-
-
Save pennae/43ebf7709d5e13ece3912e5233ce44d9 to your computer and use it in GitHub Desktop.
nix benchmark scripts, place in `bench/` and run from repo root
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
set -euo pipefail | |
shopt -s inherit_errexit | |
_exit="" | |
trap "$_exit" EXIT | |
export NIX_REMOTE="$(mktemp -d)" | |
_exit='rm -rfv "$NIX_REMOTE"; $_exit' | |
export NIX_PATH="nixpkgs=../nixpkgs:nixos-config=bench/configuration.nix" | |
_nix="src/nix/nix" | |
# _nix="result/bin/nix"; echo -e "\e[1m\e[91mUSING FLAKE-BUILT NIX\e[0m" >&2 | |
nix="$_nix --extra-experimental-features 'nix-command flakes'" | |
hyperfineArgs=( | |
--warmup 2 --runs 10 | |
) | |
declare -A cases | |
cases=( | |
[search]="$nix search --no-eval-cache github:nixos/nixpkgs/e1fa12d4f6c6fe19ccb59cac54b5b3f25e160870 hello" | |
[rebuild]="$nix eval --raw --impure --expr 'with import <nixpkgs/nixos> {}; system'" | |
[rebuild-lh]="GC_INITIAL_HEAP_SIZE=10g $nix eval --raw --impure --expr 'with import <nixpkgs/nixos> {}; system'" | |
[parse]="$nix eval -f ../nixpkgs/pkgs/development/haskell-modules/hackage-packages.nix" | |
) | |
benches=( | |
search | |
rebuild | |
rebuild-lh | |
parse | |
) | |
run=() | |
for k in "${benches[@]}"; do | |
run+=("${cases[$k]}") | |
done | |
taskset -c 2,3 \ | |
chrt -f 50 \ | |
hyperfine "${hyperfineArgs[@]}" "${run[@]}" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ config, pkgs, lib, ... }: | |
{ | |
boot = { | |
initrd = { | |
availableKernelModules = [ "xhci_pci" "ahci" ]; | |
kernelModules = [ "dm-snapshot" ]; | |
luks.devices = { | |
croot = { | |
device = "/dev/sdb"; | |
allowDiscards = true; | |
}; | |
}; | |
}; | |
kernelModules = [ "kvm-intel" ]; | |
kernelPackages = pkgs.linuxPackages_latest; | |
loader = { | |
systemd-boot.enable = true; | |
efi.canTouchEfiVariables = true; | |
}; | |
}; | |
hardware = { | |
enableRedistributableFirmware = true; | |
cpu.intel.updateMicrocode = true; | |
opengl.driSupport32Bit = true; | |
opengl.extraPackages = with pkgs; [ | |
vaapiIntel | |
intel-media-driver | |
intel-compute-runtime | |
]; | |
}; | |
fileSystems = { | |
"/" = { | |
device = "/dev/sda2"; | |
fsType = "xfs"; | |
options = [ "noatime" ]; | |
}; | |
"/boot" = { | |
device = "/dev/sda1"; | |
fsType = "vfat"; | |
}; | |
"/nas" = { | |
device = "nas:/"; | |
fsType = "nfs4"; | |
options = [ "ro" "x-systemd.automount" ]; | |
}; | |
}; | |
swapDevices = [ | |
{ device = "/dev/swap"; } | |
]; | |
networking = { | |
useDHCP = false; | |
hostName = "host"; | |
wireless = { | |
enable = true; | |
interfaces = [ "eth1" ]; | |
}; | |
interfaces = { | |
eth0.useDHCP = true; | |
eth1.useDHCP = true; | |
}; | |
wg-quick.interfaces = { | |
wg0 = { | |
address = [ "2001:db8::1" ]; | |
privateKeyFile = "/etc/secrets/wg0.key"; | |
peers = [ { | |
publicKey = "WIZIOnSkrJaClUxeDEg0HrYcVtC0NLTvgwUpPcy6BkQ="; | |
endpoint = "[2001:db8::2]:61021"; | |
allowedIPs = [ "2001::db8:1::/64" ]; | |
} ]; | |
}; | |
}; | |
firewall.allowedUDPPorts = [ 4567 ]; | |
}; | |
i18n = { | |
defaultLocale = "en_US.UTF-8"; | |
inputMethod.enabled = "ibus"; | |
}; | |
services = { | |
xserver = { | |
enable = true; | |
layout = "us"; | |
xkbVariant = "altgr-intl"; | |
xkbOptions = "ctrl:nocaps"; | |
libinput.enable = true; | |
wacom.enable = true; | |
videoDrivers = [ "modesetting" ]; | |
modules = [ pkgs.xf86_input_wacom ]; | |
displayManager.sx.enable = true; | |
windowManager.i3.enable = true; | |
}; | |
udev.extraHwdb = '' | |
# not like this mattered at all | |
# we're not running udev from here | |
''; | |
udev.extraRules = '' | |
# ACTION=="add", SUBSYSTEM=="input", ... | |
''; | |
}; | |
sound.enable = true; | |
hardware.pulseaudio = { | |
enable = true; | |
package = pkgs.pulseaudioFull; | |
daemon.config = { | |
lock-memory = "yes"; | |
realtime-scheduling = "yes"; | |
rlimit-rtprio = "-1"; | |
}; | |
}; | |
programs = { | |
light.enable = true; | |
wireshark = { | |
enable = true; | |
package = pkgs.wireshark-qt; | |
}; | |
gnupg.agent = { | |
enable = true; | |
}; | |
}; | |
fonts.packages = with pkgs; [ | |
font-awesome | |
noto-fonts | |
noto-fonts-cjk | |
noto-fonts-emoji | |
noto-fonts-extra | |
dejavu_fonts | |
powerline-fonts | |
source-code-pro | |
cantarell-fonts | |
]; | |
users = { | |
mutableUsers = false; | |
users = { | |
user = { | |
isNormalUser = true; | |
group = "user"; | |
extraGroups = [ "wheel" "video" "audio" "dialout" "users" "kvm" "wireshark" ]; | |
password = "unimportant"; | |
}; | |
}; | |
groups = { | |
user = {}; | |
}; | |
}; | |
security = { | |
pam.loginLimits = [ | |
{ domain = "@audio"; item = "memlock"; type = "-"; value = "unlimited"; } | |
{ domain = "@audio"; item = "rtprio"; type = "-"; value = "99"; } | |
{ domain = "@audio"; item = "nofile"; type = "soft"; value = "99999"; } | |
{ domain = "@audio"; item = "nofile"; type = "hard"; value = "99999"; } | |
]; | |
sudo.extraRules = [ { | |
users = [ "user" ]; | |
commands = [ { | |
command = "${pkgs.linuxPackages.cpupower}/bin/cpupower"; | |
options = [ "NOPASSWD" ]; | |
} ]; | |
} ]; | |
}; | |
environment.systemPackages = with pkgs; [ | |
a2jmidid | |
age | |
ardour | |
bemenu | |
blender | |
breeze-icons | |
breeze-qt5 | |
bubblewrap | |
calf | |
claws-mail | |
darktable | |
duperemove | |
emacs | |
feh | |
file | |
firefox | |
fluidsynth | |
gnome3.adwaita-icon-theme | |
gnuplot | |
graphviz | |
helm | |
i3status-rust | |
inkscape | |
jack2 | |
jq | |
krita | |
ldns | |
libqalculate | |
libreoffice | |
man-pages | |
nheko | |
nix-diff | |
nix-index | |
nix-output-monitor | |
open-music-kontrollers.patchmatrix | |
pamixer | |
pavucontrol | |
pciutils | |
picom | |
pwgen | |
redshift | |
ripgrep | |
rlwrap | |
silver-searcher | |
soundfont-fluid | |
whois | |
wol | |
xclip | |
xdot | |
xdotool | |
xorg.xkbcomp | |
yt-dlp | |
zathura | |
borgbackup | |
linuxPackages.cpupower | |
mtr | |
kitty | |
xf86_input_wacom | |
]; | |
environment.pathsToLink = [ | |
"/share/soundfonts" | |
]; | |
systemd.user.services.run-python = { | |
after = [ "network-online.target" ]; | |
script = '' | |
exec ${pkgs.python3}/bin/python | |
''; | |
serviceConfig = { | |
CapabilityBoundingSet = [ "" ]; | |
KeyringMode = "private"; | |
LockPersonality = true; | |
MemoryDenyWriteExecute = true; | |
NoNewPrivileges = true; | |
PrivateDevices = true; | |
PrivateTmp = true; | |
PrivateUsers = true; | |
ProcSubset = "pid"; | |
ProtectClock = true; | |
ProtectControlGroups = true; | |
ProtectHome = true; | |
ProtectHostname = true; | |
ProtectKernelLogs = true; | |
ProtectKernelModules = true; | |
ProtectKernelTunables = true; | |
ProtectProc = "invisible"; | |
ProtectSystem = "strict"; | |
RestrictAddressFamilies = "AF_INET AF_INET6"; | |
RestrictNamespaces = true; | |
RestrictRealtime = true; | |
RestrictSUIDSGID = true; | |
SystemCallArchitectures = "native"; | |
SystemCallFilter = [ "@system-service" "~ @resources @privileged" ]; | |
UMask = "077"; | |
}; | |
}; | |
system.stateVersion = "23.11"; | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment