50 lines
1.2 KiB
Nix
50 lines
1.2 KiB
Nix
{ pkgs, ... }:
|
|
{
|
|
# ======================================================
|
|
# ____ _ _ _
|
|
# | __ ) ___ ___ | |_| | ___ __ _ __| | ___ _ __
|
|
# | _ \ / _ \ / _ \| __| |/ _ \ / _` |/ _` |/ _ \ '__|
|
|
# | |_) | (_) | (_) | |_| | (_) | (_| | (_| | __/ |
|
|
# |____/ \___/ \___/ \__|_|\___/ \__,_|\__,_|\___|_|
|
|
#
|
|
# Bootloader
|
|
# UEFI enabled GRUB2 setup
|
|
# with full disk encryption and swap with hibernation
|
|
|
|
# Bootloader
|
|
boot.loader = {
|
|
efi = {
|
|
canTouchEfiVariables = false;
|
|
efiSysMountPoint = "/boot";
|
|
};
|
|
grub = {
|
|
enable = true;
|
|
efiSupport = true;
|
|
extraEntriesBeforeNixOS = true;
|
|
efiInstallAsRemovable = true; # in case canTouchEfiVariables doesn't work for your system
|
|
device = "nodev";
|
|
useOSProber = true;
|
|
};
|
|
};
|
|
|
|
boot.kernelPackages = pkgs.linuxPackages_latest;
|
|
|
|
# extra enabled kernel modules
|
|
boot.kernelModules = [
|
|
"sg" # for generic SCSI devices such as /dev/sg0
|
|
"wireguard"
|
|
];
|
|
|
|
# Kernel parameter on boot
|
|
boot.kernelParams = [
|
|
"quiet"
|
|
"splash"
|
|
"psi=1"
|
|
"boot_delay=0"
|
|
];
|
|
|
|
# Setup keyfile
|
|
boot.initrd.secrets = {
|
|
"/crypto_keyfile.bin" = null;
|
|
};
|
|
} |