coreboot-kgpe-d16/util/liveiso/nixos/common.nix

177 lines
3.0 KiB
Nix
Raw Normal View History

# SPDX-License-Identifier: GPL-2.0-only
{ config, options, pkgs, ... }:
{
imports = [
<nixpkgs/nixos/modules/installer/cd-dvd/channel.nix>
<nixpkgs/nixos/modules/installer/cd-dvd/iso-image.nix>
];
system.stateVersion = "23.11";
isoImage = {
makeEfiBootable = true;
makeUsbBootable = true;
isoName = "${config.isoImage.isoBaseName}-${config.system.nixos.label}-${pkgs.stdenv.hostPlatform.system}.iso";
};
environment = {
variables = {
EDITOR = "nvim";
VISUAL = "nvim";
# Tell the Nix evaluator to garbage collect more aggressively.
# This is desirable in memory-constrained environments that don't
# (yet) have swap set up.
GC_INITIAL_HEAP_SIZE = "1M";
};
shellAliases.vim = "nvim";
};
boot = {
kernelParams = [
"console=ttyS0,115200"
"console=tty0"
"iomem=relaxed"
"spi_intel.writeable=1"
];
# pkgs.linuxPackages == lts
# pkgs.linuxPackages_latest == stable
kernelPackages = pkgs.linuxPackages;
extraModulePackages = with config.boot.kernelPackages; [
acpi_call
chipsec
zfs
];
# Make programs more likely to work in low memory
# environments. The kernel's overcommit heustistics bite us
# fairly often, preventing processes from forking even if
# there is plenty of free memory.
kernel.sysctl."vm.overcommit_memory" = "1";
loader.grub.memtest86.enable = true;
postBootCommands = ''
mkdir -p /mnt
'';
};
console.packages = options.console.packages.default ++ [ pkgs.terminus_font ];
nixpkgs.config.allowUnfree = true;
hardware = {
cpu.intel.updateMicrocode = true;
cpu.amd.updateMicrocode = true;
enableAllFirmware = true;
bluetooth = {
enable = true;
powerOnBoot = false;
};
};
services = {
fwupd.enable = true;
udev.packages = with pkgs; [
rfkill_udev
];
openssh = {
enable = true;
settings.PermitRootLogin = "yes";
};
};
networking = {
hostName = "devsystem";
networkmanager.enable = true;
};
security.sudo.wheelNeedsPassword = false;
users = {
groups.user = {};
users = {
root.initialHashedPassword = "";
user = {
isNormalUser = true;
group = "user";
extraGroups = [ "users" "wheel" "networkmanager" "uucp" "flashrom" ];
initialHashedPassword = "";
};
};
};
programs.flashrom.enable = true;
environment.systemPackages = with pkgs; [
acpica-tools
btrfs-progs
bzip2
ccrypt
chipsec
coreboot-utils
cryptsetup
curl
ddrescue
devmem2
dmidecode
dosfstools
e2fsprogs
efibootmgr
efivar
exfat
f2fs-tools
fuse
fuse3
fwts
gptfdisk
gitAndTools.gitFull
gitAndTools.tig
gzip
hdparm
hexdump
htop
i2c-tools
intel-gpu-tools
inxi
iotools
jfsutils
jq
mdadm
minicom
mkpasswd
ms-sys
msr-tools
mtdutils
neovim
nixos-install-tools
ntfsprogs
nvme-cli
openssl
p7zip
pacman
parted
pcimem
pciutils
phoronix-test-suite
powertop
psmisc
python3Full
rsync
screen
sdparm
smartmontools
socat
sshfs-fuse
testdisk
tmate
tmux
uefitool
uefitoolPackages.old-engine
unzip
upterm
usbutils
wget
zfs
zip
zstd
];
}