# Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. { config, lib, pkgs, modulesPath, ... }: { imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "uas" "sd_mod" "kvm-intel" ]; boot.initrd.kernelModules = [ "zfs" "nls_cp437" "nls_iso8859-1" "usbhid" "usb_storage" "nvme" ]; boot.zfs = { forceImportRoot = false; requestEncryptionCredentials = false; # none of the zfs datasets that should be mounted are encrypted. User homes happen later. # [ # "zpool/home" # "zpool/root" # "zpool/nix" # "zpool/var" # ]; }; boot.kernelModules = [ "kvm-intel" ]; boot.supportedFilesystems.zfs = true; networking.hostId = "40fa5ea8"; # boot.kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages; boot.kernelPackages = pkgs.linuxPackages_6_6; boot.extraModulePackages = [ ]; boot.kernelParams = [ "mds=full,nosmt" ]; services.homed.enable = true; fileSystems."/" = { device = "zpool/root"; fsType = "zfs"; }; fileSystems."/nix" = { device = "zpool/nix"; fsType = "zfs"; }; fileSystems."/var" = { device = "zpool/var"; fsType = "zfs"; }; # fileSystems."/home" = # { device = "zpool/home"; # fsType = "zfs"; # }; fileSystems."/boot" = { device = "/dev/disk/by-uuid/12CE-A600"; fsType = "vfat"; options = [ "fmask=0022" "dmask=0022" "umask=077" ]; }; grimmShared = { screens = { external = { id = "HDMI-A-1"; pos = "0 0"; }; internal = { id = "eDP-1"; fps = [ 144 60 ]; }; }; laptop_hardware.enable = true; }; # fileSystems."/crypt-storage" = # { device = "/dev/disk/by-uuid/6f0d65a8-24f0-439d-b5ee-03c0ef051fcb"; # fsType = "ext4"; # options = [ "umask=077" ]; # read only so a fat-finger can't accidentially bonk our salts, rendering the disk useless. # }; # fileSystems."/home/grimmauld" = # { device = "zpool/home/grimmauld"; # fsType = "zfs"; # }; security.pam = { zfs = { enable = true; homes = "zpool/home"; }; }; boot.initrd.luks.yubikeySupport = true; # enable yubikey support boot.initrd.luks.devices."root" = { device = "/dev/disk/by-uuid/6e6ca6b4-cfd5-4384-955b-bad9c48fa9d6"; # /dev/sda3 preLVM = true; allowDiscards = true; yubikey = { slot = 2; twoFactor = true; # Set to false for 1FA gracePeriod = 30; # Time in seconds to wait for Yubikey to be inserted keyLength = 64; # Set to $KEY_LENGTH/8 saltLength = 16; # Set to $SALT_LENGTH storage = { device = "/dev/disk/by-uuid/6f0d65a8-24f0-439d-b5ee-03c0ef051fcb"; # same ID as the crypt-storage mount earlier fsType = "ext4"; path = "/default"; }; }; }; swapDevices = [ ]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's # still possible to use this option, but it's recommended to use it in conjunction # with explicit per-interface declarations with `networking.interfaces..useDHCP`. networking.useDHCP = lib.mkDefault true; # networking.interfaces.enp3s0.useDHCP = lib.mkDefault true; # networking.interfaces.wlo1.useDHCP = lib.mkDefault true; nixpkgs.hostPlatform = "x86_64-linux"; hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; }