titaniumtown/server-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
server-config/configuration.nix
Simon Gardling a528317e08
set gpu module to "xe" 
Possibly could fix i915 driver issues I'm having
with my arc a380?

Panic:
```
Unexpected send: action=0x1000
WARNING: CPU: 7 PID: 62977 at drivers/gpu/drm/i915/gt/uc/intel_guc_ct.c:844 intel_guc_ct_send+0x67a/0x7d0 [i915]
Modules linked in: bluetooth ecdh_generic ecc crc16 xt_nat nft_chain_nat nf_nat veth wireguard curve25519_x86_64 libchacha20poly1305 chacha_x86_64 poly1305
_x86_64 libcurve25519_generic libchacha ip6_udp_tunnel udp_tunnel msr af_packet mei_hdcp mei_pxp cfg80211 mei_gsc mei_me rfkill mei xe snd_hda_codec_hdmi e
dac_mce_amd edac_core intel_rapl_msr amd_atl intel_rapl_common snd_hda_intel crct10dif_pclmul polyval_clmulni polyval_generic snd_intel_dspcfg ghash_clmuln
i_intel snd_intel_sdw_acpi r8169 sha512_ssse3 sha256_ssse3 snd_hda_codec sha1_ssse3 snd_hda_core aesni_intel drm_gpuvm snd_hwdep gf128mul drm_exec realtek
gpu_sched snd_pcm crypto_simd drm_suballoc_helper cryptd mdio_devres drm_ttm_helper wmi_bmof snd_timer of_mdio snd fixed_phy soundcore fwnode_mdio rapl sp5
100_tco libphy watchdog xt_conntrack input_leds joydev led_class evdev mac_hid tiny_power_button rtc_cmos nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 gpio_a
mdpt onboard_usb_dev gpio_generic xt_tcpudp button uas ipt_rpfilter xt_pkttype nft_compat
 nf_tables libcrc32c crc32c_generic crc32c_intel sch_fq_codel ee1004 i2c_piix4 i2c_smbus i2c_dev atkbd libps2 serio vivaldi_fmap loop cpufreq_powersave tun
 tap macvlan bridge stp llc zenpower(O) kvm_amd ccp rng_core kvm irqbypass fuse efi_pstore configfs nfnetlink dmi_sysfs ip_tables x_tables nls_iso8859_1 nl
s_cp437 vfat f2fs fat dm_snapshot dm_bufio hid_generic dm_mod dax crc32_generic lz4hc_compress sd_mod usbhid hid usb_storage lz4_compress i915 ahci i2c_alg
o_bit drm_buddy libahci video libata ttm intel_gtt nvme scsi_mod drm_display_helper nvme_core xhci_pci nvme_auth cec xhci_hcd crc32_pclmul scsi_common wmi
zfs(PO) spl(O) efivarfs autofs4
CPU: 7 UID: 995 PID: 62977 Comm: av:hevc:df0 Tainted: P        W  O       6.12.50-hardened1 #1-NixOS
Tainted: [P]=PROPRIETARY_MODULE, [W]=WARN, [O]=OOT_MODULE
Hardware name: To Be Filled By O.E.M. B550M Pro4/B550M Pro4, BIOS P3.40 01/18/2024
RIP: 0010:intel_guc_ct_send+0x67a/0x7d0 [i915]
Code: 87 d0 06 00 00 3c 01 0f 87 d7 2f 17 00 a8 01 0f 85 42 ff ff ff 90 48 8b 44 24 18 48 c7 c7 50 43 34 c1 8b 30 e8 07 bf 89 d7 90 <0f> 0b 90 90 e9 24 ff
ff ff 48 8b 7c 24 20 e8 63 45 5d d8 48 8d 7c
RSP: 0018:ffffd57551c770c0 EFLAGS: 00010046
RAX: 0000000000000000 RBX: ffff8e019b6b8508 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffd57551c77158 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffff8e01a5680b80
R13: ffff8e019b6b82a0 R14: ffff8e018b0c7004 R15: ffff8e019b6b82a0
FS:  00006b26fb1596c0(0000) GS:ffff8e107ef80000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00006b26cc2b8438 CR3: 00000003c0dde000 CR4: 0000000000f50ef0
PKRU: 55555554
Call Trace:
 <TASK>
 ? srso_alias_return_thunk+0x5/0xfbef5
 __guc_add_request+0xd2/0x2c0 [i915]
 guc_submit_request+0x1bc/0x210 [i915]
 submit_notify+0xfd/0x150 [i915]
 __i915_sw_fence_complete+0x3a/0x210 [i915]
 __i915_request_queue+0x51/0x70 [i915]
 i915_request_add+0x64/0xe0 [i915]
 intel_context_migrate_copy+0x39e/0xac0 [i915]
 __i915_ttm_move+0x821/0xa00 [i915]
 i915_ttm_move+0x348/0x470 [i915]
 ? unmap_mapping_range+0x85/0x150
 ttm_bo_handle_move_mem+0xe1/0x1d0 [ttm]
 ttm_bo_validate+0xde/0x190 [ttm]
 ? srso_alias_return_thunk+0x5/0xfbef5
 __i915_ttm_get_pages+0x9f/0x1b0 [i915]
 i915_ttm_get_pages+0xca/0x180 [i915]
 ? srso_alias_return_thunk+0x5/0xfbef5
 ? srso_alias_return_thunk+0x5/0xfbef5
 __i915_gem_object_get_pages+0x3a/0x50 [i915]
 i915_vma_pin_ww+0x718/0x9c0 [i915]
 eb_validate_vmas+0x192/0xaa0 [i915]
 ? srso_alias_return_thunk+0x5/0xfbef5
 i915_gem_do_execbuffer+0xfc9/0x2890 [i915]
 i915_gem_execbuffer2_ioctl+0x16b/0x290 [i915]
 ? __pfx_i915_gem_execbuffer2_ioctl+0x10/0x10 [i915]
 drm_ioctl_kernel+0xb8/0x110
 drm_ioctl+0x2c6/0x550
 ? __pfx_i915_gem_execbuffer2_ioctl+0x10/0x10 [i915]
 __x64_sys_ioctl+0x9c/0xe0
 do_syscall_64+0xd5/0x210
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x6b270a88cf0f
Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 28 48 8b 44 24 18 64 48 2b 04 25 28 00 00
RSP: 002b:00006b26fb13f560 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00006b26cc2b4540 RCX: 00006b270a88cf0f
RDX: 00006b26fb13f650 RSI: 00000000c0406469 RDI: 0000000000000003
RBP: 00006b26fb13f650 R08: 0000000000000000 R09: 0000000000000000
R10: 00006b26cc263d10 R11: 0000000000000246 R12: 00000000c0406469
R13: 0000000000000003 R14: 000000003c959460 R15: 000000003c948860
 </TASK>
---[ end trace 0000000000000000 ]---
```
2025-11-06 16:41:51 -05:00

285 lines
5.5 KiB
Nix
Raw Blame History

{
config,
lib,
pkgs,
hostname,
username,
eth_interface,
service_configs,
options,
...
}:
{
imports = [
./hardware.nix
./zfs.nix
./impermanence.nix
./usb-secrets.nix
./age-secrets.nix
./secureboot.nix
./no-rgb.nix
./services/postgresql.nix
./services/jellyfin.nix
./services/caddy.nix
./services/immich.nix
./services/gitea.nix
./services/minecraft.nix
./services/wg.nix
./services/qbittorrent.nix
./services/jellyfin-qbittorrent-monitor.nix
./services/bitmagnet.nix
./services/soulseek.nix
# ./services/llama-cpp.nix
./services/ups.nix
./services/bitwarden.nix
# KEEP UNTIL 2028
./services/caddy_senior_project.nix
];
systemd.targets = {
sleep.enable = false;
suspend.enable = false;
hibernate.enable = false;
hybrid-sleep.enable = false;
};
# srvos enables vim, i don't want to use vim, disable it here:
programs.vim = {
defaultEditor = false;
}
// lib.optionalAttrs (options.programs.vim ? enable) {
enable = false;
};
powerManagement = {
powertop.enable = true;
enable = true;
cpuFreqGovernor = "powersave";
};
# https://github.com/NixOS/nixpkgs/issues/101459#issuecomment-758306434
security.pam.loginLimits = [
{
domain = "*";
type = "soft";
item = "nofile";
value = "4096";
}
];
nix = {
# optimize the store
optimise.automatic = true;
};
hardware.intelgpu.driver = "xe";
boot = {
# 6.12 LTS until 2026
kernelPackages = pkgs.linuxPackages_6_12_hardened;
loader = {
# Use the systemd-boot EFI boot loader.
efi.canTouchEfiVariables = true;
# 1s timeout
timeout = 1;
};
initrd = {
compressor = "zstd";
supportedFilesystems = [ "f2fs" ];
};
};
environment.etc = {
"issue".text = "";
};
# Set your time zone.
time.timeZone = "America/New_York";
# Enable the OpenSSH daemon.
services.openssh = {
enable = true;
settings = {
AllowUsers = [
username
"root"
];
PasswordAuthentication = false;
PermitRootLogin = "yes"; # for deploying configs
};
};
hardware.graphics = {
enable = true;
extraPackages = with pkgs; [
vaapiVdpau
intel-compute-runtime # OpenCL filter support (hardware tonemapping and subtitle burn-in)
vpl-gpu-rt # QSV on 11th gen or newer
];
};
#fwupd for updating firmware
services.fwupd = {
enable = true;
extraRemotes = [ "lvfs-testing" ];
};
environment.systemPackages = with pkgs; [
helix
lm_sensors
bottom
htop
doas-sudo-shim
neofetch
borgbackup
smartmontools
ripgrep
intel-gpu-tools
iotop
iftop
tmux
wget
powertop
lsof
reflac
list-usb-drives
pfetch-rs
sbctl
# add `skdump`
libatasmart
];
networking = {
nameservers = [
"1.1.1.1"
"9.9.9.9"
];
hostName = hostname;
hostId = "0f712d56";
firewall.enable = true;
useDHCP = false;
enableIPv6 = false;
interfaces.${eth_interface} = {
ipv4.addresses = [
{
address = "192.168.1.50";
# address = "10.1.1.102";
prefixLength = 24;
}
];
ipv6.addresses = [
{
address = "fe80::9e6b:ff:fe4d:abb";
prefixLength = 64;
}
];
};
defaultGateway = {
#address = "10.1.1.1";
address = "192.168.1.1";
interface = eth_interface;
};
# TODO! fix this
# defaultGateway6 = {
# address = "fe80::/64";
# interface = eth_interface;
# };
};
users.groups.${service_configs.media_group} = { };
users.users.${username} = {
isNormalUser = true;
extraGroups = [
"wheel"
"video"
"render"
service_configs.media_group
];
# TODO! use proper secrets management
hashedPasswordFile = config.age.secrets.hashedPass.path;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO4jL6gYOunUlUtPvGdML0cpbKSsPNqQ1jit4E7U1RyH" # laptop
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBJjT5QZ3zRDb+V6Em20EYpSEgPW5e/U+06uQGJdraxi" # desktop
];
};
# used for deploying configs to server
users.users.root.openssh.authorizedKeys.keys =
config.users.users.${username}.openssh.authorizedKeys.keys;
# https://nixos.wiki/wiki/Fish#Setting_fish_as_your_shell
programs.fish.enable = true;
programs.bash = {
interactiveShellInit = ''
if [[ $(${pkgs.procps}/bin/ps --no-header --pid=$PPID --format=comm) != "fish" && -z ''${BASH_EXECUTION_STRING} ]]
then
shopt -q login_shell && LOGIN_OPTION='--login' || LOGIN_OPTION=""
exec ${pkgs.fish}/bin/fish $LOGIN_OPTION
fi
'';
};
security = {
#lets use doas and not sudo!
doas.enable = true;
sudo.enable = false;
# Configure doas
doas.extraRules = [
{
users = [ username ];
keepEnv = true;
persist = true;
}
];
};
services.murmur = {
enable = true;
openFirewall = true;
welcometext = "meow meow meow meow meow :3 xd";
password = builtins.readFile ./secrets/murmur_password;
};
# services.botamusique = {
# enable = true;
# settings = {
# server = {port = config.services.murmur.port;
# password = config.services.murmur.password;
# };
# };
# };
# systemd.tmpfiles.rules = [
# "Z /tank/music 775 ${username} users"
# ];
system.stateVersion = "24.11";
}
Reference in New Issue View Git Blame Copy Permalink