1 { pkgs, lib, config, hostName, ... }:
 
   5     ../../nixos/profiles/hardware/T480.nix
 
   6     ../../nixos/profiles/zfs.nix
 
   7     ../../nixos/profiles/zramSwap.nix
 
  11   # Setting the machine-id avoids to reencrypt all credentials
 
  12   # when reinstalling NixOS on a new drive.
 
  13   # Manually generated with : uuidgen | tr -d -
 
  14   environment.etc.machine-id.source = ./machine-id.clear;
 
  16   # The 32-bit host id of the host, formatted as 8 hexadecimal characters.
 
  17   # You should try to make this id unique among your hosts.
 
  18   # Manually generated with : uuidgen | head -c8
 
  19   networking.hostId = "e6eba6c4";
 
  26   boot.kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
 
  29       canTouchEfiVariables = true;
 
  30       efiSysMountPoint = "/boot1";
 
  35       # Roughly 25MiB (initrd) + 9MiB (kernel) per configuration
 
  36       configurationLimit = 6;
 
  37       memtest86.enable = true;
 
  39       extraInstallCommands = ''
 
  41         cp -r /efiboot/efi1 /efiboot/efi2
 
  44       # FIXME: needs https://github.com/NixOS/nixpkgs/pull/246897
 
  48   boot.zfs.requestEncryptionCredentials = [ "${hostName}/root" ];
 
  50   hardware.enableRedistributableFirmware = true;
 
  52   services.udev.extraRules = ''
 
  53     ACTION=="add", ATTRS{idVendor}=="5986", ATTRS{idProduct}=="1141", RUN="${pkgs.runtimeShell} -c 'echo 1 >/sys$devpath/remove'"
 
  56   fileSystems."/boot1" =
 
  58       device = "/dev/disk/by-partlabel/${hostName}_ssd1_boot";
 
  60       options = [ "rw" "noexec" "nodev" "nofail" "X-mount.mkdir" "iocharset=iso8859-1" ];
 
  64       device = "/dev/disk/by-partlabel/${hostName}_ssd1_swap";
 
  67         cipher = "aes-xts-plain64";
 
  68         source = "/dev/urandom";
 
  73   boot.supportedFilesystems = [ "ntfs" "vfat" ];
 
  77       device = "${hostName}/root";
 
  79       options = [ "zfsutil" ];
 
  83       device = "${hostName}/root/nix";
 
  85       options = [ "X-mount.mkdir" "zfsutil" ];
 
  89       device = "${hostName}/root/var";
 
  91       options = [ "X-mount.mkdir" "zfsutil" ];
 
  94   services.pipewire.jack.enable = true;