mikael/idiosyn
mikael/idiosyn
1
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

Initial import

Browse source
This commit is contained in:
Mikael 2024-07-21 16:55:31 +02:00
commit dfc1945290
11 changed files with 823 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

111
flake.lock Normal file
View file

@ -0,0 +1,111 @@
{
"nodes": {
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flakey-profile": {
"locked": {
"lastModified": 1712898590,
"narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=",
"owner": "lf-",
"repo": "flakey-profile",
"rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d",
"type": "github"
},
"original": {
"owner": "lf-",
"repo": "flakey-profile",
"type": "github"
}
},
"lix": {
"flake": false,
"locked": {
"lastModified": 1720626042,
"narHash": "sha256-f8k+BezKdJfmE+k7zgBJiohtS3VkkriycdXYsKOm3sc=",
"rev": "2a4376be20d70feaa2b0e640c5041fb66ddc67ed",
"type": "tarball",
"url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/2a4376be20d70feaa2b0e640c5041fb66ddc67ed.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://git.lix.systems/lix-project/lix/archive/2.90.0.tar.gz"
}
},
"lix-module": {
"inputs": {
"flake-utils": "flake-utils",
"flakey-profile": "flakey-profile",
"lix": "lix",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1720641669,
"narHash": "sha256-yEO2cGNgzm9x/XxiDQI+WckSWnZX63R8aJLBRSXtYNE=",
"rev": "5c48c833c15bb80d127a398a8c2484d42fdd8257",
"type": "tarball",
"url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/5c48c833c15bb80d127a398a8c2484d42fdd8257.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://git.lix.systems/lix-project/nixos-module/archive/2.90.0.tar.gz"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1721379653,
"narHash": "sha256-8MUgifkJ7lkZs3u99UDZMB4kbOxvMEXQZ31FO3SopZ0=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "1d9c2c9b3e71b9ee663d11c5d298727dace8d374",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"lix-module": "lix-module",
"nixpkgs": "nixpkgs"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

53
flake.nix Normal file
View file

@ -0,0 +1,53 @@
{
inputs = {
nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-unstable";
lix-module = {
url = "https://git.lix.systems/lix-project/nixos-module/archive/2.90.0.tar.gz";
inputs.nixpkgs.follows = "nixpkgs";
};
};
nixConfig = {
extra-substituters = [
"https://cache.kyouma.net"
];
extra-trusted-public-keys = [
"cache.kyouma.net:Frjwu4q1rnwE/MnSTmX9yx86GNA/z3p/oElGvucLiZg="
];
};
outputs = { self, nixpkgs, ... }@inputs:
let
inherit (nixpkgs) lib;
platforms = lib.mapAttrs
(_: platform: lib.systems.elaborate platform)
(import ./platforms.nix);
modules = [
"btrfs" "ephemeral" "iosched" "musl" "ocsp"
];
in {
overlays.default = import ./overlay.nix;
legacyPackages = lib.mapAttrs (name: platform:
import nixpkgs {
localSystem = builtins.currentSystem or platform;
crossSystem = platform;
overlays = [ self.overlays.default ];
}) platforms;
nixosModules = lib.genAttrs modules (mod: import ./modules/${mod}.nix inputs)
// { default = { ... }: { imports = lib.map (mod: self.nixosModules.${mod}) modules; }; };
nixosConfigurations = lib.mapAttrs (_: platform: lib.nixosSystem {
specialArgs = { pkgs = self.legacyPackages.${platform.system}; };
modules = [ self.nixosModules.default ./nixos.nix ];
}) platforms;
hydraJobs = {
nixosConfigurations = lib.mapAttrs (_: config: config.system.build.toplevel) self.nixosConfigurations;
};
};
}

94
modules/btrfs.nix Normal file
View file

@ -0,0 +1,94 @@
{ ... }: { config, lib, pkgs, ... }:
let
inherit (lib)
optionalString
mkOption
types;
cfg = config.idiosyn.btrfs;
btrfs-scrub = pkgs.writeShellApplication {
name = "btrfs-scrub";
runtimeInputs = with pkgs; [ util-linux btrfs-progs ];
text = ''
findmnt --noheadings --output "SOURCE" --types btrfs --nofsroot | sort -u \
| xargs -n 1 -P "$(nproc)" -r btrfs scrub start -B
'';
};
btrfs-balance = pkgs.writeShellApplication {
name = "btrfs-balance";
runtimeInputs = with pkgs; [ util-linux btrfs-progs ];
text = ''
findmnt --types btrfs --output "SOURCE" --nofsroot --noheading | sort -u \
| xargs -n 1 -r findmnt --first-only --noheadings --output "TARGET" --types btrfs --source \
| xargs -n 1 -P "$(nproc)" -r btrfs balance start${optionalString (cfg.balance.dataUsage != null) " -dusage=${toString cfg.balance.dataUsage}"}${optionalString (cfg.balance.metadataUsage != null) " -musage=${toString cfg.balance.metadataUsage}"}
'';
};
in {
options = {
idiosyn.btrfs = {
scrub.timer = mkOption {
type = with types; nullOr nonEmptyStr;
default = null;
example = "weekly";
description = ''
Realtime (wallclock) timer for regular scrubs
See {manpage}systemd.time(7).
'';
};
balance = {
timer = mkOption {
type = with types; nullOr nonEmptyStr;
default = null;
example = "weekly";
description = ''
Realtime (wallclock) timer for regular balances.
See {manpage}systemd.time(7).
'';
};
dataUsage = mkOption {
type = with types; nullOr (ints.between 0 100);
default = 10;
description = ''
Balance only data block groups with usage below the given percentage.
'';
};
metadataUsage = mkOption {
type = with types; nullOr (ints.between 0 100);
default = 5;
description = ''
Balance only metadata block groups with usage below the given percentage.
'';
};
};
};
};
config = {
systemd.services.btrfs-scrub = lib.mkIf (cfg.scrub.timer != null) {
startAt = cfg.scrub.timer;
unitConfig.ConditionACPower = true;
serviceConfig = {
Type = "exec";
ExecStart = "${btrfs-scrub}/bin/btrfs-scrub";
};
};
systemd.services.btrfs-balance = lib.mkIf (cfg.balance.timer != null) {
startAt = cfg.balance.timer;
unitConfig.ConditionACPower = true;
serviceConfig = {
Type = "exec";
ExecStart = "${btrfs-balance}/bin/btrfs-balance";
};
};
};
}

210
modules/ephemeral.nix Normal file
View file

@ -0,0 +1,210 @@
{ ... }: { config, pkgs, lib, ...}:
with lib; let
cfg = config.local.ephemeral;
device = mkOption {
type = types.nonEmptyStr;
description = mdDoc "Device to mount.";
};
options = mkOption {
type = with types; listOf nonEmptyStr;
readOnly = true;
description = mdDoc "Options used to mount the file system.";
};
extraOptions = mkOption {
type = with types; listOf nonEmptyStr;
default = [ ];
description = mdDoc "Additional options used to mount the file system.";
};
filesystem = {
options = {
inherit device options extraOptions;
fsType = mkOption {
type = types.nonEmptyStr;
description = mdDoc "Type of the file system.";
};
};
};
tmpfs = {
options = {
inherit options extraOptions;
name = mkOption {
type = types.nonEmptyStr;
default = "none";
description = mdDoc "Name of the file system.";
};
size = mkOption {
type = with types; either nonEmptyStr ints.positive;
description = mdDoc "Size of the file system.";
};
mode = mkOption {
type = types.nonEmptyStr;
description = mdDoc "Initial permissions of the root directory.";
};
uid = mkOption {
type = with types; either nonEmptyStr ints.unsigned;
default = 0;
description = mdDom "Initial user ID of the root directory";
};
gid = mkOption {
type = with types; either nonEmptyStr ints.unsigned;
default = 0;
description = mdDom "Initial group ID of the root directory";
};
};
};
subvol = {
options = {
inherit options extraOptions;
subvolume = mkOption {
type = with types; nullOr nonEmptyStr;
default = null;
description = mdDoc "Source path of the subvolume.";
};
};
};
ephemeralDefaults = {
"/" = {
size = "256m";
mode = "755";
uid = 0;
gid = 0;
options = [ "nodev" "noexec" "nosuid" ];
extraOptions = [ ];
};
"/run/nix" = {
size = "80%";
mode = "1775";
uid = 0;
gid = "nixbld";
options = [ "nodev" "nosuid" ];
extraOptions = [ ];
};
"/tmp" = {
size = "256m";
mode = "1777";
uid = 0;
gid = 0;
options = [ "nodev" "noexec" "nosuid" ];
extraOptions = [ ];
};
};
subvolumeDefaults = {
"/etc/keys" = {
options = [ "nodev" "noexec" "nosuid" ];
extraOptions = [ "noatime" "compress=zstd" ];
};
"/nix" = {
options = [ "nodev" "nosuid" ];
extraOptions = [ "noatime" "compress=zstd" ];
};
"/var" = {
options = [ "nodev" "noexec" "nosuid" ];
extraOptions = [ "noatime" "compress=zstd" ];
};
};
in {
options = {
local.ephemeral = {
enable = mkEnableOption "ephemeral filesystem";
device = mkOption {
type = types.nonEmptyStr;
description = mdDoc "Persistent btrfs device.";
};
boot = {
inherit device;
fsType = mkOption {
type = types.nonEmptyStr;
};
options = mkOption {
inherit (options) type readOnly description;
default = [ "nodev" "noexec" "nosuid" ]
++ optionals (cfg.boot.fsType == "vfat") [ "fmask=0137" "dmask=022" ]
++ optionals (builtins.match "ext[34]" cfg.boot.fsType != null) [ "data=journal" ];
};
extraOptions = mkOption {
inherit (extraOptions) type description;
default = [ "noatime" ];
};
};
ephemeral = mkOption {
type = with types; attrsOf (submodule tmpfs);
description = mdDoc "Ephemeral filesystems.";
default = ephemeralDefaults;
};
subvolumes = mkOption {
type = with types; attrsOf (submodule subvol);
description = mdDoc "Persistent subvolumes.";
default = subvolumeDefaults;
example = {
"/home" = {
options = [ "nodev" "noexec" "nosuid" ];
extraOptions = [ "noatime" "compress=zstd" ];
};
};
};
};
};
config = mkIf cfg.enable {
boot.initrd.availableKernelModules = [ "zstd" ];
boot.supportedFilesystems = [ "btrfs" ];
environment.etc.machine-id.source = mkDefault "/etc/keys/machine-id";
environment.etc.secureboot.source = mkDefault "/etc/keys/secureboot";
fileSystems = {
"/boot" = mkOverride 99 {
device = cfg.boot.device;
fsType = cfg.boot.fsType;
options = cfg.boot.options ++ cfg.boot.extraOptions;
};
} //
(mapAttrs (key: val: mkOverride 99 {
fsType = "tmpfs";
options = val.options ++ val.extraOptions
++ [
"strictatime"
"size=${toString val.size}"
"mode=${val.mode}"
"uid=${toString val.uid}"
"gid=${toString val.gid}"
"huge=within_size"
];
}) (ephemeralDefaults // cfg.ephemeral)) //
(mapAttrs (key: val: mkOverride 99 {
device = cfg.device;
fsType = "btrfs";
options = val.options ++ val.extraOptions
++ [ "subvol=${if (val ? subvolume && val.subvolume != null) then val.subvolume else key}" ];
neededForBoot = true;
}) (subvolumeDefaults // cfg.subvolumes));
#nix.settings.build-dir = mkDefault "/run/nix";
systemd.services.nix-daemon.environment.TMPDIR = mkDefault "/run/nix";
systemd.tmpfiles.rules = [
"d /etc/keys 0751 root root"
"D /run/nix 1775 root nixbld 1d"
];
};
}

118
modules/iosched.nix Normal file
View file

@ -0,0 +1,118 @@
{ ... }: { config, lib, pkgs, ... }:
let
cfg = config.hardware.block;
escape = lib.strings.escape [ ''"'' ];
inherit (lib)
mkIf
mkOption
types
concatStrings
mapAttrsToList
optionalString;
in {
options.hardware.block = {
defaultScheduler = mkOption {
type = with types; nullOr nonEmptyStr;
default = null;
description = ''
Default block I/O scheduler.
Unless `null`, the value is assigned through a udev rule matching all
block devices.
'';
example = "kyber";
};
defaultSchedulerRotational = mkOption {
type = with types; nullOr nonEmptyStr;
default = null;
description = ''
Default block I/O scheduler for rotational drives (e.g. hard disks).
Unless `null`, the value is assigned through a udev rule matching all
rotational block devices.
This option takes precedence over
{option}`config.hardware.block.defaultScheduler`.
'';
example = "bfq";
};
scheduler = mkOption {
type = with types; attrsOf nonEmptyStr;
default = { };
description = ''
Assign block I/O scheduler by device name pattern.
Names are matched using the {manpage}`udev(7)` pattern syntax:
`*`
: Matches zero or more characters.
`?`
: Matches any single character.
`[]`
: Matches any single character specified in the brackets. Ranges are
supported via the `-` character.
`|`
: Separates alternative patterns.
Please note that overlapping patterns may produce unexpected results.
More complex configurations requiring these should instead be specified
directly through custom udev rules, for example via
[{option}`config.services.udev.extraRules`](#opt-services.udev.extraRules),
to ensure correct ordering.
Available schedulers depend on the kernel configuration but modern
Linux systems typically support:
`none`
: Nooperation scheduler with no reordering of requests. Suitable
for devices with fast random I/O such as NVMe SSDs.
[`mq-deadline`](https://www.kernel.org/doc/html/latest/block/deadline-iosched.html)
: Simple latencyoriented generalpurpose scheduler.
[`kyber`](https://www.kernel.org/doc/html/latest/block/kyber-iosched.html)
: Simple latencyoriented scheduler for fast multiqueue devices
like NVMe SSDs.
[`bfq`](https://www.kernel.org/doc/html/latest/block/bfq-iosched.html)
: Complex fairnessoriented scheduler. Higher processing overhead,
but good interactive response, especially with slower devices.
Schedulers assigned through this option take precedence over
{option}`config.hardware.block.defaultScheduler` and
{option}`config.hardware.block.defaultSchedulerRotational` but may be
overridden by other udev rules.
'';
example = {
"mmcblk[0-9]*" = "bfq";
"nvme[0-9]*" = "kyber";
};
};
};
config = mkIf (cfg.defaultScheduler != null ||
cfg.defaultSchedulerRotational != null || cfg.scheduler != { }) {
services.udev.packages = [
(pkgs.writeTextDir "etc/udev/rules.d/98-block-io-scheduler.rules"
(optionalString (cfg.defaultScheduler != null) ''
SUBSYSTEM=="block", ACTION=="add|change", TEST=="queue/scheduler", ATTR{queue/scheduler}="${escape cfg.defaultScheduler}"
'' + optionalString (cfg.defaultSchedulerRotational != null) ''
SUBSYSTEM=="block", ACTION=="add|change", ATTR{queue/rotational}=="1", TEST=="queue/scheduler", ATTR{queue/scheduler}="${escape cfg.defaultSchedulerRotational}"
'' + concatStrings (mapAttrsToList (name: sched: ''
SUBSYSTEM=="block", ACTION=="add|change", KERNEL=="${escape name}", ATTR{queue/scheduler}="${escape sched}"
'') cfg.scheduler)))
];
};
meta.maintainers = with lib.maintainers; [ mvs ];
}

15
modules/musl.nix Normal file
View file

@ -0,0 +1,15 @@
{ self, ... }: { config, lib, pkgs, modulesPath, ... }: {
disabledModules = [
(modulesPath + "/config/ldso.nix")
(modulesPath + "/config/stub-ld.nix")
(modulesPath + "/programs/nix-ld.nix")
];
config = lib.mkIf pkgs.stdenv.hostPlatform.isMusl {
security.pam.services.login.updateWtmp = lib.mkForce false;
services.nscd.enable = lib.mkForce false;
system.nssModules = lib.mkForce [ ];
};
}

85
modules/ocsp.nix Normal file
View file

@ -0,0 +1,85 @@
{ ... }: { config, pkgs, lib, ...}:
with lib; let
cfg = config.security.acme;
script = pkgs.writeShellApplication {
name = "ocsp-query";
runtimeInputs = with pkgs; [ openssl ];
text = ''
cd "$1"
tmp="$(mktemp ocsp.der.XXXXXXXXXX)"
trap 'rm -f "$tmp"' EXIT TERM
url="$(openssl x509 -in cert.pem -noout -ocsp_uri)"
openssl ocsp -issuer chain.pem -cert cert.pem -url "$url" -respout "$tmp"
chown "$(id -u):$(id -g)" "$tmp"
chmod 644 "$tmp"
mv "$tmp" ocsp.der
ln -s -f ocsp.der full.ocsp
'';
};
in {
options.security.acme.ocspTimer = mkOption {
type = with types; nullOr nonEmptyStr;
default = "daily";
description = mdDoc "Realtime (wall clock) timer for regular OCSP queries.";
};
config = mkIf (cfg.ocspTimer != null) {
systemd.services = mapAttrs' (cert: conf: nameValuePair "ocsp-${cert}" {
description = "Query OCSP endpoint for ${cert}";
after = [ "network.target" "network-online.target" "acme-${cert}.service" ];
wants = [ "network.target" "network-online.target" "acme-${cert}.service" ];
confinement.enable = true;
confinement.packages = with pkgs; [ openssl ];
serviceConfig = {
Type = "oneshot";
User = "acme";
Group = conf.group;
UMask = "0022";
BindPaths = [ conf.directory ];
ExecStart = "${script}/bin/ocsp-query ${escapeShellArg conf.directory}";
ProtectProc = "noaccess";
ProcSubset = "pid";
ProtectHome = true;
PrivateTmp = true;
PrivateDevices = true;
PrivateIPC = true;
ProtectHostname = true;
ProtectClock = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectKernelLogs = true;
ProtectControlGroups = true;
RestrictAddressFamilies = ["AF_INET" "AF_INET6" ];
RestrictNamespaces = true;
LockPersonality = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
RemoveIPC = true;
CapabilityBoundingSet = null;
NoNewPrivileges = true;
SystemCallFilter = [ "@system-service" "~@privileged" "@chown" ];
SystemCallArchitectures = "native";
DeviceAllow = null;
DevicePolicy = "closed";
SocketBindDeny = "any";
};
}) cfg.certs;
systemd.timers = mapAttrs' (cert: conf: nameValuePair "ocsp-${cert}" {
description = "Query OCSP endpoint for ${cert} regularly";
timerConfig.OnCalendar = cfg.ocspTimer;
}) cfg.certs;
};
}

92
modules/thinlto.nix Normal file
View file

@ -0,0 +1,92 @@
{ ... }: { config, lib, ... }:
let
cfg = config.nix.thinlto;
timespan = lib.mkOptionType {
name = "Time span";
check = v: lib.isString v && builtins.match "([1-9][0-9]* ?(µs|[um]s(ec)?|s(ec(onds?)?)?|m(in(utes?)?)?|h(ours?)?|d(ays?)?|w(eeks?)?|months?|M|y(years?)?)( |$)?)+" v;
merge = lib.mergeEqualOptions;
};
in {
options.nix.thinlto = {
cacheDir = lib.mkOption {
type = lib.types.path;
description = "ThinLTO cache directory";
default = "/var/cache/thinlto";
};
cacheDirSandbox = lib.mkOption {
type = lib.types.path;
description = "ThinLTO cache directory in sandbox";
default = "/cache/thinlto";
readonly = true;
};
owner = lib.mkOption {
type = lib.types.nonEmptyStr;
description = "Owner of the ThinLTO cache directory";
default = "root";
};
group = lib.mkOption {
type = lib.types.nonEmptyStr;
description = "Group owner of the ThinLTO cache directory";
default = "nixbld";
};
expiry = lib.mkOption {
type = with lib.types; nullOr timespan;
description = "ThinLTO cache expiration age";
default = "90d";
};
config = {
nix.settings.extra-sandbox-paths = [ "${cfg.cacheDirSandbox}=${cfg.cacheDir}" ];
nixpkgs.overlays = [(final: prev:
let
inherit (final) addAttrsToDerivation optional;
in {
useThinLTO = stdenv: if stdenv.cc.isClang && stdenv.cc.bintools.isLLVM
then addAttrsToDerivation (args: {
env = (args.env or { }) // {
NIX_CFLAGS_COMPILE = toString (optional (args ? env.NIX_CFLAGS_COMPILE) args.env.NIX_CFLAGS_COMPILE
++ [ "-flto=thin" ]);
};
NIX_CFLAGS_LINK = (optional (args ? NIX_CFLAGS_LINK) args.NIX_CFLAGS_LINK)
++ [ "-Wl,--thinlto-cache-dir=${cfg.cacheDirSandbox}" ];
NIX_LDFLAGS = (optional (args ? NIX_LDFLAGS) args.NIX_LDFLAGS)
++ [ "--thinlto-cache-dir=${cfg.cacheDirSandbox}" ];
NIX_RUSTFLAGS = (optional (args ? NIX_RUSTFLAGS) args.NIX_RUSTFLAGS)
++ [ "-C lto=thin" "-C linker-plugin-lto=true" "-C link-arg=--thinlto-cache-dir=${cfg.cacheDirSandbox}" ];
}) stdenv
else builtins.trace "ThinLTO requires Clang and LLD" stdenv;
})];
nixpkgs.config = {
replaceStdenv = lib.mkDefault ({ pkgs }:
let
inherit (pkgs) overrideCC stdenv useThinLTO;
inherit (pkgs.llvmPackages_latest) clangUseLLVM;
in useThinLTO (overrideCC stdenv clangUseLLVM));
replaceCrossStdenv = lib.mkDefault ({ buildPackages, baseStdenv }:
let
inherit (buildPackages) overrideCC;
inherit (buildPackages.llvmPackages_latest) clangUseLLVM;
in overrideCC baseStdenv clangUseLLVM);
};
systemd.tmpfiles.settings = {
${cfg.cacheDir}.q = {
user = cfg.owner;
group = cfg.group;
mode = "2770";
age = lib.mkIf (cfg.expiry != null) cfg.expiry;
};
};
};
};
}

22
nixos.nix Normal file
View file

@ -0,0 +1,22 @@
{ pkgs, ... }: {
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
fileSystems."/".label = "nixos";
nixpkgs = { inherit pkgs; };
security.sudo.wheelNeedsPassword = false;
services.getty.autologinUser = "nixos";
users.users.nixos = {
isNormalUser = true;
extraGroups = [ "wheel" ];
};
system.stateVersion = "24.11";
virtualisation.vmVariant.virtualisation.diskImage = null;
hardware.block.defaultScheduler = "kyber";
}

15
overlay.nix Normal file
View file

@ -0,0 +1,15 @@
final: prev:
let
inherit (final) lib callPackage;
in {
glibcLocales = callPackage (prev.path + "/pkgs/development/libraries/glibc/locales.nix") { };
keyutils = prev.keyutils.overrideAttrs (args: {
buildFlags = args.buildFlags or [ ]
++ lib.optional final.keyutils.stdenv.cc.bintools.isLLVM "LDFLAGS=-Wl,--undefined-version";
});
cpp-utilities = prev.cpp-utilities.overrideAttrs (args: {
buildInputs = [ final.boost ];
});
}

8
platforms.nix Normal file
View file

@ -0,0 +1,8 @@
{
"x86_64-linux" = {
config = "x86_64-unknown-linux-musl";
gcc.arch = "x86-64-v3";
useLLVM = true;
linker = "lld";
};
}