Merge remote-tracking branches 'origin/nas-disable-nvidia', 'origin/add-ssd-to-nas', 'origin/switch-nas-to-bcachefs', 'origin/update-matrix-configs', 'origin/disable-mandatory-e2ee', 'origin/update-pgtune-configs' and 'origin/add-netboot-target'

config/installer.nix

@@ -10,14 +10,8 @@
   networking.wireguard.interfaces."wg0".ips = [
     "fd0d:a262:1fa6:e621:6ec2:1e4e:ce7f:d2af/64"
   ];
-  boot.supportedFilesystems = ["zfs"];
+  boot.supportedFilesystems = lib.mkForce ["bcachefs" "vfat"];
+  boot.kernelPackages = lib.mkForce pkgs.linuxPackages_testing_bcachefs;
   networking.hostId = "8425e349";
-  # Oldest system I have is skylake-based
+  nix.settings.post-build-hook = lib.mkForce "true";
-  /*
-  nixpkgs.localSystem = {
-  gcc.arch = "skylake";
-  gcc.tune = "skylake";
-  system = "x86_64-linux";
-  };
-  */
 }

config/nas.nix

@@ -17,7 +17,7 @@
     ./services/hydra.nix
     ./services/backup.nix
     nixos-hardware.nixosModules.common-cpu-amd
-    nixos-hardware.nixosModules.common-pc-hdd
+    nixos-hardware.nixosModules.common-pc-ssd
     ./services/hostapd.nix
     ./services/synapse.nix
     ./services/mautrix-discord.nix
@@ -37,148 +37,26 @@
   ];
 
   hardware.cpu.amd.updateMicrocode = true;
-  boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "usb_storage" "sd_mod"];
+  boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "ahci" "usb_storage" "sd_mod"];
   boot.initrd.kernelModules = ["igb"];
   boot.kernelModules = ["kvm-amd"];
   boot.extraModulePackages = [
     config.boot.kernelPackages.zenpower
   ];
 
-  boot.supportedFilesystems = ["zfs"];
+  boot.kernelPackages = lib.mkForce pkgs.linuxPackages_testing_bcachefs;
-  boot.zfs.devNodes = "/dev/";
+  boot.supportedFilesystems = lib.mkForce ["bcachefs" "vfat"];
-
-  services.zfs.autoScrub.enable = true;
-  services.zfs.autoScrub.pools = ["tank"];
-
-  boot.initrd.luks.devices = {
-    disk0.device = "/dev/disk/by-partuuid/b122f4e7-9edf-402e-87a9-b709741fe8c9";
-    disk1.device = "/dev/disk/by-partuuid/6e080c43-35fc-4c7c-a749-112d5b618a64";
-    disk2.device = "/dev/disk/by-partuuid/13f012a4-b9a9-4144-8888-cbb637657f69";
-  };
 
   fileSystems."/" = {
-    device = "tank/nixos";
+    device = "/dev/nvme0n1p2:/dev/sda1:/dev/sdb1:/dev/sdc2";
-    fsType = "zfs";
+    fsType = "bcachefs";
-    options = ["zfsutil"];
-  };
-
-  fileSystems."/nix" = {
-    device = "tank/nixos/nix";
-    fsType = "zfs";
-    options = ["zfsutil"];
-  };
-
-  fileSystems."/etc" = {
-    device = "tank/nixos/etc";
-    fsType = "zfs";
-    options = ["zfsutil"];
-  };
-
-  fileSystems."/var" = {
-    device = "tank/nixos/var";
-    fsType = "zfs";
-    options = ["zfsutil"];
-  };
-
-  fileSystems."/var/lib" = {
-    device = "tank/nixos/var/lib";
-    fsType = "zfs";
-    options = ["zfsutil"];
-  };
-
-  fileSystems."/var/lib/syncthing" = {
-    device = "tank/nixos/var/lib/syncthing";
-    fsType = "zfs";
-    options = ["zfsutil"];
-  };
-
-  fileSystems."/var/lib/syncthing/.wine" = {
-    device = "tank/nixos/var/lib/syncthing/.wine";
-    fsType = "zfs";
-    options = ["zfsutil"];
-  };
-  fileSystems."/var/lib/syncthing/lennyface" = {
-    device = "tank/nixos/var/lib/syncthing/lennyface";
-    fsType = "zfs";
-    options = ["zfsutil"];
-  };
-  fileSystems."/var/lib/syncthing/Music-flac" = {
-    device = "tank/nixos/var/lib/syncthing/Music-flac";
-    fsType = "zfs";
-    options = ["zfsutil"];
-  };
-  fileSystems."/var/lib/syncthing/Studium" = {
-    device = "tank/nixos/var/lib/syncthing/Studium";
-    fsType = "zfs";
-    options = ["zfsutil"];
-  };
-  fileSystems."/var/lib/syncthing/Pictures" = {
-    device = "tank/nixos/var/lib/syncthing/Pictures";
-    fsType = "zfs";
-    options = ["zfsutil"];
-  };
-  fileSystems."/var/lib/syncthing/Data" = {
-    device = "tank/nixos/var/lib/syncthing/Data";
-    fsType = "zfs";
-    options = ["zfsutil"];
-  };
-  fileSystems."/var/lib/syncthing/CarolineFlac" = {
-    device = "tank/nixos/var/lib/syncthing/CarolineFlac";
-    fsType = "zfs";
-    options = ["zfsutil"];
-  };
-  fileSystems."/var/lib/syncthing/Camera" = {
-    device = "tank/nixos/var/lib/syncthing/Camera";
-    fsType = "zfs";
-    options = ["zfsutil"];
-  };
-  fileSystems."/var/lib/syncthing/reveng" = {
-    device = "tank/nixos/var/lib/syncthing/reveng";
-    fsType = "zfs";
-    options = ["zfsutil"];
-  };
-  fileSystems."/var/lib/syncthing/Music" = {
-    device = "tank/nixos/var/lib/syncthing/Music";
-    fsType = "zfs";
-    options = ["zfsutil"];
-  };
-  fileSystems."/var/lib/syncthing/Documents" = {
-    device = "tank/nixos/var/lib/syncthing/Documents";
-    fsType = "zfs";
-    options = ["zfsutil"];
-  };
-
-  fileSystems."/var/log" = {
-    device = "tank/nixos/var/log";
-    fsType = "zfs";
-    options = ["zfsutil"];
-  };
-
-  fileSystems."/var/spool" = {
-    device = "tank/nixos/var/spool";
-    fsType = "zfs";
-    options = ["zfsutil"];
-  };
-
-  fileSystems."/home" = {
-    device = "tank/userdata/home";
-    fsType = "zfs";
-    options = ["zfsutil"];
-  };
-
-  fileSystems."/root" = {
-    device = "tank/userdata/home/root";
-    fsType = "zfs";
-    options = ["zfsutil"];
-  };
-
-  fileSystems."/home/darkkirb" = {
-    device = "tank/userdata/home/darkkirb";
-    fsType = "zfs";
-    options = ["zfsutil"];
   };
 
   fileSystems."/boot" = {
+    device = "/dev/nvme0n1p1";
+    fsType = "vfat";
+  };
+  fileSystems."/boot1" = {
     device = "/dev/disk/by-partuuid/b50f9cff-552d-4c6e-bda2-104723ee638e";
     fsType = "vfat";
   };
@@ -216,7 +94,7 @@
     };
   };
   networking.bridges = {
-    br0.interfaces = ["enp8s0" "wlp6s0"];
+    br0.interfaces = ["enp9s0" "wlp9s0"];
   };
   networking.wireguard.interfaces."wg0".ips = ["fd0d:a262:1fa6:e621:bc9b:6a33:86e4:873b/64"];
   environment.etc."sysconfig/lm_sensors".text = ''
@@ -265,7 +143,7 @@
   };
 
   networking.tc_cake = {
-    enp1s0f0u4 = {
+    enp2s0f0u4 = {
       disableOffload = true;
       shapeEgress = {
         bandwidth = "4mbit";
@@ -273,15 +151,10 @@
       };
       shapeIngress = {
         bandwidth = "33mbit";
-        ifb = "ifb4enp1s0f0u4";
+        ifb = "ifb4enp2s0f0u4";
       };
     };
   };
-  virtualisation.docker.daemon.settings = {
-    storage-opts = [
-      "zfs.fsname=tank/docker"
-    ];
-  };
   services.postgresql.settings = {
     max_connections = 200;
     shared_buffers = "4GB";
@@ -290,8 +163,8 @@
     checkpoint_completion_target = 0.9;
     wal_buffers = "16MB";
     default_statistics_target = 100;
-    random_page_cost = 4;
+    random_page_cost = 1.1;
-    effective_io_concurrency = 2;
+    effective_io_concurrency = 200;
     work_mem = "5242kB";
     min_wal_size = "1GB";
     max_wal_size = "4GB";

config/netboot.nix

@@ -0,0 +1,17 @@
+{
+  lib,
+  pkgs,
+  nixpkgs,
+  ...
+}: {
+  imports = [
+    "${nixpkgs}/nixos/modules/installer/netboot/netboot-base.nix"
+  ];
+  networking.wireguard.interfaces."wg0".ips = [
+    "fd0d:a262:1fa6:e621:6ec2:1e4e:ce7f:d2af/64"
+  ];
+  boot.supportedFilesystems = lib.mkForce ["bcachefs" "vfat"];
+  boot.kernelPackages = lib.mkForce pkgs.linuxPackages_testing_bcachefs;
+  networking.hostId = "8425e349";
+  nix.settings.post-build-hook = lib.mkForce "true";
+}

config/nixos-8gb-fsn1-1.nix

@@ -187,15 +187,15 @@
 
   services.postgresql.settings = {
     max_connections = 200;
-    shared_buffers = "2GB";
+    shared_buffers = "1GB";
-    effective_cache_size = "6GB";
+    effective_cache_size = "3GB";
-    maintenance_work_mem = "512MB";
+    maintenance_work_mem = "256MB";
     checkpoint_completion_target = 0.9;
     wal_buffers = "16MB";
     default_statistics_target = 100;
     random_page_cost = 1.1;
     effective_io_concurrency = 200;
-    work_mem = "10485kB";
+    work_mem = "52422kB";
     min_wal_size = "1GB";
     max_wal_size = "4GB";
     max_worker_processes = 2;

config/nutty-noon.nix

@@ -111,11 +111,6 @@
     384000
   ];
   services.pipewire.config.pipewire."context.properties"."default.clock.quantum" = 8192;
-  virtualisation.docker.daemon.settings = {
-    storage-opts = [
-      "zfs.fsname=hdd/docker"
-    ];
-  };
   nix.settings.substituters = lib.mkForce [
     "https://hydra.int.chir.rs/"
     "https://cache.nixos.org/"

config/services/hostapd.nix

@@ -5,7 +5,7 @@
   services.hostapd = {
     enable = true;
     countryCode = "DE";
-    interface = "wlp6s0";
+    interface = "wlp7s0";
     ssid = "🦝";
     wpa = true;
     wpaPassphraseFile = config.sops.secrets."services/hostapd".path;

config/services/mautrix-discord.nix

@@ -30,8 +30,8 @@
         delete_portal_on_channel_delete = true;
         encryption = {
           allow = true;
-          default = true;
+          default = false;
-          require = true;
+          require = false;
           allow_key_sharing = true;
         };
         permissions = {

config/services/mautrix-signal.nix

@@ -38,10 +38,11 @@
         sync_with_custom_puppets = true;
         encryption = {
           allow = true;
-          default = true;
+          default = false;
-          require = true;
+          require = false;
           allow_key_sharing = true;
         };
+        sync_direct_chat_list = true;
         private_chat_portal_meta = true;
         delivery_receipts = true;
         delivery_error_reports = true;

config/services/mautrix-telegram.nix

@@ -43,10 +43,11 @@
         sync_with_custom_puppets = true;
         encryption = {
           allow = true;
-          default = true;
+          default = false;
-          require = true;
+          require = false;
           allow_key_sharing = true;
         };
+        public_portals = true;
         private_chat_portal_meta = true;
         mute_bridging = true;
         backfill = {
@@ -57,6 +58,7 @@
         };
         delivery_receipts = true;
         delivery_error_reports = true;
+        incoming_bridge_error_reports = true;
         pinned_tag = "m.favourite";
         archive_tag = "m.lowpriority";
         permissions = {

config/services/mautrix-whatsapp.nix

@@ -42,8 +42,8 @@
         url_previews = true;
         encryption = {
           allow = true;
-          default = true;
+          default = false;
-          require = true;
+          require = false;
           allow_key_sharing = true;
         };
         sync_with_custom_puppets = true;

config/services/router.nix

@@ -1,5 +1,5 @@
 _: {
-  networking.dhcpcd.allowInterfaces = ["enp1s0f0u4"]; # yes a usb network card don’t judge
+  networking.dhcpcd.allowInterfaces = ["enp2s0f0u4"]; # yes a usb network card don’t judge
   services.dhcpd4 = {
     enable = true;
     extraConfig = ''
@@ -31,7 +31,7 @@ _: {
   # No i don’t have ipv6 :(
   networking.firewall.extraCommands = ''
     iptables -A FORWARD -i br0 -j ACCEPT
-    iptables -t nat -A POSTROUTING -o enp1s0f0u4 -s 192.168.2.0/24 -j MASQUERADE
+    iptables -t nat -A POSTROUTING -o enp2s0f0u4 -s 192.168.2.0/24 -j MASQUERADE
   '';
   networking.interfaces.enp1s0f0u4.macAddress = "00:d8:61:d0:de:1e"; # fucking ISP
   boot.kernel.sysctl = {

config/services/synapse.nix

@@ -10,7 +10,6 @@
       server_name = "chir.rs";
       public_baseurl = "https://matrix.chir.rs/";
       default_room_version = 10;
-      encryption_enabled_by_default_for_room_type = "all";
       listeners = [
         {
           port = 8008;
@@ -84,7 +83,7 @@
         msc2716_enabled = true;
         msc3244_enabled = true;
         msc3266_enabled = true;
-        msc3030_enabled = true;
+
         msc2409_to_device_messages_enabled = true;
         msc3202_device_masquerading_enabled = true;
         msc3202_transaction_extensions = true;
@@ -93,6 +92,7 @@
         msc3720_enabled = true;
         msc2654_enabled = true;
         msc2815_enabled = true;
+        msc3391_enabled = true;
         msc3773_enabled = true;
         msc3664_enabled = true;
         msc3848_enabled = true;
@@ -100,8 +100,14 @@
         msc3881_enabled = true;
         msc3882_enabled = true;
         msc3874_enabled = true;
+        msc3890_enabled = true;
+        msc3381_polls_enabled = true;
         msc3912_enabled = true;
-        spaces_enabled = true;
+        msc1767_enabled = true;
+        msc3952_intentional_mentions = true;
+        msc3958_supress_edit_notifs = true;
+        msc3967_enabled = true;
+        msc2659_enabled = true;
       };
       #sentry.dsn = "https://18e36e6f16b5490c83364101717cddba@o253952.ingest.sentry.io/6449283";
     };

flake.nix

@@ -115,6 +115,14 @@ rec {
         name = "nas"; # My nas
         system = "x86_64-linux";
       }
+      {
+        name = "installer"; # Installer iso
+        system = "x86_64-linux";
+      }
+      {
+        name = "netboot"; # Installer netboot
+        system = "x86_64-linux";
+      }
       {
         name = "instance-20221213-1915"; # Oracle server
         system = "aarch64-linux";