nixfiles/nixos/boxes/home/castle/default.nix

{ lib, ... }:
let
  inherit (lib.my) net;
  inherit (lib.my.c) networkd;
  inherit (lib.my.c.home) domain vlans prefixes vips roceBootModules;
in
{
  nixos.systems.castle = {
    system = "x86_64-linux";
    nixpkgs = "mine";
    home-manager = "mine";

    assignments = {
      hi = {
        inherit domain;
        ipv4 = {
          address = net.cidr.host 40 prefixes.hi.v4;
          mask = 22;
          gateway = vips.hi.v4;
        };
        ipv6 = {
          iid = "::3:1";
          address = net.cidr.host (65536*3+1) prefixes.hi.v6;
        };
      };
    };

    configuration = { lib, pkgs, modulesPath, config, systems, assignments, allAssignments, ... }:
      let
        inherit (lib) mkIf mkMerge mkForce;
        inherit (lib.my) mkVLAN networkdAssignment;
      in
      {
        hardware = {
          enableRedistributableFirmware = true;
          cpu = {
            amd.updateMicrocode = true;
          };
          opengl.extraPackages = with pkgs; [
            intel-media-driver
          ];
          bluetooth.enable = true;
        };

        boot = {
          loader = {
            efi.canTouchEfiVariables = false;
            timeout = 10;
          };
          kernelPackages = lib.my.c.kernel.latest pkgs;
          kernelModules = [ "kvm-amd" "dm-snapshot" ];
          kernelParams = [ "amd_iommu=on" "amd_pstate=passive" ];
          kernelPatches = [
            # {
            #   # https://gitlab.freedesktop.org/drm/amd/-/issues/2354
            #   name = "drm-amd-display-fix-flickering-caused-by-S-G-mode";
            #   patch = ./0001-drm-amd-display-fix-flickering-caused-by-S-G-mode.patch;
            # }
          ];
          initrd = {
            availableKernelModules = [
              "thunderbolt" "xhci_pci" "nvme" "ahci" "usbhid" "usb_storage" "sd_mod"
              "8021q"
            ] ++ roceBootModules;
            systemd.network = {
              netdevs = mkVLAN "lan-hi" vlans.hi;
              networks = {
                "10-et100g" = {
                  matchConfig.Name = "et100g";
                  vlan = [ "lan-hi" ];
                  linkConfig.RequiredForOnline = "no";
                  networkConfig = networkd.noL3;
                };
                "20-lan-hi" = networkdAssignment "lan-hi" assignments.hi;
              };
            };
          };

          binfmt.emulatedSystems = [ "aarch64-linux" "armv7l-linux" ];
        };

        fileSystems = {
          "/nix" = {
            device = "/dev/nvmeof/nix";
            fsType = "ext4";
          };
          "/persist" = {
            device = "/dev/nvmeof/persist";
            fsType = "ext4";
            neededForBoot = true;
          };

          "/home" = {
            device = "/dev/nvmeof/home";
            fsType = "ext4";
          };
        };

        security = { };

        services = {
          hardware = {
            bolt.enable = true;
          };

          lvm = {
            boot.thin.enable = true;
            dmeventd.enable = true;
          };
          fstrim.enable = true;

          resolved = {
            enable = true;
            extraConfig = mkForce "";
            dnssec = "false";
          };

          pipewire.extraConfig.pipewire = {
            "10-buffer"."context.properties" = {
              "default.clock.quantum" = 128;
              "default.clock.max-quantum" = 128;
            };
          };
          blueman.enable = true;
        };

        programs = {
          virt-manager.enable = true;
          wireshark = {
            enable = true;
            package = pkgs.wireshark-qt;
          };
        };
        virtualisation.libvirtd.enable = true;

        networking = {
          inherit domain;
          firewall.enable = false;
        };

        environment.systemPackages = with pkgs; [
          dhcpcd
          pciutils
          usbutils
          lm_sensors
          linuxPackages.cpupower
          cifs-utils
          rpiboot
          rdma-core
          mstflint
          qperf
          ethtool
        ];

        nix = {
          gc.automatic = false;
          settings = {
            experimental-features = [ "recursive-nix" ];
            system-features = [ "nixos-test" "benchmark" "big-parallel" "kvm" "recursive-nix" ];
          };
        };

        systemd = {
          network = {
            netdevs = mkMerge [
              (mkVLAN "lan-hi" vlans.hi)
            ];
            links = {
              "10-et2.5g" = {
                matchConfig.MACAddress = "c8:7f:54:6e:17:0f";
                linkConfig.Name = "et2.5g";
              };
              "11-et10g" = {
                matchConfig.MACAddress = "c8:7f:54:6e:15:af";
                linkConfig.Name = "et10g";
              };
              "12-et100g" = {
                matchConfig.PermanentMACAddress = "24:8a:07:a8:fe:3a";
                linkConfig = {
                  Name = "et100g";
                  MTUBytes = toString lib.my.c.home.hiMTU;
                };
              };
            };
            networks = {
              "30-et100g" = {
                matchConfig.Name = "et100g";
                vlan = [ "lan-hi" ];
                networkConfig.IPv6AcceptRA = false;
              };
              "40-lan-hi" = mkMerge [
                (networkdAssignment "lan-hi" assignments.hi)
                # So we don't drop the IP we use to connect to NVMe-oF!
                { networkConfig.KeepConfiguration = "static"; }
              ];
            };
          };
        };

        my = {
          tmproot.size = "24G";

          user = {
            config.extraGroups = [ "input" ];

            tmphome = false;
            homeConfig = {
              services = { };

              home = {
                packages = with pkgs; [
                  jacktrip
                  qpwgraph
                  boardie
                ];
              };

              services = {
                blueman-applet.enable = true;
              };

              wayland.windowManager.sway = {
                config = {
                  output = {
                    HDMI-A-1 = {
                      transform = "270";
                      position = "0 0";
                      bg = "${./his-team-player.jpg} fill";
                    };
                    DP-1 = {
                      mode = "2560x1440@170Hz";
                      subpixel = "bgr";
                      position = "1440 560";
                    };
                    DP-2.position = "4000 560";
                  };
                };
              };

              my = {
                gui = {
                  standalone = true;
                  manageGraphical = true;
                };
              };
            };
          };

          #deploy.generate.system.mode = "boot";
          secrets = {
            key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMlVuTzKObeaUuPocCF41IO/8X+443lzUJLuCIclt2vr";
          };
          netboot.client = {
            enable = true;
          };
          nvme = {
            uuid = "2230b066-a674-4f45-a1dc-f7727b3a9e7b";
            boot = {
              nqn = "nqn.2016-06.io.spdk:castle";
              address = "192.168.68.80";
            };
          };

          firewall = {
            enable = false;
          };

          gui.enable = true;
        };
      };
  };
}
nixos: Add initial palace 2023-12-03 22:58:28 +00:00			`{ lib, ... }:`
			`let`
			`inherit (lib.my) net;`
nixos: Working castle NVMe-oF root 2024-06-30 03:59:46 +01:00			`inherit (lib.my.c) networkd;`
			`inherit (lib.my.c.home) domain vlans prefixes vips roceBootModules;`
nixos: Add initial palace 2023-12-03 22:58:28 +00:00			`in`
			`{`
nixos/castle: Initial config 2023-04-23 19:13:54 +01:00			`nixos.systems.castle = {`
			`system = "x86_64-linux";`
			`nixpkgs = "mine";`
			`home-manager = "mine";`

nixos: Add initial palace 2023-12-03 22:58:28 +00:00			`assignments = {`
			`hi = {`
			`inherit domain;`
			`ipv4 = {`
			`address = net.cidr.host 40 prefixes.hi.v4;`
			`mask = 22;`
nixos: Working castle NVMe-oF root 2024-06-30 03:59:46 +01:00			`gateway = vips.hi.v4;`
nixos: Add initial palace 2023-12-03 22:58:28 +00:00			`};`
nixos/home/routing-common: Working IPv6 router 2023-12-16 15:59:33 +00:00			`ipv6 = {`
			`iid = "::3:1";`
			`address = net.cidr.host (65536*3+1) prefixes.hi.v6;`
			`};`
nixos: Add initial palace 2023-12-03 22:58:28 +00:00			`};`
			`};`

nixos/castle: Initial config 2023-04-23 19:13:54 +01:00			`configuration = { lib, pkgs, modulesPath, config, systems, assignments, allAssignments, ... }:`
			`let`
			`inherit (lib) mkIf mkMerge mkForce;`
nixos: Add initial palace 2023-12-03 22:58:28 +00:00			`inherit (lib.my) mkVLAN networkdAssignment;`
nixos/castle: Initial config 2023-04-23 19:13:54 +01:00			`in`
			`{`
			`hardware = {`
			`enableRedistributableFirmware = true;`
			`cpu = {`
			`amd.updateMicrocode = true;`
			`};`
			`opengl.extraPackages = with pkgs; [`
			`intel-media-driver`
			`];`
			`bluetooth.enable = true;`
			`};`

			`boot = {`
			`loader = {`
			`efi.canTouchEfiVariables = false;`
			`timeout = 10;`
			`};`
Upgrade nixpkgs and NixOS stable to 23.11 2023-12-03 15:06:11 +00:00			`kernelPackages = lib.my.c.kernel.latest pkgs;`
nixos: Working castle NVMe-oF root 2024-06-30 03:59:46 +01:00			`kernelModules = [ "kvm-amd" "dm-snapshot" ];`
nixos/castle: Enable AMD pstate driver 2023-04-23 20:22:53 +01:00			`kernelParams = [ "amd_iommu=on" "amd_pstate=passive" ];`
nixos/castle: Add possibly needed amdgpu patch 2023-04-23 20:22:31 +01:00			`kernelPatches = [`
			`# {`
			`# # https://gitlab.freedesktop.org/drm/amd/-/issues/2354`
			`# name = "drm-amd-display-fix-flickering-caused-by-S-G-mode";`
			`# patch = ./0001-drm-amd-display-fix-flickering-caused-by-S-G-mode.patch;`
			`# }`
			`];`
nixos/castle: Initial config 2023-04-23 19:13:54 +01:00			`initrd = {`
nixos: Working castle NVMe-oF root 2024-06-30 03:59:46 +01:00			`availableKernelModules = [`
			`"thunderbolt" "xhci_pci" "nvme" "ahci" "usbhid" "usb_storage" "sd_mod"`
			`"8021q"`
			`] ++ roceBootModules;`
			`systemd.network = {`
			`netdevs = mkVLAN "lan-hi" vlans.hi;`
			`networks = {`
			`"10-et100g" = {`
			`matchConfig.Name = "et100g";`
			`vlan = [ "lan-hi" ];`
			`linkConfig.RequiredForOnline = "no";`
			`networkConfig = networkd.noL3;`
			`};`
			`"20-lan-hi" = networkdAssignment "lan-hi" assignments.hi;`
			`};`
			`};`
nixos/castle: Initial config 2023-04-23 19:13:54 +01:00			`};`
nixos/castle: Emulate ARM 2024-08-17 12:39:36 +01:00
			`binfmt.emulatedSystems = [ "aarch64-linux" "armv7l-linux" ];`
nixos/castle: Initial config 2023-04-23 19:13:54 +01:00			`};`

			`fileSystems = {`
			`"/nix" = {`
nixos: Working castle NVMe-oF root 2024-06-30 03:59:46 +01:00			`device = "/dev/nvmeof/nix";`
nixos/castle: Initial config 2023-04-23 19:13:54 +01:00			`fsType = "ext4";`
			`};`
			`"/persist" = {`
nixos: Working castle NVMe-oF root 2024-06-30 03:59:46 +01:00			`device = "/dev/nvmeof/persist";`
nixos/castle: Initial config 2023-04-23 19:13:54 +01:00			`fsType = "ext4";`
			`neededForBoot = true;`
			`};`
nixos: Working castle NVMe-oF root 2024-06-30 03:59:46 +01:00
nixos/castle: Initial config 2023-04-23 19:13:54 +01:00			`"/home" = {`
nixos: Working castle NVMe-oF root 2024-06-30 03:59:46 +01:00			`device = "/dev/nvmeof/home";`
nixos/castle: Initial config 2023-04-23 19:13:54 +01:00			`fsType = "ext4";`
			`};`
			`};`

			`security = { };`

			`services = {`
			`hardware = {`
			`bolt.enable = true;`
			`};`

			`lvm = {`
			`boot.thin.enable = true;`
			`dmeventd.enable = true;`
			`};`
			`fstrim.enable = true;`

			`resolved = {`
			`enable = true;`
			`extraConfig = mkForce "";`
			`dnssec = "false";`
			`};`

Fix API changes from updates 2024-03-18 20:23:52 +00:00			`pipewire.extraConfig.pipewire = {`
nixos/castle: Fix PipeWire latency config 2024-05-11 16:10:15 +01:00			`"10-buffer"."context.properties" = {`
Fix API changes from updates 2024-03-18 20:23:52 +00:00			`"default.clock.quantum" = 128;`
			`"default.clock.max-quantum" = 128;`
			`};`
			`};`
nixos/castle: Initial config 2023-04-23 19:13:54 +01:00			`blueman.enable = true;`
			`};`

nixos/routing-common: Working DHCP 2023-12-16 18:50:51 +00:00			`programs = {`
			`virt-manager.enable = true;`
			`wireshark = {`
			`enable = true;`
			`package = pkgs.wireshark-qt;`
			`};`
			`};`
nixos/castle: Add libvirt 2023-12-05 23:27:16 +00:00			`virtualisation.libvirtd.enable = true;`

nixos/castle: Initial config 2023-04-23 19:13:54 +01:00			`networking = {`
nixos: Working castle NVMe-oF root 2024-06-30 03:59:46 +01:00			`inherit domain;`
nixos/castle: Fix pipewire config for jacktrip 2023-04-23 23:08:42 +01:00			`firewall.enable = false;`
nixos/castle: Initial config 2023-04-23 19:13:54 +01:00			`};`

			`environment.systemPackages = with pkgs; [`
			`dhcpcd`
			`pciutils`
			`usbutils`
			`lm_sensors`
			`linuxPackages.cpupower`
nixos/castle: Add cifs-utils 2023-08-06 14:50:12 +01:00			`cifs-utils`
nixos/castle: Add some extra packages 2023-10-31 16:16:24 +00:00			`rpiboot`
			`rdma-core`
			`mstflint`
			`qperf`
			`ethtool`
nixos/castle: Initial config 2023-04-23 19:13:54 +01:00			`];`

			`nix = {`
			`gc.automatic = false;`
nixos/castle: Add `recursive-nix` feature 2024-09-01 14:03:05 +01:00			`settings = {`
			`experimental-features = [ "recursive-nix" ];`
			`system-features = [ "nixos-test" "benchmark" "big-parallel" "kvm" "recursive-nix" ];`
			`};`
nixos/castle: Initial config 2023-04-23 19:13:54 +01:00			`};`

			`systemd = {`
			`network = {`
nixos: Add initial palace 2023-12-03 22:58:28 +00:00			`netdevs = mkMerge [`
			`(mkVLAN "lan-hi" vlans.hi)`
			`];`
nixos/castle: Initial config 2023-04-23 19:13:54 +01:00			`links = {`
			`"10-et2.5g" = {`
			`matchConfig.MACAddress = "c8:7f:54:6e:17:0f";`
			`linkConfig.Name = "et2.5g";`
			`};`
			`"11-et10g" = {`
			`matchConfig.MACAddress = "c8:7f:54:6e:15:af";`
			`linkConfig.Name = "et10g";`
			`};`
			`"12-et100g" = {`
nixos: Add initial palace 2023-12-03 22:58:28 +00:00			`matchConfig.PermanentMACAddress = "24:8a:07:a8:fe:3a";`
			`linkConfig = {`
			`Name = "et100g";`
nixos: Working castle NVMe-oF root 2024-06-30 03:59:46 +01:00			`MTUBytes = toString lib.my.c.home.hiMTU;`
nixos: Add initial palace 2023-12-03 22:58:28 +00:00			`};`
nixos/castle: Initial config 2023-04-23 19:13:54 +01:00			`};`
			`};`
			`networks = {`
nixos: Working castle NVMe-oF root 2024-06-30 03:59:46 +01:00			`"30-et100g" = {`
nixos: Add initial palace 2023-12-03 22:58:28 +00:00			`matchConfig.Name = "et100g";`
nixos/routing-common: Working DHCP 2023-12-16 18:50:51 +00:00			`vlan = [ "lan-hi" ];`
nixos: Add initial palace 2023-12-03 22:58:28 +00:00			`networkConfig.IPv6AcceptRA = false;`
			`};`
nixos: Working castle NVMe-oF root 2024-06-30 03:59:46 +01:00			`"40-lan-hi" = mkMerge [`
nixos: Add initial palace 2023-12-03 22:58:28 +00:00			`(networkdAssignment "lan-hi" assignments.hi)`
nixos: Working castle NVMe-oF root 2024-06-30 03:59:46 +01:00			`# So we don't drop the IP we use to connect to NVMe-oF!`
			`{ networkConfig.KeepConfiguration = "static"; }`
nixos: Add initial palace 2023-12-03 22:58:28 +00:00			`];`
nixos/castle: Initial config 2023-04-23 19:13:54 +01:00			`};`
			`};`
			`};`

			`my = {`
nixos/castle: Add possibly needed amdgpu patch 2023-04-23 20:22:31 +01:00			`tmproot.size = "24G";`
nixos/castle: Initial config 2023-04-23 19:13:54 +01:00
			`user = {`
nixos/castle: Add boardie 2023-04-23 23:44:55 +01:00			`config.extraGroups = [ "input" ];`

nixos/castle: Initial config 2023-04-23 19:13:54 +01:00			`tmphome = false;`
			`homeConfig = {`
			`services = { };`

			`home = {`
nixos/castle: Fix pipewire config for jacktrip 2023-04-23 23:08:42 +01:00			`packages = with pkgs; [`
			`jacktrip`
			`qpwgraph`
nixos/castle: Re-add boardie 2024-06-18 23:29:48 +01:00			`boardie`
nixos/castle: Fix pipewire config for jacktrip 2023-04-23 23:08:42 +01:00			`];`
nixos/castle: Initial config 2023-04-23 19:13:54 +01:00			`};`

			`services = {`
			`blueman-applet.enable = true;`
			`};`

			`wayland.windowManager.sway = {`
			`config = {`
nixos/castle: Add correct display layout 2023-04-23 19:54:31 +01:00			`output = {`
			`HDMI-A-1 = {`
			`transform = "270";`
			`position = "0 0";`
nixos/castle: Add left monitor wallpaper 2024-07-02 22:22:10 +01:00			`bg = "${./his-team-player.jpg} fill";`
nixos/castle: Add correct display layout 2023-04-23 19:54:31 +01:00			`};`
			`DP-1 = {`
			`mode = "2560x1440@170Hz";`
			`subpixel = "bgr";`
			`position = "1440 560";`
			`};`
			`DP-2.position = "4000 560";`
			`};`
nixos/castle: Initial config 2023-04-23 19:13:54 +01:00			`};`
			`};`

			`my = {`
Various GUI fixes 2023-08-27 20:04:53 +01:00			`gui = {`
			`standalone = true;`
			`manageGraphical = true;`
			`};`
nixos/castle: Initial config 2023-04-23 19:13:54 +01:00			`};`
			`};`
			`};`

			`#deploy.generate.system.mode = "boot";`
			`secrets = {`
			`key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMlVuTzKObeaUuPocCF41IO/8X+443lzUJLuCIclt2vr";`
			`};`
nixos: Working castle NVMe-oF root 2024-06-30 03:59:46 +01:00			`netboot.client = {`
			`enable = true;`
			`};`
			`nvme = {`
			`uuid = "2230b066-a674-4f45-a1dc-f7727b3a9e7b";`
			`boot = {`
			`nqn = "nqn.2016-06.io.spdk:castle";`
			`address = "192.168.68.80";`
			`};`
			`};`
nixos/castle: Initial config 2023-04-23 19:13:54 +01:00
			`firewall = {`
			`enable = false;`
			`};`

			`gui.enable = true;`
			`};`
			`};`
			`};`
			`}`