2024-06-20 20:21:10 +00:00
|
|
|
{ pkgs, ... }:
|
2024-06-19 13:04:42 +00:00
|
|
|
{
|
|
|
|
boot = {
|
|
|
|
kernelPackages = pkgs.linuxPackages_latest;
|
|
|
|
initrd = {
|
|
|
|
kernelModules = ["uas" "usbcore" "usb_storage" "vfat" "nls_cp437" "nls_iso8859_1"];
|
|
|
|
luks.devices."crypted" = {
|
|
|
|
bypassWorkqueues = true;
|
|
|
|
# ~~~> Define this in system configuration <~~~ search by uuid, partuuid, id, or other stable identification ~> lsblk, blkid or ls -l
|
|
|
|
# device = lib.mkDefault "/dev/disk/by-partuuid/5e65cc4c-eb35-4d62-8fcd-387d6a87c067";
|
|
|
|
|
|
|
|
# crypttabExtraOpts = [ "tpm2-device=auto" ]; # tpm2 unlock
|
|
|
|
preLVM = true;
|
|
|
|
allowDiscards = true;
|
|
|
|
|
|
|
|
# If using a USB or SD Card :
|
|
|
|
keyFileSize = 4096;
|
|
|
|
keyFile = "/key/hdd.key";
|
|
|
|
|
|
|
|
# Use this if you want to fallback to the encryption password when the drive can't be found. HIGHLY RECCOMENDED!!!!
|
|
|
|
fallbackToPassword = true;
|
|
|
|
|
|
|
|
};
|
|
|
|
};
|
|
|
|
resumeDevice = "/dev/nvme0n1"; # should be pointing to disk/dev where swap resides, for some reason my disk does not have uuid
|
|
|
|
kernelParams = [
|
|
|
|
# hibernation
|
|
|
|
"resume_offset=533760"
|
|
|
|
];
|
|
|
|
};
|
|
|
|
}
|