From 179dd93a5bfdcd07fdafdf176c96d115f1640ae9 Mon Sep 17 00:00:00 2001 From: Harald Hoyer Date: Wed, 25 Mar 2026 10:07:08 +0100 Subject: [PATCH 1/3] feat(attic): disable sudo password for wheel group - Set `security.sudo.wheelNeedsPassword` to `false` in `default.nix`. - Simplifies sudo access for users in the wheel group and aligns with system usage patterns. --- systems/x86_64-linux/attic/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/systems/x86_64-linux/attic/default.nix b/systems/x86_64-linux/attic/default.nix index a0d887c..0ae2954 100644 --- a/systems/x86_64-linux/attic/default.nix +++ b/systems/x86_64-linux/attic/default.nix @@ -29,6 +29,8 @@ boot.loader.efi.canTouchEfiVariables = lib.mkForce false; boot.loader.grub.enable = true; + security.sudo.wheelNeedsPassword = false; + security.tpm2.enable = false; security.tpm2.abrmd.enable = false; From 2ca35ba38d4394973852876b597354030f336a14 Mon Sep 17 00:00:00 2001 From: Harald Hoyer Date: Wed, 25 Mar 2026 10:19:38 +0100 Subject: [PATCH 2/3] feat(attic): switch to systemd-networkd for networking - Replace `dhcpcd` with `systemd-networkd` by setting `networking.useDHCP` to `false` and `networking.useNetworkd` to `true`. - Add a static IPv6 configuration and routes for `enp1s0` in `30-wan`. - Ensures a more streamlined and customizable network configuration. --- systems/x86_64-linux/attic/default.nix | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/systems/x86_64-linux/attic/default.nix b/systems/x86_64-linux/attic/default.nix index 0ae2954..8daa780 100644 --- a/systems/x86_64-linux/attic/default.nix +++ b/systems/x86_64-linux/attic/default.nix @@ -35,7 +35,14 @@ security.tpm2.abrmd.enable = false; networking.wireless.enable = false; - networking.dhcpcd.IPv6rs = true; + networking.useDHCP = false; + networking.useNetworkd = true; + systemd.network.networks."30-wan" = { + matchConfig.Name = "enp1s0"; + networkConfig.DHCP = "ipv4"; + address = [ "2a01:4f9:c014:619::1/64" ]; + routes = [{ Gateway = "fe80::1"; }]; + }; networking.firewall.allowedTCPPorts = [ 8080 ]; networking.firewall.allowPing = true; From e12fc523d6d36133ab3397de0de2a669cbf8dec5 Mon Sep 17 00:00:00 2001 From: Harald Hoyer Date: Wed, 25 Mar 2026 10:19:44 +0100 Subject: [PATCH 3/3] fix(attic): remove unused `$PSQL` alias in postStart script - Replace `$PSQL` with `psql` to use the correct PostgreSQL CLI directly. - Ensures compatibility and prevents potential runtime issues in the systemd service. --- systems/x86_64-linux/attic/atticd.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systems/x86_64-linux/attic/atticd.nix b/systems/x86_64-linux/attic/atticd.nix index b24dd3b..07bacac 100644 --- a/systems/x86_64-linux/attic/atticd.nix +++ b/systems/x86_64-linux/attic/atticd.nix @@ -12,7 +12,7 @@ }; systemd.services.postgresql.postStart = lib.mkAfter '' - $PSQL -tAc 'ALTER DATABASE "attic" OWNER TO "atticd"' + psql -tAc 'ALTER DATABASE "attic" OWNER TO "atticd"' ''; environment.systemPackages = with pkgs; [ attic-client ];