global/security: enable restributable firmware globally

Also enable AMD microcode updates based on redistributable firmware being enabled
2023-07-20 20:51:06 -04:00 · 2023-07-20 20:51:06 -04:00 · 414f8b6030
commit 414f8b6030
parent dcf22f2da3
2 changed files with 5 additions and 3 deletions
--- a/hosts/Infini-DESKTOP/hardware-configuration.nix
+++ b/hosts/Infini-DESKTOP/hardware-configuration.nix
@ -11,9 +11,6 @@ in
  boot.kernelModules = [ "kvm-amd" ];
  boot.extraModulePackages = [ ];

-  hardware.enableRedistributableFirmware = lib.mkDefault true;
-  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
-
  fileSystems =
    let
      main = uuid "13f97ece-823e-4785-b06e-6c284105d379";
--- a/modules/global/security.nix
+++ b/modules/global/security.nix
@ -14,6 +14,11 @@ with lib;
    pam.enableSSHAgentAuth = true;
  };

+  hardware = {
+    enableRedistributableFirmware = mkDefault true;
+    cpu.amd.updateMicrocode = mkDefault config.hardware.enableRedistributableFirmware;
+  };
+
  boot = {
    # Make tmp volatile, using tmpfs is speedy on SSD systems
    # Redundant on opt-in state systems