From 4c55a97341815001c9858e9e8492b7137e7147d8 Mon Sep 17 00:00:00 2001 From: John Titor <50095635+JohnRTitor@users.noreply.github.com> Date: Wed, 19 Jun 2024 23:09:47 +0530 Subject: [PATCH 1/3] nixos/ananicy: use lib. explicitly --- nixos/modules/services/misc/ananicy.nix | 44 ++++++++++++------------- 1 file changed, 21 insertions(+), 23 deletions(-) diff --git a/nixos/modules/services/misc/ananicy.nix b/nixos/modules/services/misc/ananicy.nix index c38d3ed6e3948..98c7381671893 100644 --- a/nixos/modules/services/misc/ananicy.nix +++ b/nixos/modules/services/misc/ananicy.nix @@ -1,25 +1,23 @@ { config, lib, pkgs, ... }: -with lib; - let cfg = config.services.ananicy; - configFile = pkgs.writeText "ananicy.conf" (generators.toKeyValue { } cfg.settings); - extraRules = pkgs.writeText "extraRules" (concatMapStringsSep "\n" (l: builtins.toJSON l) cfg.extraRules); - extraTypes = pkgs.writeText "extraTypes" (concatMapStringsSep "\n" (l: builtins.toJSON l) cfg.extraTypes); - extraCgroups = pkgs.writeText "extraCgroups" (concatMapStringsSep "\n" (l: builtins.toJSON l) cfg.extraCgroups); + configFile = pkgs.writeText "ananicy.conf" (lib.generators.toKeyValue { } cfg.settings); + extraRules = pkgs.writeText "extraRules" (lib.concatMapStringsSep "\n" (l: builtins.toJSON l) cfg.extraRules); + extraTypes = pkgs.writeText "extraTypes" (lib.concatMapStringsSep "\n" (l: builtins.toJSON l) cfg.extraTypes); + extraCgroups = pkgs.writeText "extraCgroups" (lib.concatMapStringsSep "\n" (l: builtins.toJSON l) cfg.extraCgroups); servicename = if ((lib.getName cfg.package) == (lib.getName pkgs.ananicy-cpp)) then "ananicy-cpp" else "ananicy"; in { options = { services.ananicy = { - enable = mkEnableOption "Ananicy, an auto nice daemon"; + enable = lib.mkEnableOption "Ananicy, an auto nice daemon"; - package = mkPackageOption pkgs "ananicy" { + package = lib.mkPackageOption pkgs "ananicy" { example = "ananicy-cpp"; }; - rulesProvider = mkPackageOption pkgs "ananicy" { + rulesProvider = lib.mkPackageOption pkgs "ananicy" { example = "ananicy-cpp"; } // { description = '' @@ -27,8 +25,8 @@ in ''; }; - settings = mkOption { - type = with types; attrsOf (oneOf [ int bool str ]); + settings = lib.mkOption { + type = with lib.types; attrsOf (oneOf [ int bool str ]); default = { }; example = { apply_nice = false; @@ -38,8 +36,8 @@ in ''; }; - extraRules = mkOption { - type = with types; listOf attrs; + extraRules = lib.mkOption { + type = with lib.types; listOf attrs; default = [ ]; description = '' Rules to write in 'nixRules.rules'. See: @@ -51,8 +49,8 @@ in { name = "fdupes"; type = "BG_CPUIO"; } ]; }; - extraTypes = mkOption { - type = with types; listOf attrs; + extraTypes = lib.mkOption { + type = with lib.types; listOf attrs; default = [ ]; description = '' Types to write in 'nixTypes.types'. See: @@ -63,8 +61,8 @@ in { type = "compiler"; nice = 19; sched = "batch"; ioclass = "idle"; } ]; }; - extraCgroups = mkOption { - type = with types; listOf attrs; + extraCgroups = lib.mkOption { + type = with lib.types; listOf attrs; default = [ ]; description = '' Cgroups to write in 'nixCgroups.cgroups'. See: @@ -77,7 +75,7 @@ in }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { environment = { systemPackages = [ cfg.package ]; etc."ananicy.d".source = pkgs.runCommandLocal "ananicyfiles" { } '' @@ -92,16 +90,16 @@ in # configured through .setings rm -f $out/ananicy.conf cp ${configFile} $out/ananicy.conf - ${optionalString (cfg.extraRules != [ ]) "cp ${extraRules} $out/nixRules.rules"} - ${optionalString (cfg.extraTypes != [ ]) "cp ${extraTypes} $out/nixTypes.types"} - ${optionalString (cfg.extraCgroups != [ ]) "cp ${extraCgroups} $out/nixCgroups.cgroups"} + ${lib.optionalString (cfg.extraRules != [ ]) "cp ${extraRules} $out/nixRules.rules"} + ${lib.optionalString (cfg.extraTypes != [ ]) "cp ${extraTypes} $out/nixTypes.types"} + ${lib.optionalString (cfg.extraCgroups != [ ]) "cp ${extraCgroups} $out/nixCgroups.cgroups"} ''; }; # ananicy and ananicy-cpp have different default settings services.ananicy.settings = let - mkOD = mkOptionDefault; + mkOD = lib.mkOptionDefault; in { cgroup_load = mkOD true; @@ -133,6 +131,6 @@ in }; meta = { - maintainers = with maintainers; [ artturin ]; + maintainers = with lib.maintainers; [ artturin ]; }; } From d626da64ec8868f268ffb1063684fc13a1081c9b Mon Sep 17 00:00:00 2001 From: John Titor <50095635+JohnRTitor@users.noreply.github.com> Date: Fri, 2 Aug 2024 14:45:45 +0530 Subject: [PATCH 2/3] nixos/ananicy: format with nixfmt-rfc-style --- nixos/modules/services/misc/ananicy.nix | 186 ++++++++++++++---------- 1 file changed, 110 insertions(+), 76 deletions(-) diff --git a/nixos/modules/services/misc/ananicy.nix b/nixos/modules/services/misc/ananicy.nix index 98c7381671893..52bf06ce2944e 100644 --- a/nixos/modules/services/misc/ananicy.nix +++ b/nixos/modules/services/misc/ananicy.nix @@ -1,77 +1,107 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: let cfg = config.services.ananicy; configFile = pkgs.writeText "ananicy.conf" (lib.generators.toKeyValue { } cfg.settings); - extraRules = pkgs.writeText "extraRules" (lib.concatMapStringsSep "\n" (l: builtins.toJSON l) cfg.extraRules); - extraTypes = pkgs.writeText "extraTypes" (lib.concatMapStringsSep "\n" (l: builtins.toJSON l) cfg.extraTypes); - extraCgroups = pkgs.writeText "extraCgroups" (lib.concatMapStringsSep "\n" (l: builtins.toJSON l) cfg.extraCgroups); - servicename = if ((lib.getName cfg.package) == (lib.getName pkgs.ananicy-cpp)) then "ananicy-cpp" else "ananicy"; + extraRules = pkgs.writeText "extraRules" ( + lib.concatMapStringsSep "\n" (l: builtins.toJSON l) cfg.extraRules + ); + extraTypes = pkgs.writeText "extraTypes" ( + lib.concatMapStringsSep "\n" (l: builtins.toJSON l) cfg.extraTypes + ); + extraCgroups = pkgs.writeText "extraCgroups" ( + lib.concatMapStringsSep "\n" (l: builtins.toJSON l) cfg.extraCgroups + ); + servicename = + if ((lib.getName cfg.package) == (lib.getName pkgs.ananicy-cpp)) then "ananicy-cpp" else "ananicy"; in { - options = { - services.ananicy = { - enable = lib.mkEnableOption "Ananicy, an auto nice daemon"; + options.services.ananicy = { + enable = lib.mkEnableOption "Ananicy, an auto nice daemon"; - package = lib.mkPackageOption pkgs "ananicy" { - example = "ananicy-cpp"; - }; + package = lib.mkPackageOption pkgs "ananicy" { example = "ananicy-cpp"; }; - rulesProvider = lib.mkPackageOption pkgs "ananicy" { - example = "ananicy-cpp"; - } // { - description = '' - Which package to copy default rules,types,cgroups from. - ''; - }; + rulesProvider = lib.mkPackageOption pkgs "ananicy" { example = "ananicy-cpp"; } // { + description = '' + Which package to copy default rules,types,cgroups from. + ''; + }; - settings = lib.mkOption { - type = with lib.types; attrsOf (oneOf [ int bool str ]); - default = { }; - example = { - apply_nice = false; - }; - description = '' - See - ''; + settings = lib.mkOption { + type = + with lib.types; + attrsOf (oneOf [ + int + bool + str + ]); + default = { }; + example = { + apply_nice = false; }; + description = '' + See + ''; + }; - extraRules = lib.mkOption { - type = with lib.types; listOf attrs; - default = [ ]; - description = '' - Rules to write in 'nixRules.rules'. See: - - - ''; - example = [ - { name = "eog"; type = "Image-Viewer"; } - { name = "fdupes"; type = "BG_CPUIO"; } - ]; - }; - extraTypes = lib.mkOption { - type = with lib.types; listOf attrs; - default = [ ]; - description = '' - Types to write in 'nixTypes.types'. See: - - ''; - example = [ - { type = "my_type"; nice = 19; other_parameter = "value"; } - { type = "compiler"; nice = 19; sched = "batch"; ioclass = "idle"; } - ]; - }; - extraCgroups = lib.mkOption { - type = with lib.types; listOf attrs; - default = [ ]; - description = '' - Cgroups to write in 'nixCgroups.cgroups'. See: - - ''; - example = [ - { cgroup = "cpu80"; CPUQuota = 80; } - ]; - }; + extraRules = lib.mkOption { + type = with lib.types; listOf attrs; + default = [ ]; + description = '' + Rules to write in 'nixRules.rules'. See: + + + ''; + example = [ + { + name = "eog"; + type = "Image-Viewer"; + } + { + name = "fdupes"; + type = "BG_CPUIO"; + } + ]; + }; + extraTypes = lib.mkOption { + type = with lib.types; listOf attrs; + default = [ ]; + description = '' + Types to write in 'nixTypes.types'. See: + + ''; + example = [ + { + type = "my_type"; + nice = 19; + other_parameter = "value"; + } + { + type = "compiler"; + nice = 19; + sched = "batch"; + ioclass = "idle"; + } + ]; + }; + extraCgroups = lib.mkOption { + type = with lib.types; listOf attrs; + default = [ ]; + description = '' + Cgroups to write in 'nixCgroups.cgroups'. See: + + ''; + example = [ + { + cgroup = "cpu80"; + CPUQuota = 80; + } + ]; }; }; @@ -111,16 +141,22 @@ in apply_sched = mkOD true; apply_oom_score_adj = mkOD true; apply_cgroup = mkOD true; - } // (if ((lib.getName cfg.package) == (lib.getName pkgs.ananicy-cpp)) then { - # https://gitlab.com/ananicy-cpp/ananicy-cpp/-/blob/master/src/config.cpp#L12 - loglevel = mkOD "warn"; # default is info but its spammy - cgroup_realtime_workaround = true; - log_applied_rule = mkOD false; - } else { - # https://github.com/Nefelim4ag/Ananicy/blob/master/ananicy.d/ananicy.conf - check_disks_schedulers = mkOD true; - check_freq = mkOD 5; - }); + } + // ( + if servicename == "ananicy-cpp" then + { + # https://gitlab.com/ananicy-cpp/ananicy-cpp/-/blob/master/src/config.cpp#L12 + loglevel = mkOD "warn"; # default is info but its spammy + cgroup_realtime_workaround = true; + log_applied_rule = mkOD false; + } + else + { + # https://github.com/Nefelim4ag/Ananicy/blob/master/ananicy.d/ananicy.conf + check_disks_schedulers = mkOD true; + check_freq = mkOD 5; + } + ); systemd = { packages = [ cfg.package ]; @@ -130,7 +166,5 @@ in }; }; - meta = { - maintainers = with lib.maintainers; [ artturin ]; - }; + meta.maintainers = with lib.maintainers; [ artturin ]; } From 2cf503296924a46f92e6af2ec8d9b821e1db2bee Mon Sep 17 00:00:00 2001 From: John Titor <50095635+JohnRTitor@users.noreply.github.com> Date: Fri, 2 Aug 2024 15:06:35 +0530 Subject: [PATCH 3/3] nixos/ananicy: disable ananicy-cpp's BPF on hardened kernels --- nixos/modules/services/misc/ananicy.nix | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/nixos/modules/services/misc/ananicy.nix b/nixos/modules/services/misc/ananicy.nix index 52bf06ce2944e..ae3be345f46ac 100644 --- a/nixos/modules/services/misc/ananicy.nix +++ b/nixos/modules/services/misc/ananicy.nix @@ -18,7 +18,13 @@ let lib.concatMapStringsSep "\n" (l: builtins.toJSON l) cfg.extraCgroups ); servicename = - if ((lib.getName cfg.package) == (lib.getName pkgs.ananicy-cpp)) then "ananicy-cpp" else "ananicy"; + if ((lib.getName cfg.package) == (lib.getName pkgs.ananicy-pp)) then "ananicy-cpp" else "ananicy"; + # Ananicy-CPP with BPF is not supported on hardened kernels https://github.com/NixOS/nixpkgs/issues/327382 + finalPackage = + if (servicename == "ananicy-cpp" && config.boot.kernelPackages.isHardened) then + (cfg.package { withBpf = false; }) + else + cfg.package; in { options.services.ananicy = { @@ -107,7 +113,7 @@ in config = lib.mkIf cfg.enable { environment = { - systemPackages = [ cfg.package ]; + systemPackages = [ finalPackage ]; etc."ananicy.d".source = pkgs.runCommandLocal "ananicyfiles" { } '' mkdir -p $out # ananicy-cpp does not include rules or settings on purpose @@ -159,7 +165,7 @@ in ); systemd = { - packages = [ cfg.package ]; + packages = [ finalPackage ]; services."${servicename}" = { wantedBy = [ "default.target" ]; };