From 9744a39bcff0616133b3fa31b100f4a52297d6d5 Mon Sep 17 00:00:00 2001 From: Lillian-Violet Date: Sat, 3 Feb 2024 14:18:35 +0100 Subject: [PATCH 1/4] Renew gladtherescake.eu's mail cert --- nixos/server/package-configs/mail-server/configuration.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nixos/server/package-configs/mail-server/configuration.nix b/nixos/server/package-configs/mail-server/configuration.nix index cf2c434..e43a5c6 100644 --- a/nixos/server/package-configs/mail-server/configuration.nix +++ b/nixos/server/package-configs/mail-server/configuration.nix @@ -88,6 +88,7 @@ "mail.lillianviolet.dev" "pop3.lillianviolet.dev" "lillianviolet.dev" + "mail.gladtherescake.eu" ]; }; } From 0b70a2976b9baf35048fab49f6b106532a1db03b Mon Sep 17 00:00:00 2001 From: Lillian-Violet Date: Sat, 3 Feb 2024 14:21:13 +0100 Subject: [PATCH 2/4] remove this not needed dependency --- nixos/desktop/configuration.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/nixos/desktop/configuration.nix b/nixos/desktop/configuration.nix index ac78897..a2d02b1 100644 --- a/nixos/desktop/configuration.nix +++ b/nixos/desktop/configuration.nix @@ -71,7 +71,6 @@ direnv docker docker-compose - gcc-wrapper git-filter-repo pciutils waydroid From 49ced5acf51d02ac09cc4f0a909557db22887228 Mon Sep 17 00:00:00 2001 From: Lillian-Violet Date: Sat, 3 Feb 2024 17:04:30 +0100 Subject: [PATCH 3/4] Update nixos/hosts/EDI/hardware-configuration.nix Changed the hardware configuration to the new encrypted disk setup --- nixos/hosts/EDI/hardware-configuration.nix | 46 +++++++++++----------- 1 file changed, 22 insertions(+), 24 deletions(-) diff --git a/nixos/hosts/EDI/hardware-configuration.nix b/nixos/hosts/EDI/hardware-configuration.nix index 2dc46a9..9305d68 100644 --- a/nixos/hosts/EDI/hardware-configuration.nix +++ b/nixos/hosts/EDI/hardware-configuration.nix @@ -1,34 +1,33 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + { - config, - lib, - pkgs, - modulesPath, - ... -}: { - imports = [ - (modulesPath + "/installer/scan/not-detected.nix") - ]; + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; - boot.kernel.sysctl."net.ipv4.icmp_echo_ignore_broadcasts" = 1; - boot.initrd.availableKernelModules = ["xhci_pci" "nvme" "usbhid" "usb_storage" "sd_mod" "rtsx_pci_sdmmc"]; - boot.initrd.kernelModules = []; - boot.kernelModules = ["kvm-intel"]; - boot.extraModulePackages = []; + boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; - fileSystems."/" = { - device = "/dev/disk/by-uuid/f930d7c6-2798-4e25-abc1-81d02e9abf35"; - fsType = "ext4"; - }; + fileSystems."/" = + { device = "UUID=88cd54d3-b644-4bae-96e9-51d2db3c5628"; + fsType = "bcachefs"; + }; - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/42ED-068B"; - fsType = "vfat"; - }; + boot.initrd.luks.devices."crypted".device = "/dev/disk/by-uuid/91da75e7-52bc-4a50-9293-7e5e431040e0"; - swapDevices = []; + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/01B2-909E"; + fsType = "vfat"; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/6aa6422f-c724-4c67-851d-030daf5003fb"; } + ]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's @@ -39,6 +38,5 @@ # networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - powerManagement.cpuFreqGovernor = lib.mkDefault "performance"; hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; } From c19879ca698f049b0d494c355dff7b281e0acaec Mon Sep 17 00:00:00 2001 From: Lillian-Violet Date: Sat, 3 Feb 2024 17:19:23 +0100 Subject: [PATCH 4/4] Make /boot inacessible by default --- nixos/hosts/EDI/hardware-configuration.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nixos/hosts/EDI/hardware-configuration.nix b/nixos/hosts/EDI/hardware-configuration.nix index 9305d68..008e857 100644 --- a/nixos/hosts/EDI/hardware-configuration.nix +++ b/nixos/hosts/EDI/hardware-configuration.nix @@ -23,6 +23,7 @@ fileSystems."/boot" = { device = "/dev/disk/by-uuid/01B2-909E"; fsType = "vfat"; + options = [ "fmask=0077" "dmask=0077" "defaults" ]; }; swapDevices =