diff --git a/flake.lock b/flake.lock index 4781c90..70d274b 100644 --- a/flake.lock +++ b/flake.lock @@ -8,11 +8,11 @@ ] }, "locked": { - "lastModified": 1676153903, - "narHash": "sha256-uetRyjgMiZCs6srmZ10M764Vn7F53M9mVuqnzHmyBqU=", + "lastModified": 1677969766, + "narHash": "sha256-AIp/ZYZMNLDZR/H7iiAlaGpu4lcXsVt9JQpBlf43HRY=", "owner": "ryantm", "repo": "agenix", - "rev": "ea17cc71b4e1bc5b2601f210a1c85db9453ad723", + "rev": "03b51fe8e459a946c4b88dcfb6446e45efb2c24e", "type": "github" }, "original": { @@ -23,14 +23,16 @@ }, "agenix-rekey": { "inputs": { - "flake-utils": "flake-utils" + "nixpkgs": [ + "nixpkgs" + ] }, "locked": { - "lastModified": 1676148182, - "narHash": "sha256-oyZpFRBMluuD0TFPGE3FredFdXvbgvyUiX6nziPjX0k=", + "lastModified": 1678494029, + "narHash": "sha256-2DV9aeUsFuczk4olt4WtlRVuQwIjF8OFK4EzfJ5JFJA=", "owner": "oddlama", "repo": "agenix-rekey", - "rev": "100a27170a2943288ede749efde41e22d524370e", + "rev": "7eaf151db39f62c9fbde5c19778e3cce3be243ad", "type": "github" }, "original": { @@ -119,20 +121,6 @@ } }, "flake-utils": { - "locked": { - "lastModified": 1676283394, - "narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073", - "type": "github" - }, - "original": { - "id": "flake-utils", - "type": "indirect" - } - }, - "flake-utils_2": { "locked": { "lastModified": 1676283394, "narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=", @@ -178,11 +166,11 @@ ] }, "locked": { - "lastModified": 1675935446, - "narHash": "sha256-WajulTn7QdwC7QuXRBavrANuIXE5z+08EdxdRw1qsNs=", + "lastModified": 1678464939, + "narHash": "sha256-pRMlwOUkO1OwSi7qF6XR/zcocWy/ZYxXgbYWvnZQO9k=", "owner": "nix-community", "repo": "home-manager", - "rev": "2dce7f1a55e785a22d61668516df62899278c9e4", + "rev": "7224d7c54c5fc74cdf60b208af6148ed3295aa32", "type": "github" }, "original": { @@ -208,11 +196,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1675933606, - "narHash": "sha256-y427VhPQHOKkYvkc9MMsL/2R7M11rQxzsRdRLM3htx8=", + "lastModified": 1678397099, + "narHash": "sha256-5xq8YJe+h19TlD+EI4AE/3H3jcCcQ2AWU6CWBVc5tRc=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "44ae00e02e8036a66c08f4decdece7e3bbbefee2", + "rev": "556101ff85bd6e20900ec73ee525b935154bc8ea", "type": "github" }, "original": { @@ -223,11 +211,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1676300157, - "narHash": "sha256-1HjRzfp6LOLfcj/HJHdVKWAkX9QRAouoh6AjzJiIerU=", + "lastModified": 1678380223, + "narHash": "sha256-HUxnK38iqrX84QdQxbFcosRKV3/koj1Zzp5b5aP4lIo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "545c7a31e5dedea4a6d372712a18e00ce097d462", + "rev": "1e2590679d0ed2cee2736e8b80373178d085d263", "type": "github" }, "original": { @@ -266,11 +254,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1676279938, - "narHash": "sha256-RDyvVdituVQQZtGA7DNaJruJLDz/pfkREpUcI4ZQvsk=", + "lastModified": 1678376203, + "narHash": "sha256-3tyYGyC8h7fBwncLZy5nCUjTJPrHbmNwp47LlNLOHSM=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "1583077009b6ef4236d1899c0f43cf1ce1db8085", + "rev": "1a20b9708962096ec2481eeb2ddca29ed747770a", "type": "github" }, "original": { @@ -284,7 +272,7 @@ "agenix": "agenix", "agenix-rekey": "agenix-rekey", "colmena": "colmena", - "flake-utils": "flake-utils_2", + "flake-utils": "flake-utils", "home-manager": "home-manager", "impermanence": "impermanence", "nixos-hardware": "nixos-hardware", @@ -311,11 +299,11 @@ }, "templates": { "locked": { - "lastModified": 1671651249, - "narHash": "sha256-IUXfgNkYxISUWqdWtJ0sGjSmpv9d5EVho7HCEElgBAM=", + "lastModified": 1676551231, + "narHash": "sha256-JS1o31ew90UiccpoQHxP84Wn0n7ClgyVpAsJV20Ep5E=", "owner": "NixOS", "repo": "templates", - "rev": "2d6dcce2f3898090c8eda16a16abdff8a80e8ebf", + "rev": "3ac7e8ba52feb2b89e943a6ce0f7a30d6faf81c6", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 52e621a..7d03ee6 100644 --- a/flake.nix +++ b/flake.nix @@ -24,11 +24,14 @@ inputs.flake-utils.follows = "flake-utils"; }; - agenix-rekey.url = "github:oddlama/agenix-rekey"; agenix = { url = "github:ryantm/agenix"; inputs.nixpkgs.follows = "nixpkgs"; }; + agenix-rekey = { + url = "github:oddlama/agenix-rekey"; + inputs.nixpkgs.follows = "nixpkgs"; + }; templates.url = "github:NixOS/templates"; flake-utils.url = "github:numtide/flake-utils"; diff --git a/hosts/zackbiene/default.nix b/hosts/zackbiene/default.nix index c44bfbd..9119c0b 100644 --- a/hosts/zackbiene/default.nix +++ b/hosts/zackbiene/default.nix @@ -1,4 +1,5 @@ { + lib, config, nixos-hardware, pkgs, @@ -8,7 +9,6 @@ nixos-hardware.common-pc-ssd ../../modules/core - ../../modules/efi.nix ../../modules/zfs.nix ../../users/root @@ -17,18 +17,30 @@ ./net.nix ]; - boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" "sdhci_pci"]; + boot.loader.grub.enable = false; + boot.loader.generic-extlinux-compatible.enable = true; + # Technically generic-extlinux-compatible doesn't support initrd secrets + # but we are just referring to an existing file in /run using agenix, + # so it is fine to pretend that it does have proper support. + boot.loader.supportsInitrdSecrets = true; + boot.initrd.availableKernelModules = ["usbhid" "usb_storage"]; # "dwmac_meson8b" "meson_dw_hdmi" "meson_drm"]; + boot.kernelParams = ["console=ttyAML0,115200n8" "console=tty0" "loglevel=7"]; + boot.kernelPackages = lib.mkForce pkgs.linuxPackages_5_15; + console.earlySetup = true; + + # Fails if there are not SMART devices + services.smartd.enable = lib.mkForce false; - powerManagement.cpuFreqGovernor = "powersave"; services.home-assistant = { enable = true; - extraComponents = ["default_config" "met" "zha"]; + extraComponents = ["default_config" "met"]; openFirewall = true; config = { default_config = {}; met = {}; }; }; + #networking.firewall.allowedTCPPorts = [1883]; #services.zigbee2mqtt.enable = true; #services.zigbee2mqtt.settings = { diff --git a/hosts/zackbiene/fs.nix b/hosts/zackbiene/fs.nix index 92d8800..ba4970f 100644 --- a/hosts/zackbiene/fs.nix +++ b/hosts/zackbiene/fs.nix @@ -7,10 +7,12 @@ }; "/boot" = { - device = "/dev/disk/by-uuid/TODO"; - fsType = "vfat"; + device = "/dev/disk/by-uuid/c0bb3411-7af3-4901-83ea-eb2560b11784"; + fsType = "ext4"; }; }; - swapDevices = []; + swapDevices = [ + {device = "/dev/disk/by-uuid/a4a5fee7-2b6f-4cec-9ec9-fc4b71e8055a";} + ]; } diff --git a/hosts/zackbiene/net.nix b/hosts/zackbiene/net.nix index efeabb9..0c8d422 100644 --- a/hosts/zackbiene/net.nix +++ b/hosts/zackbiene/net.nix @@ -1,12 +1,12 @@ { networking = { - hostId = "68a7bba3"; + hostId = "f7e6acdc"; }; systemd.network.networks = { "10-lan1" = { DHCP = "yes"; - matchConfig.MACAddress = "TODO"; + matchConfig.MACAddress = "00:00:00:00:00:00"; networkConfig.IPv6PrivacyExtensions = "kernel"; dhcpV4Config.RouteMetric = 10; dhcpV6Config.RouteMetric = 10; diff --git a/modules/core/default.nix b/modules/core/default.nix index 2e43c67..ebb5111 100644 --- a/modules/core/default.nix +++ b/modules/core/default.nix @@ -78,6 +78,7 @@ in { users.mutableUsers = false; # Setup to use Secrets + rekey.forceRekeyOnSystem = "x86_64-linux"; rekey.hostPubkey = ../../secrets/pubkeys + "/${config.networking.hostName}.pub"; rekey.masterIdentities = [../../secrets/yk1-nix-rage.pub]; rekey.extraEncryptionPubkeys = [../../secrets/backup.pub]; diff --git a/secrets/pubkeys/zackbiene.pub b/secrets/pubkeys/zackbiene.pub index 3019155..e320b99 100644 --- a/secrets/pubkeys/zackbiene.pub +++ b/secrets/pubkeys/zackbiene.pub @@ -1 +1 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICOdYhY/DnXpizajoeLefH6gsc/RX9x3Y6T3C1a+0sb0 +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJVBhqJKfIBWOwXHGNjlskKMIpCuL3qjOjKiXyF8hkGT