53 lines
1.4 KiB
Nix
53 lines
1.4 KiB
Nix
{pkgs, lib, ...}:
|
|
with lib; {
|
|
# Kernel modules.
|
|
boot.initrd.availableKernelModules = ["xhci_pci" "nvme" "usb_storage" "sd_mod"];
|
|
boot.kernelModules = ["kvm-intel"];
|
|
|
|
# Enable lanzaboote & secure boot.
|
|
boot.initrd.systemd.enable = true;
|
|
boot.loader.systemd-boot.enable = mkForce false;
|
|
boot.bootspec.enable = true;
|
|
|
|
boot.lanzaboote = {
|
|
enable = true;
|
|
pkiBundle = "/var/lib/sbctl";
|
|
settings.timeout = 0;
|
|
};
|
|
|
|
# Full disk encryption.
|
|
boot.initrd.luks.devices."nvme0n1p2_crypt".device = "/dev/disk/by-uuid/7196bd89-099f-4e9e-80e5-3d6d555272b1";
|
|
|
|
# Root filesystem.
|
|
fileSystems."/" = {
|
|
device = "/dev/disk/by-uuid/bea34866-903b-460e-abff-c817e06891c7";
|
|
fsType = "btrfs";
|
|
options = ["subvol=root"];
|
|
};
|
|
|
|
# Nix directory.
|
|
fileSystems."/nix" = {
|
|
device = "/dev/disk/by-uuid/bea34866-903b-460e-abff-c817e06891c7";
|
|
fsType = "btrfs";
|
|
options = ["subvol=nix"];
|
|
};
|
|
|
|
# Home directory.
|
|
fileSystems."/home" = {
|
|
device = "/dev/disk/by-uuid/bea34866-903b-460e-abff-c817e06891c7";
|
|
fsType = "btrfs";
|
|
options = ["subvol=home"];
|
|
};
|
|
|
|
# Swap.
|
|
fileSystems."/swap" = {
|
|
device = "/dev/disk/by-uuid/bea34866-903b-460e-abff-c817e06891c7";
|
|
fsType = "btrfs";
|
|
options = ["subvol=swap"];
|
|
};
|
|
|
|
swapDevices = [{device = "/swap/swapfile";}];
|
|
|
|
# Install some packages.
|
|
environment.systemPackages = with pkgs; [deploy-rs];
|
|
}
|