cyplo/dotfiles
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Enable hardened kernel and auto optimize

Browse source
This commit is contained in:
Cyryl Płotnicki 2019-07-08 22:45:33 +01:00
parent 5cbc4a6117
commit 1f0e5cd347
3 changed files with 31 additions and 27 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

51
nixos/boxes/foureighty.nix
View file

@ -4,7 +4,6 @@
networking.hostName = "foureighty"; networking.hostName = "foureighty";
boot = { boot = {
kernelPackages = pkgs.linuxPackages_latest;
extraModulePackages = with config.boot.kernelPackages; [ wireguard ]; extraModulePackages = with config.boot.kernelPackages; [ wireguard ];
initrd.kernelModules = [ "i915" ]; initrd.kernelModules = [ "i915" ];
initrd.availableKernelModules = [ initrd.availableKernelModules = [
@ -55,30 +54,30 @@
}; };
wantedBy = [ wantedBy = [
"timers.target" "timers.target"
]; ];
}; };
systemd.timers.cpu-throttling = { systemd.timers.cpu-throttling = {
enable = true; enable = true;
description = "CPU Throttling Fix"; description = "CPU Throttling Fix";
documentation = [ documentation = [
"https://wiki.archlinux.org/index.php/Lenovo_ThinkPad_X1_Carbon_(Gen_6)#Power_management.2FThrottling_issues" "https://wiki.archlinux.org/index.php/Lenovo_ThinkPad_X1_Carbon_(Gen_6)#Power_management.2FThrottling_issues"
]; ];
timerConfig = { timerConfig = {
OnActiveSec = 60; OnActiveSec = 60;
OnUnitActiveSec = 60; OnUnitActiveSec = 60;
Unit = "cpu-throttling.service"; Unit = "cpu-throttling.service";
}; };
wantedBy = [ wantedBy = [
"timers.target" "timers.target"
]; ];
}; };
imports = [ imports = [
/etc/nixos/hardware-configuration.nix /etc/nixos/hardware-configuration.nix
../boot.nix ../boot.nix
../common.nix ../common.nix
../gfx-intel.nix ../gfx-intel.nix
../virtualbox.nix ../virtualbox.nix
]; ];
} }

6
nixos/common.nix
View file

@ -105,7 +105,13 @@ in
hardware.sane.enable = true; hardware.sane.enable = true;
powerManagement.cpuFreqGovernor = (lib.mkForce null); powerManagement.cpuFreqGovernor = (lib.mkForce null);
boot.kernelPackages = pkgs.linuxPackages_latest_hardened;
nix.gc.automatic = true; nix.gc.automatic = true;
nix.autoOptimiseStore = true;
nix.optimise.automatic = true;
nix.daemonIONiceLevel = 7;
nix.daemonNiceLevel = 19;
system.autoUpgrade.enable = true; system.autoUpgrade.enable = true;
system.stateVersion = "19.03"; system.stateVersion = "19.03";
} }

1
nixos/gfx-intel.nix
View file

@ -5,7 +5,6 @@
hardware.opengl = { hardware.opengl = {
enable = true; enable = true;
driSupport = true; driSupport = true;
driSupport32Bit = true;
extraPackages = with pkgs; [ extraPackages = with pkgs; [
vaapiIntel vaapiIntel
vaapiVdpau vaapiVdpau