From 03492fccad361969e026e4b9b314e5d0d7ed4a6d Mon Sep 17 00:00:00 2001 From: Simon Bruder Date: Fri, 30 Dec 2022 19:52:58 +0100 Subject: [PATCH] Migrate sayuri to hitagi --- machines/default.nix | 4 +- machines/hitagi/README.md | 31 ++++++ machines/{sayuri => hitagi}/configuration.nix | 28 +----- .../hardware-configuration.nix | 23 ++++- machines/{sayuri => hitagi}/secrets.yaml | 0 machines/renge/services/prometheus.nix | 4 +- machines/sayuri/README.md | 96 ------------------- modules/pubkeys.nix | 4 +- modules/ssh.nix | 4 +- modules/wireguard/home.nix | 2 +- users/simon/modules/sway/kanshi.nix | 2 +- 11 files changed, 62 insertions(+), 136 deletions(-) create mode 100644 machines/hitagi/README.md rename machines/{sayuri => hitagi}/configuration.nix (72%) rename machines/{sayuri => hitagi}/hardware-configuration.nix (78%) rename machines/{sayuri => hitagi}/secrets.yaml (100%) delete mode 100644 machines/sayuri/README.md diff --git a/machines/default.nix b/machines/default.nix index ef9167f..6f80c8e 100644 --- a/machines/default.nix +++ b/machines/default.nix @@ -10,10 +10,10 @@ in hardware.common-pc-ssd ]; }; - sayuri = { + hitagi = { system = "x86_64-linux"; extraModules = [ - hardware.common-cpu-intel + hardware.common-cpu-amd hardware.common-pc-ssd ]; }; diff --git a/machines/hitagi/README.md b/machines/hitagi/README.md new file mode 100644 index 0000000..684b9a7 --- /dev/null +++ b/machines/hitagi/README.md @@ -0,0 +1,31 @@ +# hitagi + +## Hardware + +Custom build. + + * Motherboard: GIGABYTE B550 AORUS ELITE V2 (rev 1.0) + * CPU: AMD Ryzen 7 5800X + * RAM: 2×16GB G.Skill Aegis DDR4-3200 CL16 (not because it is anything special) + * PSU: be quiet! System Power 10 750W + * Main SSD: 250GB Samsung 970 Evo Pro NVMe + * Secondary SSD: 256GB micron MTFDDAK256TBN-1AR15ABHA SATA + * HDD: 2TB Toshiba HDWA120 + * GPU: Sapphire Nitro+ Radeon RX 480 (8 GiB VRAM) + * Case fans: 2 be quiet! Pure Wings 2 140 mm (included in case), 3 more with PWM + * CPU Cooler: Noctua NH-U12S with an additional NF-F12 PWM + +This replaces sayuri, +which features an enterprise HP firmware without fan control, +an ancient Intel platform that is only usable in YOLO mode (`mitigations=off`) +and proprietary case, motherboard and power supply. + +## Purpose + +Tasks that require large amounts of CPU power, +a medium amount of GPU power +or have to run while I do other things (on my laptop). + +## Name + +Senjougahara Hitagi is a student from the *Monogatari Series*. diff --git a/machines/sayuri/configuration.nix b/machines/hitagi/configuration.nix similarity index 72% rename from machines/sayuri/configuration.nix rename to machines/hitagi/configuration.nix index c70d9ab..3b62dab 100644 --- a/machines/sayuri/configuration.nix +++ b/machines/hitagi/configuration.nix @@ -69,35 +69,9 @@ after = [ "libvirtd.service" ]; }; - networking.hostName = "sayuri"; + networking.hostName = "hitagi"; system.stateVersion = "20.03"; - specialisation = { - foldingathome.configuration = { - services.foldingathome = { - enable = true; - user = "sbruder"; - }; - }; - yolo.configuration = { - # https://make-linux-fast-again.com/ - boot.kernelParams = [ - "l1tf=off" - "mds=off" - "mitigations=off" - "no_stf_barrier" - "noibpb" - "noibrs" - "nopti" - "nospec_store_bypass_disable" - "nospectre_v1" - "nospectre_v2" - "tsx=on" - "tsx_async_abort=off" - ]; - }; - }; - programs.corectrl.enable = true; } diff --git a/machines/sayuri/hardware-configuration.nix b/machines/hitagi/hardware-configuration.nix similarity index 78% rename from machines/sayuri/hardware-configuration.nix rename to machines/hitagi/hardware-configuration.nix index ca7d98c..5facfae 100644 --- a/machines/sayuri/hardware-configuration.nix +++ b/machines/hitagi/hardware-configuration.nix @@ -6,7 +6,7 @@ ]; boot = { - kernelModules = [ "kvm-intel" ]; + kernelModules = [ "kvm-amd" ]; extraModulePackages = [ ]; loader = { grub.enable = false; @@ -69,8 +69,6 @@ { device = "/dev/disk/by-uuid/2774d182-ddc9-4d79-886e-995fcd60a88a"; } ]; - powerManagement.cpuFreqGovernor = lib.mkDefault "performance"; - # GPU hardware.opengl.extraPackages = with pkgs; [ rocm-opencl-icd @@ -81,4 +79,23 @@ radeontop rocm-smi ]; + + # https://www.reddit.com/r/gigabyte/comments/p5ewjn/b550i_pro_ax_f13_bios_sleep_issue_on_linux/ + systemd.services.suspend-fix = { + wantedBy = [ "multi-user.target" ]; + description = "Fix suspend"; + + script = '' + if grep -q "GPP0 .* \*enabled" /proc/acpi/wakeup; then + echo GPP0 > /proc/acpi/wakeup + echo "Disabled wakeup for GPP0" + else + echo "Wakeup for GPP0 already disabled" + fi + ''; + + serviceConfig = { + Type = "oneshot"; + }; + }; } diff --git a/machines/sayuri/secrets.yaml b/machines/hitagi/secrets.yaml similarity index 100% rename from machines/sayuri/secrets.yaml rename to machines/hitagi/secrets.yaml diff --git a/machines/renge/services/prometheus.nix b/machines/renge/services/prometheus.nix index 9a36bde..1338166 100644 --- a/machines/renge/services/prometheus.nix +++ b/machines/renge/services/prometheus.nix @@ -65,7 +65,7 @@ in "mayushii.vpn.sbruder.de:9100" "nunotaba.vpn.sbruder.de:9100" "renge.vpn.sbruder.de:9100" - "sayuri.vpn.sbruder.de:9100" + "hitagi.vpn.sbruder.de:9100" "vueko.vpn.sbruder.de:9100" ]; } @@ -119,7 +119,7 @@ in rules = map mkAlert [ { name = "InstanceDown"; - expr = ''up{instance!~"(nunotaba|sayuri|mayushii|fuuko).vpn.sbruder.de:.*"} == 0''; + expr = ''up{instance!~"(nunotaba|hitagi|mayushii|fuuko).vpn.sbruder.de:.*"} == 0''; description = "Instance {{ $labels.instance }} of job {{ $labels.job }} has been down for more than 1 minutes."; } { diff --git a/machines/sayuri/README.md b/machines/sayuri/README.md deleted file mode 100644 index ee5d100..0000000 --- a/machines/sayuri/README.md +++ /dev/null @@ -1,96 +0,0 @@ -# sayuri - -## Hardware - -HP Z440 workstation. - - * [Intel Xeon E5-2683 v4](https://ark.intel.com/content/www/us/en/ark/products/91766/intel-xeon-processor-e52683-v4-40m-cache-2-10-ghz.html) - * 4×4 GiB DDR4 2400 MHz ECC memory - * 250GB Samsung 970 Evo Pro NVMe SSD - * 256GB micron MTFDDAK256TBN-1AR15ABHA SATA SSD - * 2TB Toshiba HDWA120 HDD - * Sapphire Nitro+ Radeon RX 480 (8 GiB VRAM) - -### Mods - -#### Fan - -The original fans are really loud if you run them at a higher speed. -What fans are used depend on the exact model of the Z440, -mine had a Delta QUR0912VH as rear case fan, -a Delta AFB0912VH as front fan -and a Foxconn PVA092G12S as CPU fan. -Since the firmware only allows dynamic fan control via Intel QST, -which is not supported in the kernel, -the “minimum fan speed” set in the firmware configuration is always used. -I replaced all three fans (rear case fan, front “PCIe” fan, CPU fan) with aftermarket products. -For the rear case fan and CPU fan I used Noctua NF-A9 PWM fans, -for the front fan an Arctic F9 PWM (for the sole reason that it is cheaper). -Since HP decided to use different connectors for all of the fans -(with the CPU fan connector having a proprietary 6-pin connector), -I had to get creative with plugging them in. -One alternative suggested by Michael Stapelberg in [his article on fan replacement in a HP Z440](https://michael.stapelberg.ch/posts/2021-08-28-silent-hp-z440-workstation/) -is to remove the guard rails of the fans. -Since this is destructive and I might want to sell the fans again if I don’t use them anymore, -I decided against this -and instead opted for connecting them manually with cheap jumper cables. -This certainly is not the prettiest solution, but it works. -As for the CPU fan, -the fifth and sixth wire are actually not needed -and a 4-pin PWM fan can be plugged into the connector (with jumpers). - -#### CPU - -The original CPU that came in my model was an Intel Xeon E5-1620 v4 CPU -with 4 cores (8 threads), -a base clock speed of 3.5 GHz -and a boost clock speed of 3.8 GHz. -To achieve better multicore performance, -I upgraded it to an Intel Xeon E5-2683 v4, which can be found used for semi-cheap on AliExpress. -It has 16 cores (32 threads), -a base clock speed of 2.1 GHz -and a boost clock speed of 3 GHz. -While the CPU worked out-of-the box with the 2020 firmware revision I had on it, -it did not offer frequency control in linux (and therefore stayed at its base clock). -Upgrading to the newest firmware did not fix this issue. -A workaround is to enable CPU HWPM in the firmware, -which strips the kernel from frequency control and instead hands it to the firmware, -which at least allows the CPU to reach 2.7 GHz -Since this setting makes it impossible to determine the CPU clock via `cpupower frequency-info`, -they have to be obtained by running `grep -E '^cpu MHz' /proc/cpuinfo` (one line for every thread). - -However, all CPUs compatible with the socket of this system (2011-3) share the same problem: -They suffer from many security vulnerabilities, -the mitigation of which slows them down massively. -A possible workaround is to disable mitigations (https://make-linux-fast-again.com/), -which, however, makes the CPU vulnerable to all those attacks again! -This is implemented by the `yolo` specialisation, -which can be selected at boot. - -The result of this is that, -while it has double the cores and is a desktop/server CPU, -it still is around 15 % slower (!) than my laptop’s Ryzen 7 5850U in multithreaded synthetic workloads. -It looks even worse in single-threaded workloads, -in which my laptop is five times as fast. - -#### Memory - -I have not yet upgraded the memory for cost reasons. -It still is the original 4 sticks of Hynix HMA451R7AFR8N-UH (4 GiB DDR4 2400 MHz ECC). -An upgrade is necessary due to many processes’ memory usage scaling linearily with CPU cores, -the prime example being compiling with `make -j32` et al. - -#### Conclusion - -Is it worth it? -Probably not, especially as a desktop machine. -It might come in handy at a later time as a server. - -## Purpose - -Tasks that require a decent amount of GPU power -and/or have to run while I do other things (on my laptop). - -## Name - -Sayuri Kurata is a student from *Kanon* diff --git a/modules/pubkeys.nix b/modules/pubkeys.nix index cc34e6a..7015185 100644 --- a/modules/pubkeys.nix +++ b/modules/pubkeys.nix @@ -8,7 +8,7 @@ in type = lib.types.attrsOf lib.types.str; description = "Known public keys that can be used in the configuration"; default = { - "simon@sayuri" = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1kQUoPII8A9/bgPA+OrZGQLPA8MxkdmPSCCsfGMh9qRZfF7BSD8W6VdE/28tLw+39QeUl1+/9VuVvGjZBP1zBAbKIcKx4DjtgxpNXCsfWMjXFtpTGk2dyl71CaY5n72YlADxXYwtEvuwfNixgE2yTCefMbBsfwqYC0GZGiDlFtjxdg+RuUC8jU++C+WFUFct9gj9ieQ0LWjud+Oh0AF0JhyGnou+wVZIIO8mwo7Cc5xiPldXhbc13XiNC3mpNGCLFj+nh1feazk8TeAVDBps6xaDkOd+hDwTBQh8LoimePK7MiShzLvC38Vd/sim5ym/IqY634CjqBDGCMp1KXnqHUTT8CqeifMv10+aRJKUPevVkO3nEE3VoSPt7Ui9ZzLnL4qhZyygoBau+PvD2WCWm+gRwBkvU1uNrYKi4HIGhB/gXcYHKJimqJwLMyqG5Wv1jfuhn3ZZN+uNqTgdAznGgPRU1Q/Mx6nMEDiQip78qdYEc0YGwdb/TldEL6aHRjuNuZPpTW+zakQHiQTRb/0VdZT1bAwyT9yL0Uf40h706Kh/pKiSQ1yq1dlSdl3RlfedbqLqGjspds1iRSrSXyH2MBghPbz/SF7Vt4LW/tXF0rcyV7CU98ZvxJDWeN60OE0vPf/AT5udYyfPO1691y0F8jGKxGYYPg9R/Y5o7J24PbQ=="; + "simon@hitagi" = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1kQUoPII8A9/bgPA+OrZGQLPA8MxkdmPSCCsfGMh9qRZfF7BSD8W6VdE/28tLw+39QeUl1+/9VuVvGjZBP1zBAbKIcKx4DjtgxpNXCsfWMjXFtpTGk2dyl71CaY5n72YlADxXYwtEvuwfNixgE2yTCefMbBsfwqYC0GZGiDlFtjxdg+RuUC8jU++C+WFUFct9gj9ieQ0LWjud+Oh0AF0JhyGnou+wVZIIO8mwo7Cc5xiPldXhbc13XiNC3mpNGCLFj+nh1feazk8TeAVDBps6xaDkOd+hDwTBQh8LoimePK7MiShzLvC38Vd/sim5ym/IqY634CjqBDGCMp1KXnqHUTT8CqeifMv10+aRJKUPevVkO3nEE3VoSPt7Ui9ZzLnL4qhZyygoBau+PvD2WCWm+gRwBkvU1uNrYKi4HIGhB/gXcYHKJimqJwLMyqG5Wv1jfuhn3ZZN+uNqTgdAznGgPRU1Q/Mx6nMEDiQip78qdYEc0YGwdb/TldEL6aHRjuNuZPpTW+zakQHiQTRb/0VdZT1bAwyT9yL0Uf40h706Kh/pKiSQ1yq1dlSdl3RlfedbqLqGjspds1iRSrSXyH2MBghPbz/SF7Vt4LW/tXF0rcyV7CU98ZvxJDWeN60OE0vPf/AT5udYyfPO1691y0F8jGKxGYYPg9R/Y5o7J24PbQ=="; "simon@mayushii" = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAJ7qUGZUjiDhQ6Se+aXr9DbgRTG2tx69owqVMkd2bna"; "simon@nunotaba" = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILcOt4mAwIuAGMfRdfeoGX4UFkQDhkbihJcsAgG7JE/j"; }; @@ -17,7 +17,7 @@ in type = lib.types.listOf lib.types.str; description = "Names of trusted public keys, used to generate sbruder.pubkeys.trustedKeys"; default = [ - "simon@sayuri" + "simon@hitagi" "simon@mayushii" "simon@nunotaba" ]; diff --git a/modules/ssh.nix b/modules/ssh.nix index 41f6b0d..067df58 100644 --- a/modules/ssh.nix +++ b/modules/ssh.nix @@ -16,8 +16,8 @@ publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIICf9svRenC/PLKIL9nk6K/pxQgoiFC41wTNvoIncOxs"; }; - sayuri = { - hostNames = [ "sayuri" "sayuri.home.sbruder.de" "sayuri.vpn.sbruder.de" ]; + hitagi = { + hostNames = [ "hitagi" "hitagi.home.sbruder.de" "hitagi.vpn.sbruder.de" ]; publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIg/622wS8SFlzS29TPW9li3pNdbdHNjlGb4XTyXR0QR"; }; vueko = { diff --git a/modules/wireguard/home.nix b/modules/wireguard/home.nix index 3cef343..55282f9 100644 --- a/modules/wireguard/home.nix +++ b/modules/wireguard/home.nix @@ -2,7 +2,7 @@ let serverHostName = "vueko"; peers = { - sayuri = { + hitagi = { address = "10.80.0.5"; publicKey = "t7hpd2yZupAKHxYerHtXnlPRUjV1aGbrrzjYakKdOwE="; }; diff --git a/users/simon/modules/sway/kanshi.nix b/users/simon/modules/sway/kanshi.nix index 78696bd..5a37480 100644 --- a/users/simon/modules/sway/kanshi.nix +++ b/users/simon/modules/sway/kanshi.nix @@ -9,7 +9,7 @@ let # mayushii is handled separately in sway’s main configuration. # See it for more details. # mayushii = { }; - sayuri = { + hitagi = { home.outputs = lib.singleton { criteria = "Acer Technologies Acer B277K 0x0000F36C"; mode = "3840x2160";