{ config, lib, pkgs, modulesPath, ... }: with lib; { system.stateVersion = "21.11"; imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; boot = { initrd = { availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; kernelModules = [ ]; }; loader = { systemd-boot.enable = true; efi.canTouchEfiVariables = true; }; tmpOnTmpfs = false; kernelModules = [ "kvm-intel" ]; extraModulePackages = [ ]; }; hardware = { bluetooth.enable = false; enableRedistributableFirmware = true; }; fileSystems = { "/" = { device = "wormhole0-root"; fsType = "tmpfs"; options = [ "mode=755" "noexec" "noatime" "nodiratime" ]; }; "/boot" = { device = "/dev/disk/by-label/WORMBOOT"; fsType = "vfat"; options = [ "noexec" "noatime" "nodiratime" ]; }; "/nix" = { device = "/dev/disk/by-label/wormhole0-data"; fsType = "btrfs"; options = [ "subvol=@nix" "compress=zstd" "noatime" "nodiratime" ]; }; "/var/log" = { device = "/dev/disk/by-label/wormhole0-data"; fsType = "btrfs"; options = [ "subvol=@logs" "compress=zstd" "noatime" "nodiratime" "noexec" ]; }; "/state" = { device = "/dev/disk/by-label/wormhole0-data"; fsType = "btrfs"; options = [ "subvol=@state" "compress=zstd" "noatime" "nodiratime" "noexec" ]; }; }; swapDevices = [{ device = "/dev/disk/by-label/wormhole0-swap"; }]; networking = { useDHCP = mkDefault false; macvlans = { intif0 = { interface = "enp1s0"; mode = "bridge"; }; wormif0 = { interface = "enp3s0"; mode = "bridge"; }; }; interfaces = { enp1s0.useDHCP = false; enp3s0.useDHCP = false; intif0.macAddress = pkgs.lib.network.generate-mac-address "wormhole0" "intif0"; wormif0.macAddress = pkgs.lib.network.generate-mac-address "wormhole0" "wormif0"; }; }; powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand"; }