diff --git a/hosts/sazed/machine.nix b/hosts/sazed/machine.nix index 3651d53..8ed5da5 100755 --- a/hosts/sazed/machine.nix +++ b/hosts/sazed/machine.nix @@ -1,4 +1,4 @@ -{ pkgs, ... }: +{ lib, pkgs, ... }: let RNLCert = builtins.fetchurl { @@ -11,7 +11,7 @@ in boot.binfmt.emulatedSystems = [ "aarch64-linux" "i686-linux" ]; imports = [ - ../../modules/systemd-initrd.nix + # ../../modules/systemd-initrd.nix #Firefox through flatpak (testing) # Not using flatpaked firefox while this isn't solved: # https://github.com/flatpak/flatpak/issues/4525 @@ -22,6 +22,7 @@ in ../../modules/hardware/uefi.nix ../../modules/hardware/zfs.nix + ../../modules/hardware/zfs-unlock.nix ../../modules/core/lanzaboote.nix # ../../modules/core/hardening.nix @@ -30,6 +31,7 @@ in ../../modules/docker.nix ]; + boot.kernelParams = [ "ip=193.136.164.205::193.136.164.222:255.255.255.224::eth0:none" ]; services.zfs.expandOnBoot = "all"; security.pki.certificateFiles = [ "${RNLCert}" ]; users.users.rg.extraGroups = [ "docker" ]; @@ -85,28 +87,32 @@ in }; - boot.initrd.systemd.emergencyAccess = true; - boot.initrd.systemd.services.rollback = { - description = "Rollback root filesystem to a pristine state on boot"; - wantedBy = [ - # "zfs.target" - "initrd.target" - ]; - after = [ - "zfs-import-zpool.service" - ]; - before = [ - "sysroot.mount" - ]; - path = with pkgs; [ - zfs - ]; - unitConfig.DefaultDependencies = "no"; - serviceConfig.Type = "oneshot"; - script = '' - zfs rollback -r zpool/local/root@blank && echo " >> >> rollback complete << <<" - ''; - }; + # boot.initrd.systemd.emergencyAccess = true; + # boot.initrd.systemd.services.rollback = { + # description = "Rollback root filesystem to a pristine state on boot"; + # wantedBy = [ + # # "zfs.target" + # "initrd.target" + # ]; + # after = [ + # "zfs-import-zpool.service" + # ]; + # before = [ + # "sysroot.mount" + # ]; + # path = with pkgs; [ + # zfs + # ]; + # unitConfig.DefaultDependencies = "no"; + # serviceConfig.Type = "oneshot"; + # script = '' + # zfs rollback -r zpool/local/root@blank && echo " >> >> rollback complete << <<" + # ''; + # }; + + boot.initrd.postDeviceCommands = lib.mkAfter '' + zfs rollback -r neonheavypool/local/root@blank + ''; environment.variables = { QEMU_OPTS = diff --git a/hosts/scout/machine.nix b/hosts/scout/machine.nix index 2a5f004..593ef00 100644 --- a/hosts/scout/machine.nix +++ b/hosts/scout/machine.nix @@ -24,9 +24,11 @@ ../../modules/dei.nix ]; + programs.gamemode.enable = true; + services.zfs.expandOnBoot = "all"; - users.users.rg.extraGroups = [ "docker" ]; + users.users.rg.extraGroups = [ "docker" "gamemode" ]; rg = { ip = "192.168.10.1"; diff --git a/hosts/spy/machine.nix b/hosts/spy/machine.nix index 3e3a411..9b1a1ca 100644 --- a/hosts/spy/machine.nix +++ b/hosts/spy/machine.nix @@ -13,7 +13,7 @@ in ../../modules/hardware/uefi.nix ../../modules/hardware/zfs.nix ../../modules/hardware/zfs-unlock.nix - ../../modules/core/lanzaboote.nix + # ../../modules/core/lanzaboote.nix # ../../modules/systemd-initrd.nix # ./library.nix # ../../modules/library/bitmagnet.nix diff --git a/modules/hardware/default.nix b/modules/hardware/default.nix index ee1a144..f0bb2fd 100644 --- a/modules/hardware/default.nix +++ b/modules/hardware/default.nix @@ -9,6 +9,7 @@ in { hardware.cpu.intel.updateMicrocode = isIntel; + programs.cpu-energy-meter.enable = isIntel; services.fwupd.enable = !isVirt; diff --git a/modules/nextcloud.nix b/modules/nextcloud.nix index c2f776c..2549e33 100644 --- a/modules/nextcloud.nix +++ b/modules/nextcloud.nix @@ -34,10 +34,10 @@ in dbname = "nextcloud"; adminpassFile = config.age.secrets.NC-adminpass.path; adminuser = "rg"; - extraTrustedDomains = [ altHost ]; }; #Use system's sendmail utility for e-mails settings = { + trusted_domains = [ altHost ]; trusted_proxies = [ config.rg.ip "127.0.0.1" "192.168.10.9" ]; overwriteprotocol = "https"; default_phone_region = "PT";