jnsgruk

jnsgruk, 21 days ago to random

I bought a robot lawn mower for the new house thinking it would save me time, but now I just spend the time watching the mower instead of pushing one 😂😅

ironicbadger, 1 month ago to random

Is “devops” as a term played out?

jnsgruk, 1 month ago to random

@ironicbadger what was the model of the nvidia GPU you bought specifically for doing the AI bits? :)

jnsgruk, 1 month ago to ubuntu

Today I officially became a #Ubuntu member 😎🤓🚀

popey, 1 month ago to random

Just realised, it's been a couple of weeks and I haven't run "Hugo's Random Benchmark" on this M3 MacBook Pro yet!

2.6s - not bad. Can you do better?

/cc @darkling
https://popey.com/blog/2020/12/counting-to-100-million/

pimeys, 1 month ago to NixOS

Thank you for the TPM2 #NixOS article @jnsgruk. I decided to give it a go last weekend, and it was a bit longer process than 10 minutes. For anybody who struggle to get rid of the password prompt for the LUKS volume, this setting is essential:

boot.initrd.systemd.enable = true;

The initrd must have systemd installed, so the settings defined with systemd-cryptenroll are available during the boot. Alternative way is to use Clevis to encrypt the LUKS password using the TPM module, and invoke it during boot. This is not super complex either, but I kind of like the systemd approach more.

Also the article didn’t mention much about the different PCR ids you can use with TPM. These define the system state when a secret key can be accessed from the TPM module. If any of the policies trigger, the TPM module will not output any secrets and the user needs to enter the LUKS password. The article uses three policies:

• 0: firmware updates
• 2: extended ROMs from pluggable hardware (e.g. USB)
• 7: secure boot disabled, or firmware certificates update

Additionally, one policy is needed to ensure an attacker cannot boot the system to a single user mode from the bootloader:

• 12: kernel config change, e.g. changing the boot parameters.

It is important to wipe the old slots with systemd-cryptenroll when changing the PCRs. Changing them is additional, and doesn’t modify the existing policies.

Edit: and do not wipe the password slot! This will render your disk unbootable.

jnsgruk, 1 month ago to random

s/jammy/noble/g

jnsgruk, 1 month ago to NixOS

🚨 New blog post! 🚨

Over the past few days, I've been writing about Secure Boot, TPMs and how to using lanzaboote to enable secure boot and TPM-backed disk unlocking on #nixos

https://jnsgr.uk/2024/04/nixos-secure-boot-tpm-fde/

jnsgruk, 1 month ago to NixOS

After a few months of maintaining my crafts-flake project, I just landed the final PR upstream in #nixpkgs which means that #rockcraft, #charmcraft and #snapcraft willl soon be readily available to all #NixOS users 😎 🚀

jnsgruk, 2 months ago to random

@popey I was listening to your NUC woes - I had very similar on my Skull Canyon NUC a couple of years ago, and it turned out to be a slowly failing SSD. Frustrated me for months trying to troubleshoot it: it never failed a file system check, and I wasn’t really able to diagnose it until the drive just failed one day…

bashfulrobot, 2 months ago to random

@popey have you seen any GitHub actions to build and publish a snap? I have some old ones that I still own, and want to get away from setting up an env to build when I remember. 😂

jnsgruk, 2 months ago to random

First 3D print on my new Bambu Lab X1 Carbon!

jnsgruk, 3 months ago to NixOS

Last week I was on @selfhostedshow with @ironicbadger and @ChrisLAS. Super fun conversation at the intersection of my home & work tech life - a combination of #Juju and #NixOS 😎

Thanks for having me! 🤩

https://selfhosted.show/118

ironicbadger, 3 months ago to NixOS

#itshappening #nixos is going on the media server!

ironicbadger, 3 months ago (edited 3 months ago) to random

We had @jnsgruk from Canonical on the podcast this week, to talk about contributing to Nix. I could talk about Nix all day!

https://selfhosted.show/118

jnsgruk, 3 months ago to random

Thanks to @cassidy I learned that it's possible to sort git branches by commit date - I really wish I'd known that sooner!

https://github.com/jnsgruk/nixos-config/commit/efde647467450fd01fd4645c9da15757aa9a43d1

jnsgruk, 3 months ago to NixOS

Another day, another blog post!

This time I give a detailed walkthrough of how I packaged Scrutiny, a S.M.A.R.T disk monitoring tool for #nixos.

Let me know if you'd like to see this in a standalone flake, or contributed to #nixpkgs.

Either way, my hard disk monitoring has never looked so good! 🚀

https://jnsgr.uk/2024/02/packaging-scrutiny-for-nixos/

jnsgruk, 4 months ago to NixOS

🚨 New blog post! 🚨

This time I wrote about how I run #NixOS virtual machines inside Github Actions to run end-to-end tests on the "craft" suite of applications from Canonical.

This only (realistically) became possible last year when Github enabled access to KVM accelerated virtual machines in their runners.

https://jnsgr.uk/2024/02/nixos-vms-in-github-actions/

molly0xfff, 4 months ago to random

fuck i love blogs. if i had nothing but time i would just read blogs all day.

jnsgruk, 4 months ago to random

@popey was just listening to Linux Matters - I reckon we could hook up the snapcrafters CI to the new M1 GitHub runners quite easily https://github.blog/2023-10-02-introducing-the-new-apple-silicon-powered-m1-macos-larger-runner-for-github-actions/

Looks like there might be a free tier from what I can see 😎