From 78ea16d12082aa42c4369b92b7607cde9c30af80 Mon Sep 17 00:00:00 2001
From: Julian Sutter <jsutter@symbiotip.com>
Date: Tue, 3 Feb 2026 22:45:25 -0800
Subject: [PATCH] feat: Add warp server configuration for Intel NUC 13th gen

- Add new NixOS configuration for 'warp' server
- Configure for Intel NUC 13th gen CPU platform
- Disable desktop environment (headless server)
- Enable SSH with security hardening (no password auth, no root login)
- Configure Docker and Podman for containerized workloads
- Add performance tuning for network and memory buffers
- Include 8GB swap file configuration
- Enable Intel IOMMU for virtualization support
- Add thermal monitoring and power management
---
 flake.nix        |  7 +++++
 systems/warp.nix | 71 ++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 78 insertions(+)
 create mode 100644 systems/warp.nix

diff --git a/flake.nix b/flake.nix
index 8c914b5..d6049fc 100644
--- a/flake.nix
+++ b/flake.nix
@@ -81,6 +81,13 @@
 	  ./desktop/3dprinting.nix
         ];
       };
+      warp = mkSystem {
+        modules = [
+          ./systems/common.nix
+          ./users/jsutter.nix
+          ./systems/warp.nix
+        ];
+      };
     };
   };
 }
diff --git a/systems/warp.nix b/systems/warp.nix
new file mode 100644
index 0000000..efeb6ae
--- /dev/null
+++ b/systems/warp.nix
@@ -0,0 +1,71 @@
+{ config, lib, pkgs, modulesPath, ... }: {
+  networking.hostName = "warp";
+
+  # CPU Settings for 13th gen Intel Core
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+
+  # Boot and kernel modules for Intel NUC
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "sd_mod" ];
+  boot.initrd.kernelModules = [];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [];
+
+  # Server-specific kernel parameters
+  boot.kernelParams = [
+    "intel_iommu=on"
+  ];
+
+  networking.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+
+  # No graphics support needed for headless server
+
+  # Power management optimized for server use
+  powerManagement = {
+    enable = true;
+    cpuFreqGovernor = "ondemand";
+  };
+
+  # Thermal management
+  services.thermald.enable = true;
+
+  # Server-oriented settings
+  services.openssh = {
+    enable = true;
+    settings = {
+      PasswordAuthentication = false;
+      KbdInteractiveAuthentication = false;
+      PermitRootLogin = "no";
+    };
+  };
+
+  # Swap configuration
+  swapDevices = [
+    {
+      device = "/swapfile";
+      size = 8192;
+      priority = 0;
+    }
+  ];
+
+  # Enable hardware monitoring
+  hardware.sensor.iio.enable = true;
+
+  # Network performance tuning for server use
+  boot.kernel.sysctl = {
+    "net.core.rmem_max" = 134217728;
+    "net.core.wmem_max" = 134217728;
+    "net.ipv4.tcp_rmem" = "4096 65536 134217728";
+    "net.ipv4.tcp_wmem" = "4096 65536 134217728";
+    "net.core.netdev_max_backlog" = 5000;
+  };
+
+  # Disable unnecessary services for server use
+  services.xserver.enable = lib.mkForce false;
+  services.pipewire.enable = lib.mkForce false;
+
+  # Enable container support for server services
+  virtualisation.docker.enable = true;
+  virtualisation.podman.enable = lib.mkDefault true;
+}