64 lines
1.2 KiB
Nix
64 lines
1.2 KiB
Nix
{ ... }:
|
|
let
|
|
usb_label = "my_usb";
|
|
encrypted_root_uuid = "";
|
|
unencrypted_root_uuid = "";
|
|
in {
|
|
boot = {
|
|
loader = {
|
|
systemd-boot.enable = true;
|
|
efi.canTouchEfiVariables = true;
|
|
};
|
|
initrd.availableKernelModules = [
|
|
"xhci_pci"
|
|
"ahci"
|
|
"nvme"
|
|
"usb_storage"
|
|
"sd_mod"
|
|
"rtsx_pci_sdmmc"
|
|
"uas"
|
|
"usbcore"
|
|
"usb_storage"
|
|
"vfat"
|
|
"nls_cp437"
|
|
"nls_iso8859_1"
|
|
"aesni_intel"
|
|
"cryptd"
|
|
];
|
|
kernelModules = [ "kvm-intel" ];
|
|
};
|
|
|
|
# TODO: encrypted storage
|
|
#initrd.postDeviceCommands = pkgs.lib.mkBefore ''
|
|
# mkdir -m 0755 -p /key
|
|
# sleep 3
|
|
# mount -n -t vfat -o ro `findfs LABEL=${usb_label}` /key
|
|
#'';
|
|
|
|
#boot.initrd.luks.devices."cryptroot".device =
|
|
# "/dev/disk/by-uuid/${encrypted_root_uuid}";
|
|
|
|
#initrd.luks.devices."cryptroot" = {
|
|
# keyFile = "/key/encryption-keys/lappy.key";
|
|
# preLVM = false;
|
|
# allowDiscards = true;
|
|
#};
|
|
|
|
|
|
fileSystems = {
|
|
"/" = {
|
|
device = "/dev/disk/by-label/nixos";
|
|
fsType = "ext4";
|
|
};
|
|
#"/" = {
|
|
# device = "/dev/mapper/cryptroot";
|
|
# fsType = "ext4";
|
|
#};
|
|
"/boot" = {
|
|
device = "/dev/disk/by-label/nixboot";
|
|
fsType = "vfat";
|
|
};
|
|
};
|
|
|
|
}
|