stuffs

2026-02-02 11:13:19 -06:00
parent 187b478c5d
commit 8fa82bce90
9 changed files with 56 additions and 117 deletions
--- a/modules/nixos/boot/common/default.nix
+++ b/modules/nixos/boot/common/default.nix
@@ -25,6 +25,7 @@ in
    boot = {

      kernelModules = [ "kvm" ];
+      kernelParams = lib.mkDefault [ "quiet" "splash" "udev.log_level=3" ];

      binfmt = lib.mkIf isArm {
        registrations."x86_64-linux" = {
@@ -38,37 +39,20 @@ in
        };
      };

-      supportedFilesystems = [ "bcachefs" ];
+      supportedFilesystems = lib.mkDefault [ "bcachefs" ];

-      consoleLogLevel = lib.mkForce 3;
+      consoleLogLevel = lib.mkDefault 0;
      bootspec.enable = (!isArm);

      initrd = {
-        #   secrets = {
-        #     "/etc/clevis/nuc-nixos.jwe" = (lib.snowfall.fs.get-file "secrets/nuc-nixos.jwe");
-        #   };
-
-        # systemd.services."unlock-disk" = {
-        #   enable = false;
-        #   path = [
-        #     pkgs.clevis
-        #     pkgs.bcachefs-tools
-        #   ];
-        #   script = ''
-        #     ${pkgs.clevis}/bin/clevis decrypt < "/etc/clevis/nuc-nixos.jwe"
-        #     # | ${pkgs.bcachefs-tools}/bin/bcachefs unlock -k session /dev/disk/by-label/disk-main-nuc-nixos-bcachefs-root
-        #   '';
-        #   wantedBy = [ "initrd-root-fs.target" ];
-        #   requiredBy = [ "initrd-root-fs.target" ];
-        #   serviceConfig = {
-        #     Type = "oneshot";
-        #     TimeoutSec = "10s";
-        #   };
-        # };
-
-        # clevis = mkIf (config.${namespace}.hardware.disko.filesystem == "bcachefs"){
-        #   enable = true;
-        # };
+        verbose = lib.mkDefault false;
+        availableKernelModules = [ "bcachefs" ];
+        kernelModules = {
+          bcachefs = true;
+        };
+        systemd.storePaths = with pkgs; [
+          bcachefs-tools
+        ];

        luks = mkIf cfg.yubikeyEncryption {
          devices = {
--- a/modules/nixos/services/arrs/default.nix
+++ b/modules/nixos/services/arrs/default.nix
@@ -37,6 +37,8 @@ let
        templates = {
          "sabnzbd.ini" = {
            mode = "660";
+            owner = "nix-apps";
+            group = "jallen-nas";
            restartUnits = [ "sabnzbd.service" ];
            content = ''
              misc.password=${config.sops.placeholder."jallen-nas/sabnzbd/password"}
--- a/modules/nixos/sops/default.nix
+++ b/modules/nixos/sops/default.nix
@@ -42,6 +42,10 @@ in
        group = config.users.users."${user}".group;
      };

+      "disk-key" = {
+        mode = "0600";
+      };
+
      # ------------------------------
      # SSH keys
      # ------------------------------