diff --git a/systems/common/optional/boot/btrfs_swap.nix b/systems/common/optional/boot/btrfs_swap.nix new file mode 100644 index 0000000..a6a89a3 --- /dev/null +++ b/systems/common/optional/boot/btrfs_swap.nix @@ -0,0 +1,6 @@ +{ + boot = { + kernelPackages = pkgs.linuxPackages_latest; + supportedFilesystems = [ "btrfs" ]; + } +} diff --git a/systems/common/optional/boot/initrd_USB_keyfile_luks.nix b/systems/common/optional/boot/initrd_USB_keyfile_luks.nix new file mode 100644 index 0000000..0e0f64e --- /dev/null +++ b/systems/common/optional/boot/initrd_USB_keyfile_luks.nix @@ -0,0 +1,47 @@ +{ + boot = { + kernelPackages = pkgs.linuxPackages_latest; + supportedFilesystems = [ "btrfs" ]; + + initrd = { + kernelModules = ["uas" "usbcore" "usb_storage" "vfat" "nls_cp437" "nls_iso8859_1"]; + # Mount USB key before trying to decrypt root filesystem + # postDeviceCommands = pkgs.lib.mkBefore '' + # mkdir -m 0755 -p /key + # sleep 2 # To make sure the usb key has been loaded + # mount -n -t vfat -o ro `findfs UUID=${PRIMARYUSBID}` /key || mount -n -t vfat -o ro `findfs UUID=${BACKUPUSBID}` /key + # ''; + ### ----> Instead use systemd mount unit + systemd = { + enable = true; # tpm2 unlock requires systemd initrd + mounts = [{ + what = ""; + where = "/key"; + type = "btrfs"; + }]; + }; + luks.devices."crypted" = { + bypassWorkqueues = true; + # ~~~> Define this in system configuration <~~~ search by uuid, partuuid, id, or other stable identification ~> lsblk, blkid or ls -l + # device = lib.mkDefault "/dev/disk/by-partuuid/5e65cc4c-eb35-4d62-8fcd-387d6a87c067"; + + # crypttabExtraOpts = [ "tpm2-device=auto" ]; # tpm2 unlock + preLVM = true; + allowDiscards = true; + + # If using a USB or SD Card : + keyFileSize = 4096; + keyFile = "/key/hdd.key"; + + # Use this if you want to fallback to the encryption password when the drive can't be found. HIGHLY RECCOMENDED!!!! + fallbackToPassword = true; + + }; + }; + resumeDevice = "/dev/nvme0n1"; # should be pointing to disk/dev where swap resides, for some reason my disk does not have uuid + kernelParams = [ + # hibernation + "resume_offset=533760" + ]; + }; + diff --git a/systems/common/optional/boot/quietboot.nix b/systems/common/optional/boot/quietboot.nix new file mode 100644 index 0000000..33a2d0b --- /dev/null +++ b/systems/common/optional/boot/quietboot.nix @@ -0,0 +1,32 @@ +{ + pkgs, + config, + ... +}: { + console = { + useXkbConfig = true; + earlySetup = false; + }; + + boot = { + plymouth = { + enable = true; + theme = "spinner-monochrome"; + themePackages = [ + (pkgs.plymouth-spinner-monochrome.override {inherit (config.boot.plymouth) logo;}) + ]; + }; + loader.timeout = 0; + kernelParams = [ + "quiet" + "loglevel=3" + "systemd.show_status=auto" + "udev.log_level=3" + "rd.udev.log_level=3" + "vt.global_cursor_default=0" + ]; + consoleLogLevel = 0; + initrd.verbose = false; + }; +} + diff --git a/systems/common/optional/boot/systemdboot.nix b/systems/common/optional/boot/systemdboot.nix new file mode 100644 index 0000000..42e8fbe --- /dev/null +++ b/systems/common/optional/boot/systemdboot.nix @@ -0,0 +1,10 @@ +{ + boot.loader = { + systemd-boot = { + enable = true; + consoleMode = "max"; + }; + efi.canTouchEfiVariables = true; + }; +} + diff --git a/systems/common/optional/pipewire.nix b/systems/common/optional/pipewire.nix new file mode 100644 index 0000000..9ea0a31 --- /dev/null +++ b/systems/common/optional/pipewire.nix @@ -0,0 +1,24 @@ +{ pkgs, ... }: +{ + sound.enable = true; + hardware.pulseaudio.enable = false; + security.rtkit.enable = true; + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + wireplumber.enable = true; + jack.enable = true; + + # use the example session manager (no others are packaged yet so this is enabled by default, + # no need to redefine it in your config for now) + # media-session.enable = true; + }; + environment.systemPackages = builtins.attrValues { + inherit (pkgs) + pamixer# pulseaudio sound mixer + pavucontrol; # pulseaudio volume control + }; +} +