nixos-config/nix-config/host/materusPC/boot.nix

{
  pkgs,
  lib,
  materusArgs,
  mkk,
  ...
}:
{
  boot.supportedFilesystems = [
    "ntfs"
    "btrfs"
    "vfat"
    "exfat"
    "ext4"
  ];

  boot.tmp.useTmpfs = true;
  boot.loader.efi.canTouchEfiVariables = true;
  boot.loader.efi.efiSysMountPoint = "/boot/efi";
  boot.loader.grub = {
    enable = true;
    efiSupport = true;
    device = "nodev";
    gfxmodeEfi = pkgs.lib.mkDefault "1920x1080@240";
    gfxmodeBios = pkgs.lib.mkDefault "1920x1080@240";
    useOSProber = true;
    memtest86.enable = true;
  };

  boot.plymouth.enable = true;

  boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
  boot.kernelParams = [ "ip=${mkk.local}" ];
  # Use latest kernel.
  boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_zen;

  boot.initrd = {

    availableKernelModules = [
      "r8169"
      "wireguard"
    ];
    luks.devices."ROOT_1".device = "/dev/disk/by-label/CRYPT_ROOT_1";
    luks.devices."ROOT_2".device = "/dev/disk/by-label/CRYPT_ROOT_2";
    secrets."/etc/secrets/30-wg-initrd.key" = "/mkk/keys/wireguard";
    systemd = {
      enable = true;
      network = {
        netdevs."30-wg-initrd" = {
          netdevConfig = {
            Kind = "wireguard";
            Name = "wg-initrd";
          };
          wireguardConfig = {
            PrivateKeyFile = "/etc/secrets/30-wg-initrd.key";
          };
          wireguardPeers = [
            {
              AllowedIPs = [
                "${mkk.wireguard.ip-masks.main}"
                "${mkk.wireguard.peers.valkyrie.ip}/32"
              ];
              PublicKey = "${mkk.wireguard.peers.valkyrie.pubKey}";
              Endpoint = "${mkk.network.valkyrie.ip}:${mkk.wireguard.peers.valkyrie.port}";
              PersistentKeepalive = 25;
            }
          ];
        };
        networks."30-wg-initrd" = {
          name = "wg-initrd";
          addresses = [ { Address = "${mkk.wireguard.peers.materusPC.ip}/32"; } ];
        };
        networks."10-lan" = {
          matchConfig.Name = "eno1";
          networkConfig.DHCP = "yes";
        };

      };
    };
    network = {
      enable = true;
      flushBeforeStage2 = true;
      ssh = {
        enable = true;
        port = 22;
        authorizedKeyFiles = [ materusArgs.files.ssh-keys.materus ];
        hostKeys = [
          "/mkk/keys/ssh_host_ed25519_key"
          "/mkk/keys/ssh_host_rsa_key"
        ];
      };
    };
  };
}