hardware updates

2024-11-12 17:29:43 -08:00 · 2024-11-12 17:29:43 -08:00 · 030430becd
commit 030430becd
parent e610efa978
3 changed files with 20 additions and 9 deletions
--- a/TODOS.md
+++ b/TODOS.md
@ -16,6 +16,13 @@ TODOS
    * [ ] DNS (Dnsmasq or Unbound)
    * [ ] qemu setup
  * P2
+    * [ ] SOPS fixes
+      * [ ] consolidate to single script that works on host or on guest
+      * [ ] If no user key on guest, complain and abort
+      * [ ] Fix error messages that mess with getting fingerprit
+      * [ ] Make sure uid matches <curruser>@localhost, as it tells sops where to look for keyring
+    * [ ] Move hardware config to module config
+      * [ ] DB of hardware, similar to nixos-hardware repo
    * [ ] Backups
    * [ ] Migration of services from HP server, HA
    * [ ] SSO/Authentik
--- a/module.nix
+++ b/module.nix
@ -55,7 +55,11 @@
      adminHashedPassword = lib.mkOption {
        type = lib.types.str;
        default = "";
-        description = "Hashed password for the system admin";
+        description = ''
+          Hashed password for the system admin
+          Generate with:
+          mkpasswd --method=SHA-512 --stdin
+        '';
      };

      authorizedKeys = lib.mkOption {
@ -87,13 +91,6 @@
        default = false;
        description = "Enable dynamic DNS client";
      };
-
-      interval = lib.mkOption {
-        type = lib.types.str;
-        default = "10m";
-        description = "Interval for dynamic DNS client";
-      };
-
      protocol = lib.mkOption {
        type = lib.types.str;
        default = "hetzner";
@ -112,6 +109,12 @@
        description = "Zone for dynamic DNS client";
      };

+      interval = lib.mkOption {
+        type = lib.types.str;
+        default = "10m";
+        description = "Interval for dynamic DNS client";
+      };
+
      domains = lib.mkOption {
        type = lib.types.listOf lib.types.str;
        default = [ "*" "www" "dev" ];
--- a/profiles/hardware-configuration.nix
+++ b/profiles/hardware-configuration.nix
@ -8,7 +8,7 @@
    [ (modulesPath + "/profiles/qemu-guest.nix")
    ];

-  boot.initrd.availableKernelModules = [ "ata_piix" "ahci" "xhci_pci" "virtio_pci" "virtio_blk" "floppy" "sd_mod" "sr_mod"  ];
+  boot.initrd.availableKernelModules = [ "ata_piix" "ahci" "xhci_pci" "nvme" "virtio_pci" "virtio_blk" "floppy" "sd_mod" "sr_mod" "usb_storage" "usbhid" ];
  boot.initrd.kernelModules = [ ];
  boot.kernelModules = [ "kvm-amd" "kvm-intel" ];
  boot.extraModulePackages = [ ];
@ -45,4 +45,5 @@
  # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;

  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 }