From 195a721d1948b49528bcdf7c58d4a55b17a5e532 Mon Sep 17 00:00:00 2001 From: Harald Hoyer Date: Fri, 10 Jan 2025 15:34:54 +0100 Subject: [PATCH] feat(aarch64): add initial configuration for NixOS on ARM Introduced hardware and system configurations for the aarch64 NixOS system. Includes hardware setup, base system packages, and enabling key services such as Docker and Podman. This establishes the foundation for managing ARM-based systems. --- homes/aarch64-linux/harald@m4nix/default.nix | 61 ++++++++ modules/nixos/services/base/default.nix | 79 +++++----- modules/nixos/services/gui/default.nix | 141 ++++++++++-------- systems/aarch64-linux/m4nix/default.nix | 76 ++++++++++ .../m4nix/hardware-configuration.nix | 46 ++++++ 5 files changed, 306 insertions(+), 97 deletions(-) create mode 100644 homes/aarch64-linux/harald@m4nix/default.nix create mode 100644 systems/aarch64-linux/m4nix/default.nix create mode 100644 systems/aarch64-linux/m4nix/hardware-configuration.nix diff --git a/homes/aarch64-linux/harald@m4nix/default.nix b/homes/aarch64-linux/harald@m4nix/default.nix new file mode 100644 index 0000000..4fd150c --- /dev/null +++ b/homes/aarch64-linux/harald@m4nix/default.nix @@ -0,0 +1,61 @@ +{ lib, config, ... }: +{ + home.sessionPath = [ "$HOME/bin" ]; + + metacfg = { + user = { + enable = true; + name = config.snowfallorg.user.name; + }; + cli-apps = { + bash.enable = true; + fish.enable = true; + neovim.enable = true; + bat.enable = true; + starship.enable = true; + home-manager.enable = true; + }; + tools = { + git.enable = true; + }; + }; + + fonts.fontconfig.enable = true; + + dconf.settings = { + # ... + "org/gnome/shell" = { + disable-user-extensions = false; + + # `gnome-extensions list` for a list + enabled-extensions = [ + "Vitals@CoreCoding.com" + "appindicatorsupport@rgcjonas.gmail.com" + "dash-to-panel@jderose9.github.com" + "hibernate-status@dromi" + "autohide-battery@sitnik.ru" + ]; + + favorite-apps = [ + "org.gnome.Console.desktop" + "jetbrains-toolbox.desktop" + "org.mozilla.firefox.desktop" + "firefox.desktop" + "thunderbird.desktop" + "org.mozilla.Thunderbird.desktop" + "slack.desktop" + "keybase.desktop" + "spotify.desktop" + "org.gnome.Nautilus.desktop" + "virt-manager.desktop" + ]; + }; + "org/virt-manager/virt-manager/connections" = { + autoconnect = [ "qemu:///system" ]; + uris = [ "qemu:///system" ]; + }; + }; + + xdg.enable = true; + xdg.mime.enable = true; +} diff --git a/modules/nixos/services/base/default.nix b/modules/nixos/services/base/default.nix index 4dbbfa9..4630eb3 100644 --- a/modules/nixos/services/base/default.nix +++ b/modules/nixos/services/base/default.nix @@ -38,39 +38,46 @@ in sessionVariables = { PATH = "$HOME/bin"; }; - systemPackages = with pkgs; [ - age - bash - cifs-utils - clevis - delta - efibootmgr - git - git-crypt - git-delete-merged-branches - home-manager - htop - mosh - nixpkgs-fmt - openssl - restic - rrsync - sbctl - sops - strace - tmux - tpm2-pkcs11 - tpm2-pkcs11.out - tpm2-tools - vim - virt-manager - wget - (pkgs.writeShellScriptBin "qemu-system-x86_64-uefi" '' - qemu-system-x86_64 \ - -bios ${pkgs.OVMF.fd}/FV/OVMF.fd \ - "$@" - '') - ]; + systemPackages = + with pkgs; + [ + age + bash + cifs-utils + clevis + delta + efibootmgr + git + git-crypt + git-delete-merged-branches + home-manager + htop + mosh + nixpkgs-fmt + openssl + restic + rrsync + sbctl + sops + strace + tmux + vim + virt-manager + wget + (pkgs.writeShellScriptBin "qemu-system-x86_64-uefi" '' + qemu-system-x86_64 \ + -bios ${pkgs.OVMF.fd}/FV/OVMF.fd \ + "$@" + '') + ] + ++ lib.optionals pkgs.stdenv.targetPlatform.isx86_64 ( + with pkgs; + [ + tpm2-pkcs11 + tpm2-pkcs11.out + tpm2-tools + ] + ); shells = [ pkgs.fish pkgs.bash @@ -78,10 +85,12 @@ in }; hardware = { + cpu = { - amd.updateMicrocode = lib.mkDefault true; - intel.updateMicrocode = lib.mkDefault true; + amd.updateMicrocode = pkgs.stdenv.targetPlatform.isx86_64; + intel.updateMicrocode = pkgs.stdenv.targetPlatform.isx86_64; }; + enableRedistributableFirmware = lib.mkDefault true; enableAllFirmware = true; }; diff --git a/modules/nixos/services/gui/default.nix b/modules/nixos/services/gui/default.nix index b939f04..1e551c0 100644 --- a/modules/nixos/services/gui/default.nix +++ b/modules/nixos/services/gui/default.nix @@ -65,26 +65,36 @@ in hardware.graphics = { enable = true; - extraPackages = with pkgs; [ - vpl-gpu-rt - intel-compute-runtime - intel-media-driver # LIBVA_DRIVER_NAME=iHD - #intel-vaapi-driver # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium) - libvdpau-va-gl - rocmPackages.clr.icd - amdvlk - ]; + extraPackages = + [ ] + ++ lib.optionals pkgs.stdenv.targetPlatform.isx86_64 ( + with pkgs; + [ + vpl-gpu-rt + intel-compute-runtime + intel-media-driver # LIBVA_DRIVER_NAME=iHD + #intel-vaapi-driver # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium) + libvdpau-va-gl + rocmPackages.clr.icd + amdvlk + ] + ); }; systemd.tmpfiles.rules = let rocmEnv = pkgs.symlinkJoin { name = "rocm-combined"; - paths = with pkgs.rocmPackages; [ - rocblas - hipblas - clr - ]; + paths = + [ ] + ++ lib.optionals pkgs.stdenv.targetPlatform.isx86_64 ( + with pkgs.rocmPackages; + [ + rocblas + hipblas + clr + ] + ); }; in [ "L+ /opt/rocm - - - - ${rocmEnv}" ]; @@ -104,54 +114,61 @@ in enableBrowserSocket = true; }; - environment.systemPackages = with pkgs; [ - #pcsctools - bat - cardpeek - ccache - chromium - clang - dive - file - firefox - gh - gimp - git - gnome-browser-connector - cheese - gnome-software - gnomeExtensions.appindicator - gnomeExtensions.autohide-battery - gnomeExtensions.dash-to-panel - gnomeExtensions.hibernate-status-button - gnomeExtensions.vitals - gnupg - go - jetbrains-toolbox - jq - kbfs - libu2f-host - mosh - mosh - nixpkgs-fmt - opensc - pasystray - pinentry-gnome3 - pkg-config - pstree - ripgrep - rustup - slack - spotify - statix - thunderbird - tmux - vim - wl-clipboard - yubikey-manager-qt - yubikey-personalization - zellij - ]; + environment.systemPackages = + with pkgs; + [ + #pcsctools + bat + cardpeek + ccache + chromium + clang + dive + file + firefox + gh + gimp + git + gnome-browser-connector + cheese + gnome-software + gnomeExtensions.appindicator + gnomeExtensions.autohide-battery + gnomeExtensions.dash-to-panel + gnomeExtensions.hibernate-status-button + gnomeExtensions.vitals + gnupg + go + jq + kbfs + libu2f-host + mosh + mosh + nixpkgs-fmt + opensc + pasystray + pinentry-gnome3 + pkg-config + pstree + ripgrep + rustup + statix + thunderbird + tmux + vim + wl-clipboard + yubikey-manager-qt + yubikey-personalization + zellij + ] + ++ lib.optionals pkgs.stdenv.targetPlatform.isx86_64 ( + with pkgs; + [ + slack + spotify + jetbrains-toolbox + ] + ); #----=[ Fonts ]=----# fonts = { diff --git a/systems/aarch64-linux/m4nix/default.nix b/systems/aarch64-linux/m4nix/default.nix new file mode 100644 index 0000000..c557f5d --- /dev/null +++ b/systems/aarch64-linux/m4nix/default.nix @@ -0,0 +1,76 @@ +{ pkgs, lib, ... }: +with lib; +with lib.metacfg; +{ + imports = [ + ./hardware-configuration.nix + ]; + + metacfg = { + base.enable = true; + gui.enable = true; + nix-ld.enable = true; + nix.enable = true; + podman.enable = true; + secureboot.enable = false; + tools = { + direnv.enable = true; + #git.enable = true; + }; + user.extraGroups = [ + "docker" + "dialout" + ]; + }; + + environment.systemPackages = with pkgs; [ + azure-cli + cloudflare-warp + desktop-file-utils + kubectl + kubectx + k9s + attic-client + piper + ]; + + services.ratbagd.enable = true; + + services.resolved.enable = true; + services.resolved.dnssec = "allow-downgrade"; + services.resolved.extraConfig = '' + ResolveUnicastSingleLabel=yes + ''; + + systemd.packages = [ pkgs.cloudflare-warp ]; # for warp-cli + + virtualisation = { + docker.enable = true; + podman.dockerCompat = false; + }; + + system.autoUpgrade = { + enable = true; + operation = "boot"; + allowReboot = false; + }; + + systemd.user.extraConfig = "DefaultLimitNOFILE=32768"; + + security.pam.loginLimits = [ + { + domain = "*"; + item = "nofile"; + type = "-"; + value = "32768"; + } + { + domain = "*"; + item = "memlock"; + type = "-"; + value = "32768"; + } + ]; + + system.stateVersion = "23.11"; +} diff --git a/systems/aarch64-linux/m4nix/hardware-configuration.nix b/systems/aarch64-linux/m4nix/hardware-configuration.nix new file mode 100644 index 0000000..7243378 --- /dev/null +++ b/systems/aarch64-linux/m4nix/hardware-configuration.nix @@ -0,0 +1,46 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ + config, + lib, + pkgs, + modulesPath, + ... +}: + +{ + imports = [ ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/b340000f-2927-414d-9382-edd3120b8e80"; + fsType = "ext4"; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/16C0-5FB0"; + fsType = "vfat"; + options = [ + "fmask=0077" + "dmask=0077" + ]; + }; + + swapDevices = [ + { device = "/dev/disk/by-uuid/76cc3afa-b57e-4f25-95f4-7b15bf1fb796"; } + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp0s1.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux"; +}