2024-04-16 02:51:46 +03:00
|
|
|
{ inputs, config, pkgs, lib, ... } @ args:
|
|
|
|
|
|
|
|
|
|
let
|
|
|
|
|
headlessProfile = import "${inputs.nixpkgs-unstable}/nixos/modules/profiles/headless.nix" args;
|
|
|
|
|
hardenedProfile = import "${inputs.nixpkgs-unstable}/nixos/modules/profiles/hardened.nix" args;
|
|
|
|
|
|
|
|
|
|
cfg = config.local.system;
|
|
|
|
|
in
|
|
|
|
|
{
|
|
|
|
|
options.local.system = with lib; {
|
|
|
|
|
kernel = mkOption {
|
|
|
|
|
type = types.enum [ "hardened" "stable" "latest" ];
|
|
|
|
|
default = "latest";
|
|
|
|
|
};
|
|
|
|
|
headless = mkEnableOption "headless profile";
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
config = lib.mkMerge [
|
|
|
|
|
{
|
|
|
|
|
boot.tmp.cleanOnBoot = true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
(lib.mkIf cfg.headless (
|
|
|
|
|
headlessProfile // {
|
|
|
|
|
zramSwap.enable = true;
|
|
|
|
|
}
|
|
|
|
|
))
|
|
|
|
|
|
|
|
|
|
(lib.mkIf (cfg.kernel == "hardened") (
|
|
|
|
|
hardenedProfile // {
|
2024-09-05 18:46:13 +03:00
|
|
|
boot.kernelPackages = pkgs.unstable.linuxPackages_6_9_hardened;
|
2024-04-16 02:51:46 +03:00
|
|
|
# Fix for GLIBC errors due to 'scudo' from hardened profile.
|
|
|
|
|
# https://github.com/NixOS/nix/issues/6563
|
|
|
|
|
environment.memoryAllocator.provider = "libc";
|
|
|
|
|
}
|
|
|
|
|
))
|
|
|
|
|
(lib.mkIf (cfg.headless && cfg.kernel == "hardened") {
|
|
|
|
|
# Disabled by hardened profile, big performance hit.
|
|
|
|
|
security.allowSimultaneousMultithreading = true;
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
(lib.mkIf (cfg.kernel == "stable") {
|
2024-09-05 18:46:13 +03:00
|
|
|
boot.kernelPackages = pkgs.unstable.linuxPackages_6_10;
|
2024-04-16 02:51:46 +03:00
|
|
|
})
|
|
|
|
|
|
|
|
|
|
(lib.mkIf (cfg.kernel == "latest") {
|
|
|
|
|
boot.kernelPackages = pkgs.unstable.linuxPackages_latest;
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
];
|
|
|
|
|
}
|
