From 444de85266265d1b9a27ca0c2820606c22f45cbd Mon Sep 17 00:00:00 2001
From: Tristan Druyen <tristan@vault81.de>
Date: Wed, 26 Mar 2025 00:20:18 +0100
Subject: [PATCH] Fmt & fix inet for tether & add iso pkg

---
 flake.nix                                     |  12 +++-
 home-mods/shell/default.nix                   |   9 ++-
 os-mods/ryzenapu/default.nix                  |   5 +-
 pkgs/miraclecast.nix                          |   1 -
 ...5182b8b59ae075c09-tristand_passwd_hash.age | Bin 0 -> 441 bytes
 ...fceb88a8ac9aa592e2bd7ad37050f-oeko-smb.age |   8 +++
 ...520a68df8c74eba9558-tester_passwd_hash.age | Bin 470 -> 0 bytes
 ...72726e87096a9ec145a-tester_passwd_hash.age | Bin 0 -> 373 bytes
 ...e067a9832580d7899-tristand_passwd_hash.age |   9 ---
 ...71a3e62472d160241e0d2497a3b57-oeko-smb.age |   8 ---
 systems/nixos-fw16/default.nix                |  31 +++++----
 systems/nixos-fw16/disks.nix                  |  61 +++++++-----------
 users/admin-thin.nix                          |   2 +-
 13 files changed, 72 insertions(+), 74 deletions(-)
 create mode 100644 secrets/rekeyed/nixos-fw16/1e80b286118d1a05182b8b59ae075c09-tristand_passwd_hash.age
 create mode 100644 secrets/rekeyed/nixos-fw16/259fceb88a8ac9aa592e2bd7ad37050f-oeko-smb.age
 delete mode 100644 secrets/rekeyed/nixos-fw16/3f7ba2027615b520a68df8c74eba9558-tester_passwd_hash.age
 create mode 100644 secrets/rekeyed/nixos-fw16/9632fb41a7c8b72726e87096a9ec145a-tester_passwd_hash.age
 delete mode 100644 secrets/rekeyed/nixos-fw16/d4ebce9353c576be067a9832580d7899-tristand_passwd_hash.age
 delete mode 100644 secrets/rekeyed/nixos-fw16/d9071a3e62472d160241e0d2497a3b57-oeko-smb.age

diff --git a/flake.nix b/flake.nix
index 1c05f67..3f946ee 100644
--- a/flake.nix
+++ b/flake.nix
@@ -238,7 +238,17 @@
     in
     {
       formatter."${system}" = pkgs.nixpkgs-fmt;
-      packages."${system}" = import ./pkgs { inherit pkgs lib config; };
+      packages."${system}" =
+        import ./pkgs { inherit pkgs lib config; }
+        // {
+          rescue-iso =
+            let
+              mod = "${inputs.nixos-images}/nix/image-installer/module.nix";
+              os = nixpkgs.legacyPackages.${system}.nixos [ mod ];
+              iso = os.config.system.build.isoImage;
+            in
+            iso;
+        };
       diskoConfigurations = {
         nixos-desk = import ./systems/nixos-desk/disko.nix;
         nixos-pulse = import ./systems/nixos-pulse/disko.nix;
diff --git a/home-mods/shell/default.nix b/home-mods/shell/default.nix
index b42ed64..b847fa2 100644
--- a/home-mods/shell/default.nix
+++ b/home-mods/shell/default.nix
@@ -17,13 +17,20 @@ let
     ref = "main";
     rev = "c7392136bed264258c9b8788b14410e1ff06d602";
   };
-  myEmacs = (pkgs.emacsPackagesFor pkgs.emacs-unstable-pgtk).emacsWithPackages (epkgs:
+  myEmacs = (pkgs.emacsPackagesFor pkgs.emacs).emacsWithPackages (epkgs:
     with epkgs; [
       vterm
       treesit-grammars.with-all-grammars
       inputs.nix-emacs-extra.packages."${system}".doom-dashboard
       inputs.nix-emacs-extra.packages."${system}".ultra-scroll
     ]);
+  # myEmacs = (pkgs.emacsPackagesFor pkgs.emacs-unstable-pgtk).emacsWithPackages (epkgs:
+  #   with epkgs; [
+  #     vterm
+  #     treesit-grammars.with-all-grammars
+  #     inputs.nix-emacs-extra.packages."${system}".doom-dashboard
+  #     inputs.nix-emacs-extra.packages."${system}".ultra-scroll
+  # ]);
 in
 {
   programs = {
diff --git a/os-mods/ryzenapu/default.nix b/os-mods/ryzenapu/default.nix
index 2945269..4900016 100644
--- a/os-mods/ryzenapu/default.nix
+++ b/os-mods/ryzenapu/default.nix
@@ -19,8 +19,9 @@
   ];
   systemd =
     let
-      tcl = "85";
-      coall = "1048561"; # 1048561 = 0x100000 - 15(mV) $ math "0x100000-15" # slight undervolt
+      tcl = "80";
+      # coall = "1048561"; # 1048561 = 0x100000 - 15(mV) $ math "0x100000-15" # slight undervolt
+      coall = " 1048576";  # no oc?
       defaults = "--tctl-temp=${tcl} --set-coall=${coall}";
     in
     {
diff --git a/pkgs/miraclecast.nix b/pkgs/miraclecast.nix
index f46f858..a4ab898 100644
--- a/pkgs/miraclecast.nix
+++ b/pkgs/miraclecast.nix
@@ -18,7 +18,6 @@
 , relyUdev ? true
 ,
 }:
-
 let
   gstreamerPluginPaths = lib.concatMapStrings (pth: pth + "/lib/gstreamer-1.0:") [
     (lib.getLib gst_all_1.gstreamer)
diff --git a/secrets/rekeyed/nixos-fw16/1e80b286118d1a05182b8b59ae075c09-tristand_passwd_hash.age b/secrets/rekeyed/nixos-fw16/1e80b286118d1a05182b8b59ae075c09-tristand_passwd_hash.age
new file mode 100644
index 0000000000000000000000000000000000000000..3c76fa0ad7ae2130f6aeef474eb0fcfb0919aca8
GIT binary patch
literal 441
zcmV;q0Y?5|XJsvAZewzJaCB*JZZ2<fXD@a!3N1b$b8~1dWn?lnH8D9LZb2|@Zc!ju
zXGvvGZAe;EX-zV8Y*I!@GGuaiHghvMbTv<SGgwY9VO2SCd2TgDGdK!JS#VBnSV4MM
zQciJiLuf&GZE1Q>IC(fYR8lK7Yc^OgVoFLxS4TE6d20$SJ|H?=eKIs{EoX9NVRL05
zHBe6qVJ~@Pa8grbFiCJwX<AY@dP!kqH+D~XL}*T9XKz$$GemM`Zc9%_HaJ6BLQXP7
zNkMHmc499<a5-a1X?9gM3Uxs*cv^RKPBK$XLSbV~T1`u3YC>@}QZG+5MS6H|Y<Ffe
zOA0M5Eg(=bLV0vqc1T52XIVp6W_WFJaxrIdS7SIsLq>NrYH4axSx{{@ZE|LLO$u;t
zj}5_Sl~3jRMny?1_N6Kr6{lCnia-9+-xq>npnVxTJt7jBy0Up%CkZ~|lx+ee5V|-y
zL6LnT;m8gZbwSu;4I>{wM~`+6Q+=H=EnM2v5HE=#0ASuD0m<Eof`+NY+8JeC21Z5U
jYws5lbpigjp+!t9^MS|C<Y#XR1BfA8(Nkf#9<vB0mI#~s

literal 0
HcmV?d00001

diff --git a/secrets/rekeyed/nixos-fw16/259fceb88a8ac9aa592e2bd7ad37050f-oeko-smb.age b/secrets/rekeyed/nixos-fw16/259fceb88a8ac9aa592e2bd7ad37050f-oeko-smb.age
new file mode 100644
index 0000000..32ceb3d
--- /dev/null
+++ b/secrets/rekeyed/nixos-fw16/259fceb88a8ac9aa592e2bd7ad37050f-oeko-smb.age
@@ -0,0 +1,8 @@
+age-encryption.org/v1
+-> ssh-ed25519 nA0mnQ WtsuBNNRDJ2qBqqfKPYBjsG5J8RA1FLG22V4rcpmIAs
++b/BJpaLA/TCIMwRg0c7eO8UqIa+KPgpaOTmpVeW60k
+-> m-grease
+RCMzLSoDYLRPgxDe1bS2EOXDAD19QYDO3UI/0tzYNOGvcEMnHw
+--- WBgm8Vf3dtFoPsTbBIoS73fD824cOm5COYSz66dcvYQ
+¢˜6æ…{šÑ;æà³
+‰Ä÷³üJm‡	<<WÐ’ÑÇ§‚×É]øÎ/ú‰5YÅOò‘§¢ÝaÐ>Î÷ÒZ7ª†ó"y
\ No newline at end of file
diff --git a/secrets/rekeyed/nixos-fw16/3f7ba2027615b520a68df8c74eba9558-tester_passwd_hash.age b/secrets/rekeyed/nixos-fw16/3f7ba2027615b520a68df8c74eba9558-tester_passwd_hash.age
deleted file mode 100644
index ecbaa2c63c56e66ec7d7be1c48c4ee632eddbeed..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 470
zcmV;{0V)1rXJsvAZewzJaCB*JZZ2<fXD@a!3N1b$b8~1dWn?lnH8D9LO>t*bQ9&S6
zQ%Gh=T5NW5aaVakGHG)#FE~<Db#_WrNJlnKWq4I=HFj!4RB19dSWOB>FGW;kF-28N
zG-5A9PIop>QfonYMQkupX>nmiWKDNLadt8_V`O(~Q)>z>J|Id}VL&Zsa%Ew2Wgv86
zP9Q)tRc28jGI)G#L1b_&3RXjIRAo;|c1T%yX;e~fZERR+X=G$nFlSV0T316yaY<z`
zSXpaiSZ-QpWj1+6Y%xJLaY{05D^)OXM^{a7R|-{PD=SV%FKKpVST;p@Pgq(~b8k#e
zbv1KgFi=ZKG($8)LuNxmWl%LkXmmL?R7-a?bvFtvEiE8UXl`s%Z%|1>ZgDw5ZDnm(
zdQn0+Q%+e$Wp6QIHD)<=OLJ~*H#TKUOic>P<G!fcY@fD8A|64ibXGf>>!jCgfS(MV
znXEM`)ZSLSEGO|igPS1M*4gjVTJY7kqc7#8kkz5-5s~>*zJ*#ZR}T-OC%K&F(9H<}
zV53JwNB}8iqeMuglE=sj^CdPnbfA<Cgx$0K)(n2o12dB3TtYbopvcwob(maM&2{Tu
M@vON;on#8PyHWVEc>n+a

diff --git a/secrets/rekeyed/nixos-fw16/9632fb41a7c8b72726e87096a9ec145a-tester_passwd_hash.age b/secrets/rekeyed/nixos-fw16/9632fb41a7c8b72726e87096a9ec145a-tester_passwd_hash.age
new file mode 100644
index 0000000000000000000000000000000000000000..625ad59a04e8b0c953b9be8fcd3c37691de92bb7
GIT binary patch
literal 373
zcmV-*0gC=%XJsvAZewzJaCB*JZZ2<fXD@a!3N1b$b8~1dWn?lnH8D9LZb2|@Zc!jq
zMtNgxLQGM1NMck{M|e$8IagFSW=dLTQ)4n#M0Zy)X+ukCbxw6-Fii?jPGvYRP*zkq
zNN+S}T5U&DMrvqjbyzcOF;h@)PDWZuM^|WhMolwia&HPPJ|HDxD<W?#XL4m>b7cxQ
zH#k{gM?zUIVsv*`PdP*~P*r15HfmH@b~$KPK~^_PFfn;mQ3@?BEg(xPWk@$}P-J;S
zSX4z(H$r4<cSuiqb}>|XL~=<@b#P-iD`RX!F*ZVYQ3??w5&HX>D0aBNH+}5%NXu5p
z#Ub+!NOFvF%rFcfCM^D|?<>&I0<qE-DF6aXf>57=o}Ygl)<>l>m8{({{BUqmjo*~9
z{eX1C1Xok!rY@ODc64JP!#z{457Z(ffMWP}yz!Q!4DXrYIgN~Yqc~6u*LfKGO-mE5
TO}hOy4kd-eRC31SZv?ah#6ygG

literal 0
HcmV?d00001

diff --git a/secrets/rekeyed/nixos-fw16/d4ebce9353c576be067a9832580d7899-tristand_passwd_hash.age b/secrets/rekeyed/nixos-fw16/d4ebce9353c576be067a9832580d7899-tristand_passwd_hash.age
deleted file mode 100644
index afe3bb6..0000000
--- a/secrets/rekeyed/nixos-fw16/d4ebce9353c576be067a9832580d7899-tristand_passwd_hash.age
+++ /dev/null
@@ -1,9 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 MqgTQA kHKU7lp3SvhVlgDk8qBbQU+nrV8O84CLtR32ZGATDw4
-1E9KyKzKwio7ltF1H36tSLWSao0TPNNlbwJAwxhw3CI
--> +&-grease
-y1YrcXJ8+mGdSTrJywOZM/E8jbHPSX9rARC6uKOHgESGkH1NWsINbEk0/1fYHi62
-6Y+k9Ig9oX7taekoNCU
---- lgK5w16T9LaMc6yoWW+h+zVNyuKuoEoeJi8p7lura1Q
-X
-¢ò&ÃbZ[IßC>ÊÔ˜ÐžWp¼²ˆŠŠ?èµ ä[˜š-]À)HY¦(u/Ý°šÄÃ»¹É–Ý÷Þ^æ‘¨à@„9öõýxVG.¾n£9»°‡Rr¡ŸàŽxzJf±ÛwK‡zbq÷ZÖ©ùf»FÎÓ‹ê=†½¼Œ„P
\ No newline at end of file
diff --git a/secrets/rekeyed/nixos-fw16/d9071a3e62472d160241e0d2497a3b57-oeko-smb.age b/secrets/rekeyed/nixos-fw16/d9071a3e62472d160241e0d2497a3b57-oeko-smb.age
deleted file mode 100644
index 9c97c4f..0000000
--- a/secrets/rekeyed/nixos-fw16/d9071a3e62472d160241e0d2497a3b57-oeko-smb.age
+++ /dev/null
@@ -1,8 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 MqgTQA 7y3on/Y6P89gncEtSzn6dak659D+C0jT0Lo711yQaQ0
-bsILI8jRG8MFJ2xSowtYyNYHPbcZmS+OFBbTrn7vNgo
--> a-grease /3
-faRjVzpKpTOBeDIZVd+uK9AGzVH7LYbIH3QiTZMHE+zE21fI6yjGEQyIE2jsVhTq
-q/PxcbNtJ9fZ2JCU43lGX7DveIYT7Z84vX955I3BkIppgQ4
---- dNDrqjg89dlNEf3ZkyW0fU7OyETfVPtRAw7JcRJxQ1o
-ŠâCØ¯“DXo¤Ø‚Á?9±ÿ©u°iÉÝ”s„çrºÞ©wyB¶~umÈ¹¶3Dæ€MÓëÏÅbé2táì€j`zDñXù
\ No newline at end of file
diff --git a/systems/nixos-fw16/default.nix b/systems/nixos-fw16/default.nix
index 4299c08..488590c 100644
--- a/systems/nixos-fw16/default.nix
+++ b/systems/nixos-fw16/default.nix
@@ -27,7 +27,9 @@
     ./disks.nix
   ];
 
-  age.rekey.hostPubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIRFEtmoq36QmvAwv/xIVdvaf+B9Scbm5cUFFkP/c1nS root@nixos-f16";
+  # age.rekey.hostPubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIRFEtmoq36QmvAwv/xIVdvaf+B9Scbm5cUFFkP/c1nS root@nixos-f16";
+  age.rekey.hostPubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIANI+JugoOABEG49405FrbVwbTT/cbYamNZC5Tb01/xp root@nixos-fw16";
+
   nix.settings.builders-use-substitutes = true;
   nix.distributedBuilds = true;
   nix.buildMachines = [ ];
@@ -127,17 +129,17 @@
     };
   };
 
-  specialisation = {
-    linux-latest.configuration = {
-      boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
-    };
-    linux-zen.configuration = {
-      boot.kernelPackages = lib.mkForce pkgs.linuxPackages_zen;
-    };
-    linux-cachyos.configuration = {
-      boot.kernelPackages = lib.mkForce pkgs.linuxPackages_cachyos;
-    };
-  };
+  # specialisation = {
+  # linux-latest.configuration = {
+  #   boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
+  # };
+  # linux-zen.configuration = {
+  #   boot.kernelPackages = lib.mkForce pkgs.linuxPackages_zen;
+  # };
+  # linux-cachyos.configuration = {
+  #   boot.kernelPackages = lib.mkForce pkgs.linuxPackages_cachyos;
+  # };
+  # };
   boot = {
     # kernelPackages = pkgs.linuxPackages_latest; # bootstrap
     # kernelPackages = pkgs.linuxPackages_zen; # bootstrap
@@ -165,7 +167,8 @@
     loader = {
       timeout = 0;
       systemd-boot = {
-        enable = false; # due to lanzaboote
+        # enable = false; # due to lanzaboote
+        enable = true; # bootstrap
         configurationLimit = 12;
 
         memtest86.enable = true;
@@ -175,7 +178,7 @@
     };
 
     lanzaboote = {
-      enable = true;
+      # enable = true;
       configurationLimit = 12;
       # pkiBundle = "/etc/secureboot";
       pkiBundle = "/var/lib/sbctl";
diff --git a/systems/nixos-fw16/disks.nix b/systems/nixos-fw16/disks.nix
index 37fd754..ce4e4fb 100644
--- a/systems/nixos-fw16/disks.nix
+++ b/systems/nixos-fw16/disks.nix
@@ -16,8 +16,8 @@
 
   config = {
     boot = {
-      supportedFilesystems = [ "bcachefs" "vfat" ];
-      initrd.supportedFilesystems = [ "bcachefs" "vfat" ];
+      supportedFilesystems = [ "btrfs" "vfat" ];
+      initrd.supportedFilesystems = [ "btrfs" "vfat" ];
       initrd.luks.devices =
         lib.attrsets.mergeAttrsList
           (
@@ -38,45 +38,32 @@
           );
     };
 
-    fileSystems =
-      let
-        automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s";
-        perm_opts = "uid=1001,gid=100";
-        smb_opts = [
-          "vers=3,credentials=/home/tristand/.smb-secrets"
-          perm_opts
-          automount_opts
+    fileSystems = {
+      "/" = {
+        device = "/dev/mapper/crypt_ssd_4t_data";
+        # device = "UUID=f89215ba-3313-42d3-8f68-051ad2453870";
+        fsType = "btrfs";
+        options = [
+          "rw"
+          "autodefrag"
+          "compress=zstd"
+          "discard=async"
+          "relatime"
+          "space_cache=v2"
+          "ssd"
         ];
-        sshfs_opts = [
-          "allow_other,_netdev,reconnect,ServerAliveInterval=15,IdentityFile=/var/secrets/id_ed25519"
-          perm_opts
-          automount_opts
-        ];
-      in
-      {
-        "/" = {
-          device = "/dev/mapper/crypt_ssd_4t_data";
-          # device = "UUID=f89215ba-3313-42d3-8f68-051ad2453870";
-          fsType = "bcachefs";
-          options = [ "relatime" ];
-        };
-
-        "/boot" = {
-          device = "/dev/disk/by-uuid/05A2-6A8A";
-          fsType = "vfat";
-          options = [ "fmask=0022" "dmask=0022" ];
-        };
-
-        # "/mnt/media_v2" = {
-        #  device = "root@23.88.68.113:/media_v2";
-        #  fsType = "sshfs";
-        #  options = sshfs_opts;
-        # };
       };
 
+      "/boot" = {
+        device = "/dev/disk/by-uuid/05A2-6A8A";
+        fsType = "vfat";
+        options = [ "fmask=0022" "dmask=0022" ];
+      };
+    };
+
     swapDevices = [
-      { device = "/dev/disk/by-uuid/a8f478f0-ad5e-47ae-8e18-63060f7e5706"; }
-      { device = "/dev/disk/by-uuid/59987b2a-c5c5-4547-95ad-f0d1dcdf8458"; }
+      # { device = "/dev/disk/by-uuid/a8f478f0-ad5e-47ae-8e18-63060f7e5706"; }
+      # { device = "/dev/disk/by-uuid/59987b2a-c5c5-4547-95ad-f0d1dcdf8458"; }
     ];
 
     system.fsPackages = [ pkgs.sshfs ];
diff --git a/users/admin-thin.nix b/users/admin-thin.nix
index ffe08c4..0a3d299 100644
--- a/users/admin-thin.nix
+++ b/users/admin-thin.nix
@@ -8,7 +8,7 @@
   imports = [
     ../home-mods/audio
     ../home-mods/common
-    ../home-mods/firefox
+    ../home-mods/firefox/zen-browser.nix
     # ../home-mods/plasma
     ../home-mods/shell
   ];