mikael/idiosyn
mikael/idiosyn
1
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

nixos/magi: Use platform config for kernel
Some checks are pending
nix flake check / check (aarch64-linux) (push) Waiting to run
Details
nix flake check / check (x86_64-linux) (push) Waiting to run
Details

Browse source
This commit is contained in:
Mikael 2024-11-06 12:37:34 +01:00
parent 96114beca1
commit 4303771857
Signed by: mikael
SSH key fingerprint: SHA256:21QyD2Meiot7jOUVitIR5YkGB/XuXdCvLW1hE6dsri0
2 changed files with 6 additions and 73 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
flake.lock
View file

@ -349,11 +349,11 @@
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1730847151,
"narHash": "sha256-8C2YMErF1bYnfXVLrYN7TVIH7HYCWM0xJj2s7kmME34=",
"lastModified": 1730892568,
"narHash": "sha256-cTTY+eNvq9sxqI2nHPmr9mO3hHVl0aolQVlSs5KD5pk=",
"ref": "refs/heads/main",
"rev": "efc47b94e5aa1cc5c805f4463739afb3988bb1f7",
"revCount": 3,
"rev": "ec2530c9b532a834777b90fbf34e880aa02395fa",
"revCount": 4,
"type": "git",
"url": "https://woof.rip/mikael/linux-hardened.git"
},

71
nixos/module/magi.nix
View file

@ -16,94 +16,27 @@
];
boot.kernelPackages = let
inherit (linux-hardened.packages.x86_64-linux) default;
in pkgs.linuxPackagesFor (default.override {
instSetArch = "znver2";
inherit (linux-hardened.packages.x86_64-linux) supermicro-h11ssw;
in pkgs.linuxPackagesFor (supermicro-h11ssw.override {
profiles = {
physical = true;
dm-crypt = true;
};
extraConfig = with linux-hardened.lib.kernel; {
CPU_SUP_INTEL = false;
CPU_SUP_AMD = true;
NR_CPUS = 96;
AMD_MEM_ENCRYPT = true;
ACPI_IPMI = true;
ACPI_HMAT = true;
VIRTUALIZATION = true;
KVM = true;
KVM_AMD = true;
KVM_SMM = true;
NVME_CORE = true;
BLK_DEV_NVME = true;
NVME_VERBOSE_ERRORS = true;
NVME_HWMON = true;
ATA = true;
ATA_VERBOSE_ERROR = true;
ATA_ACPI = true;
SATA_PMP = true;
SATA_AHCI = true;
SATA_MOBILE_LPM_POLICY = 1;
ATA_SFF = false;
BLK_DEV_MD = true;
MD_AUTODETECT = true;
MD_RAID1 = true;
DM_RAID = true;
BNXT = true;
BNXT_FLOWER_OFFLOAD = true;
BNXT_HWMON = true;
MLX4_EN = true;
MLX4_CORE_GEN2 = false;
IPMI_HANDLER = true;
IPMI_PANIC_EVENT = true;
IPMI_PANIC_STRING = true;
IPMI_DEVICE_INTERFACE = true;
IPMI_SI = true;
IPMI_SSIF = true;
I2C_PIIX4 = true;
HWMON = true;
SENSORS_K10TEMP = true;
WATCHDOG = true;
WATCHDOG_HANDLE_BOOT_ENABLED = true;
WATCHDOG_OPEN_TIMEOUT = 0;
WATCHDOG_SYSFS = true;
SP5100_TCO = true;
VIDEO = true;
DRM = true;
DRM_FBDEV_EMULATION = true;
DRM_AST = true;
EDAC_DECODE_MCE = true;
EDAC_AMD64 = true;
AMD_PTDMA = true;
AMD_IOMMU = true;
INTEL_RAPL = true;
BTRFS_FS = true;
BTRFS_FS_POSIX_ACL = true;
CEPH_FS = true;
CEPH_FS_POSIX_ACL = true;
CRYPTO_DEV_CCP = true;
CRYPTO_DEV_CCP_DD = true;
CRYPTO_DEV_SP_CCP = true;
CRYPTO_DEV_CCP_CRYPTO = true;
CRYPTO_DEV_SP_PSP = true;
};
});