dotfiles/nixos/boxes/foureighty.nix

71 lines
1.5 KiB
Nix
Raw Normal View History

2019-07-05 23:11:21 +01:00
{ config, pkgs, ... }:
{
2019-07-07 12:08:00 +01:00
networking.hostName = "foureighty";
boot = {
kernelPackages = pkgs.linuxPackages_latest_hardened;
2019-07-06 16:42:32 +01:00
extraModulePackages = with config.boot.kernelPackages; [ wireguard ];
2019-07-05 23:11:21 +01:00
initrd.kernelModules = [ "i915" ];
2019-07-06 16:42:32 +01:00
initrd.availableKernelModules = [
"aes_x86_64"
"crypto_simd"
"aesni_intel"
"cryptd"
];
2019-07-06 07:54:07 +01:00
kernelParams = [
2019-07-18 22:17:36 +01:00
"mds=full"
2019-07-06 07:54:07 +01:00
];
kernelPatches = [ {
name = "native";
patch = null;
extraConfig = ''
SLAB_FREELIST_RANDOM y
SLAB_FREELIST_HARDENED y
REFCOUNT_FULL y
MODVERSIONS y
GENERIC_CPU n
MCORE2 y
X86_INTEL_USERCOPY y
X86_USE_PPRO_CHECKSUM y
X86_P6_NOP y
X86_INTEL_MPX y
KEXEC n
IA32_EMULATION y
X86_X32 y
'';
} ];
2019-07-05 23:11:21 +01:00
initrd.luks.devices = [
{
name = "root";
device = "/dev/disk/by-uuid/a9e8a44f-15be-4844-a0a1-46892cc5e44e";
preLVM = true;
allowDiscards = true;
}];
2019-07-07 12:08:00 +01:00
loader.grub = {
device = "nodev";
efiSupport = true;
};
loader.efi.canTouchEfiVariables = true;
2019-07-05 23:11:21 +01:00
};
2019-07-07 12:08:00 +01:00
time.hardwareClockInLocalTime = true;
time.timeZone = "Europe/London";
2019-07-05 23:11:21 +01:00
2019-07-07 12:08:00 +01:00
hardware.trackpoint.enable = true;
services.fprintd.enable = true;
2019-07-06 12:03:30 +01:00
hardware.bumblebee.enable = true;
imports = [
/etc/nixos/hardware-configuration.nix
2019-07-18 22:17:36 +01:00
../quirks/thinkpad-cpu-throttling.nix
../boot.nix
../common.nix
../gfx-intel.nix
../virtualbox.nix
];
}