challenger: set kernel params to prevent cpu hissy fits

challenger: re-add backup nfs mount
challenger: disable nvidia.open
2025-01-16 21:51:08 +01:00 · 2025-01-16 21:51:08 +01:00 · 2025-01-16 21:51:08 +01:00 · 2025-01-16 21:51:08 +01:00 · 2025-01-16 21:51:08 +01:00
5 changed files with 58 additions and 14 deletions
--- a/hosts/challenger/amalieem.nix
+++ b/hosts/challenger/amalieem.nix
@ -0,0 +1,37 @@
+{ config, pkgs, lib, ... }:
+let
+  cmdChownManga = pkgs.writeScriptBin "chownManga" ''
+    #!${pkgs.stdenv.shell}
+
+    chown -R amalieem:komga /tank/media/komga/Amalie
+    chmod -R 750 /tank/media/komga/Amalie
+  '';
+in {
+  users.users."amalieem" = {
+    isNormalUser = true;
+    home = "/home/amalieem";
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID7e+BAoXIFmTeeBYAVImQAcyx6SCoYCErA7h16OGL70 amalieem@wentworth"
+    ];
+    packages = with pkgs; [
+      cmdChownManga
+
+      mangal
+      rsync
+    ];
+  };
+
+  security.sudo = {
+    enable = true;
+    extraRules = [{
+      commands = [
+        {
+          command = "${lib.getExe cmdChownManga}";
+          options = [ "NOPASSWD" ];
+        }
+      ];
+      users = [ "amalieem" ];
+    }];
+  };
+}
+
--- a/hosts/challenger/configuration.nix
+++ b/hosts/challenger/configuration.nix
@ -7,6 +7,7 @@

      ../../base.nix
      ../../common/metrics-exporters.nix
+      ./amalieem.nix
      ./backup.nix
      # ./exports.nix
      ./filesystems.nix
@ -53,7 +54,7 @@

  hardware.nvidia = {
    modesetting.enable = true;
-    open = true;
+    open = false;
  };

  hardware.graphics.enable = true;
--- a/hosts/challenger/filesystems.nix
+++ b/hosts/challenger/filesystems.nix
@ -17,16 +17,16 @@
    interval = "Wed *-*-8..14 00:00:00";
  };

-  # fileSystems = {
-  #   "/mnt/feal-syn1/backup" = {
-  #     device = "feal-syn1.home.feal.no:/volume2/backup";
-  #     fsType = "nfs";
-  #     options = [
-  #       "defaults"
-  #       "noatime"
-  #       "rw"
-  #       "nfsvers=3"
-  #     ];
-  #   };
-  # };
+  fileSystems = {
+    "/mnt/feal-syn1/backup" = {
+      device = "feal-syn1.home.feal.no:/volume2/backup";
+      fsType = "nfs";
+      options = [
+        "defaults"
+        "noatime"
+        "rw"
+        "nfsvers=3"
+      ];
+    };
+  };
 }
--- a/hosts/challenger/hardware-configuration.nix
+++ b/hosts/challenger/hardware-configuration.nix
@ -12,6 +12,12 @@
  boot.initrd.kernelModules = [ ];
  boot.kernelModules = [ "kvm-amd" ];
  boot.extraModulePackages = [ ];
+  boot.kernelParams = [
+    # https://wiki.gentoo.org/wiki/Ryzen#Ryzen_Threadripper
+    "processor.max_cstate=1"
+    "rcu_nocbs=0-11"
+    "idle=nomwait"
+  ];

  fileSystems."/" =
    { device = "/dev/disk/by-uuid/ea31d0ea-2949-420a-99ea-7f77c4b7091e";
--- a/hosts/challenger/services/nextcloud.nix
+++ b/hosts/challenger/services/nextcloud.nix
@ -133,7 +133,7 @@ in {
      ProtectProc = "invisible";
      ReadWritePaths = [ "/tank/nextcloud" "/run/phpfpm" "/run/systemd" ];
      ReadOnlyPaths = [ "/run/secrets" "/nix/store" ];
-      InaccessbilePaths = [ "/tank/media" "/tank/backup" ];
+      InaccessiblePaths = [ "/tank/media" "/tank/backup" ];
      RemoveIPC = true;
      RestrictSUIDSGID = true;
      UMask = "0007";
Author	SHA1	Message	Date
Felix Albrigtsen	26f4174b0b	challenger: set kernel params to prevent cpu hissy fits	2025-01-16 21:51:08 +01:00
Felix Albrigtsen	f2230c6e70	challenger: re-add backup nfs mount	2025-01-16 21:51:08 +01:00
Felix Albrigtsen	05134a6121	challenger: disable nvidia.open	2025-01-16 21:51:08 +01:00
Felix Albrigtsen	c5ca99e05f	challenger/nextcloud: fix typo	2025-01-16 21:51:08 +01:00
Felix Albrigtsen	28296d5066	challenger: add user amalieem	2025-01-16 21:51:08 +01:00