mirror of
https://github.com/ryan4yin/nix-config.git
synced 2026-04-23 17:28:33 +02:00
101 lines
3.8 KiB
Nix
101 lines
3.8 KiB
Nix
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||
# and may be overwritten by future invocations. Please make changes
|
||
# to /etc/nixos/configuration.nix instead.
|
||
{ config, lib, pkgs, modulesPath, ... }:
|
||
|
||
{
|
||
imports =
|
||
[ (modulesPath + "/installer/scan/not-detected.nix")
|
||
];
|
||
|
||
# Use the EFI boot loader.
|
||
boot.loader.efi.canTouchEfiVariables = true;
|
||
# depending on how you configured your disk mounts, change this to /boot or /boot/efi.
|
||
boot.loader.efi.efiSysMountPoint = "/boot";
|
||
boot.loader.grub = {
|
||
enable = true;
|
||
device = "nodev";
|
||
efiSupport = true;
|
||
useOSProber = true; # automatically add other OSs into grub menu
|
||
# if you use an encrypted /boot partition, you should enable this option.
|
||
# grub 2.12-rc1 support only luks1 and luks2+pbkdf2,
|
||
# so the /boot partition can only use those two luks encrypt format.
|
||
# enableCryptodisk = true;
|
||
};
|
||
|
||
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
|
||
boot.initrd.kernelModules = [ ];
|
||
boot.kernelModules = [ "kvm-intel" ];
|
||
boot.extraModulePackages = [ ];
|
||
|
||
fileSystems."/" =
|
||
{ device = "/dev/disk/by-uuid/836b93a9-324f-45e6-ac1d-964becd7520c";
|
||
fsType = "btrfs";
|
||
options = [ "subvol=@root" ];
|
||
};
|
||
|
||
boot.initrd = {
|
||
# encrypted-nixos is the root filesystem of nixos
|
||
# it's unlocked by a keyfile or passphrase.
|
||
# the root filesystem's unlock method is implemented in initrd(initramfs)
|
||
# since /boot is another separat partition, we can use LUKS2 + argon2 for best security,
|
||
# and do not need to take care of grub2's compatibility with luks.
|
||
luks.devices."crypted-nixos" = {
|
||
device = "/dev/disk/by-uuid/a31454b6-e2ad-4175-8013-70cfdcbfeaac";
|
||
# the keyfile(or device partition) that should be used as the decryption key for the encrypted device.
|
||
# if not specified, you will be prompted for a passphrase instead.
|
||
#keyFile = "/keyfile.bin";
|
||
|
||
# whether to allow TRIM requests to the underlying device.
|
||
# it's less secure, but faster.
|
||
allowDiscards = true;
|
||
};
|
||
# secrets to append to the initrd.
|
||
# the initrd is located in /boot partition, so only enabled this options when you encryped /boot partition!
|
||
secrets = {
|
||
# Format:
|
||
# file-path inside initrd = the source path it should be copied from.
|
||
# "/keyfile.bin" = "/etc/secrets/initrd/keyfile.bin";
|
||
};
|
||
};
|
||
|
||
fileSystems."/nix" =
|
||
{ device = "/dev/disk/by-uuid/836b93a9-324f-45e6-ac1d-964becd7520c";
|
||
fsType = "btrfs";
|
||
options = [ "subvol=@nix" "noatime" ];
|
||
};
|
||
|
||
fileSystems."/home" =
|
||
{ device = "/dev/disk/by-uuid/836b93a9-324f-45e6-ac1d-964becd7520c";
|
||
fsType = "btrfs";
|
||
options = [ "subvol=@home" ];
|
||
};
|
||
|
||
fileSystems."/swap" =
|
||
{ device = "/dev/disk/by-uuid/836b93a9-324f-45e6-ac1d-964becd7520c";
|
||
fsType = "btrfs";
|
||
options = [ "subvol=@swap" ];
|
||
};
|
||
|
||
fileSystems."/boot" =
|
||
{ device = "/dev/disk/by-uuid/B63C-4887";
|
||
fsType = "vfat";
|
||
};
|
||
|
||
swapDevices =
|
||
[ { device = "/swap/swapfile"; }
|
||
];
|
||
|
||
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||
# still possible to use this option, but it's recommended to use it in conjunction
|
||
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||
networking.useDHCP = lib.mkDefault true;
|
||
# networking.interfaces.enp5s0.useDHCP = lib.mkDefault true;
|
||
# networking.interfaces.wlo1.useDHCP = lib.mkDefault true;
|
||
|
||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
|
||
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||
}
|