{ config, lib, modulesPath, pkgs, ... }: { imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; boot = { kernelModules = [ "kvm-intel" ]; blacklistedKernelModules = [ "acpi_power_meter" ]; # constantly pollutes kernel log extraModulePackages = [ ]; supportedFilesystems = [ "btrfs" ]; kernelParams = let mainInterface = config.systemd.network.networks.eno1; first = lib.flip lib.elemAt 0; in [ "ip=${first mainInterface.address}::${first mainInterface.gateway}::${config.networking.hostName}:${mainInterface.name}" ]; initrd = { availableKernelModules = [ "aesni_intel" # hardware crypto for luks "ahci" "ehci_pci" "sd_mod" "tg3" # network interface "uhci_hcd" "usb_storage" "usbhid" "xhci_pci" ]; kernelModules = [ ]; network.enable = true; # remote unlocking luks.devices = { root = { name = "root"; device = "/dev/disk/by-uuid/c5cf6858-cca0-40dc-a3b5-ab47a3f9d49c"; preLVM = true; allowDiscards = true; }; }; }; loader.grub.device = "/dev/disk/by-id/ata-INTEL_SSDSC2KB480G7_PHYS749202D6480BGN"; }; environment.etc.crypttab.text = '' data0 UUID=aa692e73-2b75-4239-8a87-5f5b69ea56c5 /root/luks-data luks data1 UUID=1f4120b6-a3a0-4973-8c4c-a4d6703eea2a /root/luks-data luks ''; fileSystems = { "/" = { device = "/dev/disk/by-uuid/92a1f733-8a23-42ea-958b-0d01a5de7776"; fsType = "btrfs"; options = [ "compress=zstd" "discard" "noatime" ]; }; "/boot" = { device = "/dev/disk/by-uuid/0f1822e1-643b-49e0-b279-5e3373c6a26c"; fsType = "ext2"; }; "/data" = { device = "/dev/mapper/data0"; fsType = "btrfs"; options = [ "compress=zstd" ]; }; }; services.btrfs.autoScrub = { enable = true; fileSystems = [ "/data" ]; }; swapDevices = [ { device = "/dev/disk/by-partuuid/22978e17-fbbf-4879-9385-5c9473df1706"; randomEncryption.enable = true; } ]; powerManagement.cpuFreqGovernor = "performance"; networking.useDHCP = false; systemd.network = { enable = true; networks = { eno1 = { name = "eno1"; dns = [ "192.168.100.1" ]; domains = [ "home.sbruder.de" ]; address = [ "192.168.100.61/24" ]; gateway = [ "192.168.100.1" ]; }; }; }; services.resolved.enable = false; systemd.network.wait-online.extraArgs = [ "-i" "eno1" ]; }