Added amd driver, rocm

flake.lock

@@ -10,11 +10,11 @@
         "systems": "systems"
       },
       "locked": {
-        "lastModified": 1754337839,
-        "narHash": "sha256-fEc2/4YsJwtnLU7HCFMRckb0u9UNnDZmwGhXT5U5NTw=",
+        "lastModified": 1754433428,
+        "narHash": "sha256-NA/FT2hVhKDftbHSwVnoRTFhes62+7dxZbxj5Gxvghs=",
         "owner": "ryantm",
         "repo": "agenix",
-        "rev": "856df6f6922845abd4fd958ce21febc07ca2fa45",
+        "rev": "9edb1787864c4f59ae5074ad498b6272b3ec308d",
         "type": "github"
       },
       "original": {
@@ -46,11 +46,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1753939845,
-        "narHash": "sha256-K2ViRJfdVGE8tpJejs8Qpvvejks1+A4GQej/lBk5y7I=",
+        "lastModified": 1755615617,
+        "narHash": "sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs+StOp19xNsbqdOg=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "94def634a20494ee057c76998843c015909d6311",
+        "rev": "20075955deac2583bb12f07151c2df830ef346b4",
         "type": "github"
       },
       "original": {

flake.nix

@@ -17,7 +17,10 @@
       keys = import ./lib/keys.nix;
       paths = {
         flake = "/home/gortium/infra";
-        identities = [ "/home/gortium/.ssh/gortium_ssh_key" "/etc/ssh/ssh_host_ed25519_key" ];
+        identities = [
+          "/home/gortium/.ssh/gortium_ssh_key"
+          "/etc/ssh/ssh_host_ed25519_key"
+          "/root/.age/bootstrap.key" ];
       };
       overlays = [ agenix.overlays.default ];
       pkgs = import nixpkgs {

hosts/lazyworkhorse/configuration.nix

@@ -29,6 +29,8 @@
   boot.loader.systemd-boot.enable = true;
   boot.loader.efi.canTouchEfiVariables = false;
 
+  boot.kernelModules = [ "nct6775" "lm63" ];
+  boot.blacklistedKernelModules = [ "eeepc_wmi" ];
   networking.hostName = "lazyworkhorse"; # Define your hostname.
   # Pick only one of the below networking options.
   # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
@@ -56,31 +58,6 @@
     LC_CTYPE = "en_CA.UTF-8";
   };
 
-  # Private host ssh key
-  age = {
-    identityPaths = paths.identities;
-    secrets = {
-      lazyworkhorse_host_ssh_key = {
-        file = "${self}/secrets/lazyworkhorse_host_ssh_key.age";
-        owner = "root";
-        group = "root";
-        mode = "0600";
-        path = "/etc/ssh/ssh_host_ed25519_key";
-      };
-    };
-  };
-
-  # Public host ssh key
-  environment.etc."ssh/ssh_host_ed25519_key.pub".text = keys.hosts.lazyworkhorse.main;
-
-  # Prevent sshd from generating new keys and use this one
-  services.openssh.hostKeys = [
-    {
-      path = "/etc/ssh/ssh_host_ed25519_key";
-      type = "ed25519";
-    }
-  ];
-
   # Configure network proxy if necessary
   # networking.proxy.default = "http://user:password@proxy:port/";
   # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
@@ -130,6 +107,7 @@
     age
     git
     nh
+    lm_sensors
   ];
 
   # Some programs need SUID wrappers, can be configured further or are
@@ -142,10 +120,59 @@
 
   # List services that you want to enable:
 
-  # Enable the OpenSSH daemon.
+  # Enable the OpenSSH daemon
   services.openssh = {
     enable = true;
     settings.PermitRootLogin = "no";
+    hostKeys = [
+      {
+        path = "/etc/ssh/ssh_host_ed25519_key";
+        type = "ed25519";
+      }
+    ];
+  };
+
+  # Private host ssh key managed by agenix
+  age = {
+    identityPaths = paths.identities;
+    secrets = {
+      containers_env = {
+        file = ../../secrets/containers.env.age;
+        path = "/run/secrets/containers.env";
+        owner = "root";
+        group = "root";
+        mode = "0400";
+      };
+      lazyworkhorse_host_ssh_key = {
+        file = ../../secrets/lazyworkhorse_host_ssh_key.age;
+        owner = "root";
+        group = "root";
+        mode = "0600";
+        path = "/etc/ssh/ssh_host_ed25519_key";
+      };
+    };
+  };
+
+  # Public host ssh key (kept in sync with the private one)
+  environment.etc."ssh/ssh_host_ed25519_key.pub".text =
+    "${keys.hosts.lazyworkhorse.main}";
+
+  services.fstrim.enable = true;
+
+  services.zfs.autoSnapshot.enable = true;
+  services.zfs.autoScrub.enable = true;
+
+  hardware.graphics = {
+    enable = true;
+    enable32Bit = true;
+    extraPackages = with pkgs; [
+      rocmPackages.clr
+      rocmPackages.rocblas
+      rocmPackages.rocrand
+      rocmPackages.rocminfo
+      rocmPackages.hipcc
+      rocmPackages.hiprt
+    ];
   };
 
  # Open ports in the firewall.

lib/keys.nix

@@ -12,6 +12,7 @@
       main = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBmPv4JssvhHGIx85UwFxDSrL5anR4eXB/cd9V2i9wdW";
       github = "";
       gitea = "";
+      bootstrap = "age1r796v2uldtspawyh863pks74sd2pwcan8j4e4pjzsvkmr3vjja9qpz5ste";
     };
   };
 }

modules/nixos/default.nix

@@ -5,6 +5,5 @@
       # ./programs
       ./services
       ./filesystem
-      ./services/systemd
     ];
 }

modules/nixos/services/systemd/default.nix

@@ -4,6 +4,7 @@
       ./network.nix
       ./passwordmanager.nix
       ./versioncontrol.nix
+      ./fancontrol.nix
     ];
 
   virtualisation.docker = {
@@ -12,17 +13,4 @@
       "dns" = [ "1.1.1.1" "8.8.8.8" ];
     };
   };
-
-  age = {
-    identityPaths = paths.identities;
-    secrets = {
-      containers_env = {
-        file = self + "/secrets/containers.env.age";
-        path = "/run/secrets/containers.env";
-        owner = "root";
-        group = "root";
-        mode = "0400";
-      };
-    };
-  };
 }

secrets/secrets.nix

@@ -1,6 +1,6 @@
 let
   keys = import ../lib/keys.nix;
-  authorizedKeys = [ keys.users.gortium.main keys.hosts.lazyworkhorse.main ];
+  authorizedKeys = [ keys.users.gortium.main keys.hosts.lazyworkhorse.main keys.hosts.lazyworkhorse.bootstrap ];
 in
 {
   "containers.env.age".publicKeys = authorizedKeys;