nixcfg/hosts/petalburg/default.nix
Aly Raffauf c6b59d0e34
hosts: enable secureboot and tpm luks unlocking (#99)
* flake: add secureboot

* petalburg: enable lanzaboote

* lavaridge: enable lanzaboote

* flake: auto import lanzaboote

* mauville: enable secureboot and auto luks unlocking

* lavaridge,petalburg: disable autologin

* README.md: add lanzaboote

* hosts/README.md: add secure boot setup docs
2024-08-24 15:25:41 -04:00

95 lines
2.3 KiB
Nix

# Lenovo Yoga 9i Convertible with Intel Core i7-1360P, 16GB RAM, 512GB SSD.
{
config,
lib,
self,
...
}: {
imports = [
./disko.nix
./home.nix
./secrets.nix
./stylix.nix
self.inputs.nixhw.nixosModules.lenovo-yoga-9i-intel-13th
self.nixosModules.common-auto-upgrade
self.nixosModules.common-base
self.nixosModules.common-locale
self.nixosModules.common-mauville-share
self.nixosModules.common-nix
self.nixosModules.common-overlays
self.nixosModules.common-pkgs
self.nixosModules.common-tailscale
self.nixosModules.common-wifi-profiles
];
boot = {
initrd.systemd.enable = true;
extraModulePackages = with config.boot.kernelPackages; [acpi_call];
lanzaboote = {
enable = true;
pkiBundle = "/etc/secureboot";
};
loader = {
efi.canTouchEfiVariables = true;
systemd-boot.enable = lib.mkForce false;
};
};
environment.variables.GDK_SCALE = "2";
networking.hostName = "petalburg";
nixpkgs.overlays = [
(final: prev: {
brave = prev.brave.override {commandLineArgs = "--gtk-version=4 --enable-wayland-ime";};
obsidian = prev.obsidian.overrideAttrs (old: {
installPhase =
builtins.replaceStrings ["--ozone-platform=wayland"]
["--ozone-platform=wayland --enable-wayland-ime"]
old.installPhase;
});
vscodium = prev.vscodium.override {commandLineArgs = "--enable-wayland-ime";};
webcord = prev.webcord.overrideAttrs (old: {
installPhase =
builtins.replaceStrings ["--ozone-platform-hint=auto"]
["--ozone-platform-hint=auto --enable-wayland-ime"]
old.installPhase;
});
})
];
system.stateVersion = "24.05";
ar = {
apps = {
firefox.enable = true;
podman.enable = true;
steam.enable = true;
};
desktop = {
greetd.enable = true;
hyprland.enable = true;
sway.enable = true;
};
laptopMode = true;
services.flatpak.enable = true;
users.aly = {
enable = true;
password = "$y$j9T$TitXX3J690cnK41XciNMg/$APKHM/os6FKd9H9aXGxaHaQ8zP5SenO9EO94VYafl43";
syncthing = {
enable = true;
certFile = config.age.secrets.syncthingCert.path;
keyFile = config.age.secrets.syncthingKey.path;
};
};
};
}