steveej/infra
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions

nix/os: tidy up hw/boot handling

Browse source
This commit is contained in:
steveej 2018-11-05 12:04:06 +01:00
parent 40fd476f0b
commit 8baa3cf42d
13 changed files with 63 additions and 62 deletions
Download patch file Download diff file Expand all files Collapse all files

6
nix/os/devices/steveej-laptop/boot.nix
View file

@ -4,10 +4,4 @@
# workaround to disable CPU wining # workaround to disable CPU wining
# current CPU has 9 idle cstates. # current CPU has 9 idle cstates.
boot.kernelParams = [ "intel_idle.max_cstate=9" ]; boot.kernelParams = [ "intel_idle.max_cstate=9" ];
# Workaround for nm-pptp to enforce module load
boot.kernelModules = [
"nf_conntrack_proto_gre"
"nf_conntrack_pptp"
];
} }

17
nix/os/devices/steveej-laptop/hw.nix
View file

@ -4,25 +4,20 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
{ {
nix.maxJobs = 3; boot.initrd.availableKernelModules = [
nix.buildCores = 3; "aesni_intel"
"kvm-intel"
"aes_x86_64"
];
hardware.enableAllFirmware = true;
hardware.trackpoint.emulateWheel = true;
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModprobeConfig = '' boot.extraModprobeConfig = ''
options kvm-intel nested=1 options kvm-intel nested=1
options kvm-intel enable_shadow_vmcs=1 options kvm-intel enable_shadow_vmcs=1
options kvm-intel enable_apicv=1 options kvm-intel enable_apicv=1
options kvm-intel ept=1 options kvm-intel ept=1
''; '';
boot.extraModulePackages = [ ];
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
# TODO: migrate this to the encryptedDisk module
fileSystems."/boot" = { fileSystems."/boot" = {
device = "/dev/disk/by-uuid/445D-DBAA"; device = "/dev/disk/by-uuid/445D-DBAA";
fsType = "vfat"; fsType = "vfat";

6
nix/os/devices/steveej-rmvbl-mmc-SL32G_0x259093f6/hw.nix
View file

@ -1,5 +1,9 @@
{ ... }: { ... }:
{ {
hardware.encryptedDisk.diskId = "mmc-SL32G_0x259093f6"; # TASK: new device
hardware.encryptedDisk = {
enable = true;
diskId = "mmc-SL32G_0x259093f6";
};
} }

12
nix/os/devices/steveej-t480s-work/hw.nix
View file

@ -7,14 +7,12 @@
diskId = "nvme-SAMSUNG_MZVLW256HEHP-000L7_S35ENX0K827498"; diskId = "nvme-SAMSUNG_MZVLW256HEHP-000L7_S35ENX0K827498";
}; };
nix.maxJobs = 3; boot.initrd.availableKernelModules = [
nix.buildCores = 3; "aesni_intel"
"kvm-intel"
"aes_x86_64"
];
hardware.enableAllFirmware = true;
hardware.trackpoint.emulateWheel = true;
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModprobeConfig = '' boot.extraModprobeConfig = ''
options kvm-intel nested=1 options kvm-intel nested=1
options kvm-intel enable_shadow_vmcs=1 options kvm-intel enable_shadow_vmcs=1

11
nix/os/devices/steveej-t480s-work/system.nix
View file

@ -30,11 +30,12 @@
]; ];
}; };
services.fprintd.enable = true; # TODO: get external fingerprint reader
security.pam.services = { # services.fprintd.enable = true;
login.fprintAuth = true; # security.pam.services = {
sudo.fprintAuth = true; # login.fprintAuth = true;
}; # sudo.fprintAuth = true;
# };
# Kubernetes # Kubernetes
# services.kubernetes.roles = ["master" "node"]; # services.kubernetes.roles = ["master" "node"];

7
nix/os/profiles/common/boot.nix
View file

@ -11,7 +11,14 @@
version = 2; version = 2;
}; };
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true; boot.loader.efi.canTouchEfiVariables = true;
boot.tmpOnTmpfs = true; boot.tmpOnTmpfs = true;
# Workaround for nm-pptp to enforce module load
boot.kernelModules = [
"nf_conntrack_proto_gre"
"nf_conntrack_pptp"
];
} }

1
nix/os/profiles/common/configuration.nix
View file

@ -6,5 +6,6 @@
./pkg.nix ./pkg.nix
./user.nix ./user.nix
./system.nix ./system.nix
./hw.nix
]; ];
} }

14
nix/os/profiles/common/hw.nix Normal file
View file

@ -0,0 +1,14 @@
{ ... }:
{
hardware.trackpoint.emulateWheel = true;
boot.initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"usb_storage"
"sd_mod"
"rtsx_pci_sdmmc"
"cryptd"
];
}

7
nix/os/profiles/graphical/boot.nix Normal file
View file

@ -0,0 +1,7 @@
{ lib
, ...
}:
{
}

2
nix/os/profiles/graphical/configuration.nix
View file

@ -4,6 +4,8 @@
{ {
imports = [ imports = [
./boot.nix
./system.nix ./system.nix
./hw.nix
]; ];
} }

7
nix/os/profiles/graphical/hw.nix Normal file
View file

@ -0,0 +1,7 @@
{
...
}:
{
hardware.enableAllFirmware = true;
}

28
nix/os/profiles/removable-medium/boot.nix
View file

@ -5,33 +5,5 @@
{ {
boot.loader.grub.efiInstallAsRemovable = lib.mkForce true; boot.loader.grub.efiInstallAsRemovable = lib.mkForce true;
boot.loader.efi.canTouchEfiVariables = lib.mkForce false; boot.loader.efi.canTouchEfiVariables = lib.mkForce false;
boot.initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"usb_storage"
"sd_mod"
"rtsx_pci_sdmmc"
"aes_x86_64"
"aesni_intel"
"cryptd"
];
boot.kernelModules = [
"kvm-intel"
# Workaround for nm-pptp to enforce module load
"nf_conntrack_proto_gre"
"nf_conntrack_pptp"
];
boot.extraModprobeConfig = ''
options kvm-intel nested=1
options kvm-intel enable_shadow_vmcs=1
options kvm-intel enable_apicv=1
options kvm-intel ept=1
'';
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
boot.loader.systemd-boot.enable = true;
} }

1
nix/os/profiles/removable-medium/hw.nix
View file

@ -3,5 +3,4 @@
{ {
hardware.encryptedDisk.enable = true; hardware.encryptedDisk.enable = true;
hardware.enableAllFirmware = true; hardware.enableAllFirmware = true;
hardware.trackpoint.emulateWheel = true;
} }