forked from pub-solar/os
Benjamin Bädorf
4c0991c7e1
Hibernation is now a core option: ``` pub-solar.core.hibernation.enable = true; ``` And there's a paranoia mode, that keeps the disk encrypted as much as possible by enabling hibernation and removing the options for sleep, screen locking. Idle locking now hibernates, and it does it on very short notice.
53 lines
1.3 KiB
Nix
53 lines
1.3 KiB
Nix
{ config, pkgs, lib, ... }:
|
|
with lib;
|
|
let
|
|
cfg = config.pub-solar.core;
|
|
in
|
|
{
|
|
options.pub-solar.core.iso-options.enable = mkOption {
|
|
type = types.bool;
|
|
default = false;
|
|
description = "Feature flag for iso builds";
|
|
};
|
|
|
|
options.pub-solar.core.disk-encryption-active = mkOption {
|
|
type = types.bool;
|
|
default = true;
|
|
description = "Whether it should be assumed that there is a cryptroot device";
|
|
};
|
|
|
|
options.pub-solar.core.hibernation = {
|
|
enable = mkOption {
|
|
type = types.bool;
|
|
default = false;
|
|
description = "Whether the device can hibernate. This creates a swapfile at /swapfile.";
|
|
};
|
|
};
|
|
|
|
config = {
|
|
boot = {
|
|
# Enable plymouth for better experience of booting
|
|
plymouth.enable = true;
|
|
|
|
# Mount / luks device in initrd
|
|
# Allow fstrim to work on it.
|
|
# The ! makes this enabled by default
|
|
initrd = mkIf (!cfg.iso-options.enable && cfg.disk-encryption-active) {
|
|
luks.devices."cryptroot" = {
|
|
allowDiscards = true;
|
|
};
|
|
};
|
|
|
|
resumeDevice = mkIf cfg.core.hibernation.enable "/swapfile";
|
|
|
|
loader.systemd-boot.enable = true;
|
|
|
|
# Use latest LTS linux kernel by default
|
|
kernelPackages = pkgs.linuxPackages_5_15;
|
|
|
|
# Support ntfs drives
|
|
supportedFilesystems = [ "ntfs" ];
|
|
};
|
|
};
|
|
}
|