set up lanzaboot and update the EDI disko setup

disko/EDI/lvm.nix

@@ -47,9 +47,10 @@
         type = "lvm_vg";
         lvs = {
           swap = {
-            size = "4G";
+            size = "8G";
             content = {
               type = "swap";
+              resumeDevice = true; # resume from hiberation from this device
             };
           };
           root = {

nixos/hosts/EDI/configuration.nix

@@ -24,7 +24,7 @@
 
     ../../desktop
 
-    ../../../disko/EDI
+    ../../../disko/EDI/lvm.nix
 
     # Import your generated (nixos-generate-config) hardware configuration
     ./hardware-configuration.nix
@@ -41,6 +41,7 @@
   environment.systemPackages = with pkgs; [
     podman
     podman-compose
+    sbctl
   ];
 
   virtualisation.podman = {
@@ -53,13 +54,25 @@
   boot.bootspec.enable = true;
   boot.kernelPackages = pkgs.linuxPackages_latest;
   boot.supportedFilesystems = ["bcachefs"];
-  boot = {
-    loader.systemd-boot.enable = lib.mkForce false;
-    lanzaboote = {
-      enable = true;
-      pkiBundle = "/etc/secureboot";
-    };
+
+  # Lanzaboote currently replaces the systemd-boot module.
+  # This setting is usually set to true in configuration.nix
+  # generated at installation time. So we force it to false
+  # for now.
+  boot.loader.systemd-boot.enable = lib.mkForce false;
+  
+  boot.lanzaboote = {
+     enable = true;
+     pkiBundle = "/etc/secureboot";
   };
+
+  #boot = {
+    #loader.systemd-boot.enable = lib.mkForce false;
+    #lanzaboote = {
+      #enable = true;
+      #pkiBundle = "/etc/secureboot";
+    #};
+  #};
   # Enable bluetooth hardware
   hardware.bluetooth.enable = true;
 

nixos/hosts/EDI/hardware-configuration.nix

@@ -1,48 +1,37 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
 {
-  config,
-  lib,
-  pkgs,
-  modulesPath,
-  ...
-}: {
-  imports = [
-    (modulesPath + "/installer/scan/not-detected.nix")
-  ];
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
 
-  boot.initrd.availableKernelModules = ["xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc"];
-  boot.initrd.kernelModules = [];
-  boot.kernelModules = ["kvm-intel"];
-  boot.extraModulePackages = [];
+  boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
+  boot.initrd.kernelModules = [ "dm-snapshot" ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
 
-  # fileSystems."/" = {
-  #   device = "UUID=88cd54d3-b644-4bae-96e9-51d2db3c5628";
-  #   fsType = "bcachefs";
-  # };
+  #fileSystems."/" =
+  #  { device = "UUID=65956905-b7a5-4573-81fe-622c42cabdf5";
+  #    fsType = "bcachefs";
+  #  };
 
-  #boot.initrd.luks.devices."crypted".device = "/dev/disk/by-uuid/91da75e7-52bc-4a50-9293-7e5e431040e0";
+  #fileSystems."/boot" =
+  #  { device = "/dev/disk/by-uuid/3D90-9CF4";
+  #    fsType = "vfat";
+  #  };
 
-  # fileSystems."/boot" = {
-  #   device = "/dev/disk/by-uuid/01B2-909E";
-  #   fsType = "vfat";
-  #   options = ["fmask=0077" "dmask=0077" "defaults"];
-  # };
-
-  # swapDevices = [
-  #   {
-  #     device = "/dev/disk/by-path/pci-0000:71:00.0-nvme-1-part2";
-  #     randomEncryption.enable = true;
-  #   }
-  # ];
+  #swapDevices =
+  #  [ { device = "/dev/disk/by-uuid/07258619-dbae-4fe9-aa2e-921d85b6a53b"; }
+  #  ];
 
   # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
   # (the default) this is the recommended approach. When using systemd-networkd it's
   # still possible to use this option, but it's recommended to use it in conjunction
   # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
   networking.useDHCP = lib.mkDefault true;
-  # networking.interfaces.enp0s20f0u9u2c2.useDHCP = lib.mkDefault true;
   # networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true;
 
   nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";