hosts/courge/hardware.nix

   1 { pkgs, lib, config, hostName, ... }:
   2 with lib;
   3 {
   4   imports = [
   5     ../../nixos/profiles/hardware/T480.nix
   6     ../../nixos/profiles/zfs.nix
   7     ../../nixos/profiles/zramSwap.nix
   8     #hardware/nvidia.nix
   9   ];
  10
  11   # Setting the machine-id avoids to reencrypt all credentials
  12   # when reinstalling NixOS on a new drive.
  13   # Manually generated with : uuidgen | tr -d -
  14   environment.etc.machine-id.source = ./machine-id.clear;
  15
  16   # The 32-bit host id of the host, formatted as 8 hexadecimal characters.
  17   # You should try to make this id unique among your hosts.
  18   # Manually generated with : uuidgen | head -c8
  19   networking.hostId = "e6eba6c4";
  20
  21   boot.kernelParams = [
  22     #"boot.trace"
  23     "boot.shell_on_fail"
  24     #"boot.debug1"
  25   ];
  26   # Deprecated in nixos-24.11
  27   #boot.kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
  28   boot.loader = {
  29     efi = {
  30       canTouchEfiVariables = true;
  31       efiSysMountPoint = "/boot1";
  32     };
  33     systemd-boot = {
  34       enable = true;
  35       #editor = false;
  36       # Roughly 25MiB (initrd) + 9MiB (kernel) per configuration
  37       configurationLimit = 6;
  38       memtest86.enable = true;
  39       /*
  40       extraInstallCommands = ''
  41         rm -rf /efiboot/efi2
  42         cp -r /efiboot/efi1 /efiboot/efi2
  43       '';
  44       */
  45       # FIXME: needs https://github.com/NixOS/nixpkgs/pull/246897
  46       #mirroredBoots = [ ];
  47     };
  48   };
  49   boot.zfs.requestEncryptionCredentials = [ "${hostName}/root" ];
  50
  51   hardware.enableRedistributableFirmware = true;
  52   # Disable IR camera
  53   services.udev.extraRules = ''
  54     ACTION=="add", ATTRS{idVendor}=="5986", ATTRS{idProduct}=="1141", RUN="${pkgs.runtimeShell} -c 'echo 1 >/sys$devpath/remove'"
  55   '';
  56
  57   fileSystems."/boot1" =
  58     {
  59       device = "/dev/disk/by-partlabel/${hostName}_ssd1_boot";
  60       fsType = "vfat";
  61       options = [ "rw" "noexec" "nodev" "nofail" "X-mount.mkdir" "iocharset=iso8859-1" ];
  62     };
  63   swapDevices = [
  64     {
  65       device = "/dev/disk/by-partlabel/${hostName}_ssd1_swap";
  66       randomEncryption = {
  67         enable = true;
  68         cipher = "aes-xts-plain64";
  69         source = "/dev/urandom";
  70       };
  71     }
  72   ];
  73
  74   boot.supportedFilesystems = [ "ntfs" "vfat" ];
  75
  76   fileSystems."/" =
  77     {
  78       device = "${hostName}/root";
  79       fsType = "zfs";
  80       options = [ "zfsutil" ];
  81     };
  82   fileSystems."/nix" =
  83     {
  84       device = "${hostName}/root/nix";
  85       fsType = "zfs";
  86       options = [ "X-mount.mkdir" "zfsutil" ];
  87     };
  88   fileSystems."/var" =
  89     {
  90       device = "${hostName}/root/var";
  91       fsType = "zfs";
  92       options = [ "X-mount.mkdir" "zfsutil" ];
  93     };
  94
  95   services.pipewire.jack.enable = true;
  96
  97 }