]> Git — Sourcephile - sourcephile-nix.git/blob - servers/mermet/production/apu2e4.nix
x509: send the key once for root, not one per service
[sourcephile-nix.git] / servers / mermet / production / apu2e4.nix
1 { pkgs, lib, config, ... }:
2 {
3 hardware.cpu.amd.updateMicrocode = true;
4 nix.maxJobs = 4;
5 powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
6
7 boot.kernel = {
8 sysctl = {
9 "vm.swappiness" = 10;
10 "vm.vfs_cache_pressure" = 50;
11 };
12 };
13
14 boot.loader = {
15 grub = {
16 enable = true;
17 version = 2;
18 copyKernels = true;
19 # efiSupport = true;
20 devices = [
21 "/dev/disk/by-id/ata-Samsung_SSD_840_EVO_250GB_S1DBNSAF340110R"
22 ];
23 /*
24 mirroredBoots = [
25 { devices = [ "${disk_id}" ];
26 path = "/boot${bootnum}";
27 }
28 ];
29 */
30 };
31 /*
32 efi = {
33 canTouchEfiVariables = true;
34 efiSysMountPoint = "/boot/efi";
35 efiInstallAsRemovable = false;
36 };
37 */
38 };
39
40 boot.initrd = {
41 availableKernelModules = [
42 "ahci"
43 "ehci_pci"
44 "sd_mod"
45 "uas"
46 # Ethernet driver
47 "igb"
48 # Made the AES modules available at initrd,
49 # to speedup the deciphering of the root.
50 "aes_x86_64"
51 "aesni_intel"
52 "cryptd"
53 ];
54 kernelModules = [ ];
55
56 };
57 boot.kernelModules = [ ];
58 boot.extraModulePackages = [ ];
59 boot.kernelParams = [
60 "gfxpayload=text"
61 #"console=tty0"
62 "console=ttyS0,115200n8"
63 "zfs.zfs_arc_max=262144000" # 250Mo
64 ];
65
66 fileSystems."/boot" =
67 { device = "/dev/disk/by-uuid/dc3c5387-17d2-43b3-bfa2-bf73afacca07";
68 fsType = "ext2";
69 };
70
71 fileSystems."/boot/efi" =
72 { device = "/dev/disk/by-uuid/62E6-E65F";
73 fsType = "vfat";
74 };
75
76 swapDevices =
77 [ { device = "/dev/disk/by-partuuid/6b1eaa35-776b-4e60-b21e-7bcee535dd8b";
78 randomEncryption = {
79 enable = true;
80 cipher = "aes-xts-plain64";
81 source = "/dev/urandom";
82 };
83 }
84 ];
85
86 environment = {
87 systemPackages = with pkgs; [
88 pciutils
89 flashrom
90 ];
91 };
92 }