fix: suzu

2026-04-25 10:18:37 +02:00 · 2024-03-04 00:41:41 +08:00
parent d20760cd61
commit f933146a42
14 changed files with 160 additions and 187 deletions
--- a/flake.lock
+++ b/flake.lock
@@ -628,23 +628,6 @@
        "type": "github"
      }
    },
    "mesa-panfork": {
      "flake": false,
      "locked": {
        "lastModified": 1670633863,
        "narHash": "sha256-4eZHMiYS+sRDHNBtLZTA8ELZnLns7yT3USU5YQswxQ0=",
        "owner": "panfork",
        "repo": "mesa",
        "rev": "120202c675749c5ef81ae4c8cdc30019b4de08f4",
        "type": "gitlab"
      },
      "original": {
        "owner": "panfork",
        "ref": "csf",
        "repo": "mesa",
        "type": "gitlab"
      }
    },
    "mysecrets": {
      "flake": false,
      "locked": {
@@ -775,16 +758,15 @@
    "nixos-rk3588": {
      "inputs": {
        "flake-utils": "flake-utils_4",
        "mesa-panfork": "mesa-panfork",
        "nixpkgs": "nixpkgs_4",
        "pre-commit-hooks": "pre-commit-hooks_2"
      },
      "locked": {
-        "lastModified": 1703010942,
+        "lastModified": 1709478567,
-        "narHash": "sha256-YYNCF1cnVyQk6OPVnwyvpeg3brwS/ICRGAvFwe2RCZc=",
+        "narHash": "sha256-cfY5vuB9B5KdiVIzdHelldxfOcag/wPPTcbERQpzULs=",
        "owner": "ryan4yin",
        "repo": "nixos-rk3588",
-        "rev": "fce637ae61bc0fce3c68c39c117d08bcc8e2bedf",
+        "rev": "0eea4e4cf05f997833e5cd7c48847c83e0c5b193",
        "type": "github"
      },
      "original": {
@@ -975,16 +957,16 @@
    },
    "nixpkgs_4": {
      "locked": {
-        "lastModified": 1691486536,
+        "lastModified": 1709309926,
-        "narHash": "sha256-W2jYTn6rNiJEpjXkOiZxNltgxxwgeZE5cQ967NgsrHU=",
+        "narHash": "sha256-VZFBtXGVD9LWTecGi6eXrE0hJ/mVB3zGUlHImUs2Qak=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "8fa39adf946a4470610b38fd7aff0a73ad4356c3",
+        "rev": "79baff8812a0d68e24a836df0a364c678089e2c7",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
-        "ref": "nixos-23.05-small",
+        "ref": "nixos-23.11",
        "repo": "nixpkgs",
        "type": "github"
      }
--- a/modules/nixos/base/core.nix
+++ b/modules/nixos/base/core.nix
@@ -0,0 +1,16 @@
 {lib, ...}: {
  boot.loader.systemd-boot = {
    # we use Git for version control, so we don't need to keep too many generations.
    configurationLimit = lib.mkDefault 10;
    # pick the highest resolution for systemd-boot's console.
    consoleMode = lib.mkDefault "max";
  };
  # for power management
  services = {
    power-profiles-daemon = {
      enable = true;
    };
    upower.enable = true;
  };
 }
--- a/modules/nixos/base/misc.nix
+++ b/modules/nixos/base/misc.nix
@@ -1,112 +0,0 @@
 {
  lib,
  pkgs,
  ...
 }: {
  ###################################################################################
  #
  #  NixOS's core configuration suitable for all my machines
  #
  ###################################################################################
  # to install chrome, you need to enable unfree packages
  nixpkgs.config.allowUnfree = lib.mkForce true;
  boot.loader.systemd-boot = {
    # we use Git for version control, so we don't need to keep too many generations.
    configurationLimit = lib.mkDefault 10;
    # pick the highest resolution for systemd-boot's console.
    consoleMode = lib.mkDefault "max";
  };
  # do garbage collection weekly to keep disk usage low
  nix.gc = {
    automatic = lib.mkDefault true;
    dates = lib.mkDefault "weekly";
    options = lib.mkDefault "--delete-older-than 7d";
  };
  # Add terminfo database of all known terminals to the system profile.
  # https://github.com/NixOS/nixpkgs/blob/nixos-23.11/nixos/modules/config/terminfo.nix
  environment.enableAllTerminfo = true;
  # Manual optimise storage: nix-store --optimise
  # https://nixos.org/manual/nix/stable/command-ref/conf-file.html#conf-auto-optimise-store
  nix.settings.auto-optimise-store = true;
  # Enable in-memory compressed devices and swap space provided by the zram kernel module.
  # By enable this, we can store more data in memory instead of fallback to disk-based swap devices directly,
  # and thus improve I/O performance when we have a lot of memory.
  #
  #   https://www.kernel.org/doc/Documentation/blockdev/zram.txt
  zramSwap = {
    enable = true;
    # one of "lzo", "lz4", "zstd"
    algorithm = "zstd";
    # Priority of the zram swap devices.
    # It should be a number higher than the priority of your disk-based swap devices
    # (so that the system will fill the zram swap devices before falling back to disk swap).
    priority = 5;
    # Maximum total amount of memory that can be stored in the zram swap devices (as a percentage of your total memory).
    # Defaults to 1/2 of your total RAM. Run zramctl to check how good memory is compressed.
    # This doesn’t define how much memory will be used by the zram swap devices.
    memoryPercent = 50;
  };
  # for power management
  services = {
    power-profiles-daemon = {
      enable = true;
    };
    upower.enable = true;
  };
  # List packages installed in system profile. To search, run:
  # $ nix search wget
  environment.systemPackages = with pkgs; [
    neofetch
    neovim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
    # system call monitoring
    strace # system call monitoring
    ltrace # library call monitoring
    bpftrace # powerful tracing tool
    tcpdump # network sniffer
    lsof # list open files
    # system monitoring
    sysstat
    iotop
    iftop
    btop
    nmon
    # system tools
    psmisc # killall/pstree/prtstat/fuser/...
    lm_sensors # for `sensors` command
    ethtool
    pciutils # lspci
    usbutils # lsusb
    hdparm # for disk performance, command
    dmidecode # a tool that reads information about your system's hardware from the BIOS according to the SMBIOS/DMI standard
    parted
    # create a fhs environment by command `fhs`, so we can run non-nixos packages in nixos!
    (
      let
        base = pkgs.appimageTools.defaultFhsEnvArgs;
      in
        pkgs.buildFHSUserEnv (base
          // {
            name = "fhs";
            targetPkgs = pkgs: (base.targetPkgs pkgs) ++ [pkgs.pkg-config];
            profile = "export FHS=1";
            runScript = "bash";
            extraOutputsToInstall = ["dev"];
          })
    )
  ];
  # replace default editor with neovim
  environment.variables.EDITOR = "nvim";
 }
--- a/modules/nixos/base/networking.nix
+++ b/modules/nixos/base/networking.nix
@@ -1,26 +1,4 @@
-{
+_: {
  lib,
  vars_networking,
  ...
 }: {
  # networking.firewall.allowedTCPPorts = [ ... ];
  # networking.firewall.allowedUDPPorts = [ ... ];
  # Or disable the firewall altogether.
  networking.firewall.enable = lib.mkDefault false;
  programs.ssh = vars_networking.ssh;
  # Enable the OpenSSH daemon.
  services.openssh = {
    enable = true;
    settings = {
      X11Forwarding = true;
      PermitRootLogin = "no"; # disable root login
      PasswordAuthentication = false; # disable password login
    };
    openFirewall = true;
  };
  # Network discovery, mDNS
  # With this enabled, you can access your machine at <hostname>.local
  # it's more convenient than using the IP address.
--- a/modules/nixos/base/nix.nix
+++ b/modules/nixos/base/nix.nix
@@ -3,6 +3,20 @@
  nixpkgs,
  ...
 }: {
  # to install chrome, you need to enable unfree packages
  nixpkgs.config.allowUnfree = lib.mkForce true;
  # do garbage collection weekly to keep disk usage low
  nix.gc = {
    automatic = lib.mkDefault true;
    dates = lib.mkDefault "weekly";
    options = lib.mkDefault "--delete-older-than 7d";
  };
  # Manual optimise storage: nix-store --optimise
  # https://nixos.org/manual/nix/stable/command-ref/conf-file.html#conf-auto-optimise-store
  nix.settings.auto-optimise-store = true;
  # make `nix run nixpkgs#nixpkgs` use the same nixpkgs as the one used by this flake.
  nix.registry.nixpkgs.flake = nixpkgs;
  nix.channel.enable = false; # remove nix-channel related tools & configs, we use flakes instead.
--- a/modules/nixos/base/packages.nix
+++ b/modules/nixos/base/packages.nix
@@ -0,0 +1,50 @@
 {pkgs, ...}: {
  # List packages installed in system profile. To search, run:
  # $ nix search wget
  environment.systemPackages = with pkgs; [
    neofetch
    neovim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
    # system call monitoring
    strace # system call monitoring
    ltrace # library call monitoring
    bpftrace # powerful tracing tool
    tcpdump # network sniffer
    lsof # list open files
    # system monitoring
    sysstat
    iotop
    iftop
    btop
    nmon
    # system tools
    psmisc # killall/pstree/prtstat/fuser/...
    lm_sensors # for `sensors` command
    ethtool
    pciutils # lspci
    usbutils # lsusb
    hdparm # for disk performance, command
    dmidecode # a tool that reads information about your system's hardware from the BIOS according to the SMBIOS/DMI standard
    parted
    # create a fhs environment by command `fhs`, so we can run non-nixos packages in nixos!
    (
      let
        base = pkgs.appimageTools.defaultFhsEnvArgs;
      in
        pkgs.buildFHSUserEnv (base
          // {
            name = "fhs";
            targetPkgs = pkgs: (base.targetPkgs pkgs) ++ [pkgs.pkg-config];
            profile = "export FHS=1";
            runScript = "bash";
            extraOutputsToInstall = ["dev"];
          })
    )
  ];
  # replace default editor with neovim
  environment.variables.EDITOR = "nvim";
 }
--- a/modules/nixos/base/ssh.nix
+++ b/modules/nixos/base/ssh.nix
@@ -0,0 +1,27 @@
 {
  lib,
  vars_networking,
  ...
 }: {
  # networking.firewall.allowedTCPPorts = [ ... ];
  # networking.firewall.allowedUDPPorts = [ ... ];
  # Or disable the firewall altogether.
  networking.firewall.enable = lib.mkDefault false;
  programs.ssh = vars_networking.ssh;
  # Enable the OpenSSH daemon.
  services.openssh = {
    enable = true;
    settings = {
      X11Forwarding = true;
      PermitRootLogin = "no"; # disable root login
      PasswordAuthentication = false; # disable password login
    };
    openFirewall = true;
  };
  # Add terminfo database of all known terminals to the system profile.
  # https://github.com/NixOS/nixpkgs/blob/nixos-23.11/nixos/modules/config/terminfo.nix
  environment.enableAllTerminfo = true;
 }
--- a/modules/nixos/base/zram.nix
+++ b/modules/nixos/base/zram.nix
@@ -0,0 +1,20 @@
 {
  # Enable in-memory compressed devices and swap space provided by the zram kernel module.
  # By enable this, we can store more data in memory instead of fallback to disk-based swap devices directly,
  # and thus improve I/O performance when we have a lot of memory.
  #
  #   https://www.kernel.org/doc/Documentation/blockdev/zram.txt
  zramSwap = {
    enable = true;
    # one of "lzo", "lz4", "zstd"
    algorithm = "zstd";
    # Priority of the zram swap devices.
    # It should be a number higher than the priority of your disk-based swap devices
    # (so that the system will fill the zram swap devices before falling back to disk swap).
    priority = 5;
    # Maximum total amount of memory that can be stored in the zram swap devices (as a percentage of your total memory).
    # Defaults to 1/2 of your total RAM. Run zramctl to check how good memory is compressed.
    # This doesn’t define how much memory will be used by the zram swap devices.
    memoryPercent = 50;
  };
 }
--- a/modules/nixos/server/security.nix
+++ b/modules/nixos/server/security.nix
@@ -1,6 +0,0 @@
 {username, ...}: {
  # Public Keys that can be used to login to all my servers.
  users.users.${username}.openssh.authorizedKeys.keys = [
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMzYT0Fpcp681eHY5FJV2G8Mve53iX3hMOLGbVvfL+TF ryan@romantic"
  ];
 }
--- a/modules/nixos/server/server-aarch64.nix
+++ b/modules/nixos/server/server-aarch64.nix
@@ -0,0 +1,19 @@
 {
  lib,
  pkgs,
  ...
 }: {
  imports = [
    ../base/core.nix
    ../base/i18n.nix
    ../base/monitoring.nix
    ../base/nix.nix
    ../base/ssh.nix
    ../base/user-group.nix
    ../../base.nix
  ];
  # Fix: jasper is marked as broken, refusing to evaluate.
  environment.enableAllTerminfo = lib.mkForce false;
 }
--- a/modules/nixos/server/server-riscv64.nix
+++ b/modules/nixos/server/server-riscv64.nix
@@ -4,19 +4,16 @@
  # =========================================================================
  imports = [
    ../base/core.nix
    ../base/i18n.nix
-    ../base/misc.nix
+    ../base/monitoring.nix
    ../base/nix.nix
    ../base/ssh.nix
    ../base/user-group.nix
    ../../base.nix
    ./security.nix
  ];
  # List packages installed in system profile. To search, run:
  # $ nix search wget
  #
  # TODO feel free to add or remove packages here.
  environment.systemPackages = with pkgs; [
    neovim
@@ -52,14 +49,4 @@
    # This is required for containers which are created with the `--restart=always` flag to work.
    enableOnBoot = true;
  };
  services.openssh = {
    enable = true;
    settings = {
      X11Forwarding = true;
      PermitRootLogin = "prohibit-password"; # disable root login with password
      PasswordAuthentication = false; # disable password login
    };
    openFirewall = true;
  };
 }
--- a/modules/nixos/server/server.nix
+++ b/modules/nixos/server/server.nix
@@ -2,7 +2,5 @@
  imports = [
    ../base
    ../../base.nix
    ./security.nix
  ];
 }
--- a/systems/colmena.nix
+++ b/systems/colmena.nix
@@ -38,7 +38,7 @@ with allSystemAttrs; let
    inherit home-manager;
    inherit (nixos-rk3588.inputs) nixpkgs; # or nixpkgs-unstable
    specialArgs = rk3588_specialArgs;
-    targetUser = "root";
+    targetUser = "ryan";
  };
 in {
  # colmena - remote deployment via SSH
--- a/systems/vars.nix
+++ b/systems/vars.nix
@@ -245,7 +245,7 @@ in {
  _12kingdoms_suzu_modules = {
    nixos-modules = [
      ../hosts/12kingdoms_suzu
-      ../modules/nixos/server/server-riscv64.nix
+      ../modules/nixos/server/server-aarch64.nix
      # cross-compilation this flake.
      {nixpkgs.crossSystem.config = "aarch64-unknown-linux-gnu";}