48 lines
945 B
Nix
48 lines
945 B
Nix
|
{ config, lib, pkgs, ... }:
|
||
|
|
|
||
|
|
{
|
||
|
|
boot.kernelPackages = pkgs.linuxPackages_latest;
|
||
|
|
|
||
|
|
# Bootloader, initrd and Kernel
|
||
|
|
boot.loader.grub = {
|
||
|
|
enable = true;
|
||
|
|
enableCryptodisk = true;
|
||
|
|
version = 2;
|
||
|
|
};
|
||
|
|
|
||
|
|
boot.initrd.availableKernelModules = [
|
||
|
|
"xhci_pci"
|
||
|
|
"ahci"
|
||
|
|
"usb_storage"
|
||
|
|
"sd_mod"
|
||
|
|
"rtsx_pci_sdmmc"
|
||
|
|
"aes_x86_64"
|
||
|
|
"aesni_intel"
|
||
|
|
"cryptd"
|
||
|
|
];
|
||
|
|
|
||
|
|
boot.kernelModules = [
|
||
|
|
"kvm-intel"
|
||
|
|
|
||
|
|
# Workaround for nm-pptp to enforce module load
|
||
|
|
"nf_conntrack_proto_gre"
|
||
|
|
"nf_conntrack_pptp"
|
||
|
|
];
|
||
|
|
|
||
|
|
boot.extraModprobeConfig = ''
|
||
|
|
options kvm-intel nested=1
|
||
|
|
options kvm-intel enable_shadow_vmcs=1
|
||
|
|
options kvm-intel enable_apicv=1
|
||
|
|
options kvm-intel ept=1
|
||
|
|
'';
|
||
|
|
boot.extraModulePackages = [ ];
|
||
|
|
|
||
|
|
boot.loader.systemd-boot.enable = true;
|
||
|
|
boot.loader.efi.canTouchEfiVariables = false;
|
||
|
|
|
||
|
|
# workaround to disable CPU wining
|
||
|
|
# current CPU has 9 idle cstates.
|
||
|
|
|
||
|
|
boot.tmpOnTmpfs = true;
|
||
|
|
}
|