feat(aarch64): add initial configuration for NixOS on ARM

Introduced hardware and system configurations for the aarch64 NixOS system. Includes hardware setup, base system packages, and enabling key services such as Docker and Podman. This establishes the foundation for managing ARM-based systems.
This commit is contained in:
Harald Hoyer 2025-01-10 15:34:54 +01:00
parent f45a366528
commit 195a721d19
5 changed files with 306 additions and 97 deletions

View file

@ -0,0 +1,61 @@
{ lib, config, ... }:
{
home.sessionPath = [ "$HOME/bin" ];
metacfg = {
user = {
enable = true;
name = config.snowfallorg.user.name;
};
cli-apps = {
bash.enable = true;
fish.enable = true;
neovim.enable = true;
bat.enable = true;
starship.enable = true;
home-manager.enable = true;
};
tools = {
git.enable = true;
};
};
fonts.fontconfig.enable = true;
dconf.settings = {
# ...
"org/gnome/shell" = {
disable-user-extensions = false;
# `gnome-extensions list` for a list
enabled-extensions = [
"Vitals@CoreCoding.com"
"appindicatorsupport@rgcjonas.gmail.com"
"dash-to-panel@jderose9.github.com"
"hibernate-status@dromi"
"autohide-battery@sitnik.ru"
];
favorite-apps = [
"org.gnome.Console.desktop"
"jetbrains-toolbox.desktop"
"org.mozilla.firefox.desktop"
"firefox.desktop"
"thunderbird.desktop"
"org.mozilla.Thunderbird.desktop"
"slack.desktop"
"keybase.desktop"
"spotify.desktop"
"org.gnome.Nautilus.desktop"
"virt-manager.desktop"
];
};
"org/virt-manager/virt-manager/connections" = {
autoconnect = [ "qemu:///system" ];
uris = [ "qemu:///system" ];
};
};
xdg.enable = true;
xdg.mime.enable = true;
}

View file

@ -38,7 +38,9 @@ in
sessionVariables = {
PATH = "$HOME/bin";
};
systemPackages = with pkgs; [
systemPackages =
with pkgs;
[
age
bash
cifs-utils
@ -59,9 +61,6 @@ in
sops
strace
tmux
tpm2-pkcs11
tpm2-pkcs11.out
tpm2-tools
vim
virt-manager
wget
@ -70,7 +69,15 @@ in
-bios ${pkgs.OVMF.fd}/FV/OVMF.fd \
"$@"
'')
];
]
++ lib.optionals pkgs.stdenv.targetPlatform.isx86_64 (
with pkgs;
[
tpm2-pkcs11
tpm2-pkcs11.out
tpm2-tools
]
);
shells = [
pkgs.fish
pkgs.bash
@ -78,10 +85,12 @@ in
};
hardware = {
cpu = {
amd.updateMicrocode = lib.mkDefault true;
intel.updateMicrocode = lib.mkDefault true;
amd.updateMicrocode = pkgs.stdenv.targetPlatform.isx86_64;
intel.updateMicrocode = pkgs.stdenv.targetPlatform.isx86_64;
};
enableRedistributableFirmware = lib.mkDefault true;
enableAllFirmware = true;
};

View file

@ -65,7 +65,11 @@ in
hardware.graphics = {
enable = true;
extraPackages = with pkgs; [
extraPackages =
[ ]
++ lib.optionals pkgs.stdenv.targetPlatform.isx86_64 (
with pkgs;
[
vpl-gpu-rt
intel-compute-runtime
intel-media-driver # LIBVA_DRIVER_NAME=iHD
@ -73,18 +77,24 @@ in
libvdpau-va-gl
rocmPackages.clr.icd
amdvlk
];
]
);
};
systemd.tmpfiles.rules =
let
rocmEnv = pkgs.symlinkJoin {
name = "rocm-combined";
paths = with pkgs.rocmPackages; [
paths =
[ ]
++ lib.optionals pkgs.stdenv.targetPlatform.isx86_64 (
with pkgs.rocmPackages;
[
rocblas
hipblas
clr
];
]
);
};
in
[ "L+ /opt/rocm - - - - ${rocmEnv}" ];
@ -104,7 +114,9 @@ in
enableBrowserSocket = true;
};
environment.systemPackages = with pkgs; [
environment.systemPackages =
with pkgs;
[
#pcsctools
bat
cardpeek
@ -127,7 +139,6 @@ in
gnomeExtensions.vitals
gnupg
go
jetbrains-toolbox
jq
kbfs
libu2f-host
@ -141,8 +152,6 @@ in
pstree
ripgrep
rustup
slack
spotify
statix
thunderbird
tmux
@ -151,7 +160,15 @@ in
yubikey-manager-qt
yubikey-personalization
zellij
];
]
++ lib.optionals pkgs.stdenv.targetPlatform.isx86_64 (
with pkgs;
[
slack
spotify
jetbrains-toolbox
]
);
#----=[ Fonts ]=----#
fonts = {

View file

@ -0,0 +1,76 @@
{ pkgs, lib, ... }:
with lib;
with lib.metacfg;
{
imports = [
./hardware-configuration.nix
];
metacfg = {
base.enable = true;
gui.enable = true;
nix-ld.enable = true;
nix.enable = true;
podman.enable = true;
secureboot.enable = false;
tools = {
direnv.enable = true;
#git.enable = true;
};
user.extraGroups = [
"docker"
"dialout"
];
};
environment.systemPackages = with pkgs; [
azure-cli
cloudflare-warp
desktop-file-utils
kubectl
kubectx
k9s
attic-client
piper
];
services.ratbagd.enable = true;
services.resolved.enable = true;
services.resolved.dnssec = "allow-downgrade";
services.resolved.extraConfig = ''
ResolveUnicastSingleLabel=yes
'';
systemd.packages = [ pkgs.cloudflare-warp ]; # for warp-cli
virtualisation = {
docker.enable = true;
podman.dockerCompat = false;
};
system.autoUpgrade = {
enable = true;
operation = "boot";
allowReboot = false;
};
systemd.user.extraConfig = "DefaultLimitNOFILE=32768";
security.pam.loginLimits = [
{
domain = "*";
item = "nofile";
type = "-";
value = "32768";
}
{
domain = "*";
item = "memlock";
type = "-";
value = "32768";
}
];
system.stateVersion = "23.11";
}

View file

@ -0,0 +1,46 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [ ];
boot.initrd.availableKernelModules = [ "xhci_pci" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/b340000f-2927-414d-9382-edd3120b8e80";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/16C0-5FB0";
fsType = "vfat";
options = [
"fmask=0077"
"dmask=0077"
];
};
swapDevices = [
{ device = "/dev/disk/by-uuid/76cc3afa-b57e-4f25-95f4-7b15bf1fb796"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp0s1.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
}