From cb26d2646dd22f783c17082cde55c801203ecbe4 Mon Sep 17 00:00:00 2001 From: mjallen18 Date: Mon, 1 Jul 2024 10:44:46 -0500 Subject: [PATCH] fix nas encryption stuffs --- flake.lock | 60 ++++++++++++++++++------------------- hosts/nas/configuration.nix | 59 +++++++++++------------------------- 2 files changed, 47 insertions(+), 72 deletions(-) diff --git a/flake.lock b/flake.lock index 2adb368..40f6964 100644 --- a/flake.lock +++ b/flake.lock @@ -11,11 +11,11 @@ "yafas": "yafas" }, "locked": { - "lastModified": 1719337945, - "narHash": "sha256-huUuEiHzpqex8wiREzXpi8nose3zSFQebOH+eFCIvRQ=", + "lastModified": 1719839252, + "narHash": "sha256-3kMhPtLsg+wi4A0Of0uWzqnI1n1FzNbrDUp1q/UlUc8=", "owner": "chaotic-cx", "repo": "nyx", - "rev": "ea7cff23f3f25e1c6958f29f9aa623234a55d52c", + "rev": "0e99464b8956307678b60ec7540e6cad730ee825", "type": "github" }, "original": { @@ -227,11 +227,11 @@ ] }, "locked": { - "lastModified": 1719180626, - "narHash": "sha256-vZAzm5KQpR6RGple1dzmSJw5kPivES2heCFM+ZWkt0I=", + "lastModified": 1719677234, + "narHash": "sha256-qO9WZsj/0E6zcK4Ht1y/iJ8XfwbBzq7xdqhBh44OP/M=", "owner": "nix-community", "repo": "home-manager", - "rev": "6b1f90a8ff92e81638ae6eb48cd62349c3e387bb", + "rev": "36317d4d38887f7629876b0e43c8d9593c5cc48d", "type": "github" }, "original": { @@ -247,11 +247,11 @@ ] }, "locked": { - "lastModified": 1718530513, - "narHash": "sha256-BmO8d0r+BVlwWtMLQEYnwmngqdXIuyFzMwvmTcLMee8=", + "lastModified": 1719827385, + "narHash": "sha256-qs+nU20Sm8czHg3bhGCqiH+8e13BJyRrKONW34g3i50=", "owner": "nix-community", "repo": "home-manager", - "rev": "a1fddf0967c33754271761d91a3d921772b30d0e", + "rev": "391ca6e950c2525b4f853cbe29922452c14eda82", "type": "github" }, "original": { @@ -268,11 +268,11 @@ ] }, "locked": { - "lastModified": 1719438532, - "narHash": "sha256-/Vmso2ZMoFE3M7d1MRsQ2K5sR8CVKnrM6t1ys9Xjpz4=", + "lastModified": 1719827439, + "narHash": "sha256-tneHOIv1lEavZ0vQ+rgz67LPNCgOZVByYki3OkSshFU=", "owner": "nix-community", "repo": "home-manager", - "rev": "1a4f12ae0bda877ec4099b429cf439aad897d7e9", + "rev": "59ce796b2563e19821361abbe2067c3bb4143a7d", "type": "github" }, "original": { @@ -305,11 +305,11 @@ ] }, "locked": { - "lastModified": 1719292813, - "narHash": "sha256-6w/buoRKo4ijH9O4D/0KjNtiWjtrJebuV7djTEEa0+k=", + "lastModified": 1719631702, + "narHash": "sha256-HMWxIehVO8pHp7OlqBYliiLOds34UJHSRn5FPdEb1j8=", "owner": "Jovian-Experiments", "repo": "Jovian-NixOS", - "rev": "d6222e7818aa5528f8369afe84bc53556a57c329", + "rev": "2f9668e19aff06550cd154c87c0af120735a56a4", "type": "github" }, "original": { @@ -393,11 +393,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1719128254, - "narHash": "sha256-I7jMpq0CAOZA/i70+HDQO/ulLttyQu/K70cSESiMX7A=", + "lastModified": 1719845423, + "narHash": "sha256-ZLHDmWAsHQQKnmfyhYSHJDlt8Wfjv6SQhl2qek42O7A=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "50581970f37f06a4719001735828519925ef8310", + "rev": "ec12b88104d6c117871fad55e931addac4626756", "type": "github" }, "original": { @@ -486,11 +486,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1719487696, - "narHash": "sha256-pCsl9qFCuIuhIfGH03CiBOsy1LNwITC6VMb6/5tz+Qc=", + "lastModified": 1719681865, + "narHash": "sha256-Lp+l1IsREVbz8WM35OJYZz8sAH0XOjrZWUXVB5bJ2qg=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "14aadcba1a26c8c142453839f888afd0db8b2041", + "rev": "a59f00f5ac65b19382617ba00f360f8bc07ed3ac", "type": "github" }, "original": { @@ -502,11 +502,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1719075281, - "narHash": "sha256-CyyxvOwFf12I91PBWz43iGT1kjsf5oi6ax7CrvaMyAo=", + "lastModified": 1719690277, + "narHash": "sha256-0xSej1g7eP2kaUF+JQp8jdyNmpmCJKRpO12mKl/36Kc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a71e967ef3694799d0c418c98332f7ff4cc5f6af", + "rev": "2741b4b489b55df32afac57bc4bfd220e8bf617e", "type": "github" }, "original": { @@ -534,11 +534,11 @@ }, "nixpkgs-stable_2": { "locked": { - "lastModified": 1719426051, - "narHash": "sha256-yJL9VYQhaRM7xs0M867ZFxwaONB9T2Q4LnGo1WovuR4=", + "lastModified": 1719707984, + "narHash": "sha256-RoxIr/fbndtuKqulGvNCcuzC6KdAib85Q8gXnjzA1dw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "89c49874fb15f4124bf71ca5f42a04f2ee5825fd", + "rev": "7dca15289a1c2990efbe4680f0923ce14139b042", "type": "github" }, "original": { @@ -550,11 +550,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1719254875, - "narHash": "sha256-ECni+IkwXjusHsm9Sexdtq8weAq/yUyt1TWIemXt3Ko=", + "lastModified": 1719690277, + "narHash": "sha256-0xSej1g7eP2kaUF+JQp8jdyNmpmCJKRpO12mKl/36Kc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2893f56de08021cffd9b6b6dfc70fd9ccd51eb60", + "rev": "2741b4b489b55df32afac57bc4bfd220e8bf617e", "type": "github" }, "original": { diff --git a/hosts/nas/configuration.nix b/hosts/nas/configuration.nix index 1dc9a62..b2db60c 100644 --- a/hosts/nas/configuration.nix +++ b/hosts/nas/configuration.nix @@ -159,10 +159,13 @@ in consoleLogLevel = 3; bootspec.enable = true; - supportedFilesystems = [ "zfs" ]; - - # zfs.extraPools = [ "junk" ]; - # zfs.requestEncryptionCredentials = false; + initrd = { + kernelModules = [ "tpm" "tpm_tis" "tpm_crb" "tpm_infineon" ]; + systemd = { + enable = true; + enableTpm2 = true; + }; + }; }; security.tpm2 = { @@ -286,33 +289,6 @@ in }; systemd.services = { - # nas-mounts = { - # path = [ - # pkgs.zfs - # pkgs.bash - # pkgs.tpm2-tools - # ]; - - # wantedBy = [ "multi-user.target" ]; - - # script = '' - # tpm2_nvread 0x1500016 -C o -s 65 > /tmp/mainpool - # tpm2_nvread 0x1600016 -C o -s 65 > /tmp/ssd - - # zfs load-key -L file:///tmp/mainpool "MainPool" - # zfs load-key -L file:///tmp/ssd "SSD" - - # rm /tmp/mainpool - # rm /tmp/ssd - # ''; - - # description = "Unlock ZFS pool using fTPM"; - # requires = [ "zfs-import-MainPool.service" "zfs-import-SSD.service" ]; - # after = [ "zfs-import-MainPool.service" "zfs-import-SSD.service" ]; - # before = [ "zfs-mount.service" ]; - # serviceConfig.Type = "oneshot"; - # serviceConfig.RemainAfterExit = true; - # }; glances-server = { path = [ @@ -376,7 +352,7 @@ in hdd2 UUID=11ee92b0-6334-4be7-bb2d-d85f5a3f51a6 none tpm2-device=auto hdd3 UUID=4463ea6f-3fcf-4e49-80c8-ba7f424471f0 none tpm2-device=auto hdd4 UUID=13fe7737-b72b-4d5f-a79d-1ca0d438f8f0 none tpm2-device=auto - hdd5 UUID=11ee92b0-6334-4be7-bb2d-d85f5a3f51a6 none tpm2-device=auto + hdd5 UUID=2b4be219-613d-4512-8277-0260989d5377 none tpm2-device=auto ''; # List packages installed in system profile. To search, run: @@ -502,7 +478,7 @@ in "docker" "podman" "libvirtd" - "nas-apps" + "nix-apps" "jallen-nas" ]; # Enable ‘sudo’ for the user. initialHashedPassword = password; @@ -599,7 +575,6 @@ in ]; }; - fileSystems."/media/nas/main/3d_printer" = { device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28"; fsType = "btrfs"; @@ -708,14 +683,14 @@ in ]; }; - fileSystems."/media/nas/main/vms" = { - device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28"; - fsType = "btrfs"; - options = [ - "subvol=vms" - "compress=zstd" - ]; - }; + # fileSystems."/media/nas/main/vms" = { + # device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28"; + # fsType = "btrfs"; + # options = [ + # "subvol=vms" + # "compress=zstd" + # ]; + # }; # This option defines the first version of NixOS you have installed on this particular machine, # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.