feat,fix: cach up hostkey0 with structure changes, update x13s and config firewall

2024-03-07 22:01:03 +01:00 · 2024-03-07 22:01:03 +01:00 · f779649c0c
commit f779649c0c
parent b144c4501f
8 changed files with 79 additions and 58 deletions
--- a/nix/os/devices/steveej-x13s/configuration.nix
+++ b/nix/os/devices/steveej-x13s/configuration.nix
@ -13,6 +13,7 @@
    enable = true;
    # TODO: use hardware address
    bluetoothMac = "65:9e:7a:8b:86:28";
+    kernel = "jhovold";
  };

  services.illum.enable = true;
@ -65,6 +66,7 @@
    ./disko.nix

    ../../snippets/nix-settings.nix
+    ../../snippets/nix-settings-holo-chain.nix
    ../../profiles/common/user.nix

    {
@ -81,6 +83,21 @@
      };
    }

+    # TODO: create syncthing os snippet
+    (let
+      tcp = [22000];
+      udp = [
+        22000
+        21027
+      ];
+    in {
+      # TODO: upstream feature for inverse rule to work: `! --in-interface zt+`
+      networking.firewall.interfaces."en+".allowedTCPPorts = tcp;
+      networking.firewall.interfaces."en+".allowedUDPPorts = udp;
+      networking.firewall.interfaces."wl+".allowedTCPPorts = tcp;
+      networking.firewall.interfaces."wl+".allowedUDPPorts = udp;
+    })
+
    ../../snippets/home-manager-with-zsh.nix
    ../../snippets/sway-desktop.nix
    ../../snippets/bluetooth.nix
@ -132,6 +149,23 @@
    loader.efi.canTouchEfiVariables = lib.mkForce false;
    loader.efi.efiSysMountPoint = "/boot";
    blacklistedKernelModules = ["wwan"];
+
+    # kernelParams = let
+    #   dtbName = "sc8280xp-lenovo-thinkpad-x13s.dtb";
+    # in lib.mkForce [
+    #   # needed to boot
+    #   "dtb=${dtbName}"
+
+    #   # jhovold recommended
+    #   "efi=noruntime"
+    #   "clk_ignore_unused"
+    #   "pd_ignore_unused"
+    #   # "regulator_ignore_unused"
+    #   "arm64.nopauth"
+
+    #   # blacklist graphics in initrd so the firmware can load from disk
+    #   "rd.driver.blacklist=msm"
+    # ];
  };

  # see https://linrunner.de/tlp/
@ -145,12 +179,20 @@
  };

  # android on linux
-  virtualisation.waydroid.enable = true;
+  virtualisation.waydroid.enable = false;
  virtualisation.podman.enable = true;
  virtualisation.podman.dockerCompat = true;

  hardware.ledger.enable = true;

+  nix.settings.substituters = [
+    "https://nixos-x13s.cachix.org"
+  ];
+
+  nix.settings.trusted-public-keys = [
+    "nixos-x13s.cachix.org-1:SzroHbidolBD3Sf6UusXp12YZ+a5ynWv0RtYF0btFos="
+  ];
+
  steveej.holo-zerotier = {
    enable = true;
    autostart = false;
--- a/nix/os/devices/steveej-x13s/flake.lock
+++ b/nix/os/devices/steveej-x13s/flake.lock
@ -7,11 +7,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1709286488,
-        "narHash": "sha256-RDpTZ72zLu05djvXRzK76Ysqp9zSdh84ax/edEaJucs=",
+        "lastModified": 1709682352,
+        "narHash": "sha256-71S/64RbyADT6FUVJq4WLiNbmcxFvgMsSihf/C2Hgno=",
        "owner": "nix-community",
        "repo": "disko",
-        "rev": "bde7dd352c07d43bd5b8245e6c39074a391fdd46",
+        "rev": "ad5e8bd14df2e6bdb836582577dc163318617738",
        "type": "github"
      },
      "original": {
@ -95,16 +95,16 @@
        "nixpkgs": "nixpkgs"
      },
      "locked": {
-        "lastModified": 1709138783,
-        "narHash": "sha256-RyX9TPeMEcRLVTaHJzXepIn1EhixNMFJzfNIWwjcfhA=",
-        "ref": "refs/tags/2024-02-28",
-        "rev": "af581b2b9506a66ddf6d6f99cf151a86bb2919bb",
-        "revCount": 35,
+        "lastModified": 1709651788,
+        "narHash": "sha256-zxyGf3cCfAvYyURL1HKhpKyA14EkolG5jBmWvz0Xxjg=",
+        "ref": "main",
+        "rev": "4d55c266488f93ed022e2f6d2848420b59f4a56a",
+        "revCount": 38,
        "type": "git",
        "url": "https://codeberg.org/adamcstephens/nixos-x13s"
      },
      "original": {
-        "ref": "refs/tags/2024-02-28",
+        "ref": "main",
        "type": "git",
        "url": "https://codeberg.org/adamcstephens/nixos-x13s"
      }
@ -161,11 +161,11 @@
    },
    "nixpkgs-unstable-small": {
      "locked": {
-        "lastModified": 1709271102,
-        "narHash": "sha256-Z2sBL/HRRTNABsU8E5XsP+FXBEyBoi6oMwm5bV7lSFw=",
+        "lastModified": 1709558755,
+        "narHash": "sha256-hx4FIbk4X4ve1oiHLOj+VE6dzO4CtXBR5RSU6kaq34M=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "09c1497ce5d4ed4a0edfdd44450d3048074cb300",
+        "rev": "207107bbc7d6d19a8b2c36a088d3756d03490243",
        "type": "github"
      },
      "original": {
@ -177,11 +177,11 @@
    },
    "nixpkgs_2": {
      "locked": {
-        "lastModified": 1709218635,
-        "narHash": "sha256-nytX/MkfqeTD4z7bMq4QRXcHxO9B3vRo9tM6fMtPFA8=",
+        "lastModified": 1709569716,
+        "narHash": "sha256-iOR44RU4jQ+YPGrn+uQeYAp7Xo7Z/+gT+wXJoGxxLTY=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "068d4db604958d05d0b46c47f79b507d84dbc069",
+        "rev": "617579a787259b9a6419492eaac670a5f7663917",
        "type": "github"
      },
      "original": {
--- a/nix/os/devices/steveej-x13s/flake.nix
+++ b/nix/os/devices/steveej-x13s/flake.nix
@ -18,8 +18,8 @@
      inputs.nixpkgs.follows = "nixpkgs";
    };

-    # nixos-x13s.url = "git+https://codeberg.org/adamcstephens/nixos-x13s?ref=main";
-    nixos-x13s.url = "git+https://codeberg.org/adamcstephens/nixos-x13s?ref=refs/tags/2024-02-28";
+    nixos-x13s.url = "git+https://codeberg.org/adamcstephens/nixos-x13s?ref=main";
+    # nixos-x13s.url = "git+https://codeberg.org/adamcstephens/nixos-x13s?ref=refs/tags/2024-02-28";
    # nixos-x13s.url = "path:/home/steveej/src/others/nixos-x13s";
    # nixos-x13s.inputs.nixpkgs.follows = "nixpkgs";
  };