]> Git — Sourcephile - sourcephile-nix.git/blob - servers/mermet/apu2e4.nix
nix: shell: add aes256-ctr cipher to ssh for dropbear
[sourcephile-nix.git] / servers / mermet / apu2e4.nix
1 { pkgs, lib, config, ... }:
2 {
3 hardware.cpu.amd.updateMicrocode = true;
4
5 boot.kernel = {
6 sysctl = {
7 "vm.swappiness" = 10;
8 "vm.vfs_cache_pressure" = 50;
9 };
10 };
11
12 boot.loader = {
13 grub = {
14 enable = true;
15 version = 2;
16 copyKernels = true;
17 # efiSupport = true;
18 devices = [
19 "/dev/disk/by-id/ata-Samsung_SSD_840_EVO_250GB_S1DBNSAF340110R"
20 ];
21 /*
22 mirroredBoots = [
23 { devices = [ "${disk_id}" ];
24 path = "/boot${bootnum}";
25 }
26 ];
27 */
28 };
29 /*
30 efi = {
31 canTouchEfiVariables = true;
32 efiSysMountPoint = "/boot/efi";
33 efiInstallAsRemovable = false;
34 };
35 */
36 };
37
38 boot.initrd = {
39 availableKernelModules = [
40 "ahci"
41 "ehci_pci"
42 "sd_mod"
43 "uas"
44 # Ethernet driver
45 "igb"
46 # Made the AES modules available at initrd,
47 # to speedup the deciphering of the root.
48 "aes_x86_64"
49 "aesni_intel"
50 "cryptd"
51 ];
52 kernelModules = [ ];
53
54 };
55 boot.kernelModules = [ ];
56 boot.extraModulePackages = [ ];
57 boot.kernelParams = [
58 "gfxpayload=text"
59 #"console=tty0"
60 "console=ttyS0,115200n8"
61 "zfs.zfs_arc_max=262144000" # 250Mo
62 ];
63
64 fileSystems."/boot" =
65 { device = "/dev/disk/by-uuid/dc3c5387-17d2-43b3-bfa2-bf73afacca07";
66 fsType = "ext2";
67 };
68
69 fileSystems."/boot/efi" =
70 { device = "/dev/disk/by-uuid/62E6-E65F";
71 fsType = "vfat";
72 };
73
74 swapDevices =
75 [ { device = "/dev/disk/by-partuuid/6b1eaa35-776b-4e60-b21e-7bcee535dd8b";
76 randomEncryption = {
77 enable = true;
78 cipher = "aes-xts-plain64";
79 source = "/dev/urandom";
80 };
81 }
82 ];
83
84 nix.maxJobs = lib.mkDefault 4;
85 powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
86
87 environment = {
88 systemPackages = with pkgs; [
89 pciutils
90 flashrom
91 ];
92 };
93 }