diff --git a/hosts/nb/configuration.nix b/hosts/nb/configuration.nix index 30d3d03..115c2a9 100644 --- a/hosts/nb/configuration.nix +++ b/hosts/nb/configuration.nix @@ -18,7 +18,7 @@ in { ./utils/modules/sops.nix ./utils/modules/nur.nix - # ./utils/modules/attic-cache + ./utils/modules/attic-cache ./modules/appimage.nix ./modules/desktop ./modules/development @@ -77,17 +77,9 @@ in { swapDevices = [ { device = "/nix/persist/swapfile"; - size = 32 * 1024; # Size is in megabytes (for hibernation) + size = 32 * 1024; # Size is in megabytes } ]; - # Memory tuning for 92GB RAM - boot.kernel.sysctl = { - "vm.swappiness" = 10; - "vm.dirty_ratio" = 10; - "vm.dirty_background_ratio" = 5; - "vm.vfs_cache_pressure" = 50; - }; - # nixos cross building qemu boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; boot.supportedFilesystems = [ "ntfs" ]; @@ -108,6 +100,18 @@ in { General = { ControllerMode = "bredr"; }; }; + services.tlp = { + enable = true; + settings = { + CPU_SCALING_GOVERNOR_ON_AC = "performance"; + CPU_SCALING_GOVERNOR_ON_BAT = "powersave"; + CPU_ENERGY_PERF_POLICY_ON_BAT = "power"; + CPU_ENERGY_PERF_POLICY_ON_AC = "performance"; + START_CHARGE_THRESH_BAT0 = 60; + STOP_CHARGE_THRESH_BAT0 = 80; + }; + }; + environment.persistence."/nix/persist" = { hideMounts = true; directories = [ @@ -259,16 +263,13 @@ in { }; nix = { - settings = { - auto-optimise-store = true; - experimental-features = [ "nix-command" "flakes" ]; - max-jobs = 12; - cores = 2; - }; + settings.auto-optimise-store = true; + settings.experimental-features = [ "nix-command" "flakes" ]; + # autoOptimiseStore = true; gc = { automatic = true; - dates = "weekly"; - options = "--delete-older-than 14d"; + dates = "daily"; + options = "--delete-older-than 30d"; }; # Free up to 1GiB whenever there is less than 100MiB left. extraOptions = '' diff --git a/hosts/nb/hardware-configuration.nix b/hosts/nb/hardware-configuration.nix index dc815b7..abc1edd 100644 --- a/hosts/nb/hardware-configuration.nix +++ b/hosts/nb/hardware-configuration.nix @@ -17,15 +17,6 @@ boot.kernelModules = [ "amdgpu" ]; boot.extraModulePackages = [ ]; - # AMD Ryzen 7 7840U optimizations - boot.kernelParams = [ - "amd_pstate=active" - "amdgpu.dcdebugmask=0x10" - "amdgpu.dc=1" - "snd_hda_intel.power_save=1" - "transparent_hugepage=madvise" - ]; - fileSystems."/" = { device = "none"; fsType = "tmpfs"; @@ -47,10 +38,9 @@ options = [ "subvol=@" "ssd" - "compress=zstd:1" + "compress=zstd:3" "discard=async" "noatime" - "commit=120" ]; }; @@ -61,10 +51,9 @@ options = [ "subvol=@nix-store" "ssd" - "compress=zstd:1" + "compress=zstd:3" "discard=async" "noatime" - "commit=120" ]; }; @@ -75,10 +64,9 @@ options = [ "subvol=@nix-persist" "ssd" - "compress=zstd:1" + "compress=zstd:3" "discard=async" "noatime" - "commit=120" ]; }; @@ -91,11 +79,13 @@ networking.useDHCP = lib.mkDefault true; # networking.interfaces.wlp52s0.useDHCP = lib.mkDefault true; + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; hardware.graphics = { enable = true; extraPackages = with pkgs; [ + amdvlk vaapiVdpau libvdpau-va-gl libva diff --git a/hosts/nb/modules/desktop/default.nix b/hosts/nb/modules/desktop/default.nix index 01b260a..31b0938 100644 --- a/hosts/nb/modules/desktop/default.nix +++ b/hosts/nb/modules/desktop/default.nix @@ -110,6 +110,8 @@ in { programs.light.enable = true; + hardware.graphics.extraPackages = [ pkgs.amdvlk ]; + hardware.bluetooth.enable = true; hardware.bluetooth.powerOnBoot = true; hardware.bluetooth.settings = { @@ -121,16 +123,8 @@ in { services.tlp.settings = { CPU_SCALING_GOVERNOR_ON_AC = "performance"; CPU_SCALING_GOVERNOR_ON_BAT = "powersave"; - + CPU_ENERGY_PERF_POLICY_ON_BAT = "power"; CPU_ENERGY_PERF_POLICY_ON_AC = "performance"; - CPU_ENERGY_PERF_POLICY_ON_BAT = "balance_power"; - - CPU_BOOST_ON_AC = 1; - CPU_BOOST_ON_BAT = 0; - - RUNTIME_PM_ON_AC = "auto"; - RUNTIME_PM_ON_BAT = "auto"; - START_CHARGE_THRESH_BAT0 = 60; STOP_CHARGE_THRESH_BAT0 = 80; }; diff --git a/hosts/nb/modules/ollama.nix b/hosts/nb/modules/ollama.nix index 0c8b240..444aa1a 100644 --- a/hosts/nb/modules/ollama.nix +++ b/hosts/nb/modules/ollama.nix @@ -6,7 +6,6 @@ host = "127.0.0.1"; port = 11434; openFirewall = false; - acceleration = "rocm"; loadModels = [ "mxbai-embed-large" ]; diff --git a/utils/modules/attic-cache/default.nix b/utils/modules/attic-cache/default.nix index 34bf3d2..1b65bbc 100644 --- a/utils/modules/attic-cache/default.nix +++ b/utils/modules/attic-cache/default.nix @@ -24,17 +24,8 @@ let fi # Read the auth token from sops if available - export ATTIC_AUTH_TOKEN ATTIC_AUTH_TOKEN=$(cat "${authTokenFile}") - # Login to Attic cache - echo "Logging in to Attic cache at $ATTIC_URL..." >&2 - if ! ${pkgs.attic-client}/bin/attic login "$ATTIC_CACHE" "$ATTIC_URL" "$ATTIC_AUTH_TOKEN"; then - echo "Failed to login to Attic cache, skipping push" >&2 - exit 0 - fi - echo "Successfully logged in to Attic cache" >&2 - # Function to check if a path exists in cache path_in_cache() { local path="$1" @@ -52,22 +43,8 @@ let fi } - # Read paths from OUT_PATHS environment variable (provided by Nix post-build-hook) - echo "Reading paths from OUT_PATHS..." >&2 - echo "DRV_PATH: $DRV_PATH" >&2 - echo "OUT_PATHS: $OUT_PATHS" >&2 - - if [[ -z "$OUT_PATHS" ]]; then - echo "No output paths provided, skipping push" >&2 - exit 0 - fi - - path_count=0 - # Split OUT_PATHS by space and process each path - for path in $OUT_PATHS; do - path_count=$((path_count + 1)) - echo "Processing path #$path_count: $path" >&2 - + # Read paths from stdin (provided by Nix post-build-hook) + while IFS= read -r path; do if [[ -e "$path" ]]; then # Check if already in cache before pushing if ! path_in_cache "$path"; then @@ -75,12 +52,10 @@ let else echo "Path $path already in cache, skipping" >&2 fi - else - echo "Path $path does not exist, skipping" >&2 fi done - echo "Attic cache push completed (processed $path_count paths)" >&2 + echo "Attic cache push completed" >&2 ''; in { @@ -88,13 +63,6 @@ in { sopsFile = ./secrets.yaml; }; - # Create netrc file for authenticated cache access - sops.secrets.attic_netrc = { - sopsFile = ./secrets.yaml; - mode = "0440"; - group = "nixbld"; - }; - # Install attic client environment.systemPackages = with pkgs; [ attic-client @@ -105,7 +73,6 @@ in { substituters = [ cacheUrl ]; trusted-public-keys = [ publicKey ]; post-build-hook = atticPushHook; - netrc-file = config.sops.secrets.attic_netrc.path; }; # Create a systemd service for manual cache operations diff --git a/utils/modules/attic-cache/secrets.yaml b/utils/modules/attic-cache/secrets.yaml index 12d79e7..8a41058 100644 --- a/utils/modules/attic-cache/secrets.yaml +++ b/utils/modules/attic-cache/secrets.yaml @@ -1,5 +1,4 @@ attic_auth_token: ENC[AES256_GCM,data:O9wRQe+llEvCE/9mx7VckgCY/5/ZryUFz+0qpgauFRsnNWiB31yOTXo1sOn1lPldGpfsSpUZnGDTLvg5S6mzZ9UYdhDTcSk6V+E9YV5wXLFJv6HGVVI7TVhkSSBIUrxx8sbQvC/hYQ+YQ0zzfreaIz7eMVbHgk+FNnNr3pFNcLYLTacugvMOyZDwkEJcKIFMcWj+zCGu90s3W7LutfudJ37LB4M9sU1Ifjj46NGTe3fAj+lmS1IyJ+2ZUlVoQd4pCbWB0wm3bTpwjJhDYhjQj5gJPuMjBQcCpP7uBvelcmBo+8V/LJ9HY6pRFxPlp48+tOwlGGrzb5WyqWPE3sP3F2eQj4EnlQoULrfi6ARO0xO4qs0FJhN2YhvHJYRyd9leNWNLIe1SdRQ9PK5ksvuoM1rTlbgrPotPYa1PkfmgFuWBMwI+hBf0+DMJtZxJpVES3WAcOuibZukeA5lvQ+AAFTpHRW8AiZF2ry3gWxStLsUrqNQTTt1gZQq6WrHbYbXr3DCuTXxqVLX4mXO1Slbm7JLxni7Sn5nCfUiKCAmFdxuL0L22RMa5yd9+7+wdcFJfhqu9pZ8U5KoTMuaJKnxp0KISog3gDVAfxkrrtfhLnHtJkkLB+/Aa3Ypqowle9iAq1I0IdH6Nzwl63C2nbqPafL5mcXkFMwPktHlkqrflUl/QKnJqBBvcgThdHZIbsQUq2xo589cpvDLouWL2xUHNpIqWotowF5m4n/iN53i6/cJayNpLWMEWWLtslXtG1CN7arjoYYJOuEqdzkqTjornSU7Q1kF6/eLgB8e2BVnMKfBT59F4sX2c6kuK0QXPohcpLWI1ZEYxnSv/44W0i/Ij5NvqZOQ1pEsyMIlPbuh37khw1gv+fMKrbEUUyquzHTX7DEGYEECzWjHQ3/WeDuRmiHlrZC/3StMf9888qm5v2yw/Vk5rQwNY1nbeTf8yWg47qKi2GgSSdsqrUrW5yWLs4MWKF2cSSDMC/kbgvGkHoS9KVI5dBGJhGuAf98tzOBO/UO39X0TjTzcay0AQ27/r8+QeIimviaZO41/GQOjoMzzSDHGxWEf2Nf/40nrM5Vcqj3I6hvRFE4u2m6jxCMqCqsIuy9avW8EuZyC6zJMoHSe/lUnYrx4tSUf3VhN85o6QSSJqfIFUN0jPQwNFpsz3X+A=,iv:X6xSygAtem7ekQruSZirdW/LKwf0kw+/Iq35wAcNyyQ=,tag:gRuPBxM5VeoJHimC6sbSow==,type:str] -attic_netrc: ENC[AES256_GCM,data:fdVz6YSl9ZJr0AZopowCzB9q+PWn2RYcP+vGMTUW1Irchmag7+ETwyMZUJfYHKgYdROzK6TI9xCY2aKkpMqaRc/yP8PsniLIA2t4cOxoJksyE1PZOMAUGJKfgdgGwTzRckqLnxkSK5AunHCYpPrQjHtALHOBYuIIyS/zzMGFmCcl3dJs7eSrWMpMP+HDI2A/mtsRMXMcGXGnYOoNhfwtwWcnEIcAGY2BCjKWWk6XKaRXSex+Jp8f+eAhlXE0Yon8IA8E42w+B2o+Bhzektlru6h0AVjcf+WgrvaVRPiDlkNK+NBdy+iOI1DFFmcKdXX9eKrHsD1wnDav5QuXE78q0NiwTrm6LyHINbjcmzwAAUkgOyvb9+cLZiZf9vI3ZekcofLjTe3Hwn/fj1luIOmuE6pThFZLyGxWXZ1shPrurGwISSLYLI5dq8ZIUzCcXdGcCxs1QokFhpNjpE6fdABakB62pFZfYwG9Ulqv4jX5Jj9a2ZX41xXrziCUuKusxxdjQgSo8lEPvpLoZljyB6v1UPIcVw6/r1Nwrmyx8P9RwTcv7DYU3vKQw3h/UjzOfP+iCoS2+m6N0ebIjW77MeksBVDtociN93uxKrg6G3oCcv48tc6CRG9zK5uoKOgn4Eym+hFAcFZXuBOorEGNLhAEEoZroubmqnlDm1bq2eNWv5t+8zzm2FStHonI0vLWfT3WDLNRIUiHeYH7+SEdXH8OxC8RbzuIEk0kb2gNKMiYPer0nvt8SsQ762/N15rJ29F9HccTfNIhz9210XBICB0OL0AIobF3gXzmWmIA6Q6JWETa0g72IC6HMqbDCf5U55lx5y56qCNFXz2HddIaIqYX0YWxV2mlKVP+gjZcsD1W8Emc2bWoZml/P+uaRWkzFMSFqfmwZhvCKEqZlrUY9mshOvBfcZCQaZrbarLbdhdpTikO70jMuQiFzOoFO2sC2afSu3GtGYVRmdYMcBzZcbWehx0K2jMOtqsG5STBoCvP9jUjMhPUV5eF48uiLjOYRPCclTLiIb7gJ7xorbyWr5FTrkUMK1w4t4sX7RAE7DwwLDsY4xY226TUjEf34H1kDGtXCFqlMJXA80C2qwks6PkiLQ1sToCvXpLTmO+PEVdJahA7zV4JG5E9C3C89ZwzS1p7Th3I31jnZofeU8xaJZqkg/kR5q9ButgYubkV4TTRzwkmcqOuoa48E6upMBMkP265i4wZzt+iTfAgvXvT5MEO0Ak=,iv:K5ysCVEvCa0199iu22gANPjq4CRWlYPKq+8jlM5t9e4=,tag:U17SdmXGL+5NbJ4g9MZZEw==,type:str] sops: age: - recipient: age14grjcxaq4h55yfnjxvnqhtswxhj9sfdcvyas4lwvpa8py27pjy2sv3g6v7 @@ -29,7 +28,7 @@ sops: UzVENGtNSnZVcDQvR1hDR2oyZDh5KzAKhg+AQNdiJM/RvCdMNLH5er25U+yvcnM2 4Z0rOkkYsT6TerZHLllbm5AAyOLnKUn4PhZFMvKvGhVbc1Xg9t2XDg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-10-14T21:33:39Z" - mac: ENC[AES256_GCM,data:uKJe6/T0TGNm466dsF6DVdhCDjhCswGKAmyx/3xcIcce2VmVEOKk/zEpO9KmD5aydHfH/3s88huImIRRCGp6xFwDReRC4zx7kLI8mtjupix984/61aXy2TbOiN80mIVShMleQs09ESU2y0YtvqT771uNgaNa8bGBPQaAqpz0v68=,iv:9hBPQ7Ad8li0bu6Sy+CFGh/SUXo15hL/X3TQaS5B8ZE=,tag:XEK7DPZaNzNNTFA3oPAGBw==,type:str] + lastmodified: "2025-10-14T20:22:06Z" + mac: ENC[AES256_GCM,data:dt+rZ7GTlooTFhQOxRQvVpqKJksEJC5I5vsjSQ6GWPsi4EewGl2NY2gyjF6bVjYj6DHWuw/Kp79KGzJajmlYtQFdL54ydjaJUz4oMhoKO3xR4TxshW9XYEfOWavlMVqHHZQ6mPR1pyWQkonzwyni9ug8XmOJ0cN2OmZmKwdWzZQ=,iv:6AJocLlXZcNGG3nuXLc+ycfm6OA/oZOUFqFw4OoBetU=,tag:Qpa1RKS1/nqbDiAL5Jrb7w==,type:str] unencrypted_suffix: _unencrypted version: 3.11.0