Zuckerberg
c51f4ad65b
All checks were successful
Check Flake / check-flake (push) Successful in 1m6s
48 lines
1.3 KiB
Nix
48 lines
1.3 KiB
Nix
{ config, lib, pkgs, modulesPath, ... }:
|
|
|
|
{
|
|
imports =
|
|
[
|
|
(modulesPath + "/installer/scan/not-detected.nix")
|
|
];
|
|
|
|
# boot
|
|
boot.loader.systemd-boot.enable = true;
|
|
boot.loader.timeout = lib.mkForce 15;
|
|
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ];
|
|
boot.initrd.kernelModules = [ "dm-snapshot" ];
|
|
|
|
# kernel
|
|
boot.kernelModules = [ "kvm-amd" ];
|
|
boot.extraModulePackages = [ ];
|
|
boot.kernelPackages = pkgs.linuxPackages_latest;
|
|
|
|
# luks unlock with clevis
|
|
boot.initrd.systemd.enable = true;
|
|
boot.initrd.clevis = {
|
|
enable = true;
|
|
devices."enc-pv".secretFile = "/secret/decrypt.jwe";
|
|
};
|
|
|
|
# disks
|
|
boot.initrd.luks.devices."enc-pv" = {
|
|
device = "/dev/disk/by-uuid/04231c41-2f13-49c0-8fce-0357eea67990";
|
|
allowDiscards = true;
|
|
};
|
|
fileSystems."/" =
|
|
{
|
|
device = "/dev/disk/by-uuid/39ee326c-a42f-49f3-84d9-f10091a903cd";
|
|
fsType = "btrfs";
|
|
};
|
|
fileSystems."/boot" =
|
|
{
|
|
device = "/dev/disk/by-uuid/954B-AB3E";
|
|
fsType = "vfat";
|
|
};
|
|
swapDevices =
|
|
[{ device = "/dev/disk/by-uuid/44e36954-9f1c-49ae-af07-72b240f93a95"; }];
|
|
|
|
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
|
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
|
}
|