hardened skinnyv

This commit is contained in:
Cyryl Płotnicki 2021-02-28 14:26:18 +00:00
parent 2b0b9be428
commit 319e254f1c
2 changed files with 41 additions and 43 deletions

View file

@ -15,22 +15,7 @@
../../git ../../git
]; ];
boot = { boot.kernelPackages = pkgs.linuxPackages_latest_hardened;
kernelPackages = pkgs.linuxPackages_latest;
initrd.luks.devices = {
root =
{
device = "/dev/disk/by-uuid/ef6e91d9-c477-4ab7-ae39-4a0ee413cebe";
preLVM = true;
allowDiscards = true;
};
};
loader.grub = {
device = "nodev";
efiSupport = true;
};
loader.efi.canTouchEfiVariables = true;
};
time.timeZone = "Europe/London"; time.timeZone = "Europe/London";
fonts.fontconfig.enable = true; fonts.fontconfig.enable = true;
@ -46,4 +31,4 @@
home.file.".config/i3/status.toml".source = ../../../.config/i3/status-single-bat.toml; home.file.".config/i3/status.toml".source = ../../../.config/i3/status-single-bat.toml;
}; };
} }

View file

@ -12,6 +12,19 @@
boot.initrd.kernelModules = [ "dm-snapshot" ]; boot.initrd.kernelModules = [ "dm-snapshot" ];
boot.kernelModules = [ "kvm-intel" ]; boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
boot.initrd.luks.devices = {
root =
{
device = "/dev/disk/by-uuid/ef6e91d9-c477-4ab7-ae39-4a0ee413cebe";
preLVM = true;
allowDiscards = true;
};
};
boot.loader.grub = {
device = "nodev";
efiSupport = true;
};
boot.loader.efi.canTouchEfiVariables = true;
fileSystems."/" = fileSystems."/" =
{ device = "/dev/disk/by-uuid/0c1df18e-df45-4290-8887-6529d00ccb9d"; { device = "/dev/disk/by-uuid/0c1df18e-df45-4290-8887-6529d00ccb9d";
@ -29,4 +42,4 @@
nix.maxJobs = lib.mkDefault 4; nix.maxJobs = lib.mkDefault 4;
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
} }