add amd

2026-01-17 14:48:45 +01:00 · 2026-01-17 14:48:45 +01:00 · 7f9248ad00
commit 7f9248ad00
parent 271b15314c
9 changed files with 354 additions and 32 deletions
--- a/systems/x86_64-linux/amd/default.nix
+++ b/systems/x86_64-linux/amd/default.nix
@ -0,0 +1,138 @@
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}:
+with lib;
+with lib.metacfg;
+{
+  imports = [
+    ./hardware-configuration.nix
+    ./xremap.nix
+  ];
+
+  services.rustdesk-server.signal.enable = false;
+  networking.firewall.allowedTCPPorts = [
+    22000
+  ];
+
+  programs.ccache.enable = true;
+  nix.settings.extra-sandbox-paths = [ config.programs.ccache.cacheDir ];
+
+  services.tailscale.enable = true;
+
+  services.cratedocs-mcp.enable = true;
+
+  services.openssh = {
+    enable = true;
+  };
+
+  hardware.bluetooth.input.General.ClassicBondedOnly = false;
+  services.udev.extraRules = ''
+    KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="342d", ATTRS{idProduct}=="e4c5", MODE="0660", GROUP="users", TAG+="uaccess", TAG+="udev-acl"
+    KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="342d", ATTRS{idProduct}=="e489", MODE="0660", GROUP="users", TAG+="uaccess", TAG+="udev-acl"
+  '';
+
+  metacfg = {
+    base.enable = true;
+    gui.enable = true;
+    nix-ld.enable = true;
+    nix.enable = true;
+    podman.enable = true;
+    secureboot.enable = true;
+    homeprinter.enable = true;
+
+    system = {
+      limits = {
+        enable = true;
+        nofileLimit = 32768;
+        memlockLimit = 32768;
+      };
+    };
+
+    # User configuration
+    tools = {
+      direnv.enable = true;
+    };
+    user.extraGroups = [
+      "docker"
+      "dialout"
+      "tss"
+    ];
+  };
+
+  nixpkgs.config.permittedInsecurePackages = [
+    "electron-27.3.11"
+  ];
+
+  # increase freezing timeout
+  boot.kernel.sysctl = {
+    "power.pm_freeze_timeout" = 30000;
+  };
+
+  environment.systemPackages = with pkgs; [
+    attic-client
+    azure-cli
+    claude-code
+    claude-desktop-with-fhs
+    desktop-file-utils
+    fabric-ai
+    gemini-cli
+    gnome-terminal
+    gnome-remote-desktop
+    gtypist
+    k9s
+    klavaro
+    kubectl
+    kubectx
+    libcamera
+    logseq
+    obsidian
+    piper-tts
+    tipp10
+    uv
+    vscode
+  ];
+
+  zramSwap.enable = true;
+
+  services.ratbagd.enable = true;
+
+  services.resolved.enable = true;
+  #services.resolved.dnssec = "allow-downgrade";
+  #services.resolved.extraConfig = ''
+  #  ResolveUnicastSingleLabel=yes
+  #'';
+
+  virtualisation = {
+    libvirtd.enable = true;
+  };
+
+  system.autoUpgrade = {
+    enable = true;
+    operation = "boot";
+    allowReboot = false;
+  };
+
+  services.trezord.enable = true;
+
+  services.ollama = {
+    enable = false;
+    acceleration = "rocm";
+    environmentVariables = {
+      HSA_OVERRIDE_GFX_VERSION = "10.1.0";
+    };
+  };
+
+  /*
+    environment.sessionVariables = {
+      LIBVA_DRIVER_NAME = "iHD";
+      # NIXOS_OZONE_WL = "1";
+      # DRI_PRIME = "pci-0000_24_00_0";
+      DRI_PRIME = "pci-0000_00_02_0";
+    };
+  */
+
+  system.stateVersion = "25.11";
+}
--- a/systems/x86_64-linux/amd/hardware-configuration.nix
+++ b/systems/x86_64-linux/amd/hardware-configuration.nix
@ -0,0 +1,31 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "nvme" "ahci" "xhci_pci" "thunderbolt" "usbhid" "uas" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-amd" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/050c9912-36c3-4a65-ba8b-ba68e5171e18";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/2C8E-85CB";
+      fsType = "vfat";
+      options = [ "fmask=0077" "dmask=0077" ];
+    };
+
+  swapDevices = [ ];
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
--- a/systems/x86_64-linux/amd/xremap.nix
+++ b/systems/x86_64-linux/amd/xremap.nix
@ -0,0 +1,33 @@
+# In /etc/nixos/configuration.nix
+{ ... }:
+{
+  users.users.harald.extraGroups = [ "input" ];
+
+  # Enable the xremap service
+  services.xremap.enable = true;
+  services.xremap.userName = "harald"; # Replace with your username
+  services.xremap.serviceMode = "user"; # Run as user service, not system-wide
+  services.xremap.withGnome = true;
+
+  # Add a specific configuration block to select your keyboard(s) by name
+  services.xremap.deviceNames = [
+    # Use the name found in the log output: "Hangsheng MonsGeek Keyboard System Control"
+    "Hangsheng MonsGeek Keyboard"
+    "HS Galaxy100 Keyboard"
+    # You can usually shorten the name slightly to match the device you want
+  ];
+
+  # Define your remapping configuration using Nix's attribute set format
+  services.xremap.config = {
+    keymap = [
+      {
+        remap = {
+          # Map Alt+C (LeftAlt-C) to Ctrl+C (LeftControl-C)
+          LeftAlt-C = "COPY";
+          LeftAlt-V = "PASTE";
+          LeftAlt-X = "CUT";
+        };
+      }
+    ];
+  };
+}
--- a/systems/x86_64-linux/x1/default.nix
+++ b/systems/x86_64-linux/x1/default.nix
@ -27,11 +27,8 @@ with lib.metacfg;
  sops.age.sshKeyPaths = [ "/var/lib/secrets/ssh_host_ed25519_key" ];
  sops.secrets."wg".sopsFile = ../../../.secrets/x1/files.yaml;
  sops.secrets."wg".mode = "0444";
-  sops.secrets."hosts".sopsFile = ../../../.secrets/x1/files.yaml;
-  sops.secrets."hosts".mode = "0444";

  environment.etc."wg0.backup.conf".source = config.sops.secrets."wg".path;
-  environment.etc."hosts.backup".source = config.sops.secrets."hosts".path;

  services.openssh = {
    enable = true;