From 9b2fbd4ae5b738ded08ae8b407f86b8d3285c87e Mon Sep 17 00:00:00 2001 From: Lillian-Violet Date: Wed, 20 Mar 2024 16:43:19 +0100 Subject: [PATCH] disable secure boot shodan, updates to other stuff --- flake.lock | 80 ++++++++++++++-------------- flake.nix | 2 +- nixos/hosts/shodan/auto-mount.nix | 3 +- nixos/hosts/shodan/configuration.nix | 10 ++-- 4 files changed, 47 insertions(+), 48 deletions(-) diff --git a/flake.lock b/flake.lock index 66dd9f8..4b349db 100644 --- a/flake.lock +++ b/flake.lock @@ -52,11 +52,11 @@ ] }, "locked": { - "lastModified": 1710648418, - "narHash": "sha256-DW8l1iofy9lYeZaHLX89Wvvry2mzp2R2Yk4cM5pjB8g=", + "lastModified": 1710785672, + "narHash": "sha256-tEP/amp09fSKeTBrcHWAYr/tQ0g2ZxJQlnCiZDi6qtY=", "owner": "famedly", "repo": "conduit", - "rev": "a8da61e5b7152da0925f9f9f25056144d24fe4a6", + "rev": "81bc1fc4e324c4798dc7b7e3cec94495a94455e0", "type": "gitlab" }, "original": { @@ -137,11 +137,11 @@ ] }, "locked": { - "lastModified": 1710427903, - "narHash": "sha256-sV0Q5ndvfjK9JfCg/QM/HX/fcittohvtq8dD62isxdM=", + "lastModified": 1710724748, + "narHash": "sha256-aXlifKr6Brg0SBUBgRNEBaZf3JLUeGhM9BX2gam+vvo=", "owner": "nix-community", "repo": "disko", - "rev": "21d89b333ca300bef82c928c856d48b94a9f997c", + "rev": "c09c3a9639690f94ddff44c3dd25c85602e5aeb2", "type": "github" }, "original": { @@ -348,11 +348,11 @@ "systems": "systems_3" }, "locked": { - "lastModified": 1709126324, - "narHash": "sha256-q6EQdSeUZOG26WelxqkmR7kArjgWCdw5sfJVHPH/7j8=", + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", "owner": "numtide", "repo": "flake-utils", - "rev": "d465f4819400de7c8d874d50b982301f28a84605", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", "type": "github" }, "original": { @@ -390,11 +390,11 @@ ] }, "locked": { - "lastModified": 1710532761, - "narHash": "sha256-SUXGZNrXX05YA9G6EmgupxhOr3swI1gcxLUeDMUhrEY=", + "lastModified": 1710820906, + "narHash": "sha256-2bNMraoRB4pdw/HtxgYTFeMhEekBZeQ53/a8xkqpbZc=", "owner": "nix-community", "repo": "home-manager", - "rev": "206f457fffdb9a73596a4cb2211a471bd305243d", + "rev": "022464438a85450abb23d93b91aa82e0addd71fb", "type": "github" }, "original": { @@ -410,16 +410,16 @@ "nixpkgs": "nixpkgs_3" }, "locked": { - "lastModified": 1710404304, - "narHash": "sha256-tYsUAsZgt9TT7d+r1KRYHWyBRWedJ39SXNBVSCQVsGQ=", - "owner": "Jovian-Experiments", - "repo": "Jovian-NixOS", - "rev": "ffa51458aec4d53aac85b6dee1ee2ec29f4e953f", + "lastModified": 1710856083, + "narHash": "sha256-kG/jMBaXlt+6LxL5uqOut9H1flEpLkAv7IezFKs4djA=", + "owner": "Lillian-Violet", + "repo": "Jovian-NixOS-bcachefs", + "rev": "2d9c09d9016af9ac8311c30f5b8a6f9a7ae6a427", "type": "github" }, "original": { - "owner": "Jovian-Experiments", - "repo": "Jovian-NixOS", + "owner": "Lillian-Violet", + "repo": "Jovian-NixOS-bcachefs", "type": "github" } }, @@ -434,11 +434,11 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1710171982, - "narHash": "sha256-WFMB+Yohcvego1/vOtaq+MJ8Wvp5meOANfNifg26Ie4=", + "lastModified": 1710837180, + "narHash": "sha256-WVkLclGrUliLJUl+XaJplo09VdxyqHxZtkEmmDW2QYY=", "owner": "nix-community", "repo": "lanzaboote", - "rev": "19ad7fd5724f30868748b8156ff25be838cd2bc5", + "rev": "ded8d23709f94aedb1407bee9e26581f258e9e3a", "type": "github" }, "original": { @@ -506,11 +506,11 @@ }, "nixlib": { "locked": { - "lastModified": 1710031547, - "narHash": "sha256-pkUg3hOKuGWMGF9WEMPPN/G4pqqdbNGJQ54yhyQYDVY=", + "lastModified": 1710636348, + "narHash": "sha256-/kB+ZWSdkZjbZ0FTqm0u84sf2jFS+30ysaEajmBjtoY=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "630ebdc047ca96d8126e16bb664c7730dc52f6e6", + "rev": "fa827dda806c5aa98f454da4c567991ab8ce422c", "type": "github" }, "original": { @@ -527,11 +527,11 @@ ] }, "locked": { - "lastModified": 1710398463, - "narHash": "sha256-fQlYanU84E8uwBpcoTCcLCwU8cqn0eQ7nwTcrWfSngc=", + "lastModified": 1710722910, + "narHash": "sha256-P5p9+WQFuABoBXBKEK1ZYu8mD6q8j/cQwZ9OYb0oh2E=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "efd4e38532b5abfaa5c9fc95c5a913157dc20ccb", + "rev": "e63df01c798b99a76dc2ec25481be7dd25cd1610", "type": "github" }, "original": { @@ -542,11 +542,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1710622004, - "narHash": "sha256-6zR642tXcZzzk3C8BHxlCrR0yh8z8zMXLiuXpWDIpX0=", + "lastModified": 1710783728, + "narHash": "sha256-eIsfu3c9JUBgm3cURSKTXLEI9Dlk1azo+MWKZVqrmkc=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "968952f950a59dee9ed1e8799dda38c6dfa1bad3", + "rev": "1e679b9a9970780cd5d4dfe755a74a8f96d33388", "type": "github" }, "original": { @@ -638,11 +638,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1710669607, - "narHash": "sha256-kNj0Ka1/rkQRcigYTa1c5B6IcFuxDgM3s9jYuKUhxyM=", + "lastModified": 1710827359, + "narHash": "sha256-/KY8hffTh9SN/tTcDn/FrEiYwTXnU8NKnr4D7/stmmA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6af7e814afb3b62171eee1edc31989ee61528d25", + "rev": "5710127d9693421e78cca4f74fac2db6d67162b1", "type": "github" }, "original": { @@ -670,11 +670,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1710078301, - "narHash": "sha256-BQ3v+XPPz5dLiw2AqUEga++yfKRhqJANUqzqNL518pk=", + "lastModified": 1710672219, + "narHash": "sha256-Bp3Jsq1Jn8q4EesBlcOVNwnEipNpzYs73kvR3+3EUC4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "73d699a6ff1e83df3fd6c1e60931e13667b8ae14", + "rev": "f471be9644f3ab2f3cb868de1787ab70a537b0e7", "type": "github" }, "original": { @@ -860,11 +860,11 @@ ] }, "locked": { - "lastModified": 1710036830, - "narHash": "sha256-pnV4gO3N/7/GzyRSKTRlSfS/19KJiPSvYcL4apnSkoQ=", + "lastModified": 1710641527, + "narHash": "sha256-R9JZEevtSyg7++LEryYJRrfyEe45azJxmu2k9VezEW0=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "d09dac6a63a2ac4b74ac2ecdc19acd8c46c2da2c", + "rev": "50db54295d3922a3b7a40d580b84d75150b36c34", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index f15dfa1..1016c5d 100644 --- a/flake.nix +++ b/flake.nix @@ -46,7 +46,7 @@ lanzaboote.url = "github:nix-community/lanzaboote"; # Jovian nixos (steam deck) - jovian.url = "github:Lillian-Violet/Jovian-NixOS-bcachefs"; + jovian.url = "github:Jovian-Experiments/Jovian-NixOS"; # Home manager home-manager.url = "github:nix-community/home-manager/master"; diff --git a/nixos/hosts/shodan/auto-mount.nix b/nixos/hosts/shodan/auto-mount.nix index 3901309..d9ac4a3 100644 --- a/nixos/hosts/shodan/auto-mount.nix +++ b/nixos/hosts/shodan/auto-mount.nix @@ -6,8 +6,6 @@ pkgs, ... }: { - environment.systemPackages = with pkgs; [auto-mount]; - services.udev.extraRules = '' KERNEL=="sd[a-z]|sd[a-z][0-9]", ACTION=="add", RUN+="${pkgs.systemd}/bin/systemctl start --no-block external-drive-mount@%k.service" KERNEL=="sd[a-z]|sd[a-z][0-9]", ACTION=="remove", RUN+="${pkgs.systemd}/bin/systemctl stop --no-block external-drive-mount@%k.service" @@ -17,6 +15,7 @@ KERNEL=="nvme0n1p9|nvme0n1p1[0-9]", ACTION=="remove", RUN+="${pkgs.systemd}/bin/systemctl stop --no-block external-drive-mount@%k.service" ''; systemd.services."external-drive-mount@" = { + path = with pkgs; [jq coreutils udisks]; enable = true; description = "Mount External Drive on %i"; serviceConfig = { diff --git a/nixos/hosts/shodan/configuration.nix b/nixos/hosts/shodan/configuration.nix index 0044ab2..ca2955e 100644 --- a/nixos/hosts/shodan/configuration.nix +++ b/nixos/hosts/shodan/configuration.nix @@ -211,13 +211,13 @@ # This setting is usually set to true in configuration.nix # generated at installation time. So we force it to false # for now. - boot.loader.systemd-boot.enable = lib.mkForce false; + boot.loader.systemd-boot.enable = true; boot.initrd.systemd.enable = true; - boot.lanzaboote = { - enable = true; - pkiBundle = "/etc/secureboot"; - }; + # boot.lanzaboote = { + # enable = true; + # pkiBundle = "/etc/secureboot"; + # }; boot.loader.systemd-boot.configurationLimit = 3; boot.loader.timeout = 0; boot.loader.efi.canTouchEfiVariables = true;