harald/nixcfg
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

feat(aarch64): add initial configuration for NixOS on ARM

Browse source 
Introduced hardware and system configurations for the aarch64 NixOS system. Includes hardware setup, base system packages, and enabling key services such as Docker and Podman. This establishes the foundation for managing ARM-based systems.
This commit is contained in:
Harald Hoyer 2025-01-10 15:34:54 +01:00
parent f45a366528
commit 195a721d19
5 changed files with 306 additions and 97 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

61
homes/aarch64-linux/harald@m4nix/default.nix Normal file
View file

@ -0,0 +1,61 @@
{ lib, config, ... }:
{
home.sessionPath = [ "$HOME/bin" ];
metacfg = {
user = {
enable = true;
name = config.snowfallorg.user.name;
};
cli-apps = {
bash.enable = true;
fish.enable = true;
neovim.enable = true;
bat.enable = true;
starship.enable = true;
home-manager.enable = true;
};
tools = {
git.enable = true;
};
};
fonts.fontconfig.enable = true;
dconf.settings = {
# ...
"org/gnome/shell" = {
disable-user-extensions = false;
# `gnome-extensions list` for a list
enabled-extensions = [
"Vitals@CoreCoding.com"
"appindicatorsupport@rgcjonas.gmail.com"
"dash-to-panel@jderose9.github.com"
"hibernate-status@dromi"
"autohide-battery@sitnik.ru"
];
favorite-apps = [
"org.gnome.Console.desktop"
"jetbrains-toolbox.desktop"
"org.mozilla.firefox.desktop"
"firefox.desktop"
"thunderbird.desktop"
"org.mozilla.Thunderbird.desktop"
"slack.desktop"
"keybase.desktop"
"spotify.desktop"
"org.gnome.Nautilus.desktop"
"virt-manager.desktop"
];
};
"org/virt-manager/virt-manager/connections" = {
autoconnect = [ "qemu:///system" ];
uris = [ "qemu:///system" ];
};
};
xdg.enable = true;
xdg.mime.enable = true;
}

79
modules/nixos/services/base/default.nix
View file

@ -38,39 +38,46 @@ in
sessionVariables = { sessionVariables = {
PATH = "$HOME/bin"; PATH = "$HOME/bin";
}; };
systemPackages = with pkgs; [ systemPackages =
age with pkgs;
bash [
cifs-utils age
clevis bash
delta cifs-utils
efibootmgr clevis
git delta
git-crypt efibootmgr
git-delete-merged-branches git
home-manager git-crypt
htop git-delete-merged-branches
mosh home-manager
nixpkgs-fmt htop
openssl mosh
restic nixpkgs-fmt
rrsync openssl
sbctl restic
sops rrsync
strace sbctl
tmux sops
tpm2-pkcs11 strace
tpm2-pkcs11.out tmux
tpm2-tools vim
vim virt-manager
virt-manager wget
wget (pkgs.writeShellScriptBin "qemu-system-x86_64-uefi" ''
(pkgs.writeShellScriptBin "qemu-system-x86_64-uefi" '' qemu-system-x86_64 \
qemu-system-x86_64 \ -bios ${pkgs.OVMF.fd}/FV/OVMF.fd \
-bios ${pkgs.OVMF.fd}/FV/OVMF.fd \ "$@"
"$@" '')
'') ]
]; ++ lib.optionals pkgs.stdenv.targetPlatform.isx86_64 (
with pkgs;
[
tpm2-pkcs11
tpm2-pkcs11.out
tpm2-tools
]
);
shells = [ shells = [
pkgs.fish pkgs.fish
pkgs.bash pkgs.bash
@ -78,10 +85,12 @@ in
}; };
hardware = { hardware = {
cpu = { cpu = {
amd.updateMicrocode = lib.mkDefault true; amd.updateMicrocode = pkgs.stdenv.targetPlatform.isx86_64;
intel.updateMicrocode = lib.mkDefault true; intel.updateMicrocode = pkgs.stdenv.targetPlatform.isx86_64;
}; };
enableRedistributableFirmware = lib.mkDefault true; enableRedistributableFirmware = lib.mkDefault true;
enableAllFirmware = true; enableAllFirmware = true;
}; };

141
modules/nixos/services/gui/default.nix
View file

@ -65,26 +65,36 @@ in
hardware.graphics = { hardware.graphics = {
enable = true; enable = true;
extraPackages = with pkgs; [ extraPackages =
vpl-gpu-rt [ ]
intel-compute-runtime ++ lib.optionals pkgs.stdenv.targetPlatform.isx86_64 (
intel-media-driver # LIBVA_DRIVER_NAME=iHD with pkgs;
#intel-vaapi-driver # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium) [
libvdpau-va-gl vpl-gpu-rt
rocmPackages.clr.icd intel-compute-runtime
amdvlk intel-media-driver # LIBVA_DRIVER_NAME=iHD
]; #intel-vaapi-driver # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium)
libvdpau-va-gl
rocmPackages.clr.icd
amdvlk
]
);
}; };
systemd.tmpfiles.rules = systemd.tmpfiles.rules =
let let
rocmEnv = pkgs.symlinkJoin { rocmEnv = pkgs.symlinkJoin {
name = "rocm-combined"; name = "rocm-combined";
paths = with pkgs.rocmPackages; [ paths =
rocblas [ ]
hipblas ++ lib.optionals pkgs.stdenv.targetPlatform.isx86_64 (
clr with pkgs.rocmPackages;
]; [
rocblas
hipblas
clr
]
);
}; };
in in
[ "L+ /opt/rocm - - - - ${rocmEnv}" ]; [ "L+ /opt/rocm - - - - ${rocmEnv}" ];
@ -104,54 +114,61 @@ in
enableBrowserSocket = true; enableBrowserSocket = true;
}; };
environment.systemPackages = with pkgs; [ environment.systemPackages =
#pcsctools with pkgs;
bat [
cardpeek #pcsctools
ccache bat
chromium cardpeek
clang ccache
dive chromium
file clang
firefox dive
gh file
gimp firefox
git gh
gnome-browser-connector gimp
cheese git
gnome-software gnome-browser-connector
gnomeExtensions.appindicator cheese
gnomeExtensions.autohide-battery gnome-software
gnomeExtensions.dash-to-panel gnomeExtensions.appindicator
gnomeExtensions.hibernate-status-button gnomeExtensions.autohide-battery
gnomeExtensions.vitals gnomeExtensions.dash-to-panel
gnupg gnomeExtensions.hibernate-status-button
go gnomeExtensions.vitals
jetbrains-toolbox gnupg
jq go
kbfs jq
libu2f-host kbfs
mosh libu2f-host
mosh mosh
nixpkgs-fmt mosh
opensc nixpkgs-fmt
pasystray opensc
pinentry-gnome3 pasystray
pkg-config pinentry-gnome3
pstree pkg-config
ripgrep pstree
rustup ripgrep
slack rustup
spotify statix
statix thunderbird
thunderbird tmux
tmux vim
vim wl-clipboard
wl-clipboard yubikey-manager-qt
yubikey-manager-qt yubikey-personalization
yubikey-personalization zellij
zellij ]
]; ++ lib.optionals pkgs.stdenv.targetPlatform.isx86_64 (
with pkgs;
[
slack
spotify
jetbrains-toolbox
]
);
#----=[ Fonts ]=----# #----=[ Fonts ]=----#
fonts = { fonts = {

76
systems/aarch64-linux/m4nix/default.nix Normal file
View file

@ -0,0 +1,76 @@
{ pkgs, lib, ... }:
with lib;
with lib.metacfg;
{
imports = [
./hardware-configuration.nix
];
metacfg = {
base.enable = true;
gui.enable = true;
nix-ld.enable = true;
nix.enable = true;
podman.enable = true;
secureboot.enable = false;
tools = {
direnv.enable = true;
#git.enable = true;
};
user.extraGroups = [
"docker"
"dialout"
];
};
environment.systemPackages = with pkgs; [
azure-cli
cloudflare-warp
desktop-file-utils
kubectl
kubectx
k9s
attic-client
piper
];
services.ratbagd.enable = true;
services.resolved.enable = true;
services.resolved.dnssec = "allow-downgrade";
services.resolved.extraConfig = ''
ResolveUnicastSingleLabel=yes
'';
systemd.packages = [ pkgs.cloudflare-warp ]; # for warp-cli
virtualisation = {
docker.enable = true;
podman.dockerCompat = false;
};
system.autoUpgrade = {
enable = true;
operation = "boot";
allowReboot = false;
};
systemd.user.extraConfig = "DefaultLimitNOFILE=32768";
security.pam.loginLimits = [
{
domain = "*";
item = "nofile";
type = "-";
value = "32768";
}
{
domain = "*";
item = "memlock";
type = "-";
value = "32768";
}
];
system.stateVersion = "23.11";
}

46
systems/aarch64-linux/m4nix/hardware-configuration.nix Normal file
View file

@ -0,0 +1,46 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [ ];
boot.initrd.availableKernelModules = [ "xhci_pci" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/b340000f-2927-414d-9382-edd3120b8e80";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/16C0-5FB0";
fsType = "vfat";
options = [
"fmask=0077"
"dmask=0077"
];
};
swapDevices = [
{ device = "/dev/disk/by-uuid/76cc3afa-b57e-4f25-95f4-7b15bf1fb796"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp0s1.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
}