feat: add sd flash command and rekey ages

2026-03-21 01:05:36 -07:00 · 2026-03-21 01:05:36 -07:00 · faf9701a86
commit faf9701a86
parent 36720e2ba5
11 changed files with 190 additions and 67 deletions
--- a/pi/configuration.nix
+++ b/pi/configuration.nix
@ -1,4 +1,4 @@
-{ config, pkgs, ... }:
+{ config, ... }:

 {
  system.stateVersion = "24.11";
@ -10,16 +10,14 @@
    networks."Noisebridge".psk = "noisebridge";
  };

-  services.avahi = {
-    enable = true;
-    nssmdns4 = true;
-    publish = {
-      enable = true;
-      addresses = true;
-    };
-  };
+  services.avahi.enable = false;

  # Decrypted at runtime by agenix
+  age.identityPaths = [
+    "/boot/noisebell-bootstrap.agekey"
+    "/etc/ssh/ssh_host_ed25519_key"
+  ];
+
  age.secrets.tailscale-auth-key.file = ../secrets/tailscale-auth-key.age;
  age.secrets.pi-to-cache-key.file = ../secrets/pi-to-cache-key.age;
  age.secrets.cache-to-pi-key.file = ../secrets/cache-to-pi-key.age;
@ -32,7 +30,10 @@
    inboundApiKeyFile = config.age.secrets.cache-to-pi-key.path;
  };

-  nix.settings.experimental-features = [ "nix-command" "flakes" ];
+  nix.settings.experimental-features = [
+    "nix-command"
+    "flakes"
+  ];

  services.tailscale = {
    enable = true;