2024-09-05 17:22:44 +02:00
|
|
|
{ self, ... }: { lib, config, pkgs, ... }: {
|
2024-09-05 17:44:54 +02:00
|
|
|
imports = with self.nixosModules; [
|
|
|
|
default
|
2024-10-31 15:38:06 +01:00
|
|
|
headless
|
2024-09-05 17:44:54 +02:00
|
|
|
mimalloc
|
|
|
|
physical
|
|
|
|
];
|
|
|
|
|
2024-10-31 15:38:06 +01:00
|
|
|
boot.binfmt = {
|
|
|
|
emulatedSystems = [ "aarch64-linux" "riscv64-linux" ];
|
|
|
|
preferStaticEmulators = true;
|
|
|
|
};
|
|
|
|
|
|
|
|
boot.kernelParams = [
|
|
|
|
"hugepagesz=1G" "hugepages=16"
|
|
|
|
];
|
|
|
|
|
2024-09-05 17:22:44 +02:00
|
|
|
boot.kernelPackages = let
|
|
|
|
inherit (self.packages.x86_64-linux) linux-hardened;
|
|
|
|
in pkgs.linuxPackagesFor (linux-hardened.override {
|
|
|
|
instSetArch = "znver2";
|
|
|
|
extraConfig =
|
|
|
|
(with linux-hardened.profile; physical // dm-crypt)
|
|
|
|
// (with self.lib.kernel; {
|
|
|
|
CPU_SUP_INTEL = false;
|
|
|
|
CPU_SUP_AMD = true;
|
|
|
|
NR_CPUS = 96;
|
|
|
|
AMD_MEM_ENCRYPT = true;
|
|
|
|
|
|
|
|
ACPI_IPMI = true;
|
|
|
|
ACPI_HMAT = true;
|
|
|
|
|
|
|
|
VIRTUALIZATION = true;
|
|
|
|
KVM = true;
|
|
|
|
KVM_AMD = true;
|
|
|
|
KVM_SMM = true;
|
|
|
|
|
|
|
|
NVME_CORE = true;
|
|
|
|
BLK_DEV_NVME = true;
|
|
|
|
NVME_VERBOSE_ERRORS = true;
|
|
|
|
NVME_HWMON = true;
|
|
|
|
|
|
|
|
ATA = true;
|
|
|
|
ATA_VERBOSE_ERROR = true;
|
|
|
|
ATA_ACPI = true;
|
|
|
|
SATA_PMP = true;
|
|
|
|
SATA_AHCI = true;
|
|
|
|
SATA_MOBILE_LPM_POLICY = 1;
|
|
|
|
ATA_SFF = false;
|
|
|
|
|
2024-10-31 15:38:06 +01:00
|
|
|
BLK_DEV_MD = true;
|
|
|
|
MD_AUTODETECT = true;
|
|
|
|
MD_RAID1 = true;
|
|
|
|
|
2024-09-05 17:22:44 +02:00
|
|
|
BNXT = true;
|
|
|
|
BNXT_FLOWER_OFFLOAD = true;
|
|
|
|
BNXT_HWMON = true;
|
|
|
|
MLX4_EN = true;
|
|
|
|
MLX4_CORE_GEN2 = false;
|
|
|
|
|
|
|
|
IPMI_HANDLER = true;
|
|
|
|
IPMI_PANIC_EVENT = true;
|
|
|
|
IPMI_PANIC_STRING = true;
|
2024-10-28 20:47:24 +01:00
|
|
|
IPMI_DEVICE_INTERFACE = true;
|
|
|
|
IPMI_SI = true;
|
|
|
|
IPMI_SSIF = true;
|
|
|
|
|
|
|
|
I2C_PIIX4 = true;
|
2024-09-05 17:22:44 +02:00
|
|
|
|
|
|
|
HWMON = true;
|
|
|
|
SENSORS_K10TEMP = true;
|
|
|
|
|
2024-10-28 20:47:24 +01:00
|
|
|
WATCHDOG = true;
|
|
|
|
WATCHDOG_HANDLE_BOOT_ENABLED = true;
|
|
|
|
WATCHDOG_OPEN_TIMEOUT = 0;
|
|
|
|
WATCHDOG_SYSFS = true;
|
|
|
|
SP5100_TCO = true;
|
|
|
|
|
|
|
|
VIDEO = true;
|
|
|
|
DRM = true;
|
|
|
|
DRM_FBDEV_EMULATION = true;
|
|
|
|
DRM_AST = true;
|
|
|
|
|
|
|
|
EDAC_DECODE_MCE = true;
|
|
|
|
EDAC_AMD64 = true;
|
|
|
|
|
|
|
|
AMD_PTDMA = true;
|
2024-09-05 17:22:44 +02:00
|
|
|
AMD_IOMMU = true;
|
|
|
|
|
2024-10-28 20:47:24 +01:00
|
|
|
INTEL_RAPL = true;
|
|
|
|
|
2024-09-05 17:22:44 +02:00
|
|
|
BTRFS_FS = true;
|
|
|
|
BTRFS_FS_POSIX_ACL = true;
|
|
|
|
|
|
|
|
CEPH_FS = true;
|
|
|
|
CEPH_FS_POSIX_ACL = true;
|
2024-10-28 20:47:24 +01:00
|
|
|
|
|
|
|
CRYPTO_DEV_CCP = true;
|
|
|
|
CRYPTO_DEV_CCP_DD = true;
|
|
|
|
CRYPTO_DEV_SP_CCP = true;
|
|
|
|
CRYPTO_DEV_CCP_CRYPTO = true;
|
|
|
|
CRYPTO_DEV_SP_PSP = true;
|
2024-09-05 17:22:44 +02:00
|
|
|
});
|
|
|
|
});
|
2024-09-05 17:44:54 +02:00
|
|
|
|
2024-10-31 15:38:06 +01:00
|
|
|
hardware.nitrokey.enable = true;
|
|
|
|
|
|
|
|
nix = {
|
|
|
|
settings = {
|
|
|
|
system-features = [ "nixos-test" "benchmark" "big-parallel" "kvm" ]
|
|
|
|
++ (map (arch: "gccarch-${arch}") (lib.systems.inferiors.znver2 ++ [ "rv64imac" "rv64imacfd" "rv64gc" "armv8-a" ]));
|
2024-09-05 17:44:54 +02:00
|
|
|
};
|
|
|
|
};
|
2024-09-05 17:22:44 +02:00
|
|
|
}
|