| blob | 4c906cab1c10e9f549bef485dbf62a00e109869d |
1 # SPDX-License-Identifier: GPL-2.0-only
3 { config, options, pkgs, ... }:
5 {
6 imports = [
7 <nixpkgs/nixos/modules/installer/cd-dvd/channel.nix>
8 <nixpkgs/nixos/modules/installer/cd-dvd/iso-image.nix>
9 ];
11 system.stateVersion = "24.05";
13 isoImage = {
14 makeEfiBootable = true;
15 makeUsbBootable = true;
16 isoName = "${config.isoImage.isoBaseName}-${config.system.nixos.label}-${pkgs.stdenv.hostPlatform.system}.iso";
17 };
19 environment = {
20 variables = {
21 EDITOR = "nvim";
22 VISUAL = "nvim";
23 # Tell the Nix evaluator to garbage collect more aggressively.
24 # This is desirable in memory-constrained environments that don't
25 # (yet) have swap set up.
26 GC_INITIAL_HEAP_SIZE = "1M";
27 };
28 shellAliases.vim = "nvim";
29 };
31 boot = {
32 kernelParams = [
33 "console=ttyS0,115200"
34 "console=tty0"
35 "iomem=relaxed"
36 "spi_intel.writeable=1"
37 ];
38 # pkgs.linuxPackages == lts
39 # pkgs.linuxPackages_latest == stable
40 kernelPackages = pkgs.linuxPackages;
41 extraModulePackages = with config.boot.kernelPackages; [
42 acpi_call
43 chipsec
44 zfs
45 ];
46 # Make programs more likely to work in low memory
47 # environments. The kernel's overcommit heustistics bite us
48 # fairly often, preventing processes from forking even if
49 # there is plenty of free memory.
50 kernel.sysctl."vm.overcommit_memory" = "1";
51 loader.grub.memtest86.enable = true;
52 postBootCommands = ''
53 mkdir -p /mnt
54 '';
55 };
57 console.packages = options.console.packages.default ++ [ pkgs.terminus_font ];
59 nixpkgs.config.allowUnfree = true;
60 hardware = {
61 cpu.intel.updateMicrocode = true;
62 cpu.amd.updateMicrocode = true;
63 enableAllFirmware = true;
64 bluetooth = {
65 enable = true;
66 powerOnBoot = false;
67 };
68 };
70 services = {
71 fwupd.enable = true;
72 udev.packages = with pkgs; [
73 rfkill_udev
74 ];
75 openssh = {
76 enable = true;
77 settings.PermitRootLogin = "yes";
78 };
79 };
81 networking = {
82 hostName = "devsystem";
83 networkmanager.enable = true;
84 };
86 security.sudo.wheelNeedsPassword = false;
88 users = {
89 groups.user = {};
90 users = {
91 root.initialHashedPassword = "";
92 user = {
93 isNormalUser = true;
94 group = "user";
95 extraGroups = [ "users" "wheel" "networkmanager" "uucp" "flashrom" ];
96 initialHashedPassword = "";
97 };
98 };
99 };
101 programs.flashrom.enable = true;
103 environment.systemPackages = with pkgs; [
104 acpica-tools
105 btrfs-progs
106 bzip2
107 cabextract
108 ccrypt
109 chipsec
110 coreboot-utils
111 cryptsetup
112 curl
113 ddrescue
114 devmem2
115 dmidecode
116 dosfstools
117 e2fsprogs
118 efibootmgr
119 efivar
120 exfat
121 f2fs-tools
122 flashprog
123 fuse
124 fuse3
125 fwts
126 gptfdisk
127 gitAndTools.gitFull
128 gitAndTools.tig
129 gzip
130 hdparm
131 hexdump
132 htop
133 i2c-tools
134 innoextract
135 intel-gpu-tools
136 inxi
137 iotools
138 jfsutils
139 jq
140 lm_sensors
141 mdadm
142 minicom
143 mkpasswd
144 ms-sys
145 msr-tools
146 mtdutils
147 neovim
148 nixos-install-tools
149 ntfsprogs
150 nvme-cli
151 openssl
152 p7zip
153 pacman
154 parted
155 pcimem
156 pciutils
157 phoronix-test-suite
158 powertop
159 psmisc
160 python3Full
161 rsync
162 screen
163 sdparm
164 smartmontools
165 socat
166 sshfs-fuse
167 testdisk
168 tmate
169 tmux
170 tpm-tools
171 tpm2-tools
172 uefitool
173 uefitoolPackages.old-engine
174 unshield
175 unzip
176 upterm
177 usbutils
178 wget
179 zfs
180 zip
181 zstd
182 ];
183 }