mirror of
https://codeberg.org/privacy1st/nix-git
synced 2024-12-23 02:36:05 +01:00
1.3 KiB
1.3 KiB
TODOs
This document contains ideas about possible extensions or improvements of my NixOS configuration.
-
Monthly BTRFS scrub
- Drives @yodaNas, @yodaHedgehog reach about 45°C
- Control case fan speed by drive temp
-
Script to update, reboot and unlock FDE headless servers.
niv
->colmena apply --on ... --reboot boot
->ssh unlock...
-> Fill in FDE password withexpect
-
Nitrokey LUKS unlock
- Yubikey LUKS: https://nixos.wiki/wiki/Yubikey_based_Full_Disk_Encryption_(FDE)_on_NixOS
- Yubikey LUKS: https://github.com/georgewhewell/nixos-host/blob/master/profiles/luks-yubi.nix
- Old wiki entry, initramfs smartcard LUKS unlock: https://wiki.ubuntu.com/SmartCardLUKSDiskEncryption#SmartCard_Setup
-
Nitrokey PAM log-in
- https://docs.nitrokey.com/pro/linux/login-with-pam
- You have two options:
pam_p11
orPAM Poldi
. - The solution with pam_p11 is more difficult to achieve and is based on S/MIME certificates.
- You have two options:
- I could not find pam-poldi for NixOS :/
- https://docs.nitrokey.com/pro/linux/login-with-pam
-
Impermanence, opt-in to persistence: https://github.com/Misterio77/nix-starter-configs/tree/main#try-opt-in-persistance
-
nix-shell / lorri
- https://ghedam.at/15978/an-introduction-to-nix-shell
- docker-compose.yml for services and nix-shell to run the code
- https://ghedam.at/15978/an-introduction-to-nix-shell