]> Git — Sourcephile - sourcephile-nix.git/blob - nixos/profiles/hardware/dl10j.nix
nftables: harden input checks on losurdo
[sourcephile-nix.git] / nixos / profiles / hardware / dl10j.nix
1 { pkgs, lib, config, ... }:
2 {
3 hardware.cpu.intel.updateMicrocode = true;
4 nix = {
5 # Too CPU hungry for the DL10J, for too little Mio saved
6 autoOptimiseStore = false;
7 maxJobs = 2;
8 };
9 powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
10
11 boot.loader = {
12 grub = {
13 enable = true;
14 version = 2;
15 copyKernels = true;
16 configurationLimit = 3;
17 efiSupport = true;
18 # Because canTouchEfiVariables doesn't work on this system
19 efiInstallAsRemovable = true;
20 devices = [
21 # Completed in the importing configuration
22 ];
23 /*
24 mirroredBoots = [
25 { devices = [ "${disk_id}" ];
26 path = "/boot${bootnum}";
27 }
28 ];
29 */
30 };
31 efi = {
32 canTouchEfiVariables = false;
33 efiSysMountPoint = "/boot/efi";
34 };
35 };
36
37 boot.initrd = {
38 availableKernelModules = [
39 "ahci"
40 "ehci_pci" # useless ?
41 "i2c_i801" # SMBus
42 "mei_me" # Communication controller
43 "nvme" # NVME M.2 disk
44 #"rtl8188ee" # Wireless
45 "rtsx_usb_sdmmc" # SD card
46 #"snd_hda_intel" # Audio
47 "uas" # USB storage
48 "xhci_hcd" # USB
49 #"i915" # VGA
50 "igb" # Ethernet
51 # Made the AES modules available at initrd,
52 # to speedup the deciphering of the root.
53 "aes_x86_64"
54 "aesni_intel"
55 "cryptd"
56 ];
57 kernelModules = [
58 "igb" # Ethernet
59 "nvme" # NVME M.2 disk
60 "rtsx_usb_sdmmc" # SD card
61 ];
62 };
63 boot.kernelModules = [ ];
64 boot.extraModulePackages = [ ];
65 boot.kernelParams = [
66 "gfxpayload=text"
67 "console=ttyS0,115200n8"
68 "console=ttyS1,115200n8"
69 "console=tty0"
70 # Use arc_summary to print stats
71 "zfs.zfs_arc_max=${toString (1000 * 1024 * 1024)}" # bytes
72 ];
73
74 environment.systemPackages = with pkgs; [
75 pciutils
76 #flashrom
77 nvme-cli
78 ];
79 }