harware/graphics: add nvidia and rename to gpu

README.md

@@ -121,11 +121,10 @@ used flakes:
 
         ```bash
         nix run github:nix-community/nixos-anywhere -- \
-            --disko-mode disko \
             --disk-encryption-keys /tmp/disk.key /tmp/disk.key \
             --extra-files "$temp" \
             --flake .#<flake> \
-            root@<host>
+            --target-host root@<host>
         ```
 
 ## Inspired by

flake.lock

@@ -41,11 +41,11 @@
         "nixpkgs-lib": "nixpkgs-lib"
       },
       "locked": {
-        "lastModified": 1772408722,
+        "lastModified": 1775087534,
-        "narHash": "sha256-rHuJtdcOjK7rAHpHphUb1iCvgkU3GpfvicLMwwnfMT0=",
+        "narHash": "sha256-91qqW8lhL7TLwgQWijoGBbiD4t7/q75KTi8NxjVmSmA=",
         "owner": "hercules-ci",
         "repo": "flake-parts",
-        "rev": "f20dc5d9b8027381c474144ecabc9034d6a839a3",
+        "rev": "3107b77cd68437b9a76194f0f7f9c55f2329ca5b",
         "type": "github"
       },
       "original": {
@@ -114,11 +114,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1774104215,
+        "lastModified": 1775585728,
-        "narHash": "sha256-EAtviqz0sEAxdHS4crqu7JGR5oI3BwaqG0mw7CmXkO8=",
+        "narHash": "sha256-8Psjt+TWvE4thRKktJsXfR6PA/fWWsZ04DVaY6PUhr4=",
         "owner": "cachix",
         "repo": "git-hooks.nix",
-        "rev": "f799ae951fde0627157f40aec28dec27b22076d0",
+        "rev": "580633fa3fe5fc0379905986543fd7495481913d",
         "type": "github"
       },
       "original": {
@@ -222,26 +222,27 @@
     },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1774567711,
+        "lastModified": 1775232991,
-        "narHash": "sha256-uVlOHBvt6Vc/iYNJXLPa4c3cLXwMllOCVfAaLAcphIo=",
+        "narHash": "sha256-QkmL6kwmQXBN24FVOZSfFkNpUgu8jHfdYPoA2H8sA7k=",
-        "owner": "NixOS",
+        "owner": "Stunkymonkey",
         "repo": "nixos-hardware",
-        "rev": "3f6f874dfc34d386d10e434c48ad966c4832243e",
+        "rev": "d6ee262f8d4db0815b08c76714becc09af11f962",
         "type": "github"
       },
       "original": {
-        "owner": "NixOS",
+        "owner": "Stunkymonkey",
+        "ref": "dell-precision-5820",
         "repo": "nixos-hardware",
         "type": "github"
       }
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1774388614,
+        "lastModified": 1775811116,
-        "narHash": "sha256-tFwzTI0DdDzovdE9+Ras6CUss0yn8P9XV4Ja6RjA+nU=",
+        "narHash": "sha256-t+HZK42pB6N+i5RGbuy7Xluez/VvWbembBdvzsc23Ss=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "1073dad219cb244572b74da2b20c7fe39cb3fa9e",
+        "rev": "54170c54449ea4d6725efd30d719c5e505f1c10e",
         "type": "github"
       },
       "original": {
@@ -252,11 +253,11 @@
     },
     "nixpkgs-lib": {
       "locked": {
-        "lastModified": 1772328832,
+        "lastModified": 1774748309,
-        "narHash": "sha256-e+/T/pmEkLP6BHhYjx6GmwP5ivonQQn0bJdH9YrRB+Q=",
+        "narHash": "sha256-+U7gF3qxzwD5TZuANzZPeJTZRHS29OFQgkQ2kiTJBIQ=",
         "owner": "nix-community",
         "repo": "nixpkgs.lib",
-        "rev": "c185c7a5e5dd8f9add5b2f8ebeff00888b070742",
+        "rev": "333c4e0545a6da976206c74db8773a1645b5870a",
         "type": "github"
       },
       "original": {
@@ -297,11 +298,11 @@
     },
     "nixpkgs-unstable": {
       "locked": {
-        "lastModified": 1774386573,
+        "lastModified": 1775710090,
-        "narHash": "sha256-4hAV26quOxdC6iyG7kYaZcM3VOskcPUrdCQd/nx8obc=",
+        "narHash": "sha256-ar3rofg+awPB8QXDaFJhJ2jJhu+KqN/PRCXeyuXR76E=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "46db2e09e1d3f113a13c0d7b81e2f221c63b8ce9",
+        "rev": "4c1018dae018162ec878d42fec712642d214fdfa",
         "type": "github"
       },
       "original": {
@@ -354,11 +355,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1774303811,
+        "lastModified": 1775971308,
-        "narHash": "sha256-fhG4JAcLgjKwt+XHbjs8brpWnyKUfU4LikLm3s0Q/ic=",
+        "narHash": "sha256-VKp9bhVSm0bT6JWctFy06ocqxGGnWHi1NfoE90IgIcY=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "614e256310e0a4f8a9ccae3fa80c11844fba7042",
+        "rev": "31ac5fe5d015f76b54058c69fcaebb66a55871a4",
         "type": "github"
       },
       "original": {

flake.nix

@@ -11,7 +11,8 @@
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
-    nixos-hardware.url = "github:NixOS/nixos-hardware";
+    # nixos-hardware.url = "github:NixOS/nixos-hardware";
+    nixos-hardware.url = "github:Stunkymonkey/nixos-hardware/dell-precision-5820";
 
     nixinate = {
       url = "github:matthewcroughan/nixinate";

machines/.sops.yaml

@@ -5,6 +5,7 @@ keys:
   - &workman age1f2e644jteyeppfaatajtvjmsupl0e7nzx97ded6m0cgzw04l84ks5xl9l2
   - &thinkman age1spt854cdscqs757a8kazth52rv4p9udh54suw9lpzlqg5savyapq2u0c03
   - &serverle age14nt7qcsrye0vrpk0xcgcfmhkxwwumna39fpn83g3x0zml62skatqpnmhk4
+  - &playman age15d6y9s30t6ggdec4aqycxr4lht98rz77w5rvpnplf3fnqcgyau2qgcwh3g
   - &newton age1s9spl75rwhgm3cvvqsr9rze5m0kuxqes2tsxjmq07xg5ycn5j47s2m0dlu
 creation_rules:
   - path_regex: workman/secrets.yaml$
@@ -27,3 +28,8 @@ creation_rules:
       - age:
           - *admin_felix
           - *serverle
+  - path_regex: playman/secrets.yaml$
+    key_groups:
+      - age:
+          - *admin_felix
+          - *playman

machines/configurations.nix

@@ -82,5 +82,12 @@ in
         ./serverle/configuration.nix
       ];
     };
+    playman = nixosSystem {
+      system = "x86_64-linux";
+      modules = defaultModules ++ [
+        nixos-hardware.nixosModules.dell-precision-5820
+        ./playman/configuration.nix
+      ];
+    };
   };
 }

machines/playman/boot.nix

@@ -0,0 +1,17 @@
+_: {
+  boot = {
+    loader = {
+      timeout = 0;
+      systemd-boot = {
+        enable = true;
+        configurationLimit = 10;
+        editor = true;
+      };
+      efi.canTouchEfiVariables = true;
+    };
+    initrd = {
+      systemd.enable = true; # for a nice password prompt
+      verbose = false;
+    };
+  };
+}

machines/playman/configuration.nix

@@ -0,0 +1,29 @@
+{ ... }:
+{
+  imports = [
+    ./boot.nix
+    ./disko-config.nix
+    ./hardware-configuration.nix
+    ./network.nix
+    ./nixinate.nix
+    ./profiles.nix
+    ./services.nix
+    ./system.nix
+  ];
+
+  networking.hostName = "playman";
+
+  sops = {
+    defaultSopsFile = ./secrets.yaml;
+    age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
+    gnupg.sshKeyPaths = [ ];
+  };
+
+  # needed for cross-compilation
+  boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
+
+  system = {
+    stateVersion = "25.11";
+    autoUpgrade.enable = true;
+  };
+}

machines/playman/disko-config.nix

@@ -0,0 +1,72 @@
+{
+  disko.devices = {
+    disk = {
+      vdb = {
+        type = "disk";
+        device = "/dev/disk/by-id/nvme-eui.ace42e817028d9c6";
+        content = {
+          type = "gpt";
+          partitions = {
+            boot = {
+              size = "1M";
+              type = "EF02"; # for grub MBR
+            };
+            ESP = {
+              size = "512M";
+              type = "EF00";
+              content = {
+                type = "filesystem";
+                format = "vfat";
+                mountpoint = "/boot";
+                mountOptions = [ "defaults" ];
+              };
+            };
+            luks = {
+              size = "100%";
+              content = {
+                type = "luks";
+                name = "encrypted";
+                settings.allowDiscards = true;
+                passwordFile = "/tmp/disk.key";
+                content = {
+                  type = "lvm_pv";
+                  vg = "pool";
+                };
+              };
+            };
+          };
+        };
+      };
+    };
+    lvm_vg = {
+      pool = {
+        type = "lvm_vg";
+        lvs = {
+          root = {
+            size = "100G";
+            content = {
+              type = "filesystem";
+              format = "ext4";
+              mountpoint = "/";
+            };
+          };
+          home = {
+            size = "500G";
+            content = {
+              type = "filesystem";
+              format = "ext4";
+              mountpoint = "/home";
+            };
+          };
+          swap = {
+            size = "32GB";
+            content = {
+              type = "swap";
+              resumeDevice = true;
+            };
+          };
+        };
+      };
+    };
+  };
+}

machines/playman/hardware-configuration.nix

@@ -0,0 +1,26 @@
+{
+  pkgs,
+  ...
+}:
+{
+  boot.kernelPackages = pkgs.linuxPackages_latest;
+
+  my.hardware = {
+    bluetooth.enable = true;
+    debug.enable = true;
+    drive-monitor = {
+      enable = true;
+      OnFailureMail = "server@buehler.rocks";
+    };
+    firmware = {
+      enable = true;
+      cpuFlavor = "intel";
+    };
+    graphics = {
+      enable = true;
+      gpuFlavor = "nvidia";
+    };
+    keychron.enable = true;
+    yubikey.enable = true;
+  };
+}

machines/playman/network.nix

@@ -0,0 +1,6 @@
+_: {
+  networking = {
+    domain = "buehler.rocks";
+    search = [ "buehler.rocks" ];
+  };
+}

machines/playman/nixinate.nix

@@ -0,0 +1,8 @@
+_: {
+  _module.args.nixinate = {
+    host = "playman.local";
+    sshUser = "felix";
+    buildOn = "remote";
+    substituteOnTarget = true;
+  };
+}

machines/playman/profiles.nix

@@ -0,0 +1,11 @@
+# enabled profiles
+_: {
+  my.profiles = {
+    clean.enable = true;
+    development.enable = true;
+    gaming.enable = true;
+    nix.enable = true;
+    sync.enable = true;
+    update.enable = true;
+  };
+}

machines/playman/secrets.yaml

@@ -0,0 +1,30 @@
+users:
+    felix:
+        password: ENC[AES256_GCM,data:MHiZkTDna6nz6JhCst0uQA7MKDLtXzIqZuJEYHPgC6dRmGckYBUR0mXqh+5lLlCOeqtGbyBFKQ7tv7hpgIOX2lVyX4V99IICzw==,iv:p9ZtVpL2u64iEQuo3TF+5kFaWLd0wHT16lT4Wx8QLyo=,tag:o9g2wKQfNQyv3078tL58Nw==,type:str]
+borgbackup:
+    password: ENC[AES256_GCM,data:bWZUeX09dxLjiHVsymKi3zArtxW4aEkVU/eLa3RbdvI=,iv:sRxy7Y0EggxXf6tGQZJdVfggcBbQD+1w2hvJgQCyr3Y=,tag:Up/opwQwl8+t1Yt26012GQ==,type:str]
+    ssh_key: ENC[AES256_GCM,data:k5gDazMB8sVwJANws8nORGvM8baxwx+kniFIlc50WaJplerbsk1ZspxRes5vnMeEM0UBawtBkHUXpcXVo5KXU/hXd1sDHQe3CFBhKjSFwls3b9LSmt81mBYjrlPeHMah5/PHOz5RDj5skpZ7rd5AzVOfu+aB4qUogl/gAP9aEMdtuIBx/uKXba3ER5590vLpd1Q4sxAuiWnkXi02rgW6Pzyx9RqcUU9KWLQuhfnyeEZ+PPjR4NHPJBr4TkUJ3DR2UziCtlOH1H0kKeDIj/pWqXKx8C5p7RRRkPxZ/qLmDqMtt3Cjs7MlDFUijvfnDSieKoa3JIZw9Kb9AlomkgfqrCOUEaNCBZEq/ovAj7SXm13t50SFGZfTRVul3AcToRxauzhrKXvoUbvKu0Qd4zSOPIXU4tnxodCrWraEbAXKJ+uqKH6N2RA8vxnT06Yqv9SY75hDbPIDvK/44+YWrQU5hNWYKZ+Afnadps2+huqNLbiih+/0AzTAAhtqUYsuQS+1ybTT5fsoakMssRf+wyi8,iv:vGaEIaeQGGOgLMu9oZwr/+N1/IzPPuOElMXczEZkwSw=,tag:VKzmy3Zy1C+VUgqAkscGfg==,type:str]
+sops:
+    age:
+        - recipient: age1hf8m9upp00dr7qv2kmqdr50fpvd9ejzkfu8yknqnuda2aas2tvrs4l3u7m
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFblpKaTJIVTlVMHRjemZX
+            VWhmbU1vTzlxRDNQM1N3Y2tHb3ZZdUwvSFdFCnc4cTkyaWtxTEhEbUpXd0d3bnFJ
+            QkdaRHRvK2ZqazZGdGFoZFJwTUVCOUkKLS0tIGc4SUtZeGg3QXhwcW9NVk4zMVVo
+            andwd2Eydk5oRzBRTlNwdzFVQ1QwYmsK7Rn/P4JCjajb0seyzFRcnIxsz2WgkbYf
+            wF7wsXoBZrwGPu2otrn2G/4IYrXYn5Gf2K/sjKVo/PtsnHLRWEWgBw==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age15d6y9s30t6ggdec4aqycxr4lht98rz77w5rvpnplf3fnqcgyau2qgcwh3g
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4KzgwZzIrbVFFWE1OWWsr
+            ZElTQjhLOWgzZGRXcnV0dnpYejFhVWRXREhRCkxjU2NNQmdLQzY2Wm4yZjlSWWRu
+            OEpmcXcvblh1N0Exck1mMmRLZmd6VHcKLS0tIE5hUGV1eTRYUk51RXY3R2Q0ckVn
+            aHlUbExuSDlQZWN6TlEzdjAyNTBiaUUKM2w9fi0MJa4ujpkcrtyQqmjOYaTsbdBJ
+            wBDbuJ1EazT47T4g9ycilbFS6LvugfJxfrzN0mW3XEuiWkrsYIIsPw==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2026-04-03T15:10:27Z"
+    mac: ENC[AES256_GCM,data:p3Ke6ZCuuBYOzrcLGtnC4Kk8Y8S+EM8WlyT0hNFyoA/Ds6aI+FtOuNKfZN4Znh2KbLZBOaz6UJ+jDaMrfaRPJY13HlklysuSGari9Y7YdxdkcMvfl/nlGfhE7A0Wgm/m7LF2N33BAd2NrPKpPF2Omu8moIMcQ+xy5GKzVb/hiHU=,iv:3Tq29JZkVmh0/L01+mlmW/5N1bXOecElsMwg+m9Kpq0=,tag:S0m79vu0ywsaj/t+mtLfQw==,type:str]
+    unencrypted_suffix: _unencrypted
+    version: 3.12.1

machines/playman/services.nix

@@ -0,0 +1,34 @@
+# Deployed services
+{ config, ... }:
+let
+  inherit (config.sops) secrets;
+in
+{
+  sops.secrets = {
+    "borgbackup/password" = { };
+    "borgbackup/ssh_key" = { };
+  };
+
+  # List services that you want to enable:
+  my.services = {
+    backup = {
+      enable = true;
+      OnFailureMail = "server@buehler.rocks";
+      passwordFile = secrets."borgbackup/password".path;
+      sshKeyFile = secrets."borgbackup/ssh_key".path;
+      paths = [ "/" ];
+    };
+    # remote build
+    remote-build.enable = true;
+
+    ssh-server = {
+      enable = true;
+    };
+    initrd-ssh = {
+      enable = true;
+    };
+    vpn = {
+      enable = true;
+    };
+  };
+}

machines/playman/system.nix

@@ -0,0 +1,7 @@
+# enabled system services
+_: {
+  my.system = {
+    avahi.enable = true;
+    podman.enable = true;
+  };
+}

machines/thinkman/hardware-configuration.nix

@@ -1,8 +1,4 @@
-_:
+_: {
-let
-  cpuFlavor = "intel";
-in
-{
   # video driver
   boot.initrd.kernelModules = [ "i915" ];
 
@@ -20,11 +16,11 @@ in
     drive-monitor.enable = true;
     firmware = {
       enable = true;
-      inherit cpuFlavor;
+      cpuFlavor = "intel";
     };
     graphics = {
       enable = true;
-      inherit cpuFlavor;
+      gpuFlavor = "intel";
     };
     id-card.enable = true;
     keychron.enable = true;

machines/workman/hardware-configuration.nix

@@ -2,9 +2,6 @@
   pkgs,
   ...
 }:
-let
-  cpuFlavor = "amd";
-in
 {
   boot.kernelPackages = pkgs.linuxPackages_latest;
 
@@ -30,11 +27,11 @@ in
     drive-monitor.enable = true;
     firmware = {
       enable = true;
-      inherit cpuFlavor;
+      cpuFlavor = "amd";
     };
     graphics = {
       enable = true;
-      inherit cpuFlavor;
+      gpuFlavor = "amd";
     };
     id-card.enable = true;
     keychron.enable = true;

modules/hardware/graphics/default.nix

@@ -10,11 +10,12 @@ in
 {
   options.my.hardware.graphics = {
     enable = lib.mkEnableOption "graphics configuration";
-    cpuFlavor = lib.mkOption {
+    gpuFlavor = lib.mkOption {
       type = lib.types.nullOr (
         lib.types.enum [
           "amd"
           "intel"
+          "nvidia"
         ]
       );
       default = null;
@@ -29,7 +30,7 @@ in
         hardware.graphics.enable = true;
       }
       # Intel GPU
-      (lib.mkIf (cfg.cpuFlavor == "intel") {
+      (lib.mkIf (cfg.gpuFlavor == "intel") {
         nixpkgs.config.packageOverrides = pkgs: {
           intel-vaapi-driver = pkgs.intel-vaapi-driver.override { enableHybridCodec = true; };
         };
@@ -41,7 +42,9 @@ in
         ];
       })
 
-      (lib.mkIf (cfg.cpuFlavor == "amd") {
+      (lib.mkIf (cfg.gpuFlavor == "amd") {
+      })
+      (lib.mkIf (cfg.gpuFlavor == "nvidia") {
       })
     ]
   );