c3d2/nix-config
c3d2
/
nix-config
24
7
Fork 3
Code Issues 12 Pull Requests 2 Releases Wiki Activity

Generate simd variants of each host, delete unused module

This commit is contained in:
Sandro - 2022-12-04 04:58:36 +01:00
parent 6b8d8541c6
commit b467bb4e74
Signed by: sandro
GPG Key ID: 3AF5A43A3EECC2E5
8 changed files with 71 additions and 144 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
flake.nix
View File

@ -756,11 +756,23 @@
) sops-nix.packages;
hydraJobs =
builtins.mapAttrs (_: nixos.lib.hydraJob) (
builtins.mapAttrs (_: nixosSystem:
if nixosSystem.config ? microvm.declaredRunner
then nixosSystem.config.microvm.declaredRunner
else nixosSystem.config.system.build.toplevel
lib.mapAttrs (_: nixos.lib.hydraJob) (
lib.mapAttrs (_: nixosSystem:
nixosSystem.config.microvm.declaredRunner or nixosSystem.config.system.build.toplevel
) self.nixosConfigurations
// lib.mapAttrs' (hostname: nixosSystem: lib.nameValuePair
(hostname + "-simd")
(nixosSystem.config.microvm.declaredRunner or nixosSystem.config.system.build.toplevel hostname
(nixosSystem (nixosSystem.args // (with nixosSystem.args; {
hostname = hostname + "-simd";
modules = modules ++ [
{
sandro.simd.enable = lib.mkForce true;
}
];
inherit (inputs) nixpkgs;
})))
)
) self.nixosConfigurations
// nixos.lib.filterAttrs (name: attr:
(lib.match ".+-tftproot" name != null && lib.isDerivation attr)

2
hosts/hydra/hydra.nix
View File

@ -80,6 +80,8 @@ in
};
};
c3d2.simd.arch = "ivybridge";
services = {
hydra = {
enable = true;

1
hosts/server10/default.nix
View File

@ -9,6 +9,7 @@
c3d2 = {
deployment.microvmBaseZfsDataset = "server10/vm";
hq.statistics.enable = true;
simd.arch = "ivybridge";
};
boot = {

20
hosts/server8/default.nix
View File

@ -5,6 +5,11 @@
./hardware-configuration.nix
];
c3d2 = {
# deployment.microvmBaseZfsDataset = "tank/storage";
hq.statistics.enable = true;
simd.arch = "westmere";
};
boot = {
loader.grub = {
@ -28,15 +33,14 @@
hostName = "server8";
hostId = "08080808";
};
system.stateVersion = "22.11";
services.openssh.enable = true;
services.zfs.autoScrub.enable = true;
services.smartd.enable = true;
c3d2 = {
# deployment.microvmBaseZfsDataset = "tank/storage";
hq.statistics.enable = true;
services = {
openssh.enable = true;
smartd.enable = true;
zfs.autoScrub.enable = true;
};
skyflake.nomad.client.meta."c3d2.cpuSpeed" = "3";
system.stateVersion = "22.11";
}

28
hosts/server9/default.nix
View File

@ -4,7 +4,14 @@ _:
imports = [
./hardware-configuration.nix
];
boot= {
c3d2 = {
deployment.microvmBaseZfsDataset = "tank/storage";
hq.statistics.enable = true;
simd.arch = "westmere";
};
boot = {
loader.grub = {
enable = true;
version = 2;
@ -25,23 +32,24 @@ _:
hostName = "server9";
hostId = "09090909";
};
system.stateVersion = "21.11";
services.openssh.enable = true;
services.zfs.autoScrub.enable = true;
services.smartd.enable = true;
# required by libvirtd
security.polkit.enable = true;
c3d2 = {
deployment.microvmBaseZfsDataset = "tank/storage";
hq.statistics.enable = true;
services = {
openssh.enable = true;
smartd.enable = true;
zfs.autoScrub.enable = true;
};
skyflake.nomad.client.meta."c3d2.cpuSpeed" = "3";
system.stateVersion = "21.11";
# XXX: enable for zw-ev and poelzi-ha until we find a better solution
virtualisation.libvirtd = {
enable = true;
onShutdown = "shutdown";
};
# required by libvirtd
security.polkit.enable = true;
}

12
modules/c3d2.nix
View File

@ -157,6 +157,18 @@ in
};
};
simd = {
enable = lib.mkEnableOption "optimized builds with simd instructions";
arch = lib.mkOption {
type = with lib.types; nullOr str;
default = null;
description = ''
Microarchitecture string for nixpkgs.hostPlatform.gcc.march and to generate system-features.
Can be determined with: gcc -march=native -Q --help=target | grep march
'';
};
};
users = mkOption {
type = types.attrsOf (types.submodule {
options.sshKeys = mkOption {

121
modules/default.nix
View File

@ -1,121 +0,0 @@
{ config, lib, pkgs, ... }:
let
# TODO: move to flake
nixcloud-webservices = pkgs.fetchFromGitHub {
owner = "nixcloud";
repo = "nixcloud-webservices";
rev = "3a0767f0536fac811065eb87e6342f27eac085aa";
sha256 = "vC0vBu+0HchrevuWsmE7giouKnSt/q4F0TffwhuNJv8=";
};
inherit (import "${nixcloud-webservices}/pkgs" { inherit pkgs; }) nixcloud;
profilesDir = "/nix/var/nix/profiles/lxc";
inherit (config.lxc) containers;
inherit (config.nix) nixPath;
toLxcConfig' = path: a:
if builtins.isString a then ''
${path} = ${a}
'' else if builtins.isInt a then ''
${path} = ${toString a}
'' else if builtins.isAttrs a then
lib.concatMapStrings (name:
let path' = if path == "" then name else "${path}.${name}";
in toLxcConfig' path' (builtins.getAttr name a)) (builtins.attrNames a)
else if builtins.isList a then
lib.concatMapStrings (toLxcConfig' path) a
else
throw "Invalid LXC config value";
toLxcConfig = toLxcConfig' "";
in {
options = with lib.types; {
lxc.containers = mkOption {
type = attrs;
default = { };
};
};
config = lib.mkIf (containers != { }) {
virtualisation.lxc.enable = true;
environment.systemPackages = [ nixcloud.container ];
virtualisation.lxc.defaultConfig = ''
lxc.id_map = u 0 100000 65536
lxc.id_map = g 0 100000 65536
'';
users.users.root.subGidRanges = [{
count = 65536;
startGid = 100000;
}];
users.users.root.subUidRanges = [{
count = 65536;
startUid = 100000;
}];
systemd.services = if true then
{ }
else
builtins.foldl' (services: name:
let
systemDir = "/${profilesDir}/${name}/system";
lxcDefaults = {
lxc = {
uts.name = name;
rootfs.path = "/run/current-system/sw/share/lxc/rootfs";
mount.entry = [
"${systemDir}/init /init none bind,ro 0 0"
"/nix/store /nix/store none bind,ro 0 0"
];
autodev = 1;
include = "/run/current-system/sw/share/lxc/config/common.conf";
apparmor.profile = "generated";
environment = "TERM=linux";
};
};
config = builtins.getAttr name containers;
lxcConfig = builtins.toFile "lxc-container-${name}.conf"
# TODO: more intelligent merging?
(toLxcConfig (lxcDefaults // config.lxc));
builder = {
description = "Build NixOS for lxc container ${name}";
wants = [ "nix-daemon.socket" ];
after = [ "nix-daemon.service" ];
path = with pkgs; [ coreutils nix ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
Environment = [ "NIX_PATH=${builtins.concatStringsSep ":" nixPath}" ];
};
script = ''
mkdir -p ${profilesDir}/${name}
nix-env -p ${profilesDir}/${name}/system \
-I nixos-config=${config.nixos-config} \
-f '<nixpkgs/nixos>' \
--set -A system
'';
};
starter = {
description = "LXC container ${name}";
requires = [ "lxc-container-${name}-builder.service" ];
after = [ "lxc-container-${name}-builder.service" ];
path = with pkgs; [ lxc apparmor-parser ];
script = ''
mkdir -p /var/lib/lxc/${name}
ln -fs ${lxcConfig} /var/lib/lxc/${name}/config
lxc-start -F -n ${name}
'';
};
in services // {
"lxc-container-${name}-builder" = builder;
"lxc-container-${name}" = starter;
}) { } (builtins.attrNames containers);
};
}

9
modules/microvm.nix
View File

@ -1,4 +1,5 @@
{ zentralwerk, options, config, lib, pkgs, ... }:
let
defaultGateways = {
serv = "serv-gw";
@ -26,6 +27,12 @@ let
) hosts6 != {}
) zentralwerk.lib.config.site.net
);
arch-to-host = rec {
server9 = "westmere";
server10 = "ivybridge";
nomad = server9;
};
in
{
options.c3d2.deployment = with lib; {
@ -157,6 +164,8 @@ in
}) {} nets;
};
c3d2.simd.arch = arch-to-host.${config.c3d2.deployment.server};
system.build = with pkgs; {
copyToServer = writeScript "copy-to-${server}" ''
#! ${runtimeShell} -e