diff options
| author | Dylan <boss@tehbox.org> | 2025-09-16 16:43:55 +1200 |
|---|---|---|
| committer | Dylan <boss@tehbox.org> | 2025-09-16 16:43:55 +1200 |
| commit | d1395f9e6768551967f85128ccab19d12dec4c6f (patch) | |
| tree | 804d86634796edd5e378cb05ee2fda0a71d02497 /hardware-setups/tuf.nix | |
| parent | c1b48e9f2bfc4ae0e48d0c8e35ad1f4a2189ec30 (diff) | |
| download | nixos-configuration-d1395f9e6768551967f85128ccab19d12dec4c6f.tar.gz nixos-configuration-d1395f9e6768551967f85128ccab19d12dec4c6f.zip | |
feat: added server configuration and setup sops-nix
Diffstat (limited to 'hardware-setups/tuf.nix')
| -rw-r--r-- | hardware-setups/tuf.nix | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/hardware-setups/tuf.nix b/hardware-setups/tuf.nix new file mode 100644 index 0000000..a400a7d --- /dev/null +++ b/hardware-setups/tuf.nix @@ -0,0 +1,52 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ "dm-snapshot" "cryptd"]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + boot.initrd.luks.devices.cryptroot = { + device = "/dev/disk/by-uuid/18e2ffad-9ffb-4c3a-a82f-dd8098171427"; + preLVM = true; + }; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/db909240-4006-4ca8-a03a-3e3fc60cba17"; + fsType = "ext4"; + }; + + fileSystems."/home" = + { device = "/dev/disk/by-uuid/9ef8fad1-08cb-4c7a-9db1-3a37097544b0"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/6FC0-9F1C"; + fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/e1e972c8-3bb9-4131-a77f-fdea9f086a4d"; } + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp2s0.useDHCP = lib.mkDefault true; + # networking.interfaces.enp5s0f3u1.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + hardware.enableAllFirmware = true; +} |