nix-config/hosts/idols/ai/hardware-configuration.nix

# Do not modify this file!  It was generated by ‘nixos-generate-config’
# and may be overwritten by future invocations.  Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:

{
  imports =
    [ (modulesPath + "/installer/scan/not-detected.nix")
    ];

  # Use the EFI boot loader.
  boot.loader.efi.canTouchEfiVariables = true;
  # depending on how you configured your disk mounts, change this to /boot or /boot/efi.
  boot.loader.efi.efiSysMountPoint = "/boot";
  boot.loader.grub = {
    enable = true;
    device = "nodev";
    efiSupport = true;
    useOSProber = true; # automatically add other OSs into grub menu
    # if you use an encrypted /boot partition, you should enable this option.
    # grub 2.12-rc1 support only luks1 and luks2+pbkdf2,
    # so the /boot partition can only use those two luks encrypt format.
    # enableCryptodisk = true;
  };

  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
  boot.initrd.kernelModules = [ ];
  boot.kernelModules = [ "kvm-intel" ];
  boot.extraModulePackages = [ ];

  fileSystems."/" =
    { device = "/dev/disk/by-uuid/836b93a9-324f-45e6-ac1d-964becd7520c";
      fsType = "btrfs";
      options = [ "subvol=@root" ];
    };

  boot.initrd = {
    # encrypted-nixos is the root filesystem of nixos
    # it's unlocked by a keyfile or passphrase.
    # the root filesystem's unlock method is implemented in initrd(initramfs)
    # since /boot is another separat partition, we can use LUKS2 + argon2 for best security,
    # and do not need to take care of grub2's compatibility with luks.
    luks.devices."crypted-nixos" = {
      device = "/dev/disk/by-uuid/a31454b6-e2ad-4175-8013-70cfdcbfeaac";
      # the keyfile(or device partition) that should be used as the decryption key for the encrypted device.
      # if not specified, you will be prompted for a passphrase instead.
      #keyFile = "/keyfile.bin";

      # whether to allow TRIM requests to the underlying device.
      # it's less secure, but faster.
      allowDiscards = true;
    };
    # secrets to append to the initrd.
    # the initrd is located in /boot partition, so only enabled this options when you encryped /boot partition!
    secrets = {
      # Format:
      #   file-path inside initrd  =  the source path it should be copied from.
      # "/keyfile.bin" = "/etc/secrets/initrd/keyfile.bin";
    };
  };

  fileSystems."/nix" =
    { device = "/dev/disk/by-uuid/836b93a9-324f-45e6-ac1d-964becd7520c";
      fsType = "btrfs";
      options = [ "subvol=@nix" "noatime" ];
    };

  fileSystems."/home" =
    { device = "/dev/disk/by-uuid/836b93a9-324f-45e6-ac1d-964becd7520c";
      fsType = "btrfs";
      options = [ "subvol=@home" ];
    };

  fileSystems."/swap" =
    { device = "/dev/disk/by-uuid/836b93a9-324f-45e6-ac1d-964becd7520c";
      fsType = "btrfs";
      options = [ "subvol=@swap" ];
    };

  fileSystems."/boot" =
    { device = "/dev/disk/by-uuid/B63C-4887";
      fsType = "vfat";
    };

  swapDevices =
    [ { device = "/swap/swapfile"; }
    ];

  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
  # (the default) this is the recommended approach. When using systemd-networkd it's
  # still possible to use this option, but it's recommended to use it in conjunction
  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
  networking.useDHCP = lib.mkDefault true;
  # networking.interfaces.enp5s0.useDHCP = lib.mkDefault true;
  # networking.interfaces.wlo1.useDHCP = lib.mkDefault true;

  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}