52 lines
1.5 KiB
Nix
52 lines
1.5 KiB
Nix
{ config, lib, pkgs, modulesPath, ... }:
|
|
{
|
|
imports = [
|
|
(modulesPath + "/profiles/qemu-guest.nix")
|
|
];
|
|
|
|
# System
|
|
boot.initrd.availableKernelModules = [ "xhci_pci" "virtio_scsi" "sr_mod" "sr_mod" "r8169" ];
|
|
boot.initrd.kernelModules = [ ];
|
|
boot.kernelModules = [ ];
|
|
boot.extraModulePackages = [ ];
|
|
nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
|
|
|
|
# Boot Loader
|
|
boot.loader.systemd-boot.enable = true;
|
|
boot.loader.efi.canTouchEfiVariables = true;
|
|
|
|
# SSH Remote Unlock
|
|
boot.kernelParams = [ "ip=dhcp" ];
|
|
boot.initrd.systemd.users.root.shell = "/bin/cryptsetup-askpass";
|
|
boot.initrd.network = {
|
|
enable = true;
|
|
ssh = {
|
|
enable = true;
|
|
port = 7299;
|
|
authorizedKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ6jJa135d46R9XgV7h5SfxALabycI5ZPN8kdSQbEkYM kb@Ohybke" ];
|
|
hostKeys = [ "/etc/secrets/initrd/ssh_host_rsa_key" ];
|
|
};
|
|
postCommands = ''
|
|
echo 'cryptsetup-askpass' >> /root/.profile
|
|
'';
|
|
};
|
|
|
|
# Disks
|
|
boot.initrd.luks.devices."luks-2d08047a-a014-480b-8a24-a70e20a2d7d7".device = "/dev/disk/by-uuid/2d08047a-a014-480b-8a24-a70e20a2d7d7";
|
|
fileSystems."/" = {
|
|
device = "/dev/disk/by-uuid/9c1d9682-5cfb-4683-a789-f544fc6e7681";
|
|
fsType = "ext4";
|
|
};
|
|
fileSystems."/boot" = {
|
|
device = "/dev/disk/by-uuid/FEAA-61DA";
|
|
fsType = "vfat";
|
|
options = [ "fmask=0077" "dmask=0077" ];
|
|
};
|
|
|
|
swapDevices = [ ];
|
|
|
|
# Networking
|
|
networking.useDHCP = lib.mkDefault true;
|
|
# networking.interfaces.enp7s0.useDHCP = lib.mkDefault true;
|
|
|
|
}
|