system/modules/nixos/configs/system.nix

{ inputs, config, pkgs, lib, ... } @ args:

let
  headlessProfile = import "${inputs.nixpkgs-unstable}/nixos/modules/profiles/headless.nix" args;
  hardenedProfile = import "${inputs.nixpkgs-unstable}/nixos/modules/profiles/hardened.nix" args;

  cfg = config.local.system;
in
{
  options.local.system = with lib; {
    kernel = mkOption {
      type = types.enum [ "hardened" "stable" "latest" ];
      default = "latest";
    };
    headless = mkEnableOption "headless profile";
  };

  config = lib.mkMerge [
    {
      boot.tmp.cleanOnBoot = true;
    }

    (lib.mkIf cfg.headless (
      headlessProfile // {
        zramSwap.enable = true;
      }
    ))

    (lib.mkIf (cfg.kernel == "hardened") (
      hardenedProfile // {
        boot.kernelPackages = pkgs.unstable.linuxPackages_6_6_hardened;
        # Fix for GLIBC errors due to 'scudo' from hardened profile.
        # https://github.com/NixOS/nix/issues/6563
        environment.memoryAllocator.provider = "libc";
      }
    ))
    (lib.mkIf (cfg.headless && cfg.kernel == "hardened") {
      # Disabled by hardened profile, big performance hit.
      security.allowSimultaneousMultithreading = true;
    })

    (lib.mkIf (cfg.kernel == "stable") {
      boot.kernelPackages = pkgs.unstable.linuxPackages_6_6;
    })

    (lib.mkIf (cfg.kernel == "latest") {
      boot.kernelPackages = pkgs.unstable.linuxPackages_latest;
    })

  ];
}
refac modules 2024-04-16 02:51:46 +03:00			`{ inputs, config, pkgs, lib, ... } @ args:`

			`let`
			`headlessProfile = import "${inputs.nixpkgs-unstable}/nixos/modules/profiles/headless.nix" args;`
			`hardenedProfile = import "${inputs.nixpkgs-unstable}/nixos/modules/profiles/hardened.nix" args;`

			`cfg = config.local.system;`
			`in`
			`{`
			`options.local.system = with lib; {`
			`kernel = mkOption {`
			`type = types.enum [ "hardened" "stable" "latest" ];`
			`default = "latest";`
			`};`
			`headless = mkEnableOption "headless profile";`
			`};`

			`config = lib.mkMerge [`
			`{`
			`boot.tmp.cleanOnBoot = true;`
			`}`

			`(lib.mkIf cfg.headless (`
			`headlessProfile // {`
			`zramSwap.enable = true;`
			`}`
			`))`

			`(lib.mkIf (cfg.kernel == "hardened") (`
			`hardenedProfile // {`
			`boot.kernelPackages = pkgs.unstable.linuxPackages_6_6_hardened;`
			`# Fix for GLIBC errors due to 'scudo' from hardened profile.`
			`# https://github.com/NixOS/nix/issues/6563`
			`environment.memoryAllocator.provider = "libc";`
			`}`
			`))`
			`(lib.mkIf (cfg.headless && cfg.kernel == "hardened") {`
			`# Disabled by hardened profile, big performance hit.`
			`security.allowSimultaneousMultithreading = true;`
			`})`

			`(lib.mkIf (cfg.kernel == "stable") {`
			`boot.kernelPackages = pkgs.unstable.linuxPackages_6_6;`
			`})`

			`(lib.mkIf (cfg.kernel == "latest") {`
			`boot.kernelPackages = pkgs.unstable.linuxPackages_latest;`
			`})`

			`];`
			`}`