Harald Hoyer
d8ab5afa22
Corrected the indentation of the closing bracket in the hardware configuration. This improves readability and consistency in the code format.
112 lines
2.7 KiB
Nix
112 lines
2.7 KiB
Nix
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||
# and may be overwritten by future invocations. Please make changes
|
||
# to /etc/nixos/configuration.nix instead.
|
||
{ config, lib, pkgs, modulesPath, ... }:
|
||
|
||
{
|
||
imports = [
|
||
(modulesPath + "/installer/scan/not-detected.nix")
|
||
];
|
||
|
||
boot.kernelModules = [ "kvm-intel" ];
|
||
boot.initrd.availableKernelModules = [
|
||
"ahci"
|
||
"nvme"
|
||
"rng_core"
|
||
"sd_mod"
|
||
"sdhci_pci"
|
||
"thunderbolt"
|
||
"tpm"
|
||
"tpm_crb"
|
||
"tpm_tis"
|
||
"tpm_tis_core"
|
||
"trusted"
|
||
"uas"
|
||
"usb_storage"
|
||
"usbhid"
|
||
"xhci_pci"
|
||
"uas"
|
||
];
|
||
boot.initrd.kernelModules = [ ];
|
||
boot.kernelParams = [
|
||
"lockdown=confidentiality"
|
||
"intel_iommu=on"
|
||
"quiet"
|
||
"splash"
|
||
"video=efifb:nobgrt"
|
||
|
||
# unsafe, but no secrets on that machine
|
||
"noibrs"
|
||
"noibpb"
|
||
"nopti"
|
||
"nospectre_v2"
|
||
"nospectre_v1"
|
||
"l1tf=off"
|
||
"nospec_store_bypass_disable"
|
||
"no_stf_barrier"
|
||
"mds=off"
|
||
"tsx=on"
|
||
"tsx_async_abort=off"
|
||
"mitigations=off"
|
||
];
|
||
|
||
boot.extraModulePackages = [ ];
|
||
|
||
services.btrfs.autoScrub.enable = true;
|
||
swapDevices = [{ device = "/swapfile"; }];
|
||
|
||
boot.initrd.luks.devices.crypted = {
|
||
device = "/dev/nvme0n1p2";
|
||
preLVM = true;
|
||
};
|
||
|
||
fileSystems = {
|
||
"/" =
|
||
{
|
||
device = "/dev/mapper/crypted";
|
||
fsType = "btrfs";
|
||
options = [ "subvol=/rootfs" ];
|
||
neededForBoot = true;
|
||
};
|
||
"/nix" = {
|
||
device = "/dev/mapper/crypted";
|
||
fsType = "btrfs";
|
||
options = [ "subvol=/nix" ];
|
||
neededForBoot = true;
|
||
};
|
||
"/home" = {
|
||
device = "/dev/mapper/crypted";
|
||
fsType = "btrfs";
|
||
options = [ "subvol=/home" ];
|
||
};
|
||
"/persist" = {
|
||
device = "/dev/mapper/crypted";
|
||
fsType = "btrfs";
|
||
options = [ "subvol=/persist" ];
|
||
neededForBoot = true;
|
||
};
|
||
"/boot" =
|
||
{
|
||
device = "/dev/disk/by-partlabel/disk-one-ESP";
|
||
fsType = "vfat";
|
||
};
|
||
};
|
||
|
||
console.keyMap = "de-latin1-nodeadkeys";
|
||
services.xserver.xkb = {
|
||
layout = "de,de+us";
|
||
variant = "nodeadkeys";
|
||
};
|
||
|
||
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||
# still possible to use this option, but it's recommended to use it in conjunction
|
||
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||
networking.useDHCP = lib.mkDefault true;
|
||
# networking.interfaces.enp82s0u1u3u4.useDHCP = lib.mkDefault true;
|
||
# networking.interfaces.wlp0s20f3.useDHCP = lib.mkDefault true;
|
||
|
||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||
}
|