feat: Add warp server configuration for Intel NUC 13th gen

- Add new NixOS configuration for 'warp' server - Configure for Intel NUC 13th gen CPU platform - Disable desktop environment (headless server) - Enable SSH with security hardening (no password auth, no root login) - Configure Docker and Podman for containerized workloads - Add performance tuning for network and memory buffers - Include 8GB swap file configuration - Enable Intel IOMMU for virtualization support - Add thermal monitoring and power management
2026-02-03 22:45:25 -08:00 · 2026-02-03 22:45:25 -08:00 · 78ea16d120
commit 78ea16d120
parent 82a98a1e6f
2 changed files with 78 additions and 0 deletions
--- a/systems/warp.nix
+++ b/systems/warp.nix
@ -0,0 +1,71 @@
+{ config, lib, pkgs, modulesPath, ... }: {
+  networking.hostName = "warp";
+
+  # CPU Settings for 13th gen Intel Core
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+
+  # Boot and kernel modules for Intel NUC
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "sd_mod" ];
+  boot.initrd.kernelModules = [];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [];
+
+  # Server-specific kernel parameters
+  boot.kernelParams = [
+    "intel_iommu=on"
+  ];
+
+  networking.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+
+  # No graphics support needed for headless server
+
+  # Power management optimized for server use
+  powerManagement = {
+    enable = true;
+    cpuFreqGovernor = "ondemand";
+  };
+
+  # Thermal management
+  services.thermald.enable = true;
+
+  # Server-oriented settings
+  services.openssh = {
+    enable = true;
+    settings = {
+      PasswordAuthentication = false;
+      KbdInteractiveAuthentication = false;
+      PermitRootLogin = "no";
+    };
+  };
+
+  # Swap configuration
+  swapDevices = [
+    {
+      device = "/swapfile";
+      size = 8192;
+      priority = 0;
+    }
+  ];
+
+  # Enable hardware monitoring
+  hardware.sensor.iio.enable = true;
+
+  # Network performance tuning for server use
+  boot.kernel.sysctl = {
+    "net.core.rmem_max" = 134217728;
+    "net.core.wmem_max" = 134217728;
+    "net.ipv4.tcp_rmem" = "4096 65536 134217728";
+    "net.ipv4.tcp_wmem" = "4096 65536 134217728";
+    "net.core.netdev_max_backlog" = 5000;
+  };
+
+  # Disable unnecessary services for server use
+  services.xserver.enable = lib.mkForce false;
+  services.pipewire.enable = lib.mkForce false;
+
+  # Enable container support for server services
+  virtualisation.docker.enable = true;
+  virtualisation.podman.enable = lib.mkDefault true;
+}