sync

Author: randomizedcoder

go/konnect/flake.nix

@@ -0,0 +1,15 @@
+{
+  description = "A very basic flake";
+
+  inputs = {
+    nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-unstable";
+  };
+
+  outputs = { self, nixpkgs }: {
+
+    packages.x86_64-linux.hello = nixpkgs.legacyPackages.x86_64-linux.hello;
+
+    packages.x86_64-linux.default = self.packages.x86_64-linux.hello;
+
+  };
+}

go/konnect/readme.md

@@ -22,7 +22,7 @@ rebuild:
 	#sudo nixos-rebuild switch
 	#sudo nix-channel --update;
 	sudo nixos-rebuild switch --flake .
-	systemctl --user restart ffmpeg-stream
+	sudo systemctl restart ffmpeg-stream
 
 rebuild_trace:
 	sudo nixos-rebuild switch --show-trace --flake .

hp/hp1/Makefile

@@ -33,6 +33,7 @@
       #./k3s_node.nix
       ./systemd.services.ethtool-enp3s0f0.nix
       ./systemd.services.ethtool-enp3s0f1.nix
+      ./ffmpeg_systemd_service.nix
     ];
 
 # https://nixos.wiki/wiki/Kubernetes#reset_to_a_clean_state
@@ -41,17 +42,22 @@
 # rm -rf /var/lib/kubernetes/ /var/lib/etcd/ /var/lib/cfssl/ /var/lib/kubelet/ /etc/kube-flannel/ /etc/kubernetes/
 
   # Bootloader.
-  boot.loader.systemd-boot = {
-    enable = true;
-    #consoleMode = "max"; # Sets the console mode to the highest resolution supported by the firmware.
-    memtest86.enable = true;
-  };
+  boot = {
+    loader.systemd-boot = {
+      enable = true;
+      #consoleMode = "max"; # Sets the console mode to the highest resolution supported by the firmware.
+      memtest86.enable = true;
+    };
 
-  boot.loader.efi.canTouchEfiVariables = true;
+    loader.efi.canTouchEfiVariables = true;
 
-  # https://nixos.wiki/wiki/Linux_kernel
-  boot.kernelPackages = pkgs.linuxPackages_latest;
-  #boot.kernelPackages = pkgs.linuxPackages_rpi4
+    # https://nixos.wiki/wiki/AMD_GPU
+    initrd.kernelModules = [ "amdgpu" ];
+
+    # https://nixos.wiki/wiki/Linux_kernel
+    kernelPackages = pkgs.linuxPackages_latest;
+    #boot.kernelPackages = pkgs.linuxPackages_rpi4
+  };
 
   nix = {
     gc = {
@@ -74,9 +80,13 @@
       amdvlk  # AMD Vulkan driver, includes AMF runtime
       #rocm-opencl-runtime  # Optional: ROCm OpenCL support
       #rocm-smi  # AMD System Management Interface (for monitoring GPU)
+      # https://nixos.wiki/wiki/AMD_GPU#OpenCL
+      rocmPackages.clr.icd
     ];
   };
 
+  services.xserver.videoDrivers = [ "amdgpu" ];
+
   # https://nixos.wiki/wiki/Networking
   # https://nlewo.github.io/nixos-manual-sphinx/configuration/ipv4-config.xml.html
   networking.hostName = "hp1";

hp/hp1/configuration.nix

@@ -54,7 +54,6 @@
 # ffmpeg -f lavfi -i "sine=frequency=1000:duration=10" -c:a aac -b:a 128k /home/das/test_audio.aac
 let
   ffmpegCmd =
-
   ''
     ${pkgs.ffmpeg-full}/bin/ffmpeg -f lavfi -re -i testsrc2=rate=30:size=1920x1080 \
       -f lavfi -i "sine=frequency=1000" \
@@ -64,7 +63,7 @@ let
       -bsf:v h264_mp4toannexb \
       -c:a aac -b:a 128k -ac 2 \
       -max_delay 500000 -bufsize 2000000 -fflags +genpts \
-      -f rtp_mpegts "rtp://239.0.0.1:6000?pkt_size=1326&ttl=4&localaddr=172.16.40.142"
+      -f rtp_mpegts "rtp://239.0.0.2:6000?pkt_size=1326&ttl=4&localaddr=172.16.40.142"
   '';
   # Ensures SPS/PPS is sent in every keyframe (prevents decoder from losing parameter sets).
   # Forces constant frame rate (force-cfr=1), improving stream stability.
@@ -124,25 +123,32 @@ let
   # '';
 in
 {
-  systemd.user.services.ffmpeg-stream = {
+  # sudo systemctl status ffmpeg-stream.service
+  # sudo journalctl -u ffmpeg-stream.service
+  # cat /etc/systemd/system/ffmpeg-stream.service
+  systemd.services.ffmpeg-stream = {
 
-    Unit = {
-      description = "FFmpeg Multicast Service";
-    };
+    description = "FFmpeg Multicast Service";
+    after = [ "network.target" ];
 
-    Service = {
+    serviceConfig = {
       ExecStart = "${ffmpegCmd}";
       Restart = "always";
-      RestartSec = 2;
+      RestartSec = 10;
       StandardOutput = "journal";
       StandardError = "journal";
 
+      # https://www.freedesktop.org/software/systemd/man/latest/systemd.exec.html#Scheduling
+      Nice = "-20";
+      #CPUSchedulingPriority = "99";
+
       ### 🔐 Security Hardening Options ###
       NoNewPrivileges = true;             # Prevents privilege escalation
       PrivateTmp = true;                  # Isolates service temporary files
-      ProtectSystem = "strict";           # Restricts access to system files
-      ProtectHome = "read-only";          # Readonly access to home directory
-      #ProtectHome = "yes";               # Blocks access to home directory
+      ProtectSystem = "full";           # Restricts access to system files
+      #ProtectSystem = "strict";           # Restricts access to system files
+      #ProtectHome = "read-only";          # Readonly access to home directory
+      ProtectHome = "yes";               # Blocks access to home directory
       ProtectKernelModules = true;        # Blocks module loading
       ProtectKernelLogs = true;           # Prevents access to kernel logs
       ProtectControlGroups = true;        # Restricts cgroup modifications
@@ -151,14 +157,16 @@ in
       RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ]; # Restricts network access
       SystemCallFilter = [ "~@mount" "~@privileged" "~@resources" ]; # Blocks dangerous system calls
       LockPersonality = true;             # Prevents personality changes (defense against exploits)
-      ReadOnlyPaths = "/etc /usr /home/das/test_audio/";        # Makes important paths read-only
+      ReadOnlyPaths = "/usr";        # Makes important paths read-only
+      #ReadOnlyPaths = "/etc /usr /home/das/test_audio/";        # Makes important paths read-only
       #wReadWritePaths = "/var/www/html";   # Only allow writing in this directory
       ProtectClock = true;                # Blocks modification of system clock
     };
 
-    Install = {
-      after = [ "network.target" ];
-      WantedBy = [ "default.target" ];
-    };
+  # # systemctl list-units --type target
+  #   Install = {
+  #     after = [ "network.target" ];
+  #     #WantedBy = [ "default.target" ];
+  #   };
   };
 }

hp/hp1/ffmpeg_systemd_service.nix

@@ -7,9 +7,9 @@
   home.username = "das";
   home.homeDirectory = "/home/das";
 
-  imports = [
-    ./ffmpeg_systemd_service.nix
-  ];
+  # imports = [
+  #   #./ffmpeg_systemd_service.nix
+  # ];
 
   # https://nix-community.github.io/home-manager/index.xhtml#ch-installation
   #home-manager.users.das = { pkgs, ... }: {

hp/hp1/home.nix

@@ -1,5 +1,8 @@
-{ config, pkgs, ... }:
-
+{
+  config,
+  pkgs,
+  ...
+}:
 {
   # Allow unfree packages
   nixpkgs.config.allowUnfree = true;
@@ -28,5 +31,7 @@
     #
     ffmpeg-full
     radeontop  # GPU monitoring tool
+    # https://nixos.wiki/wiki/AMD_GPU#OpenCL
+    clinfo
   ];
 }

hp/hp1/systemPackages.nix

@@ -68,35 +68,72 @@ let
   #   a=rtpmap:33 MP2T/90000
   # '';
 
+  # https://developer.nvidia.com/blog/nvidia-ffmpeg-transcoding-guide/#processing_filters
   ffmpegCmd = ''
     ${pkgs.ffmpeg-full}/bin/ffmpeg \
-      -hwaccel cuda -hwaccel_output_format cuda \
+      -vsync 0 \
+      -hwaccel cuda \
+      -hwaccel_output_format cuda \
       -protocol_whitelist "file,udp,rtp" \
       -analyzeduration 200000000 \
       -probesize 150M \
       -fflags +genpts -max_delay 5000000 \
       -f mpegts \
       -i /hls/stream.sdp \
-      -filter_complex "[0:v]hwupload_cuda,split=3[v10_in][v5_in][v1_in]; \
-                        [v10_in]scale_cuda=w=1920:h=1080,hwdownload,format=yuv420p[v10_scaled]; \
-                        [v5_in]scale_cuda=w=1280:h=720,hwdownload,format=yuv420p[v5_scaled]; \
-                        [v1_in]scale_cuda=w=640:h=360,hwdownload,format=yuv420p[v1_scaled]" \
-      -map "[v10_scaled]" -map 0:a:0 -c:v h264_nvenc -pix_fmt nv12 -b:v 10M -bufsize 20M -preset p5 -g 50 -keyint_min 50 -c:a aac -b:a 128k -ac 2 \
-      -f hls -hls_time 4 -hls_list_size 20 -hls_delete_threshold 2 \
-      -hls_flags delete_segments+independent_segments+temp_file+discont_start+omit_endlist \
-      -strftime 1 -hls_segment_filename "/hls/hls_10Mbps/stream-%Y%m%d%H%M%S.ts" \
-      "/hls/hls_10Mbps/stream_10.m3u8" \
-      -map "[v5_scaled]" -map 0:a:0 -c:v h264_nvenc -pix_fmt nv12 -b:v 5M -bufsize 10M -preset p5 -g 50 -keyint_min 50 -c:a aac -b:a 128k -ac 2 \
-      -f hls -hls_time 4 -hls_list_size 20 -hls_delete_threshold 2 \
-      -hls_flags delete_segments+independent_segments+temp_file+discont_start+omit_endlist \
-      -strftime 1 -hls_segment_filename "/hls/hls_5Mbps/stream-%Y%m%d%H%M%S.ts" \
-      "/hls/hls_5Mbps/stream_5.m3u8" \
-      -map "[v1_scaled]" -map 0:a:0 -c:v h264_nvenc -pix_fmt nv12 -b:v 1M -bufsize 2M -preset p5 -g 50 -keyint_min 50 -c:a aac -b:a 128k -ac 2 \
-      -f hls -hls_time 4 -hls_list_size 20 -hls_delete_threshold 2 \
-      -hls_flags delete_segments+independent_segments+temp_file+discont_start+omit_endlist \
-      -strftime 1 -hls_segment_filename "/hls/hls_1Mbps/stream-%Y%m%d%H%M%S.ts" \
-      "/hls/hls_1Mbps/stream_1.m3u8"
+      -filter_complex "[0:v]split=2[v2][v3]; \
+                      [v2]scale_npp=1280:720:interp_algo=super[vout2]; \
+                      [v3]scale_npp=640:360:interp_algo=super[vout3]" \
+      -map 0:v -c:v hevc_nvenc -b:v 10M -preset p1 -tune hq -rc cbr -maxrate 10M -bufsize 20M -g 50 -pix_fmt yuv420p \
+          -f hls -hls_time 4 -hls_list_size 20 -hls_delete_threshold 2 \
+          -hls_flags delete_segments+independent_segments+temp_file+discont_start+omit_endlist \
+          -strftime 1 -hls_segment_filename "/hls/hls_10Mbps/stream-%Y%m%d%H%M%S.ts" \
+          "/hls/hls_10Mbps/stream_10.m3u8" \
+      -map "[vout2]" -c:v hevc_nvenc -b:v 5M  -preset p1 -tune hq -rc cbr -maxrate 5M -bufsize 10M -g 50 -pix_fmt yuv420p \
+          -f hls -hls_time 4 -hls_list_size 20 -hls_delete_threshold 2 \
+          -hls_flags delete_segments+independent_segments+temp_file+discont_start+omit_endlist \
+          -strftime 1 -hls_segment_filename "/hls/hls_5Mbps/stream-%Y%m%d%H%M%S.ts" \
+          "/hls/hls_5Mbps/stream_5.m3u8" \
+      -map "[vout3]" -c:v hevc_nvenc -b:v 1M  -preset p1 -tune hq -rc cbr -maxrate 1M -bufsize 2M -g 50 -pix_fmt yuv420p \
+          -f hls -hls_time 4 -hls_list_size 20 -hls_delete_threshold 2 \
+          -hls_flags delete_segments+independent_segments+temp_file+discont_start+omit_endlist \
+          -strftime 1 -hls_segment_filename "/hls/hls_1Mbps/stream-%Y%m%d%H%M%S.ts" \
+          "/hls/hls_1Mbps/stream_1.m3u8" \
+      -map a:0 -c:a aac -b:a 128k -ac 2 -f hls -hls_time 4 -hls_list_size 20 \
+          -hls_segment_filename "/hls/audio/stream-%Y%m%d%H%M%S.ts" "/hls/audio/stream_audio.m3u8" \
+      -master_pl_name "/hls/master.m3u8"
   '';
+
+  # ffmpegCmd = ''
+  #   ${pkgs.ffmpeg-full}/bin/ffmpeg \
+  #     -vsync 0 \
+  #     -hwaccel cuda -hwaccel_output_format cuda \
+  #     -protocol_whitelist "file,udp,rtp" \
+  #     -analyzeduration 200000000 \
+  #     -probesize 150M \
+  #     -fflags +genpts -max_delay 5000000 \
+  #     -f mpegts \
+  #     -i /hls/stream.sdp \
+  #     -filter_complex "[0:v]hwupload_cuda,split=3[v10_in][v5_in][v1_in]; \
+  #                       [v10_in]scale_cuda=w=1920:h=1080,hwdownload,format=yuv420p[v10_scaled]; \
+  #                       [v5_in]scale_cuda=w=1280:h=720,hwdownload,format=yuv420p[v5_scaled]; \
+  #                       [v1_in]scale_cuda=w=640:h=360,hwdownload,format=yuv420p[v1_scaled]" \
+  #     -map "[v10_scaled]" -map 0:a:0 -c:v h264_nvenc -pix_fmt nv12 -b:v 10M -bufsize 20M -preset p5 -g 50 -keyint_min 50 -c:a aac -b:a 128k -ac 2 \
+  #     -f hls -hls_time 4 -hls_list_size 20 -hls_delete_threshold 2 \
+  #     -hls_flags delete_segments+independent_segments+temp_file+discont_start+omit_endlist \
+  #     -strftime 1 -hls_segment_filename "/hls/hls_10Mbps/stream-%Y%m%d%H%M%S.ts" \
+  #     "/hls/hls_10Mbps/stream_10.m3u8" \
+  #     -map "[v5_scaled]" -map 0:a:0 -c:v h264_nvenc -pix_fmt nv12 -b:v 5M -bufsize 10M -preset p5 -g 50 -keyint_min 50 -c:a aac -b:a 128k -ac 2 \
+  #     -f hls -hls_time 4 -hls_list_size 20 -hls_delete_threshold 2 \
+  #     -hls_flags delete_segments+independent_segments+temp_file+discont_start+omit_endlist \
+  #     -strftime 1 -hls_segment_filename "/hls/hls_5Mbps/stream-%Y%m%d%H%M%S.ts" \
+  #     "/hls/hls_5Mbps/stream_5.m3u8" \
+  #     -map "[v1_scaled]" -map 0:a:0 -c:v h264_nvenc -pix_fmt nv12 -b:v 1M -bufsize 2M -preset p5 -g 50 -keyint_min 50 -c:a aac -b:a 128k -ac 2 \
+  #     -f hls -hls_time 4 -hls_list_size 20 -hls_delete_threshold 2 \
+  #     -hls_flags delete_segments+independent_segments+temp_file+discont_start+omit_endlist \
+  #     -strftime 1 -hls_segment_filename "/hls/hls_1Mbps/stream-%Y%m%d%H%M%S.ts" \
+  #     "/hls/hls_1Mbps/stream_1.m3u8 \
+  #     -master_pl_name /hls/master.m3u8"
+  # '';
       # -i "rtp://239.0.0.1:6000" \
       # -i /hls/stream.sdp \
       # -filter_complex "[0:v]split=3[v10][v5][v1]; \
@@ -120,11 +157,13 @@ in
     }
   ];
 
+  # https://www.freedesktop.org/software/systemd/man/latest/tmpfiles.d.html
   systemd.tmpfiles.rules = [
+    #Type Path        Mode User Group Age Argument…
     "d /hls 0770 nginx nginx -"
-    "d /hls/hls_10Mbps 0770 nginx nginx -"
-    "d /hls/hls_5Mbps 0770 nginx nginx -"
-    "d /hls/hls_1Mbps 0770 nginx nginx -"
+    "d /hls/hls_10Mbps 0770 nginx nginx 5m"
+    "d /hls/hls_5Mbps 0770 nginx nginx 5m"
+    "d /hls/hls_1Mbps 0770 nginx nginx 5m"
   ];
 
   # sudo systemctl restart create-stream-sdp.service
@@ -178,6 +217,13 @@ in
       StandardError = "journal";
       LimitNOFILE = 1048576;
 
+      # https://www.freedesktop.org/software/systemd/man/latest/systemd.exec.html#Scheduling
+      Nice = "-20";
+      #CPUSchedulingPriority = "99";
+      # https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/8/html/managing_monitoring_and_updating_the_kernel/assembly_configuring-cpu-affinity-and-numa-policies-using-systemd_managing-monitoring-and-updating-the-kernel#assembly_configuring-cpu-affinity-and-numa-policies-using-systemd_managing-monitoring-and-updating-the-kernel
+      #CPUAffinity=
+      #NUMAMask=
+
       Environment = [
         "CUDA_PATH=${pkgs.linuxPackages.nvidia_x11}/lib"
         "EXTRA_LDFLAGS=-L/lib -L${pkgs.linuxPackages.nvidia_x11}/lib"

hp/hp5/ffmpeg-hls-service.nix

@@ -22,7 +22,6 @@
 {
   # https://nixos.wiki/wiki/NixOS_modules
   # https://nixos-and-flakes.thiscute.world/nixos-with-flakes/start-using-home-manager
-  #<home-manager/nixos>
   imports =
     [
       ./hardware-configuration.nix
@@ -87,7 +86,7 @@
     # https://gist.github.com/chrisheib/162c8cad466638f568f0fb7e5a6f4f6b#file-config_working-nix-L19
     extraModprobeConfig =
       "options nvidia "
-      ""
+      #""
       + lib.concatStringsSep " " [
       # nvidia assume that by default your CPU does not support PAT,
       # but this is effectively never the case in 2023
@@ -164,9 +163,20 @@
   # https://nixos.wiki/wiki/Printing
   services.printing.enable = true;
 
+  # https://wiki.nixos.org/wiki/Flameshot
+  # services.flameshot = {
+  #   enable = true;
+  #   settings.General = {
+  #     showStartupLaunchMessage = false;
+  #     saveLastRegion = true;
+  #   };
+  # };
+
   systemd.services.modem-manager.enable = false;
   systemd.services."dbus-org.freedesktop.ModemManager1".enable = false;
 
+  services.clickhouse.enable = true;
+
   # environment.variables defined in hardware-graphics.nix
   environment.sessionVariables = {
     TERM = "xterm-256color";
@@ -178,7 +188,6 @@
     isNormalUser = true;
     description = "das";
     extraGroups = [ "wheel" "networkmanager" "kvm" "libvirtd" "docker" "video" ];
-    # users.extraGroups.docker.members = [ "das" ];
     packages = with pkgs; [
     ];
     # https://nixos.wiki/wiki/SSH_public_key_authentication
@@ -187,11 +196,9 @@
     ];
   };
 
-
   # package moved to systemPackages.nix
   # environment.systemPackages = with pkgs; [
 
-
   # Some programs need SUID wrappers, can be configured further or are
   # started in user sessions.
   # programs.mtr.enable = true;