Lillian-Violet/NixOS-Config
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

disable secure boot shodan, updates to other stuff

Browse source
This commit is contained in:
Lillian Violet 2024-03-20 16:43:19 +01:00
parent 4078aa6690
commit 9b2fbd4ae5
4 changed files with 47 additions and 48 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

80
flake.lock
View file

@ -52,11 +52,11 @@
]
},
"locked": {
"lastModified": 1710648418,
"narHash": "sha256-DW8l1iofy9lYeZaHLX89Wvvry2mzp2R2Yk4cM5pjB8g=",
"lastModified": 1710785672,
"narHash": "sha256-tEP/amp09fSKeTBrcHWAYr/tQ0g2ZxJQlnCiZDi6qtY=",
"owner": "famedly",
"repo": "conduit",
"rev": "a8da61e5b7152da0925f9f9f25056144d24fe4a6",
"rev": "81bc1fc4e324c4798dc7b7e3cec94495a94455e0",
"type": "gitlab"
},
"original": {
@ -137,11 +137,11 @@
]
},
"locked": {
"lastModified": 1710427903,
"narHash": "sha256-sV0Q5ndvfjK9JfCg/QM/HX/fcittohvtq8dD62isxdM=",
"lastModified": 1710724748,
"narHash": "sha256-aXlifKr6Brg0SBUBgRNEBaZf3JLUeGhM9BX2gam+vvo=",
"owner": "nix-community",
"repo": "disko",
"rev": "21d89b333ca300bef82c928c856d48b94a9f997c",
"rev": "c09c3a9639690f94ddff44c3dd25c85602e5aeb2",
"type": "github"
},
"original": {
@ -348,11 +348,11 @@
"systems": "systems_3"
},
"locked": {
"lastModified": 1709126324,
"narHash": "sha256-q6EQdSeUZOG26WelxqkmR7kArjgWCdw5sfJVHPH/7j8=",
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "d465f4819400de7c8d874d50b982301f28a84605",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"type": "github"
},
"original": {
@ -390,11 +390,11 @@
]
},
"locked": {
"lastModified": 1710532761,
"narHash": "sha256-SUXGZNrXX05YA9G6EmgupxhOr3swI1gcxLUeDMUhrEY=",
"lastModified": 1710820906,
"narHash": "sha256-2bNMraoRB4pdw/HtxgYTFeMhEekBZeQ53/a8xkqpbZc=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "206f457fffdb9a73596a4cb2211a471bd305243d",
"rev": "022464438a85450abb23d93b91aa82e0addd71fb",
"type": "github"
},
"original": {
@ -410,16 +410,16 @@
"nixpkgs": "nixpkgs_3"
},
"locked": {
"lastModified": 1710404304,
"narHash": "sha256-tYsUAsZgt9TT7d+r1KRYHWyBRWedJ39SXNBVSCQVsGQ=",
"owner": "Jovian-Experiments",
"repo": "Jovian-NixOS",
"rev": "ffa51458aec4d53aac85b6dee1ee2ec29f4e953f",
"lastModified": 1710856083,
"narHash": "sha256-kG/jMBaXlt+6LxL5uqOut9H1flEpLkAv7IezFKs4djA=",
"owner": "Lillian-Violet",
"repo": "Jovian-NixOS-bcachefs",
"rev": "2d9c09d9016af9ac8311c30f5b8a6f9a7ae6a427",
"type": "github"
},
"original": {
"owner": "Jovian-Experiments",
"repo": "Jovian-NixOS",
"owner": "Lillian-Violet",
"repo": "Jovian-NixOS-bcachefs",
"type": "github"
}
},
@ -434,11 +434,11 @@
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1710171982,
"narHash": "sha256-WFMB+Yohcvego1/vOtaq+MJ8Wvp5meOANfNifg26Ie4=",
"lastModified": 1710837180,
"narHash": "sha256-WVkLclGrUliLJUl+XaJplo09VdxyqHxZtkEmmDW2QYY=",
"owner": "nix-community",
"repo": "lanzaboote",
"rev": "19ad7fd5724f30868748b8156ff25be838cd2bc5",
"rev": "ded8d23709f94aedb1407bee9e26581f258e9e3a",
"type": "github"
},
"original": {
@ -506,11 +506,11 @@
},
"nixlib": {
"locked": {
"lastModified": 1710031547,
"narHash": "sha256-pkUg3hOKuGWMGF9WEMPPN/G4pqqdbNGJQ54yhyQYDVY=",
"lastModified": 1710636348,
"narHash": "sha256-/kB+ZWSdkZjbZ0FTqm0u84sf2jFS+30ysaEajmBjtoY=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "630ebdc047ca96d8126e16bb664c7730dc52f6e6",
"rev": "fa827dda806c5aa98f454da4c567991ab8ce422c",
"type": "github"
},
"original": {
@ -527,11 +527,11 @@
]
},
"locked": {
"lastModified": 1710398463,
"narHash": "sha256-fQlYanU84E8uwBpcoTCcLCwU8cqn0eQ7nwTcrWfSngc=",
"lastModified": 1710722910,
"narHash": "sha256-P5p9+WQFuABoBXBKEK1ZYu8mD6q8j/cQwZ9OYb0oh2E=",
"owner": "nix-community",
"repo": "nixos-generators",
"rev": "efd4e38532b5abfaa5c9fc95c5a913157dc20ccb",
"rev": "e63df01c798b99a76dc2ec25481be7dd25cd1610",
"type": "github"
},
"original": {
@ -542,11 +542,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1710622004,
"narHash": "sha256-6zR642tXcZzzk3C8BHxlCrR0yh8z8zMXLiuXpWDIpX0=",
"lastModified": 1710783728,
"narHash": "sha256-eIsfu3c9JUBgm3cURSKTXLEI9Dlk1azo+MWKZVqrmkc=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "968952f950a59dee9ed1e8799dda38c6dfa1bad3",
"rev": "1e679b9a9970780cd5d4dfe755a74a8f96d33388",
"type": "github"
},
"original": {
@ -638,11 +638,11 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1710669607,
"narHash": "sha256-kNj0Ka1/rkQRcigYTa1c5B6IcFuxDgM3s9jYuKUhxyM=",
"lastModified": 1710827359,
"narHash": "sha256-/KY8hffTh9SN/tTcDn/FrEiYwTXnU8NKnr4D7/stmmA=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "6af7e814afb3b62171eee1edc31989ee61528d25",
"rev": "5710127d9693421e78cca4f74fac2db6d67162b1",
"type": "github"
},
"original": {
@ -670,11 +670,11 @@
},
"nixpkgs_4": {
"locked": {
"lastModified": 1710078301,
"narHash": "sha256-BQ3v+XPPz5dLiw2AqUEga++yfKRhqJANUqzqNL518pk=",
"lastModified": 1710672219,
"narHash": "sha256-Bp3Jsq1Jn8q4EesBlcOVNwnEipNpzYs73kvR3+3EUC4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "73d699a6ff1e83df3fd6c1e60931e13667b8ae14",
"rev": "f471be9644f3ab2f3cb868de1787ab70a537b0e7",
"type": "github"
},
"original": {
@ -860,11 +860,11 @@
]
},
"locked": {
"lastModified": 1710036830,
"narHash": "sha256-pnV4gO3N/7/GzyRSKTRlSfS/19KJiPSvYcL4apnSkoQ=",
"lastModified": 1710641527,
"narHash": "sha256-R9JZEevtSyg7++LEryYJRrfyEe45azJxmu2k9VezEW0=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "d09dac6a63a2ac4b74ac2ecdc19acd8c46c2da2c",
"rev": "50db54295d3922a3b7a40d580b84d75150b36c34",
"type": "github"
},
"original": {

2
flake.nix
View file

@ -46,7 +46,7 @@
lanzaboote.url = "github:nix-community/lanzaboote";
# Jovian nixos (steam deck)
jovian.url = "github:Lillian-Violet/Jovian-NixOS-bcachefs";
jovian.url = "github:Jovian-Experiments/Jovian-NixOS";
# Home manager
home-manager.url = "github:nix-community/home-manager/master";

3
nixos/hosts/shodan/auto-mount.nix
View file

@ -6,8 +6,6 @@
pkgs,
...
}: {
environment.systemPackages = with pkgs; [auto-mount];
services.udev.extraRules = ''
KERNEL=="sd[a-z]|sd[a-z][0-9]", ACTION=="add", RUN+="${pkgs.systemd}/bin/systemctl start --no-block external-drive-mount@%k.service"
KERNEL=="sd[a-z]|sd[a-z][0-9]", ACTION=="remove", RUN+="${pkgs.systemd}/bin/systemctl stop --no-block external-drive-mount@%k.service"
@ -17,6 +15,7 @@
KERNEL=="nvme0n1p9|nvme0n1p1[0-9]", ACTION=="remove", RUN+="${pkgs.systemd}/bin/systemctl stop --no-block external-drive-mount@%k.service"
'';
systemd.services."external-drive-mount@" = {
path = with pkgs; [jq coreutils udisks];
enable = true;
description = "Mount External Drive on %i";
serviceConfig = {

10
nixos/hosts/shodan/configuration.nix
View file

@ -211,13 +211,13 @@
# This setting is usually set to true in configuration.nix
# generated at installation time. So we force it to false
# for now.
boot.loader.systemd-boot.enable = lib.mkForce false;
boot.loader.systemd-boot.enable = true;
boot.initrd.systemd.enable = true;
boot.lanzaboote = {
enable = true;
pkiBundle = "/etc/secureboot";
};
# boot.lanzaboote = {
# enable = true;
# pkiBundle = "/etc/secureboot";
# };
boot.loader.systemd-boot.configurationLimit = 3;
boot.loader.timeout = 0;
boot.loader.efi.canTouchEfiVariables = true;