feat(tazjin/nixos): persist yggdrasil keys for tverskoy

Change-Id: If2513b009a82a07b90eb06a5dc4db0859aa6c78d
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12584
Autosubmit: tazjin <tazjin@tvl.su>
Reviewed-by: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
This commit is contained in:
Vincent Ambo 2024-10-06 21:07:38 +03:00 committed by clbot
parent 96a78877eb
commit ac4a77d82f
3 changed files with 5 additions and 11 deletions

View file

@ -223,6 +223,7 @@ in
AllowedPublicKeys = [ AllowedPublicKeys = [
"573fd89392e2741ead4edd85034c91c88f1e560d991bbdbf1fccb6233db4d325" # khamovnik "573fd89392e2741ead4edd85034c91c88f1e560d991bbdbf1fccb6233db4d325" # khamovnik
"a56300c3af1ad54840f4b38b9438e3c108a0aa0fd72793dc7d6bd57325c6d691" # zamalek "a56300c3af1ad54840f4b38b9438e3c108a0aa0fd72793dc7d6bd57325c6d691" # zamalek
"301e98e68522f55b3d9fb7a37817eb0e1aeb6478ef1ac124b9915080e9be205f" # tverskoy
"152b658f8a3e0cd6d1486c3cb984795ec7c9a02274c9f096bd2045cabf8bfa92" # A9 "152b658f8a3e0cd6d1486c3cb984795ec7c9a02274c9f096bd2045cabf8bfa92" # A9
"550f4920592d2831d013fd1c83ba9ad174ec352273260fd5d7c2627dbe60d097" # matepad "550f4920592d2831d013fd1c83ba9ad174ec352273260fd5d7c2627dbe60d097" # matepad
]; ];

View file

@ -14,6 +14,7 @@
"/var/lib/bluetooth" "/var/lib/bluetooth"
"/var/lib/systemd/coredump" "/var/lib/systemd/coredump"
"/var/lib/tailscale" "/var/lib/tailscale"
"/var/lib/private/yggdrasil"
"/var/log" "/var/log"
]; ];

View file

@ -28,7 +28,7 @@ lib.fix (self: {
tvl.cache.enable = true; tvl.cache.enable = true;
boot = rec { boot = {
initrd.availableKernelModules = [ "nvme" "ehci_pci" "xhci_pci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; initrd.availableKernelModules = [ "nvme" "ehci_pci" "xhci_pci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
initrd.kernelModules = [ ]; initrd.kernelModules = [ ];
@ -38,10 +38,9 @@ lib.fix (self: {
''; '';
# Install thinkpad modules for TLP # Install thinkpad modules for TLP
extraModulePackages = [ kernelPackages.acpi_call ]; extraModulePackages = [ pkgs.linuxPackages.acpi_call ];
kernelModules = [ "kvm-amd" "i2c_dev" ]; kernelModules = [ "acpi_call" "kvm-amd" "i2c_dev" ];
kernelPackages = pkgs.zfsUnstable.latestCompatibleLinuxPackages;
loader.systemd-boot.enable = true; loader.systemd-boot.enable = true;
loader.efi.canTouchEfiVariables = true; loader.efi.canTouchEfiVariables = true;
}; };
@ -164,12 +163,5 @@ lib.fix (self: {
# android stuff for hacking on Awful.apk # android stuff for hacking on Awful.apk
programs.adb.enable = true; programs.adb.enable = true;
# systemd-oomd seems to have been enabled by default around ~
# December 2022, and it's really into killing my X session as soon
# as I do anything stressful to the machine
systemd.services.systemd-oomd.enable = lib.mkForce false;
environment.systemPackages = [ pkgs.vulkan-tools ];
system.stateVersion = "20.09"; system.stateVersion = "20.09";
}) })