{ config, pkgs, lib, ... }: with lib; let cfg = config.pub-solar.core; in { options.pub-solar.core.disk-encryption-active = mkOption { type = types.bool; default = true; description = "Whether it should be assumed that there is a cryptroot device"; }; config = { boot = { # Mount / luks device in initrd # Allow fstrim to work on it. # The ! makes this enabled by default initrd = mkIf cfg.disk-encryption-active { luks.devices."cryptroot" = { allowDiscards = true; }; }; loader.systemd-boot.enable = lib.mkDefault true; # Use latest LTS linux kernel by default kernelPackages = lib.mkDefault pkgs.linuxPackages_latest; # Support ntfs drives supportedFilesystems = ["ntfs"]; }; }; }