feat(aarch64): add initial configuration for NixOS on ARM

Introduced hardware and system configurations for the aarch64 NixOS system. Includes hardware setup, base system packages, and enabling key services such as Docker and Podman. This establishes the foundation for managing ARM-based systems.

homes/aarch64-linux/harald@m4nix/default.nix

@@ -0,0 +1,61 @@
+{ lib, config, ... }:
+{
+  home.sessionPath = [ "$HOME/bin" ];
+
+  metacfg = {
+    user = {
+      enable = true;
+      name = config.snowfallorg.user.name;
+    };
+    cli-apps = {
+      bash.enable = true;
+      fish.enable = true;
+      neovim.enable = true;
+      bat.enable = true;
+      starship.enable = true;
+      home-manager.enable = true;
+    };
+    tools = {
+      git.enable = true;
+    };
+  };
+
+  fonts.fontconfig.enable = true;
+
+  dconf.settings = {
+    # ...
+    "org/gnome/shell" = {
+      disable-user-extensions = false;
+
+      # `gnome-extensions list` for a list
+      enabled-extensions = [
+        "Vitals@CoreCoding.com"
+        "appindicatorsupport@rgcjonas.gmail.com"
+        "dash-to-panel@jderose9.github.com"
+        "hibernate-status@dromi"
+        "autohide-battery@sitnik.ru"
+      ];
+
+      favorite-apps = [
+        "org.gnome.Console.desktop"
+        "jetbrains-toolbox.desktop"
+        "org.mozilla.firefox.desktop"
+        "firefox.desktop"
+        "thunderbird.desktop"
+        "org.mozilla.Thunderbird.desktop"
+        "slack.desktop"
+        "keybase.desktop"
+        "spotify.desktop"
+        "org.gnome.Nautilus.desktop"
+        "virt-manager.desktop"
+      ];
+    };
+    "org/virt-manager/virt-manager/connections" = {
+      autoconnect = [ "qemu:///system" ];
+      uris = [ "qemu:///system" ];
+    };
+  };
+
+  xdg.enable = true;
+  xdg.mime.enable = true;
+}

modules/nixos/services/base/default.nix

@@ -38,7 +38,9 @@ in
       sessionVariables = {
         PATH = "$HOME/bin";
       };
-      systemPackages = with pkgs; [
+      systemPackages =
+        with pkgs;
+        [
           age
           bash
           cifs-utils
@@ -59,9 +61,6 @@ in
           sops
           strace
           tmux
-        tpm2-pkcs11
-        tpm2-pkcs11.out
-        tpm2-tools
           vim
           virt-manager
           wget
@@ -70,7 +69,15 @@ in
               -bios ${pkgs.OVMF.fd}/FV/OVMF.fd \
               "$@"
           '')
-      ];
+        ]
+        ++ lib.optionals pkgs.stdenv.targetPlatform.isx86_64 (
+          with pkgs;
+          [
+            tpm2-pkcs11
+            tpm2-pkcs11.out
+            tpm2-tools
+          ]
+        );
       shells = [
         pkgs.fish
         pkgs.bash
@@ -78,10 +85,12 @@ in
     };
 
     hardware = {
+
       cpu = {
-        amd.updateMicrocode = lib.mkDefault true;
+        amd.updateMicrocode = pkgs.stdenv.targetPlatform.isx86_64;
-        intel.updateMicrocode = lib.mkDefault true;
+        intel.updateMicrocode = pkgs.stdenv.targetPlatform.isx86_64;
       };
+
       enableRedistributableFirmware = lib.mkDefault true;
       enableAllFirmware = true;
     };

modules/nixos/services/gui/default.nix

@@ -65,7 +65,11 @@ in
     hardware.graphics = {
       enable = true;
 
-      extraPackages = with pkgs; [
+      extraPackages =
+        [ ]
+        ++ lib.optionals pkgs.stdenv.targetPlatform.isx86_64 (
+          with pkgs;
+          [
             vpl-gpu-rt
             intel-compute-runtime
             intel-media-driver # LIBVA_DRIVER_NAME=iHD
@@ -73,18 +77,24 @@ in
             libvdpau-va-gl
             rocmPackages.clr.icd
             amdvlk
-      ];
+          ]
+        );
     };
 
     systemd.tmpfiles.rules =
       let
         rocmEnv = pkgs.symlinkJoin {
           name = "rocm-combined";
-          paths = with pkgs.rocmPackages; [
+          paths =
+            [ ]
+            ++ lib.optionals pkgs.stdenv.targetPlatform.isx86_64 (
+              with pkgs.rocmPackages;
+              [
                 rocblas
                 hipblas
                 clr
-          ];
+              ]
+            );
         };
       in
       [ "L+    /opt/rocm   -    -    -     -    ${rocmEnv}" ];
@@ -104,7 +114,9 @@ in
       enableBrowserSocket = true;
     };
 
-    environment.systemPackages = with pkgs; [
+    environment.systemPackages =
+      with pkgs;
+      [
         #pcsctools
         bat
         cardpeek
@@ -127,7 +139,6 @@ in
         gnomeExtensions.vitals
         gnupg
         go
-      jetbrains-toolbox
         jq
         kbfs
         libu2f-host
@@ -141,8 +152,6 @@ in
         pstree
         ripgrep
         rustup
-      slack
-      spotify
         statix
         thunderbird
         tmux
@@ -151,7 +160,15 @@ in
         yubikey-manager-qt
         yubikey-personalization
         zellij
-    ];
+      ]
+      ++ lib.optionals pkgs.stdenv.targetPlatform.isx86_64 (
+        with pkgs;
+        [
+          slack
+          spotify
+          jetbrains-toolbox
+        ]
+      );
 
     #----=[ Fonts ]=----#
     fonts = {

systems/aarch64-linux/m4nix/default.nix

@@ -0,0 +1,76 @@
+{ pkgs, lib, ... }:
+with lib;
+with lib.metacfg;
+{
+  imports = [
+    ./hardware-configuration.nix
+  ];
+
+  metacfg = {
+    base.enable = true;
+    gui.enable = true;
+    nix-ld.enable = true;
+    nix.enable = true;
+    podman.enable = true;
+    secureboot.enable = false;
+    tools = {
+      direnv.enable = true;
+      #git.enable = true;
+    };
+    user.extraGroups = [
+      "docker"
+      "dialout"
+    ];
+  };
+
+  environment.systemPackages = with pkgs; [
+    azure-cli
+    cloudflare-warp
+    desktop-file-utils
+    kubectl
+    kubectx
+    k9s
+    attic-client
+    piper
+  ];
+
+  services.ratbagd.enable = true;
+
+  services.resolved.enable = true;
+  services.resolved.dnssec = "allow-downgrade";
+  services.resolved.extraConfig = ''
+    ResolveUnicastSingleLabel=yes
+  '';
+
+  systemd.packages = [ pkgs.cloudflare-warp ]; # for warp-cli
+
+  virtualisation = {
+    docker.enable = true;
+    podman.dockerCompat = false;
+  };
+
+  system.autoUpgrade = {
+    enable = true;
+    operation = "boot";
+    allowReboot = false;
+  };
+
+  systemd.user.extraConfig = "DefaultLimitNOFILE=32768";
+
+  security.pam.loginLimits = [
+    {
+      domain = "*";
+      item = "nofile";
+      type = "-";
+      value = "32768";
+    }
+    {
+      domain = "*";
+      item = "memlock";
+      type = "-";
+      value = "32768";
+    }
+  ];
+
+  system.stateVersion = "23.11";
+}

systems/aarch64-linux/m4nix/hardware-configuration.nix

@@ -0,0 +1,46 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}:
+
+{
+  imports = [ ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/b340000f-2927-414d-9382-edd3120b8e80";
+    fsType = "ext4";
+  };
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/16C0-5FB0";
+    fsType = "vfat";
+    options = [
+      "fmask=0077"
+      "dmask=0077"
+    ];
+  };
+
+  swapDevices = [
+    { device = "/dev/disk/by-uuid/76cc3afa-b57e-4f25-95f4-7b15bf1fb796"; }
+  ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp0s1.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
+}