all systems: enable memtest86; blue/nix_store: set read only

2023-10-01 21:14:30 +02:00 · 2023-10-01 21:14:30 +02:00 · 469146da60
commit 469146da60
parent a379efdf01
3 changed files with 17 additions and 7 deletions
--- a/blue/configuration.nix
+++ b/blue/configuration.nix
@ -27,9 +27,13 @@
    supportedFilesystems = ["btrfs"];
    tmpOnTmpfs = true;
    initrd.compressor = "zstd";
-    loader.systemd-boot.enable = true;
+    loader.systemd-boot = {
      enable = true;
      editor = false;
      memtest86.enable = true;
    };
    loader.efi.canTouchEfiVariables = true;
-    #readOnlyNixStore = true;
+    readOnlyNixStore = true;
  };
  security = {
--- a/mediabox/configuration.nix
+++ b/mediabox/configuration.nix
@ -37,8 +37,11 @@
    kernelModules = ["acpi_call"];
    kernelPackages = pkgs.linuxPackages_latest;
    kernelParams = ["msr.allow_writes=on"];
-    loader.systemd-boot.editor = false;
+    loader.systemd-boot = {
-    loader.systemd-boot.enable = true;
+      editor = false;
      enable = true;
      memtest86.enable = true;
    };
    readOnlyNixStore = true;
    supportedFilesystems = ["btrfs"];
    tmpOnTmpfs = true;
--- a/nixy/configuration.nix
+++ b/nixy/configuration.nix
@ -40,8 +40,11 @@
    kernelPackages = pkgs.linuxPackages_latest;
    kernelParams = ["psmouse.synaptics_intertouch=0"];
    loader.efi.canTouchEfiVariables = true;
-    loader.systemd-boot.editor = false;
+    loader.systemd-boot = {
-    loader.systemd-boot.enable = true;
+      editor = false;
      enable = true;
      memtest86.enable = true;
    };
    readOnlyNixStore = true;
    supportedFilesystems = ["btrfs"];
    tmp.useTmpfs = true;