Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revision | |||
| infrastructure:machines:dreamflasher [2026/06/13 19:25] – removed - external edit (Unknown date) 127.0.0.1 | infrastructure:machines:dreamflasher [2026/06/13 19:25] (current) – ↷ Page moved from infrastructure:nixos-boxes:dreamflasher to infrastructure:machines:dreamflasher diamond | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| + | # dreamflasher | ||
| + | |||
| + | ``` | ||
| + | root@dma-dreamflasher | ||
| + | --------------------- | ||
| + | OS: NixOS 26.05.20251130.2d293cb (Yarara) aarch64 | ||
| + | Host: ADLINK Ampere Altra Developer Platform | ||
| + | Kernel: 6.12.59 | ||
| + | Uptime: 5 hours, 11 mins | ||
| + | Packages: 504 (nix-system) | ||
| + | Shell: bash 5.3.3 | ||
| + | Resolution: 1024x768 | ||
| + | Terminal: / | ||
| + | CPU: (128) @ 3.0GHz | ||
| + | GPU: ASPEED Technology, Inc. ASPEED Graphics Family | ||
| + | Memory: 4.24GiB / 125.19GiB (3%) | ||
| + | ``` | ||
| + | |||
| + | - **owner:** `@ellie` | ||
| + | - **admin:** `@diamond`, `@infra-nixos` | ||
| + | - **mac:** `00: | ||
| + | |||
| + | ## Impermanence | ||
| + | |||
| + | This machine runs [Impermanence](https:// | ||
| + | |||
| + | ## Secure Boot Maintenance | ||
| + | |||
| + | This machine uses Secure Boot to ensure that the booted kernel is signed properly. Then from this, TPM2 is used to decrypt the 2 root drives. | ||
| + | |||
| + | > **Note:** We currently don't do mirrored boot properly because [Lanzaboote] doesn' | ||
| + | |||
| + | [Lanzaboote]: | ||
| + | |||
| + | ### Entering Secure Boot Setup Mode | ||
| + | |||
| + | > **Note:** Guide assumes an already running system. It does not cover resetting the system from scratch. | ||
| + | |||
| + | 1. Enter BIOS setup by spamming `Esc` then `Device Manager` | ||
| + | 2. Go into `Secure Boot Configuration` | ||
| + | 3. Switch Secure Boot mode to `Custom mode` | ||
| + | 4. Go to the list of Secure Boot keys, then `PK`, then `Delete PK`. Confirm yes. | ||
| + | 5. Go out, then `Boot Manager`, then boot into NixOS as usual. | ||
| + | 6. Validate setup mode using `sbctl status` and `bootctl status`. | ||
| + | 7. Use `sbctl enroll-keys --microsoft`. | ||
| + | 8. Validate that you're no longer in setup mode via the above commands. | ||
| + | 9. Reboot again. Validate that the system boots fine. | ||
| + | 10. Re-enroll TPM2-backed decryption via [Arch wiki guide](https:// | ||
| + | |||
| + | ===== Power ===== | ||
| + | |||
| + | Despite its 128 cores, the box draws only ~100W under its current compute load — remarkably power-efficient for the workload it carries. | ||
| + | |||
| + | ===== Services & isolation ===== | ||
| + | |||
| + | All of DMA's core services run on dreamflasher, | ||
| + | |||
| + | ===== Networking ===== | ||
| + | |||
| + | A 10Gb NIC with **SR-IOV** virtual functions (VFs) gives each service properly isolated networking, rather than sharing a single software bridge. | ||
| + | |||
| + | ===== Access ===== | ||
| + | |||
| + | SSH access is granted after you're onboarded onto infra. Once onboarded, your SSH keys can be added — contact `@diamond` to get added. Your keys must already be present on your **Codeberg** account first. | ||