29 lines
582 B
Nix
29 lines
582 B
Nix
{ ... }:
|
|
{
|
|
boot.supportedFilesystems = [ "zfs" ];
|
|
boot.zfs.devNodes = "/dev/disk/by-id";
|
|
boot.initrd.systemd.enable = true;
|
|
boot.initrd.luks.devices.cryptroot = {
|
|
device = "/dev/disk/by-partlabel/cryptroot";
|
|
allowDiscards = true;
|
|
crypttabExtraOpts = [
|
|
"tpm2-device=auto"
|
|
"tpm2-pcrs=7"
|
|
];
|
|
};
|
|
|
|
security.tpm2 = {
|
|
enable = true;
|
|
pkcs11.enable = true;
|
|
tctiEnvironment.enable = true;
|
|
};
|
|
|
|
services.zfs = {
|
|
autoScrub.enable = true;
|
|
trim.enable = true;
|
|
autoSnapshot.enable = true;
|
|
};
|
|
|
|
services.fstrim.enable = false;
|
|
}
|