nixos-config/config/hardware/lambda.nix

{ config, lib, pkgs, modulesPath, ... }:

with lib;
let generateMac = pkgs.lib.network.generate-mac-address;

in {
  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];

  config = {

    system.stateVersion = "22.05";

    boot = {
      initrd = {
        luks.devices.lambda-unlocked = {
          device = "/dev/disk/by-uuid/e90c9dda-4e4c-4ca1-8897-39fcebc03479";
          allowDiscards = true;
        };

        availableKernelModules = [
          "uhci_hcd"
          "ehci_pci"
          "ata_piix"
          "hpsa"
          "usb_storage"
          "usbhid"
          "sd_mod"
          "sr_mod"
        ];
        kernelModules = [ "dm-snapshot" ];
      };

      kernelModules = [ "kvm-intel" ];
      kernelPackages = pkgs.linuxPackages_latest;

      loader.grub = {
        enable = true;
        version = 2;
        device = "/dev/disk/by-id/scsi-3600508b1001c3be9174b4bdb31935121";
      };
    };

    fileSystems = {
      "/" = {
        device = "lambda-root";
        fsType = "tmpfs";
        options = [ "mode=755" "size=32G" "noexec" ];
      };
      "/boot" = {
        device = "/dev/disk/by-label/lambda-boot";
        fsType = "ext4";
        options = [ "noatime" "noexec" ];
      };
      "/state" = {
        device = "/dev/mapper/lambda-unlocked";
        fsType = "btrfs";
        options = [ "noatime" "compress=zstd" "noexec" "subvol=@state" ];
      };
      "/nix" = {
        device = "/dev/mapper/lambda-unlocked";
        fsType = "btrfs";
        options = [ "noatime" "compress=zstd" "subvol=@nix" ];
      };
      "/home" = {
        device = "/dev/mapper/lambda-unlocked";
        fsType = "btrfs";
        options = [ "noatime" "compress=zstd" "subvol=@home" ];
      };
      "/var/log" = {
        device = "/dev/mapper/lambda-unlocked";
        fsType = "btrfs";
        options = [ "noatime" "compress=zstd" "noexec" "subvol=@log" ];
      };
    };

    swapDevices = [{
      device = "/dev/disk/by-id/scsi-3600508b1001c3be9174b4bdb31935121-part2";
      randomEncryption.enable = true;
    }];

    nix.settings.max-jobs = lib.mkDefault 24;

    networking = {
      useDHCP = false;
      macvlans = {
        intif0 = {
          interface = "enp4s0f1";
          mode = "bridge";
        };
      };

      interfaces = {
        intif0 = {
          macAddress = generateMac config.instance.hostname "intif0";
        };
      };
    };
  };
}