Commit c5fc179cdc07

Vincent Demeester <vincent@sbr.pm>
2021-09-09 16:54:32
systems: initialize aomi ๐Ÿ™ƒ
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
main
1 parent 2e7593f
Changed files (3)
systems
hardware
lenovo-p1.nix
hosts
aomi.nix
hosts.nix
systems/hardware/lenovo-p1.nix
@@ -0,0 +1,52 @@
+{ config, pkgs, lib, ... }:
+let
+  sources = import ../../nix/sources.nix;
+in
+{
+  imports = [
+    (sources.nixos-hardware + "/common/pc/ssd")
+    (sources.nixos-hardware + "/lenovo/thinkpad/p1/3th-gen")
+    ./thinkpad.nix
+  ];
+  boot = {
+    initrd.availableKernelModules = [ "nvme" "rtsx_pci_sdmmc" ];
+  };
+  hardware = {
+    enableAllFirmware = true;
+    bluetooth = {
+      enable = true;
+      powerOnBoot = true;
+    };
+  };
+  nix.maxJobs = 12;
+  services.throttled.enable = lib.mkDefault true;
+  services = {
+    tlp = {
+      extraConfig = ''
+        # CPU optimizations
+        CPU_SCALING_GOVERNOR_ON_AC=performance
+        CPU_SCALING_GOVERNOR_ON_BAT=powersave
+        CPU_MIN_PERF_ON_AC=0
+        CPU_MAX_PERF_ON_AC=100
+        CPU_MIN_PERF_ON_BAT=0
+        CPU_MAX_PERF_ON_BAT=50
+        # DEVICES (wifi, ..)
+        DEVICES_TO_DISABLE_ON_STARTUP=""
+        DEVICES_TO_ENABLE_ON_AC="bluetooth wifi wwan"
+        DEVICES_TO_DISABLE_ON_BAT=""
+        # Network management
+        DEVICES_TO_DISABLE_ON_LAN_CONNECT=""
+        DEVICES_TO_DISABLE_ON_WIFI_CONNECT=""
+        DEVICES_TO_DISABLE_ON_WWAN_CONNECT=""
+        DEVICES_TO_ENABLE_ON_LAN_DISCONNECT=""
+        DEVICES_TO_ENABLE_ON_WIFI_DISCONNECT=""
+        DEVICES_TO_ENABLE_ON_WWAN_DISCONNECT=""
+        # Docking
+        DEVICES_TO_DISABLE_ON_DOCK="wifi"
+        DEVICES_TO_ENABLE_ON_UNDOCK="wifi"
+        # Make sure it uses the right hard drive
+        #DISK_DEVICES="nvme0n1p2"
+      '';
+    };
+  };
+}
systems/hosts/aomi.nix
@@ -0,0 +1,95 @@
+{ sources ? import ../../nix
+, lib ? sources.lib
+, pkgs ? sources.pkgs { }
+}:
+
+with lib;
+let
+  hostname = "aomi";
+  secretPath = ../../secrets/machines.nix;
+  secretCondition = (builtins.pathExists secretPath);
+
+  ip = strings.optionalString secretCondition (import secretPath).wireguard.ips."${hostname}";
+  ips = lists.optionals secretCondition ([ "${ip}/24" ]);
+  endpointIP = strings.optionalString secretCondition (import secretPath).wg.endpointIP;
+  endpointPort = if secretCondition then (import secretPath).wg.listenPort else 0;
+  endpointPublicKey = strings.optionalString secretCondition (import secretPath).wireguard.kerkouane.publicKey;
+in
+{
+  imports = [
+    ../hardware/lenovo-p1.nix
+    (import ../../nix).home-manager-stable
+    ../modules
+    (import ../../users).vincent
+    (import ../../users).root
+  ];
+
+  networking = {
+    hostName = hostname;
+  };
+
+  boot = {
+    kernelPackages = pkgs.linuxPackages_latest;
+    tmpOnTmpfs = true;
+    plymouth = {
+      enable = true;
+      themePackages = [ pkgs.my.adi1090x-plymouth ];
+      theme = "hexagon";
+      # hexagon, green_loader, deus_ex, cuts, sphere, spinner_alt
+    };
+    extraModulePackages = with pkgs.linuxPackages_latest; [
+      v4l2loopback
+    ];
+    kernelModules = [ "v4l2loopback" ];
+    extraModprobeConfig = ''
+      options v4l2loopback exclusive_caps=1
+    '';
+    binfmt.registrations = {
+      s390x-linux = {
+        # interpreter = getEmulator "s390x-linux";
+        interpreter = "${pkgs.qemu}/bin/qemu-s390x";
+        magicOrExtension = ''\x7fELF\x02\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x16'';
+        mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff'';
+      };
+    };
+    binfmt.emulatedSystems = [
+      "armv6l-linux"
+      "armv7l-linux"
+      "aarch64-linux"
+      # "s390x-linux"
+      "powerpc64le-linux"
+    ];
+  };
+
+  # FIXME Fix tmpOnTmpfs
+  systemd.additionalUpstreamSystemUnits = [ "tmp.mount" ];
+
+  services.hardware.bolt.enable = true;
+
+  profiles = {
+    desktop.i3.enable = true;
+    laptop.enable = true;
+    home = true;
+    dev.enable = true;
+    yubikey.enable = true;
+    virtualization = { enable = true; nested = true; };
+    redhat.enable = true;
+  };
+
+  environment.systemPackages = with pkgs; [
+    virtmanager
+    # force xbacklight to work
+    acpilight
+  ];
+
+  services = {
+    wireguard = {
+      enable = true;
+      ips = ips;
+      endpoint = endpointIP;
+      endpointPort = endpointPort;
+      endpointPublicKey = endpointPublicKey;
+    };
+  };
+
+}
hosts.nix
@@ -1,12 +1,11 @@
 {
   naruhodo = { arch = "x86_64-linux"; type = "unstable"; };
+  aomi = { arch = "x86_64-linux"; type = "unstable"; };
   # servers
+  # FIXME(vdemeester) move this away
   hokkaido = { arch = "x86_64-linux"; };
   wakasu = { arch = "x86_64-linux"; };
   kerkouane = { arch = "x86_64-linux"; };
-  okinawa = { arch = "x86_64-linux"; };
+  # okinawa = { arch = "x86_64-linux"; }; # okinawa died
   sakhalin = { arch = "x86_64-linux"; };
-  # Test VM
-  foo = { arch = "x86_64-linux"; type = "unstable"; vm = true; };
-  # mypi = { arch = "aarch64-linux" };
 }