system/modules/nixos/configs/system.nix

51 lines
1.4 KiB
Nix

{ inputs, config, pkgs, lib, ... } @ args:
let
headlessProfile = import "${inputs.nixpkgs-unstable}/nixos/modules/profiles/headless.nix" args;
hardenedProfile = import "${inputs.nixpkgs-unstable}/nixos/modules/profiles/hardened.nix" args;
cfg = config.local.system;
in
{
options.local.system = with lib; {
kernel = mkOption {
type = types.enum [ "hardened" "stable" "latest" ];
default = "latest";
};
headless = mkEnableOption "headless profile";
};
config = lib.mkMerge [
{
boot.tmp.cleanOnBoot = true;
}
(lib.mkIf cfg.headless (
headlessProfile // {
zramSwap.enable = true;
}
))
(lib.mkIf (cfg.kernel == "hardened") (
hardenedProfile // {
boot.kernelPackages = pkgs.unstable.linuxPackages_6_6_hardened;
# Fix for GLIBC errors due to 'scudo' from hardened profile.
# https://github.com/NixOS/nix/issues/6563
environment.memoryAllocator.provider = "libc";
}
))
(lib.mkIf (cfg.headless && cfg.kernel == "hardened") {
# Disabled by hardened profile, big performance hit.
security.allowSimultaneousMultithreading = true;
})
(lib.mkIf (cfg.kernel == "stable") {
boot.kernelPackages = pkgs.unstable.linuxPackages_6_6;
})
(lib.mkIf (cfg.kernel == "latest") {
boot.kernelPackages = pkgs.unstable.linuxPackages_latest;
})
];
}