Luke Granger-Brown

One of my work colleagues was commenting that they like the Xen PV model - where you have a fairly lightweight hypervisor that runs cooperating kernels (or, as Xen calls them, "domains"). They've been meaning to try out NixOS but couldn't figure out how to build a debootstrap-style root FS.

MOCHAbin is a pretty capable ARM board - it has a quad core ARMv8 Cortex-A72 @ 1400MHz, 8GB of RAM, 16GB of onboard eMMC, not to mention a bunch of Ethernet connectivity (1x 10Gb SFP+ cage, 1x 1Gb SFP cage, a WAN RJ45 port with PoE in, and 4x LAN ports connected to an onboard switch chip).

The main downside for me, however, was the boot firmware. Out of the box, it ships with a pretty ancient build of U-Boot, which fails to properly support UEFI.

Recently I've been thinking about how I could distribute secrets to my NixOS machines in a... relatively... decent way.