ghostfox/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

push sheeet
Some checks failed
Periodic Merges (6h) / master → staging-nixos (push) Failing after 12m50s
Details
Periodic Merges (6h) / master → staging-next (push) Failing after 12m54s
Details
Periodic Merges (24h) / merge-base(master,staging) → haskell-updates (push) Failing after 11m54s
Details
Periodic Merges (6h) / staging-next → staging (push) Failing after 12m13s
Details
Periodic Merges (24h) / staging-next-25.05 → staging-25.05 (push) Failing after 13m24s
Details
Periodic Merges (24h) / release-25.05 → staging-next-25.05 (push) Failing after 14m28s
Details

Browse Source
This commit is contained in:
Dark Steveneq
2025-10-09 14:15:47 +02:00
commit 646b892680
49168 changed files with 5897842 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
nixos/modules/hardware/cpu/amd-microcode.nix Normal file
View File

@@ -0,0 +1,32 @@
{
config,
lib,
pkgs,
...
}:
let
cfg = config.hardware.cpu.amd;
in
{
###### interface
options = {
hardware.cpu.amd.updateMicrocode = lib.mkOption {
default = false;
type = lib.types.bool;
description = ''
Update the CPU microcode for AMD processors.
'';
};
hardware.cpu.amd.microcodePackage = lib.mkPackageOption pkgs "microcode-amd" { };
};
###### implementation
config = lib.mkIf config.hardware.cpu.amd.updateMicrocode {
# Microcode updates must be the first item prepended in the initrd
boot.initrd.prepend = lib.mkOrder 1 [ "${cfg.microcodePackage}/amd-ucode.img" ];
};
}

30
nixos/modules/hardware/cpu/amd-ryzen-smu.nix Normal file
View File

@@ -0,0 +1,30 @@
{
config,
lib,
...
}:
let
inherit (lib) mkEnableOption mkIf;
cfg = config.hardware.cpu.amd.ryzen-smu;
ryzen-smu = config.boot.kernelPackages.ryzen-smu;
in
{
options.hardware.cpu.amd.ryzen-smu = {
enable = mkEnableOption ''
ryzen_smu, a linux kernel driver that exposes access to the SMU (System Management Unit) for certain AMD Ryzen Processors.
WARNING: Damage cause by use of your AMD processor outside of official AMD specifications or outside of factory settings are not covered under any AMD product warranty and may not be covered by your board or system manufacturer's warranty
'';
};
config = mkIf cfg.enable {
boot.kernelModules = [ "ryzen-smu" ];
boot.extraModulePackages = [ ryzen-smu ];
environment.systemPackages = [ ryzen-smu ];
};
meta.maintainers = with lib.maintainers; [
Cryolitia
phdyellow
];
}

91
nixos/modules/hardware/cpu/amd-sev.nix Normal file
View File

@@ -0,0 +1,91 @@
{
config,
options,
lib,
...
}:
let
cfgSev = config.hardware.cpu.amd.sev;
cfgSevGuest = config.hardware.cpu.amd.sevGuest;
optionsFor = device: group: {
enable = lib.mkEnableOption "access to the AMD ${device} device";
user = lib.mkOption {
description = "Owner to assign to the ${device} device.";
type = lib.types.str;
default = "root";
};
group = lib.mkOption {
description = "Group to assign to the ${device} device.";
type = lib.types.str;
default = group;
};
mode = lib.mkOption {
description = "Mode to set for the ${device} device.";
type = lib.types.str;
default = "0660";
};
};
in
with lib;
{
options.hardware.cpu.amd.sev = optionsFor "SEV" "sev";
options.hardware.cpu.amd.sevGuest = optionsFor "SEV guest" "sev-guest";
config = lib.mkMerge [
# /dev/sev
(lib.mkIf cfgSev.enable {
assertions = [
{
assertion = lib.hasAttr cfgSev.user config.users.users;
message = "Given user does not exist";
}
{
assertion =
(cfgSev.group == options.hardware.cpu.amd.sev.group.default)
|| (lib.hasAttr cfgSev.group config.users.groups);
message = "Given group does not exist";
}
];
boot.extraModprobeConfig = ''
options kvm_amd sev=1
'';
users.groups = lib.optionalAttrs (cfgSev.group == options.hardware.cpu.amd.sev.group.default) {
"${cfgSev.group}" = { };
};
services.udev.extraRules = with cfgSev; ''
KERNEL=="sev", OWNER="${user}", GROUP="${group}", MODE="${mode}"
'';
})
# /dev/sev-guest
(lib.mkIf cfgSevGuest.enable {
assertions = [
{
assertion = lib.hasAttr cfgSevGuest.user config.users.users;
message = "Given user does not exist";
}
{
assertion =
(cfgSevGuest.group == options.hardware.cpu.amd.sevGuest.group.default)
|| (lib.hasAttr cfgSevGuest.group config.users.groups);
message = "Given group does not exist";
}
];
users.groups =
lib.optionalAttrs (cfgSevGuest.group == options.hardware.cpu.amd.sevGuest.group.default)
{
"${cfgSevGuest.group}" = { };
};
services.udev.extraRules = with cfgSevGuest; ''
KERNEL=="sev-guest", OWNER="${user}", GROUP="${group}", MODE="${mode}"
'';
})
];
}

27
nixos/modules/hardware/cpu/intel-microcode.nix Normal file
View File

@@ -0,0 +1,27 @@
{
config,
lib,
pkgs,
...
}:
{
###### interface
options = {
hardware.cpu.intel.updateMicrocode = lib.mkOption {
default = false;
type = lib.types.bool;
description = ''
Update the CPU microcode for Intel processors.
'';
};
};
###### implementation
config = lib.mkIf config.hardware.cpu.intel.updateMicrocode {
# Microcode updates must be the first item prepended in the initrd
boot.initrd.prepend = lib.mkOrder 1 [ "${pkgs.microcode-intel}/intel-ucode.img" ];
};
}

69
nixos/modules/hardware/cpu/intel-sgx.nix Normal file
View File

@@ -0,0 +1,69 @@
{ config, lib, ... }:
let
cfg = config.hardware.cpu.intel.sgx;
defaultPrvGroup = "sgx_prv";
in
{
options.hardware.cpu.intel.sgx.enableDcapCompat = lib.mkOption {
description = ''
Whether to enable backward compatibility for SGX software build for the
out-of-tree Intel SGX DCAP driver.
Creates symbolic links for the SGX devices `/dev/sgx_enclave`
and `/dev/sgx_provision` to make them available as
`/dev/sgx/enclave` and `/dev/sgx/provision`,
respectively.
'';
type = lib.types.bool;
default = true;
};
options.hardware.cpu.intel.sgx.provision = {
enable = lib.mkEnableOption "access to the Intel SGX provisioning device";
user = lib.mkOption {
description = "Owner to assign to the SGX provisioning device.";
type = lib.types.str;
default = "root";
};
group = lib.mkOption {
description = "Group to assign to the SGX provisioning device.";
type = lib.types.str;
default = defaultPrvGroup;
};
mode = lib.mkOption {
description = "Mode to set for the SGX provisioning device.";
type = lib.types.str;
default = "0660";
};
};
config = lib.mkMerge [
(lib.mkIf cfg.provision.enable {
assertions = [
{
assertion = lib.hasAttr cfg.provision.user config.users.users;
message = "Given user does not exist";
}
{
assertion =
(cfg.provision.group == defaultPrvGroup) || (lib.hasAttr cfg.provision.group config.users.groups);
message = "Given group does not exist";
}
];
users.groups = lib.optionalAttrs (cfg.provision.group == defaultPrvGroup) {
"${cfg.provision.group}" = { };
};
services.udev.extraRules = with cfg.provision; ''
SUBSYSTEM=="misc", KERNEL=="sgx_provision", OWNER="${user}", GROUP="${group}", MODE="${mode}"
'';
})
(lib.mkIf cfg.enableDcapCompat {
services.udev.extraRules = ''
SUBSYSTEM=="misc", KERNEL=="sgx_enclave", SYMLINK+="sgx/enclave"
SUBSYSTEM=="misc", KERNEL=="sgx_provision", SYMLINK+="sgx/provision"
'';
})
];
}

113
nixos/modules/hardware/cpu/x86-msr.nix Normal file
View File

@@ -0,0 +1,113 @@
{
lib,
config,
options,
...
}:
let
inherit (builtins) hasAttr;
inherit (lib) mkIf;
cfg = config.hardware.cpu.x86.msr;
opt = options.hardware.cpu.x86.msr;
defaultGroup = "msr";
isDefaultGroup = cfg.group == defaultGroup;
set = "to set for devices of the `msr` kernel subsystem.";
# Generates `foo=bar` parameters to pass to the kernel.
# If `module = baz` is passed, generates `baz.foo=bar`.
# Adds double quotes on demand to handle `foo="bar baz"`.
kernelParam =
{
module ? null,
}:
name: value:
assert lib.asserts.assertMsg (
!lib.strings.hasInfix "=" name
) "kernel parameter cannot have '=' in name";
let
key = (if module == null then "" else module + ".") + name;
valueString = lib.generators.mkValueStringDefault { } value;
quotedValueString =
if lib.strings.hasInfix " " valueString then
lib.strings.escape [ "\"" ] valueString
else
valueString;
in
"${key}=${quotedValueString}";
msrKernelParam = kernelParam { module = "msr"; };
in
{
options.hardware.cpu.x86.msr =
with lib.options;
with lib.types;
{
enable = mkEnableOption "the `msr` (Model-Specific Registers) kernel module and configure `udev` rules for its devices (usually `/dev/cpu/*/msr`)";
owner = mkOption {
type = str;
default = "root";
example = "nobody";
description = "Owner ${set}";
};
group = mkOption {
type = str;
default = defaultGroup;
example = "nobody";
description = "Group ${set}";
};
mode = mkOption {
type = str;
default = "0640";
example = "0660";
description = "Mode ${set}";
};
settings = mkOption {
type = submodule {
freeformType = attrsOf (oneOf [
bool
int
str
]);
options.allow-writes = mkOption {
type = nullOr (enum [
"on"
"off"
]);
default = null;
description = "Whether to allow writes to MSRs (`\"on\"`) or not (`\"off\"`).";
};
};
default = { };
description = "Parameters for the `msr` kernel module.";
};
};
config = mkIf cfg.enable {
assertions = [
{
assertion = hasAttr cfg.owner config.users.users;
message = "Owner '${cfg.owner}' set in `${opt.owner}` is not configured via `${options.users.users}.\"${cfg.owner}\"`.";
}
{
assertion = isDefaultGroup || (hasAttr cfg.group config.users.groups);
message = "Group '${cfg.group}' set in `${opt.group}` is not configured via `${options.users.groups}.\"${cfg.group}\"`.";
}
];
boot = {
kernelModules = [ "msr" ];
kernelParams = lib.attrsets.mapAttrsToList msrKernelParam (
lib.attrsets.filterAttrs (_: value: value != null) cfg.settings
);
};
users.groups.${cfg.group} = mkIf isDefaultGroup { };
services.udev.extraRules = ''
SUBSYSTEM=="msr", OWNER="${cfg.owner}", GROUP="${cfg.group}", MODE="${cfg.mode}"
'';
};
meta = with lib; {
maintainers = with maintainers; [ lorenzleutgeb ];
};
}