44 lines
1 KiB
Nix
44 lines
1 KiB
Nix
{lib, ...}:
|
|
with lib; {
|
|
# Kernel modules.
|
|
boot.initrd.availableKernelModules = [
|
|
"xhci_pci"
|
|
"nvme"
|
|
"usb_storage"
|
|
"sd_mod"
|
|
];
|
|
|
|
boot.kernelModules = ["kvm-intel"];
|
|
|
|
# Enable lanzaboote & secure boot.
|
|
boot.initrd.systemd.enable = true;
|
|
boot.loader.systemd-boot.enable = mkForce false;
|
|
boot.bootspec.enable = true;
|
|
|
|
boot.lanzaboote = {
|
|
enable = true;
|
|
pkiBundle = "/var/lib/sbctl";
|
|
settings.timeout = 0;
|
|
};
|
|
|
|
# Root filesystem.
|
|
fileSystems."/" = {
|
|
device = "/dev/disk/by-uuid/63d79656-aa5b-466a-b369-be5eac3f51ab";
|
|
fsType = "ext4";
|
|
};
|
|
|
|
boot.initrd.luks.devices."luks-93fa00bc-777f-4359-bad5-880c29faca0d".device = "/dev/disk/by-uuid/93fa00bc-777f-4359-bad5-880c29faca0d";
|
|
|
|
# EFI/boot partition.
|
|
fileSystems."/boot" = {
|
|
device = "/dev/disk/by-uuid/EBD7-3E1C";
|
|
fsType = "vfat";
|
|
options = [
|
|
"fmask=0077"
|
|
"dmask=0077"
|
|
];
|
|
};
|
|
|
|
# Allows remote deployment on ARM systems (ie. Raspberry Pi).
|
|
boot.binfmt.emulatedSystems = ["aarch64-linux"];
|
|
}
|