]> Git — Sourcephile - sourcephile-nix.git/blob - nixos/profiles/hardware/dl10j.nix
security: no longer depend upon upstream's hardening
[sourcephile-nix.git] / nixos / profiles / hardware / dl10j.nix
1 { pkgs, lib, config, ... }:
2 {
3 hardware.cpu.intel.updateMicrocode = true;
4 nix = {
5 # Too CPU hungry for the DL10J, for too little Mio saved
6 autoOptimiseStore = false;
7 maxJobs = 2;
8 };
9 powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
10
11 # https://insanity.industries/post/sata-power-consumption/
12 services.udev.extraRules = ''
13 SUBSYSTEM=="scsi_host", KERNEL=="host*", ATTR{link_power_management_policy}="med_power_with_dipm"
14 '';
15
16 boot.loader = {
17 grub = {
18 enable = true;
19 version = 2;
20 copyKernels = true;
21 configurationLimit = 3;
22 efiSupport = true;
23 # Because canTouchEfiVariables doesn't work on this system
24 efiInstallAsRemovable = true;
25 devices = [
26 # Completed in the importing configuration
27 ];
28 /*
29 mirroredBoots = [
30 { devices = [ "${disk_id}" ];
31 path = "/boot${bootnum}";
32 }
33 ];
34 */
35 };
36 efi = {
37 canTouchEfiVariables = false;
38 efiSysMountPoint = "/boot/efi";
39 };
40 };
41
42 boot.initrd = {
43 availableKernelModules = [
44 "ahci"
45 "ehci_pci" # useless ?
46 "i2c_i801" # SMBus
47 "mei_me" # Communication controller
48 "nvme" # NVME M.2 disk
49 #"rtl8188ee" # Wireless
50 "rtsx_usb_sdmmc" # SD card
51 #"snd_hda_intel" # Audio
52 "uas" # USB storage
53 "xhci_hcd" # USB
54 #"i915" # VGA
55 "igb" # Ethernet
56 # Make the AES modules available at initrd,
57 # to speedup the deciphering of the root.
58 "aes_x86_64"
59 "aesni_intel"
60 "cryptd"
61 ];
62 kernelModules = [
63 "igb" # Ethernet
64 "nvme" # NVME M.2 disk
65 "rtsx_usb_sdmmc" # SD card
66 ];
67 };
68 boot.kernelModules = [ ];
69 boot.extraModulePackages = [ ];
70 boot.kernelParams = [
71 "gfxpayload=text"
72 "console=ttyS0,115200n8"
73 "console=ttyS1,115200n8"
74 "console=tty0"
75 ];
76
77 # rtlwifi/rtl8188efw.bin
78 hardware.enableRedistributableFirmware = true;
79
80 environment.systemPackages = with pkgs; [
81 pciutils
82 nvme-cli
83 ];
84 }