nix/os: tidy up hw/boot handling

2018-11-05 12:04:06 +01:00 · 2018-11-05 12:04:06 +01:00 · 8baa3cf42d
commit 8baa3cf42d
parent 40fd476f0b
13 changed files with 63 additions and 62 deletions
--- a/nix/os/devices/steveej-laptop/boot.nix
+++ b/nix/os/devices/steveej-laptop/boot.nix
@ -4,10 +4,4 @@
  # workaround to disable CPU wining
  # current CPU has 9 idle cstates.
  boot.kernelParams = [ "intel_idle.max_cstate=9" ];
-
-  # Workaround for nm-pptp to enforce module load
-  boot.kernelModules = [ 
-      "nf_conntrack_proto_gre"
-      "nf_conntrack_pptp"
-  ];
 }
--- a/nix/os/devices/steveej-laptop/hw.nix
+++ b/nix/os/devices/steveej-laptop/hw.nix
@ -4,26 +4,21 @@
 { config, lib, pkgs, ... }:

 {
-    nix.maxJobs = 3;
-    nix.buildCores = 3;
+    boot.initrd.availableKernelModules = [
+      "aesni_intel"
+      "kvm-intel"
+      "aes_x86_64"
+    ];

-    hardware.enableAllFirmware = true;
-    hardware.trackpoint.emulateWheel = true;
-
-    boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
-    boot.kernelModules = [ "kvm-intel" ];
    boot.extraModprobeConfig = ''
      options kvm-intel nested=1
      options kvm-intel enable_shadow_vmcs=1
      options kvm-intel enable_apicv=1
      options kvm-intel ept=1
    '';
-    boot.extraModulePackages = [ ];

-    boot.loader.systemd-boot.enable = true;
-    boot.loader.efi.canTouchEfiVariables = true;
-
-    fileSystems."/boot" = { 
+    # TODO: migrate this to the encryptedDisk module
+    fileSystems."/boot" = {
        device = "/dev/disk/by-uuid/445D-DBAA";
        fsType = "vfat";
    };
--- a/nix/os/devices/steveej-rmvbl-mmc-SL32G_0x259093f6/hw.nix
+++ b/nix/os/devices/steveej-rmvbl-mmc-SL32G_0x259093f6/hw.nix
@ -1,5 +1,9 @@
 { ... }:

 {
-  hardware.encryptedDisk.diskId = "mmc-SL32G_0x259093f6";
+  # TASK: new device
+  hardware.encryptedDisk = {
+    enable = true;
+    diskId = "mmc-SL32G_0x259093f6";
+  };
 }
--- a/nix/os/devices/steveej-t480s-work/hw.nix
+++ b/nix/os/devices/steveej-t480s-work/hw.nix
@ -7,14 +7,12 @@
    diskId = "nvme-SAMSUNG_MZVLW256HEHP-000L7_S35ENX0K827498";
  };

-  nix.maxJobs = 3;
-  nix.buildCores = 3;
+  boot.initrd.availableKernelModules = [
+    "aesni_intel"
+    "kvm-intel"
+    "aes_x86_64"
+  ];

-  hardware.enableAllFirmware = true;
-  hardware.trackpoint.emulateWheel = true;
-
-  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
-  boot.kernelModules = [ "kvm-intel" ];
  boot.extraModprobeConfig = ''
    options kvm-intel nested=1
    options kvm-intel enable_shadow_vmcs=1
--- a/nix/os/devices/steveej-t480s-work/system.nix
+++ b/nix/os/devices/steveej-t480s-work/system.nix
@ -30,11 +30,12 @@
    ];
  };

-  services.fprintd.enable = true;
-  security.pam.services = {
-    login.fprintAuth = true;
-    sudo.fprintAuth = true;
-  };
+# TODO: get external fingerprint reader
+#  services.fprintd.enable = true;
+#  security.pam.services = {
+#    login.fprintAuth = true;
+#    sudo.fprintAuth = true;
+#  };

  # Kubernetes
  # services.kubernetes.roles = ["master" "node"];