From 9693e762df4214f88e718e456e6f0ba350f26164 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Felix=20Schr=C3=B6ter?= <dev@felschr.com>
Date: Wed, 3 Aug 2022 03:15:06 +0200
Subject: [PATCH] feat: migrate home-server to LattePanda 3 Delta

---
 flake.nix               |  7 ++---
 hardware/base.nix       |  6 ----
 hardware/bluetooth.nix  |  8 +++++
 hardware/gpu-intel.nix  | 27 ++++++++++------
 hardware/lattepanda.nix | 69 +++++++++++++++++++++++++++++++++++++++++
 home-pc.nix             |  1 +
 home-server.nix         | 16 ++--------
 services/jellyfin.nix   |  9 ++++--
 services/owntracks.nix  | 10 ++----
 work-pc.nix             |  1 +
 10 files changed, 112 insertions(+), 42 deletions(-)
 create mode 100644 hardware/bluetooth.nix
 create mode 100644 hardware/lattepanda.nix

diff --git a/flake.nix b/flake.nix
index 09609da..cd898bf 100644
--- a/flake.nix
+++ b/flake.nix
@@ -142,12 +142,11 @@
       };
 
       nixosConfigurations.home-server = nixpkgs.lib.nixosSystem {
-        system = "aarch64-linux";
+        system = "x86_64-linux";
         modules = [
           nixpkgs.nixosModules.notDetected
-          nixos-hardware.nixosModules.raspberry-pi-4
           (lib.createSystem "home-server" {
-            hardwareConfig = ./hardware/rpi4.nix;
+            hardwareConfig = ./hardware/lattepanda.nix;
             config = ./home-server.nix;
           })
           lib.createMediaGroup
@@ -168,7 +167,7 @@
         hostname = "192.168.1.102";
         profiles.system = {
           user = "felschr";
-          path = deploy-rs.lib.aarch64-linux.activate.nixos
+          path = deploy-rs.lib.x86_64-linux.activate.nixos
             self.nixosConfigurations.home-server;
         };
       };
diff --git a/hardware/base.nix b/hardware/base.nix
index c23a86d..e36cca0 100644
--- a/hardware/base.nix
+++ b/hardware/base.nix
@@ -10,10 +10,4 @@
 
   services.smartd.enable = true;
   services.smartd.notifications.x11.enable = true;
-
-  # Bluetooth
-  hardware.bluetooth.enable = true;
-  hardware.bluetooth.settings = {
-    General = { Enable = "Source,Sink,Media,Socket"; };
-  };
 }
diff --git a/hardware/bluetooth.nix b/hardware/bluetooth.nix
new file mode 100644
index 0000000..c2d0802
--- /dev/null
+++ b/hardware/bluetooth.nix
@@ -0,0 +1,8 @@
+{ config, lib, pkgs, ... }:
+
+{
+  hardware.bluetooth.enable = true;
+  hardware.bluetooth.settings = {
+    General = { Enable = "Source,Sink,Media,Socket"; };
+  };
+}
diff --git a/hardware/gpu-intel.nix b/hardware/gpu-intel.nix
index 9ce68d1..2d605af 100644
--- a/hardware/gpu-intel.nix
+++ b/hardware/gpu-intel.nix
@@ -1,13 +1,22 @@
-{ config, pkgs, ... }:
+{ config, lib, pkgs, ... }:
 
 {
-  hardware.opengl = {
-    driSupport32Bit = true;
-    extraPackages = with pkgs; [ vaapiIntel vaapiVdpau libvdpau-va-gl ];
-    extraPackages32 = with pkgs.pkgsi686Linux; [
-      vaapiIntel
-      libvdpau-va-gl
-      vaapiVdpau
-    ];
+  boot.initrd.kernelModules = [ "i915" ];
+
+  nixpkgs.config.packageOverrides = pkgs: {
+    vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; };
   };
+
+  environment.variables = {
+    VDPAU_DRIVER =
+      lib.mkIf config.hardware.opengl.enable (lib.mkDefault "va_gl");
+  };
+
+  hardware.opengl.extraPackages = with pkgs; [
+    vaapiIntel
+    vaapiVdpau
+    libvdpau-va-gl
+    intel-media-driver
+    intel-compute-runtime
+  ];
 }
diff --git a/hardware/lattepanda.nix b/hardware/lattepanda.nix
new file mode 100644
index 0000000..6d06a93
--- /dev/null
+++ b/hardware/lattepanda.nix
@@ -0,0 +1,69 @@
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  boot.initrd.availableKernelModules = [
+    "xhci_pci"
+    "ahci"
+    "nvme"
+    "usbhid"
+    "usb_storage"
+    "sd_mod"
+    "sdhci_pci"
+    "rtsx_usb_sdmmc"
+  ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/70f03d67-e248-42f6-a204-c02e4f180531";
+    fsType = "btrfs";
+    options = [ "subvol=@" "compress-force=zstd:1" "noatime" ];
+  };
+
+  boot.initrd.luks.devices."enc".device =
+    "/dev/disk/by-uuid/d3b12d0e-7e8e-4130-9a8f-680abcdc9682";
+
+  fileSystems."/home" = {
+    device = "/dev/disk/by-uuid/70f03d67-e248-42f6-a204-c02e4f180531";
+    fsType = "btrfs";
+    options = [ "subvol=@home" "compress-force=zstd:1" "noatime" ];
+  };
+
+  fileSystems."/.swap" = {
+    device = "/dev/disk/by-uuid/70f03d67-e248-42f6-a204-c02e4f180531";
+    fsType = "btrfs";
+    options = [ "subvol=@swap" "nodatacow" "noatime" ];
+    neededForBoot = true;
+  };
+
+  fileSystems."/.snapshots" = {
+    device = "/dev/disk/by-uuid/70f03d67-e248-42f6-a204-c02e4f180531";
+    fsType = "btrfs";
+    options = [ "subvol=@snapshots" "compress-force=zstd:1" "noatime" ];
+  };
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/95FC-D4E5";
+    fsType = "vfat";
+  };
+
+  swapDevices = [{
+    device = "/.swap/swapfile";
+    size = 8096;
+  }];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp2s0.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlo1.useDHCP = lib.mkDefault true;
+
+  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
+  hardware.cpu.intel.updateMicrocode =
+    lib.mkDefault config.hardware.enableRedistributableFirmware;
+  # high-resolution display
+  hardware.video.hidpi.enable = lib.mkDefault true;
+}
diff --git a/home-pc.nix b/home-pc.nix
index cd2bc3e..35c81b1 100644
--- a/home-pc.nix
+++ b/home-pc.nix
@@ -4,6 +4,7 @@
   imports = [
     ./hardware/base.nix
     ./hardware/gpu-amd.nix
+    ./hardware/bluetooth.nix
     ./hardware/steam.nix
     ./hardware/ledger.nix
     ./system/desktop.nix
diff --git a/home-server.nix b/home-server.nix
index 7875006..8187c78 100644
--- a/home-server.nix
+++ b/home-server.nix
@@ -10,8 +10,8 @@ let
   }];
 in with builtins; {
   imports = [
-    # ./hardware/base.nix
-    ./hardware/gpu-rpi4.nix
+    ./hardware/base.nix
+    ./hardware/gpu-intel.nix
     ./system/server.nix
     ./modules/emailNotify.nix
     ./services/mail.nix
@@ -34,16 +34,6 @@ in with builtins; {
 
   nixpkgs.config.allowUnfree = true;
 
-  boot.loader.systemd-boot.enable = true;
-  boot.loader.generic-extlinux-compatible.enable = false;
-  # boot.loader.efi.canTouchEfiVariables = true;
-  boot.tmpOnTmpfs = true;
-
-  # rpi4 base config
-  boot.kernelPackages = pkgs.linuxPackages_rpi4;
-  boot.kernelParams =
-    [ "8250.nr_uarts=1" "console=ttyAMA0,115200" "console=tty1" "cma=128" ];
-
   # improve memory performance
   zramSwap.enable = true;
   zramSwap.algorithm = "zstd";
@@ -101,7 +91,7 @@ in with builtins; {
     extraConfig = with pkgs; ''
       usev6=cmdv6, cmdv6=${
         pkgs.writeScript "get-ipv6" ''
-          ${iproute2}/bin/ip --brief addr show eth0 mngtmpaddr \
+          ${iproute2}/bin/ip --brief addr show enp2s0 mngtmpaddr \
             | ${gawk}/bin/awk '{print $(NF)}' \
             | sed 's/\/.*//'
         ''
diff --git a/services/jellyfin.nix b/services/jellyfin.nix
index 610ff25..fb231a3 100644
--- a/services/jellyfin.nix
+++ b/services/jellyfin.nix
@@ -1,4 +1,4 @@
-{ config, pkgs, ... }:
+{ config, lib, pkgs, ... }:
 
 {
   services.jellyfin.enable = true;
@@ -6,7 +6,12 @@
   services.jellyfin.openFirewall = true;
 
   # for hardware acceleration
-  users.users.jellyfin.extraGroups = [ "video" "render" ];
+  users.users.${config.services.jellyfin.user}.extraGroups =
+    [ "video" "render" ];
+  systemd.services.jellyfin.serviceConfig = {
+    PrivateDevices = lib.mkForce false;
+    DeviceAllow = lib.mkForce [ "/dev/dri/renderD128" ];
+  };
 
   services.nginx = {
     virtualHosts."media.felschr.com" = {
diff --git a/services/owntracks.nix b/services/owntracks.nix
index b1cef70..be4e8cc 100644
--- a/services/owntracks.nix
+++ b/services/owntracks.nix
@@ -12,9 +12,7 @@ in {
 
   virtualisation.oci-containers.containers = {
     owntracks-recorder = {
-      # official image does not support aarch64
-      # image = "owntracks/recorder";
-      image = "easypi/ot-recorder-arm";
+      image = "owntracks/recorder";
       ports = [ "8083:8083" ];
       environment = {
         OTR_HOST = "localhost";
@@ -23,11 +21,7 @@ in {
       };
       # provide OTR_PASS
       environmentFiles = [ config.age.secrets.owntracks-recorder-env.path ];
-      # easypi/ot-recorder-arm uses different store location
-      # volumes = [ "/var/lib/owntracks/recorder/store:/store" ];
-      volumes = [
-        "/var/lib/owntracks/recorder/store:/var/spool/owntracks/recorder/store"
-      ];
+      volumes = [ "/var/lib/owntracks/recorder/store:/store" ];
       extraOptions = [ "--network=host" ];
     };
 
diff --git a/work-pc.nix b/work-pc.nix
index ce5d174..3e14d46 100644
--- a/work-pc.nix
+++ b/work-pc.nix
@@ -4,6 +4,7 @@
   imports = [
     ./hardware/base.nix
     ./hardware/gpu-intel.nix
+    ./hardware/bluetooth.nix
     ./system
     ./desktop
     ./virtualisation/docker.nix