TheK0tYaRa
374c73c925
switched to socketed sccache server wrote a systemd service to spin that socket up
417 lines
13 KiB
Nix
417 lines
13 KiB
Nix
{
|
|
inputs = {
|
|
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
|
|
mypkgs = {
|
|
url = "git+https://git.sys-con.ru/thek0tyara/nixpkgs-extension.git";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
ragenix.url = "github:yaxitech/ragenix";
|
|
home-manager = {
|
|
url = "github:nix-community/home-manager";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
nix-index-database = {
|
|
url = "github:nix-community/nix-index-database";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
niri-flake = {
|
|
url = "github:sodiboo/niri-flake";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
dw-proton.url = "github:imaviso/dwproton-flake";
|
|
intel-hw.url = "github:MordragT/nixos";
|
|
nix-flatpak.url = "github:gmodena/nix-flatpak/latest";
|
|
kernel-src = {
|
|
# url = "git+https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git?ref=master";
|
|
url = "git+https://gitlab.freedesktop.org/drm/tip.git?rev=6884fe03ff2bc5a2f501ba4710f950dd4933ac84&shallow=1";
|
|
flake = false;
|
|
};
|
|
sccache = {
|
|
url = "github:mozilla/sccache";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
};
|
|
outputs =
|
|
inputs@{
|
|
nixpkgs,
|
|
mypkgs,
|
|
ragenix,
|
|
home-manager,
|
|
nix-index-database,
|
|
niri-flake,
|
|
intel-hw,
|
|
nix-flatpak,
|
|
kernel-src,
|
|
sccache,
|
|
...
|
|
}:
|
|
let
|
|
system = "x86_64-linux";
|
|
# pkgs = nixpkgs.${system}.packages;
|
|
pkgs = nixpkgs {
|
|
inherit system;
|
|
overlays = [ sccache.overlays.default ];
|
|
};
|
|
in
|
|
{
|
|
nixosConfigurations.testenv = nixpkgs.lib.nixosSystem {
|
|
inherit system;
|
|
specialArgs = {
|
|
inherit inputs;
|
|
kernel-src = inputs.kernel-src;
|
|
};
|
|
modules = [
|
|
./custom/modules
|
|
ragenix.nixosModules.default
|
|
niri-flake.nixosModules.niri
|
|
nix-index-database.nixosModules.default
|
|
nix-flatpak.nixosModules.nix-flatpak
|
|
(
|
|
{
|
|
pkgs,
|
|
pkgdefault,
|
|
config,
|
|
lib,
|
|
...
|
|
}:
|
|
{
|
|
_module.args = {
|
|
pkgdefault = pkg: pkg.packages.${pkgs.stdenv.hostPlatform.system}.default;
|
|
};
|
|
nixpkgs.overlays = [
|
|
intel-hw.overlays.default
|
|
mypkgs.overlays.default
|
|
(import ./custom/override.nix)
|
|
niri-flake.overlays.niri
|
|
];
|
|
|
|
hardware = {
|
|
graphics = {
|
|
enable = true;
|
|
extraPackages = (
|
|
with pkgs;
|
|
[
|
|
intel-media-driver
|
|
intel-ocl
|
|
vpl-gpu-rt
|
|
intel-compute-runtime
|
|
]
|
|
);
|
|
# ++ (with inputs.intel-hw.packages."${system}"; [
|
|
# # oneapi-dal
|
|
# # oneapi-dpl
|
|
# # oneapi-ccl
|
|
# ]);
|
|
# enable32Bit = true;
|
|
};
|
|
enableRedistributableFirmware = true;
|
|
};
|
|
nix.settings = {
|
|
# keep-logs = true;
|
|
trusted-users = [
|
|
"root"
|
|
"thek0tyara"
|
|
];
|
|
extra-sandbox-paths = [
|
|
"/run/sccache"
|
|
"/var/cache/sccache"
|
|
];
|
|
download-buffer-size = 160000000;
|
|
};
|
|
systemd.tmpfiles.rules = [
|
|
# setgid, чтобы файлы/папки сохраняли группу nixbld
|
|
"d /var/cache/sccache 2770 root nixbld - -"
|
|
];
|
|
systemd.services.sccache = {
|
|
description = "Shared sccache server for Nix builds";
|
|
after = [ "local-fs.target" ];
|
|
wantedBy = [ "multi-user.target" ];
|
|
serviceConfig = {
|
|
Type = "simple";
|
|
User = "root";
|
|
Group = "nixbld";
|
|
RuntimeDirectory = "sccache";
|
|
RuntimeDirectoryMode = "0770";
|
|
UMask = "0007";
|
|
ExecStart = "${pkgs.sccache}/bin/sccache";
|
|
Restart = "always";
|
|
RestartSec = 2;
|
|
};
|
|
environment = {
|
|
SCCACHE_DIR = "/var/cache/sccache";
|
|
SCCACHE_SERVER_UDS = "/run/sccache/server.sock";
|
|
SCCACHE_IDLE_TIMEOUT = "0";
|
|
SCCACHE_START_SERVER = "1";
|
|
SCCACHE_NO_DAEMON = "1";
|
|
};
|
|
};
|
|
boot = {
|
|
loader = {
|
|
systemd-boot.enable = true;
|
|
efi.canTouchEfiVariables = false;
|
|
};
|
|
# kernelPackages = pkgs.linuxPackages_testing;
|
|
extraModulePackages = with config.boot.kernelPackages; [
|
|
v4l2loopback
|
|
# amneziawg
|
|
];
|
|
kernelParams = [ "mitigations=off" ];
|
|
kernelPatches = [
|
|
{
|
|
name = "gpu";
|
|
structuredExtraConfig = (
|
|
with lib.kernel;
|
|
{
|
|
CPU_SUP_INTEL = no;
|
|
CPU_SUP_HYGON = no;
|
|
CPU_SUP_CENTAUR = no;
|
|
CPU_SUP_ZHAOXIN = no;
|
|
#
|
|
X86_MCE_INTEL = no;
|
|
}
|
|
);
|
|
}
|
|
{
|
|
name = "gpu";
|
|
structuredExtraConfig = (
|
|
with lib.kernel;
|
|
{
|
|
DRM_AMDGPU = no;
|
|
DRM_KOMEDA = no;
|
|
DRM_NOUVEAU = no;
|
|
DRM_RADEON = no;
|
|
#
|
|
FB_NVIDIA = no;
|
|
FB_RADEON = no;
|
|
}
|
|
);
|
|
}
|
|
{
|
|
name = "go crazy, go stupid";
|
|
structuredExtraConfig = (
|
|
with lib.kernel;
|
|
{
|
|
# CPU_MITIGATIONS = no;
|
|
#
|
|
# unaffected by
|
|
MITIGATION_PAGE_TABLE_ISOLATION = no;
|
|
MITIGATION_GDS = no;
|
|
MITIGATION_RFDS = no;
|
|
MITIGATION_MDS = no;
|
|
MITIGATION_TAA = no;
|
|
MITIGATION_MMIO_STALE_DATA = no;
|
|
MITIGATION_L1TF = no;
|
|
MITIGATION_SRBDS = no;
|
|
MITIGATION_ITS = no;
|
|
MITIGATION_SPECTRE_BHI = no;
|
|
MITIGATION_IBRS_ENTRY = no;
|
|
MITIGATION_CALL_DEPTH_TRACKING = no;
|
|
}
|
|
);
|
|
}
|
|
{
|
|
name = "audio";
|
|
structuredExtraConfig = (
|
|
with lib.kernel;
|
|
{
|
|
SND_SEQ_DEVICE = no;
|
|
SND_SEQUENCER = no;
|
|
SND_SEQ_DUMMY = no;
|
|
SND_HRTIMER = no;
|
|
}
|
|
);
|
|
}
|
|
{
|
|
name = "network";
|
|
structuredExtraConfig = (
|
|
with lib.kernel;
|
|
{
|
|
# VLAN_8021Q = no;
|
|
}
|
|
);
|
|
}
|
|
];
|
|
};
|
|
# nixpkgs.config.permittedInsecurePackages = [
|
|
# "olm-3.2.16"
|
|
# ];
|
|
age = {
|
|
secrets = {
|
|
# "wg/syscon0.key".file = ./secrets/wg/syscon0.key.age;
|
|
"github/token.ro.age" = {
|
|
file = ./secrets/github/token.ro.age;
|
|
owner = "root";
|
|
group = "wheel";
|
|
mode = "0440";
|
|
};
|
|
};
|
|
identityPaths = [ "/root/.ssh/id_ed25519" ];
|
|
};
|
|
environment = {
|
|
sessionVariables = {
|
|
LIBVA_DRIVER_NAME = "iHD";
|
|
|
|
LLAMA_CACHE = "/home/thek0tyara/Downloads/llm";
|
|
|
|
# CCACHE_DIR = "/mnt/HDD_A_DATA/ccache";
|
|
# SCCACHE_DIR = "/home/thek0tyara/Documents/cache/sccache";
|
|
# LLVM = "1";
|
|
|
|
# UV_CACHE_DIR = "";
|
|
# PIP_CACHE_DIR = "";
|
|
# PYTHONPYCACHEPREFIX = "";
|
|
};
|
|
systemPackages = with pkgs; [
|
|
### compiler
|
|
# ccache
|
|
sccache
|
|
(pkgdefault inputs.ragenix)
|
|
devenv
|
|
htop
|
|
|
|
### storage
|
|
btrfs-progs
|
|
|
|
### gpu
|
|
vulkan-tools
|
|
libva-utils
|
|
intel-gpu-tools
|
|
pciutils
|
|
inxi
|
|
mesa-demos
|
|
xhost
|
|
|
|
# llm
|
|
# llama-cpp-vulkan
|
|
|
|
### development
|
|
git
|
|
nixpkgs-fmt
|
|
nixfmt
|
|
nixd
|
|
nil
|
|
android-tools
|
|
];
|
|
};
|
|
security = {
|
|
polkit = {
|
|
enable = true;
|
|
};
|
|
rtkit.enable = true;
|
|
sudo = {
|
|
extraRules = [
|
|
{
|
|
commands = [
|
|
{
|
|
command = "/run/current-system/sw/bin/nix";
|
|
options = [ "NOPASSWD" ];
|
|
}
|
|
{
|
|
command = "/run/current-system/sw/bin/nixos-rebuild";
|
|
options = [ "NOPASSWD" ];
|
|
}
|
|
];
|
|
groups = [ "wheel" ];
|
|
}
|
|
];
|
|
};
|
|
wrappers.gdb-ptrace = {
|
|
owner = "root";
|
|
group = "wheel";
|
|
permissions = "u+rx,g+rx,o-rwx";
|
|
capabilities = "cap_sys_ptrace+ep";
|
|
source = "${pkgs.gdb}/bin/gdb";
|
|
};
|
|
};
|
|
programs = {
|
|
# ccache = {
|
|
# enable = true;
|
|
# cacheDir = "/home/thek0tyara/Documents/cache/ccache/";
|
|
# packageNames = [
|
|
# # "linux"
|
|
# ];
|
|
# };
|
|
niri = {
|
|
enable = true;
|
|
package = pkgs.niri;
|
|
};
|
|
nix-ld = {
|
|
enable = true;
|
|
libraries = with pkgs; [
|
|
stdenv.cc.cc.lib
|
|
];
|
|
};
|
|
obs-studio.enableVirtualCamera = true;
|
|
steam = {
|
|
enable = true;
|
|
extraCompatPackages = [
|
|
inputs.dw-proton.packages.${system}.dw-proton
|
|
];
|
|
protontricks = {
|
|
enable = true;
|
|
};
|
|
};
|
|
traceroute.enable = true;
|
|
ydotool = {
|
|
# enable = true;
|
|
group = "wheel";
|
|
};
|
|
};
|
|
services = {
|
|
displayManager = {
|
|
enable = true;
|
|
defaultSession = "niri";
|
|
};
|
|
flatpak.enable = true;
|
|
locate.enable = true;
|
|
pipewire = {
|
|
enable = true;
|
|
pulse.enable = true;
|
|
};
|
|
tor = {
|
|
enable = true;
|
|
client.enable = true;
|
|
relay = {
|
|
enable = true;
|
|
role = "relay";
|
|
};
|
|
};
|
|
xserver = {
|
|
enable = true;
|
|
displayManager.lightdm.enable = true;
|
|
|
|
xkb = {
|
|
layout = "us,ru";
|
|
options = "grp:alt_shift_toggle";
|
|
};
|
|
};
|
|
zerotierone = {
|
|
enable = true;
|
|
localConf = {
|
|
settings = {
|
|
bind = [ "10.20.0.201" ];
|
|
};
|
|
};
|
|
};
|
|
};
|
|
}
|
|
)
|
|
./configuration.nix
|
|
#
|
|
home-manager.nixosModules.default
|
|
{
|
|
home-manager = {
|
|
useGlobalPkgs = true;
|
|
useUserPackages = true;
|
|
|
|
extraSpecialArgs = {
|
|
inherit inputs;
|
|
};
|
|
|
|
users.thek0tyara = ./home.nix;
|
|
};
|
|
}
|
|
];
|
|
};
|
|
};
|
|
}
|