From 414f8b6030d21bd8279e03168a40a981d611e5c7 Mon Sep 17 00:00:00 2001
From: Infinidoge <infinidoge@inx.moe>
Date: Thu, 20 Jul 2023 20:51:06 -0400
Subject: [PATCH] global/security: enable restributable firmware globally

Also enable AMD microcode updates based on redistributable firmware
being enabled
---
 hosts/Infini-DESKTOP/hardware-configuration.nix | 3 ---
 modules/global/security.nix                     | 5 +++++
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/hosts/Infini-DESKTOP/hardware-configuration.nix b/hosts/Infini-DESKTOP/hardware-configuration.nix
index c7b924a..b5466e0 100644
--- a/hosts/Infini-DESKTOP/hardware-configuration.nix
+++ b/hosts/Infini-DESKTOP/hardware-configuration.nix
@@ -11,9 +11,6 @@ in
   boot.kernelModules = [ "kvm-amd" ];
   boot.extraModulePackages = [ ];
 
-  hardware.enableRedistributableFirmware = lib.mkDefault true;
-  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
-
   fileSystems =
     let
       main = uuid "13f97ece-823e-4785-b06e-6c284105d379";
diff --git a/modules/global/security.nix b/modules/global/security.nix
index aaa623e..7d16711 100644
--- a/modules/global/security.nix
+++ b/modules/global/security.nix
@@ -14,6 +14,11 @@ with lib;
     pam.enableSSHAgentAuth = true;
   };
 
+  hardware = {
+    enableRedistributableFirmware = mkDefault true;
+    cpu.amd.updateMicrocode = mkDefault config.hardware.enableRedistributableFirmware;
+  };
+
   boot = {
     # Make tmp volatile, using tmpfs is speedy on SSD systems
     # Redundant on opt-in state systems