Infinidoge/universe
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

global/security: enable restributable firmware globally

Browse source 
Also enable AMD microcode updates based on redistributable firmware
being enabled
This commit is contained in:
Infinidoge 2023-07-20 20:51:06 -04:00
parent dcf22f2da3
commit 414f8b6030
2 changed files with 5 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

3
hosts/Infini-DESKTOP/hardware-configuration.nix
View file

@ -11,9 +11,6 @@ in
boot.kernelModules = [ "kvm-amd" ]; boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
hardware.enableRedistributableFirmware = lib.mkDefault true;
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
fileSystems = fileSystems =
let let
main = uuid "13f97ece-823e-4785-b06e-6c284105d379"; main = uuid "13f97ece-823e-4785-b06e-6c284105d379";

5
modules/global/security.nix
View file

@ -14,6 +14,11 @@ with lib;
pam.enableSSHAgentAuth = true; pam.enableSSHAgentAuth = true;
}; };
hardware = {
enableRedistributableFirmware = mkDefault true;
cpu.amd.updateMicrocode = mkDefault config.hardware.enableRedistributableFirmware;
};
boot = { boot = {
# Make tmp volatile, using tmpfs is speedy on SSD systems # Make tmp volatile, using tmpfs is speedy on SSD systems
# Redundant on opt-in state systems # Redundant on opt-in state systems