Group shared system settings

2025-06-29 11:10:42 +00:00 · 2024-04-13 19:05:42 +02:00 · 2024-04-13 19:05:42 +02:00 · fca6296841
commit fca6296841
parent 31221a5d19
35 changed files with 16 additions and 11 deletions
--- a/system/shared/hardware/cpu/amd.nix
+++ b/system/shared/hardware/cpu/amd.nix
@ -0,0 +1,9 @@
+{ config, lib, ... }:
+let
+  dev = config.myOptions.device;
+in
+{
+  config = lib.mkIf (dev.cpu.type == "amd") {
+    hardware.cpu.amd.updateMicrocode = true;
+  };
+}
--- a/system/shared/hardware/cpu/default.nix
+++ b/system/shared/hardware/cpu/default.nix
@ -0,0 +1,6 @@
+_: {
+  imports = [
+    ./amd.nix
+    ./intel.nix
+  ];
+}
--- a/system/shared/hardware/cpu/intel.nix
+++ b/system/shared/hardware/cpu/intel.nix
@ -0,0 +1,9 @@
+{ config, lib, ... }:
+let
+  dev = config.myOptions.device;
+in
+{
+  config = lib.mkIf (dev.cpu.type == "intel") {
+    hardware.cpu.intel.updateMicrocode = true;
+  };
+}
--- a/system/shared/hardware/default.nix
+++ b/system/shared/hardware/default.nix
@ -0,0 +1,7 @@
+_: {
+  imports = [
+    ./cpu
+    ./tpm.nix
+    ./generic.nix
+  ];
+}
--- a/system/shared/hardware/generic.nix
+++ b/system/shared/hardware/generic.nix
@ -0,0 +1,9 @@
+{lib, ...}: {
+  # This enables non-free firmware on devices not recognized by `nixos-generate-config`.
+  # Disabling this option will make the system unbootable if such devices are critical
+  # in your boot chain - therefore this should remain true until you are running a device
+  # with mostly libre firmware. Which there is not many of.
+  # Without this, it defaults to `config.hardware.enableAllFirmware`.
+  hardware.enableRedistributableFirmware = lib.mkDefault true;
+}
+
--- a/system/shared/hardware/tpm.nix
+++ b/system/shared/hardware/tpm.nix
@ -0,0 +1,26 @@
+{ config, lib, pkgs, ... }: let
+  inherit (lib) mkIf mkDefault;
+
+  enabled = config.myOptions.device.hasTPM;
+in {
+  config = mkIf enabled {
+    security.tpm2 = {
+      # enable Trusted Platform Module 2 support
+      enable = true;
+
+      # enable Trusted Platform 2 userspace resource manager daemon
+      abrmd.enable = mkDefault false;
+
+      # The TCTI is the "Transmission Interface" that is used to communicate with a
+      # TPM. this option sets TCTI environment variables to the specified values if enabled
+      #  - TPM2TOOLS_TCTI
+      #  - TPM2_PKCS11_TCTI
+      tctiEnvironment.enable = mkDefault true;
+
+      # enable TPM2 PKCS#11 tool and shared library in system path
+      pkcs11.enable = mkDefault false;
+    };
+
+    environment.systemPackages = with pkgs; [ tpm2-tss tpm2-tools ];
+  };
+}