]> Git — Sourcephile - julm/julm-nix.git/blob - hosts/oignon/hardware.nix
nix: add PR for kernel-hardening-checker
[julm/julm-nix.git] / hosts / oignon / hardware.nix
1 { pkgs, hostName, ... }:
2 {
3 imports = [
4 ../../nixos/profiles/hardware/X201.nix
5 ../../nixos/profiles/zfs.nix
6 ../../nixos/profiles/zramSwap.nix
7 ];
8
9 # Setting the machine-id avoids to reencrypt all credentials
10 # when reinstalling NixOS on a new drive.
11 # Manually generated with : uuidgen | tr -d -
12 environment.etc.machine-id.source = ./machine-id.clear;
13
14 # The 32-bit host id of the host, formatted as 8 hexadecimal characters.
15 # You should try to make this id unique among your hosts.
16 # Manually generated with : uuidgen | head -c8
17 networking.hostId = "ce53d0c3";
18
19 /*
20 boot.loader.efi = {
21 canTouchEfiVariables = true;
22 efiSysMountPoint = "/boot/efi";
23 };
24 */
25 boot.loader.grub = {
26 enable = true;
27 memtest86.enable = true;
28 devices = [
29 "/dev/disk/by-id/ata-Samsung_SSD_850_PRO_128GB_S1SMNSAFC36436X"
30 ];
31 configurationLimit = 16;
32
33 #zfsSupport = true;
34 #efiSupport = true;
35 #enableCryptodisk = true;
36 };
37 boot.zfs.requestEncryptionCredentials = [ hostName ];
38
39 hardware.enableRedistributableFirmware = true;
40
41 # Note that gobi_loader -2000 has to be rerun if the SIM is hot swapped
42 services.udev.extraRules = ''
43 ACTION=="add", SUBSYSTEM=="tty", KERNEL=="ttyUSB*", ATTRS{idVendor}=="05c6", ATTRS{idProduct}=="9204", RUN+="${pkgs.gobi_loader}/lib/udev/gobi_loader -2000 $env{DEVNAME} /home/julm/files/thinkpad-x201/gobi"
44 '';
45
46 fileSystems."/boot" =
47 {
48 device = "/dev/disk/by-partlabel/${hostName}_ssd_boot";
49 fsType = "ext2";
50 };
51 fileSystems."/boot/efi" =
52 {
53 device = "/dev/disk/by-partlabel/${hostName}_ssd_efi";
54 fsType = "vfat";
55 };
56 swapDevices = [
57 {
58 device = "/dev/disk/by-partlabel/${hostName}_ssd_swap";
59 randomEncryption = {
60 enable = true;
61 cipher = "aes-xts-plain64";
62 source = "/dev/urandom";
63 };
64 }
65 ];
66
67 boot.supportedFilesystems = [ "ntfs" "vfat" ];
68
69 fileSystems."/" =
70 {
71 device = "${hostName}/root";
72 fsType = "zfs";
73 };
74 fileSystems."/nix" =
75 {
76 device = "${hostName}/nix";
77 fsType = "zfs";
78 };
79 fileSystems."/var" =
80 {
81 device = "${hostName}/var";
82 fsType = "zfs";
83 };
84
85 services.pipewire.jack.enable = true;
86
87 }