blob: ff5dfea3660ed8c8cda7a003310110d77bbfc22b (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
|
# SPDX-License-Identifier: GPL-2.0-only
{ config, options, pkgs, ... }:
{
imports = [
<nixpkgs/nixos/modules/installer/cd-dvd/channel.nix>
<nixpkgs/nixos/modules/installer/cd-dvd/iso-image.nix>
];
system.stateVersion = "23.11";
isoImage = {
makeEfiBootable = true;
makeUsbBootable = true;
isoName = "${config.isoImage.isoBaseName}-${config.system.nixos.label}-${pkgs.stdenv.hostPlatform.system}.iso";
};
environment = {
variables = {
EDITOR = "nvim";
VISUAL = "nvim";
# Tell the Nix evaluator to garbage collect more aggressively.
# This is desirable in memory-constrained environments that don't
# (yet) have swap set up.
GC_INITIAL_HEAP_SIZE = "1M";
};
shellAliases.vim = "nvim";
};
boot = {
kernelParams = [
"console=ttyS0,115200"
"console=tty0"
"iomem=relaxed"
"spi_intel.writeable=1"
];
# pkgs.linuxPackages == lts
# pkgs.linuxPackages_latest == stable
kernelPackages = pkgs.linuxPackages;
extraModulePackages = with config.boot.kernelPackages; [
acpi_call
chipsec
zfs
];
# Make programs more likely to work in low memory
# environments. The kernel's overcommit heustistics bite us
# fairly often, preventing processes from forking even if
# there is plenty of free memory.
kernel.sysctl."vm.overcommit_memory" = "1";
loader.grub.memtest86.enable = true;
postBootCommands = ''
mkdir -p /mnt
'';
};
console.packages = options.console.packages.default ++ [ pkgs.terminus_font ];
nixpkgs.config.allowUnfree = true;
hardware = {
cpu.intel.updateMicrocode = true;
cpu.amd.updateMicrocode = true;
enableAllFirmware = true;
bluetooth = {
enable = true;
powerOnBoot = false;
};
};
services = {
fwupd.enable = true;
udev.packages = with pkgs; [
rfkill_udev
];
openssh = {
enable = true;
settings.PermitRootLogin = "yes";
};
};
networking = {
hostName = "devsystem";
networkmanager.enable = true;
};
security.sudo.wheelNeedsPassword = false;
users = {
groups.user = {};
users = {
root.initialHashedPassword = "";
user = {
isNormalUser = true;
group = "user";
extraGroups = [ "users" "wheel" "networkmanager" "uucp" "flashrom" ];
initialHashedPassword = "";
};
};
};
programs.flashrom.enable = true;
environment.systemPackages = with pkgs; [
acpica-tools
btrfs-progs
bzip2
ccrypt
chipsec
coreboot-utils
cryptsetup
curl
ddrescue
devmem2
dmidecode
dosfstools
e2fsprogs
efibootmgr
efivar
exfat
f2fs-tools
fuse
fuse3
fwts
gptfdisk
gitAndTools.gitFull
gitAndTools.tig
gzip
hdparm
hexdump
htop
i2c-tools
intel-gpu-tools
inxi
iotools
jfsutils
jq
lm_sensors
mdadm
minicom
mkpasswd
ms-sys
msr-tools
mtdutils
neovim
nixos-install-tools
ntfsprogs
nvme-cli
openssl
p7zip
pacman
parted
pcimem
pciutils
phoronix-test-suite
powertop
psmisc
python3Full
rsync
screen
sdparm
smartmontools
socat
sshfs-fuse
testdisk
tmate
tmux
uefitool
uefitoolPackages.old-engine
unzip
upterm
usbutils
wget
zfs
zip
zstd
];
}
|