From 45fef0b74e26f63e33b9b0ea3a2359852dfa21a6 Mon Sep 17 00:00:00 2001
From: "Gustavo \"Guz\" L de Mello" <contact@guz.one>
Date: Mon, 16 Mar 2026 14:29:39 -0300
Subject: [PATCH] feat(battleship-mk2): new configuration for battleship

---
 hosts/battleship-mk2/configuration.nix        | 90 +++++++++++++++++++
 hosts/battleship-mk2/disko.nix                | 71 +++++++++++++++
 hosts/battleship-mk2/gpu.nix                  | 32 +++++++
 .../battleship-mk2/hardware-configuration.nix | 21 +++++
 hosts/battleship-mk2/impermanence.nix         | 68 ++++++++++++++
 5 files changed, 282 insertions(+)
 create mode 100644 hosts/battleship-mk2/configuration.nix
 create mode 100644 hosts/battleship-mk2/disko.nix
 create mode 100644 hosts/battleship-mk2/gpu.nix
 create mode 100644 hosts/battleship-mk2/hardware-configuration.nix
 create mode 100644 hosts/battleship-mk2/impermanence.nix

diff --git a/hosts/battleship-mk2/configuration.nix b/hosts/battleship-mk2/configuration.nix
new file mode 100644
index 0000000..dd86148
--- /dev/null
+++ b/hosts/battleship-mk2/configuration.nix
@@ -0,0 +1,90 @@
+{
+  inputs,
+  pkgs,
+  ...
+}: {
+  imports = [
+    ../../secrets.nix
+    ./gpu.nix
+
+    ./impermanence.nix
+    inputs.disko.nixosModules.disko
+    ./disko.nix
+
+    ./hardware-configuration.nix
+  ];
+
+  # GnuPG keyring
+  programs.gnupg.agent = {
+    enable = true;
+    pinentryPackage = pkgs.pinentry-gtk2;
+    settings.default-cache-ttl = 3600 * 24;
+  };
+
+  # Yet another nix cli helper
+  programs.nh = {
+    enable = true;
+    clean.enable = true;
+    clean.extraArgs = "--keep-since 7d --keep 3";
+    flake = "/home/guz/Projects/dot013-nix";
+  };
+
+  # QMK keyboard
+  hardware.keyboard.qmk.enable = true;
+  services.udev.packages = with pkgs; [via vial];
+
+  # Pipewire
+  security.rtkit.enable = true;
+  services.pipewire = {
+    enable = true;
+    alsa.enable = true;
+    alsa.support32Bit = true;
+    pulse.enable = true;
+  };
+
+  # Tailscale
+  services.tailscale.enable = true;
+
+  # Networking
+  networking.hostName = "battleship";
+  networking.networkmanager.enable = true;
+
+  # Locale
+  time.timeZone = "America/Sao_Paulo";
+  i18n.defaultLocale = "en_US.UTF-8";
+  i18n.extraLocaleSettings = let
+    locale = "pt_BR.UTF-8";
+  in {
+    LC_ADDRESS = locale;
+    LC_IDENTIFICATION = locale;
+    LC_MEASUREMENT = locale;
+    LC_MONETARY = locale;
+    LC_NAME = locale;
+    LC_NUMERIC = locale;
+    LC_PAPER = locale;
+    LC_TELEPHONE = locale;
+    LC_TIME = locale;
+  };
+
+  # Keyboard
+  services.xserver.xkb.layout = "br";
+  console.keyMap = "br-abnt2";
+
+  security.polkit.enable = true;
+
+  # Nix
+  nix.settings.experimental-features = ["nix-command" "flakes"];
+
+  # Bootloader
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+  boot.kernelPackages = pkgs.linuxPackages_latest;
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It's perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "25.11"; # Did you read the comment?
+}
diff --git a/hosts/battleship-mk2/disko.nix b/hosts/battleship-mk2/disko.nix
new file mode 100644
index 0000000..3197ba0
--- /dev/null
+++ b/hosts/battleship-mk2/disko.nix
@@ -0,0 +1,71 @@
+{
+  disko.devices = {
+    disk.main = {
+      device = "/dev/nvme0n1"; # This will be overwritten by disko-install
+      type = "disk";
+      content = {
+        type = "gpt";
+        partitions = {
+          ESP = {
+            label = "boot";
+            size = "512M";
+            type = "EF00";
+            content = {
+              type = "filesystem";
+              format = "vfat";
+              mountpoint = "/boot";
+              mountOptions = ["defaults"];
+            };
+          };
+          luks = {
+            size = "100%";
+            label = "luks";
+            content = {
+              type = "luks";
+              name = "cryptroot";
+              extraOpenArgs = [
+                "--allow-discards"
+                "--perf-no_read_workqueue"
+                "--perf-no_write_workqueue"
+              ];
+              settings = {crypttabExtraOpts = ["fido2-device=auto" "token-timeout=10"];};
+              content = {
+                type = "btrfs";
+                extraArgs = ["-L" "nixos" "-f"];
+                subvolumes = {
+                  "/root" = {
+                    mountpoint = "/";
+                    mountOptions = ["subvol=root" "compress=zstd" "noatime"];
+                  };
+                  "/home" = {
+                    mountpoint = "/home";
+                    mountOptions = ["subvol=home" "compress=zstd" "noatime"];
+                  };
+                  "/nix" = {
+                    mountpoint = "/nix";
+                    mountOptions = ["subvol=nix" "compress=zstd" "noatime"];
+                  };
+                  "/persist" = {
+                    mountpoint = "/persist";
+                    mountOptions = ["subvol=persist" "compress=zstd" "noatime"];
+                  };
+                  "/log" = {
+                    mountpoint = "/var/log";
+                    mountOptions = ["subvol=log" "compress=zstd" "noatime"];
+                  };
+                  "/swap" = {
+                    mountpoint = "/swap";
+                    swap.swapfile.size = "8G";
+                  };
+                };
+              };
+            };
+          };
+        };
+      };
+    };
+  };
+
+  fileSystems."/persist".neededForBoot = true;
+  fileSystems."/var/log".neededForBoot = true;
+}
diff --git a/hosts/battleship-mk2/gpu.nix b/hosts/battleship-mk2/gpu.nix
new file mode 100644
index 0000000..5d063d0
--- /dev/null
+++ b/hosts/battleship-mk2/gpu.nix
@@ -0,0 +1,32 @@
+{pkgs, ...}: {
+  services.xserver.videoDrivers = ["amdgpu"];
+
+  boot.kernelModules = ["amdgpu"];
+  boot.initrd.kernelModules = ["amdgpu"];
+
+  # AMD
+  hardware.graphics.enable = true;
+  hardware.graphics.enable32Bit = true;
+  hardware.amdgpu.opencl.enable = true;
+
+  environment.systemPackages = with pkgs; [clinfo];
+  environment.variables.ROC_ENABLE_PRE_VEGA = "1";
+
+  # Configuration for davinci resolve based on
+  # https://wiki.nixos.org/wiki/DaVinci_Resolve
+  environment.variables.RUSTICL_ENABLE = "radeonsi";
+  hardware.graphics.extraPackages = with pkgs; [mesa.opencl];
+
+  systemd.tmpfiles.rules = let
+    rocmEnv = pkgs.symlinkJoin {
+      name = "rocm-combuned";
+      paths = with pkgs.rocmPackages; [
+        rocblas
+        hipblas
+        clr
+      ];
+    };
+  in [
+    "L+    /opt/rocm   -    -    -     -    ${rocmEnv}"
+  ];
+}
diff --git a/hosts/battleship-mk2/hardware-configuration.nix b/hosts/battleship-mk2/hardware-configuration.nix
new file mode 100644
index 0000000..86b60af
--- /dev/null
+++ b/hosts/battleship-mk2/hardware-configuration.nix
@@ -0,0 +1,21 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{
+  config,
+  lib,
+  modulesPath,
+  ...
+}: {
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];
+
+  boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "sd_mod"];
+  boot.initrd.kernelModules = [];
+  boot.kernelModules = ["kvm-amd"];
+  boot.extraModulePackages = [];
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
diff --git a/hosts/battleship-mk2/impermanence.nix b/hosts/battleship-mk2/impermanence.nix
new file mode 100644
index 0000000..ad02100
--- /dev/null
+++ b/hosts/battleship-mk2/impermanence.nix
@@ -0,0 +1,68 @@
+{
+  inputs,
+  lib,
+  pkgs,
+  ...
+}: {
+  imports = [
+    inputs.impermanence.nixosModules.impermanence
+  ];
+
+  environment.persistence."/persist" = {
+    enable = true;
+    hideMounts = true;
+    directories = [
+      "/etc/nixos"
+      "/etc/NetworkManager/system-connections"
+      "/etc/secureboot"
+      "/var/db/sudo"
+      "/var/log"
+      "/var/lib/bluetooth"
+      "/var/lib/nixos"
+      "/var/lib/systemd/coredump"
+      {
+        directory = "/var/lib/colord";
+        user = "colord";
+        group = "colord";
+        mode = "u=rwx,g=rx,o=";
+      }
+    ];
+    files = [
+      "/etc/machine-id"
+      {
+        file = "/var/keys/secret_file";
+        parentDirectory = {mode = "u=rwx,g=,o=";};
+      }
+    ];
+  };
+
+  boot.initrd.postResumeCommands = let
+    # https://github.com/nix-community/impermanence?tab=readme-ov-file#btrfs-subvolumes
+    script = pkgs.writeShellScriptBin "rollback" ''
+      mkdir -p /btrfs_tmp
+
+      mount -o subvol=/ /dev/mapper/enc /btrfs_tmp
+
+      if [[ -e /btrfs_tmp/root ]]; then
+        mkdir -p /btrfs_tmp/old_roots
+        timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/root)" "+%Y-%m-%-d_%H:%M:%S")
+        mv /btrfs_tmp/root "/btrfs_tmp/old_roots/$timestamp"
+      fi
+
+      delete_subvolume_recursively() {
+        IFS=$'\n'
+        for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do
+          delete_subvolume_recursively "/btrfs_tmp/$i"
+        done
+        btrfs subvolume delete "$1"
+      }
+
+      for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +30); do
+        delete_subvolume_recursively "$i"
+      done
+
+      btrfs subvolume create /btrfs_tmp/root
+      umount /btrfs_tmp
+    '';
+  in "${builtins.readFile (lib.getExe script)}";
+}