Commit 3b99323dc815

Vincent Demeester <vincent@sbr.pm>
2025-05-09 23:37:47
systems: prepare aomi migration and kobe creation
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
main
1 parent 614b9aa
Changed files (5)
systems
aomi
boot.nix
extra.nix
hardware.nix
kobe
disks.nix
hardware.nix
systems/aomi/boot.nix
@@ -0,0 +1,47 @@
+{ pkgs, ... }:
+{
+  boot = {
+    loader.systemd-boot.netbootxyz.enable = true;
+    # initrd = {
+    #   luks.devices."cryptroot" = {
+    #     crypttabExtraOpts = [ "fido2-device=auto" ];
+    #   };
+    #   systemd = {
+    #     fido2.enable = true;
+    #   };
+    # };
+
+    blacklistedKernelModules = [
+      "sierra_net" # sierra wireless modules
+      "cdc_mbim" # modem mobile broadband modules
+      "cdc_ncm" # similar
+    ];
+    kernelModules = [
+      "ahci" # sata controller, might not be needed
+      "nvme" # required for nvme disks
+      "thunderbolt" # required for thunderbolt (dock, …)
+      # from thinkpad x1 gen 9
+      "dm-mod"
+      "cryptd" # required for encryption
+      "xhci_pci" # usb controller related
+      "usb_storage" # usb storage related
+      "sd_mod" # block device related
+      "sdhci_pci" # block device related as well
+      "aesni-intel" # advanced encryption for intel
+      "kvm_intel"
+    ];
+
+    kernelParams = [
+      # Kernel GPU Savings Options (NOTE i915 chipset only)
+      # "i915.enable_rc6=1"
+      # "i915.enable_fbc=1"
+      # "i915.lvds_use_ssc=0"
+      # "drm.debug=0"
+      # "drm.vblankoffdelay=1"
+      "kvm_intel.nested=1"
+      "intel_iommu=on"
+    ];
+
+    kernelPackages = pkgs.linuxPackages_latest;
+  };
+}
systems/aomi/extra.nix
@@ -0,0 +1,34 @@
+_: {
+
+  imports = [
+    ../common/hardware/laptop.nix
+    ../common/programs/direnv.nix
+    ../common/programs/git.nix
+    ../common/programs/tmux.nix
+    # ../common/services/networkmanager.nix
+    # ../common/services/fprint.nix # With yubikey I don't really need this to be honest
+    ../common/services/containers.nix
+    ../common/services/docker.nix
+    ../common/services/lxd.nix
+    # ../common/services/ollama.nix # TODO handle nvidia vs not ?
+    # ../common/services/prometheus-exporters
+    # ../common/services/gitea-runner
+
+    ../redhat
+  ];
+
+  services = {
+    logind.extraConfig = ''
+      HandleLidSwitch=ignore
+      HandleLidSwitchExternalPower=ignore
+      HandleLidSwitchDocked=ignore
+    '';
+    wireguard = {
+      enable = true;
+      ips = globals.fn.wg-ips globals.machines.kyushu.net.vpn.ips;
+      endpoint = "${globals.net.vpn.endpoint}";
+      endpointPublicKey = "${globals.net.vpn.pubkey}";
+    };
+    hardware.bolt.enable = true;
+  };
+}
systems/aomi/hardware.nix
@@ -0,0 +1,49 @@
+{
+  inputs,
+  lib,
+}:
+{
+  imports = [
+    # inputs.disko.nixosModules.diskop # Do this if re-install
+    # (import ./disks.nix { inherit lib; })
+
+    inputs.nixos-hardware.nixosModules.lenovo-thinkap-p1-3th-gen
+
+    ../common/hardware/acpid.nix
+    # ../common/hardware/bluetooth.nix
+  ];
+
+  hardware = {
+    enableAllFirmware = true;
+  };
+
+  # FILESYSTEM
+  boot.initrd.luks.devices = {
+    root = {
+      device = "/dev/disk/by-uuid/91b05f64-b97d-4405-8405-8785699ada8f";
+      preLVM = true;
+      allowDiscards = true;
+      keyFile = "/dev/disk/by-id/mmc-SD08G_0x704a5a38";
+      keyFileSize = 4096;
+      fallbackToPassword = true;
+    };
+  };
+
+  fileSystems."/" = {
+    # device = "/dev/disk/by-uuid/6bedd234-3179-46f7-9a3f-feeffd880791";
+    device = "/dev/mapper/root";
+    fsType = "ext4";
+    options = [
+      "noatime"
+      "discard"
+    ];
+  };
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/32B9-94CC";
+    fsType = "vfat";
+  };
+
+  swapDevices = [ { device = "/dev/disk/by-uuid/24da6a46-cd28-4bff-9220-6f449e3bd8b5"; } ];
+
+}
systems/kobe/disks.nix
@@ -0,0 +1,50 @@
+_: {
+  disko.devices = {
+    disk = {
+      # 512GB root/boot drive. Configured with:
+      # - A FAT32 ESP partition for systemd-boot
+      # - A LUKS container which contains an EXT4 filesystem
+      root = {
+        type = "disk";
+        device = ""; # FIXME
+        content = {
+          type = "gpt";
+          partitions = {
+            ESP = {
+              size = "1G";
+              type = "EF00";
+              content = {
+                type = "filesystem";
+                format = "vfat";
+                mountpoint = "/boot";
+                mountOptions = [ "umask=0077" ];
+              };
+            };
+            root = {
+              size = "100%";
+              content = {
+                # LUKS passphrase will be prompted interactively only
+                type = "luks";
+                name = "cryptroot";
+                askPassword = true;
+                settings = {
+                  allowDiscards = true;
+                };
+                content = {
+                  type = "filesystem";
+                  format = "ext4";
+                  mountpoint = "/";
+                  mountOptions = [
+                    "noatime"
+                    "nodiratime"
+                    "discard"
+                  ];
+                };
+              };
+            };
+          };
+        };
+      };
+    };
+  };
+}
systems/kobe/hardware.nix
@@ -0,0 +1,11 @@
+{ inputs, lib, ... }:
+{
+  imports = [
+    inputs.disko.nixosModules.disko
+    (import ./disks.nix { inherit lib; })
+
+    inputs.nixos-hardware.nixosModules.lenovo-thinkpad-p50
+
+  ];
+
+}