tiiuae · brianmcgillion · May 21, 2025 · May 20, 2025
diff --git a/modules/common/flake-module.nix b/modules/common/flake-module.nix
@@ -12,7 +12,7 @@
       ./security
       ./users
       ./version
-      ./virtualisation
+      ./virtualization
       ./systemd
       ./services
       ./networking

diff --git a/modules/common/virtualisation/default.nix → modules/common/virtualization/default.nix b/modules/common/virtualisation/default.nix → modules/common/virtualization/default.nix
diff --git a/...s/common/virtualisation/nvidia-docker.nix → ...s/common/virtualization/nvidia-docker.nix b/...s/common/virtualisation/nvidia-docker.nix → ...s/common/virtualization/nvidia-docker.nix
@@ -2,11 +2,11 @@
 # SPDX-License-Identifier: Apache-2.0
 { lib, config, ... }:
 let
-  cfg = config.ghaf.virtualisation.nvidia-docker.daemon;
+  cfg = config.ghaf.virtualization.nvidia-docker.daemon;
   inherit (lib) mkEnableOption mkIf;
 in
 {
-  options.ghaf.virtualisation.nvidia-docker.daemon = {
+  options.ghaf.virtualization.nvidia-docker.daemon = {
     enable = mkEnableOption "Nvidia Docker Daemon";
   };
 

diff --git a/...s/common/virtualisation/nvidia-podman.nix → ...s/common/virtualization/nvidia-podman.nix b/...s/common/virtualisation/nvidia-podman.nix → ...s/common/virtualization/nvidia-podman.nix
@@ -2,11 +2,11 @@
 # SPDX-License-Identifier: Apache-2.0
 { lib, config, ... }:
 let
-  cfg = config.ghaf.virtualisation.nvidia-podman.daemon;
+  cfg = config.ghaf.virtualization.nvidia-podman.daemon;
   inherit (lib) mkEnableOption mkIf;
 in
 {
-  options.ghaf.virtualisation.nvidia-podman.daemon = {
+  options.ghaf.virtualization.nvidia-podman.daemon = {
     enable = mkEnableOption "Nvidia Podman Daemon";
   };
   config = mkIf cfg.enable {

diff --git a/modules/profiles/flake-module.nix b/modules/profiles/flake-module.nix
@@ -22,5 +22,13 @@
       inputs.self.nixosModules.microvm
       ./laptop-x86.nix
     ];
+
+    profiles-orin.imports = [
+      #inputs.jetpack-nixos.nixosModules.default
+      #inputs.self.nixosModules.jetpack
+      ./orin.nix
+      inputs.self.nixosModules.profiles
+      inputs.self.nixosModules.microvm
+    ];
   };
 }
diff --git a/modules/profiles/orin.nix b/modules/profiles/orin.nix
@@ -0,0 +1,80 @@
+# Copyright 2022-2024 TII (SSRC) and the Ghaf contributors
+# SPDX-License-Identifier: Apache-2.0
+{ config, lib, ... }:
+let
+  cfg = config.ghaf.profiles.orin;
+in
+{
+  options.ghaf.profiles.orin = {
+    enable = lib.mkEnableOption "Enable the basic nvidia orin config";
+
+    netvmExtraModules = lib.mkOption {
+      description = ''
+        List of additional modules to be passed to the netvm.
+      '';
+      default = [ ];
+    };
+
+  };
+
+  config = lib.mkIf cfg.enable {
+    ghaf = {
+      profiles.graphics = {
+        enable = true;
+        renderer = "gles2";
+        compositor = "labwc";
+        idleManagement.enable = false;
+        # Disable suspend by default, not working as intended
+        allowSuspend = false;
+      };
+
+      reference.programs.windows-launcher.enable = true;
+      reference.host-demo-apps.demo-apps.enableDemoApplications = true;
+
+      hardware.nvidia = {
+        virtualization.enable = true;
+        virtualization.host.bpmp.enable = false;
+        passthroughs.host.uarta.enable = false;
+        # TODO: uarti passthrough is currently broken, it will be enabled
+        # later after a further analysis.
+        passthroughs.uarti_net_vm.enable = false;
+      };
+
+      # Virtualization options
+      virtualization = {
+        microvm-host = {
+          enable = true;
+          networkSupport = true;
+          # sharedVmDirectory = {
+          #   enable = true;
+          # };
+        };
+
+        microvm = {
+          netvm = {
+            enable = true;
+            #wifi = true;
+            extraModules = cfg.netvmExtraModules;
+          };
+
+          adminvm = {
+            enable = false;
+          };
+        };
+
+        #nvidia-podman.daemon.enable = true;
+        nvidia-docker.daemon.enable = true;
+      };
+
+      # Disable givc
+      givc.enable = false;
+
+      host = {
+        networking.enable = true;
+      };
+
+      # Create admin home folder; temporary solution
+      users.admin.createHome = true;
+    };
+  };
+}
diff --git a/modules/reference/hardware/flake-module.nix b/modules/reference/hardware/flake-module.nix
@@ -83,13 +83,23 @@
       }
     ];
     imx8.imports = [ ./imx8 ];
-    #TODO: Technically all the module imports can happen at this level
-    # without the need to drive the inputs down another level.
-    # could make discoverability easier.
+    polarfire.imports = [ ./polarfire ];
     jetpack.imports = [
       ./jetpack
+      ./jetpack/nvidia-jetson-orin/optee.nix
       inputs.self.nixosModules.hardware-aarch64-generic
     ];
-    polarfire.imports = [ ./polarfire ];
+    hardware-nvidia-jetson-orin-agx.imports = [
+      inputs.self.nixosModules.jetpack
+      ./jetpack/agx/orin-agx.nix
+    ];
+    hardware-nvidia-jetson-orin-agx64.imports = [
+      inputs.self.nixosModules.jetpack
+      ./jetpack/agx/orin-agx64.nix
+    ];
+    hardware-nvidia-jetson-orin-nx.imports = [
+      inputs.self.nixosModules.jetpack
+      ./jetpack/nx/orin-nx.nix
+    ];
   };
 }
diff --git a/modules/reference/hardware/jetpack/agx/orin-agx.nix b/modules/reference/hardware/jetpack/agx/orin-agx.nix
@@ -0,0 +1,73 @@
+# Copyright 2025 TII (SSRC) and the Ghaf contributors
+# SPDX-License-Identifier: Apache-2.0
+#
+# Reference hardware modules
+#
+{
+  ghaf.hardware.nvidia.orin = {
+    enable = true;
+    kernelVersion = "upstream-6-6";
+    somType = "agx";
+    agx.enableNetvmWlanPCIPassthrough = true;
+    carrierBoard = "devkit";
+  };
+
+  # To enable or disable wireless
+  networking.wireless.enable = true;
+
+  hardware = {
+    # Device Tree
+    deviceTree.name = "tegra234-p3737-0000+p3701-0000-nv.dtb";
+    nvidia-jetpack = {
+      enable = true;
+      som = "orin-agx";
+      carrierBoard = "devkit";
+      modesetting.enable = true;
+      flashScriptOverrides = {
+        flashArgs = [
+          "-r"
+          "jetson-agx-orin-devkit"
+          "mmcblk0p1"
+        ];
+      };
+      firmware.uefi = {
+        logo = ../../../../../../docs/src/img/1600px-Ghaf_logo.svg;
+        edk2NvidiaPatches = [
+          # This effectively disables EFI FB Simple Framebuffer, which does
+          # not work properly but causes kernel panic during the boot if the
+          # HDMI cable is connected during boot time.
+          #
+          # The patch reverts back to old behavior, which is to always reset
+          # the display when exiting UEFI, instead of doing handoff, when
+          # means not to reset anything.
+          # ./edk2-nvidia-always-reset-display.patch
+        ];
+      };
+    };
+  };
+
+  ghaf.profiles.orin.netvmExtraModules = [
+    {
+      # The Nvidia Orin hardware dependent configuration is in
+      # modules/reference/hardware/jetpack Please refer to that
+      # section for hardware dependent netvm configuration.
+
+      # Wireless Configuration. Orin AGX has WiFi enabled where Orin NX does
+      # not.
+
+      # To enable or disable wireless
+      networking.wireless.enable = true;
+
+      # For WLAN firmwares
+      hardware = {
+        enableRedistributableFirmware = true;
+        wirelessRegulatoryDatabase = true;
+      };
+
+      services.dnsmasq.settings.dhcp-option = [
+        "option:router,192.168.100.1" # set net-vm as a default gw
+        "option:dns-server,192.168.100.1"
+      ];
+    }
+  ];
+}
diff --git a/modules/reference/hardware/jetpack/agx/orin-agx64.nix b/modules/reference/hardware/jetpack/agx/orin-agx64.nix
@@ -0,0 +1,73 @@
+# Copyright 2025 TII (SSRC) and the Ghaf contributors
+# SPDX-License-Identifier: Apache-2.0
+#
+# Reference hardware modules
+#
+{
+  ghaf.hardware.nvidia.orin = {
+    enable = true;
+    kernelVersion = "upstream-6-6";
+    somType = "agx64";
+    agx.enableNetvmWlanPCIPassthrough = true;
+    carrierBoard = "devkit";
+  };
+
+  # To enable or disable wireless
+  networking.wireless.enable = true;
+
+  hardware = {
+    # Device Tree
+    deviceTree.name = "tegra234-p3737-0000+p3701-0005-nv.dtb";
+    nvidia-jetpack = {
+      enable = true;
+      som = "orin-agx";
+      carrierBoard = "devkit";
+      modesetting.enable = true;
+      flashScriptOverrides = {
+        flashArgs = [
+          "-r"
+          "jetson-agx-orin-devkit"
+          "mmcblk0p1"
+        ];
+      };
+      firmware.uefi = {
+        logo = ../../../../../../docs/src/img/1600px-Ghaf_logo.svg;
+        edk2NvidiaPatches = [
+          # This effectively disables EFI FB Simple Framebuffer, which does
+          # not work properly but causes kernel panic during the boot if the
+          # HDMI cable is connected during boot time.
+          #
+          # The patch reverts back to old behavior, which is to always reset
+          # the display when exiting UEFI, instead of doing handoff, when
+          # means not to reset anything.
+          # ./edk2-nvidia-always-reset-display.patch
+        ];
+      };
+    };
+  };
+
+  ghaf.profiles.orin.netvmExtraModules = [
+    {
+      # The Nvidia Orin hardware dependent configuration is in
+      # modules/reference/hardware/jetpack Please refer to that
+      # section for hardware dependent netvm configuration.
+
+      # Wireless Configuration. Orin AGX has WiFi enabled where Orin NX does
+      # not.
+
+      # To enable or disable wireless
+      networking.wireless.enable = true;
+
+      # For WLAN firmwares
+      hardware = {
+        enableRedistributableFirmware = true;
+        wirelessRegulatoryDatabase = true;
+      };
+
+      services.dnsmasq.settings.dhcp-option = [
+        "option:router,192.168.100.1" # set net-vm as a default gw
+        "option:dns-server,192.168.100.1"
+      ];
+    }
+  ];
+}
diff --git a/modules/reference/hardware/jetpack/nvidia-jetson-orin/jetson-orin.nix b/modules/reference/hardware/jetpack/nvidia-jetson-orin/jetson-orin.nix
@@ -54,35 +54,7 @@ in
   };
 
   config = mkIf cfg.enable {
-    hardware.nvidia-jetpack = {
-      enable = true;
-      som = if ((cfg.somType == "agx") || (cfg.somType == "agx64")) then "orin-agx" else "orin-nx";
-      carrierBoard = "${cfg.carrierBoard}";
-      modesetting.enable = true;
-      kernel.version = "${cfg.kernelVersion}";
-      flashScriptOverrides = lib.optionalAttrs ((cfg.somType == "agx") || (cfg.somType == "agx64")) {
-        flashArgs = lib.mkForce [
-          "-r"
-          config.hardware.nvidia-jetpack.flashScriptOverrides.targetBoard
-          "mmcblk0p1"
-        ];
-      };
-
-      firmware.uefi = {
-        logo = ../../../../../docs/src/img/1600px-Ghaf_logo.svg;
-        edk2NvidiaPatches = [
-          # This effectively disables EFI FB Simple Framebuffer, which does
-          # not work properly but causes kernel panic during the boot if the
-          # HDMI cable is connected during boot time.
-          #
-          # The patch reverts back to old behavior, which is to always reset
-          # the display when exiting UEFI, instead of doing handoff, when
-          # means not to reset anything.
-          # ./edk2-nvidia-always-reset-display.patch
-        ];
-      };
-    };
-
+    hardware.nvidia-jetpack.kernel.version = "${cfg.kernelVersion}";
     nixpkgs.hostPlatform.system = "aarch64-linux";
 
     ghaf.hardware.aarch64.systemd-boot-dtb.enable = true;
@@ -140,35 +112,17 @@ in
       # Enable all CPU cores, full power consumption (50W on AGX, 25W on NX)
       profileNumber = lib.mkDefault 3;
     };
-    hardware.deviceTree =
-      {
-        enable = lib.mkDefault true;
-        dtbSource = "${pkgs.nvidia-jetpack.bspSrc}/kernel/dtb/";
-        # Add the include paths to build the dtb overlays
-        dtboBuildExtraIncludePaths = [
-          "${lib.getDev config.hardware.deviceTree.kernelPackage}/lib/modules/${config.hardware.deviceTree.kernelPackage.modDirVersion}/source/nvidia/soc/t23x/kernel-include"
-        ];
-      }
+    hardware.deviceTree = {
+      enable = lib.mkDefault true;
+      dtbSource = "${pkgs.nvidia-jetpack.bspSrc}/kernel/dtb/";
+      # Add the include paths to build the dtb overlays
+      dtboBuildExtraIncludePaths = [
+        "${lib.getDev config.hardware.deviceTree.kernelPackage}/lib/modules/${config.hardware.deviceTree.kernelPackage.modDirVersion}/source/nvidia/soc/t23x/kernel-include"
+      ];
+    };
 
-      # NOTE: "-nv.dtb" files are from NVIDIA's BSP
-      # Versions of the device tree without PCI passthrough related
-      # modifications.
-      // lib.optionalAttrs (cfg.somType == "agx") {
-        name = lib.mkDefault "tegra234-p3737-0000+p3701-0000-nv.dtb";
-      }
-      // lib.optionalAttrs (cfg.somType == "agx64") {
-        name = lib.mkDefault "tegra234-p3737-0000+p3701-0005-nv.dtb";
-      }
-      // lib.optionalAttrs (cfg.somType == "nx") {
-        # Sake of clarity: Jetson 35.4 and IO BASE B carrier board
-        # uses "tegra234-p3767-0000-p3509-a02.dtb"-device tree.
-        # p3509-a02 == IO BASE B carrier board
-        # p3767-0000 == Orin NX SOM
-        # p3768-0000 == Official NVIDIA's carrier board
-        # Upstream kernel has only official carrier board device tree,
-        # but it works with IO BASE B carrier board with minor
-        # modifications.
-        name = lib.mkDefault "tegra234-p3768-0000+p3767-0000-nv.dtb";
-      };
+    # NOTE: "-nv.dtb" files are from NVIDIA's BSP
+    # Versions of the device tree without PCI passthrough related
+    # modifications.
   };
 }