{ #inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11"; inputs.disko.url = "github:nix-community/disko"; inputs.disko.inputs.nixpkgs.follows = "nixpkgs"; inputs.nixos-anywhere.url = "github:numtide/nixos-anywhere"; inputs.nixos-anywhere.inputs.nixpkgs.follows = "nixpkgs"; outputs = { self, nixpkgs, disko, nixos-anywhere, ... }@attrs: { packages."x86_64-linux".makeDiskImageTest = disko.lib.lib.makeDiskImage { nixosConfig = self.nixosConfigurations.mysystem; }; packages."x86_64-linux".makeDiskScriptTest = disko.lib.lib.makeDiskImageScript { nixosConfig = self.nixosConfigurations.mysystem; }; nixosConfigurations.mysystem = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; specialArgs = attrs; modules = [ disko.nixosModules.disko # Generate hardware configuration on target system and add it here. # See README.md for details. ./hardware-configs/yodaHP.nix # Select disko disk layout configuration. # # The way we import the luks-btrfs disk layout and pass an argument is not ideal, # but keeps this config file shorter. A batter way is to expose options: # https://discourse.nixos.org/t/passing-parameters-into-import/34082/4 # #./disk-configs/simple-efi.nix #./disk-configs/luks-lvm.nix (import ./disk-configs/luks-btrfs.nix { # Memory in bytes required to unlock the LUKS partition while booting. # The default value is 1 GB (1000000). # Set this as high as possible, but leave some buffer (e.g. 500 MB). # As of 2024-02 the possible maximum is 4194304 # Example: If you have 4 GB memory, set this to 3500000. pbkdf-memory = "4000000"; }) # Change device name match your block device. # Running `lsblk` on the target machine can help you here. # Examples: "/dev/nvme0n1", "/dev/sda", "/dev/vda" { disko.devices.disk.disk1.device = "/dev/disk/by-id/nvme-SAMSUNG_MZVLW128HEGR-000H1_S33ZNX0J129742"; } # If a disk layout with full disk encryption (FDE) has been selected, # optionally enable SSH during boot to remotely unlock the disk. ./ssh-fde-unlock.nix { networking.hostName = "yodaHP"; # Check if EFI or BIOS: # efibootmgr # => EFI variables are not supported on this system -> BIOS # Bootloader: BIOS (old systems) #boot.loader.grub = { # # No need to set devices, disko will add all devices that have a EF02 partition to the list. # # devices = []; # efiSupport = true; # efiInstallAsRemovable = true; #}; # Bootloader: EFI (newer systems) # boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; services.openssh = { enable = true; settings.PasswordAuthentication = false; }; users.users.root.openssh.authorizedKeys.keys = [ (builtins.readFile ./nitrokey.pub) ]; console.keyMap = "de-latin1-nodeadkeys"; # This version matches the selected nixpkgs.url on top. system.stateVersion = "23.11"; } ]; }; }; }