snowfall/systems/x86_64-linux/c-pc/hardware.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60

{ config, lib, pkgs, modulesPath, ... }:

{
  imports = [
    (modulesPath + "/installer/scan/not-detected.nix")
  ];

  boot = {
    loader.grub = {
      enable = true;

      useOSProber = true;

      zfsSupport = true;
      efiSupport = true;
      efiInstallAsRemovable = true;
      
      mirroredBoots = [
        { devices = [ "nodev" ]; path = "/boot"; }
      ];
    };

    initrd = {
      availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
      kernelModules = [ "amdgpu" ];

      #TODO: re-enable impermanence
      # postDeviceCommands = lib.mkAfter ''
      #   zfs rollback -r zpool/root@blank && zfs rollback -r zpool/home@blank
      # '';

      postMountCommands = lib.mkAfter ''
        chmod u=rw,g=,o= /secrets
      '';
    };

    kernelModules = [ "kvm-amd" ];
    extraModulePackages = [ ];

    supportedFilesystems = [ "ntfs" ];
  };

  fileSystems = {
    "/"               = { fsType = "zfs"; neededForBoot = true; device = "zpool/root"; };
    "/nix"            = { fsType = "zfs"; neededForBoot = true; device = "zpool/nix";  };
    "/home"           = { fsType = "zfs"; neededForBoot = true; device = "zpool/home"; };
    "/persist"        = { fsType = "zfs"; neededForBoot = true; device = "zpool/persist"; };
    "/persist/secure" = { fsType = "zfs"; neededForBoot = true; device = "zpool/secure/persist"; };
    "/secrets"        = { fsType = "zfs"; neededForBoot = true; device = "zpool/secure/secrets"; };

    "/boot"           = { fsType = "vfat"; device = "/dev/disk/by-uuid/12CE-A600"; };

    "/mnt/4tb"        = { fsType = "ext4"; device = "/dev/disk/by-label/4tb"; };
  };

  swapDevices = [ ];

  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}