diff --git a/common/default.nix b/common/default.nix index 2ddf79a..723010f 100644 --- a/common/default.nix +++ b/common/default.nix @@ -1,5 +1,5 @@ { config, lib, pkgs, ... }: { - imports = [ ./users ]; + imports = [ ./users ./microcode.nix ]; boot.cleanTmpDir = true; boot.kernelModules = [ "wireguard" ]; diff --git a/common/microcode.nix b/common/microcode.nix new file mode 100644 index 0000000..1176a8a --- /dev/null +++ b/common/microcode.nix @@ -0,0 +1,13 @@ +{ config, lib, ... }: { + options = { + within.microcode = { + enable = lib.mkEnableOption "Enables CPU Microcode updates"; + vendor = lib.mkOption { type = lib.types.enum [ "intel" "amd" ]; }; + }; + }; + + config = lib.mkIf config.within.microcode.enable { + hardware.cpu.intel.updateMicrocode = (config.cadey.cpu.vendor == "intel"); + hardware.cpu.amd.updateMicrocode = (config.cadey.cpu.vendor == "amd"); + }; +} diff --git a/hardware/alrest/default.nix b/hardware/alrest/default.nix index 880221a..683cb93 100644 --- a/hardware/alrest/default.nix +++ b/hardware/alrest/default.nix @@ -30,10 +30,10 @@ services.zfs.autoSnapshot.enable = true; services.zfs.trim.enable = true; - # cadey.cpu = { - # enable = true; - # vendor = "intel"; - # }; + within.microcode = { + enable = true; + vendor = "intel"; + }; security.sudo.wheelNeedsPassword = false;