refactor palatine-hill, add some packages to artemision, hypr zoom restart

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>
2024-06-06 23:34:14 -04:00 · 2024-06-06 23:34:14 -04:00 · 7ef484fa68
commit 7ef484fa68
parent 19b4fcfc4f
5 changed files with 266 additions and 219 deletions
--- a/systems/artemision/graphics.nix
+++ b/systems/artemision/graphics.nix
@ -7,7 +7,14 @@
    driSupport32Bit = true;

    ## amdvlk: an open-source Vulkan driver from AMD
-    extraPackages = [ pkgs.amdvlk ];
-    extraPackages32 = [ pkgs.driversi686Linux.amdvlk ];
+    extraPackages = with pkgs; [
+      amdvlk
+      rocmPackages.clr.icd
+    ];
+    extraPackages32 = with pkgs; [
+      driversi686Linux.amdvlk
+      rocmPackages.clr.icd
+    ];
  };
+  services.xserver.videoDrivers = [ "amdgpu" ];
 }
--- a/systems/palatine-hill/configuration.nix
+++ b/systems/palatine-hill/configuration.nix
@ -4,29 +4,13 @@
  lib,
  ...
 }:
-let
-  bootkey = key: { "/crypto/keys/${key}" = /crypto/keys/${key}; };
-  zfskeys = [
-    "zfs-attic-key"
-    "zfs-backup-key"
-    "zfs-calibre-key"
-    "zfs-db-key"
-    "zfs-docker-key"
-    "zfs-games-key"
-    "zfs-hydra-key"
-    "zfs-libvirt-key"
-    "zfs-main-key"
-    "zfs-nxtcld-key"
-    "zfs-torr-key"
-    "zfs-var-docker-key"
-    "zfs-nix-store-key"
-  ];
-in
 {
-  imports = [ ./networking.nix ];
+  imports = [
+    ./networking.nix
+    ./zfs.nix
+    ./hydra.nix
+  ];

-  systemd.services.hydra-notify.serviceConfig.EnvironmentFile =
-    config.sops.secrets."hydra/environment".path;
  programs.git.lfs.enable = false;

  nixpkgs.config.packageOverrides = pkgs: {
@ -34,9 +18,7 @@ in
  };

  boot = {
-    zfs.extraPools = [ "ZFS-primary" ];
    loader.grub.device = "/dev/sda";
-    filesystem = "zfs";
    useSystemdBoot = true;
    kernelParams = [
      "i915.force_probe=56a5"
@ -46,40 +28,7 @@ in
      "vm.overcommit_memory" = lib.mkForce 1;
      "vm.swappiness" = 10;
    };
-    extraModprobeConfig = ''
-      options zfs zfs_arc_min=82463372083
-      options zfs zfs_arc_max=192414534860
-    '';
    binfmt.emulatedSystems = [ "aarch64-linux" ];
-    initrd.secrets = lib.mergeAttrsList (map bootkey zfskeys);
-  };
-
-  nix = {
-    extraOptions = ''
-      allowed-uris = github: gitlab: git+https:// git+ssh:// https://
-      builders-use-substitutes = true
-    '';
-
-    buildMachines = [
-      {
-        hostName = "localhost";
-        maxJobs = 2;
-        protocol = "ssh-ng";
-        speedFactor = 2;
-        systems = [
-          "x86_64-linux"
-          "aarch64-linux"
-          "i686-linux"
-        ];
-
-        supportedFeatures = [
-          "kvm"
-          "nixos-test"
-          "big-parallel"
-          "benchmark"
-        ];
-      }
-    ];
  };

  hardware = {
@ -103,7 +52,9 @@ in
    attic-client
    attic
    docker-compose
+    intel-gpu-tools
    jellyfin-ffmpeg
+    jq
  ];

  services = {
@ -111,59 +62,6 @@ in
    nfs.server.enable = true;
    openssh.ports = [ 666 ];
    smartd.enable = true;
-    zfs = {
-      trim.enable = true;
-      autoScrub.enable = true;
-    };
-
-    sanoid = {
-      enable = true;
-
-      datasets = {
-        "ZFS-primary/attic".useTemplate = [ "nix-prod" ];
-        "ZFS-primary/backups".useTemplate = [ "production" ];
-        "ZFS-primary/calibre".useTemplate = [ "production" ];
-        "ZFS-primary/db".useTemplate = [ "production" ];
-        "ZFS-primary/docker".useTemplate = [ "production" ];
-        "ZFS-primary/hydra".useTemplate = [ "nix-prod" ];
-        "ZFS-primary/nextcloud".useTemplate = [ "production" ];
-        "ZFS-primary/vardocker".useTemplate = [ "production" ];
-        "ZFS-primary/games" = {
-          useTemplate = [ "games" ];
-          recursive = true;
-          processChildrenOnly = true;
-        };
-      };
-
-      templates = {
-        # full resiliency
-        production = {
-          frequently = 0;
-          hourly = 36;
-          daily = 30;
-          monthly = 6;
-          yearly = 3;
-          autosnap = true;
-          autoprune = true;
-        };
-        # some resiliency, but not much
-        # common option for things like nix store and attic where there is
-        # already a lot of resiliency built in
-        nix-prod = {
-          frequently = 4;
-          hourly = 24;
-          daily = 7;
-        };
-        # much shorter lived than others
-        games = {
-          frequently = 6;
-          hourly = 36;
-          daily = 3;
-          autosnap = true;
-          autoprune = true;
-        };
-      };
-    };

    postgresql = {
      enable = true;
@ -199,106 +97,8 @@ in
        ];
      };
    };
-
-    hydra = {
-      enable = true;
-      hydraURL = "http://localhost:3000";
-      smtpHost = "alicehuston.xyz";
-      notificationSender = "hydra@alicehuston.xyz";
-      gcRootsDir = "/ZFS/ZFS-primary/hydra";
-      useSubstitutes = true;
-      buildMachinesFiles = [ ];
-      minimumDiskFree = 50;
-      minimumDiskFreeEvaluator = 100;
-      extraConfig = ''
-        <git-input>
-          timeout = 3600
-        </git-input>
-        Include ${config.sops.secrets."alice/gha-hydra-token".path}
-      '';
  };

-    nix-serve = {
-      enable = true;
-      secretKeyFile = config.sops.secrets."nix-serve/secret-key".path;
-    };
-    atticd = {
-      enable = true;
-
-      credentialsFile = config.sops.secrets."attic/secret-key".path;
-
-      settings = {
-        listen = "[::]:8183";
-        allowed-hosts = [ "attic.alicehuston.xyz" ];
-        api-endpoint = "https://attic.alicehuston.xyz";
-        compression.type = "none"; # let ZFS do the compressing
-        database = {
-          url = "postgres://atticd?host=/run/postgresql";
-          # disable postgres, using SOPS fails at below :(
-          # https://github.com/zhaofengli/attic/blob/main/nixos/atticd.nix#L57
-          # url = "sqlite:///ZFS/ZFS-primary/attic/server.db?mode=rwc";
-          heartbeat = true;
-        };
-        storage = {
-          type = "local";
-          path = "/ZFS/ZFS-primary/attic/storage";
-        };
-
-        # Warning: If you change any of the values here, it will be
-        # difficult to reuse existing chunks for newly-uploaded NARs
-        # since the cutpoints will be different. As a result, the
-        # deduplication ratio will suffer for a while after the change.
-        chunking = {
-          # The minimum NAR size to trigger chunking
-          #
-          # If 0, chunking is disabled entirely for newly-uploaded NARs.
-          # If 1, all NARs are chunked.
-          nar-size-threshold = 64 * 1024; # 64 KiB
-
-          # The preferred minimum size of a chunk, in bytes
-          min-size = 16 * 1024; # 16 KiB
-
-          # The preferred average size of a chunk, in bytes
-          avg-size = 64 * 1024; # 64 KiB
-
-          # The preferred maximum size of a chunk, in bytes
-          max-size = 256 * 1024; # 256 KiB
-        };
-      };
-    };
-  };
-
-  # borrowing from https://github.com/Shawn8901/nix-configuration/blob/4b8d1d44f47aec60feb58ca7b7ab5ed000506e90/modules/nixos/private/hydra.nix
-  # configured default webstore for this on root user separately
-  systemd.services.attic-watch-store = {
-    wantedBy = [ "multi-user.target" ];
-    after = [
-      "network-online.target"
-      "docker.service"
-      "atticd.service"
-    ];
-    requires = [
-      "network-online.target"
-      "docker.service"
-      "atticd.service"
-    ];
-    description = "Upload all store content to binary cache";
-    serviceConfig = {
-      User = "root";
-      Restart = "always";
-      ExecStart = "${pkgs.attic}/bin/attic watch-store cache-nix-dot";
-    };
-  };
-
-  users.users.root.openssh.authorizedKeys.keys = [
-    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ/E/y4UJQid6/0D9babh8l/3jTDJRXqZQ5rPcoxwm1j root@palatine-hill"
-  ];
-
-  users.users.hydra-queue-runner.openssh.authorizedKeys.keys = [
-    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ/E/y4UJQid6/0D9babh8l/3jTDJRXqZQ5rPcoxwm1j root@palatine-hill"
-    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINHtwvfXg/QFjMAjC4JRjlMAaGPgEfSyhpprNpqbGSJn hydra-queue-runner@palatine-hill"
-  ];
-
  nix.gc.options = "--delete-older-than 150d";

  # TODO: revert this once UPS is plugged in
@ -321,17 +121,7 @@ in
  sops = {
    defaultSopsFile = ./secrets.yaml;
    secrets = {
-      "hydra/environment".owner = "hydra";
-      "nix-serve/secret-key".owner = "root";
-      "attic/secret-key".owner = "root";
-      "attic/database-url".owner = "root";
      "postgres/init".owner = "postgres";
-      "alice/gha-hydra-token" = {
-        sopsFile = ../../users/alice/secrets.yaml;
-        owner = "hydra";
-        group = "hydra";
-        mode = "440";
-      };
      "upsmon/password".owner = "root";
    };
  };
--- a/systems/palatine-hill/hydra.nix
+++ b/systems/palatine-hill/hydra.nix
@ -0,0 +1,156 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+
+{
+  systemd.services.hydra-notify.serviceConfig.EnvironmentFile =
+    config.sops.secrets."hydra/environment".path;
+
+  nix = {
+    extraOptions = ''
+      allowed-uris = github: gitlab: git+https:// git+ssh:// https://
+      builders-use-substitutes = true
+    '';
+
+    buildMachines = [
+      {
+        hostName = "localhost";
+        maxJobs = 2;
+        protocol = "ssh-ng";
+        speedFactor = 2;
+        systems = [
+          "x86_64-linux"
+          "aarch64-linux"
+          "i686-linux"
+        ];
+
+        supportedFeatures = [
+          "kvm"
+          "nixos-test"
+          "big-parallel"
+          "benchmark"
+        ];
+      }
+    ];
+  };
+
+  services = {
+    hydra = {
+      enable = true;
+      hydraURL = "http://localhost:3000";
+      smtpHost = "alicehuston.xyz";
+      notificationSender = "hydra@alicehuston.xyz";
+      gcRootsDir = "/ZFS/ZFS-primary/hydra";
+      useSubstitutes = true;
+      buildMachinesFiles = [ ];
+      minimumDiskFree = 50;
+      minimumDiskFreeEvaluator = 100;
+      extraConfig = ''
+        <git-input>
+          timeout = 3600
+        </git-input>
+        Include ${config.sops.secrets."alice/gha-hydra-token".path}
+      '';
+    };
+
+    nix-serve = {
+      enable = true;
+      secretKeyFile = config.sops.secrets."nix-serve/secret-key".path;
+    };
+
+    atticd = {
+      enable = true;
+
+      credentialsFile = config.sops.secrets."attic/secret-key".path;
+
+      settings = {
+        listen = "[::]:8183";
+        allowed-hosts = [ "attic.alicehuston.xyz" ];
+        api-endpoint = "https://attic.alicehuston.xyz";
+        compression.type = "none"; # let ZFS do the compressing
+        database = {
+          url = "postgres://atticd?host=/run/postgresql";
+          # disable postgres, using SOPS fails at below :(
+          # https://github.com/zhaofengli/attic/blob/main/nixos/atticd.nix#L57
+          # url = "sqlite:///ZFS/ZFS-primary/attic/server.db?mode=rwc";
+          heartbeat = true;
+        };
+        storage = {
+          type = "local";
+          path = "/ZFS/ZFS-primary/attic/storage";
+        };
+
+        # Warning: If you change any of the values here, it will be
+        # difficult to reuse existing chunks for newly-uploaded NARs
+        # since the cutpoints will be different. As a result, the
+        # deduplication ratio will suffer for a while after the change.
+        chunking = {
+          # The minimum NAR size to trigger chunking
+          #
+          # If 0, chunking is disabled entirely for newly-uploaded NARs.
+          # If 1, all NARs are chunked.
+          nar-size-threshold = 64 * 1024; # 64 KiB
+
+          # The preferred minimum size of a chunk, in bytes
+          min-size = 16 * 1024; # 16 KiB
+
+          # The preferred average size of a chunk, in bytes
+          avg-size = 64 * 1024; # 64 KiB
+
+          # The preferred maximum size of a chunk, in bytes
+          max-size = 256 * 1024; # 256 KiB
+        };
+      };
+    };
+  };
+
+  # borrowing from https://github.com/Shawn8901/nix-configuration/blob/4b8d1d44f47aec60feb58ca7b7ab5ed000506e90/modules/nixos/private/hydra.nix
+  # configured default webstore for this on root user separately
+  systemd.services.attic-watch-store = {
+    wantedBy = [ "multi-user.target" ];
+    after = [
+      "network-online.target"
+      "docker.service"
+      "atticd.service"
+    ];
+    requires = [
+      "network-online.target"
+      "docker.service"
+      "atticd.service"
+    ];
+    description = "Upload all store content to binary cache";
+    serviceConfig = {
+      User = "root";
+      Restart = "always";
+      ExecStart = "${pkgs.attic}/bin/attic watch-store cache-nix-dot";
+    };
+  };
+
+  users.users.root.openssh.authorizedKeys.keys = [
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ/E/y4UJQid6/0D9babh8l/3jTDJRXqZQ5rPcoxwm1j root@palatine-hill"
+  ];
+
+  users.users.hydra-queue-runner.openssh.authorizedKeys.keys = [
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ/E/y4UJQid6/0D9babh8l/3jTDJRXqZQ5rPcoxwm1j root@palatine-hill"
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINHtwvfXg/QFjMAjC4JRjlMAaGPgEfSyhpprNpqbGSJn hydra-queue-runner@palatine-hill"
+  ];
+
+  sops = {
+    defaultSopsFile = ./secrets.yaml;
+    secrets = {
+      "hydra/environment".owner = "hydra";
+      "nix-serve/secret-key".owner = "root";
+      "attic/secret-key".owner = "root";
+      "attic/database-url".owner = "root";
+      "alice/gha-hydra-token" = {
+        sopsFile = ../../users/alice/secrets.yaml;
+        owner = "hydra";
+        group = "hydra";
+        mode = "440";
+      };
+    };
+  };
+}
--- a/systems/palatine-hill/zfs.nix
+++ b/systems/palatine-hill/zfs.nix
@ -0,0 +1,91 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+let
+  bootkey = key: { "/crypto/keys/${key}" = /crypto/keys/${key}; };
+  zfskeys = [
+    "zfs-attic-key"
+    "zfs-backup-key"
+    "zfs-calibre-key"
+    "zfs-db-key"
+    "zfs-docker-key"
+    "zfs-games-key"
+    "zfs-hydra-key"
+    "zfs-libvirt-key"
+    "zfs-main-key"
+    "zfs-nxtcld-key"
+    "zfs-torr-key"
+    "zfs-var-docker-key"
+    "zfs-nix-store-key"
+  ];
+in
+{
+  boot = {
+    zfs.extraPools = [ "ZFS-primary" ];
+    filesystem = "zfs";
+    initrd.secrets = lib.mergeAttrsList (map bootkey zfskeys);
+    extraModprobeConfig = ''
+      options zfs zfs_arc_min=82463372083
+      options zfs zfs_arc_max=192414534860
+    '';
+  };
+
+  services = {
+    zfs = {
+      trim.enable = true;
+      autoScrub.enable = true;
+    };
+
+    sanoid = {
+      enable = true;
+
+      datasets = {
+        "ZFS-primary/attic".useTemplate = [ "nix-prod" ];
+        "ZFS-primary/backups".useTemplate = [ "production" ];
+        "ZFS-primary/calibre".useTemplate = [ "production" ];
+        "ZFS-primary/db".useTemplate = [ "production" ];
+        "ZFS-primary/docker".useTemplate = [ "production" ];
+        "ZFS-primary/hydra".useTemplate = [ "nix-prod" ];
+        "ZFS-primary/nextcloud".useTemplate = [ "production" ];
+        "ZFS-primary/vardocker".useTemplate = [ "production" ];
+        "ZFS-primary/games" = {
+          useTemplate = [ "games" ];
+          recursive = true;
+          processChildrenOnly = true;
+        };
+      };
+
+      templates = {
+        # full resiliency
+        production = {
+          frequently = 0;
+          hourly = 36;
+          daily = 30;
+          monthly = 6;
+          yearly = 3;
+          autosnap = true;
+          autoprune = true;
+        };
+        # some resiliency, but not much
+        # common option for things like nix store and attic where there is
+        # already a lot of resiliency built in
+        nix-prod = {
+          frequently = 4;
+          hourly = 24;
+          daily = 7;
+        };
+        # much shorter lived than others
+        games = {
+          frequently = 6;
+          hourly = 36;
+          daily = 3;
+          autosnap = true;
+          autoprune = true;
+        };
+      };
+    };
+  };
+}
--- a/users/alice/home/hypr/hyprland.conf
+++ b/users/alice/home/hypr/hyprland.conf
@ -192,3 +192,6 @@ bindm = $mainMod, mouse:273, resizewindow
 # screenshots
 bind = $mainMod, A, exec, grimblast copy area
 bind = $mainMod SHIFT, A, exec, grimblast save area "~/Pictures/Screenshots/screenshot_$(date +%Y-%m-%d-%H%M ).png"
+
+# zoom issue
+bind = $mainMod, K, exec, pkill zoom; zoom