+ deployment = {
+ targetUser = "root";
+ targetHost = config.hostEnv.ips.main.ip4;
+ substituteOnDestination = true;
+ };
+ boot = {
+ kernelModules = [ "kvm-intel" ];
+ blacklistedKernelModules = [ "nvidiafb" ];
+ loader.timeout = 1;
+ loader.grub.devices = [ "/dev/sda" "/dev/sdb" ];
+ kernel.sysctl = {
+ # https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md
+ "net.ipv4.tcp_sack" = 0;
+ };
+ supportedFilesystems = [ "zfs" ];
+ kernelParams = ["zfs.zfs_arc_max=6442450944"];
+ kernelPackages = pkgs.linuxPackages_latest;
+ initrd.availableKernelModules = [ "ahci" "sd_mod" ];
+ initrd.secrets = {
+ "/boot/pass.key" = "/boot/pass.key";
+ };
+ };
+ services.udev.extraRules = ''
+ ACTION=="add", SUBSYSTEM=="net", ATTR{address}=="c8:60:00:56:a0:88", NAME="eth0"
+ '';
+ nix.maxJobs = 8;
+ powerManagement.cpuFreqGovernor = "powersave";