Stefan Junker
de0de83c5b
Notable changes: * add extraConfig for gpg-agent to define the path to the pinentry-program * removed X11 session directory activation script
34 lines
617 B
Nix
34 lines
617 B
Nix
{ ... }:
|
|
|
|
let
|
|
stage1Modules = [
|
|
"aesni_intel"
|
|
"kvm-intel"
|
|
"aes_x86_64"
|
|
"nvme"
|
|
"nvme_core"
|
|
|
|
"pcieport"
|
|
"thunderbolt"
|
|
"e1000e"
|
|
"xhci_pci"
|
|
"hxci_hcd"
|
|
];
|
|
|
|
in
|
|
{
|
|
# TASK: new device
|
|
hardware.encryptedDisk = {
|
|
enable = true;
|
|
diskId = "nvme-Samsung_SSD_970_PRO_1TB_S462NF0K904663D";
|
|
};
|
|
|
|
# boot.initrd.availableKernelModules = stage1Modules;
|
|
boot.initrd.kernelModules = stage1Modules;
|
|
boot.extraModprobeConfig = ''
|
|
options kvm-intel nested=1
|
|
options kvm-intel enable_shadow_vmcs=1
|
|
options kvm-intel enable_apicv=1
|
|
options kvm-intel ept=1
|
|
'';
|
|
}
|