{ config, lib, pkgs, modulesPath, ... }: { imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ "kvm-intel" ]; boot.kernelParams = [ "elevator=noop" "boot.shell_on_fail" "ip=dhcp" ]; boot.extraModulePackages = [ ]; boot.supportedFilesystems = [ "zfs" ]; networking.hostId = "c61a0c21"; networking.useDHCP = lib.mkDefault true; # Bootloader boot.loader = { efi = { canTouchEfiVariables = true; efiSysMountPoint = "/boot"; # use the same mount point here. }; grub = { enable = true; version = 2; copyKernels = true; efiSupport = true; mirroredBoots = [ {devices = [ "/dev/nvme0n1" ]; path = "/boot";} {devices = [ "/dev/nvme1n1" ]; path = "/boot1";} ]; }; }; # Uncomment [on a working system] to ensure extra safeguards are active that zfs uses to protect zfs pools: #boot.zfs.forceImportAll = false; #boot.zfs.forceImportRoot = false; # Remote Filesystem(s) unlocking boot.initrd.network.enable = true; boot.initrd.network.ssh = { enable = true; port = 2550; authorizedKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAPKorzbCjRROOmFpiEfbH2mmLJ8qACUUt7pln87PgkA kb@LoyAdjo" ]; hostKeys = [ "/etc/secrets/initrd/ssh_host_ed25519_key" ]; }; boot.initrd.network.postCommands = '' zpool import -a echo "zfs load-key -a; killall zfs" >> /root/.profile ''; # Filesystems fileSystems."/boot" = { device = "/dev/disk/by-uuid/7C96-7E8A"; fsType = "vfat"; options = [ "fmask=0022" "dmask=0022" ]; }; fileSystems."/boot1" = { device = "/dev/disk/by-uuid/7C97-3483"; fsType = "vfat"; options = [ "fmask=0022" "dmask=0022" ]; }; fileSystems."/" = { device = "mow0m/root"; fsType = "zfs"; }; fileSystems."/nix" = { device = "mow0m/root/nix"; fsType = "zfs"; }; fileSystems."/home" = { device = "mow0m/root/home"; fsType = "zfs"; }; swapDevices = [ ]; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; }