Posts

One of my systems at home runs NixOS and receives some (encrypted) backups via zfs send/zfs recv shenanigans. I don't want to actually decrypt these at boot, but I forgot to set boot.zfs.requestEncryptionCredentials appropriate, so I got dropped into a systemd recovery prompt.

The mousewheel on my Prime Wireless mouse recently broke - it would "click" but was free-scrolling and had a fair amount of wiggle to left and right, so it effectively just turned into a middle mouse button.

One of my work colleagues was commenting that they like the Xen PV model - where you have a fairly lightweight hypervisor that runs cooperating kernels (or, as Xen calls them, "domains"). They've been meaning to try out NixOS but couldn't figure out how to build a debootstrap-style root FS.

MOCHAbin is a pretty capable ARM board - it has a quad core ARMv8 Cortex-A72 @ 1400MHz, 8GB of RAM, 16GB of onboard eMMC, not to mention a bunch of Ethernet connectivity (1x 10Gb SFP+ cage, 1x 1Gb SFP cage, a WAN RJ45 port with PoE in, and 4x LAN ports connected to an onboard switch chip).

The main downside for me, however, was the boot firmware. Out of the box, it ships with a pretty ancient build of U-Boot, which fails to properly support UEFI.

Recently I've been thinking about how I could distribute secrets to my NixOS machines in a... relatively... decent way.

As a foreword: the below solution is not recommended - it relies on a prerelease version of FreeNAS for some of its functionality, which isn't supported.

FreeNAS 10 comes with the ability to bind to a FreeIPA directory. Hooray! Let's try it out.

Just a quick note to remind myself, when I inevitably forget.

The built-in GnuPG smartcard support doesn't really work particularly well, in my experience, with the YubiKey Neo. To fix this (and use pcscd) instead, put the following in ~/.gnupg/scdaemon.conf:

I bought a Razer Blade Stealth recently as an ultrabook I can take to lectures and just generally use when I'm out and about as a companion to the Pixel C I'm already using. Generally just for those annoying edgecases where it's not quite enough to just have Android ;)

As a followup to my previous post, I was trying to create an Apple Remote Desktop installer. This is usually something that's fairly trivial:

I successfully broke my computer again. Oops. I can watch systemd boot my system and then once my display manager (in my case, sddm) takes over, kaput.

This must, by now, be my fifth or sixth attempt at a blog. As per usual, I'll tell myself that I'll do better this time, and I'll write regularly, and post when I find solutions to interesting problems.