diff --git a/systems/artemision/graphics.nix b/systems/artemision/graphics.nix
index f0730e3..990fc0b 100644
--- a/systems/artemision/graphics.nix
+++ b/systems/artemision/graphics.nix
@@ -7,7 +7,14 @@
driSupport32Bit = true;
## amdvlk: an open-source Vulkan driver from AMD
- extraPackages = [ pkgs.amdvlk ];
- extraPackages32 = [ pkgs.driversi686Linux.amdvlk ];
+ extraPackages = with pkgs; [
+ amdvlk
+ rocmPackages.clr.icd
+ ];
+ extraPackages32 = with pkgs; [
+ driversi686Linux.amdvlk
+ rocmPackages.clr.icd
+ ];
};
+ services.xserver.videoDrivers = [ "amdgpu" ];
}
diff --git a/systems/palatine-hill/configuration.nix b/systems/palatine-hill/configuration.nix
index bb26d81..f5d1db0 100644
--- a/systems/palatine-hill/configuration.nix
+++ b/systems/palatine-hill/configuration.nix
@@ -4,29 +4,13 @@
lib,
...
}:
-let
- bootkey = key: { "/crypto/keys/${key}" = /crypto/keys/${key}; };
- zfskeys = [
- "zfs-attic-key"
- "zfs-backup-key"
- "zfs-calibre-key"
- "zfs-db-key"
- "zfs-docker-key"
- "zfs-games-key"
- "zfs-hydra-key"
- "zfs-libvirt-key"
- "zfs-main-key"
- "zfs-nxtcld-key"
- "zfs-torr-key"
- "zfs-var-docker-key"
- "zfs-nix-store-key"
- ];
-in
{
- imports = [ ./networking.nix ];
+ imports = [
+ ./networking.nix
+ ./zfs.nix
+ ./hydra.nix
+ ];
- systemd.services.hydra-notify.serviceConfig.EnvironmentFile =
- config.sops.secrets."hydra/environment".path;
programs.git.lfs.enable = false;
nixpkgs.config.packageOverrides = pkgs: {
@@ -34,9 +18,7 @@ in
};
boot = {
- zfs.extraPools = [ "ZFS-primary" ];
loader.grub.device = "/dev/sda";
- filesystem = "zfs";
useSystemdBoot = true;
kernelParams = [
"i915.force_probe=56a5"
@@ -46,40 +28,7 @@ in
"vm.overcommit_memory" = lib.mkForce 1;
"vm.swappiness" = 10;
};
- extraModprobeConfig = ''
- options zfs zfs_arc_min=82463372083
- options zfs zfs_arc_max=192414534860
- '';
binfmt.emulatedSystems = [ "aarch64-linux" ];
- initrd.secrets = lib.mergeAttrsList (map bootkey zfskeys);
- };
-
- nix = {
- extraOptions = ''
- allowed-uris = github: gitlab: git+https:// git+ssh:// https://
- builders-use-substitutes = true
- '';
-
- buildMachines = [
- {
- hostName = "localhost";
- maxJobs = 2;
- protocol = "ssh-ng";
- speedFactor = 2;
- systems = [
- "x86_64-linux"
- "aarch64-linux"
- "i686-linux"
- ];
-
- supportedFeatures = [
- "kvm"
- "nixos-test"
- "big-parallel"
- "benchmark"
- ];
- }
- ];
};
hardware = {
@@ -103,7 +52,9 @@ in
attic-client
attic
docker-compose
+ intel-gpu-tools
jellyfin-ffmpeg
+ jq
];
services = {
@@ -111,59 +62,6 @@ in
nfs.server.enable = true;
openssh.ports = [ 666 ];
smartd.enable = true;
- zfs = {
- trim.enable = true;
- autoScrub.enable = true;
- };
-
- sanoid = {
- enable = true;
-
- datasets = {
- "ZFS-primary/attic".useTemplate = [ "nix-prod" ];
- "ZFS-primary/backups".useTemplate = [ "production" ];
- "ZFS-primary/calibre".useTemplate = [ "production" ];
- "ZFS-primary/db".useTemplate = [ "production" ];
- "ZFS-primary/docker".useTemplate = [ "production" ];
- "ZFS-primary/hydra".useTemplate = [ "nix-prod" ];
- "ZFS-primary/nextcloud".useTemplate = [ "production" ];
- "ZFS-primary/vardocker".useTemplate = [ "production" ];
- "ZFS-primary/games" = {
- useTemplate = [ "games" ];
- recursive = true;
- processChildrenOnly = true;
- };
- };
-
- templates = {
- # full resiliency
- production = {
- frequently = 0;
- hourly = 36;
- daily = 30;
- monthly = 6;
- yearly = 3;
- autosnap = true;
- autoprune = true;
- };
- # some resiliency, but not much
- # common option for things like nix store and attic where there is
- # already a lot of resiliency built in
- nix-prod = {
- frequently = 4;
- hourly = 24;
- daily = 7;
- };
- # much shorter lived than others
- games = {
- frequently = 6;
- hourly = 36;
- daily = 3;
- autosnap = true;
- autoprune = true;
- };
- };
- };
postgresql = {
enable = true;
@@ -199,106 +97,8 @@ in
];
};
};
-
- hydra = {
- enable = true;
- hydraURL = "http://localhost:3000";
- smtpHost = "alicehuston.xyz";
- notificationSender = "hydra@alicehuston.xyz";
- gcRootsDir = "/ZFS/ZFS-primary/hydra";
- useSubstitutes = true;
- buildMachinesFiles = [ ];
- minimumDiskFree = 50;
- minimumDiskFreeEvaluator = 100;
- extraConfig = ''
-
- timeout = 3600
-
- Include ${config.sops.secrets."alice/gha-hydra-token".path}
- '';
- };
-
- nix-serve = {
- enable = true;
- secretKeyFile = config.sops.secrets."nix-serve/secret-key".path;
- };
- atticd = {
- enable = true;
-
- credentialsFile = config.sops.secrets."attic/secret-key".path;
-
- settings = {
- listen = "[::]:8183";
- allowed-hosts = [ "attic.alicehuston.xyz" ];
- api-endpoint = "https://attic.alicehuston.xyz";
- compression.type = "none"; # let ZFS do the compressing
- database = {
- url = "postgres://atticd?host=/run/postgresql";
- # disable postgres, using SOPS fails at below :(
- # https://github.com/zhaofengli/attic/blob/main/nixos/atticd.nix#L57
- # url = "sqlite:///ZFS/ZFS-primary/attic/server.db?mode=rwc";
- heartbeat = true;
- };
- storage = {
- type = "local";
- path = "/ZFS/ZFS-primary/attic/storage";
- };
-
- # Warning: If you change any of the values here, it will be
- # difficult to reuse existing chunks for newly-uploaded NARs
- # since the cutpoints will be different. As a result, the
- # deduplication ratio will suffer for a while after the change.
- chunking = {
- # The minimum NAR size to trigger chunking
- #
- # If 0, chunking is disabled entirely for newly-uploaded NARs.
- # If 1, all NARs are chunked.
- nar-size-threshold = 64 * 1024; # 64 KiB
-
- # The preferred minimum size of a chunk, in bytes
- min-size = 16 * 1024; # 16 KiB
-
- # The preferred average size of a chunk, in bytes
- avg-size = 64 * 1024; # 64 KiB
-
- # The preferred maximum size of a chunk, in bytes
- max-size = 256 * 1024; # 256 KiB
- };
- };
- };
};
- # borrowing from https://github.com/Shawn8901/nix-configuration/blob/4b8d1d44f47aec60feb58ca7b7ab5ed000506e90/modules/nixos/private/hydra.nix
- # configured default webstore for this on root user separately
- systemd.services.attic-watch-store = {
- wantedBy = [ "multi-user.target" ];
- after = [
- "network-online.target"
- "docker.service"
- "atticd.service"
- ];
- requires = [
- "network-online.target"
- "docker.service"
- "atticd.service"
- ];
- description = "Upload all store content to binary cache";
- serviceConfig = {
- User = "root";
- Restart = "always";
- ExecStart = "${pkgs.attic}/bin/attic watch-store cache-nix-dot";
- };
- };
-
- users.users.root.openssh.authorizedKeys.keys = [
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ/E/y4UJQid6/0D9babh8l/3jTDJRXqZQ5rPcoxwm1j root@palatine-hill"
- ];
-
- users.users.hydra-queue-runner.openssh.authorizedKeys.keys = [
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ/E/y4UJQid6/0D9babh8l/3jTDJRXqZQ5rPcoxwm1j root@palatine-hill"
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINHtwvfXg/QFjMAjC4JRjlMAaGPgEfSyhpprNpqbGSJn hydra-queue-runner@palatine-hill"
- ];
-
nix.gc.options = "--delete-older-than 150d";
# TODO: revert this once UPS is plugged in
@@ -321,17 +121,7 @@ in
sops = {
defaultSopsFile = ./secrets.yaml;
secrets = {
- "hydra/environment".owner = "hydra";
- "nix-serve/secret-key".owner = "root";
- "attic/secret-key".owner = "root";
- "attic/database-url".owner = "root";
"postgres/init".owner = "postgres";
- "alice/gha-hydra-token" = {
- sopsFile = ../../users/alice/secrets.yaml;
- owner = "hydra";
- group = "hydra";
- mode = "440";
- };
"upsmon/password".owner = "root";
};
};
diff --git a/systems/palatine-hill/hydra.nix b/systems/palatine-hill/hydra.nix
new file mode 100644
index 0000000..de06263
--- /dev/null
+++ b/systems/palatine-hill/hydra.nix
@@ -0,0 +1,156 @@
+{
+ config,
+ lib,
+ pkgs,
+ ...
+}:
+
+{
+ systemd.services.hydra-notify.serviceConfig.EnvironmentFile =
+ config.sops.secrets."hydra/environment".path;
+
+ nix = {
+ extraOptions = ''
+ allowed-uris = github: gitlab: git+https:// git+ssh:// https://
+ builders-use-substitutes = true
+ '';
+
+ buildMachines = [
+ {
+ hostName = "localhost";
+ maxJobs = 2;
+ protocol = "ssh-ng";
+ speedFactor = 2;
+ systems = [
+ "x86_64-linux"
+ "aarch64-linux"
+ "i686-linux"
+ ];
+
+ supportedFeatures = [
+ "kvm"
+ "nixos-test"
+ "big-parallel"
+ "benchmark"
+ ];
+ }
+ ];
+ };
+
+ services = {
+ hydra = {
+ enable = true;
+ hydraURL = "http://localhost:3000";
+ smtpHost = "alicehuston.xyz";
+ notificationSender = "hydra@alicehuston.xyz";
+ gcRootsDir = "/ZFS/ZFS-primary/hydra";
+ useSubstitutes = true;
+ buildMachinesFiles = [ ];
+ minimumDiskFree = 50;
+ minimumDiskFreeEvaluator = 100;
+ extraConfig = ''
+
+ timeout = 3600
+
+ Include ${config.sops.secrets."alice/gha-hydra-token".path}
+ '';
+ };
+
+ nix-serve = {
+ enable = true;
+ secretKeyFile = config.sops.secrets."nix-serve/secret-key".path;
+ };
+
+ atticd = {
+ enable = true;
+
+ credentialsFile = config.sops.secrets."attic/secret-key".path;
+
+ settings = {
+ listen = "[::]:8183";
+ allowed-hosts = [ "attic.alicehuston.xyz" ];
+ api-endpoint = "https://attic.alicehuston.xyz";
+ compression.type = "none"; # let ZFS do the compressing
+ database = {
+ url = "postgres://atticd?host=/run/postgresql";
+ # disable postgres, using SOPS fails at below :(
+ # https://github.com/zhaofengli/attic/blob/main/nixos/atticd.nix#L57
+ # url = "sqlite:///ZFS/ZFS-primary/attic/server.db?mode=rwc";
+ heartbeat = true;
+ };
+ storage = {
+ type = "local";
+ path = "/ZFS/ZFS-primary/attic/storage";
+ };
+
+ # Warning: If you change any of the values here, it will be
+ # difficult to reuse existing chunks for newly-uploaded NARs
+ # since the cutpoints will be different. As a result, the
+ # deduplication ratio will suffer for a while after the change.
+ chunking = {
+ # The minimum NAR size to trigger chunking
+ #
+ # If 0, chunking is disabled entirely for newly-uploaded NARs.
+ # If 1, all NARs are chunked.
+ nar-size-threshold = 64 * 1024; # 64 KiB
+
+ # The preferred minimum size of a chunk, in bytes
+ min-size = 16 * 1024; # 16 KiB
+
+ # The preferred average size of a chunk, in bytes
+ avg-size = 64 * 1024; # 64 KiB
+
+ # The preferred maximum size of a chunk, in bytes
+ max-size = 256 * 1024; # 256 KiB
+ };
+ };
+ };
+ };
+
+ # borrowing from https://github.com/Shawn8901/nix-configuration/blob/4b8d1d44f47aec60feb58ca7b7ab5ed000506e90/modules/nixos/private/hydra.nix
+ # configured default webstore for this on root user separately
+ systemd.services.attic-watch-store = {
+ wantedBy = [ "multi-user.target" ];
+ after = [
+ "network-online.target"
+ "docker.service"
+ "atticd.service"
+ ];
+ requires = [
+ "network-online.target"
+ "docker.service"
+ "atticd.service"
+ ];
+ description = "Upload all store content to binary cache";
+ serviceConfig = {
+ User = "root";
+ Restart = "always";
+ ExecStart = "${pkgs.attic}/bin/attic watch-store cache-nix-dot";
+ };
+ };
+
+ users.users.root.openssh.authorizedKeys.keys = [
+ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ/E/y4UJQid6/0D9babh8l/3jTDJRXqZQ5rPcoxwm1j root@palatine-hill"
+ ];
+
+ users.users.hydra-queue-runner.openssh.authorizedKeys.keys = [
+ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ/E/y4UJQid6/0D9babh8l/3jTDJRXqZQ5rPcoxwm1j root@palatine-hill"
+ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINHtwvfXg/QFjMAjC4JRjlMAaGPgEfSyhpprNpqbGSJn hydra-queue-runner@palatine-hill"
+ ];
+
+ sops = {
+ defaultSopsFile = ./secrets.yaml;
+ secrets = {
+ "hydra/environment".owner = "hydra";
+ "nix-serve/secret-key".owner = "root";
+ "attic/secret-key".owner = "root";
+ "attic/database-url".owner = "root";
+ "alice/gha-hydra-token" = {
+ sopsFile = ../../users/alice/secrets.yaml;
+ owner = "hydra";
+ group = "hydra";
+ mode = "440";
+ };
+ };
+ };
+}
diff --git a/systems/palatine-hill/zfs.nix b/systems/palatine-hill/zfs.nix
new file mode 100644
index 0000000..9eb9c81
--- /dev/null
+++ b/systems/palatine-hill/zfs.nix
@@ -0,0 +1,91 @@
+{
+ config,
+ lib,
+ pkgs,
+ ...
+}:
+let
+ bootkey = key: { "/crypto/keys/${key}" = /crypto/keys/${key}; };
+ zfskeys = [
+ "zfs-attic-key"
+ "zfs-backup-key"
+ "zfs-calibre-key"
+ "zfs-db-key"
+ "zfs-docker-key"
+ "zfs-games-key"
+ "zfs-hydra-key"
+ "zfs-libvirt-key"
+ "zfs-main-key"
+ "zfs-nxtcld-key"
+ "zfs-torr-key"
+ "zfs-var-docker-key"
+ "zfs-nix-store-key"
+ ];
+in
+{
+ boot = {
+ zfs.extraPools = [ "ZFS-primary" ];
+ filesystem = "zfs";
+ initrd.secrets = lib.mergeAttrsList (map bootkey zfskeys);
+ extraModprobeConfig = ''
+ options zfs zfs_arc_min=82463372083
+ options zfs zfs_arc_max=192414534860
+ '';
+ };
+
+ services = {
+ zfs = {
+ trim.enable = true;
+ autoScrub.enable = true;
+ };
+
+ sanoid = {
+ enable = true;
+
+ datasets = {
+ "ZFS-primary/attic".useTemplate = [ "nix-prod" ];
+ "ZFS-primary/backups".useTemplate = [ "production" ];
+ "ZFS-primary/calibre".useTemplate = [ "production" ];
+ "ZFS-primary/db".useTemplate = [ "production" ];
+ "ZFS-primary/docker".useTemplate = [ "production" ];
+ "ZFS-primary/hydra".useTemplate = [ "nix-prod" ];
+ "ZFS-primary/nextcloud".useTemplate = [ "production" ];
+ "ZFS-primary/vardocker".useTemplate = [ "production" ];
+ "ZFS-primary/games" = {
+ useTemplate = [ "games" ];
+ recursive = true;
+ processChildrenOnly = true;
+ };
+ };
+
+ templates = {
+ # full resiliency
+ production = {
+ frequently = 0;
+ hourly = 36;
+ daily = 30;
+ monthly = 6;
+ yearly = 3;
+ autosnap = true;
+ autoprune = true;
+ };
+ # some resiliency, but not much
+ # common option for things like nix store and attic where there is
+ # already a lot of resiliency built in
+ nix-prod = {
+ frequently = 4;
+ hourly = 24;
+ daily = 7;
+ };
+ # much shorter lived than others
+ games = {
+ frequently = 6;
+ hourly = 36;
+ daily = 3;
+ autosnap = true;
+ autoprune = true;
+ };
+ };
+ };
+ };
+}
diff --git a/users/alice/home/hypr/hyprland.conf b/users/alice/home/hypr/hyprland.conf
index 65c3992..f635ee3 100644
--- a/users/alice/home/hypr/hyprland.conf
+++ b/users/alice/home/hypr/hyprland.conf
@@ -192,3 +192,6 @@ bindm = $mainMod, mouse:273, resizewindow
# screenshots
bind = $mainMod, A, exec, grimblast copy area
bind = $mainMod SHIFT, A, exec, grimblast save area "~/Pictures/Screenshots/screenshot_$(date +%Y-%m-%d-%H%M ).png"
+
+# zoom issue
+bind = $mainMod, K, exec, pkill zoom; zoom