98 lines
2.1 KiB
Nix
98 lines
2.1 KiB
Nix
{ config, lib, pkgs, ... }:
|
|
|
|
{
|
|
config = {
|
|
|
|
boot = {
|
|
initrd = {
|
|
luks.devices.socrates-unlocked = {
|
|
device = "/dev/socrates/socrates-locked";
|
|
preLVM = false;
|
|
allowDiscards = true;
|
|
};
|
|
availableKernelModules = [
|
|
"xhci_pci"
|
|
"ehci_pci"
|
|
"ahci"
|
|
"usb_storage"
|
|
"usbhid"
|
|
"sd_mod"
|
|
"r8169"
|
|
];
|
|
kernelModules = [ "dm-snapshot" ];
|
|
};
|
|
|
|
loader = {
|
|
grub = {
|
|
enable = true;
|
|
version = 2;
|
|
device = "/dev/sda";
|
|
};
|
|
};
|
|
|
|
kernelModules = [ ];
|
|
extraModulePackages = [ ];
|
|
};
|
|
|
|
fileSystems = {
|
|
"/" = {
|
|
device = "socrates-root";
|
|
fsType = "tmpfs";
|
|
options = [ "mode=755" "size=12G" ];
|
|
};
|
|
|
|
"/boot" = {
|
|
device = "/dev/disk/by-label/socrates-boot";
|
|
fsType = "ext4";
|
|
options = [ "noatime" "nodiratime" "noexec" ];
|
|
};
|
|
|
|
"/nix" = {
|
|
device = "/dev/disk/by-label/socrates-data";
|
|
fsType = "btrfs";
|
|
options = [ "subvol=@nix" "compress=zstd" "noatime" "nodiratime" ];
|
|
};
|
|
|
|
"/var/log" = {
|
|
device = "/dev/disk/by-label/socrates-data";
|
|
fsType = "btrfs";
|
|
options = [ "subvol=@log" "compress=zstd" "noatime" "nodiratime" "noexec" ];
|
|
neededForBoot = true;
|
|
};
|
|
|
|
"/state" = {
|
|
device = "/dev/disk/by-label/socrates-data";
|
|
fsType = "btrfs";
|
|
options = [ "subvol=@state" "compress=zstd" "noatime" "nodiratime" "noexec" ];
|
|
};
|
|
|
|
"/home" = {
|
|
device = "/dev/disk/by-label/socrates-data";
|
|
fsType = "btrfs";
|
|
options = [ "subvol=@home" "compress=zstd" "noatime" "nodiratime" "noexec" ];
|
|
};
|
|
};
|
|
|
|
swapDevices = [{
|
|
device = "/dev/socrates/socrates-swap";
|
|
randomEncryption.enable = true;
|
|
}];
|
|
|
|
networking = {
|
|
macvlans = {
|
|
intif0 = {
|
|
interface = "enp1s0";
|
|
mode = "bridge";
|
|
};
|
|
};
|
|
|
|
interfaces = {
|
|
enp1s0.useDHCP = false;
|
|
intif0 = {
|
|
macAddress = "02:f2:30:b8:71:42";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
}
|