59 lines
1010 B
Nix
Executable File
59 lines
1010 B
Nix
Executable File
{ pkgs, ... }:
|
|
let
|
|
configLimit = 20;
|
|
kernel = pkgs.linuxPackages_latest;
|
|
in
|
|
{
|
|
# Configure bootloader with lanzaboot and secureboot
|
|
boot = {
|
|
kernelModules = [ "nct6775" ];
|
|
loader = {
|
|
systemd-boot = {
|
|
enable = true;
|
|
configurationLimit = configLimit;
|
|
};
|
|
|
|
efi = {
|
|
canTouchEfiVariables = true;
|
|
efiSysMountPoint = "/boot";
|
|
};
|
|
};
|
|
|
|
lanzaboote = {
|
|
enable = false;
|
|
pkiBundle = "/etc/secureboot";
|
|
settings = {
|
|
console-mode = "max";
|
|
};
|
|
configurationLimit = configLimit;
|
|
};
|
|
|
|
# Override kernel to latest
|
|
kernelPackages = kernel;
|
|
|
|
kernelParams = [
|
|
"nohibernate"
|
|
];
|
|
|
|
consoleLogLevel = 3;
|
|
bootspec.enable = true;
|
|
|
|
initrd = {
|
|
kernelModules = [
|
|
# "tpm"
|
|
# "tpm_tis"
|
|
# "tpm_crb"
|
|
# "tpm_infineon"
|
|
];
|
|
systemd = {
|
|
enable = true;
|
|
tpm2.enable = true;
|
|
};
|
|
};
|
|
};
|
|
|
|
zramSwap = {
|
|
enable = true;
|
|
};
|
|
}
|