35 lines
934 B
Nix
35 lines
934 B
Nix
|
{ pkgs, ... }:
|
||
|
{
|
||
|
# ======================================================
|
||
|
# ____ _ _ _
|
||
|
# | __ ) ___ ___ | |_| | ___ __ _ __| | ___ _ __
|
||
|
# | _ \ / _ \ / _ \| __| |/ _ \ / _` |/ _` |/ _ \ '__|
|
||
|
# | |_) | (_) | (_) | |_| | (_) | (_| | (_| | __/ |
|
||
|
# |____/ \___/ \___/ \__|_|\___/ \__,_|\__,_|\___|_|
|
||
|
#
|
||
|
# Bootloader
|
||
|
# UEFI enabled GRUB2 setup
|
||
|
# with full disk encryption and swap with hibernation
|
||
|
|
||
|
# Bootloader
|
||
|
boot.loader = {
|
||
|
efi = {
|
||
|
canTouchEfiVariables = false;
|
||
|
efiSysMountPoint = "/boot";
|
||
|
};
|
||
|
grub = {
|
||
|
enable = true;
|
||
|
efiSupport = true;
|
||
|
extraEntriesBeforeNixOS = true;
|
||
|
efiInstallAsRemovable = true; # in case canTouchEfiVariables doesn't work for your system
|
||
|
device = "nodev";
|
||
|
useOSProber = true;
|
||
|
};
|
||
|
};
|
||
|
|
||
|
# Setup keyfile
|
||
|
boot.initrd.secrets = {
|
||
|
"/crypto_keyfile.bin" = null;
|
||
|
};
|
||
|
}
|