all systems: enable memtest86; blue/nix_store: set read only

blue/configuration.nix

@@ -27,9 +27,13 @@
     supportedFilesystems = ["btrfs"];
     tmpOnTmpfs = true;
     initrd.compressor = "zstd";
-    loader.systemd-boot.enable = true;
+    loader.systemd-boot = {
+      enable = true;
+      editor = false;
+      memtest86.enable = true;
+    };
     loader.efi.canTouchEfiVariables = true;
-    #readOnlyNixStore = true;
+    readOnlyNixStore = true;
   };
 
   security = {

mediabox/configuration.nix

@@ -37,8 +37,11 @@
     kernelModules = ["acpi_call"];
     kernelPackages = pkgs.linuxPackages_latest;
     kernelParams = ["msr.allow_writes=on"];
-    loader.systemd-boot.editor = false;
-    loader.systemd-boot.enable = true;
+    loader.systemd-boot = {
+      editor = false;
+      enable = true;
+      memtest86.enable = true;
+    };
     readOnlyNixStore = true;
     supportedFilesystems = ["btrfs"];
     tmpOnTmpfs = true;

nixy/configuration.nix

@@ -40,8 +40,11 @@
     kernelPackages = pkgs.linuxPackages_latest;
     kernelParams = ["psmouse.synaptics_intertouch=0"];
     loader.efi.canTouchEfiVariables = true;
-    loader.systemd-boot.editor = false;
-    loader.systemd-boot.enable = true;
+    loader.systemd-boot = {
+      editor = false;
+      enable = true;
+      memtest86.enable = true;
+    };
     readOnlyNixStore = true;
     supportedFilesystems = ["btrfs"];
     tmp.useTmpfs = true;