View Page

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
infrastructure:nixos-boxes:dreamflasher [2026/01/12 00:45] – created diamondinfrastructure:nixos-boxes:dreamflasher [2026/01/12 06:46] (current) diamond
Line 1: Line 1:
 # dreamflasher # dreamflasher
  
-- **hostname:** `dma-dreamflasher` +``` 
-**os:** nixos+root@dma-dreamflasher  
 +---------------------  
 +OSNixOS 26.05.20251130.2d293cb (Yarara) aarch64  
 +Host: ADLINK Ampere Altra Developer Platform  
 +Kernel: 6.12.59  
 +Uptime: 5 hours, 11 mins  
 +Packages: 504 (nix-system)  
 +Shell: bash 5.3.3  
 +Resolution: 1024x768  
 +Terminal: /dev/pts/0  
 +CPU: (128) @ 3.0GHz  
 +GPU: ASPEED Technology, Inc. ASPEED Graphics Family  
 +Memory: 4.24GiB / 125.19GiB (3%)  
 +```
  
-## Entering Secure Boot Setup Mode+- **owner:** `@ellie` 
 +- **admin:** `@diamond`, `@infra-nixos` 
 +- **mac:** `00:30:64:76:4c:b3` 
 + 
 +## Impermanence 
 + 
 +This machine runs [Impermanence](https://nixos.wiki/wiki/Impermanence)! Specifically, it runs a custom impermanence-inspired module written by `@ellie`. This means that on every boot, the entire filesystem except for those stated to be persisted in the machine's NixOS configuration will be wiped clean. For more information on the why, read [Erase Your Darlings](https://grahamc.com/blog/erase-your-darlings/). 
 + 
 +## Secure Boot Maintenance 
 + 
 +This machine uses Secure Boot to ensure that the booted kernel is signed properly. Then from this, TPM2 is used to decrypt the 2 root drives. 
 + 
 +> **Note:** We currently don't do mirrored boot properly because [Lanzaboote] doesn't support it properly. The server almost certainly only boots from one drive currently, despite mirroring root to both via ZFS. 
 + 
 +[Lanzaboote]: https://github.com/nix-community/lanzaboote 
 + 
 +### Entering Secure Boot Setup Mode 
 + 
 +> **Note:** Guide assumes an already running system. It does not cover resetting the system from scratch.
  
 1. Enter BIOS setup by spamming `Esc` then `Device Manager` 1. Enter BIOS setup by spamming `Esc` then `Device Manager`
Line 16: Line 47:
 9. Reboot again. Validate that the system boots fine. 9. Reboot again. Validate that the system boots fine.
 10. Re-enroll TPM2-backed decryption via [Arch wiki guide](https://wiki.archlinux.org/title/Systemd-cryptenroll#Trusted_Platform_Module). 10. Re-enroll TPM2-backed decryption via [Arch wiki guide](https://wiki.archlinux.org/title/Systemd-cryptenroll#Trusted_Platform_Module).
-