mirror of
https://codeberg.org/privacy1st/nix-git
synced 2024-12-23 02:36:05 +01:00
1.3 KiB
1.3 KiB
TODOs
This document contains ideas about possible extensions or improvements of my NixOS configuration. Many more TODOs can be found as comments inside other files of this repository.
-
Monthly BTRFS scrub
- Drives @yodaNas, @yodaHedgehog reach about 45°C
- Control case fan speed by drive temp
-
Script to update, reboot and unlock FDE headless servers.
niv
->colmena apply --on ... --reboot boot
->ssh unlock...
-> Fill in FDE password withexpect
-
Nitrokey LUKS unlock
- Yubikey LUKS: https://nixos.wiki/wiki/Yubikey_based_Full_Disk_Encryption_(FDE)_on_NixOS
- Yubikey LUKS: https://github.com/georgewhewell/nixos-host/blob/master/profiles/luks-yubi.nix
- Old wiki entry, initramfs smartcard LUKS unlock: https://wiki.ubuntu.com/SmartCardLUKSDiskEncryption#SmartCard_Setup
-
Nitrokey PAM log-in
- https://docs.nitrokey.com/pro/linux/login-with-pam
- You have two options:
pam_p11
orPAM Poldi
. - The solution with pam_p11 is more difficult to achieve and is based on S/MIME certificates.
- You have two options:
- I could not find pam-poldi for NixOS :/
- https://docs.nitrokey.com/pro/linux/login-with-pam
-
Impermanence, opt-in to persistence: https://github.com/Misterio77/nix-starter-configs/tree/main#try-opt-in-persistance
-
nix-shell / lorri
- https://ghedam.at/15978/an-introduction-to-nix-shell
- docker-compose.yml for services and nix-shell to run the code
- https://ghedam.at/15978/an-introduction-to-nix-shell