diff options
author | Gregor Kleen <gkleen@yggdrasil.li> | 2021-05-15 15:27:19 +0200 |
---|---|---|
committer | Gregor Kleen <gkleen@yggdrasil.li> | 2021-05-15 15:27:19 +0200 |
commit | 1514c30e46768eb978996660ad46ca8e48cef5b7 (patch) | |
tree | c27da4992f00b4c7372020c367e8560d2355cfc7 | |
parent | 9dddbe15c421b9f62cddee6f8cc4147f9d40cd86 (diff) | |
download | nixos-1514c30e46768eb978996660ad46ca8e48cef5b7.tar nixos-1514c30e46768eb978996660ad46ca8e48cef5b7.tar.gz nixos-1514c30e46768eb978996660ad46ca8e48cef5b7.tar.bz2 nixos-1514c30e46768eb978996660ad46ca8e48cef5b7.tar.xz nixos-1514c30e46768eb978996660ad46ca8e48cef5b7.zip |
...
-rw-r--r-- | accounts/gkleen@sif/default.nix | 2 | ||||
-rw-r--r-- | accounts/gkleen@sif/emacs.el | 25 | ||||
-rw-r--r-- | accounts/gkleen@sif/ssh-hosts.nix | 16 | ||||
-rw-r--r-- | accounts/gkleen@sif/xmonad/lib/XMonad/Prompt/MySsh.hs | 5 | ||||
-rw-r--r-- | accounts/gkleen@sif/xmonad/xmonad.hs | 14 | ||||
-rw-r--r-- | flake.lock | 18 | ||||
-rw-r--r-- | hosts/sif/default.nix | 27 | ||||
-rw-r--r-- | modules/luksroot.nix | 59 | ||||
-rw-r--r-- | user-profiles/core.nix | 1 | ||||
-rw-r--r-- | user-profiles/mpv/default.nix | 8 |
10 files changed, 150 insertions, 25 deletions
diff --git a/accounts/gkleen@sif/default.nix b/accounts/gkleen@sif/default.nix index 5ee7845d..676c12a3 100644 --- a/accounts/gkleen@sif/default.nix +++ b/accounts/gkleen@sif/default.nix | |||
@@ -242,8 +242,6 @@ in { | |||
242 | extraProfileCommands = '' | 242 | extraProfileCommands = '' |
243 | export XDG_DATA_DIRS="${pkgs.gsettings-desktop-schemas}/share/gsettings-schemas/${pkgs.gsettings-desktop-schemas.name}:${pkgs.gtk3}/share/gsettings-schemas/${pkgs.gtk3.name}''${XDG_DATA_DIRS:+:''${XDG_DATA_DIRS}}" | 243 | export XDG_DATA_DIRS="${pkgs.gsettings-desktop-schemas}/share/gsettings-schemas/${pkgs.gsettings-desktop-schemas.name}:${pkgs.gtk3}/share/gsettings-schemas/${pkgs.gtk3.name}''${XDG_DATA_DIRS:+:''${XDG_DATA_DIRS}}" |
244 | ''; | 244 | ''; |
245 | |||
246 | stateVersion = "20.03"; | ||
247 | }; | 245 | }; |
248 | 246 | ||
249 | fonts.fontconfig.enable = true; | 247 | fonts.fontconfig.enable = true; |
diff --git a/accounts/gkleen@sif/emacs.el b/accounts/gkleen@sif/emacs.el index c8356bf2..b22c00f5 100644 --- a/accounts/gkleen@sif/emacs.el +++ b/accounts/gkleen@sif/emacs.el | |||
@@ -68,7 +68,7 @@ | |||
68 | 68 | ||
69 | (setq undo-tree-auto-save-history t) | 69 | (setq undo-tree-auto-save-history t) |
70 | 70 | ||
71 | (defvar expand-file-name-custom-tilde-alist '()) | 71 | (defvar expand-file-name-custom-tilde-alist '(("u2w-dev1" . "/ssh:uni2work-dev1:/home/gkleen/projects/uni2work"))) |
72 | (defun my/add-to-tilde-alist (hash) | 72 | (defun my/add-to-tilde-alist (hash) |
73 | (let* ((tilde:dir (split-string hash "=")) | 73 | (let* ((tilde:dir (split-string hash "=")) |
74 | (tilde (car tilde:dir)) | 74 | (tilde (car tilde:dir)) |
@@ -128,6 +128,29 @@ | |||
128 | (setq ido-everywhere t) | 128 | (setq ido-everywhere t) |
129 | (ido-mode 1) | 129 | (ido-mode 1) |
130 | 130 | ||
131 | (setq tramp-default-method "ssh") | ||
132 | (customize-set-variable 'tramp-use-ssh-controlmaster-options nil) | ||
133 | |||
134 | (setq direnv-enabled-hosts '("uni2work-dev1")) | ||
135 | |||
136 | (defun tramp-sh-handle-start-file-process@my-direnv (args) | ||
137 | "Enable Direnv for hosts in `direnv-enabled-hosts'." | ||
138 | (with-parsed-tramp-file-name (expand-file-name default-directory) nil | ||
139 | (if (member host direnv-enabled-hosts) | ||
140 | (pcase-let ((`(,name ,buffer ,program . ,args) args)) | ||
141 | `(,name | ||
142 | ,buffer | ||
143 | "direnv" | ||
144 | "exec" | ||
145 | ,localname | ||
146 | ,program | ||
147 | ,@args)) | ||
148 | args))) | ||
149 | |||
150 | (with-eval-after-load "tramp-sh" | ||
151 | (advice-add 'tramp-sh-handle-start-file-process | ||
152 | :filter-args #'tramp-sh-handle-start-file-process@my-direnv)) | ||
153 | |||
131 | (setq mail-host-address "sif.midgard.yggdrasil") | 154 | (setq mail-host-address "sif.midgard.yggdrasil") |
132 | (setq user-full-name "Gregor Kleen") | 155 | (setq user-full-name "Gregor Kleen") |
133 | 156 | ||
diff --git a/accounts/gkleen@sif/ssh-hosts.nix b/accounts/gkleen@sif/ssh-hosts.nix index 0db4e342..d47410f4 100644 --- a/accounts/gkleen@sif/ssh-hosts.nix +++ b/accounts/gkleen@sif/ssh-hosts.nix | |||
@@ -91,6 +91,11 @@ | |||
91 | user = "root"; | 91 | user = "root"; |
92 | identityFile = "~/.ssh/uni2work"; | 92 | identityFile = "~/.ssh/uni2work"; |
93 | }; | 93 | }; |
94 | "jump.uniworx4" = | ||
95 | { hostname = "uniworx4.ifi.lmu.de"; | ||
96 | user = "sshjump"; | ||
97 | identityFile = "~/.ssh/sshjump.uni2work"; | ||
98 | }; | ||
94 | "uni2workgw" = | 99 | "uni2workgw" = |
95 | { hostname = "uni2workgw.ifi.lmu.de"; | 100 | { hostname = "uni2workgw.ifi.lmu.de"; |
96 | user = "root"; | 101 | user = "root"; |
@@ -206,4 +211,15 @@ | |||
206 | user = "git"; | 211 | user = "git"; |
207 | identityFile = "~/.ssh/gkleen@gitlab.lrz.de"; | 212 | identityFile = "~/.ssh/gkleen@gitlab.lrz.de"; |
208 | }; | 213 | }; |
214 | "uni2work-dev1" = | ||
215 | { hostname = "uni2work-dev1.ifi.lmu.de"; | ||
216 | user = "gkleen"; | ||
217 | identityFile = "~/.ssh/uni2work"; | ||
218 | proxyJump = "jump.uniworx4"; | ||
219 | localForwards = [ | ||
220 | { bind = { address = "localhost"; port = 3940; }; | ||
221 | host = { address = "localhost"; port = 3940; }; | ||
222 | } | ||
223 | ]; | ||
224 | }; | ||
209 | } | 225 | } |
diff --git a/accounts/gkleen@sif/xmonad/lib/XMonad/Prompt/MySsh.hs b/accounts/gkleen@sif/xmonad/lib/XMonad/Prompt/MySsh.hs index c85d0f92..729941aa 100644 --- a/accounts/gkleen@sif/xmonad/lib/XMonad/Prompt/MySsh.hs +++ b/accounts/gkleen@sif/xmonad/lib/XMonad/Prompt/MySsh.hs | |||
@@ -80,9 +80,12 @@ moshCmd' p c = concat | |||
80 | , " -- " | 80 | , " -- " |
81 | , cCommand c | 81 | , cCommand c |
82 | ] | 82 | ] |
83 | inTmux c | 83 | inTmux Nothing c |
84 | | null $ cCommand c = c { cCommand = "tmux new-session" } | 84 | | null $ cCommand c = c { cCommand = "tmux new-session" } |
85 | | otherwise = c { cCommand = "tmux new-session \"" ++ (cCommand c) ++ "\"" } | 85 | | otherwise = c { cCommand = "tmux new-session \"" ++ (cCommand c) ++ "\"" } |
86 | inTmux (Just h) c | ||
87 | | null $ cCommand c = c { cCommand = "tmux new-session -As " <> h } | ||
88 | | otherwise = c { cCommand = "tmux new-session \"" ++ (cCommand c) ++ "\"" } | ||
86 | withEnv :: [(String, String)] -> Conn -> Conn | 89 | withEnv :: [(String, String)] -> Conn -> Conn |
87 | withEnv envs c = c { cCommand = "env" ++ (concat $ map (\(n, v) -> ' ' : (n ++ "=" ++ v)) envs) ++ " " ++ (cCommand c) } | 90 | withEnv envs c = c { cCommand = "env" ++ (concat $ map (\(n, v) -> ' ' : (n ++ "=" ++ v)) envs) ++ " " ++ (cCommand c) } |
88 | 91 | ||
diff --git a/accounts/gkleen@sif/xmonad/xmonad.hs b/accounts/gkleen@sif/xmonad/xmonad.hs index 8282ed3f..3bf930c0 100644 --- a/accounts/gkleen@sif/xmonad/xmonad.hs +++ b/accounts/gkleen@sif/xmonad/xmonad.hs | |||
@@ -680,7 +680,7 @@ xPConfig = def | |||
680 | , position = Top | 680 | , position = Top |
681 | } | 681 | } |
682 | 682 | ||
683 | sshOverrides = map (\h -> mkOverride { oHost = h, oCommand = moshCmd . inTmux } ) | 683 | sshOverrides host = map (\h -> mkOverride { oHost = h, oCommand = moshCmd . inTmux host} ) |
684 | [ | 684 | [ |
685 | "odin", "odin.asgard.yggdrasil" | 685 | "odin", "odin.asgard.yggdrasil" |
686 | , "ymir", "ymir.yggdrasil.li", "ymir.niflheim.yggdrasil" | 686 | , "ymir", "ymir.yggdrasil.li", "ymir.niflheim.yggdrasil" |
@@ -691,13 +691,17 @@ sshOverrides = map (\h -> mkOverride { oHost = h, oCommand = moshCmd . inTmux } | |||
691 | , "testworx" | 691 | , "testworx" |
692 | ] | 692 | ] |
693 | ++ | 693 | ++ |
694 | map (\h -> mkOverride { oHost = h, oCommand = moshCmd' "/run/current-system/sw/bin/mosh-server" . withEnv [("TERM", "xterm")] . inTmux} ) | 694 | map (\h -> mkOverride { oHost = h, oCommand = moshCmd' "/run/current-system/sw/bin/mosh-server" . withEnv [("TERM", "xterm")] . inTmux host} ) |
695 | [ "bragi", "bragi.asgard.yggdrasil" | 695 | [ "bragi", "bragi.asgard.yggdrasil" |
696 | ] | 696 | ] |
697 | ++ | 697 | ++ |
698 | map (\h -> mkOverride { oHost = h, oCommand = sshCmd . withEnv [("TERM", "xterm")] . inTmux } ) | 698 | map (\h -> mkOverride { oHost = h, oCommand = sshCmd . inTmux host } ) |
699 | [ "uni2work-dev1" | ||
700 | ] | ||
701 | ++ | ||
702 | map (\h -> mkOverride { oHost = h, oCommand = sshCmd . withEnv [("TERM", "xterm")] . inTmux host } ) | ||
699 | [ "remote.cip.ifi.lmu.de" | 703 | [ "remote.cip.ifi.lmu.de" |
700 | , "uniworx3", "uniworx4", "uniworxdb" | 704 | , "uniworx3", "uniworx4", "uniworx5", "uniworxdb2" |
701 | ] | 705 | ] |
702 | 706 | ||
703 | backlight :: (Rational -> Rational) -> X () | 707 | backlight :: (Rational -> Rational) -> X () |
@@ -769,7 +773,7 @@ myKeys' conf host = Map.fromList $ | |||
769 | --, ((modm, xK_d ), spawn "exe=`dmenu_path | dmenu` && eval \"exec $exe\"") | 773 | --, ((modm, xK_d ), spawn "exe=`dmenu_path | dmenu` && eval \"exec $exe\"") |
770 | , ((modm, xK_d ), shellPrompt "Run: " xPConfig) | 774 | , ((modm, xK_d ), shellPrompt "Run: " xPConfig) |
771 | , ((modm .|. shiftMask, xK_d ), prompt "Run in Terminal: " ("urxvtc" ++ " -e") xPConfig) | 775 | , ((modm .|. shiftMask, xK_d ), prompt "Run in Terminal: " ("urxvtc" ++ " -e") xPConfig) |
772 | , ((modm, xK_at ), sshPrompt sshOverrides xPConfig) | 776 | , ((modm, xK_at ), sshPrompt (sshOverrides . Just $ hName host) xPConfig) |
773 | 777 | ||
774 | -- close focused window | 778 | -- close focused window |
775 | , ((modm .|. shiftMask, xK_q ), kill) | 779 | , ((modm .|. shiftMask, xK_q ), kill) |
@@ -7,11 +7,11 @@ | |||
7 | ] | 7 | ] |
8 | }, | 8 | }, |
9 | "locked": { | 9 | "locked": { |
10 | "lastModified": 1618041827, | 10 | "lastModified": 1620692082, |
11 | "narHash": "sha256-17Fzc8rmT6HOarCp+8k9RhmgMorNtzTk/rzew+FqHrA=", | 11 | "narHash": "sha256-s/eBXs4OI47yPWNTKoAg4f/H7wMLyO+VEMmobXkzfI8=", |
12 | "owner": "nix-community", | 12 | "owner": "nix-community", |
13 | "repo": "home-manager", | 13 | "repo": "home-manager", |
14 | "rev": "f567ea8228e0ce718871d7346e444dd15ad702e5", | 14 | "rev": "23769994e8f7b212d9a257799173b120ed87736b", |
15 | "type": "github" | 15 | "type": "github" |
16 | }, | 16 | }, |
17 | "original": { | 17 | "original": { |
@@ -23,11 +23,11 @@ | |||
23 | }, | 23 | }, |
24 | "nixpkgs": { | 24 | "nixpkgs": { |
25 | "locked": { | 25 | "locked": { |
26 | "lastModified": 1618153411, | 26 | "lastModified": 1620889072, |
27 | "narHash": "sha256-xevpO/rTac+Fcf/8KmGGAxdoMN9WoosZTo9tAM8rHKY=", | 27 | "narHash": "sha256-doTvE6myl1h2fxjMw4Atn7EjwzvnYBkGoZEHMepquec=", |
28 | "owner": "NixOS", | 28 | "owner": "NixOS", |
29 | "repo": "nixpkgs", | 29 | "repo": "nixpkgs", |
30 | "rev": "20443c348225791ca7ecb2787f403f4be56ab223", | 30 | "rev": "e948a04cde32f9c2551a773da5742248f6d95b8c", |
31 | "type": "github" | 31 | "type": "github" |
32 | }, | 32 | }, |
33 | "original": { | 33 | "original": { |
@@ -51,11 +51,11 @@ | |||
51 | ] | 51 | ] |
52 | }, | 52 | }, |
53 | "locked": { | 53 | "locked": { |
54 | "lastModified": 1617608551, | 54 | "lastModified": 1618840526, |
55 | "narHash": "sha256-5KMomBp38ujNcz5NBmVaQSpi7k29cc+b+tBPmjGoEJw=", | 55 | "narHash": "sha256-3VAac44xE+kO8o7BQXLqHrAMUQT+XqIK8BcLkEEDwOA=", |
56 | "owner": "Mic92", | 56 | "owner": "Mic92", |
57 | "repo": "sops-nix", | 57 | "repo": "sops-nix", |
58 | "rev": "5e0ea90c782d6cfae13cae0af131a687e44717e9", | 58 | "rev": "4f384662a85804fa2bc1bc1f99e70bb468e76f88", |
59 | "type": "github" | 59 | "type": "github" |
60 | }, | 60 | }, |
61 | "original": { | 61 | "original": { |
diff --git a/hosts/sif/default.nix b/hosts/sif/default.nix index daa37ad9..b090f6a7 100644 --- a/hosts/sif/default.nix +++ b/hosts/sif/default.nix | |||
@@ -62,14 +62,33 @@ | |||
62 | networkmanager = { | 62 | networkmanager = { |
63 | enable = true; | 63 | enable = true; |
64 | dhcp = "internal"; | 64 | dhcp = "internal"; |
65 | dns = "dnsmasq"; | 65 | dns = lib.mkForce "dnsmasq"; |
66 | extraConfig = '' | 66 | extraConfig = '' |
67 | [connectivity] | 67 | [connectivity] |
68 | uri=https://online.yggdrasil.li | 68 | uri=https://online.yggdrasil.li |
69 | ''; | 69 | ''; |
70 | }; | 70 | }; |
71 | 71 | ||
72 | wlanInterfaces = { | ||
73 | wlan0 = { | ||
74 | device = "wlp82s0"; | ||
75 | }; | ||
76 | }; | ||
77 | |||
78 | bonds = { | ||
79 | "lan" = { | ||
80 | interfaces = [ "wlan0" "enp0s31f6" "dock0" ]; | ||
81 | driverOptions = { | ||
82 | miimon = "1000"; | ||
83 | mode = "active-backup"; | ||
84 | primary_reselect = "always"; | ||
85 | }; | ||
86 | }; | ||
87 | }; | ||
88 | |||
72 | dhcpcd.enable = false; | 89 | dhcpcd.enable = false; |
90 | useDHCP = false; | ||
91 | useNetworkd = true; | ||
73 | 92 | ||
74 | interfaces.yggdrasil = { | 93 | interfaces.yggdrasil = { |
75 | virtual = true; | 94 | virtual = true; |
@@ -78,6 +97,9 @@ | |||
78 | }; | 97 | }; |
79 | }; | 98 | }; |
80 | 99 | ||
100 | systemd.services."NetworkManager-wait-online".enable = false; | ||
101 | systemd.services."systemd-networkd-wait-online".enable = false; | ||
102 | |||
81 | environment.etc."NetworkManager/dnsmasq.d/libvirtd_dnsmasq.conf" = { | 103 | environment.etc."NetworkManager/dnsmasq.d/libvirtd_dnsmasq.conf" = { |
82 | text = '' | 104 | text = '' |
83 | server=/sif.libvirt/192.168.122.1 | 105 | server=/sif.libvirt/192.168.122.1 |
@@ -263,9 +285,10 @@ | |||
263 | }; | 285 | }; |
264 | }; | 286 | }; |
265 | 287 | ||
266 | services.udev.extraRules = with pkgs; '' | 288 | services.udev.extraRules = with pkgs; lib.mkAfter '' |
267 | SUBSYSTEM=="power_supply", ENV{POWER_SUPPLY_ONLINE}=="0", RUN+="${systemd}/bin/systemctl --no-block stop ac-plugged.service" | 289 | SUBSYSTEM=="power_supply", ENV{POWER_SUPPLY_ONLINE}=="0", RUN+="${systemd}/bin/systemctl --no-block stop ac-plugged.service" |
268 | SUBSYSTEM=="power_supply", ENV{POWER_SUPPLY_ONLINE}=="1", RUN+="${systemd}/bin/systemctl --no-block start ac-plugged.service" | 290 | SUBSYSTEM=="power_supply", ENV{POWER_SUPPLY_ONLINE}=="1", RUN+="${systemd}/bin/systemctl --no-block start ac-plugged.service" |
291 | ACTION=="add", SUBSYSTEM=="net", DEVTYPE!="?*", ATTR{address}=="3c:e1:a1:b9:cd:e5", NAME="dock0" | ||
269 | ''; | 292 | ''; |
270 | 293 | ||
271 | services.borgbackup = { | 294 | services.borgbackup = { |
diff --git a/modules/luksroot.nix b/modules/luksroot.nix index e1a910d7..abaee692 100644 --- a/modules/luksroot.nix +++ b/modules/luksroot.nix | |||
@@ -140,7 +140,7 @@ let | |||
140 | umount /crypt-ramfs 2>/dev/null | 140 | umount /crypt-ramfs 2>/dev/null |
141 | ''; | 141 | ''; |
142 | 142 | ||
143 | openCommand = name': { name, device, header, keyFile, keyFileSize, keyFileOffset, allowDiscards, yubikey, gpgCard, fido2, clevis, fallbackToPassword, preOpenCommands, postOpenCommands, ... }: assert name' == name; | 143 | openCommand = name': { name, device, header, keyFile, keyFileSize, keyFileOffset, allowDiscards, yubikey, gpgCard, fido2, clevis, dmi, fallbackToPassword, preOpenCommands, postOpenCommands, ... }: assert name' == name; |
144 | let | 144 | let |
145 | csopen = "cryptsetup luksOpen ${device} ${name} ${optionalString allowDiscards "--allow-discards"} ${optionalString (header != null) "--header=${header}"}"; | 145 | csopen = "cryptsetup luksOpen ${device} ${name} ${optionalString allowDiscards "--allow-discards"} ${optionalString (header != null) "--header=${header}"}"; |
146 | cschange = "cryptsetup luksChangeKey ${device} ${optionalString (header != null) "--header=${header}"}"; | 146 | cschange = "cryptsetup luksChangeKey ${device} ${optionalString (header != null) "--header=${header}"}"; |
@@ -451,10 +451,30 @@ let | |||
451 | 451 | ||
452 | ''} | 452 | ''} |
453 | 453 | ||
454 | ${optionalString (luks.dmiSupport && dmi) '' | ||
455 | |||
456 | open_with_hardware() { | ||
457 | dmidecode -s system-uuid > /crypt-ramfs/passphrase | ||
458 | |||
459 | ${csopen} --key-file=- < /crypt-ramfs/passphrase > /dev/null 2> /dev/null | ||
460 | |||
461 | if [ $? -ne 0 ]; then | ||
462 | echo "Unlocking with system-uuid failed, falling back to normal open procedure" | ||
463 | rm -f /crypt-ramfs/passphrase | ||
464 | open_normally | ||
465 | ${optionalString (!luks.reusePassphrases) '' | ||
466 | else | ||
467 | rm -f /crypt-ramfs/passphrase | ||
468 | ''} | ||
469 | fi | ||
470 | } | ||
471 | |||
472 | ''} | ||
473 | |||
454 | # commands to run right before we mount our device | 474 | # commands to run right before we mount our device |
455 | ${preOpenCommands} | 475 | ${preOpenCommands} |
456 | 476 | ||
457 | ${if (luks.yubikeySupport && (yubikey != null)) || (luks.gpgSupport && (gpgCard != null)) || (luks.fido2Support && (fido2.credential != null)) || (luks.clevisSupport && clevis) then '' | 477 | ${if (luks.yubikeySupport && (yubikey != null)) || (luks.gpgSupport && (gpgCard != null)) || (luks.fido2Support && (fido2.credential != null)) || (luks.clevisSupport && clevis) || (luks.dmiSupport && dmi) then '' |
458 | open_with_hardware | 478 | open_with_hardware |
459 | '' else '' | 479 | '' else '' |
460 | open_normally | 480 | open_normally |
@@ -789,6 +809,14 @@ in | |||
789 | ''; | 809 | ''; |
790 | }; | 810 | }; |
791 | 811 | ||
812 | dmi = mkOption { | ||
813 | type = types.bool; | ||
814 | default = false; | ||
815 | description = '' | ||
816 | Unlock device via system-uuid (via dmidecode) | ||
817 | ''; | ||
818 | }; | ||
819 | |||
792 | preOpenCommands = mkOption { | 820 | preOpenCommands = mkOption { |
793 | type = types.lines; | 821 | type = types.lines; |
794 | default = ""; | 822 | default = ""; |
@@ -849,6 +877,14 @@ in | |||
849 | Enables support for unlocking luks volumes via clevis (e.g. with a tpm) | 877 | Enables support for unlocking luks volumes via clevis (e.g. with a tpm) |
850 | ''; | 878 | ''; |
851 | }; | 879 | }; |
880 | |||
881 | boot.initrd.luks.dmiSupport = mkOption { | ||
882 | default = false; | ||
883 | type = types.bool; | ||
884 | description = '' | ||
885 | Enables support for unlocking luks volumes via system-uuid (via dmidecode) | ||
886 | ''; | ||
887 | }; | ||
852 | 888 | ||
853 | }; | 889 | }; |
854 | 890 | ||
@@ -866,6 +902,10 @@ in | |||
866 | { assertion = !(luks.gpgSupport && luks.clevisSupport); | 902 | { assertion = !(luks.gpgSupport && luks.clevisSupport); |
867 | message = "Clevis and GPG Card may not be used at the same time."; | 903 | message = "Clevis and GPG Card may not be used at the same time."; |
868 | } | 904 | } |
905 | |||
906 | { assertion = !(luks.gpgSupport && luks.dmiSupport); | ||
907 | message = "DMI and GPG Card may not be used at the same time."; | ||
908 | } | ||
869 | 909 | ||
870 | { assertion = !(luks.fido2Support && luks.yubikeySupport); | 910 | { assertion = !(luks.fido2Support && luks.yubikeySupport); |
871 | message = "FIDO2 and YubiKey may not be used at the same time."; | 911 | message = "FIDO2 and YubiKey may not be used at the same time."; |
@@ -875,10 +915,18 @@ in | |||
875 | message = "FIDO2 and Clevis may not be used at the same time."; | 915 | message = "FIDO2 and Clevis may not be used at the same time."; |
876 | } | 916 | } |
877 | 917 | ||
918 | { assertion = !(luks.fido2Support && luks.dmiSupport); | ||
919 | message = "FIDO2 and DMI may not be used at the same time."; | ||
920 | } | ||
921 | |||
878 | { assertion = !(luks.yubikeySupport && luks.clevisSupport); | 922 | { assertion = !(luks.yubikeySupport && luks.clevisSupport); |
879 | message = "Clevis and YubiKey may not be used at the same time."; | 923 | message = "Clevis and YubiKey may not be used at the same time."; |
880 | } | 924 | } |
881 | 925 | ||
926 | { assertion = !(luks.yubikeySupport && luks.dmiSupport); | ||
927 | message = "DMI and YubiKey may not be used at the same time."; | ||
928 | } | ||
929 | |||
882 | ]; | 930 | ]; |
883 | 931 | ||
884 | # actually, sbp2 driver is the one enabling the DMA attack, but this needs to be tested | 932 | # actually, sbp2 driver is the one enabling the DMA attack, but this needs to be tested |
@@ -989,6 +1037,10 @@ in | |||
989 | fi | 1037 | fi |
990 | done | 1038 | done |
991 | ''} | 1039 | ''} |
1040 | |||
1041 | ${optionalString luks.dmiSupport '' | ||
1042 | copy_bin_and_libs ${pkgs.dmidecode}/bin/dmidecode | ||
1043 | ''} | ||
992 | ''; | 1044 | ''; |
993 | 1045 | ||
994 | boot.initrd.extraUtilsCommandsTest = '' | 1046 | boot.initrd.extraUtilsCommandsTest = '' |
@@ -1009,6 +1061,9 @@ in | |||
1009 | ${optionalString luks.clevisSupport '' | 1061 | ${optionalString luks.clevisSupport '' |
1010 | $out/bin/jose alg | 1062 | $out/bin/jose alg |
1011 | ''} | 1063 | ''} |
1064 | ${optionalString luks.dmiSupport '' | ||
1065 | $out/bin/dmidecode --version | ||
1066 | ''} | ||
1012 | ''; | 1067 | ''; |
1013 | 1068 | ||
1014 | boot.initrd.preFailCommands = postCommands; | 1069 | boot.initrd.preFailCommands = postCommands; |
diff --git a/user-profiles/core.nix b/user-profiles/core.nix index 8611a0bd..fb80343d 100644 --- a/user-profiles/core.nix +++ b/user-profiles/core.nix | |||
@@ -7,6 +7,7 @@ | |||
7 | 7 | ||
8 | config = { | 8 | config = { |
9 | manual.manpages.enable = true; | 9 | manual.manpages.enable = true; |
10 | home.stateVersion = "20.09"; | ||
10 | }; | 11 | }; |
11 | }; | 12 | }; |
12 | } | 13 | } |
diff --git a/user-profiles/mpv/default.nix b/user-profiles/mpv/default.nix index 045094db..6b0ea076 100644 --- a/user-profiles/mpv/default.nix +++ b/user-profiles/mpv/default.nix | |||
@@ -38,13 +38,15 @@ | |||
38 | passthru.scriptName = "reload.lua"; | 38 | passthru.scriptName = "reload.lua"; |
39 | }; | 39 | }; |
40 | autosave = pkgs.stdenv.mkDerivation rec { | 40 | autosave = pkgs.stdenv.mkDerivation rec { |
41 | version = "0bv9wjrq"; | 41 | version = "744c3ee6"; |
42 | pname = "autosave"; | 42 | pname = "autosave"; |
43 | name = "${pname}-${version}.lua"; | 43 | name = "${pname}-${version}.lua"; |
44 | 44 | ||
45 | src = pkgs.fetchzip { | 45 | src = pkgs.fetchzip { |
46 | url = "https://gist.github.com/Hakkin/5489e511bd6c8068a0fc09304c9c5a82/archive/7a19f7cdb6dd0b1c6878b41e13b244e2503c15fc.zip"; | 46 | url = "https://gist.github.com/CyberShadow/2f71a97fb85ed42146f6d9f522bc34ef/archive/744c3ee61d2f0a8e9bb4e308dec6897215ae4704.zip"; |
47 | sha256 = "0bv9wjrqm2ragd7rp8vw768bja2ghascwlljd6rzzf2ybi10fxs2"; | 47 | hash = "sha256-yxA8wgzdS7SyKLoNTWN87ShsBfPKUflbOu4Y0jS2G3I="; |
48 | # url = "https://gist.github.com/Hakkin/5489e511bd6c8068a0fc09304c9c5a82/archive/7a19f7cdb6dd0b1c6878b41e13b244e2503c15fc.zip"; | ||
49 | # sha256 = "0bv9wjrqm2ragd7rp8vw768bja2ghascwlljd6rzzf2ybi10fxs2"; | ||
48 | }; | 50 | }; |
49 | 51 | ||
50 | installPhase = '' | 52 | installPhase = '' |