1  { config, ... }:
 2  {
 3    sops.secrets."encryption/stellar" = { };
 4  
 5    boot.initrd.systemd.enable = true;
 6  
 7    boot.initrd.availableKernelModules = [
 8      "xhci_pci"
 9      "ehci_pci"
10      "ahci"
11      "usb_storage"
12      "sd_mod"
13      "sr_mod"
14      "r8169"
15      # "iwlwifi"
16      "nvme"
17      "rtsx_pci_sdmmc"
18    ]; # some kernel modules required for networking in initrd, the latter two I obtained by running `lspci -v | grep -iA8 'network\|ethernet' | grep 'Kernel modules'`
19  
20    #boot.plymouth.enable = true;
21  
22    #boot.initrd.network.enable = true;
23    #boot.initrd.network.udhcpc.enable = true;
24    boot.initrd.clevis.enable = true;
25    #boot.initrd.clevis.useTang = false;
26    boot.initrd.clevis.devices."nvme-crypt".secretFile = config.sops.secrets."encryption/stellar".path; # test
27    #boot.initrd.clevis.devices."hdd-crypt".secretFile = config.sops.secrets."encryption/immortal".path; #test
28    #  boot.initrd.clevis.devices."/dev/nvme0n1p3".secretFile = /home/egor/my-little-flake/hosts/luna/manual.jwe;
29    #luks-b490debe-94b7-4b20-9abf-7eccfa36c8d3
30  }