Remove /home and unused top-level dirs. Make /var encrypted with tpm2.

modules/profiles/base.nix

@@ -49,6 +49,8 @@
   services.openssh.settings.PasswordAuthentication = lib.mkDefault false;
 
   users.allowNoPasswordLogin = true;
+  users.users.root.home = lib.mkForce "/";
+
   security.sudo.enable = lib.mkDefault false;
 
   security.polkit = {
@@ -65,23 +67,16 @@
   i18n.supportedLocales = [ "en_US.UTF-8/UTF-8" ];
 
   # Console
-  # FIXME: Add option for toggle
-  # console.enable = false;
-  # systemd.services."getty@tty1".enable = lib.mkDefault false;
-  # systemd.services."autovt@".enable = lib.mkDefault false;
 
   systemd.enableEmergencyMode = false;
   boot.consoleLogLevel = lib.mkDefault 1;
   boot.kernelParams = [
-    # "quiet"
     "panic=1"
     "boot.panic_on_fail"
-    "nomodeset"
-    "console=tty1"
-    "console=ttyS0,38400"
-    # "systemd.log_level=info"
-    # "systemd.log_target=console"
-    # "systemd.journald.forward_to_console"
+    # "nomodeset"
+    "console=ttyS0,115200n8"
+    "earlyprintk=ttyS0,115200n8"
+    "systemd.mask=systemd-vconsole-setup.service"  # FIXME: Figure out why vconsole-setup fails when loading keymap
   ];
 
   # This is vi country

modules/profiles/devel.nix

@@ -20,6 +20,7 @@
     isNormalUser = true;
     linger = true;
     extraGroups = [ "wheel" ];
+    home = "/var/home/admin";
   };
 
   environment.etc = {

modules/profiles/sysext.nix

@@ -11,13 +11,13 @@
     "systemd-sysext.service"
   ];
 
-  systemd.services."systemd-confext" = {
-    enable = true;
-    wantedBy = [ "multi-user.target" ];
-  };
+  # systemd.services."systemd-confext" = {
+  #   enable = true;
+  #   wantedBy = [ "multi-user.target" ];
+  # };
 
-  systemd.services."systemd-sysext.service" = {
-    enable = true;
-    wantedBy = [ "multi-user.target" ];
-  };
+  # systemd.services."systemd-sysext.service" = {
+  #   enable = true;
+  #   wantedBy = [ "multi-user.target" ];
+  # };
 }