2022-10-16 17:01:58 +00:00
|
|
|
{ config, pkgs, pkgs-unstable, ... }:
|
2021-01-15 19:27:51 +00:00
|
|
|
let
|
2021-01-16 04:14:30 +00:00
|
|
|
net_opts = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=60" "x-systemd.device-timeout=5s" "x-systemd.mount-timeout=5s" ];
|
2021-01-15 19:27:51 +00:00
|
|
|
in
|
2020-04-11 21:47:33 +00:00
|
|
|
{
|
2020-08-15 03:06:11 +00:00
|
|
|
imports = [ ../../externals/systemd-boot-secure ];
|
2020-04-11 21:47:33 +00:00
|
|
|
boot = {
|
2022-10-16 17:01:58 +00:00
|
|
|
kernelPackages = pkgs-unstable.linuxPackages_latest;
|
2021-01-04 00:41:24 +00:00
|
|
|
extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback ];
|
2020-04-11 21:47:33 +00:00
|
|
|
kernel.sysctl."vm.swappiness" = 5;
|
|
|
|
cleanTmpDir = true;
|
2020-05-13 01:19:30 +00:00
|
|
|
loader.systemd-boot-secure = {
|
|
|
|
enable = true;
|
|
|
|
signed = true;
|
|
|
|
signing-key = "/root/secure-boot/db.key";
|
|
|
|
signing-certificate = "/root/secure-boot/db.crt";
|
|
|
|
};
|
2020-04-11 21:47:33 +00:00
|
|
|
|
2020-11-26 04:17:41 +00:00
|
|
|
# Encrypted drives
|
2020-04-11 21:47:33 +00:00
|
|
|
initrd.luks = {
|
|
|
|
reusePassphrases = true;
|
|
|
|
devices = {
|
2020-04-27 23:19:31 +00:00
|
|
|
"${config.networking.hostName}" = {
|
2020-04-11 21:47:33 +00:00
|
|
|
device = "/dev/disk/by-uuid/274ec302-20b7-43bf-aa72-895ffdd96919";
|
|
|
|
preLVM = true;
|
|
|
|
allowDiscards = true;
|
|
|
|
};
|
2020-05-24 21:03:53 +00:00
|
|
|
glimmer = {
|
2021-01-16 04:14:30 +00:00
|
|
|
device = "/dev/disk/by-uuid/43220fc3-2f33-4915-9365-59eb27b21719";
|
2020-05-24 21:03:53 +00:00
|
|
|
preLVM = true;
|
|
|
|
allowDiscards = true;
|
|
|
|
};
|
2020-04-11 21:47:33 +00:00
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
2021-01-15 19:27:51 +00:00
|
|
|
|
2021-01-16 04:14:30 +00:00
|
|
|
fileSystems."/media/luna/media".options = net_opts;
|
|
|
|
fileSystems."/media/luna/photos".options = net_opts;
|
|
|
|
fileSystems."/media/luna/games".options = net_opts;
|
2021-01-23 19:00:13 +00:00
|
|
|
fileSystems."/media/luna/private".options = net_opts;
|
2022-02-01 07:00:28 +00:00
|
|
|
|
|
|
|
services.btrfs.autoScrub = {
|
|
|
|
enable = true;
|
|
|
|
fileSystems = [ "/" "/media/data" ];
|
|
|
|
};
|
2020-04-11 21:47:33 +00:00
|
|
|
}
|