t

2025-07-15 17:08:36 -05:00
parent 0fcb6e07f7
commit 17d4e87056
9 changed files with 425 additions and 16 deletions
--- a/hosts/nuc/boot.nix
+++ b/hosts/nuc/boot.nix
@@ -0,0 +1,58 @@
+{ pkgs, ... }:
+let
+  configLimit = 20;
+  kernel = pkgs.linuxPackages_latest;
+in
+{
+  # Configure bootloader with lanzaboot and secureboot
+  boot = {
+    kernelModules = [ "nct6775" ];
+    loader = {
+      systemd-boot = {
+        enable = true;
+        configurationLimit = configLimit;
+      };
+
+      efi = {
+        canTouchEfiVariables = true;
+        efiSysMountPoint = "/boot";
+      };
+    };
+
+    lanzaboote = {
+      enable = false;
+      pkiBundle = "/etc/secureboot";
+      settings = {
+        console-mode = "max";
+      };
+      configurationLimit = configLimit;
+    };
+
+    # Override kernel to latest
+    kernelPackages = kernel;
+
+    kernelParams = [
+      "nohibernate"
+    ];
+
+    consoleLogLevel = 3;
+    bootspec.enable = true;
+
+    initrd = {
+      kernelModules = [
+        # "tpm"
+        # "tpm_tis"
+        # "tpm_crb"
+        # "tpm_infineon"
+      ];
+      systemd = {
+        enable = true;
+        tpm2.enable = true;
+      };
+    };
+  };
+
+  zramSwap = {
+    enable = true;
+  };
+}