diff options
| -rw-r--r-- | hosts/carmel/default.nix | 19 | ||||
| -rw-r--r-- | hosts/common/system/boot.nix | 8 |
2 files changed, 16 insertions, 11 deletions
diff --git a/hosts/carmel/default.nix b/hosts/carmel/default.nix index 0856337..0234e90 100644 --- a/hosts/carmel/default.nix +++ b/hosts/carmel/default.nix @@ -9,19 +9,16 @@ ../common/system/boot-ssh.nix ]; - # Use the systemd-boot EFI boot loader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - boot.initrd = { - luks.devices."system".allowDiscards = true; - kernelModules = [ "igb" ]; + boot = { + # get an IP address on boot, so we can unlock the root disk remotely + kernelParams = [ "ip=dhcp" ]; + initrd = { + luks.devices."system".allowDiscards = true; + # driver for the NIC, required in order to get an IP address + kernelModules = [ "igb" ]; + }; }; - boot.kernelParams = [ "ip=dhcp" ]; - - time.timeZone = "America/Los_Angeles"; - hardware.opengl.driSupport = true; # Use systemd-networkd for networking diff --git a/hosts/common/system/boot.nix b/hosts/common/system/boot.nix index 974b072..053b81d 100644 --- a/hosts/common/system/boot.nix +++ b/hosts/common/system/boot.nix @@ -2,6 +2,14 @@ { boot = { + loader = { + # Use the systemd-boot EFI boot loader. + systemd-boot.enable = true; + # Prohibits gaining root access by passing init=/bin/sh as a kernel parameter + boot.loader.systemd-boot.editor = false; + efi.canTouchEfiVariables = true; + }; + kernelPackages = pkgs.linuxPackages_latest; tmpOnTmpfs = true; }; |