123 lines
2.7 KiB
Nix
123 lines
2.7 KiB
Nix
{
|
|
config,
|
|
lib,
|
|
pkgs,
|
|
modulesPath,
|
|
...
|
|
}:
|
|
let
|
|
bootUUID = config.machine.fs.bootUUID;
|
|
efiUUID = config.machine.fs.efiUUID;
|
|
luuksUUID = config.machine.fs.luuksUUID;
|
|
cryptrootUUID = config.machine.fs.cryptrootUUID;
|
|
in
|
|
{
|
|
imports = [
|
|
(modulesPath + "/installer/scan/not-detected.nix")
|
|
./minimal.nix
|
|
];
|
|
|
|
boot.bootspec.enable = true;
|
|
boot.initrd = {
|
|
kernelModules = [ ];
|
|
luks.devices."cryptroot".device = "/dev/disk/by-uuid/${luuksUUID}";
|
|
systemd.enable = true;
|
|
};
|
|
|
|
boot.lanzaboote = {
|
|
enable = true;
|
|
pkiBundle = "/var/lib/sbctl";
|
|
};
|
|
|
|
boot.loader.efi = {
|
|
canTouchEfiVariables = true;
|
|
efiSysMountPoint = "efi";
|
|
};
|
|
|
|
boot.loader.systemd-boot = {
|
|
enable = lib.mkForce false;
|
|
xbootldrMountPoint = "/boot";
|
|
};
|
|
|
|
fileSystems."/boot" = {
|
|
device = "/dev/disk/by-uuid/${bootUUID}";
|
|
fsType = "ext4";
|
|
};
|
|
|
|
fileSystems."/efi" = {
|
|
device = "/dev/disk/by-uuid/${efiUUID}";
|
|
fsType = "vfat";
|
|
options = [
|
|
"fmask=0137"
|
|
"dmask=0027"
|
|
];
|
|
};
|
|
|
|
environment.sessionVariables = {
|
|
EDITOR = "${pkgs.vim}/bin/vim";
|
|
PAGER = "${pkgs.less}/bin/less";
|
|
};
|
|
|
|
fileSystems."/" = {
|
|
device = "/dev/disk/by-uuid/${cryptrootUUID}";
|
|
fsType = "btrfs";
|
|
options = [ "subvol=@root" ];
|
|
};
|
|
|
|
fileSystems."/home" = {
|
|
device = "/dev/disk/by-uuid/${cryptrootUUID}";
|
|
fsType = "btrfs";
|
|
options = [ "subvol=@home" ];
|
|
};
|
|
|
|
fileSystems."/nix" = {
|
|
device = "/dev/disk/by-uuid/${cryptrootUUID}";
|
|
fsType = "btrfs";
|
|
options = [ "subvol=@nix" ];
|
|
};
|
|
|
|
fileSystems."/var/cache" = {
|
|
device = "/dev/disk/by-uuid/${cryptrootUUID}";
|
|
fsType = "btrfs";
|
|
options = [ "subvol=@var_cache" ];
|
|
};
|
|
|
|
fileSystems."/var/log" = {
|
|
device = "/dev/disk/by-uuid/${cryptrootUUID}";
|
|
fsType = "btrfs";
|
|
options = [ "subvol=@var_log" ];
|
|
};
|
|
|
|
fileSystems."/var/spool" = {
|
|
device = "/dev/disk/by-uuid/${cryptrootUUID}";
|
|
fsType = "btrfs";
|
|
options = [ "subvol=@var_spool" ];
|
|
};
|
|
|
|
fileSystems."/var/tmp" = {
|
|
device = "/dev/disk/by-uuid/${cryptrootUUID}";
|
|
fsType = "btrfs";
|
|
options = [ "subvol=@var_tmp" ];
|
|
};
|
|
|
|
fileSystems."/var/lib/machines" = {
|
|
device = "/dev/disk/by-uuid/${cryptrootUUID}";
|
|
fsType = "btrfs";
|
|
options = [ "subvol=@var_lib_machines" ];
|
|
};
|
|
|
|
fileSystems."/var/lib/portables" = {
|
|
device = "/dev/disk/by-uuid/${cryptrootUUID}";
|
|
fsType = "btrfs";
|
|
options = [ "subvol=@var_lib_portables" ];
|
|
};
|
|
|
|
services.avahi.enable = true;
|
|
services.openssh.enable = true;
|
|
|
|
swapDevices = [ ];
|
|
|
|
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
|
|
|
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
|
}
|