64 lines
1.3 KiB
Nix
64 lines
1.3 KiB
Nix
{
|
|
config,
|
|
lib,
|
|
pkgs,
|
|
modulesPath,
|
|
...
|
|
}: {
|
|
imports = [
|
|
(modulesPath + "/installer/scan/not-detected.nix")
|
|
];
|
|
|
|
wireless.bluetooth.enable = true;
|
|
|
|
services.logind = {
|
|
lidSwitch = "ignore";
|
|
powerKey = "suspend";
|
|
};
|
|
|
|
boot = {
|
|
kernelModules = ["kvm-amd"];
|
|
extraModulePackages = [];
|
|
initrd = {
|
|
systemd.enable = true; # needed for auto-unlocking with TPM
|
|
availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod"];
|
|
kernelModules = [
|
|
"i915"
|
|
];
|
|
};
|
|
};
|
|
boot.kernelParams = [
|
|
"mitigations=auto"
|
|
"spectre_v2=on"
|
|
"spectre_bhi=on"
|
|
"spec_store_bypass_disable=on"
|
|
"tsx=off"
|
|
"kvm.nx_huge_pages=force"
|
|
"nosmt=force"
|
|
"l1d_flush=on"
|
|
"spec_rstack_overflow=safe-ret"
|
|
"gather_data_sampling=force"
|
|
"reg_file_data_sampling=on"
|
|
"module.sig_enforce=1"
|
|
"lockdown=confidentiality"
|
|
"intel_iommu=on"
|
|
"amd_iommu=force_isolation"
|
|
"efi=disable_early_pci_dma"
|
|
"iommu=force"
|
|
"iommu.passthrough=0"
|
|
"iommu.strict=1"
|
|
];
|
|
|
|
hardware.graphics = {
|
|
enable = true;
|
|
extraPackages = with pkgs; [
|
|
intel-media-driver
|
|
vaapiIntel
|
|
vpl-gpu-rt
|
|
];
|
|
};
|
|
|
|
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
|
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
|
}
|