WIP: hyper: Init

machines/default.nix

@@ -76,4 +76,9 @@ in
 
     targetHost = "yuzuru.sbruder.de";
   };
+  hyper = {
+    system = "x86_64-linux";
+
+    targetHost = "hyper.lan.shinonome-lab.de";
+  };
 }

machines/hyper/README.md

@@ -0,0 +1,39 @@
+<!--
+SPDX-FileCopyrightText: 2020-2024 Simon Bruder <simon@sbruder.de>
+
+SPDX-License-Identifier: CC-BY-SA-4.0
+-->
+
+# hitagi
+
+## Hardware
+
+Custom build in a be quiet! Pure Base 500
+with the front panel changed to a Pure Base 500DX’s (for better airflow).
+
+ * Motherboard: GIGABYTE B550 AORUS ELITE V2 (rev 1.0)
+ * CPU: AMD Ryzen 7 5800X
+ * RAM:
+   2×16 GB G.Skill Aegis F4-3200C16-16GIS
+   \+ 2×32 GB G.Skill Ripjaws V F4-3200C16-32GVK
+   (both DDR4 3200 MHz CL16-18-18-38)
+ * PSU: be quiet! System Power 10 750W
+ * SSD: 1TB Samsung 980 Pro NVMe
+ * GPU: Intel Arc A770 Limited Edition (16GB VRAM)
+ * Case fans: 2 be quiet! Pure Wings 2 140 mm (included in case), 3 more with PWM
+ * CPU Cooler: Noctua NH-U12S with an additional NF-F12 PWM
+
+This replaces sayuri,
+which features an enterprise HP firmware without fan control,
+an ancient Intel platform that is only usable in YOLO mode (`mitigations=off`)
+and proprietary case, motherboard and power supply.
+
+## Purpose
+
+Tasks that require large amounts of CPU power,
+a high amount of GPU power
+or have to run while I do other things (on my laptop).
+
+## Name
+
+Senjougahara Hitagi is a student from the *Monogatari Series*.

machines/hyper/configuration.nix

@@ -0,0 +1,29 @@
+# SPDX-FileCopyrightText: 2020-2024 Simon Bruder <simon@sbruder.de>
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+{ pkgs, ... }:
+
+{
+  imports = [
+    ./hardware-configuration.nix
+    ./network.nix
+    ../../modules
+  ];
+
+  networking.hostName = "hyper";
+
+  system.stateVersion = "23.11";
+
+  virtualisation.libvirtd = {
+    enable = true;
+    qemu = {
+      package = pkgs.qemu_kvm;
+      ovmf.enable = true;
+    };
+  };
+
+  environment.systemPackages = with pkgs; [
+    virtiofsd
+  ];
+}

machines/hyper/hardware-configuration.nix

@@ -0,0 +1,62 @@
+# SPDX-FileCopyrightText: 2020-2024 Simon Bruder <simon@sbruder.de>
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+{ config, lib, modulesPath, pkgs, ... }:
+
+{
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];
+
+  boot = {
+    # fan control configuration from https://gist.github.com/bakman2/e801f342aaa7cade62d7bd54fd3eabd8
+    kernelModules = [ "kvm-amd" "it87" ];
+    kernelParams = [
+      "acpi_enforce_resources=lax" # allow it87 to load
+      "ip=dhcp"
+      "iommu=pt"
+      "default_hugepagesz=1G"
+      "hugepagesz=1G"
+      "hugepages=90"
+    ];
+    extraModulePackages = with config.boot.kernelPackages; [ it87 ];
+    extraModprobeConfig = ''
+      options it87 force_id=0x8688
+      options vfio-pci ids=8086:56a0,8086:4f90
+      softdep drm pre: vfio-pci
+      options kvm-amd nested=0 avic=1 npt=1
+    '';
+    loader = {
+      grub.enable = false;
+      systemd-boot.enable = true;
+      efi.canTouchEfiVariables = true;
+    };
+    initrd = {
+      availableKernelModules = [ "aesni_intel" "ahci" "ehci_pci" "nvme" "r8169" "sd_mod" "sr_mod" "usb_storage" "usbhid" "xhci_pci" ];
+      kernelModules = [ "dm-snapshot" ];
+      network.enable = true; # remote unlocking
+      luks.devices = {
+        root = {
+          name = "root";
+          device = "/dev/disk/by-uuid/63d366bd-5453-46b5-89d5-a61cbb828102";
+          preLVM = true;
+          allowDiscards = true;
+        };
+      };
+    };
+  };
+
+  fileSystems = {
+    "/" = {
+      device = "/dev/disk/by-uuid/53f4e762-39fa-41a6-8b78-4999d38e6e88";
+      fsType = "btrfs";
+      options = [ "discard=async" "noatime" "compress=zstd" ];
+    };
+
+    "/boot" = {
+      device = "/dev/disk/by-uuid/403C-02C1";
+      fsType = "vfat";
+    };
+  };
+}

machines/hyper/network.nix

@@ -0,0 +1,83 @@
+# SPDX-FileCopyrightText: 2020-2024 Simon Bruder <simon@sbruder.de>
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+{ lib, ... }:
+let
+  vlans = {
+    lan = 10;
+    guest = 30;
+  };
+  dhcpVlans = [ "lan" ];
+in
+{
+  networking.useDHCP = false;
+
+  systemd.network = {
+    enable = true;
+    wait-online.extraArgs = [ "--any" ];
+    netdevs =
+      let
+        vlanNetdevs = (lib.mapAttrs
+          (Name: Id: {
+            netdevConfig = {
+              inherit Name;
+              Kind = "vlan";
+            };
+            vlanConfig = {
+              inherit Id;
+            };
+          })
+          vlans);
+        bridgeNetdevs = (lib.mapAttrs'
+          (name: _: lib.nameValuePair "br-${name}" {
+            netdevConfig = {
+              Name = "br-${name}";
+              Kind = "bridge";
+            };
+          })
+          vlans);
+      in
+      lib.mkMerge [ vlanNetdevs bridgeNetdevs ];
+    networks =
+      let
+        vlanNetworks = (lib.mapAttrs
+          (name: _: {
+            inherit name;
+            matchConfig = {
+              Type = "vlan";
+            };
+            bridge = lib.singleton "br-${name}";
+          })
+          vlans);
+        bridgeNetworks = (lib.mapAttrs'
+          (name: _: lib.nameValuePair "br-${name}"
+            ({
+              name = "br-${name}";
+            } // lib.optionalAttrs (lib.elem name dhcpVlans) {
+              DHCP = "ipv4";
+              networkConfig = {
+                IPv6AcceptRA = "yes";
+              };
+            }))
+          vlans);
+      in
+      lib.mkMerge [
+        {
+          physical-lan = {
+            name = "eno1";
+            vlan = [ "lan" "guest" ];
+            networkConfig = {
+              LinkLocalAddressing = "no";
+              LLDP = "no";
+              EmitLLDP = "no";
+              IPv6AcceptRA = "no";
+              IPv6SendRA = "no";
+            };
+          };
+        }
+        vlanNetworks
+        bridgeNetworks
+      ];
+  };
+}