idk hard broken

2025-10-08 15:43:51 -05:00
parent 02b5dd32a2
commit 8677ca747a
14 changed files with 740 additions and 574 deletions
--- a/systems/x86_64-linux/jallen-nas/boot.nix
+++ b/systems/x86_64-linux/jallen-nas/boot.nix
@@ -5,7 +5,7 @@
  ...
 }:
 let
-  kernel = pkgs.linuxPackages;
+  kernel = pkgs.linuxPackages_latest;
 in
 {
  # Configure bootloader with lanzaboot and secureboot
@@ -19,7 +19,7 @@ in
      clevis = {
        enable = false;
        devices = {
-          "/dev/disk/by-label/nas_pool".secretFile = config.sops.secrets."jallen-nas/nas_pool".path;
+          "/dev/disk/by-label/nas_pool".secretFile = "/etc/clevis/nas_pool.jwe";
        };
      };
    };
--- a/systems/x86_64-linux/jallen-nas/default.nix
+++ b/systems/x86_64-linux/jallen-nas/default.nix
@@ -21,7 +21,7 @@ in
    ./sops.nix
  ];

-  services.kmscon.enable = true;
+  services.kmscon.enable = false;

  powerManagement.cpuFreqGovernor = "powersave";

@@ -36,7 +36,7 @@ in
    # #                   Desktop                     # #
    # ###################################################

-    desktop.cosmic = disabled;
+    desktop.cosmic = enabled;

    # ###################################################
    # #                 Development                   # #
@@ -58,8 +58,8 @@ in
    hardware = {
      disko = {
        enable = true;
-        enableSwap = true;
-        enableLuks = false;
+        enableSwap = false;
+        enableLuks = true;
      };

      amd = {
@@ -134,7 +134,7 @@ in
          10200
          10300
          8127
-          6060
+          8280
          9943 # onlyoffice
          4000 # netbootxyz
          4080 # netbootxyz
@@ -148,6 +148,8 @@ in
          9012

          8192
+          3000
+          2222
        ];
        allowedUDPPorts = config.${namespace}.network.firewall.allowedTCPPorts;
      };
@@ -245,13 +247,15 @@ in
    fsType = "bcachefs";
    mountPoint = "/media/nas/main";
    options = [
-      "noauto"
+      # "noauto"
      "nofail"
      # "x-systemd.mount-timeout=0"
      # "x-systemd.device-timeout=0"
    ];
  };

+  boot.initrd.luks.devices.cryptroot.device = "/dev/disk/by-partlabel/disk-main-jallen-nas-cryptroot";
+
  boot.initrd.systemd.services."unlock-bcachefs-media-nas-main".enable = false;
  systemd.services."unlock-bcachefs-media-nas-main".enable = false;

--- a/systems/x86_64-linux/jallen-nas/users.nix
+++ b/systems/x86_64-linux/jallen-nas/users.nix
@@ -21,6 +21,7 @@ in
          "jallen-nas"
          "docker"
          "podman"
+          "keys"
        ];
        hashedPasswordFile = passwordFile;
      };