migrate bigger nixos-modules to nixosProfiles
- profiles are meant for a group of similar machines (see README) - this replaced allCommon, hwCommon & parts of vmCommon modules - highly personal settings were relocated to myOptions - some parts are relocated into their own module: extends/cpumain
parent
de3f0d401b
commit
2fdd6cdf00
@ -0,0 +1,54 @@
|
||||
{ config, lib, ... }:
|
||||
let
|
||||
cpu = config.hardware.cpu;
|
||||
anyArg = builtins.any (x: x) [
|
||||
# list of conditions which require cpu type to be known
|
||||
cpu.updateMicrocode
|
||||
];
|
||||
cpuOpts =
|
||||
type:
|
||||
lib.mkIf (anyArg && cpu.type == type) {
|
||||
# options for all cpu types
|
||||
updateMicrocode = lib.mkDefault cpu.updateMicrocode;
|
||||
};
|
||||
in
|
||||
{
|
||||
|
||||
options = {
|
||||
|
||||
hardware.cpu = {
|
||||
|
||||
type = lib.mkOption {
|
||||
description = ''
|
||||
Configures the CPU type to expect this configuration to run on.
|
||||
|
||||
This setting is required when using generalizing options
|
||||
like option{hardware.cpu.updateMicrocode}.
|
||||
'';
|
||||
type =
|
||||
with lib.types;
|
||||
nullOr (enum [
|
||||
"amd"
|
||||
"intel"
|
||||
]);
|
||||
# required
|
||||
};
|
||||
|
||||
updateMicrocode = lib.mkEnableOption ''
|
||||
microcode updates for CPU type selected in option{hardware.cpu.type}
|
||||
'';
|
||||
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
config = {
|
||||
|
||||
hardware.cpu = {
|
||||
amd = cpuOpts "amd";
|
||||
intel = cpuOpts "intel";
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
}
|
@ -1,142 +0,0 @@
|
||||
# applicable to all hosts running on bare hardware
|
||||
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
let
|
||||
cfg = config.x-banananetwork.hwCommon;
|
||||
cpu = config.hardware.cpu;
|
||||
in
|
||||
{
|
||||
|
||||
options = {
|
||||
|
||||
hardware.cpu = {
|
||||
|
||||
type = lib.mkOption {
|
||||
description = ''
|
||||
Configures the CPU type to expect this configuration to run on.
|
||||
|
||||
This setting is required when using generalizing options
|
||||
like option{hardware.cpu.updateMicrocode}.
|
||||
'';
|
||||
type =
|
||||
with lib.types;
|
||||
nullOr (enum [
|
||||
"amd"
|
||||
"intel"
|
||||
]);
|
||||
# required
|
||||
};
|
||||
|
||||
updateMicrocode = lib.mkEnableOption ''
|
||||
microcode updates for CPU type selected in option{hardware.cpu.type}.
|
||||
|
||||
Because this module is not yet part of upstream,
|
||||
it requires option{x-banananetwork.hwCommon.enable} to be enabled.
|
||||
'';
|
||||
|
||||
};
|
||||
|
||||
x-banananetwork.hwCommon = {
|
||||
|
||||
enable = lib.mkEnableOption ''
|
||||
settings common to all bare hardware-based hosts
|
||||
'';
|
||||
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
|
||||
assertions = [
|
||||
{
|
||||
assertion = cfg.enable -> !config.x-banananetwork.vmCommon.enable;
|
||||
message = "hwCommon & vmCommon profiles cannot both be enabled at the same time";
|
||||
}
|
||||
];
|
||||
|
||||
boot = {
|
||||
|
||||
# TODO adapt better
|
||||
loader = {
|
||||
efi.canTouchEfiVariables = lib.mkDefault true;
|
||||
systemd-boot = {
|
||||
enable = true;
|
||||
editor = lib.mkDefault true; # TODO lockdown (disable this OR enable TPM PCR checks)
|
||||
memtest86.enable = lib.mkDefault true;
|
||||
};
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
pciutils
|
||||
usbutils
|
||||
];
|
||||
|
||||
hardware = {
|
||||
|
||||
cpu = lib.mkMerge [
|
||||
|
||||
# TODO maybe upstream?
|
||||
(
|
||||
let
|
||||
type = config.hardware.cpu.type;
|
||||
opts = isType: { updateMicrocode = lib.mkDefault (isType && config.hardware.cpu.updateMicrocode); };
|
||||
in
|
||||
{
|
||||
amd = opts (type == "amd");
|
||||
intel = opts (type == "intel");
|
||||
}
|
||||
)
|
||||
|
||||
{ updateMicrocode = lib.mkDefault true; }
|
||||
|
||||
];
|
||||
|
||||
enableRedistributableFirmware = lib.mkDefault true;
|
||||
|
||||
};
|
||||
|
||||
powerManagement = {
|
||||
cpuFreqGovernor = "ondemand";
|
||||
enable = true;
|
||||
};
|
||||
|
||||
services = {
|
||||
|
||||
fwupd = {
|
||||
enable = true;
|
||||
};
|
||||
|
||||
power-profiles-daemon = {
|
||||
# 2024-08-14: tlp seems way better in my experience, hence disable it
|
||||
enable = lib.mkIf config.services.tlp.enable false;
|
||||
};
|
||||
|
||||
smartd = {
|
||||
enable = true;
|
||||
};
|
||||
|
||||
tlp = {
|
||||
# energy-saving daemon, similar to powertop --autotune, but adaptive to BAT / AC
|
||||
enable = true;
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
x-banananetwork = {
|
||||
|
||||
allCommon.enable = true;
|
||||
useable.enable = lib.mkDefault true; # add docs & tools for emergencies
|
||||
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
}
|
@ -0,0 +1,68 @@
|
||||
# applicable to all systems running on bare hardware
|
||||
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
{
|
||||
|
||||
imports = [
|
||||
# from here
|
||||
./common.nix
|
||||
];
|
||||
|
||||
config = {
|
||||
|
||||
# EFI by default
|
||||
boot.loader = {
|
||||
efi.canTouchEfiVariables = lib.mkDefault true;
|
||||
grub.memtest86.enable = lib.mkDefault true;
|
||||
systemd-boot = {
|
||||
enable = lib.mkDefault true;
|
||||
editor = lib.mkDefault true;
|
||||
memtest86.enable = lib.mkDefault true;
|
||||
};
|
||||
};
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
pciutils
|
||||
usbutils
|
||||
];
|
||||
|
||||
hardware = {
|
||||
cpu.updateMicrocode = lib.mkIf config.hardware.enableRedistributableFirmware true;
|
||||
enableRedistributableFirmware = lib.mkDefault true;
|
||||
};
|
||||
|
||||
powerManagement = {
|
||||
cpuFreqGovernor = "ondemand";
|
||||
enable = lib.mkDefault true;
|
||||
};
|
||||
|
||||
services = {
|
||||
|
||||
fwupd = {
|
||||
enable = true;
|
||||
};
|
||||
|
||||
smartd = {
|
||||
enable = true;
|
||||
};
|
||||
|
||||
tlp = {
|
||||
# 2024-08-14: tlp seems way better in my experience
|
||||
# energy-saving daemon, similar to powertop --autotune, but adaptive to BAT / AC
|
||||
enable = true;
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
x-banananetwork = {
|
||||
# add docs & tools for emergencies
|
||||
useable.enable = lib.mkDefault true;
|
||||
};
|
||||
|
||||
};
|
||||
}
|
@ -0,0 +1,9 @@
|
||||
{ ... }@flakeArg:
|
||||
let
|
||||
importProfile = path: import path;
|
||||
in
|
||||
{
|
||||
blade = importProfile ./blade.nix;
|
||||
common = importProfile ./common.nix;
|
||||
pveGuest = importProfile ./pveGuest.nix;
|
||||
}
|
@ -0,0 +1,97 @@
|
||||
# makes for nice-behaving pve-guests with:
|
||||
# - qemu-guest-agent & drivers
|
||||
# - EFI booting
|
||||
# - support for serial output (but graphic output should still work the same)
|
||||
{
|
||||
lib,
|
||||
modulesPath,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
let
|
||||
# Based on https://unix.stackexchange.com/questions/16578/resizable-serial-console-window
|
||||
resize = pkgs.writeShellScriptBin "resize" ''
|
||||
export PATH="${lib.getBin pkgs.coreutils}/bin"
|
||||
if [ ! -t 0 ]; then
|
||||
# not a interactive...
|
||||
exit 0
|
||||
fi
|
||||
TTY="$(tty)"
|
||||
if [[ "$TTY" != /dev/ttyS* ]] && [[ "$TTY" != /dev/ttyAMA* ]] && [[ "$TTY" != /dev/ttySIF* ]]; then
|
||||
# probably not a known serial console, we could make this check more
|
||||
# precise by using `setserial` but this would require some additional
|
||||
# dependency
|
||||
exit 0
|
||||
fi
|
||||
old=$(stty -g)
|
||||
stty raw -echo min 0 time 5
|
||||
|
||||
printf '\0337\033[r\033[999;999H\033[6n\0338' > /dev/tty
|
||||
IFS='[;R' read -r _ rows cols _ < /dev/tty
|
||||
|
||||
stty "$old"
|
||||
stty cols "$cols" rows "$rows"
|
||||
'';
|
||||
in
|
||||
{
|
||||
|
||||
imports = [
|
||||
# from nixpkgs
|
||||
"${modulesPath}/profiles/qemu-guest.nix"
|
||||
# from here
|
||||
./common.nix
|
||||
];
|
||||
|
||||
config = {
|
||||
|
||||
boot = {
|
||||
|
||||
# TODO duplicated by imported profile from nixpkgs
|
||||
initrd = {
|
||||
availableKernelModules = [
|
||||
"9p"
|
||||
"9pnet_virtio"
|
||||
"virtio_blk"
|
||||
"virtio_mmio"
|
||||
"virtio_net"
|
||||
"virtio_pci"
|
||||
"virtio_scsi"
|
||||
];
|
||||
kernelModules = [
|
||||
"virtio_balloon"
|
||||
"virtio_console"
|
||||
"virtio_gpu"
|
||||
"virtio_rng"
|
||||
];
|
||||
};
|
||||
|
||||
kernelParams = [
|
||||
# show kernel log on serial
|
||||
"console=ttyS0,115200"
|
||||
# but use virtual tty as /dev/console (last entry)
|
||||
"console=tty0"
|
||||
];
|
||||
|
||||
# configure for EFI only
|
||||
loader = {
|
||||
efi.canTouchEfiVariables = true;
|
||||
grub.enable = lib.mkDefault false;
|
||||
grub.efiSupport = true; # in case grub is preferred for some reason
|
||||
systemd-boot.enable = lib.mkDefault true;
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
environment.systemPackages = [ resize ];
|
||||
|
||||
services = {
|
||||
qemuGuest.enable = true;
|
||||
};
|
||||
|
||||
systemd.services."serial-getty@".environment.TERM = "xterm-256color";
|
||||
|
||||
time.hardwareClockInLocalTime = false; # just to make sure
|
||||
|
||||
};
|
||||
|
||||
}
|
Loading…
Reference in New Issue