+1 -1

secrets/agenix.nix

reviewed

··· 1 1 # This is my agenix setup for all things SecretOps on my NixOS and home-manager 2 2 - # configurations. 2 2 + # configurations. This may be unused due to usage of agenix-rekey. 3 3 { lib, pkgs, config, ... }: 4 4 5 5 let

+1 -1

shared/networking.nix

reviewed

··· 13 13 ]; 14 14 15 15 # systemd-resolved related settings 16 16 - boot.initrd.services.resolved.enable = true; 17 16 services.resolved.enable = true; 17 17 + boot.initrd.services.resolved.enable = true; 18 18 services.resolved.settings.Resolve = { 19 19 DNSSEC = "false"; # https://superuser.com/a/1493674 20 20 # Commented this out since Tailscale do thee heavy work for MagicDNS

+19 -1

shared/systemd.nix

reviewed

··· 1 1 - { ... }: 1 1 + { lib, config, pkgs, ... }: 2 2 3 3 { 4 4 services.timesyncd = { ··· 16 16 "3.asia.pool.ntp.org" 17 17 ]; 18 18 }; 19 19 + 20 20 + # use systemd for boot stage 1 21 21 + boot.initrd.systemd = { 22 22 + enable = true; 23 23 + extraBin = { 24 24 + bash = "${pkgs.bash}/bin/bash"; 25 25 + utils = "${pkgs.busybox}/bin/busybox"; 26 26 + }; 27 27 + }; 28 28 + boot.initrd.network.ssh.enable = true; 29 29 + boot.initrd.network.ssh.authorizedKeys = with ./ssh-keys.nix; [ 30 30 + personal.y2022 31 31 + personal.passwordless 32 32 + personal.rp.gildedguy 33 33 + work.recaptime-dev.crew 34 34 + fido2Keys.hackclub_yubikey.main 35 35 + fido2Keys.hackclub_yubikey.backup 36 36 + ]; 19 37 }