{ config, lib, pkgs, modulesPath, ... }: { system.stateVersion = "23.05"; boot = { loader = { systemd-boot.enable = true; efi.canTouchEfiVariables = true; }; initrd = { availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ]; kernelModules = [ "dm-snapshot" ]; }; kernelModules = [ "kvm-intel" ]; kernelPackages = pkgs.linuxPackages_latest; }; fileSystems = { "/" = { device = "fimbria-root"; fsType = "tmpfs"; options = [ "mode=755" "noexec" ]; }; "/boot" = { device = "/dev/disk/by-label/FIM-BOOT"; fsType = "vfat"; options = [ "noexec" "noatime" ]; }; "/nix" = { device = "/dev/disk/by-label/fimbria-data"; fsType = "btrfs"; options = [ "subvol=@nix" "compress=zstd" "noatime" ]; }; "/state" = { device = "/dev/disk/by-label/fimbria-data"; fsType = "btrfs"; options = [ "subvol=@state" "compress=zstd" "noatime" "noexec" ]; }; "/var/log" = { device = "/dev/disk/by-label/fimbria-data"; fsType = "btrfs"; options = [ "subvol=@logs" "compress=zstd" "noatime" "noexec" ]; }; "/var/lib/acme" = { device = "/dev/disk/by-label/fimbria-data"; fsType = "btrfs"; options = [ "subvol=@acme" "compress=zstd" "noatime" "noexec" ]; }; "/var/lib/private" = { device = "/dev/disk/by-label/fimbria-data"; fsType = "btrfs"; options = [ "subvol=@private" "noexec" "noatime" ]; neededForBoot = true; }; }; nix.settings.max-jobs = lib.mkDefault 4; swapDevices = [{ device = "/dev/disk/by-label/fimbria-swap"; }]; networking = { useDHCP = false; macvlans = { intif0 = { interface = "enp2s0"; mode = "bridge"; }; }; interfaces = { intif0.macAddress = pkgs.lib.network.generate-mac-address "fimbria" "enp2s0"; }; }; systemd.targets = { sleep.enable = false; suspend.enable = false; hibernate.enable = false; hybrid-sleep.enable = false; }; }