colin
d13bcc49ab
longer-term, i want hosts/by-name to define host-specific data that's accessible via the other hosts (things like pubkeys). also the secrets management needs some rethinking. there's really not much point in me specifiying where *exactly* a secret comes from at its use site. i should really be specifying secret store manifests; i.e. "servo.yaml contains secrets X Y and Z", and leaving the rest up to auto-computing.
41 lines
1.1 KiB
Nix
41 lines
1.1 KiB
Nix
{ lib, pkgs, ... }:
|
|
|
|
{
|
|
boot.initrd.supportedFilesystems = [ "ext4" "btrfs" "ext2" "ext3" "vfat" ];
|
|
# useful emergency utils
|
|
boot.initrd.extraUtilsCommands = ''
|
|
copy_bin_and_libs ${pkgs.btrfs-progs}/bin/btrfstune
|
|
'';
|
|
boot.kernelParams = [ "boot.shell_on_fail" ];
|
|
# other kernelParams:
|
|
# "boot.trace"
|
|
# "systemd.log_level=debug"
|
|
# "systemd.log_target=console"
|
|
|
|
# hack in the `boot.shell_on_fail` arg since that doesn't always seem to work.
|
|
boot.initrd.preFailCommands = "allowShell=1";
|
|
|
|
# default: 4 (warn). 7 is debug
|
|
boot.consoleLogLevel = 7;
|
|
|
|
boot.loader.grub.enable = lib.mkDefault false;
|
|
boot.loader.generic-extlinux-compatible.enable = lib.mkDefault true;
|
|
|
|
# non-free firmware
|
|
hardware.enableRedistributableFirmware = true;
|
|
services.fwupd.enable = true;
|
|
|
|
# powertop will default to putting USB devices -- including HID -- to sleep after TWO SECONDS
|
|
powerManagement.powertop.enable = false;
|
|
|
|
# services.snapper.configs = {
|
|
# root = {
|
|
# subvolume = "/";
|
|
# extraConfig = {
|
|
# ALLOW_USERS = "colin";
|
|
# };
|
|
# };
|
|
# };
|
|
# services.snapper.snapshotInterval = "daily";
|
|
}
|