+1

modules/nixos/boot/default.nix

reviewed

··· 4 4 ./generic.nix # generic boot configuration 5 5 ./loader.nix # which system loader are we using 6 6 ./secure-boot.nix # pretty much what it looks like 7 7 + ./tmpfs.nix # configs to allow you to run on tmpfs 7 8 # keep-sorted end 8 9 ]; 9 10 }

+73 -180

modules/nixos/boot/generic.nix

reviewed

··· 1 1 - { 2 2 - lib, 3 3 - pkgs, 4 4 - config, 5 5 - ... 6 6 - }: 1 1 + { lib, config, ... }: 7 2 let 8 3 inherit (lib.modules) 9 4 mkIf 10 5 mkForce 11 6 mkMerge 12 7 mkDefault 13 13 - mkOverride 14 8 ; 15 15 - inherit (lib.lists) optionals; 16 16 - inherit (lib.options) mkOption mkEnableOption; 17 17 - inherit (lib.types) 18 18 - str 19 19 - raw 20 20 - ; 9 9 + inherit (lib.options) mkEnableOption; 21 10 22 11 cfg = config.garden.system.boot; 23 12 in 24 13 { 25 14 options.garden.system.boot = { 26 26 - enableKernelTweaks = mkEnableOption "security and performance related kernel parameters"; 27 27 - recommendedLoaderConfig = mkEnableOption "tweaks for common bootloader configs per my liking"; 28 28 - loadRecommendedModules = mkEnableOption "kernel modules that accommodate for most use cases"; 29 29 - tmpOnTmpfs = 30 30 - mkEnableOption "`/tmp` living on tmpfs. false means it will be cleared manually on each reboot" 31 31 - // { 15 15 + initrd = { 16 16 + enableTweaks = mkEnableOption "quality of life tweaks for the initrd stage" // { 32 17 default = true; 33 18 }; 34 19 35 35 - kernel = mkOption { 36 36 - type = raw; 37 37 - default = pkgs.linuxPackages_latest; 38 38 - defaultText = "pkgs.linuxPackages_latest"; 39 39 - description = "The kernel to use for the system."; 40 40 - }; 41 41 - 42 42 - initrd = { 43 43 - enableTweaks = mkEnableOption "quality of life tweaks for the initrd stage"; 44 44 - optimizeCompressor = mkEnableOption '' 45 45 - initrd compression algorithm optimizations for size. 46 46 - Enabling this option will force initrd to use zstd (default) with 47 47 - level 19 and -T0 (STDIN). This will reduce thee initrd size greatly 48 48 - at the cost of compression speed. 49 49 - Not recommended for low-end hardware. 50 50 - ''; 51 51 - }; 52 52 - 53 53 - extraModprobeConfig = mkOption { 54 54 - type = str; 55 55 - default = "options hid_apple fnmode=1"; 56 56 - description = "Extra modprobe config that will be passed to system modprobe config."; 20 20 + optimizeCompressor = 21 21 + mkEnableOption '' 22 22 + initrd compression algorithm optimizations for size. 23 23 + Enabling this option will force initrd to use zstd (default) with 24 24 + level 19 and -T0 (STDIN). This will reduce thee initrd size greatly 25 25 + at the cost of compression speed. 26 26 + Not recommended for low-end hardware. 27 27 + '' 28 28 + // { 29 29 + default = config.garden.profiles.workstation.enable; 30 30 + defaultText = "config.garden.profiles.workstation.enable"; 31 31 + }; 57 32 }; 58 58 - 59 59 - silentBoot = mkEnableOption '' 60 60 - almost entirely silent boot process through `quiet` kernel parameter 61 61 - ''; 62 33 }; 63 34 64 64 - config = { 65 65 - boot = { 66 66 - consoleLogLevel = 3; 35 35 + config.boot = { 36 36 + consoleLogLevel = 3; 67 37 68 68 - # we set the kernel to be defaulted to the one set by our settings 69 69 - # we happen to default this to the latest kernel sooo: 70 70 - # always use the latest kernel, love the unstablity 71 71 - kernelPackages = mkOverride 500 cfg.kernel; 38 38 + extraModprobeConfig = mkDefault "options hid_apple fnmode=1"; 72 39 73 73 - extraModprobeConfig = mkDefault cfg.extraModprobeConfig; 40 40 + # whether to enable support for Linux MD RAID arrays 41 41 + # as of 23.11>, this throws a warning if neither MAILADDR nor PROGRAM are set 42 42 + swraid.enable = mkDefault false; 74 43 75 75 - # whether to enable support for Linux MD RAID arrays 76 76 - # as of 23.11>, this throws a warning if neither MAILADDR nor PROGRAM are set 77 77 - swraid.enable = mkDefault false; 44 44 + # shared config between bootloaders 45 45 + # they are set unless system.boot.loader != none 46 46 + loader = { 47 47 + # if set to 0, space needs to be held to get the boot menu to appear 48 48 + timeout = mkForce 2; 78 49 79 79 - # shared config between bootloaders 80 80 - # they are set unless system.boot.loader != none 81 81 - loader = { 82 82 - # if set to 0, space needs to be held to get the boot menu to appear 83 83 - timeout = mkForce 2; 50 50 + # copy boot files to /boot so that /nix/store is not required to boot 51 51 + # it takes up more space but it makes my messups a bit safer 52 52 + generationsDir.copyKernels = true; 84 53 85 85 - # copy boot files to /boot so that /nix/store is not required to boot 86 86 - # it takes up more space but it makes my messups a bit safer 87 87 - generationsDir.copyKernels = true; 54 54 + # we need to allow installation to modify EFI variables 55 55 + efi.canTouchEfiVariables = true; 56 56 + }; 88 57 89 89 - # we need to allow installation to modify EFI variables 90 90 - efi.canTouchEfiVariables = true; 91 91 - }; 58 58 + # initrd and kernel tweaks 59 59 + # read what each parameter or module does before doing so, it will defo break something otherwise 60 60 + initrd = mkMerge [ 61 61 + (mkIf cfg.initrd.enableTweaks { 62 62 + # Verbosity of the initrd 63 63 + # disabling verbosity removes only the mandatory messages generated by the NixOS 64 64 + verbose = false; 92 65 93 93 - # increase the map count, this is important for applications that require a lot of memory mappings 94 94 - # such as games and emulators 95 95 - kernel.sysctl."vm.max_map_count" = 2147483642; 66 66 + # enable systemd in initrd (experimental) 67 67 + systemd.enable = true; 96 68 97 97 - # if you have a lack of ram, you should avoid tmpfs to prevent hangups while compiling 98 98 - tmp = { 99 99 - # /tmp on tmpfs, lets it live on your ram 100 100 - useTmpfs = cfg.tmpOnTmpfs; 69 69 + kernelModules = [ 70 70 + "nvme" 71 71 + "xhci_pci" 72 72 + "ahci" 73 73 + "btrfs" 74 74 + "sd_mod" 75 75 + "dm_mod" 76 76 + ]; 101 77 102 102 - # If not using tmpfs, which is naturally purged on reboot, we must clean 103 103 - # we have to clean /tmp 104 104 - cleanOnBoot = mkDefault (!config.boot.tmp.useTmpfs); 105 105 - 106 106 - # this defaults to 50% of your ram 107 107 - # but i want to build code sooo 108 108 - # tmpfsSize = mkDefault "75%"; 109 109 - 110 110 - # enable huge pages on tmpfs for better performance 111 111 - tmpfsHugeMemoryPages = "within_size"; 112 112 - }; 113 113 - 114 114 - # initrd and kernel tweaks 115 115 - # read what each parameter or module does before doing so, it will defo break something otherwise 116 116 - initrd = mkMerge [ 117 117 - (mkIf cfg.initrd.enableTweaks { 118 118 - # Verbosity of the initrd 119 119 - # disabling verbosity removes only the mandatory messages generated by the NixOS 120 120 - verbose = false; 121 121 - 122 122 - # enable systemd in initrd (experimental) 123 123 - systemd.enable = true; 124 124 - 125 125 - kernelModules = [ 126 126 - "nvme" 127 127 - "xhci_pci" 128 128 - "ahci" 129 129 - "btrfs" 130 130 - "sd_mod" 131 131 - "dm_mod" 132 132 - ]; 133 133 - 134 134 - availableKernelModules = [ 135 135 - "vmd" 136 136 - "usbhid" 137 137 - "sd_mod" 138 138 - "sr_mod" 139 139 - "dm_mod" 140 140 - "uas" 141 141 - "usb_storage" 142 142 - "rtsx_usb_sdmmc" 143 143 - "rtsx_pci_sdmmc" # Realtek SD card interface (btw i hate realtek) 144 144 - "ata_piix" 145 145 - "virtio_pci" 146 146 - "virtio_scsi" 147 147 - "ehci_pci" 148 148 - ]; 149 149 - }) 150 150 - 151 151 - (mkIf cfg.initrd.optimizeCompressor { 152 152 - compressor = "zstd"; 153 153 - compressorArgs = [ 154 154 - "-19" 155 155 - "-T0" 156 156 - ]; 157 157 - }) 158 158 - ]; 159 159 - 160 160 - # https://www.kernel.org/doc/html/latest/admin-guide/kernel-parameters.html 161 161 - kernelParams = 162 162 - optionals cfg.enableKernelTweaks [ 163 163 - # https://en.wikipedia.org/wiki/Kernel_page-table_isolation 164 164 - # auto means kernel will automatically decide the pti state 165 165 - "pti=auto" # on || off 166 166 - 167 167 - # disable the intel_idle (it stinks anyway) driver and use acpi_idle instead 168 168 - "idle=nomwait" 169 169 - 170 170 - # enable IOMMU for devices used in passthrough and provide better host performance 171 171 - "iommu=pt" 172 172 - 173 173 - # disable usb autosuspend 174 174 - "usbcore.autosuspend=-1" 175 175 - 176 176 - # isables resume and restores original swap space 177 177 - "noresume" 78 78 + availableKernelModules = [ 79 79 + "vmd" 80 80 + "usbhid" 81 81 + "sd_mod" 82 82 + "sr_mod" 83 83 + "dm_mod" 84 84 + "uas" 85 85 + "usb_storage" 86 86 + "rtsx_usb_sdmmc" 87 87 + "rtsx_pci_sdmmc" # Realtek SD card interface (btw i hate realtek) 88 88 + "ata_piix" 89 89 + "virtio_pci" 90 90 + "virtio_scsi" 91 91 + "ehci_pci" 92 92 + ]; 93 93 + }) 178 94 179 179 - # allow systemd to set and save the backlight state 180 180 - "acpi_backlight=native" 181 181 - 182 182 - # prevent the kernel from blanking plymouth out of the fb 183 183 - "fbcon=nodefer" 184 184 - 185 185 - # disable boot logo 186 186 - "logo.nologo" 187 187 - 188 188 - # disable the cursor in vt to get a black screen during intermissions 189 189 - "vt.global_cursor_default=0" 190 190 - ] 191 191 - ++ optionals cfg.silentBoot [ 192 192 - # tell the kernel to not be verbose, the voices are too loud 193 193 - "quiet" 194 194 - 195 195 - # kernel log message level 196 196 - "loglevel=3" # 1: system is unusable | 3: error condition | 7: very verbose 197 197 - 198 198 - # udev log message level 199 199 - "udev.log_level=3" 200 200 - 201 201 - # lower the udev log level to show only errors or worse 202 202 - "rd.udev.log_level=3" 203 203 - 204 204 - # disable systemd status messages 205 205 - # rd prefix means systemd-udev will be used instead of initrd 206 206 - "systemd.show_status=auto" 207 207 - "rd.systemd.show_status=auto" 95 95 + (mkIf cfg.initrd.optimizeCompressor { 96 96 + compressor = "zstd"; 97 97 + compressorArgs = [ 98 98 + "-19" 99 99 + "-T0" 208 100 ]; 209 209 - }; 101 101 + }) 102 102 + ]; 210 103 }; 211 104 }

+32

modules/nixos/boot/tmpfs.nix

reviewed

··· 1 1 + { lib, config, ... }: 2 2 + let 3 3 + inherit (lib) mkEnableOption mkDefault; 4 4 + 5 5 + cfg = config.garden.system.boot; 6 6 + in 7 7 + { 8 8 + options.garden.system.boot = { 9 9 + tmpOnTmpfs = 10 10 + mkEnableOption "`/tmp` living on tmpfs. false means it will be cleared manually on each reboot" 11 11 + // { 12 12 + default = true; 13 13 + }; 14 14 + }; 15 15 + 16 16 + # if you have a lack of ram, you should avoid tmpfs to prevent hangups while compiling 17 17 + config.boot.tmp = { 18 18 + # /tmp on tmpfs, lets it live on your ram 19 19 + useTmpfs = cfg.tmpOnTmpfs; 20 20 + 21 21 + # If not using tmpfs, which is naturally purged on reboot, we must clean 22 22 + # we have to clean /tmp 23 23 + cleanOnBoot = mkDefault (!config.boot.tmp.useTmpfs); 24 24 + 25 25 + # this defaults to 50% of your ram 26 26 + # but i want to build code sooo 27 27 + # tmpfsSize = mkDefault "75%"; 28 28 + 29 29 + # enable huge pages on tmpfs for better performance 30 30 + tmpfsHugeMemoryPages = "within_size"; 31 31 + }; 32 32 + }

+11 -7

modules/nixos/hardware/cloud/hetzner/garden.nix

reviewed

··· 16 16 bluetooth = false; 17 17 }; 18 18 19 19 - system.boot = { 20 20 - loader = "grub"; 21 21 - grub.device = "/dev/sda"; 22 22 - enableKernelTweaks = true; 23 23 - initrd.enableTweaks = true; 24 24 - loadRecommendedModules = true; 25 25 - tmpOnTmpfs = false; 19 19 + system = { 20 20 + boot = { 21 21 + loader = "grub"; 22 22 + grub.device = "/dev/sda"; 23 23 + initrd.enableTweaks = true; 24 24 + tmpOnTmpfs = false; 25 25 + }; 26 26 + 27 27 + kernel = { 28 28 + tweaks.enable = true; 29 29 + }; 26 30 }; 27 31 }; 28 32 };

+1

modules/nixos/kernel/default.nix

reviewed

··· 3 3 # keep-sorted start 4 4 ./blacklisted-modules.nix 5 5 ./misc.nix 6 6 + ./package.nix 6 7 ./params.nix 7 8 ./sysctl.nix 8 9 ./sysfs.nix

+30

modules/nixos/kernel/package.nix

reviewed

··· 1 1 + { 2 2 + lib, 3 3 + pkgs, 4 4 + config, 5 5 + ... 6 6 + }: 7 7 + let 8 8 + inherit (lib.types) raw; 9 9 + inherit (lib.options) mkOption; 10 10 + inherit (lib.modules) mkOverride; 11 11 + 12 12 + cfg = config.garden.system.kernel; 13 13 + in 14 14 + { 15 15 + options.garden.system.kernel = { 16 16 + packages = mkOption { 17 17 + type = raw; 18 18 + default = pkgs.linuxPackages_latest; 19 19 + defaultText = "pkgs.linuxPackages_latest"; 20 20 + description = "The kernel to use for the system."; 21 21 + }; 22 22 + }; 23 23 + 24 24 + config = { 25 25 + # we set the kernel to be defaulted to the one set by our settings 26 26 + # we happen to default this to the latest kernel sooo: 27 27 + # always use the latest kernel, love the unstablity 28 28 + boot.kernelPackages = mkOverride 500 cfg.packages; 29 29 + }; 30 30 + }

+66 -2

modules/nixos/kernel/params.nix

reviewed

··· 1 1 + # the holy handbook to kernel parameters 2 2 + # <https://www.kernel.org/doc/html/latest/admin-guide/kernel-parameters.html> 3 3 + { lib, config, ... }: 4 4 + let 5 5 + inherit (lib) mkEnableOption optionals; 6 6 + cfg = config.garden.system; 7 7 + in 1 8 { 2 2 - # https://www.kernel.org/doc/html/latest/admin-guide/kernel-parameters.html 3 3 - boot.kernelParams = [ 9 9 + options.garden.system = { 10 10 + boot.silent = mkEnableOption '' 11 11 + almost entirely silent boot process through `quiet` kernel parameter 12 12 + ''; 13 13 + 14 14 + kernel.tweaks.enable = mkEnableOption "security and performance related kernel parameters" // { 15 15 + default = config.garden.profiles.workstation.enable; 16 16 + defaultText = "config.garden.profiles.workstation.enable"; 17 17 + }; 18 18 + }; 19 19 + 20 20 + config.boot.kernelParams = [ 4 21 # NixOS produces many wakeups per second, which is bad for battery life. 5 22 # This kernel parameter disables the timer tick on the last 4 cores 6 23 "nohz_full=4-7" ··· 47 64 48 65 # prevent the kernel from blanking plymouth out of the fb 49 66 "fbcon=nodefer" 67 67 + ] 68 68 + ++ optionals cfg.kernel.tweaks.enable [ 69 69 + # https://en.wikipedia.org/wiki/Kernel_page-table_isolation 70 70 + # auto means kernel will automatically decide the pti state 71 71 + "pti=auto" # on || off 72 72 + 73 73 + # disable the intel_idle (it stinks anyway) driver and use acpi_idle instead 74 74 + "idle=nomwait" 75 75 + 76 76 + # enable IOMMU for devices used in passthrough and provide better host performance 77 77 + "iommu=pt" 78 78 + 79 79 + # disable usb autosuspend 80 80 + "usbcore.autosuspend=-1" 81 81 + 82 82 + # isables resume and restores original swap space 83 83 + "noresume" 84 84 + 85 85 + # allow systemd to set and save the backlight state 86 86 + "acpi_backlight=native" 87 87 + 88 88 + # prevent the kernel from blanking plymouth out of the fb 89 89 + "fbcon=nodefer" 90 90 + 91 91 + # disable boot logo 92 92 + "logo.nologo" 93 93 + 94 94 + # disable the cursor in vt to get a black screen during intermissions 95 95 + "vt.global_cursor_default=0" 96 96 + ] 97 97 + ++ optionals cfg.boot.silent [ 98 98 + # tell the kernel to not be verbose, the voices are too loud 99 99 + "quiet" 100 100 + 101 101 + # kernel log message level 102 102 + "loglevel=3" # 1: system is unusable | 3: error condition | 7: very verbose 103 103 + 104 104 + # udev log message level 105 105 + "udev.log_level=3" 106 106 + 107 107 + # lower the udev log level to show only errors or worse 108 108 + "rd.udev.log_level=3" 109 109 + 110 110 + # disable systemd status messages 111 111 + # rd prefix means systemd-udev will be used instead of initrd 112 112 + "systemd.show_status=auto" 113 113 + "rd.systemd.show_status=auto" 50 114 ]; 51 115 }

+4

modules/nixos/kernel/sysctl.nix

reviewed

··· 99 99 # unless the user ID of the follower matches the symlink, or the 100 100 # directory owner matches the symlink 101 101 "fs.protected_symlinks" = 1; 102 102 + 103 103 + # increase the map count, this is important for applications that require a lot of memory mappings 104 104 + # such as games and emulators 105 105 + "vm.max_map_count" = 2147483642; 102 106 }; 103 107 }

-7

systems/amaterasu/default.nix

reviewed

··· 31 31 boot = { 32 32 loader = "systemd-boot"; 33 33 secureBoot = true; 34 34 - enableKernelTweaks = true; 35 35 - loadRecommendedModules = true; 36 36 - 37 37 - initrd = { 38 38 - enableTweaks = true; 39 39 - optimizeCompressor = true; 40 40 - }; 41 34 }; 42 35 43 36 bluetooth.enable = true;

-3

systems/athena/default.nix

reviewed

··· 23 23 system.boot = { 24 24 loader = "systemd-boot"; 25 25 secureBoot = false; 26 26 - loadRecommendedModules = true; 27 27 - enableKernelTweaks = true; 28 28 - initrd.enableTweaks = true; 29 26 }; 30 27 31 28 services = {

-8

systems/valkyrie/default.nix

reviewed

··· 21 21 boot = { 22 22 loader = "none"; 23 23 secureBoot = false; 24 24 - enableKernelTweaks = true; 25 25 - loadRecommendedModules = true; 26 26 - 27 27 - initrd = { 28 28 - enableTweaks = true; 29 29 - optimizeCompressor = true; 30 30 - }; 31 24 }; 32 25 33 26 emulation.enable = true; 34 34 - 35 27 bluetooth.enable = false; 36 28 }; 37 29 };