1  { config, ... }:
 2  {
 3    sops.secrets."encryption/horizon" = { };
 4    boot.initrd.systemd.enable = true;
 5  
 6    boot.initrd.availableKernelModules = [
 7      "xhci_pci"
 8      "ehci_pci"
 9      "ahci"
10      "usb_storage"
11      "sd_mod"
12      "sr_mod"
13      "r8169"
14      "iwlwifi"
15      "nvme"
16      "rtsx_pci_sdmmc"
17    ]; # some kernel modules required for networking in initrd, the latter two I obtained by running `lspci -v | grep -iA8 'network\|ethernet' | grep 'Kernel modules'`
18  
19    #boot.initrd.network.enable = true;
20    #boot.initrd.network.udhcpc.enable = true;
21  
22    boot.initrd.clevis.enable = true;
23    #boot.initrd.clevis.useTang = false;
24    boot.initrd.clevis.devices."nvme-crypt".secretFile = config.sops.secrets."encryption/horizon".path; # test
25  
26    #  boot.initrd.clevis.devices."/dev/nvme0n1p3".secretFile = /home/egor/my-little-flake/hosts/luna/manual.jwe;
27    #luks-b490debe-94b7-4b20-9abf-7eccfa36c8d3
28  }