From d9747c64b038943253eaafdc59a49d5face46dab Mon Sep 17 00:00:00 2001 From: Fuwn Date: Fri, 20 Sep 2024 05:36:20 -0700 Subject: modules: server and core modules --- modules/core/hardware/bluetooth.nix | 19 +++++++++++++++++++ modules/core/hardware/cpu.nix | 21 +++++++++++++++++++++ modules/core/hardware/default.nix | 14 ++++++++++++++ modules/core/hardware/tpm.nix | 18 ++++++++++++++++++ modules/core/hardware/usb.nix | 10 ++++++++++ modules/core/hardware/yubikey.nix | 18 ++++++++++++++++++ 6 files changed, 100 insertions(+) create mode 100644 modules/core/hardware/bluetooth.nix create mode 100644 modules/core/hardware/cpu.nix create mode 100644 modules/core/hardware/default.nix create mode 100644 modules/core/hardware/tpm.nix create mode 100644 modules/core/hardware/usb.nix create mode 100644 modules/core/hardware/yubikey.nix (limited to 'modules/core/hardware') diff --git a/modules/core/hardware/bluetooth.nix b/modules/core/hardware/bluetooth.nix new file mode 100644 index 0000000..9737504 --- /dev/null +++ b/modules/core/hardware/bluetooth.nix @@ -0,0 +1,19 @@ +{ pkgs, ... }: +{ + boot.kernelParams = [ "btusb" ]; + services.blueman.enable = true; + + hardware.bluetooth = { + enable = true; + powerOnBoot = true; + package = pkgs.bluez5-experimental; + disabledPlugins = [ "sap" ]; + # hsphfpd.enable = true; + + settings.General = { + JustWorksRepairing = "always"; + MultiProfile = "multiple"; + Experimental = true; + }; + }; +} diff --git a/modules/core/hardware/cpu.nix b/modules/core/hardware/cpu.nix new file mode 100644 index 0000000..1ac3a27 --- /dev/null +++ b/modules/core/hardware/cpu.nix @@ -0,0 +1,21 @@ +{ pkgs, config, ... }: +{ + environment.systemPackages = [ pkgs.amdctl ]; + + powerManagement = { + enable = true; + cpuFreqGovernor = "performance"; + }; + + boot = { + kernelModules = [ + # "kvm-amd" + "amd-pstate" + "zenpower" + "msr" + ]; + + kernelParams = [ "amd_iommu=on" ]; + extraModulePackages = [ config.boot.kernelPackages.zenpower ]; + }; +} diff --git a/modules/core/hardware/default.nix b/modules/core/hardware/default.nix new file mode 100644 index 0000000..167e7c7 --- /dev/null +++ b/modules/core/hardware/default.nix @@ -0,0 +1,14 @@ +{ + imports = [ + ./cpu.nix + ./bluetooth.nix + ./usb.nix + ./tpm.nix + ./yubikey.nix + ]; + + hardware = { + enableRedistributableFirmware = true; + enableAllFirmware = true; + }; +} diff --git a/modules/core/hardware/tpm.nix b/modules/core/hardware/tpm.nix new file mode 100644 index 0000000..b84551e --- /dev/null +++ b/modules/core/hardware/tpm.nix @@ -0,0 +1,18 @@ +{ pkgs, ... }: +{ + security.tpm2 = { + enable = true; + applyUdevRules = true; + abrmd.enable = true; + tctiEnvironment.enable = true; + pkcs11.enable = true; + }; + + environment.systemPackages = with pkgs; [ + tpm2-tools + tpm2-tss + tpm2-abrmd + ]; + + boot.kernelModules = [ "uhid" ]; +} diff --git a/modules/core/hardware/usb.nix b/modules/core/hardware/usb.nix new file mode 100644 index 0000000..f697761 --- /dev/null +++ b/modules/core/hardware/usb.nix @@ -0,0 +1,10 @@ +{ pkgs, ... }: +{ + environment.systemPackages = with pkgs; [ + usbutils + lm_sensors + pciutils + ]; + + boot.kernelParams = [ "usbcore.autosuspend=-1" ]; +} diff --git a/modules/core/hardware/yubikey.nix b/modules/core/hardware/yubikey.nix new file mode 100644 index 0000000..6bd4a5c --- /dev/null +++ b/modules/core/hardware/yubikey.nix @@ -0,0 +1,18 @@ +{ pkgs, ... }: +{ + hardware.gpgSmartcards.enable = true; + + services = { + pcscd.enable = true; + udev.packages = [ pkgs.yubikey-personalization ]; + }; + + environment.systemPackages = with pkgs; [ + yubikey-manager + yubikey-manager-qt + yubikey-personalization + yubikey-personalization-gui + yubico-piv-tool + yubioath-flutter + ]; +} -- cgit v1.2.3