_queue" | ${pkgs.gawk}/bin/awk '{print $1}' | ${pkgs.gnused}/bin/sed 's/://') + + if [ -n "$wifi_default_irqs" ]; then + wifi_count=0 + for irq in $wifi_default_irqs; do + # Assign each WiFi default queue to a dedicated L core (4,5,6,7) + case $wifi_count in + 0) default_core=4 ;; # First WiFi device -> L core 4 + 1) default_core=5 ;; # Second WiFi device -> L core 5 + 2) default_core=6 ;; # Third WiFi device -> L core 6 + 3) default_core=7 ;; # Fourth WiFi device -> L core 7 + esac + + if [[ -e "/proc/irq/$irq/smp_affinity_list" ]]; then + echo "$default_core" > "/proc/irq/$irq/smp_affinity_list" + echo "WiFi default queue IRQ $irq -> CPU $default_core" + else + echo "Warning: WiFi default queue IRQ $irq not found" + fi + + # Set all other queues for this WiFi device to same core as default queue + pci_device=$(${pkgs.gnugrep}/bin/grep "^ *$irq:" /proc/interrupts | ${pkgs.gnugrep}/bin/grep -o "0000:[0-9a-f:]*") + if [ -n "$pci_device" ]; then + for queue_irq in $(cat /proc/interrupts | ${pkgs.gnugrep}/bin/grep "$pci_device" | ${pkgs.gnugrep}/bin/grep -v "default_queue" | ${pkgs.gawk}/bin/awk '{print $1}' | ${pkgs.gnused}/bin/sed 's/://'); do + if [[ -e "/proc/irq/$queue_irq/smp_affinity_list" ]]; then + echo "$default_core" > "/proc/irq/$queue_irq/smp_affinity_list" + echo " Queue IRQ $queue_irq -> CPU $default_core" + fi + done + fi + + wifi_count=$((wifi_count + 1)) + done + else + echo "Warning: No WiFi default queue IRQs found" + fi + echo "IRQ affinity configuration complete" echo "Current IRQ distribution:" - cat /proc/interrupts | grep -E "(enp|wlp)" | head -20 + cat /proc/interrupts | ${pkgs.gnugrep}/bin/grep -E "(enp|iwlwifi)" || true ''; in { diff --git a/desktop/l2/irq-slice-analysis.sh b/desktop/l2/irq-slice-analysis.sh new file mode 100755 index 0000000..16573da --- /dev/null +++ b/desktop/l2/irq-slice-analysis.sh @@ -0,0 +1,217 @@ +#!/bin/bash + +# IRQ and Slice Analysis Script for L2 WiFi Access Point +# Analyzes runtime state of IRQ distribution and systemd slice CPU affinity + +set -euo pipefail + +echo "=== L2 WiFi Access Point - IRQ and Slice Analysis ===" +echo "Generated: $(date)" +echo "" + +# Color codes for output +RED='\033[0;31m' +GREEN='\033[0;32m' +YELLOW='\033[1;33m' +BLUE='\033[0;34m' +NC='\033[0m' # No Color + +# Function to print colored output +print_status() { + local status=$1 + local message=$2 + case $status in + "OK") echo -e "${GREEN}✓${NC} $message" ;; + "WARN") echo -e "${YELLOW}⚠${NC} $message" ;; + "ERROR") echo -e "${RED}✗${NC} $message" ;; + "INFO") echo -e "${BLUE}ℹ${NC} $message" ;; + esac +} + +# Check kernel parameters +cmdline=$(cat /proc/cmdline) +isolcpus=$(echo "$cmdline" | grep -o "isolcpus=[^ ]*" | cut -d= -f2 || echo "NOT SET") +print_status "INFO" "Isolated cores: $isolcpus" + +# Ethernet IRQ L core distribution +echo "" +echo "=== Ethernet IRQ L Cores ===" +enp1s0_irqs=$(cat /proc/interrupts | grep "enp1s0" | awk '{print $1}' | sed 's/://') +if [ -n "$enp1s0_irqs" ]; then + l_cores="" + for irq in $enp1s0_irqs; do + cpu_dist=$(grep "^ *$irq:" /proc/interrupts | awk '{for(i=2; i<=25; i++) if($i>0) printf "%d ", i-1}') + for cpu in $cpu_dist; do + if [ "$cpu" -lt 12 ]; then + l_core=$cpu + else + l_core=$((cpu - 12)) + fi + l_cores="$l_cores $l_core" + done + done + l_cores=$(echo $l_cores | tr ' ' '\n' | sort -u | tr '\n' ' ') + echo "enp1s0 IRQs using L cores: $l_cores" +else + print_status "WARN" "No enp1s0 IRQs found" +fi + +# WiFi IRQ L core distribution +echo "" +echo "=== WiFi IRQ L Cores ===" +iwlwifi_irqs=$(cat /proc/interrupts | grep "iwlwifi" | awk '{print $1}' | sed 's/://') +if [ -n "$iwlwifi_irqs" ]; then + l_cores="" + for irq in $iwlwifi_irqs; do + cpu_dist=$(grep "^ *$irq:" /proc/interrupts | awk '{for(i=2; i<=25; i++) if($i>0) printf "%d ", i-1}') + for cpu in $cpu_dist; do + if [ "$cpu" -lt 12 ]; then + l_core=$cpu + else + l_core=$((cpu - 12)) + fi + l_cores="$l_cores $l_core" + done + done + l_cores=$(echo $l_cores | tr ' ' '\n' | sort -u | tr '\n' ' ') + echo "iwlwifi IRQs using L cores: $l_cores" + + # Check expected cores 4,5,6,7 + for expected in 4 5 6 7; do + if echo "$l_cores" | grep -q " $expected "; then + print_status "OK" "L core $expected: used" + else + print_status "WARN" "L core $expected: not used" + fi + done +else + print_status "WARN" "No iwlwifi IRQs found" +fi + +# Systemd slice CPU affinity +echo "" +echo "=== Systemd Slice L Cores ===" + +# Check global systemd CPU affinity +echo "--- Global Systemd CPU Affinity ---" +if [ -f "/etc/systemd/system.conf" ]; then + global_cpu_affinity=$(grep "^CPUAffinity=" /etc/systemd/system.conf | cut -d= -f2 || echo "not set") + echo "Global systemd CPUAffinity: $global_cpu_affinity" +else + echo "Global systemd CPUAffinity: not configured" +fi + +# Check main slices +main_slices=("network-services" "system") +for slice in "${main_slices[@]}"; do + echo "--- $slice.slice ---" + cgroup_path="/sys/fs/cgroup/system.slice/$slice.slice" + + if systemctl status "$slice.slice" >/dev/null 2>&1; then + if [ -d "$cgroup_path" ] && [ -f "$cgroup_path/cpuset.cpus" ]; then + cpu_affinity=$(cat "$cgroup_path/cpuset.cpus") + print_status "INFO" "CPU affinity: $cpu_affinity" + + # Convert to L cores + l_cores="" + for cpu in $(echo $cpu_affinity | tr ',' ' '); do + if [[ $cpu =~ ^[0-9]+$ ]]; then + if [ "$cpu" -lt 12 ]; then + l_core=$cpu + else + l_core=$((cpu - 12)) + fi + l_cores="$l_cores $l_core" + elif [[ $cpu =~ ^([0-9]+)-([0-9]+)$ ]]; then + start=${BASH_REMATCH[1]} + end=${BASH_REMATCH[2]} + for ((cpu=start; cpu<=end; cpu++)); do + if [ "$cpu" -lt 12 ]; then + l_core=$cpu + else + l_core=$((cpu - 12)) + fi + l_cores="$l_cores $l_core" + done + fi + done + l_cores=$(echo $l_cores | tr ' ' '\n' | sort -u | tr '\n' ' ') + echo " L cores: $l_cores" + else + print_status "INFO" "Slice loaded but no cgroup (no active services)" + fi + else + print_status "ERROR" "Slice $slice.slice not found or not active" + fi + echo "" +done + +# Check per-daemon slices +per_daemon_slices=("kea" "pdns" "radvd" "hostapd") +for slice in "${per_daemon_slices[@]}"; do + echo "--- $slice.slice ---" + cgroup_path="/sys/fs/cgroup/system.slice/$slice.slice" + + if systemctl status "$slice.slice" >/dev/null 2>&1; then + if [ -d "$cgroup_path" ] && [ -f "$cgroup_path/cpuset.cpus" ]; then + cpu_affinity=$(cat "$cgroup_path/cpuset.cpus") + print_status "INFO" "CPU affinity: $cpu_affinity" + + # Convert to L cores + l_cores="" + for cpu in $(echo $cpu_affinity | tr ',' ' '); do + if [[ $cpu =~ ^[0-9]+$ ]]; then + if [ "$cpu" -lt 12 ]; then + l_core=$cpu + else + l_core=$((cpu - 12)) + fi + l_cores="$l_cores $l_core" + elif [[ $cpu =~ ^([0-9]+)-([0-9]+)$ ]]; then + start=${BASH_REMATCH[1]} + end=${BASH_REMATCH[2]} + for ((cpu=start; cpu<=end; cpu++)); do + if [ "$cpu" -lt 12 ]; then + l_core=$cpu + else + l_core=$((cpu - 12)) + fi + l_cores="$l_cores $l_core" + done + fi + done + l_cores=$(echo $l_cores | tr ' ' '\n' | sort -u | tr '\n' ' ') + echo " L cores: $l_cores" + else + print_status "INFO" "Slice loaded but no cgroup (no active services)" + fi + else + print_status "WARN" "Slice $slice.slice not found or not active" + fi + echo "" +done + +# Service status summary +echo "" +echo "=== Service Status ===" +services=("hostapd" "kea-dhcp4-server" "pdns-recursor" "radvd") +for service in "${services[@]}"; do + if systemctl is-active "$service" >/dev/null 2>&1; then + slice=$(systemctl show "$service" --property=Slice --value 2>/dev/null || echo "unknown") + nice_value=$(systemctl show "$service" --property=Nice --value 2>/dev/null || echo "0") + print_status "OK" "$service: active (slice: $slice, nice: $nice_value)" + else + print_status "WARN" "$service: not active" + fi +done + +# IRQ affinity service +echo "" +if systemctl is-active irq-affinity >/dev/null 2>&1; then + print_status "OK" "IRQ affinity service: active" +else + print_status "WARN" "IRQ affinity service: not active" +fi + +echo "" +echo "=== Analysis Complete ===" \ No newline at end of file diff --git a/desktop/l2/kernel-params.nix b/desktop/l2/kernel-params.nix index 3f523c9..b955d3c 100644 --- a/desktop/l2/kernel-params.nix +++ b/desktop/l2/kernel-params.nix @@ -6,18 +6,20 @@ { # Boot kernel parameters for network optimization boot.kernelParams = [ - # CPU isolation for network cores (cache-aware, paired SMT siblings) + # CPU isolation for network IRQ cores + # Ethernet IRQs: cores 0,12,1,13,2,14,3,15 (first 4 L cores) + # WiFi IRQs: cores 4,16,5,17,6,18,7,19 (next 4 L cores) "isolcpus=0,12,1,13,2,14,3,15,4,16,5,17,6,18,7,19" - "nohz_full=0,12,1,13,2,14,3,15,4,16,5,17,6,18,7,19" - "rcu_nocbs=0,12,1,13,2,14,3,15,4,16,5,17,6,18,7,19" + # "nohz_full=0,12,1,13,2,14,3,15,4,16,5,17,6,18,7,19" + # "rcu_nocbs=0,12,1,13,2,14,3,15,4,16,5,17,6,18,7,19" - # Interrupt handling - "irqaffinity=0,12,1,13,2,14,3,15,4,16,5,17,6,18,7,19" - "threadirqs" + # # Interrupt handling + # "irqaffinity=0,12,1,13,2,14,3,15,4,16,5,17,6,18,7,19" + # "threadirqs" - # Memory management - "hugepagesz=1G" - "hugepages=4" + # # Memory management + # "hugepagesz=1G" + # "hugepages=4" # CPU frequency scaling "intel_pstate=performance" @@ -29,30 +31,30 @@ # I/O scheduler "elevator=bfq" - # Security mitigations (minimal impact on network performance) - "mitigations=off" - "spectre_v2=off" - "spec_store_bypass_disable=off" - "retbleed=off" + # # Security mitigations (minimal impact on network performance) + # "mitigations=off" + # "spectre_v2=off" + # "spec_store_bypass_disable=off" + # "retbleed=off" # WiFi optimizations "cfg80211.ieee80211_regdom=US" "iwlwifi.power_save=0" "iwlwifi.11n_disable=0" - "iwlwifi.bt_coex_active=0" + # "iwlwifi.bt_coex_active=0" - # PCIe optimizations - "pcie_aspm=off" - "pcie_aspm.policy=performance" + # # PCIe optimizations + # "pcie_aspm=off" + # "pcie_aspm.policy=performance" - # Bluetooth disabling - "bluetooth.blacklist=1" - "btusb.blacklist=1" - "btintel.blacklist=1" + # # Bluetooth disabling + # "bluetooth.blacklist=1" + # "btusb.blacklist=1" + # "btintel.blacklist=1" - # Debugging (disable for production) - "quiet" - "loglevel=3" + # # Debugging (disable for production) + # "quiet" + # "loglevel=3" ]; # CPU frequency scaling @@ -60,7 +62,7 @@ # Disable CPU frequency scaling for network cores systemd.services.cpu-performance = { - description = "Set CPU performance governor for network cores"; + description = "Set CPU performance governor for network IRQ cores"; wantedBy = [ "multi-user.target" ]; after = [ "systemd-udev-settle.service" ]; @@ -73,7 +75,9 @@ echo performance > "$cpu" 2>/dev/null || true done - # Set min/max frequency to maximum for network cores (paired SMT siblings) + # Set min/max frequency to maximum for network IRQ cores + # Ethernet IRQs: cores 0,12,1,13,2,14,3,15 (first 4 L cores) + # WiFi IRQs: cores 4,16,5,17,6,18,7,19 (next 4 L cores) for cpu in 0 12 1 13 2 14 3 15 4 16 5 17 6 18 7 19; do if [[ -e "/sys/devices/system/cpu/cpu$cpu/cpufreq/cpuinfo_max_freq" ]]; then max_freq=$(cat "/sys/devices/system/cpu/cpu$cpu/cpufreq/cpuinfo_max_freq") @@ -82,7 +86,7 @@ fi done - echo "CPU performance governor set for network optimization (paired SMT siblings)" + echo "CPU performance governor set for network IRQ optimization" ''; RemainAfterExit = true; StandardOutput = "journal"; @@ -93,27 +97,27 @@ # Disable Bluetooth completely hardware.bluetooth.enable = false; - # Disable Bluetooth kernel modules - boot.blacklistedKernelModules = [ - "bluetooth" - "btusb" - "btintel" - "btrtl" - "btbcm" - "btqca" - "hci_uart" - "hci_vhci" - "hci_h4" - "hci_bcsp" - "hci_ll" - "hci_mrvl" - "hci_qca" - "hci_uart" - "hci_vhci" - "hci_h4" - "hci_bcsp" - "hci_ll" - "hci_mrvl" - "hci_qca" - ]; + # # Disable Bluetooth kernel modules + # boot.blacklistedKernelModules = [ + # "bluetooth" + # "btusb" + # "btintel" + # "btrtl" + # "btbcm" + # "btqca" + # "hci_uart" + # "hci_vhci" + # "hci_h4" + # "hci_bcsp" + # "hci_ll" + # "hci_mrvl" + # "hci_qca" + # "hci_uart" + # "hci_vhci" + # "hci_h4" + # "hci_bcsp" + # "hci_ll" + # "hci_mrvl" + # "hci_qca" + # ]; } \ No newline at end of file diff --git a/desktop/l2/l2_2025_06_28.svg b/desktop/l2/l2_2025_06_28.svg new file mode 100644 index 0000000..2abea29 --- /dev/null +++ b/desktop/l2/l2_2025_06_28.svg @@ -0,0 +1,316 @@ + + + + Machine (126GB total) + + Package L#0 + + L3 (16MB) + + L2 (512KB) + + L1d (32KB) + + L1i (32KB) + + Core L#0 + + PU L#0 + P#0 + + PU L#1 + P#12 + + L2 (512KB) + + L1d (32KB) + + L1i (32KB) + + Core L#1 + + PU L#2 + P#1 + + PU L#3 + P#13 + + L2 (512KB) + + L1d (32KB) + + L1i (32KB) + + Core L#2 + + PU L#4 + P#2 + + PU L#5 + P#14 + + L3 (16MB) + + L2 (512KB) + + L1d (32KB) + + L1i (32KB) + + Core L#3 + + PU L#6 + P#3 + + PU L#7 + P#15 + + L2 (512KB) + + L1d (32KB) + + L1i (32KB) + + Core L#4 + + PU L#8 + P#4 + + PU L#9 + P#16 + + L2 (512KB) + + L1d (32KB) + + L1i (32KB) + + Core L#5 + + PU L#10 + P#5 + + PU L#11 + P#17 + + L3 (16MB) + + L2 (512KB) + + L1d (32KB) + + L1i (32KB) + + Core L#6 + + PU L#12 + P#6 + + PU L#13 + P#18 + + L2 (512KB) + + L1d (32KB) + + L1i (32KB) + + Core L#7 + + PU L#14 + P#7 + + PU L#15 + P#19 + + L2 (512KB) + + L1d (32KB) + + L1i (32KB) + + Core L#8 + + PU L#16 + P#8 + + PU L#17 + P#20 + + L3 (16MB) + + L2 (512KB) + + L1d (32KB) + + L1i (32KB) + + Core L#9 + + PU L#18 + P#9 + + PU L#19 + P#21 + + L2 (512KB) + + L1d (32KB) + + L1i (32KB) + + Core L#10 + + PU L#20 + P#10 + + PU L#21 + P#22 + + L2 (512KB) + + L1d (32KB) + + L1i (32KB) + + Core L#11 + + PU L#22 + P#11 + + PU L#23 + P#23 + + NUMANode L#0 P#0 (126GB) + + + + 3.9 + + 16 + + + + + 3.9 + + + PCI 01:00.0 + + Net enp1s0 + + + + 16 + + + + + 32 + + 32 + + + + + 32 + + + PCI 05:00.0 + + + + 32 + + + PCI 06:00.0 + + + + 3.9 + + 7.9 + + 0.6 + + + + + 3.9 + + + PCI 21:00.0 + + Block nvme0n1 + 1907 GB + + + + 7.9 + + + PCI 22:00.0 + + Block nvme1n1 + 1863 GB + + + + 0.6 + + + PCI 23:00.0 + + Net wlp35s0 + + + + 0.6 + + 0.6 + + + + + 0.6 + + + PCI 41:00.0 + + Net wlp65s0 + + + + 0.6 + + + PCI 42:00.0 + + Net wlp66s0 + + + + 0.6 + + 2.0 + + + + + 0.6 + + + PCI 61:00.0 + + Net wlp97s0 + + + + 2.0 + + + PCI 62:00.0 + + Host: l2 + Date: Sat 28 Jun 2025 06:52:23 PM PDT + diff --git a/desktop/l2/monitoring.nix b/desktop/l2/monitoring.nix index 1a38958..5801a10 100644 --- a/desktop/l2/monitoring.nix +++ b/desktop/l2/monitoring.nix @@ -96,7 +96,7 @@ let if [[ -e "/sys/devices/system/cpu/cpu$cpu/cpufreq/scaling_cur_freq" ]]; then freq=$(cat "/sys/devices/system/cpu/cpu$cpu/cpufreq/scaling_cur_freq") governor=$(cat "/sys/devices/system/cpu/cpu$cpu/cpufreq/scaling_governor") - log " CPU $cpu: ${freq}kHz ($governor)" + log " CPU $cpu: \$freq kHz (\$governor)" fi done @@ -230,6 +230,7 @@ in { ExecStart = "${monitoringScript}"; StandardOutput = "journal"; StandardError = "journal"; + Environment = "PATH=${lib.makeBinPath [ pkgs.coreutils pkgs.procps pkgs.sysstat pkgs.perf-tools pkgs.jq pkgs.gawk pkgs.gnugrep pkgs.gnused ]}"; }; }; @@ -255,6 +256,7 @@ in { ExecStart = "${performanceTestScript}"; StandardOutput = "journal"; StandardError = "journal"; + Environment = "PATH=${lib.makeBinPath [ pkgs.coreutils pkgs.procps pkgs.iperf3 pkgs.jq pkgs.gawk pkgs.gnugrep pkgs.gnused pkgs.iputils pkgs.sysstat ]}"; }; }; @@ -305,6 +307,7 @@ in { ''; Restart = "always"; RestartSec = "10"; + Environment = "PATH=${lib.makeBinPath [ pkgs.coreutils pkgs.sysstat pkgs.gnugrep ]}"; }; }; @@ -336,7 +339,6 @@ in { iperf3 netperf wrk - apache-bench # System analysis tools strace @@ -348,7 +350,6 @@ in { jq # Additional monitoring - dstat glances s-tui stress-ng @@ -357,7 +358,6 @@ in { # Enable sysstat for historical monitoring services.sysstat = { enable = true; - interval = 60; # Collect stats every minute }; # Configure rsyslog for monitoring diff --git a/desktop/l2/systemd-slices.nix b/desktop/l2/systemd-slices.nix index f99b02b..6351269 100644 --- a/desktop/l2/systemd-slices.nix +++ b/desktop/l2/systemd-slices.nix @@ -1,35 +1,19 @@ # Systemd Slices Configuration for L2 WiFi Access Point -# Defines hierarchical slice structure with CPU affinity and resource limits +# Defines hierarchical slice structure with resource limits (no CPUAffinity) { config, lib, pkgs, ... }: let - # Network core assignments (cache-aware, paired SMT siblings) - networkCores = "0,12,1,13,2,14,3,15,4,16,5,17,6,18,7,19"; # Dedicated network processing cores - userlandCores = "8,20,9,21,10,22,11,23"; # Remaining cores for userland + # Userland core assignments (remaining cores after network IRQ isolation) + userlandCores = "8,20,9,21,10,22,11,23"; in { # Systemd slices for better resource organization systemd.slices = { - # Network processing slice - Critical network services (paired SMT siblings) - network-processing = { - description = "Critical network processing (hostapd)"; - sliceConfig = { - CPUAffinity = networkCores; - Nice = -10; - IOSchedulingClass = 1; # Real-time I/O - IOSchedulingPriority = 4; - MemoryHigh = "8G"; - MemoryMax = "16G"; - }; - }; - - # Network services slice - DHCP, DNS, RA (userland cores) + # Network services slice - DHCP, DNS, RA, hostapd (userland cores) network-services = { - description = "Network services (DHCP, DNS, RA)"; + description = "Network services (DHCP, DNS, RA, hostapd)"; sliceConfig = { - CPUAffinity = userlandCores; - Nice = -5; MemoryHigh = "4G"; MemoryMax = "8G"; }; @@ -39,8 +23,6 @@ in { system = { description = "System and userland services"; sliceConfig = { - CPUAffinity = userlandCores; - Nice = 0; MemoryHigh = "32G"; MemoryMax = "64G"; }; @@ -65,14 +47,20 @@ in { Slice = "network-services.slice"; }; }; + hostapd = { + description = "hostapd WiFi access point slice"; + sliceConfig = { + Slice = "network-services.slice"; + }; + }; }; # CPU Affinity for Network Services systemd.services = { - # Critical network processing services (network-processing slice) + # Critical network processing services (network-services slice) hostapd = { serviceConfig = { - Slice = "network-processing.slice"; + Slice = "hostapd.slice"; Nice = -10; IOSchedulingClass = 1; # Real-time I/O IOSchedulingPriority = 4; @@ -109,41 +97,6 @@ in { RestartSec = "10s"; }; }; - - # Monitoring and userland services (system.slice) - network-monitoring = { - serviceConfig = { - Slice = "system.slice"; - Nice = 0; - }; - }; - performance-test = { - serviceConfig = { - Slice = "system.slice"; - Nice = 0; - }; - }; - realtime-monitoring = { - serviceConfig = { - Slice = "system.slice"; - Nice = 0; - }; - }; - - # IRQ affinity service (system.slice - runs early) - irq-affinity = { - serviceConfig = { - Slice = "system.slice"; - Nice = -10; - }; - }; - # CPU performance service (system.slice - runs early) - cpu-performance = { - serviceConfig = { - Slice = "system.slice"; - Nice = -10; - }; - }; }; }