shared-public-infra/modules/nix-daemon.nix

94 lines
2.8 KiB
Nix
Raw Permalink Normal View History

{ lib
, config
, pkgs
, ...
}:
let
gcc-system-features = arch: lib.optionals (arch != null) ([ "gccarch-${arch}" ]
++ map (x: "gccarch-${x}") lib.systems.architectures.inferiors.${arch});
in
{
options = {
simd.arch = lib.mkOption {
type = with lib.types; nullOr str;
default = null;
description = ''
Microarchitecture string for nixpkgs.hostPlatform.gcc.march and to generate system-features.
Can be determined with: gcc -march=native -Q --help=target | grep march
'';
};
};
imports = [ ./builder.nix ];
config = {
warnings = lib.optionals (config.simd.arch == null) [ "Please set simd.arch for ${config.networking.hostName}" ];
# Allow more open files for non-root users to run NixOS VM tests.
security.pam.loginLimits = [
{ domain = "*"; item = "nofile"; type = "-"; value = "20480"; }
];
# Makes the computer go faster.
# nixos.jobserver.enable = true;
# TODO(raito): rework this.
# Avoid weird failures for builders.
services.openssh.settings.MaxStartups = 100;
services.openssh.settings.MaxSessions = 100;
2023-08-12 23:21:32 +00:00
# Memory accounting techniques
systemd.services.nix-daemon.serviceConfig = {
MemoryAccounting = true;
MemoryMax = "225G";
MemoryHigh = "220G";
MemorySwapMax = "2G";
ManagedOOMSwap = "kill";
ManagedOOMMemoryPressure = "kill";
MemoryPressureWatch = "on";
};
nix = {
# Garbage-collect often
gc.automatic = true;
gc.dates = "*:45";
gc.options = ''--max-freed "$((128 * 1024**3 - 1024 * $(df -P -k /nix/store | tail -n 1 | ${pkgs.gawk}/bin/awk '{ print $4 }')))"'';
# Randomize GC to avoid thundering herd effects.
gc.randomizedDelaySec = "1800";
# should be enough?
2023-08-03 20:56:37 +00:00
nrBuildUsers = 128;
settings = {
keep-outputs = false;
keep-derivations = false;
2023-08-12 23:21:32 +00:00
use-cgroups = true;
http-connections = 0;
auto-allocate-uids = true;
cores = 0;
2023-08-12 23:21:32 +00:00
max-jobs = 2; # Do not build more than 2 derivations at once in the event, both of them are too big, yes this is stupid, fix it in Nix.
fsync-metadata = true;
substituters = [
"https://nix-community.cachix.org"
"https://tum-dse.cachix.org"
];
system-features = [ "benchmark" "big-parallel" "kvm" "nixos-test" ] ++ gcc-system-features config.simd.arch;
trusted-public-keys = [
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"tum-dse.cachix.org-1:v67rK18oLwgO0Z4b69l30SrV1yRtqxKpiHodG4YxhNM="
];
2023-08-12 23:21:32 +00:00
experimental-features = [
"auto-allocate-uids"
# "ca-derivations" this feature is really extremely broken.
2023-08-12 23:21:32 +00:00
"cgroups"
"fetch-closure"
"impure-derivations"
];
};
};
nixpkgs.config.allowUnfree = true;
};
}