53 lines
936 B
Nix
53 lines
936 B
Nix
{ pkgs, ... }:
|
|
let
|
|
configLimit = 5;
|
|
kernel = pkgs.linuxPackages_latest;
|
|
in
|
|
{
|
|
# Configure bootloader with lanzaboot and secureboot
|
|
boot = {
|
|
kernelModules = [ "nct6775" ];
|
|
loader = {
|
|
systemd-boot = {
|
|
enable = true;
|
|
configurationLimit = configLimit;
|
|
};
|
|
|
|
efi = {
|
|
canTouchEfiVariables = true;
|
|
efiSysMountPoint = "/boot";
|
|
};
|
|
};
|
|
|
|
kernel.sysctl = {
|
|
"net.ipv4.ip_forward" = 1;
|
|
"net.ipv6.conf.all.forwarding" = 1;
|
|
"vm.swappiness" = 60;
|
|
};
|
|
|
|
# Override kernel to latest
|
|
kernelPackages = kernel;
|
|
|
|
kernelParams = [
|
|
"nohibernate"
|
|
"amd_pstate=active"
|
|
];
|
|
|
|
consoleLogLevel = 3;
|
|
bootspec.enable = true;
|
|
|
|
initrd = {
|
|
kernelModules = [
|
|
"tpm"
|
|
"tpm_tis"
|
|
"tpm_crb"
|
|
"tpm_infineon"
|
|
];
|
|
systemd = {
|
|
enable = true;
|
|
tpm2.enable = true;
|
|
};
|
|
};
|
|
};
|
|
}
|