View Page

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
infrastructure:nixos-boxes:dreamflasher [2026/01/12 00:46] diamondinfrastructure:nixos-boxes:dreamflasher [2026/01/12 06:46] (current) diamond
Line 1: Line 1:
 # dreamflasher # dreamflasher
  
-- **hostname:** `dma-dreamflasher`+``` 
 +root@dma-dreamflasher  
 +---------------------  
 +OS: NixOS 26.05.20251130.2d293cb (Yarara) aarch64  
 +Host: ADLINK Ampere Altra Developer Platform  
 +Kernel: 6.12.59  
 +Uptime: 5 hours, 11 mins  
 +Packages: 504 (nix-system)  
 +Shell: bash 5.3.3  
 +Resolution: 1024x768  
 +Terminal: /dev/pts/0  
 +CPU: (128) @ 3.0GHz  
 +GPU: ASPEED Technology, Inc. ASPEED Graphics Family  
 +Memory: 4.24GiB / 125.19GiB (3%)  
 +``` 
 + 
 +- **owner:** `@ellie` 
 +**admin:** `@diamond`, `@infra-nixos`
 - **mac:** `00:30:64:76:4c:b3` - **mac:** `00:30:64:76:4c:b3`
-- **os:** nixos 
  
-## Entering Secure Boot Setup Mode+## Impermanence 
 + 
 +This machine runs [Impermanence](https://nixos.wiki/wiki/Impermanence)! Specifically, it runs a custom impermanence-inspired module written by `@ellie`. This means that on every boot, the entire filesystem except for those stated to be persisted in the machine's NixOS configuration will be wiped clean. For more information on the why, read [Erase Your Darlings](https://grahamc.com/blog/erase-your-darlings/). 
 + 
 +## Secure Boot Maintenance 
 + 
 +This machine uses Secure Boot to ensure that the booted kernel is signed properly. Then from this, TPM2 is used to decrypt the 2 root drives. 
 + 
 +> **Note:** We currently don't do mirrored boot properly because [Lanzaboote] doesn't support it properly. The server almost certainly only boots from one drive currently, despite mirroring root to both via ZFS. 
 + 
 +[Lanzaboote]: https://github.com/nix-community/lanzaboote 
 + 
 +### Entering Secure Boot Setup Mode
  
 > **Note:** Guide assumes an already running system. It does not cover resetting the system from scratch. > **Note:** Guide assumes an already running system. It does not cover resetting the system from scratch.
Line 19: Line 47:
 9. Reboot again. Validate that the system boots fine. 9. Reboot again. Validate that the system boots fine.
 10. Re-enroll TPM2-backed decryption via [Arch wiki guide](https://wiki.archlinux.org/title/Systemd-cryptenroll#Trusted_Platform_Module). 10. Re-enroll TPM2-backed decryption via [Arch wiki guide](https://wiki.archlinux.org/title/Systemd-cryptenroll#Trusted_Platform_Module).
-