64 lines
1.5 KiB
Nix
64 lines
1.5 KiB
Nix
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||
# and may be overwritten by future invocations. Please make changes
|
||
# to /etc/nixos/configuration.nix instead.
|
||
{
|
||
config,
|
||
lib,
|
||
pkgs,
|
||
modulesPath,
|
||
...
|
||
}:
|
||
|
||
{
|
||
imports = [
|
||
(modulesPath + "/installer/scan/not-detected.nix")
|
||
];
|
||
|
||
boot.initrd.availableKernelModules = [
|
||
"xhci_pci"
|
||
"ahci"
|
||
"nvme"
|
||
"usb_storage"
|
||
"usbhid"
|
||
"uas"
|
||
"sd_mod"
|
||
];
|
||
boot.initrd.kernelModules = [ ];
|
||
boot.kernelModules = [ "kvm-amd" ];
|
||
boot.extraModulePackages = [ ];
|
||
|
||
fileSystems."/" = {
|
||
device = "/dev/mapper/cryptroot";
|
||
fsType = "xfs";
|
||
};
|
||
|
||
boot.initrd.luks.devices."cryptroot".device =
|
||
"/dev/disk/by-uuid/ecb02db3-6fe8-499e-9a31-38a8143aa092";
|
||
|
||
# ─── Encrypted Swap ───
|
||
# Include swap keyfile in initramfs (so it's available before root is mounted)
|
||
boot.initrd.secrets."/var/lib/secrets/swap.key" = /var/lib/secrets/swap.key;
|
||
|
||
boot.initrd.luks.devices."cryptswap" = {
|
||
device = "/dev/disk/by-uuid/0e51324d-5929-4b4c-bd6e-a3130cf8adc2";
|
||
keyFile = "/var/lib/secrets/swap.key";
|
||
allowDiscards = true; # Enable TRIM for NVMe SSD
|
||
};
|
||
|
||
fileSystems."/boot" = {
|
||
device = "/dev/disk/by-uuid/614D-6CCA";
|
||
fsType = "vfat";
|
||
options = [
|
||
"fmask=0022"
|
||
"dmask=0022"
|
||
];
|
||
};
|
||
|
||
swapDevices = [
|
||
{ device = "/dev/mapper/cryptswap"; }
|
||
];
|
||
|
||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||
}
|