Compare commits
3 commits
dcbef373c4
...
b0f56f3b9f
Author | SHA1 | Date | |
---|---|---|---|
chayleaf | b0f56f3b9f | ||
chayleaf | c5cd7b6c12 | ||
chayleaf | 9bd6cce282 |
|
@ -5,12 +5,14 @@
|
||||||
, ... }:
|
, ... }:
|
||||||
|
|
||||||
let
|
let
|
||||||
encUuid = "15945050-df48-418b-b736-827749b9262a";
|
uuids.enc = "15945050-df48-418b-b736-827749b9262a";
|
||||||
encPart = "/dev/disk/by-uuid/${encUuid}";
|
uuids.oldroot = "de454394-8cc1-4267-b62b-1e25062f7cf4";
|
||||||
rootUuid = "de454394-8cc1-4267-b62b-1e25062f7cf4";
|
uuids.boot = "0603-5955";
|
||||||
rootPart = "/dev/disk/by-uuid/${rootUuid}";
|
uuids.bch0 = "9f10b9ac-3102-4816-8f2c-e0526c2aa65b";
|
||||||
bootUuid = "0603-5955";
|
uuids.bch1 = "4ffed814-057c-4f9f-9a12-9d8ac6331e62";
|
||||||
bootPart = "/dev/disk/by-uuid/${bootUuid}";
|
uuids.bch2 = "e761df86-35ce-4586-9349-2d646fcb1b2a";
|
||||||
|
uuids.bch = "088a3d70-b54c-4437-8e01-feda6bfb7236";
|
||||||
|
parts = builtins.mapAttrs (k: v: "/dev/disk/by-uuid/${v}") uuids;
|
||||||
in
|
in
|
||||||
|
|
||||||
{
|
{
|
||||||
|
@ -28,8 +30,43 @@ in
|
||||||
];
|
];
|
||||||
|
|
||||||
networking.useDHCP = true;
|
networking.useDHCP = true;
|
||||||
|
/*
|
||||||
|
# as expected, systemd initrd and networking didn't work well, and i really cba to debug it
|
||||||
|
networking.useDHCP = false;
|
||||||
|
networking.useNetworkd = true;
|
||||||
|
systemd.network = {
|
||||||
|
enable = true;
|
||||||
|
links."10-mac" = {
|
||||||
|
matchConfig.OriginalName = "e*";
|
||||||
|
linkConfig = {
|
||||||
|
MACAddressPolicy = "none";
|
||||||
|
MACAddress = router-config.router-settings.serverMac;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
networks."10-dhcp" = {
|
||||||
|
DHCP = "yes";
|
||||||
|
name = "e*";
|
||||||
|
};
|
||||||
|
};*/
|
||||||
|
|
||||||
boot.initrd = {
|
boot.initrd = {
|
||||||
|
/*systemd = {
|
||||||
|
enable = true;
|
||||||
|
network = {
|
||||||
|
enable = true;
|
||||||
|
links."10-mac" = {
|
||||||
|
matchConfig.OriginalName = "e*";
|
||||||
|
linkConfig = {
|
||||||
|
MACAddressPolicy = "none";
|
||||||
|
MACAddress = router-config.router-settings.serverInitrdMac;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
networks."10-dhcp" = {
|
||||||
|
DHCP = "yes";
|
||||||
|
name = "e*";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};*/
|
||||||
preLVMCommands = lib.mkOrder 499 ''
|
preLVMCommands = lib.mkOrder 499 ''
|
||||||
ip link set eth0 address ${router-config.router-settings.serverInitrdMac} || true
|
ip link set eth0 address ${router-config.router-settings.serverInitrdMac} || true
|
||||||
'';
|
'';
|
||||||
|
@ -48,8 +85,8 @@ in
|
||||||
];
|
];
|
||||||
# shell = "/bin/cryptsetup-askpass";
|
# shell = "/bin/cryptsetup-askpass";
|
||||||
};
|
};
|
||||||
luks.devices."cryptroot" = {
|
luks.devices.cryptroot = {
|
||||||
device = encPart;
|
device = parts.enc;
|
||||||
# idk whether this is needed but it works
|
# idk whether this is needed but it works
|
||||||
preLVM = true;
|
preLVM = true;
|
||||||
# see https://asalor.blogspot.de/2011/08/trim-dm-crypt-problems.html before enabling
|
# see https://asalor.blogspot.de/2011/08/trim-dm-crypt-problems.html before enabling
|
||||||
|
@ -57,27 +94,27 @@ in
|
||||||
# improve SSD performance
|
# improve SSD performance
|
||||||
bypassWorkqueues = true;
|
bypassWorkqueues = true;
|
||||||
};
|
};
|
||||||
|
luks.devices.bch0 = { device = parts.bch0; preLVM = true; allowDiscards = true; bypassWorkqueues = true; };
|
||||||
|
luks.devices.bch1 = { device = parts.bch1; preLVM = true; allowDiscards = true; bypassWorkqueues = true; };
|
||||||
|
luks.devices.bch2 = { device = parts.bch2; preLVM = true; allowDiscards = true; bypassWorkqueues = true; };
|
||||||
};
|
};
|
||||||
|
|
||||||
boot.supportedFilesystems = [ "bcachefs" ];
|
boot.supportedFilesystems = [ "bcachefs" ];
|
||||||
|
|
||||||
fileSystems = let
|
fileSystems = let
|
||||||
device = rootPart;
|
|
||||||
fsType = "btrfs";
|
|
||||||
neededForBoot = true;
|
neededForBoot = true;
|
||||||
compress = "compress=zstd";
|
|
||||||
discard = "discard=async";
|
|
||||||
in {
|
in {
|
||||||
"/" = { device = "none"; fsType = "tmpfs"; inherit neededForBoot;
|
"/" = { device = "none"; fsType = "tmpfs"; inherit neededForBoot;
|
||||||
options = [ "defaults" "size=2G" "mode=755" ]; };
|
options = [ "defaults" "size=2G" "mode=755" ]; };
|
||||||
# TODO: switch to bcachefs?
|
|
||||||
# I wanna do it some day, but maybe starting with the next disk I get for this server
|
|
||||||
"/persist" =
|
"/persist" =
|
||||||
{ inherit device fsType neededForBoot;
|
{ device = "UUID=${uuids.bch}"; fsType = "bcachefs"; inherit neededForBoot;
|
||||||
options = [ discard compress "subvol=@" ]; };
|
options = [ "errors=ro" ]; };
|
||||||
"/swap" = { inherit device fsType neededForBoot;
|
#"/persist" =
|
||||||
options = [ discard "subvol=@swap" "noatime" ]; };
|
# { device = parts.oldroot; fsType = "btrfs"; inherit neededForBoot;
|
||||||
"/boot" = { device = bootPart; fsType = "vfat"; inherit neededForBoot; };
|
# options = [ "discard=async" "compress=zstd" "subvol=@" ]; };
|
||||||
|
"/swap" = { device = parts.oldroot; fsType = "btrfs"; inherit neededForBoot;
|
||||||
|
options = [ "discard=async" "subvol=@swap" "noatime" ]; };
|
||||||
|
"/boot" = { device = parts.boot; fsType = "vfat"; inherit neededForBoot; };
|
||||||
};
|
};
|
||||||
|
|
||||||
swapDevices = [ { device = "/swap/swapfile"; } ];
|
swapDevices = [ { device = "/swap/swapfile"; } ];
|
||||||
|
|
|
@ -117,6 +117,7 @@ in rec {
|
||||||
fixupPhase = "true";
|
fixupPhase = "true";
|
||||||
};
|
};
|
||||||
linux_bpiR3 = pkgs.linux_latest.override {
|
linux_bpiR3 = pkgs.linux_latest.override {
|
||||||
|
ignoreConfigErrors = false;
|
||||||
# there's probably more enabled-by-default configs that are better left disabled, but whatever
|
# there's probably more enabled-by-default configs that are better left disabled, but whatever
|
||||||
structuredExtraConfig = with lib.kernel; {
|
structuredExtraConfig = with lib.kernel; {
|
||||||
/* "Select this option if you are building a kernel for a server or
|
/* "Select this option if you are building a kernel for a server or
|
||||||
|
@ -125,7 +126,6 @@ in rec {
|
||||||
latencies." */
|
latencies." */
|
||||||
PREEMPT_NONE = yes;
|
PREEMPT_NONE = yes;
|
||||||
# disable the other preempts
|
# disable the other preempts
|
||||||
PREEMPTION = no;
|
|
||||||
PREEMPT_VOLUNTARY = lib.mkForce no;
|
PREEMPT_VOLUNTARY = lib.mkForce no;
|
||||||
PREEMPT = no;
|
PREEMPT = no;
|
||||||
|
|
||||||
|
@ -134,12 +134,10 @@ in rec {
|
||||||
CPU_FREQ_DEFAULT_GOV_PERFORMANCE = lib.mkForce no;
|
CPU_FREQ_DEFAULT_GOV_PERFORMANCE = lib.mkForce no;
|
||||||
CPU_FREQ_GOV_CONSERVATIVE = yes;
|
CPU_FREQ_GOV_CONSERVATIVE = yes;
|
||||||
# disable virtualisation stuff
|
# disable virtualisation stuff
|
||||||
PARAVIRT = lib.mkForce no;
|
|
||||||
VIRTUALIZATION = no;
|
VIRTUALIZATION = no;
|
||||||
XEN = lib.mkForce no;
|
XEN = lib.mkForce no;
|
||||||
# zstd
|
# zstd
|
||||||
KERNEL_ZSTD = yes;
|
# MODULE_COMPRESS_ZSTD = yes;
|
||||||
MODULE_COMPRESS_ZSTD = yes;
|
|
||||||
MODULE_DECOMPRESS = yes;
|
MODULE_DECOMPRESS = yes;
|
||||||
FW_LOADER_COMPRESS_ZSTD = yes;
|
FW_LOADER_COMPRESS_ZSTD = yes;
|
||||||
# zram
|
# zram
|
||||||
|
@ -299,13 +297,50 @@ in rec {
|
||||||
MT76_CORE = module;
|
MT76_CORE = module;
|
||||||
MT76_LEDS = yes;
|
MT76_LEDS = yes;
|
||||||
MT76_CONNAC_LIB = module;
|
MT76_CONNAC_LIB = module;
|
||||||
MT7815E = module;
|
|
||||||
MT7915E = module;
|
MT7915E = module;
|
||||||
MT7986_WMAC = yes;
|
MT798X_WMAC = yes;
|
||||||
SPI_MT65XX = yes;
|
SPI_MT65XX = yes;
|
||||||
SPI_MTK_NOR = yes;
|
SPI_MTK_NOR = yes;
|
||||||
SPI_MTK_SNFI = yes;
|
SPI_MTK_SNFI = yes;
|
||||||
MMC_MTK = yes;
|
MMC_MTK = yes;
|
||||||
|
|
||||||
|
# keys that are unused in this case
|
||||||
|
# used because i got bitten by config keys changing once
|
||||||
|
"9P_FSCACHE".tristate = lib.mkForce null; CROS_EC_ISHTP.tristate = lib.mkForce null; CROS_EC_LPC.tristate = lib.mkForce null;
|
||||||
|
DRM_AMDGPU_CIK.tristate = lib.mkForce null; DRM_AMDGPU_SI.tristate = lib.mkForce null; DRM_AMDGPU_USERPTR.tristate = lib.mkForce null;
|
||||||
|
DRM_AMD_DC_FP.tristate = lib.mkForce null; DRM_AMD_DC_SI.tristate = lib.mkForce null; DRM_DP_AUX_CHARDEV.tristate = lib.mkForce null;
|
||||||
|
DRM_FBDEV_EMULATION.tristate = lib.mkForce null; DRM_GMA500.tristate = lib.mkForce null; DRM_LEGACY.tristate = lib.mkForce null;
|
||||||
|
DRM_LOAD_EDID_FIRMWARE.tristate = lib.mkForce null; DRM_SIMPLEDRM.tristate = lib.mkForce null; DRM_VBOXVIDEO.tristate = lib.mkForce null;
|
||||||
|
DRM_VC4_HDMI_CEC.tristate = lib.mkForce null; FB_3DFX_ACCEL.tristate = lib.mkForce null; FB_ATY_CT.tristate = lib.mkForce null;
|
||||||
|
FB_ATY_GX.tristate = lib.mkForce null; FB_EFI.tristate = lib.mkForce null; FB_NVIDIA_I2C.tristate = lib.mkForce null;
|
||||||
|
FB_RIVA_I2C.tristate = lib.mkForce null; FB_SAVAGE_ACCEL.tristate = lib.mkForce null; FB_SAVAGE_I2C.tristate = lib.mkForce null;
|
||||||
|
FB_SIMPLE.tristate = lib.mkForce null; FB_SIS_300.tristate = lib.mkForce null; FB_SIS_315.tristate = lib.mkForce null;
|
||||||
|
FB_VESA.tristate = lib.mkForce null; FONTS.tristate = lib.mkForce null; FONT_8x8.tristate = lib.mkForce null;
|
||||||
|
FONT_TER16x32.tristate = lib.mkForce null; FRAMEBUFFER_CONSOLE.tristate = lib.mkForce null;
|
||||||
|
FRAMEBUFFER_CONSOLE_DEFERRED_TAKEOVER.tristate = lib.mkForce null;
|
||||||
|
FRAMEBUFFER_CONSOLE_DETECT_PRIMARY.tristate = lib.mkForce null; FRAMEBUFFER_CONSOLE_ROTATION.tristate = lib.mkForce null;
|
||||||
|
HMM_MIRROR.tristate = lib.mkForce null; HSA_AMD.tristate = lib.mkForce null; HYPERVISOR_GUEST.tristate = lib.mkForce null;
|
||||||
|
INFINIBAND_IPOIB.tristate = lib.mkForce null; INFINIBAND_IPOIB_CM.tristate = lib.mkForce null;
|
||||||
|
IP_MROUTE_MULTIPLE_TABLES.tristate = lib.mkForce null; JOYSTICK_PSXPAD_SPI_FF.tristate = lib.mkForce null;
|
||||||
|
KERNEL_ZSTD.tristate = lib.mkForce null; KEYBOARD_APPLESPI.tristate = lib.mkForce null; KVM_ASYNC_PF.tristate = lib.mkForce null;
|
||||||
|
KVM_GENERIC_DIRTYLOG_READ_PROTECT.tristate = lib.mkForce null; KVM_GUEST.tristate = lib.mkForce null; KVM_MMIO.tristate = lib.mkForce null;
|
||||||
|
KVM_VFIO.tristate = lib.mkForce null; LOGO.tristate = lib.mkForce null; MICROCODE.tristate = lib.mkForce null;
|
||||||
|
MOUSE_PS2_VMMOUSE.tristate = lib.mkForce null; MTRR_SANITIZER.tristate = lib.mkForce null; NFS_FSCACHE.tristate = lib.mkForce null;
|
||||||
|
PINCTRL_BAYTRAIL.tristate = lib.mkForce null;
|
||||||
|
PINCTRL_CHERRYVIEW.tristate = lib.mkForce null; PM_ADVANCED_DEBUG.tristate = lib.mkForce null; PM_TRACE_RTC.tristate = lib.mkForce null;
|
||||||
|
SND_AC97_POWER_SAVE.tristate = lib.mkForce null; SND_DYNAMIC_MINORS.tristate = lib.mkForce null;
|
||||||
|
SND_HDA_INPUT_BEEP.tristate = lib.mkForce null; SND_HDA_PATCH_LOADER.tristate = lib.mkForce null;
|
||||||
|
SND_HDA_RECONFIG.tristate = lib.mkForce null; SND_OSSEMUL.tristate = lib.mkForce null; SND_USB_CAIAQ_INPUT.tristate = lib.mkForce null;
|
||||||
|
VFIO_PCI_VGA.tristate = lib.mkForce null; VGA_SWITCHEROO.tristate = lib.mkForce null; X86_AMD_PLATFORM_DEVICE.tristate = lib.mkForce null;
|
||||||
|
X86_CHECK_BIOS_CORRUPTION.tristate = lib.mkForce null; X86_MCE.tristate = lib.mkForce null;
|
||||||
|
X86_PLATFORM_DRIVERS_DELL.tristate = lib.mkForce null; X86_PLATFORM_DRIVERS_HP.tristate = lib.mkForce null;
|
||||||
|
JOYSTICK_XPAD_FF.tristate = lib.mkForce null; JOYSTICK_XPAD_LEDS.tristate = lib.mkForce null; KEXEC_JUMP.tristate = lib.mkForce null;
|
||||||
|
PERF_EVENTS_AMD_BRS.tristate = lib.mkForce null; HVC_XEN.tristate = lib.mkForce null; HVC_XEN_FRONTEND.tristate = lib.mkForce null;
|
||||||
|
PARAVIRT_SPINLOCKS.tristate = lib.mkForce null; PCI_XEN.tristate = lib.mkForce null; SWIOTLB_XEN.tristate = lib.mkForce null;
|
||||||
|
VBOXGUEST.tristate = lib.mkForce null; XEN_BACKEND.tristate = lib.mkForce null; XEN_BALLOON.tristate = lib.mkForce null;
|
||||||
|
XEN_BALLOON_MEMORY_HOTPLUG.tristate = lib.mkForce null; XEN_DOM0.tristate = lib.mkForce null; XEN_EFI.tristate = lib.mkForce null;
|
||||||
|
XEN_HAVE_PVMMU.tristate = lib.mkForce null; XEN_MCE_LOG.tristate = lib.mkForce null; XEN_PVH.tristate = lib.mkForce null;
|
||||||
|
XEN_PVHVM.tristate = lib.mkForce null; XEN_SAVE_RESTORE.tristate = lib.mkForce null; XEN_SYS_HYPERVISOR.tristate = lib.mkForce null;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
linuxPackages_bpiR3 = pkgs.linuxPackagesFor linux_bpiR3;
|
linuxPackages_bpiR3 = pkgs.linuxPackagesFor linux_bpiR3;
|
||||||
|
|
|
@ -32,7 +32,6 @@ in {
|
||||||
{ directory = /var/www; }
|
{ directory = /var/www; }
|
||||||
{ directory = /secrets; mode = "0755"; }
|
{ directory = /secrets; mode = "0755"; }
|
||||||
];
|
];
|
||||||
networking.useDHCP = true;
|
|
||||||
networking.firewall = {
|
networking.firewall = {
|
||||||
enable = true;
|
enable = true;
|
||||||
allowedTCPPorts = lib.mkMerge [
|
allowedTCPPorts = lib.mkMerge [
|
||||||
|
|
|
@ -166,7 +166,6 @@ in {
|
||||||
nix.distributedBuilds = true;
|
nix.distributedBuilds = true;
|
||||||
# limit CI CPU usage to 30%
|
# limit CI CPU usage to 30%
|
||||||
# systemd.services.nix-daemon.serviceConfig.CPUQuota = "240%";
|
# systemd.services.nix-daemon.serviceConfig.CPUQuota = "240%";
|
||||||
# TODO: check if LimitNICE should be used instead
|
|
||||||
systemd.services.nix-daemon.serviceConfig.Nice = "19";
|
systemd.services.nix-daemon.serviceConfig.Nice = "19";
|
||||||
nix.daemonCPUSchedPolicy = "idle";
|
nix.daemonCPUSchedPolicy = "idle";
|
||||||
nix.daemonIOSchedClass = "idle";
|
nix.daemonIOSchedClass = "idle";
|
||||||
|
|
Loading…
Reference in a new issue