11     ../../nixos/profiles/hardware/T14sAMDGen1.nix
 
  12     ../../nixos/profiles/zfs.nix
 
  13     ../../nixos/profiles/zramSwap.nix
 
  17   # Setting the machine-id avoids to reencrypt all credentials
 
  18   # when reinstalling NixOS on a new drive.
 
  19   # Manually generated with : uuidgen | tr -d -
 
  20   environment.etc.machine-id.source = ./machine-id.clear;
 
  22   # The 32-bit host id of the host, formatted as 8 hexadecimal characters.
 
  23   # You should try to make this id unique among your hosts.
 
  24   networking.hostId = lib.readFile ./host-id.clear;
 
  32   # Deprecated in nixos-24.11
 
  33   #boot.kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
 
  36       canTouchEfiVariables = true;
 
  37       efiSysMountPoint = "/boot1";
 
  42       # Roughly 25MiB (initrd) + 9MiB (kernel) per configuration
 
  43       configurationLimit = 6;
 
  44       memtest86.enable = true;
 
  46         extraInstallCommands = ''
 
  48           cp -r /efiboot/efi1 /efiboot/efi2
 
  51       # FIXME: needs https://github.com/NixOS/nixpkgs/pull/246897
 
  55   boot.zfs.requestEncryptionCredentials = [ "${hostName}/root" ];
 
  57   #console.keyMap = lib.mkForce "de";
 
  59   hardware.enableRedistributableFirmware = true;
 
  61   fileSystems."/boot1" = {
 
  62     device = "/dev/disk/by-partlabel/${hostName}_disk1_boot";
 
  75       device = "/dev/disk/by-partlabel/${hostName}_disk1_swap";
 
  78         cipher = "aes-xts-plain64";
 
  79         source = "/dev/urandom";
 
  84   boot.supportedFilesystems = [
 
  90     device = "${hostName}/root";
 
  92     options = [ "zfsutil" ];
 
  94   fileSystems."/nix" = {
 
  95     device = "${hostName}/root/nix";
 
 102   fileSystems."/var" = {
 
 103     device = "${hostName}/root/var";
 
 111   services.pipewire.jack.enable = true;
 
 116   services.auto-cpufreq = {
 
 120         enable_thresholds = true;
 
 121         start_threshold = 65;
 
 127   security.tpm2.enable = true;
 
 128   security.tpm2.pkcs11.enable = true; # expose /run/current-system/sw/lib/libtpm2_pkcs11.so
 
 129   security.tpm2.tctiEnvironment.enable = true; # TPM2TOOLS_TCTI and TPM2_PKCS11_TCTI env variables