sys/boot/firmware.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42

{
  config,
  lib,
  pkgs,
  ...
}:
with lib; let
  cfg = config.local.boot.firmware;
in {
  options.local.boot.firmware = {
    mode = mkOption {
      type = types.enum ["none" "redistributable" "all"];
    };

    cpuVendor = mkOption {
      type = types.enum ["amd" "intel"];
    };
  };

  config = mkIf (cfg.mode != "none") {
    hardware = {
      cpu = {
        amd.updateMicrocode = cfg.cpuVendor == "amd";
        intel.updateMicrocode = cfg.cpuVendor == "intel";
      };

      enableAllFirmware = cfg.mode == "all";
      enableRedistributableFirmware = true;
    };

    local.boot.impermanence.directories = [
      {
        directory = "/var/lib/fwupd";
        user = "fwupd-refresh";
        group = "fwupd-refresh";
        mode = "u=rwx,g=rx,o=rx";
      }
    ];

    services.fwupd.enable = true;
  };
}