main
1{ pkgs, ... }:
2{
3 boot = {
4 loader.systemd-boot.netbootxyz.enable = true;
5 # initrd.systemd.enable = lib.mkForce false;
6 initrd.availableKernelModules = [
7 "nvme"
8 "rtsx_pci_sdmmc"
9 "thunderbolt"
10 "dm-mod"
11 ];
12 # initrd = {
13 # luks.devices."cryptroot" = {
14 # crypttabExtraOpts = [ "fido2-device=auto" ];
15 # };
16 # systemd = {
17 # fido2.enable = true;
18 # };
19 # };
20
21 blacklistedKernelModules = [
22 "sierra_net" # sierra wireless modules
23 "cdc_mbim" # modem mobile broadband modules
24 "cdc_ncm" # similar
25 ];
26 kernelModules = [
27 "ahci" # sata controller, might not be needed
28 "nvme" # required for nvme disks
29 "thunderbolt" # required for thunderbolt (dock, …)
30 # from thinkpad x1 gen 9
31 "dm-mod"
32 "cryptd" # required for encryption
33 "xhci_pci" # usb controller related
34 "usb_storage" # usb storage related
35 "sd_mod" # block device related
36 "sdhci_pci" # block device related as well
37 "aesni-intel" # advanced encryption for intel
38 "kvm_intel"
39 ];
40
41 kernelParams = [
42 # Kernel GPU Savings Options (NOTE i915 chipset only)
43 # "i915.enable_rc6=1"
44 # "i915.enable_fbc=1"
45 # "i915.lvds_use_ssc=0"
46 # "drm.debug=0"
47 # "drm.vblankoffdelay=1"
48 "kvm_intel.nested=1"
49 "intel_iommu=on"
50 ];
51
52 kernelPackages = pkgs.linuxPackages_latest;
53 loader.efi.canTouchEfiVariables = true;
54 };
55 hardware = {
56 cpu.intel.updateMicrocode = true;
57 };
58}