feat: add m4nix VM

Signed-off-by: Harald Hoyer <harald@hoyer.xyz>
feat(aarch64): add initial configuration for NixOS on ARM
2025-01-10 16:46:16 +01:00 · 2025-01-10 15:34:54 +01:00
5 changed files with 306 additions and 97 deletions
--- a/homes/aarch64-linux/harald@m4nix/default.nix
+++ b/homes/aarch64-linux/harald@m4nix/default.nix
@ -0,0 +1,61 @@
+{ lib, config, ... }:
+{
+  home.sessionPath = [ "$HOME/bin" ];
+
+  metacfg = {
+    user = {
+      enable = true;
+      name = config.snowfallorg.user.name;
+    };
+    cli-apps = {
+      bash.enable = true;
+      fish.enable = true;
+      neovim.enable = true;
+      bat.enable = true;
+      starship.enable = true;
+      home-manager.enable = true;
+    };
+    tools = {
+      git.enable = true;
+    };
+  };
+
+  fonts.fontconfig.enable = true;
+
+  dconf.settings = {
+    # ...
+    "org/gnome/shell" = {
+      disable-user-extensions = false;
+
+      # `gnome-extensions list` for a list
+      enabled-extensions = [
+        "Vitals@CoreCoding.com"
+        "appindicatorsupport@rgcjonas.gmail.com"
+        "dash-to-panel@jderose9.github.com"
+        "hibernate-status@dromi"
+        "autohide-battery@sitnik.ru"
+      ];
+
+      favorite-apps = [
+        "org.gnome.Console.desktop"
+        "jetbrains-toolbox.desktop"
+        "org.mozilla.firefox.desktop"
+        "firefox.desktop"
+        "thunderbird.desktop"
+        "org.mozilla.Thunderbird.desktop"
+        "slack.desktop"
+        "keybase.desktop"
+        "spotify.desktop"
+        "org.gnome.Nautilus.desktop"
+        "virt-manager.desktop"
+      ];
+    };
+    "org/virt-manager/virt-manager/connections" = {
+      autoconnect = [ "qemu:///system" ];
+      uris = [ "qemu:///system" ];
+    };
+  };
+
+  xdg.enable = true;
+  xdg.mime.enable = true;
+}
--- a/modules/nixos/services/base/default.nix
+++ b/modules/nixos/services/base/default.nix
@ -38,39 +38,46 @@ in
      sessionVariables = {
        PATH = "$HOME/bin";
      };
-      systemPackages = with pkgs; [
-        age
-        bash
-        cifs-utils
-        clevis
-        delta
-        efibootmgr
-        git
-        git-crypt
-        git-delete-merged-branches
-        home-manager
-        htop
-        mosh
-        nixpkgs-fmt
-        openssl
-        restic
-        rrsync
-        sbctl
-        sops
-        strace
-        tmux
-        tpm2-pkcs11
-        tpm2-pkcs11.out
-        tpm2-tools
-        vim
-        virt-manager
-        wget
-        (pkgs.writeShellScriptBin "qemu-system-x86_64-uefi" ''
-          qemu-system-x86_64 \
-            -bios ${pkgs.OVMF.fd}/FV/OVMF.fd \
-            "$@"
-        '')
-      ];
+      systemPackages =
+        with pkgs;
+        [
+          age
+          bash
+          cifs-utils
+          clevis
+          delta
+          efibootmgr
+          git
+          git-crypt
+          git-delete-merged-branches
+          home-manager
+          htop
+          mosh
+          nixpkgs-fmt
+          openssl
+          restic
+          rrsync
+          sbctl
+          sops
+          strace
+          tmux
+          vim
+          virt-manager
+          wget
+          (pkgs.writeShellScriptBin "qemu-system-x86_64-uefi" ''
+            qemu-system-x86_64 \
+              -bios ${pkgs.OVMF.fd}/FV/OVMF.fd \
+              "$@"
+          '')
+        ]
+        ++ lib.optionals pkgs.stdenv.targetPlatform.isx86_64 (
+          with pkgs;
+          [
+            tpm2-pkcs11
+            tpm2-pkcs11.out
+            tpm2-tools
+          ]
+        );
      shells = [
        pkgs.fish
        pkgs.bash
@ -78,10 +85,12 @@ in
    };

    hardware = {
+
      cpu = {
-        amd.updateMicrocode = lib.mkDefault true;
-        intel.updateMicrocode = lib.mkDefault true;
+        amd.updateMicrocode = pkgs.stdenv.targetPlatform.isx86_64;
+        intel.updateMicrocode = pkgs.stdenv.targetPlatform.isx86_64;
      };
+
      enableRedistributableFirmware = lib.mkDefault true;
      enableAllFirmware = true;
    };
--- a/modules/nixos/services/gui/default.nix
+++ b/modules/nixos/services/gui/default.nix
@ -65,26 +65,36 @@ in
    hardware.graphics = {
      enable = true;

-      extraPackages = with pkgs; [
-        vpl-gpu-rt
-        intel-compute-runtime
-        intel-media-driver # LIBVA_DRIVER_NAME=iHD
-        #intel-vaapi-driver # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium)
-        libvdpau-va-gl
-        rocmPackages.clr.icd
-        amdvlk
-      ];
+      extraPackages =
+        [ ]
+        ++ lib.optionals pkgs.stdenv.targetPlatform.isx86_64 (
+          with pkgs;
+          [
+            vpl-gpu-rt
+            intel-compute-runtime
+            intel-media-driver # LIBVA_DRIVER_NAME=iHD
+            #intel-vaapi-driver # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium)
+            libvdpau-va-gl
+            rocmPackages.clr.icd
+            amdvlk
+          ]
+        );
    };

    systemd.tmpfiles.rules =
      let
        rocmEnv = pkgs.symlinkJoin {
          name = "rocm-combined";
-          paths = with pkgs.rocmPackages; [
-            rocblas
-            hipblas
-            clr
-          ];
+          paths =
+            [ ]
+            ++ lib.optionals pkgs.stdenv.targetPlatform.isx86_64 (
+              with pkgs.rocmPackages;
+              [
+                rocblas
+                hipblas
+                clr
+              ]
+            );
        };
      in
      [ "L+    /opt/rocm   -    -    -     -    ${rocmEnv}" ];
@ -104,54 +114,61 @@ in
      enableBrowserSocket = true;
    };

-    environment.systemPackages = with pkgs; [
-      #pcsctools
-      bat
-      cardpeek
-      ccache
-      chromium
-      clang
-      dive
-      file
-      firefox
-      gh
-      gimp
-      git
-      gnome-browser-connector
-      cheese
-      gnome-software
-      gnomeExtensions.appindicator
-      gnomeExtensions.autohide-battery
-      gnomeExtensions.dash-to-panel
-      gnomeExtensions.hibernate-status-button
-      gnomeExtensions.vitals
-      gnupg
-      go
-      jetbrains-toolbox
-      jq
-      kbfs
-      libu2f-host
-      mosh
-      mosh
-      nixpkgs-fmt
-      opensc
-      pasystray
-      pinentry-gnome3
-      pkg-config
-      pstree
-      ripgrep
-      rustup
-      slack
-      spotify
-      statix
-      thunderbird
-      tmux
-      vim
-      wl-clipboard
-      yubikey-manager-qt
-      yubikey-personalization
-      zellij
-    ];
+    environment.systemPackages =
+      with pkgs;
+      [
+        #pcsctools
+        bat
+        cardpeek
+        ccache
+        chromium
+        clang
+        dive
+        file
+        firefox
+        gh
+        gimp
+        git
+        gnome-browser-connector
+        cheese
+        gnome-software
+        gnomeExtensions.appindicator
+        gnomeExtensions.autohide-battery
+        gnomeExtensions.dash-to-panel
+        gnomeExtensions.hibernate-status-button
+        gnomeExtensions.vitals
+        gnupg
+        go
+        jq
+        kbfs
+        libu2f-host
+        mosh
+        mosh
+        nixpkgs-fmt
+        opensc
+        pasystray
+        pinentry-gnome3
+        pkg-config
+        pstree
+        ripgrep
+        rustup
+        statix
+        thunderbird
+        tmux
+        vim
+        wl-clipboard
+        yubikey-manager-qt
+        yubikey-personalization
+        zellij
+      ]
+      ++ lib.optionals pkgs.stdenv.targetPlatform.isx86_64 (
+        with pkgs;
+        [
+          slack
+          spotify
+          jetbrains-toolbox
+        ]
+      );

    #----=[ Fonts ]=----#
    fonts = {
--- a/systems/aarch64-linux/m4nix/default.nix
+++ b/systems/aarch64-linux/m4nix/default.nix
@ -0,0 +1,76 @@
+{ pkgs, lib, ... }:
+with lib;
+with lib.metacfg;
+{
+  imports = [
+    ./hardware-configuration.nix
+  ];
+
+  metacfg = {
+    base.enable = true;
+    gui.enable = true;
+    nix-ld.enable = true;
+    nix.enable = true;
+    podman.enable = true;
+    secureboot.enable = false;
+    tools = {
+      direnv.enable = true;
+      #git.enable = true;
+    };
+    user.extraGroups = [
+      "docker"
+      "dialout"
+    ];
+  };
+
+  environment.systemPackages = with pkgs; [
+    azure-cli
+    cloudflare-warp
+    desktop-file-utils
+    kubectl
+    kubectx
+    k9s
+    attic-client
+    piper
+  ];
+
+  services.ratbagd.enable = true;
+
+  services.resolved.enable = true;
+  services.resolved.dnssec = "allow-downgrade";
+  services.resolved.extraConfig = ''
+    ResolveUnicastSingleLabel=yes
+  '';
+
+  systemd.packages = [ pkgs.cloudflare-warp ]; # for warp-cli
+
+  virtualisation = {
+    docker.enable = true;
+    podman.dockerCompat = false;
+  };
+
+  system.autoUpgrade = {
+    enable = true;
+    operation = "boot";
+    allowReboot = false;
+  };
+
+  systemd.user.extraConfig = "DefaultLimitNOFILE=32768";
+
+  security.pam.loginLimits = [
+    {
+      domain = "*";
+      item = "nofile";
+      type = "-";
+      value = "32768";
+    }
+    {
+      domain = "*";
+      item = "memlock";
+      type = "-";
+      value = "32768";
+    }
+  ];
+
+  system.stateVersion = "23.11";
+}
--- a/systems/aarch64-linux/m4nix/hardware-configuration.nix
+++ b/systems/aarch64-linux/m4nix/hardware-configuration.nix
@ -0,0 +1,46 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}:
+
+{
+  imports = [ ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/b340000f-2927-414d-9382-edd3120b8e80";
+    fsType = "ext4";
+  };
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/16C0-5FB0";
+    fsType = "vfat";
+    options = [
+      "fmask=0077"
+      "dmask=0077"
+    ];
+  };
+
+  swapDevices = [
+    { device = "/dev/disk/by-uuid/76cc3afa-b57e-4f25-95f4-7b15bf1fb796"; }
+  ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp0s1.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
+}