diff --git a/hosts/nb/configuration.nix b/hosts/nb/configuration.nix index 115c2a9..30d3d03 100644 --- a/hosts/nb/configuration.nix +++ b/hosts/nb/configuration.nix @@ -18,7 +18,7 @@ in { ./utils/modules/sops.nix ./utils/modules/nur.nix - ./utils/modules/attic-cache + # ./utils/modules/attic-cache ./modules/appimage.nix ./modules/desktop ./modules/development @@ -77,9 +77,17 @@ in { swapDevices = [ { device = "/nix/persist/swapfile"; - size = 32 * 1024; # Size is in megabytes + size = 32 * 1024; # Size is in megabytes (for hibernation) } ]; + # Memory tuning for 92GB RAM + boot.kernel.sysctl = { + "vm.swappiness" = 10; + "vm.dirty_ratio" = 10; + "vm.dirty_background_ratio" = 5; + "vm.vfs_cache_pressure" = 50; + }; + # nixos cross building qemu boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; boot.supportedFilesystems = [ "ntfs" ]; @@ -100,18 +108,6 @@ in { General = { ControllerMode = "bredr"; }; }; - services.tlp = { - enable = true; - settings = { - CPU_SCALING_GOVERNOR_ON_AC = "performance"; - CPU_SCALING_GOVERNOR_ON_BAT = "powersave"; - CPU_ENERGY_PERF_POLICY_ON_BAT = "power"; - CPU_ENERGY_PERF_POLICY_ON_AC = "performance"; - START_CHARGE_THRESH_BAT0 = 60; - STOP_CHARGE_THRESH_BAT0 = 80; - }; - }; - environment.persistence."/nix/persist" = { hideMounts = true; directories = [ @@ -263,13 +259,16 @@ in { }; nix = { - settings.auto-optimise-store = true; - settings.experimental-features = [ "nix-command" "flakes" ]; - # autoOptimiseStore = true; + settings = { + auto-optimise-store = true; + experimental-features = [ "nix-command" "flakes" ]; + max-jobs = 12; + cores = 2; + }; gc = { automatic = true; - dates = "daily"; - options = "--delete-older-than 30d"; + dates = "weekly"; + options = "--delete-older-than 14d"; }; # Free up to 1GiB whenever there is less than 100MiB left. extraOptions = '' diff --git a/hosts/nb/hardware-configuration.nix b/hosts/nb/hardware-configuration.nix index abc1edd..dc815b7 100644 --- a/hosts/nb/hardware-configuration.nix +++ b/hosts/nb/hardware-configuration.nix @@ -17,6 +17,15 @@ boot.kernelModules = [ "amdgpu" ]; boot.extraModulePackages = [ ]; + # AMD Ryzen 7 7840U optimizations + boot.kernelParams = [ + "amd_pstate=active" + "amdgpu.dcdebugmask=0x10" + "amdgpu.dc=1" + "snd_hda_intel.power_save=1" + "transparent_hugepage=madvise" + ]; + fileSystems."/" = { device = "none"; fsType = "tmpfs"; @@ -38,9 +47,10 @@ options = [ "subvol=@" "ssd" - "compress=zstd:3" + "compress=zstd:1" "discard=async" "noatime" + "commit=120" ]; }; @@ -51,9 +61,10 @@ options = [ "subvol=@nix-store" "ssd" - "compress=zstd:3" + "compress=zstd:1" "discard=async" "noatime" + "commit=120" ]; }; @@ -64,9 +75,10 @@ options = [ "subvol=@nix-persist" "ssd" - "compress=zstd:3" + "compress=zstd:1" "discard=async" "noatime" + "commit=120" ]; }; @@ -79,13 +91,11 @@ networking.useDHCP = lib.mkDefault true; # networking.interfaces.wlp52s0.useDHCP = lib.mkDefault true; - powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; hardware.graphics = { enable = true; extraPackages = with pkgs; [ - amdvlk vaapiVdpau libvdpau-va-gl libva diff --git a/hosts/nb/modules/desktop/default.nix b/hosts/nb/modules/desktop/default.nix index 31b0938..01b260a 100644 --- a/hosts/nb/modules/desktop/default.nix +++ b/hosts/nb/modules/desktop/default.nix @@ -110,8 +110,6 @@ in { programs.light.enable = true; - hardware.graphics.extraPackages = [ pkgs.amdvlk ]; - hardware.bluetooth.enable = true; hardware.bluetooth.powerOnBoot = true; hardware.bluetooth.settings = { @@ -123,8 +121,16 @@ in { services.tlp.settings = { CPU_SCALING_GOVERNOR_ON_AC = "performance"; CPU_SCALING_GOVERNOR_ON_BAT = "powersave"; - CPU_ENERGY_PERF_POLICY_ON_BAT = "power"; + CPU_ENERGY_PERF_POLICY_ON_AC = "performance"; + CPU_ENERGY_PERF_POLICY_ON_BAT = "balance_power"; + + CPU_BOOST_ON_AC = 1; + CPU_BOOST_ON_BAT = 0; + + RUNTIME_PM_ON_AC = "auto"; + RUNTIME_PM_ON_BAT = "auto"; + START_CHARGE_THRESH_BAT0 = 60; STOP_CHARGE_THRESH_BAT0 = 80; }; diff --git a/hosts/nb/modules/ollama.nix b/hosts/nb/modules/ollama.nix index 444aa1a..0c8b240 100644 --- a/hosts/nb/modules/ollama.nix +++ b/hosts/nb/modules/ollama.nix @@ -6,6 +6,7 @@ host = "127.0.0.1"; port = 11434; openFirewall = false; + acceleration = "rocm"; loadModels = [ "mxbai-embed-large" ]; diff --git a/utils/modules/attic-cache/default.nix b/utils/modules/attic-cache/default.nix index 1b65bbc..34bf3d2 100644 --- a/utils/modules/attic-cache/default.nix +++ b/utils/modules/attic-cache/default.nix @@ -24,8 +24,17 @@ let fi # Read the auth token from sops if available + export ATTIC_AUTH_TOKEN ATTIC_AUTH_TOKEN=$(cat "${authTokenFile}") + # Login to Attic cache + echo "Logging in to Attic cache at $ATTIC_URL..." >&2 + if ! ${pkgs.attic-client}/bin/attic login "$ATTIC_CACHE" "$ATTIC_URL" "$ATTIC_AUTH_TOKEN"; then + echo "Failed to login to Attic cache, skipping push" >&2 + exit 0 + fi + echo "Successfully logged in to Attic cache" >&2 + # Function to check if a path exists in cache path_in_cache() { local path="$1" @@ -43,8 +52,22 @@ let fi } - # Read paths from stdin (provided by Nix post-build-hook) - while IFS= read -r path; do + # Read paths from OUT_PATHS environment variable (provided by Nix post-build-hook) + echo "Reading paths from OUT_PATHS..." >&2 + echo "DRV_PATH: $DRV_PATH" >&2 + echo "OUT_PATHS: $OUT_PATHS" >&2 + + if [[ -z "$OUT_PATHS" ]]; then + echo "No output paths provided, skipping push" >&2 + exit 0 + fi + + path_count=0 + # Split OUT_PATHS by space and process each path + for path in $OUT_PATHS; do + path_count=$((path_count + 1)) + echo "Processing path #$path_count: $path" >&2 + if [[ -e "$path" ]]; then # Check if already in cache before pushing if ! path_in_cache "$path"; then @@ -52,10 +75,12 @@ let else echo "Path $path already in cache, skipping" >&2 fi + else + echo "Path $path does not exist, skipping" >&2 fi done - echo "Attic cache push completed" >&2 + echo "Attic cache push completed (processed $path_count paths)" >&2 ''; in { @@ -63,6 +88,13 @@ in { sopsFile = ./secrets.yaml; }; + # Create netrc file for authenticated cache access + sops.secrets.attic_netrc = { + sopsFile = ./secrets.yaml; + mode = "0440"; + group = "nixbld"; + }; + # Install attic client environment.systemPackages = with pkgs; [ attic-client @@ -73,6 +105,7 @@ in { substituters = [ cacheUrl ]; trusted-public-keys = [ publicKey ]; post-build-hook = atticPushHook; + netrc-file = config.sops.secrets.attic_netrc.path; }; # Create a systemd service for manual cache operations diff --git a/utils/modules/attic-cache/secrets.yaml b/utils/modules/attic-cache/secrets.yaml index 8a41058..12d79e7 100644 --- a/utils/modules/attic-cache/secrets.yaml +++ b/utils/modules/attic-cache/secrets.yaml @@ -1,4 +1,5 @@ attic_auth_token: ENC[AES256_GCM,data:O9wRQe+llEvCE/9mx7VckgCY/5/ZryUFz+0qpgauFRsnNWiB31yOTXo1sOn1lPldGpfsSpUZnGDTLvg5S6mzZ9UYdhDTcSk6V+E9YV5wXLFJv6HGVVI7TVhkSSBIUrxx8sbQvC/hYQ+YQ0zzfreaIz7eMVbHgk+FNnNr3pFNcLYLTacugvMOyZDwkEJcKIFMcWj+zCGu90s3W7LutfudJ37LB4M9sU1Ifjj46NGTe3fAj+lmS1IyJ+2ZUlVoQd4pCbWB0wm3bTpwjJhDYhjQj5gJPuMjBQcCpP7uBvelcmBo+8V/LJ9HY6pRFxPlp48+tOwlGGrzb5WyqWPE3sP3F2eQj4EnlQoULrfi6ARO0xO4qs0FJhN2YhvHJYRyd9leNWNLIe1SdRQ9PK5ksvuoM1rTlbgrPotPYa1PkfmgFuWBMwI+hBf0+DMJtZxJpVES3WAcOuibZukeA5lvQ+AAFTpHRW8AiZF2ry3gWxStLsUrqNQTTt1gZQq6WrHbYbXr3DCuTXxqVLX4mXO1Slbm7JLxni7Sn5nCfUiKCAmFdxuL0L22RMa5yd9+7+wdcFJfhqu9pZ8U5KoTMuaJKnxp0KISog3gDVAfxkrrtfhLnHtJkkLB+/Aa3Ypqowle9iAq1I0IdH6Nzwl63C2nbqPafL5mcXkFMwPktHlkqrflUl/QKnJqBBvcgThdHZIbsQUq2xo589cpvDLouWL2xUHNpIqWotowF5m4n/iN53i6/cJayNpLWMEWWLtslXtG1CN7arjoYYJOuEqdzkqTjornSU7Q1kF6/eLgB8e2BVnMKfBT59F4sX2c6kuK0QXPohcpLWI1ZEYxnSv/44W0i/Ij5NvqZOQ1pEsyMIlPbuh37khw1gv+fMKrbEUUyquzHTX7DEGYEECzWjHQ3/WeDuRmiHlrZC/3StMf9888qm5v2yw/Vk5rQwNY1nbeTf8yWg47qKi2GgSSdsqrUrW5yWLs4MWKF2cSSDMC/kbgvGkHoS9KVI5dBGJhGuAf98tzOBO/UO39X0TjTzcay0AQ27/r8+QeIimviaZO41/GQOjoMzzSDHGxWEf2Nf/40nrM5Vcqj3I6hvRFE4u2m6jxCMqCqsIuy9avW8EuZyC6zJMoHSe/lUnYrx4tSUf3VhN85o6QSSJqfIFUN0jPQwNFpsz3X+A=,iv:X6xSygAtem7ekQruSZirdW/LKwf0kw+/Iq35wAcNyyQ=,tag:gRuPBxM5VeoJHimC6sbSow==,type:str] +attic_netrc: ENC[AES256_GCM,data:fdVz6YSl9ZJr0AZopowCzB9q+PWn2RYcP+vGMTUW1Irchmag7+ETwyMZUJfYHKgYdROzK6TI9xCY2aKkpMqaRc/yP8PsniLIA2t4cOxoJksyE1PZOMAUGJKfgdgGwTzRckqLnxkSK5AunHCYpPrQjHtALHOBYuIIyS/zzMGFmCcl3dJs7eSrWMpMP+HDI2A/mtsRMXMcGXGnYOoNhfwtwWcnEIcAGY2BCjKWWk6XKaRXSex+Jp8f+eAhlXE0Yon8IA8E42w+B2o+Bhzektlru6h0AVjcf+WgrvaVRPiDlkNK+NBdy+iOI1DFFmcKdXX9eKrHsD1wnDav5QuXE78q0NiwTrm6LyHINbjcmzwAAUkgOyvb9+cLZiZf9vI3ZekcofLjTe3Hwn/fj1luIOmuE6pThFZLyGxWXZ1shPrurGwISSLYLI5dq8ZIUzCcXdGcCxs1QokFhpNjpE6fdABakB62pFZfYwG9Ulqv4jX5Jj9a2ZX41xXrziCUuKusxxdjQgSo8lEPvpLoZljyB6v1UPIcVw6/r1Nwrmyx8P9RwTcv7DYU3vKQw3h/UjzOfP+iCoS2+m6N0ebIjW77MeksBVDtociN93uxKrg6G3oCcv48tc6CRG9zK5uoKOgn4Eym+hFAcFZXuBOorEGNLhAEEoZroubmqnlDm1bq2eNWv5t+8zzm2FStHonI0vLWfT3WDLNRIUiHeYH7+SEdXH8OxC8RbzuIEk0kb2gNKMiYPer0nvt8SsQ762/N15rJ29F9HccTfNIhz9210XBICB0OL0AIobF3gXzmWmIA6Q6JWETa0g72IC6HMqbDCf5U55lx5y56qCNFXz2HddIaIqYX0YWxV2mlKVP+gjZcsD1W8Emc2bWoZml/P+uaRWkzFMSFqfmwZhvCKEqZlrUY9mshOvBfcZCQaZrbarLbdhdpTikO70jMuQiFzOoFO2sC2afSu3GtGYVRmdYMcBzZcbWehx0K2jMOtqsG5STBoCvP9jUjMhPUV5eF48uiLjOYRPCclTLiIb7gJ7xorbyWr5FTrkUMK1w4t4sX7RAE7DwwLDsY4xY226TUjEf34H1kDGtXCFqlMJXA80C2qwks6PkiLQ1sToCvXpLTmO+PEVdJahA7zV4JG5E9C3C89ZwzS1p7Th3I31jnZofeU8xaJZqkg/kR5q9ButgYubkV4TTRzwkmcqOuoa48E6upMBMkP265i4wZzt+iTfAgvXvT5MEO0Ak=,iv:K5ysCVEvCa0199iu22gANPjq4CRWlYPKq+8jlM5t9e4=,tag:U17SdmXGL+5NbJ4g9MZZEw==,type:str] sops: age: - recipient: age14grjcxaq4h55yfnjxvnqhtswxhj9sfdcvyas4lwvpa8py27pjy2sv3g6v7 @@ -28,7 +29,7 @@ sops: UzVENGtNSnZVcDQvR1hDR2oyZDh5KzAKhg+AQNdiJM/RvCdMNLH5er25U+yvcnM2 4Z0rOkkYsT6TerZHLllbm5AAyOLnKUn4PhZFMvKvGhVbc1Xg9t2XDg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-10-14T20:22:06Z" - mac: ENC[AES256_GCM,data:dt+rZ7GTlooTFhQOxRQvVpqKJksEJC5I5vsjSQ6GWPsi4EewGl2NY2gyjF6bVjYj6DHWuw/Kp79KGzJajmlYtQFdL54ydjaJUz4oMhoKO3xR4TxshW9XYEfOWavlMVqHHZQ6mPR1pyWQkonzwyni9ug8XmOJ0cN2OmZmKwdWzZQ=,iv:6AJocLlXZcNGG3nuXLc+ycfm6OA/oZOUFqFw4OoBetU=,tag:Qpa1RKS1/nqbDiAL5Jrb7w==,type:str] + lastmodified: "2025-10-14T21:33:39Z" + mac: ENC[AES256_GCM,data:uKJe6/T0TGNm466dsF6DVdhCDjhCswGKAmyx/3xcIcce2VmVEOKk/zEpO9KmD5aydHfH/3s88huImIRRCGp6xFwDReRC4zx7kLI8mtjupix984/61aXy2TbOiN80mIVShMleQs09ESU2y0YtvqT771uNgaNa8bGBPQaAqpz0v68=,iv:9hBPQ7Ad8li0bu6Sy+CFGh/SUXo15hL/X3TQaS5B8ZE=,tag:XEK7DPZaNzNNTFA3oPAGBw==,type:str] unencrypted_suffix: _unencrypted version: 3.11.0