faster boot

modules/nixos/system/hw/boot/default.nix

@@ -2,7 +2,16 @@
 let isSANDBOX = builtins.elem config.syscfg.hostname [ "sandbox" ];
 in {
   config = lib.mkIf (!isSANDBOX) {
+    boot.kernelParams = [ 
+      "async_probe=tpm*"     # Load TPM in parallel without blocking udev
+      "8250.nr_uarts=0"      # Stop scanning for old motherboard serial lines (ttyS0-S3)
+    ];
+    boot.initrd = {
+      compressor = "zstd";
+      checkJournalingFS = false;
+    };
     boot.loader = {
+      timeout = 2;
       systemd-boot = {
         enable = true;
         configurationLimit = 8;

modules/nixos/system/network/base/default.nix

@@ -3,6 +3,10 @@
     hostName = config.syscfg.hostname;
     useDHCP = true;
     nameservers = [ "1.1.1.1" "9.9.9.9" ];
+    dhcpcd = {
+      enable = true;
+      wait = "background";
+    };
 
     extraHosts = ''
       ${lib.concatStringsSep "\n" config.syscfg.extra.hosts}

modules/nixos/system/network/wireguard/default.nix

@@ -27,6 +27,7 @@ in
             else
               [{
                 allowedIPs = [ "10.10.1.0/24" "fd10:10:10::0/64" ];
+                name = "vpn-helcel";
                 endpoint = "vpn.helcel.net:1515";
                 publicKey = "NFBJvYXZC+bd62jhrKnM7/pugidWhgR6+C5qIiUiq3Q=";
                 persistentKeepalive = 30;
@@ -34,9 +35,17 @@ in
         };
       };
     };
-    systemd.services."wireguard-wg0" = {
+
+    systemd.services."wireguard-wg0-peer-vpn-helcel" = {
       after = [ "network-online.target" "nss-lookup.target" ];
-      wants = [ "network-online.target" "nss-lookup.target" ];
+      bindsTo = [ "network-online.target" ];
+      wantedBy = lib.mkForce [ "network-online.target" ];
+      before =  lib.mkForce [ ];
+      serviceConfig = {
+        Restart = "on-failure";
+        RestartSec = "10s";          # Wait 2 seconds before retrying the domain query
+      };
+      startLimitIntervalSec = 0;  
     };
   };
 }