2023-06-24 23:00:02 +08:00
|
|
|
inputs:
|
2023-06-05 21:53:13 +08:00
|
|
|
{
|
|
|
|
|
config =
|
|
|
|
|
{
|
2023-06-25 00:31:46 +08:00
|
|
|
# modules auto loaded in stage2
|
|
|
|
|
boot.kernelModules = [ "kvm-intel" "br_netfilter" ];
|
|
|
|
|
# modules install but not auto loaded
|
|
|
|
|
# boot.extraModulePackages = [ yourmodulename ];
|
|
|
|
|
boot.extraModprobeConfig =
|
|
|
|
|
''
|
|
|
|
|
options kvm_intel nested=1
|
|
|
|
|
options iwlmvm power_scheme=1
|
|
|
|
|
options iwlwifi uapsd_disable=1
|
|
|
|
|
'';
|
2023-07-15 22:37:43 +08:00
|
|
|
boot.kernelPatches = inputs.lib.mkAfter
|
2023-06-29 00:12:16 +08:00
|
|
|
[
|
2023-06-29 11:49:48 +08:00
|
|
|
{
|
|
|
|
|
name = "custom config";
|
|
|
|
|
patch = null;
|
2023-07-06 23:38:13 +08:00
|
|
|
extraStructuredConfig =
|
|
|
|
|
{
|
2023-07-07 00:00:38 +08:00
|
|
|
GENERIC_CPU = inputs.lib.kernel.no;
|
|
|
|
|
MALDERLAKE = inputs.lib.kernel.yes;
|
|
|
|
|
PREEMPT_VOLUNTARY = inputs.lib.mkForce inputs.lib.kernel.no;
|
|
|
|
|
PREEMPT = inputs.lib.mkForce inputs.lib.kernel.yes;
|
|
|
|
|
HZ_500 = inputs.lib.mkForce inputs.lib.kernel.no;
|
|
|
|
|
HZ_1000 = inputs.lib.mkForce inputs.lib.kernel.yes;
|
|
|
|
|
HZ = inputs.lib.mkForce (inputs.lib.kernel.freeform "1000");
|
2023-07-06 23:38:13 +08:00
|
|
|
};
|
2023-06-29 11:49:48 +08:00
|
|
|
}
|
2023-06-29 00:12:16 +08:00
|
|
|
];
|
2023-06-25 00:31:46 +08:00
|
|
|
|
|
|
|
|
# grub
|
|
|
|
|
boot.loader =
|
2023-06-05 21:53:13 +08:00
|
|
|
{
|
2023-06-25 00:31:46 +08:00
|
|
|
timeout = 5;
|
|
|
|
|
efi = { canTouchEfiVariables = true; efiSysMountPoint = "/boot/efi"; };
|
|
|
|
|
grub =
|
2023-06-24 23:25:35 +08:00
|
|
|
{
|
2023-06-25 00:31:46 +08:00
|
|
|
enable = true;
|
|
|
|
|
# for BIOS, set disk to install; for EFI, set nodev
|
|
|
|
|
device = "nodev";
|
|
|
|
|
efiSupport = true;
|
|
|
|
|
useOSProber = false;
|
|
|
|
|
extraEntries =
|
|
|
|
|
''
|
|
|
|
|
menuentry "Windows" {
|
|
|
|
|
insmod part_gpt
|
|
|
|
|
insmod fat
|
|
|
|
|
insmod search_fs_uuid
|
|
|
|
|
insmod chain
|
|
|
|
|
search --fs-uuid --set=root 7317-1DB6
|
|
|
|
|
chainloader /EFI/Microsoft/Boot/bootmgfw.efi
|
|
|
|
|
}
|
|
|
|
|
menuentry "Windows for malware" {
|
|
|
|
|
insmod part_gpt
|
|
|
|
|
insmod fat
|
|
|
|
|
insmod search_fs_uuid
|
|
|
|
|
insmod chain
|
|
|
|
|
search --fs-uuid --set=root 7321-FA9C
|
|
|
|
|
chainloader /EFI/Microsoft/Boot/bootmgfw.efi
|
|
|
|
|
}
|
|
|
|
|
'';
|
2023-06-24 23:25:35 +08:00
|
|
|
};
|
2023-06-25 00:31:46 +08:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
# initrd, luks
|
|
|
|
|
boot.initrd =
|
|
|
|
|
{
|
2023-07-14 16:57:57 +08:00
|
|
|
systemd.enable = true;
|
2023-06-25 00:31:46 +08:00
|
|
|
# modules in initrd
|
|
|
|
|
# modprobe --show-depends
|
|
|
|
|
availableKernelModules =
|
|
|
|
|
[
|
|
|
|
|
"ahci" "bfq" "i915" "intel_cstate" "nls_cp437" "nls_iso8859-1" "nvidia" "nvidia_drm" "nvidia_modeset"
|
|
|
|
|
"nvidia_uvm" "nvme" "sr_mod" "usbhid" "usb_storage" "virtio_blk" "virtio_pci" "xhci_pci"
|
|
|
|
|
]
|
|
|
|
|
# speed up luks decryption
|
|
|
|
|
++ [ "aesni_intel" "cryptd" "crypto_simd" "libaes" ];
|
2023-07-20 10:30:39 +08:00
|
|
|
systemd.services."systemd-cryptsetup@swap".before = [ "systemd-cryptsetup@root.service" ];
|
2023-06-24 23:25:35 +08:00
|
|
|
};
|
2023-06-25 00:31:46 +08:00
|
|
|
|
|
|
|
|
# impermanence
|
2023-07-02 14:53:37 +08:00
|
|
|
environment.persistence."/nix/persistent" =
|
2023-06-24 23:25:35 +08:00
|
|
|
{
|
|
|
|
|
hideMounts = true;
|
|
|
|
|
directories =
|
|
|
|
|
[
|
2023-06-27 20:50:26 +08:00
|
|
|
"/etc/NetworkManager/system-connections"
|
2023-06-24 23:25:35 +08:00
|
|
|
"/home"
|
|
|
|
|
"/root"
|
|
|
|
|
"/var"
|
|
|
|
|
];
|
2023-06-27 20:50:26 +08:00
|
|
|
files =
|
|
|
|
|
[
|
|
|
|
|
"/etc/machine-id"
|
|
|
|
|
"/etc/ssh/ssh_host_ed25519_key.pub"
|
|
|
|
|
"/etc/ssh/ssh_host_ed25519_key"
|
|
|
|
|
"/etc/ssh/ssh_host_rsa_key.pub"
|
|
|
|
|
"/etc/ssh/ssh_host_rsa_key"
|
|
|
|
|
];
|
2023-06-24 23:25:35 +08:00
|
|
|
};
|
2023-06-25 00:31:46 +08:00
|
|
|
|
|
|
|
|
# services
|
2023-06-28 10:08:29 +08:00
|
|
|
systemd.services =
|
|
|
|
|
{
|
|
|
|
|
nix-daemon = { environment = { TMPDIR = "/var/cache/nix"; }; serviceConfig = { CacheDirectory = "nix"; }; };
|
|
|
|
|
systemd-tmpfiles-setup = { environment = { SYSTEMD_TMPFILES_FORCE_SUBVOL = "0"; }; };
|
|
|
|
|
};
|
2023-06-24 23:25:35 +08:00
|
|
|
services =
|
|
|
|
|
{
|
2023-07-02 14:53:37 +08:00
|
|
|
snapper.configs.persistent =
|
2023-06-24 23:25:35 +08:00
|
|
|
{
|
2023-07-02 14:53:37 +08:00
|
|
|
SUBVOLUME = "/nix/persistent";
|
2023-06-24 23:25:35 +08:00
|
|
|
TIMELINE_CREATE = true;
|
|
|
|
|
TIMELINE_CLEANUP = true;
|
|
|
|
|
TIMELINE_MIN_AGE = 1800;
|
|
|
|
|
TIMELINE_LIMIT_HOURLY = "10";
|
|
|
|
|
TIMELINE_LIMIT_DAILY = "7";
|
|
|
|
|
TIMELINE_LIMIT_WEEKLY = "1";
|
|
|
|
|
TIMELINE_LIMIT_MONTHLY = "0";
|
|
|
|
|
TIMELINE_LIMIT_YEARLY = "0";
|
|
|
|
|
};
|
|
|
|
|
udev.extraRules =
|
|
|
|
|
''
|
|
|
|
|
ACTION=="add|change", KERNEL=="[sv]d[a-z]", ATTR{queue/rotational}=="0", ATTR{queue/scheduler}="bfq"
|
|
|
|
|
ACTION=="add|change", KERNEL=="nvme[0-9]n[0-9]", ATTR{queue/rotational}=="0", ATTR{queue/scheduler}="bfq"
|
|
|
|
|
'';
|
2023-06-05 21:53:13 +08:00
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
}
|
