This commit is contained in:
Melvin Ragusa
2026-02-03 02:51:00 +01:00
parent f0018b0f19
commit a8f29c4868
2 changed files with 12 additions and 12 deletions

View File

@@ -36,7 +36,7 @@
# ─── Bootloader: Limine with Secure Boot ─── # ─── Bootloader: Limine with Secure Boot ───
boot.loader.systemd-boot.enable = false; # Disabled - using Limine boot.loader.systemd-boot.enable = false; # Disabled - using Limine
boot.loader.limine.enable = true; boot.loader.limine.enable = true;
boot.loader.limine.secureBoot.enable = true; boot.loader.limine.secureBoot.enable = false;
boot.loader.efi.canTouchEfiVariables = true; boot.loader.efi.canTouchEfiVariables = true;
# ─── Kernel ─── # ─── Kernel ───
@@ -48,14 +48,10 @@
"amdgpu.ppfeaturemask=0xffffffff" # Full AMD GPU power features (from gpu-amd.nix) "amdgpu.ppfeaturemask=0xffffffff" # Full AMD GPU power features (from gpu-amd.nix)
]; ];
# ─── Full Disk Encryption (LUKS) ─── # ─── Full Disk Encryption (LUKS) ───
boot.initrd.luks.devices = { boot.initrd.luks.devices = {
"cryptroot" = {
device = "/dev/disk/by-label/cryptroot";
allowDiscards = true; # Enable TRIM for SSD performance
};
"cryptswap" = { "cryptswap" = {
device = "/dev/disk/by-label/cryptswap"; device = "/dev/mapper/cryptswap";
allowDiscards = true; allowDiscards = true;
keyFile = "/swap.key"; # Auto-unlock with keyfile after root is decrypted keyFile = "/swap.key"; # Auto-unlock with keyfile after root is decrypted
}; };

View File

@@ -14,17 +14,21 @@
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
fileSystems."/" = fileSystems."/" =
{ device = "/dev/disk/by-uuid/2db125bf-6f56-4299-9dec-f1dca95213c7"; { device = "/dev/mapper/cryptroot";
fsType = "ext4"; fsType = "xfs";
}; };
boot.initrd.luks.devices."cryptroot".device = "/dev/disk/by-uuid/ecb02db3-6fe8-499e-9a31-38a8143aa092";
fileSystems."/boot" = fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/F3DA-C028"; { device = "/dev/disk/by-uuid/614D-6CCA";
fsType = "vfat"; fsType = "vfat";
options = [ "fmask=0077" "dmask=0077" ]; options = [ "fmask=0022" "dmask=0022" ];
}; };
swapDevices = [ ]; swapDevices =
[ { device = "/dev/mapper/cryptswap"; }
];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;