Add a build for the yubikey management raspberry pi image.

Move ansible-sshjail and zsh-histdb into my config instead of living as separate flakes.
Support running arm code on x86.
2025-10-08 21:24:44 -04:00 · 2025-10-05 21:37:57 -04:00 · 2025-10-05 20:43:04 -04:00 · 2025-10-05 20:04:03 -04:00 · 2025-10-05 15:17:34 -04:00 · 2025-10-05 14:55:42 -04:00
55 changed files with 1183 additions and 492 deletions
--- a/nix/configuration/configuration.nix
+++ b/nix/configuration/configuration.nix
@@ -22,6 +22,7 @@
    ./roles/docker
    ./roles/ecc
    ./roles/emacs
    ./roles/emulate_isa
    ./roles/firefox
    ./roles/firewall
    ./roles/flux
@@ -71,6 +72,7 @@
    ./roles/tekton
    ./roles/terraform
    ./roles/thunderbolt
    ./roles/uutils
    ./roles/vnc_client
    ./roles/vscode
    ./roles/wasm
@@ -176,7 +178,7 @@
    nix-tree
    libarchive # bsdtar
    lsof
-    doas-sudo-shim # To support --use-remote-sudo for remote builds
+    doas-sudo-shim # To support --sudo for remote builds
    dmidecode # Read SMBIOS information.
    ipcalc
    gptfdisk # for cgdisk
--- a/nix/configuration/flake.lock
+++ b/nix/configuration/flake.lock
@@ -1,22 +1,5 @@
 {
  "nodes": {
    "ansible-sshjail": {
      "inputs": {
        "flake-utils": "flake-utils",
        "nixpkgs": [
          "nixpkgs"
        ]
      },
      "locked": {
        "path": "flakes/ansible-sshjail",
        "type": "path"
      },
      "original": {
        "path": "flakes/ansible-sshjail",
        "type": "path"
      },
      "parent": []
    },
    "crane": {
      "locked": {
        "lastModified": 1731098351,
@@ -89,42 +72,6 @@
        "type": "github"
      }
    },
    "flake-utils": {
      "inputs": {
        "systems": "systems"
      },
      "locked": {
        "lastModified": 1731533236,
        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
        "owner": "numtide",
        "repo": "flake-utils",
        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
        "type": "github"
      },
      "original": {
        "owner": "numtide",
        "repo": "flake-utils",
        "type": "github"
      }
    },
    "flake-utils_2": {
      "inputs": {
        "systems": "systems_2"
      },
      "locked": {
        "lastModified": 1731533236,
        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
        "owner": "numtide",
        "repo": "flake-utils",
        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
        "type": "github"
      },
      "original": {
        "owner": "numtide",
        "repo": "flake-utils",
        "type": "github"
      }
    },
    "gitignore": {
      "inputs": {
        "nixpkgs": [
@@ -281,14 +228,12 @@
    },
    "root": {
      "inputs": {
        "ansible-sshjail": "ansible-sshjail",
        "disko": "disko",
        "impermanence": "impermanence",
        "lanzaboote": "lanzaboote",
        "nixpkgs": "nixpkgs",
        "nixpkgs-dda3dcd3f": "nixpkgs-dda3dcd3f",
-        "nixpkgs-unoptimized": "nixpkgs-unoptimized",
+        "nixpkgs-unoptimized": "nixpkgs-unoptimized"
        "zsh-histdb": "zsh-histdb"
      }
    },
    "rust-overlay": {
@@ -311,53 +256,6 @@
        "repo": "rust-overlay",
        "type": "github"
      }
    },
    "systems": {
      "locked": {
        "lastModified": 1681028828,
        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
        "owner": "nix-systems",
        "repo": "default",
        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
        "type": "github"
      },
      "original": {
        "owner": "nix-systems",
        "repo": "default",
        "type": "github"
      }
    },
    "systems_2": {
      "locked": {
        "lastModified": 1681028828,
        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
        "owner": "nix-systems",
        "repo": "default",
        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
        "type": "github"
      },
      "original": {
        "owner": "nix-systems",
        "repo": "default",
        "type": "github"
      }
    },
    "zsh-histdb": {
      "inputs": {
        "flake-utils": "flake-utils_2",
        "nixpkgs": [
          "nixpkgs"
        ]
      },
      "locked": {
        "path": "flakes/zsh-histdb",
        "type": "path"
      },
      "original": {
        "path": "flakes/zsh-histdb",
        "type": "path"
      },
      "parent": []
    }
  },
  "root": "root",
--- a/nix/configuration/flake.nix
+++ b/nix/configuration/flake.nix
@@ -31,8 +31,6 @@
 #
 # doas nix --substituters "http://10.0.2.2:8080?trusted=1 https://cache.nixos.org/" --experimental-features "nix-command flakes" run github:nix-community/disko/latest -- --mode destroy,format,mount hosts/odo/disk-config.nix
 # nix flake update zsh-histdb --flake .
 # nix flake update ansible-sshjail --flake .
 # for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
 # nixos-install --substituters "http://10.0.2.2:8080?trusted=1 https://cache.nixos.org/" --flake ".#vm_ionlybootzfs"
 #
@@ -51,18 +49,6 @@
      # Optional but recommended to limit the size of your system closure.
      inputs.nixpkgs.follows = "nixpkgs";
    };
    zsh-histdb = {
      url = "path:flakes/zsh-histdb";
      # Optional but recommended to limit the size of your system closure.
      inputs.nixpkgs.follows = "nixpkgs";
    };
    ansible-sshjail = {
      url = "path:flakes/ansible-sshjail";
      # Optional but recommended to limit the size of your system closure.
      inputs.nixpkgs.follows = "nixpkgs";
    };
    disko = {
      url = "github:nix-community/disko";
      inputs.nixpkgs.follows = "nixpkgs";
@@ -77,8 +63,6 @@
      nixpkgs-dda3dcd3f,
      impermanence,
      lanzaboote,
      zsh-histdb,
      ansible-sshjail,
      ...
    }@inputs:
    let
@@ -98,12 +82,6 @@
          impermanence.nixosModules.impermanence
          lanzaboote.nixosModules.lanzaboote
          inputs.disko.nixosModules.disko
          {
            nixpkgs.overlays = [
              zsh-histdb.overlays.default
              ansible-sshjail.overlays.default
            ];
          }
          ./configuration.nix
        ];
      };
--- a/nix/configuration/flakes/ansible-sshjail/flake.lock
+++ b/nix/configuration/flakes/ansible-sshjail/flake.lock
@@ -1,61 +0,0 @@
 {
  "nodes": {
    "flake-utils": {
      "inputs": {
        "systems": "systems"
      },
      "locked": {
        "lastModified": 1731533236,
        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
        "owner": "numtide",
        "repo": "flake-utils",
        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
        "type": "github"
      },
      "original": {
        "owner": "numtide",
        "repo": "flake-utils",
        "type": "github"
      }
    },
    "nixpkgs": {
      "locked": {
        "lastModified": 1735141468,
        "narHash": "sha256-VIAjBr1qGcEbmhLwQJD6TABppPMggzOvqFsqkDoMsAY=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "4005c3ff7505313cbc21081776ad0ce5dfd7a3ce",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "ref": "nixos-24.11",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "root": {
      "inputs": {
        "flake-utils": "flake-utils",
        "nixpkgs": "nixpkgs"
      }
    },
    "systems": {
      "locked": {
        "lastModified": 1681028828,
        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
        "owner": "nix-systems",
        "repo": "default",
        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
        "type": "github"
      },
      "original": {
        "owner": "nix-systems",
        "repo": "default",
        "type": "github"
      }
    }
  },
  "root": "root",
  "version": 7
 }
--- a/nix/configuration/flakes/ansible-sshjail/flake.nix
+++ b/nix/configuration/flakes/ansible-sshjail/flake.nix
@@ -1,34 +0,0 @@
 {
  description = "A slightly better history for zsh";
  inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11";
  inputs.flake-utils.url = "github:numtide/flake-utils";
  outputs =
    {
      self,
      nixpkgs,
      flake-utils,
      ...
    }:
    let
      out =
        system:
        let
          pkgs = nixpkgs.legacyPackages.${system};
          # Maybe pkgs = import nixpkgs { inherit system; }; ?
          appliedOverlay = self.overlays.default pkgs pkgs;
        in
        {
          packages = rec {
            default = ansible-sshjail;
            ansible-sshjail = appliedOverlay.ansible-sshjail;
          };
        };
    in
    flake-utils.lib.eachDefaultSystem out
    // {
      overlays.default = final: prev: {
        ansible-sshjail = final.callPackage ./package.nix { };
      };
    };
 }
--- a/nix/configuration/flakes/zsh-histdb/flake.lock
+++ b/nix/configuration/flakes/zsh-histdb/flake.lock
@@ -1,61 +0,0 @@
 {
  "nodes": {
    "flake-utils": {
      "inputs": {
        "systems": "systems"
      },
      "locked": {
        "lastModified": 1731533236,
        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
        "owner": "numtide",
        "repo": "flake-utils",
        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
        "type": "github"
      },
      "original": {
        "owner": "numtide",
        "repo": "flake-utils",
        "type": "github"
      }
    },
    "nixpkgs": {
      "locked": {
        "lastModified": 1735141468,
        "narHash": "sha256-VIAjBr1qGcEbmhLwQJD6TABppPMggzOvqFsqkDoMsAY=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "4005c3ff7505313cbc21081776ad0ce5dfd7a3ce",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "ref": "nixos-24.11",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "root": {
      "inputs": {
        "flake-utils": "flake-utils",
        "nixpkgs": "nixpkgs"
      }
    },
    "systems": {
      "locked": {
        "lastModified": 1681028828,
        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
        "owner": "nix-systems",
        "repo": "default",
        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
        "type": "github"
      },
      "original": {
        "owner": "nix-systems",
        "repo": "default",
        "type": "github"
      }
    }
  },
  "root": "root",
  "version": 7
 }
--- a/nix/configuration/flakes/zsh-histdb/flake.nix
+++ b/nix/configuration/flakes/zsh-histdb/flake.nix
@@ -1,34 +0,0 @@
 {
  description = "A slightly better history for zsh";
  inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11";
  inputs.flake-utils.url = "github:numtide/flake-utils";
  outputs =
    {
      self,
      nixpkgs,
      flake-utils,
      ...
    }:
    let
      out =
        system:
        let
          pkgs = nixpkgs.legacyPackages.${system};
          # Maybe pkgs = import nixpkgs { inherit system; }; ?
          appliedOverlay = self.overlays.default pkgs pkgs;
        in
        {
          packages = rec {
            default = zsh-histdb;
            zsh-histdb = appliedOverlay.zsh-histdb;
          };
        };
    in
    flake-utils.lib.eachDefaultSystem out
    // {
      overlays.default = final: prev: {
        zsh-histdb = final.callPackage ./package.nix { };
      };
    };
 }
--- a/nix/configuration/hosts/hydra/DEPLOY_BOOT
+++ b/nix/configuration/hosts/hydra/DEPLOY_BOOT
@@ -10,10 +10,8 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 # TARGET=192.168.211.250
 TARGET=hydra
 nix flake update zsh-histdb --flake "$DIR/../../"
 nix flake update ansible-sshjail --flake "$DIR/../../"
 for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
-nixos-rebuild boot --flake "$DIR/../../#hydra" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
+nixos-rebuild boot --flake "$DIR/../../#hydra" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
 # rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild boot --flake /persist/manual/configuration#hydra'
--- a/nix/configuration/hosts/hydra/DEPLOY_SWITCH
+++ b/nix/configuration/hosts/hydra/DEPLOY_SWITCH
@@ -10,10 +10,8 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 # TARGET=192.168.211.250
 TARGET=hydra
 nix flake update zsh-histdb --flake "$DIR/../../"
 nix flake update ansible-sshjail --flake "$DIR/../../"
 for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
-nixos-rebuild switch --flake "$DIR/../../#hydra" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
+nixos-rebuild switch --flake "$DIR/../../#hydra" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
 # rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild switch --flake /persist/manual/configuration#hydra'
--- a/nix/configuration/hosts/hydra/ISO
+++ b/nix/configuration/hosts/hydra/ISO
@@ -6,7 +6,5 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 : "${JOBS:="1"}"
 nix flake update zsh-histdb --flake "$DIR/../../"
 nix flake update ansible-sshjail --flake "$DIR/../../"
 for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
 nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#iso.hydra" --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
--- a/nix/configuration/hosts/hydra/VM_ISO
+++ b/nix/configuration/hosts/hydra/VM_ISO
@@ -6,8 +6,6 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 : "${JOBS:="1"}"
 nix flake update zsh-histdb --flake "$DIR/../../"
 nix flake update ansible-sshjail --flake "$DIR/../../"
 for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
 nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#vm_iso.hydra" --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
--- a/nix/configuration/hosts/ionlybootzfs/DEPLOY_BOOT
+++ b/nix/configuration/hosts/ionlybootzfs/DEPLOY_BOOT
@@ -10,10 +10,8 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 # TARGET=192.168.211.250
 TARGET="ionlybootzfs"
 nix flake update zsh-histdb --flake "$DIR/../../"
 nix flake update ansible-sshjail --flake "$DIR/../../"
 for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
-nixos-rebuild boot --flake "$DIR/../../#ionlybootzfs" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
+nixos-rebuild boot --flake "$DIR/../../#ionlybootzfs" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
 # rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild boot --flake /persist/manual/configuration#ionlybootzfs'
--- a/nix/configuration/hosts/ionlybootzfs/DEPLOY_SWITCH
+++ b/nix/configuration/hosts/ionlybootzfs/DEPLOY_SWITCH
@@ -10,10 +10,8 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 # TARGET=192.168.211.250
 TARGET=ionlybootzfs
 nix flake update zsh-histdb --flake "$DIR/../../"
 nix flake update ansible-sshjail --flake "$DIR/../../"
 for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
-nixos-rebuild switch --flake "$DIR/../../#ionlybootzfs" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
+nixos-rebuild switch --flake "$DIR/../../#ionlybootzfs" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
 # rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild switch --flake /persist/manual/configuration#ionlybootzfs'
--- a/nix/configuration/hosts/ionlybootzfs/ISO
+++ b/nix/configuration/hosts/ionlybootzfs/ISO
@@ -6,7 +6,5 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 : "${JOBS:="1"}"
 nix flake update zsh-histdb --flake "$DIR/../../"
 nix flake update ansible-sshjail --flake "$DIR/../../"
 for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
 nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#iso.ionlybootzfs" --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
--- a/nix/configuration/hosts/neelix/DEPLOY_BOOT
+++ b/nix/configuration/hosts/neelix/DEPLOY_BOOT
@@ -10,10 +10,8 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 # TARGET=192.168.211.250
 TARGET=neelix
 nix flake update zsh-histdb --flake "$DIR/../../"
 nix flake update ansible-sshjail --flake "$DIR/../../"
 for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
-nixos-rebuild boot --flake "$DIR/../../#neelix" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
+nixos-rebuild boot --flake "$DIR/../../#neelix" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
 # rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild boot --flake /persist/manual/configuration#neelix'
--- a/nix/configuration/hosts/neelix/DEPLOY_SWITCH
+++ b/nix/configuration/hosts/neelix/DEPLOY_SWITCH
@@ -10,10 +10,8 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 # TARGET=192.168.211.250
 TARGET=neelix
 nix flake update zsh-histdb --flake "$DIR/../../"
 nix flake update ansible-sshjail --flake "$DIR/../../"
 for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
-nixos-rebuild switch --flake "$DIR/../../#neelix" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
+nixos-rebuild switch --flake "$DIR/../../#neelix" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
 # rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild switch --flake /persist/manual/configuration#neelix'
--- a/nix/configuration/hosts/odo/DEPLOY_BOOT
+++ b/nix/configuration/hosts/odo/DEPLOY_BOOT
@@ -10,10 +10,8 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 # TARGET=192.168.211.250
 TARGET=odo
 nix flake update zsh-histdb --flake "$DIR/../../"
 nix flake update ansible-sshjail --flake "$DIR/../../"
 for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
-nixos-rebuild boot --flake "$DIR/../../#odo" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
+nixos-rebuild boot --flake "$DIR/../../#odo" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
 # rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild boot --flake /persist/manual/configuration#odo'
--- a/nix/configuration/hosts/odo/DEPLOY_SWITCH
+++ b/nix/configuration/hosts/odo/DEPLOY_SWITCH
@@ -10,10 +10,8 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 # TARGET=192.168.211.250
 TARGET=odo
 nix flake update zsh-histdb --flake "$DIR/../../"
 nix flake update ansible-sshjail --flake "$DIR/../../"
 for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
-nixos-rebuild switch --flake "$DIR/../../#odo" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
+nixos-rebuild switch --flake "$DIR/../../#odo" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
 # rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild switch --flake /persist/manual/configuration#odo'
--- a/nix/configuration/hosts/odo/ISO
+++ b/nix/configuration/hosts/odo/ISO
@@ -6,7 +6,5 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 : "${JOBS:="1"}"
 nix flake update zsh-histdb --flake "$DIR/../../"
 nix flake update ansible-sshjail --flake "$DIR/../../"
 for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
 nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#iso.odo" --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
--- a/nix/configuration/hosts/odo/SELF_BOOT
+++ b/nix/configuration/hosts/odo/SELF_BOOT
@@ -6,7 +6,5 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 : "${JOBS:="1"}"
 nix flake update zsh-histdb --flake "$DIR/../../"
 nix flake update ansible-sshjail --flake "$DIR/../../"
 for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
-nixos-rebuild boot --show-trace --use-remote-sudo --max-jobs "$JOBS" --flake "$DIR/../../#odo" --log-format internal-json -v "${@}" |& nom --json
+nixos-rebuild boot --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#odo" --log-format internal-json -v "${@}" |& nom --json
--- a/nix/configuration/hosts/odo/SELF_BUILD
+++ b/nix/configuration/hosts/odo/SELF_BUILD
@@ -6,7 +6,5 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 : "${JOBS:="1"}"
 nix flake update zsh-histdb --flake "$DIR/../../"
 nix flake update ansible-sshjail --flake "$DIR/../../"
 for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
-nixos-rebuild build --show-trace --use-remote-sudo --max-jobs "$JOBS" --flake "$DIR/../../#odo" --log-format internal-json -v "${@}" |& nom --json
+nixos-rebuild build --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#odo" --log-format internal-json -v "${@}" |& nom --json
--- a/nix/configuration/hosts/odo/SELF_SWITCH
+++ b/nix/configuration/hosts/odo/SELF_SWITCH
@@ -6,7 +6,5 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 : "${JOBS:="1"}"
 nix flake update zsh-histdb --flake "$DIR/../../"
 nix flake update ansible-sshjail --flake "$DIR/../../"
 for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
-nixos-rebuild switch --show-trace --use-remote-sudo --max-jobs "$JOBS" --flake "$DIR/../../#odo" --log-format internal-json -v "${@}" |& nom --json
+nixos-rebuild switch --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#odo" --log-format internal-json -v "${@}" |& nom --json
--- a/nix/configuration/hosts/odo/default.nix
+++ b/nix/configuration/hosts/odo/default.nix
@@ -15,111 +15,115 @@
    ./framework_module.nix
  ];
-  # Generate with `head -c4 /dev/urandom | od -A none -t x4`
+  config = {
-  networking.hostId = "908cbf04";
+    # Generate with `head -c4 /dev/urandom | od -A none -t x4`
    networking.hostId = "908cbf04";
-  networking.hostName = "odo"; # Define your hostname.
+    networking.hostName = "odo"; # Define your hostname.
-  time.timeZone = "America/New_York";
+    time.timeZone = "America/New_York";
-  i18n.defaultLocale = "en_US.UTF-8";
+    i18n.defaultLocale = "en_US.UTF-8";
-  me.secureBoot.enable = true;
+    me.secureBoot.enable = true;
-  me.optimizations = {
+    me.optimizations = {
-    enable = true;
+      enable = true;
-    arch = "znver4";
+      arch = "znver4";
-    system_features = [
+      system_features = [
-      "gccarch-znver4"
+        "gccarch-znver4"
-      "gccarch-skylake"
+        "gccarch-skylake"
-      # "gccarch-alderlake" missing WAITPKG
+        # "gccarch-alderlake" missing WAITPKG
-      "gccarch-x86-64-v3"
+        "gccarch-x86-64-v3"
-      "gccarch-x86-64-v4"
+        "gccarch-x86-64-v4"
-      "benchmark"
+        "benchmark"
-      "big-parallel"
+        "big-parallel"
-      "kvm"
+        "kvm"
-      "nixos-test"
+        "nixos-test"
      ];
    };
    # Early KMS
    boot.initrd.kernelModules = [ "amdgpu" ];
    # Mount tmpfs at /tmp
    boot.tmp.useTmpfs = true;
    environment.systemPackages = with pkgs; [
      fw-ectool
      framework-tool
    ];
    # Enable light sensor
    # hardware.sensor.iio.enable = lib.mkDefault true;
    # Enable TRIM
    # services.fstrim.enable = lib.mkDefault true;
    me.alacritty.enable = true;
    me.amd_s2idle.enable = true;
    me.ansible.enable = true;
    me.ares.enable = true;
    me.bluetooth.enable = true;
    me.chromecast.enable = true;
    me.chromium.enable = true;
    me.d2.enable = true;
    me.direnv.enable = true;
    me.docker.enable = false;
    me.ecc.enable = false;
    me.emacs_flavor = "full";
    me.emulate_isa.enable = true;
    me.firefox.enable = true;
    me.flux.enable = true;
    me.gcloud.enable = true;
    me.git.config = ../../roles/git/files/gitconfig_home;
    me.gnuplot.enable = true;
    me.gpg.enable = true;
    me.graphical = true;
    me.graphics_card_type = "amd";
    me.iso_mount.enable = true;
    me.kanshi.enable = false;
    me.kubernetes.enable = true;
    me.latex.enable = true;
    me.launch_keyboard.enable = true;
    me.lvfs.enable = true;
    me.media.enable = true;
    me.nix_index.enable = true;
    me.openpgp_card_tools.enable = true;
    me.pcsx2.enable = true;
    me.podman.enable = true;
    me.python.enable = true;
    me.qemu.enable = true;
    me.rpcs3.enable = true;
    me.rust.enable = true;
    me.sequoia.enable = true;
    me.shadps4.enable = true;
    me.shikane.enable = true;
    me.sops.enable = true;
    me.sound.enable = true;
    me.spaghettikart.enable = true;
    me.steam.enable = true;
    me.steam_run_free.enable = true;
    me.sway.enable = true;
    me.tekton.enable = true;
    me.terraform.enable = true;
    me.thunderbolt.enable = true;
    me.uutils.enable = false;
    me.vnc_client.enable = true;
    me.vscode.enable = true;
    me.wasm.enable = true;
    me.waybar.enable = true;
    me.wireguard.activated = [
      "drmario"
      "wgh"
      "colo"
    ];
    me.wireguard.deactivated = [ "wgf" ];
    me.yubikey.enable = true;
    me.zrepl.enable = true;
    me.zsh.enable = true;
    me.sm64ex.enable = true;
    me.shipwright.enable = true;
    me.ship2harkinian.enable = true;
  };
  # Early KMS
  boot.initrd.kernelModules = [ "amdgpu" ];
  # Mount tmpfs at /tmp
  boot.tmp.useTmpfs = true;
  environment.systemPackages = with pkgs; [
    fw-ectool
    framework-tool
  ];
  # Enable light sensor
  # hardware.sensor.iio.enable = lib.mkDefault true;
  # Enable TRIM
  # services.fstrim.enable = lib.mkDefault true;
  me.alacritty.enable = true;
  me.amd_s2idle.enable = true;
  me.ansible.enable = true;
  me.ares.enable = true;
  me.bluetooth.enable = true;
  me.chromecast.enable = true;
  me.chromium.enable = true;
  me.d2.enable = true;
  me.direnv.enable = true;
  me.docker.enable = false;
  me.ecc.enable = false;
  me.emacs_flavor = "full";
  me.firefox.enable = true;
  me.flux.enable = true;
  me.gcloud.enable = true;
  me.git.config = ../../roles/git/files/gitconfig_home;
  me.gnuplot.enable = true;
  me.gpg.enable = true;
  me.graphical = true;
  me.graphics_card_type = "amd";
  me.iso_mount.enable = true;
  me.kanshi.enable = false;
  me.kubernetes.enable = true;
  me.latex.enable = true;
  me.launch_keyboard.enable = true;
  me.lvfs.enable = true;
  me.media.enable = true;
  me.nix_index.enable = true;
  me.openpgp_card_tools.enable = true;
  me.pcsx2.enable = true;
  me.podman.enable = true;
  me.python.enable = true;
  me.qemu.enable = true;
  me.rpcs3.enable = true;
  me.rust.enable = true;
  me.sequoia.enable = true;
  me.shadps4.enable = true;
  me.shikane.enable = true;
  me.sops.enable = true;
  me.sound.enable = true;
  me.spaghettikart.enable = true;
  me.steam.enable = true;
  me.steam_run_free.enable = true;
  me.sway.enable = true;
  me.tekton.enable = true;
  me.terraform.enable = true;
  me.thunderbolt.enable = true;
  me.vnc_client.enable = true;
  me.vscode.enable = true;
  me.wasm.enable = true;
  me.waybar.enable = true;
  me.wireguard.activated = [
    "drmario"
    "wgh"
    "colo"
  ];
  me.wireguard.deactivated = [ "wgf" ];
  me.yubikey.enable = true;
  me.zrepl.enable = true;
  me.zsh.enable = true;
  me.sm64ex.enable = true;
  me.shipwright.enable = true;
  me.ship2harkinian.enable = true;
 }
--- a/nix/configuration/hosts/quark/DEPLOY_BOOT
+++ b/nix/configuration/hosts/quark/DEPLOY_BOOT
@@ -10,10 +10,8 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 # TARGET=192.168.211.250
 TARGET=quark
 nix flake update zsh-histdb --flake "$DIR/../../"
 nix flake update ansible-sshjail --flake "$DIR/../../"
 for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
-nixos-rebuild boot --flake "$DIR/../../#quark" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
+nixos-rebuild boot --flake "$DIR/../../#quark" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
 # rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild boot --flake /persist/manual/configuration#quark'
--- a/nix/configuration/hosts/quark/DEPLOY_SWITCH
+++ b/nix/configuration/hosts/quark/DEPLOY_SWITCH
@@ -10,10 +10,8 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 # TARGET=192.168.211.250
 TARGET=quark
 nix flake update zsh-histdb --flake "$DIR/../../"
 nix flake update ansible-sshjail --flake "$DIR/../../"
 for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
-nixos-rebuild switch --flake "$DIR/../../#quark" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
+nixos-rebuild switch --flake "$DIR/../../#quark" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
 # rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild switch --flake /persist/manual/configuration#quark'
--- a/nix/configuration/hosts/quark/ISO
+++ b/nix/configuration/hosts/quark/ISO
@@ -6,7 +6,5 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 : "${JOBS:="1"}"
 nix flake update zsh-histdb --flake "$DIR/../../"
 nix flake update ansible-sshjail --flake "$DIR/../../"
 for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
 nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#iso.quark" --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
--- a/nix/configuration/hosts/quark/SELF_BOOT
+++ b/nix/configuration/hosts/quark/SELF_BOOT
@@ -6,7 +6,5 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 : "${JOBS:="1"}"
 nix flake update zsh-histdb --flake "$DIR/../../"
 nix flake update ansible-sshjail --flake "$DIR/../../"
 for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
-nixos-rebuild boot --show-trace --use-remote-sudo --max-jobs "$JOBS" --flake "$DIR/../../#quark" --log-format internal-json -v "${@}" |& nom --json
+nixos-rebuild boot --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#quark" --log-format internal-json -v "${@}" |& nom --json
--- a/nix/configuration/hosts/quark/SELF_BUILD
+++ b/nix/configuration/hosts/quark/SELF_BUILD
@@ -6,7 +6,5 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 : "${JOBS:="1"}"
 nix flake update zsh-histdb --flake "$DIR/../../"
 nix flake update ansible-sshjail --flake "$DIR/../../"
 for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
-nixos-rebuild build --show-trace --use-remote-sudo --max-jobs "$JOBS" --flake "$DIR/../../#quark" --log-format internal-json -v "${@}" |& nom --json
+nixos-rebuild build --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#quark" --log-format internal-json -v "${@}" |& nom --json
--- a/nix/configuration/hosts/quark/SELF_SWITCH
+++ b/nix/configuration/hosts/quark/SELF_SWITCH
@@ -6,7 +6,5 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 : "${JOBS:="1"}"
 nix flake update zsh-histdb --flake "$DIR/../../"
 nix flake update ansible-sshjail --flake "$DIR/../../"
 for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
-nixos-rebuild switch --show-trace --use-remote-sudo --max-jobs "$JOBS" --flake "$DIR/../../#quark" --log-format internal-json -v "${@}" |& nom --json
+nixos-rebuild switch --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#quark" --log-format internal-json -v "${@}" |& nom --json
--- a/nix/configuration/hosts/quark/default.nix
+++ b/nix/configuration/hosts/quark/default.nix
@@ -10,7 +10,6 @@
    ./distributed_build.nix
    ./hardware-configuration.nix
    ./power_management.nix
    ./wifi.nix
  ];
  config = {
@@ -65,6 +64,7 @@
    me.docker.enable = false;
    me.ecc.enable = true;
    me.emacs_flavor = "full";
    me.emulate_isa.enable = true;
    me.firefox.enable = true;
    me.flux.enable = true;
    me.gcloud.enable = true;
@@ -101,6 +101,7 @@
    me.tekton.enable = true;
    me.terraform.enable = true;
    me.thunderbolt.enable = true;
    me.uutils.enable = false;
    me.vnc_client.enable = true;
    me.vscode.enable = true;
    me.wasm.enable = true;
--- a/nix/configuration/hosts/quark/wifi.nix
+++ b/nix/configuration/hosts/quark/wifi.nix
@@ -1,16 +0,0 @@
 {
  config,
  lib,
  pkgs,
  ...
 }:
 {
  imports = [ ];
  config = {
    environment.loginShellInit = lib.mkIf (!config.me.buildingIso) ''
      doas iw dev wlan0 set power_save off
    '';
  };
 }
--- a/nix/configuration/roles/ansible/default.nix
+++ b/nix/configuration/roles/ansible/default.nix
@@ -25,6 +25,9 @@
        ];
        nixpkgs.overlays = [
          (final: prev: {
            ansible-sshjail = (final.callPackage ./package/ansible-sshjail/package.nix { });
          })
          (final: prev: {
            ansible = pkgs.symlinkJoin {
              name = "ansible";
--- a/nix/configuration/roles/ansible/package/ansible-sshjail/package.nix
+++ b/nix/configuration/roles/ansible/package/ansible-sshjail/package.nix
--- a/nix/configuration/roles/distributed_build/default.nix
+++ b/nix/configuration/roles/distributed_build/default.nix
@@ -87,6 +87,9 @@ in
              ];
              maxJobs = 1;
              supportedFeatures = [
                "gccarch-armv6"
                "gccarch-aarch64"
                "gccarch-riscv64"
                "nixos-test"
                "benchmark"
                "big-parallel"
--- a/nix/configuration/roles/emulate_isa/default.nix
+++ b/nix/configuration/roles/emulate_isa/default.nix
@@ -0,0 +1,41 @@
 {
  config,
  lib,
  pkgs,
  ...
 }:
 {
  imports = [ ];
  options.me = {
    emulate_isa.enable = lib.mkOption {
      type = lib.types.bool;
      default = false;
      example = true;
      description = "Whether we want to enable emulating other CPU architectures.";
    };
  };
  config = lib.mkIf config.me.emulate_isa.enable (
    lib.mkMerge [
      {
        boot.binfmt.emulatedSystems = [
          "aarch64-linux" # Raspberry Pi gen 3
          "riscv64-linux"
          # TODO: Should "x86_64-linux" be in this list or should this list be dependent on the host CPU?
          "armv6l-linux" # Raspberry Pi gen 1
        ];
        me.optimizations = {
          system_features = [
            "gccarch-armv6"
            "gccarch-aarch64"
            "gccarch-riscv64"
          ];
        };
      }
    ]
  );
 }
 # NOTE: build nixosConfigurations.<name>.config.system.build.sdImage
--- a/nix/configuration/roles/uutils/default.nix
+++ b/nix/configuration/roles/uutils/default.nix
@@ -0,0 +1,33 @@
 {
  config,
  lib,
  pkgs,
  ...
 }:
 {
  imports = [ ];
  options.me = {
    uutils.enable = lib.mkOption {
      type = lib.types.bool;
      default = false;
      example = true;
      description = "Whether we want to replace GNU coreutils with uutils (a rust drop-in replacement).";
    };
  };
  config = lib.mkIf config.me.uutils.enable (
    lib.mkMerge [
      {
        # environment.corePackages automatically installes coreutils-full, so merely installing uutils-coreutils-noprefix is insufficient for replacing GNU coreutils.
        nixpkgs.overlays = [
          (final: prev: {
            coreutils = final.uutils-coreutils-noprefix;
            coreutils-full = final.uutils-coreutils-noprefix;
          })
        ];
      }
    ]
  );
 }
--- a/nix/configuration/roles/zsh/default.nix
+++ b/nix/configuration/roles/zsh/default.nix
@@ -109,6 +109,12 @@ in
            ];
          };
        };
        nixpkgs.overlays = [
          (final: prev: {
            zsh-histdb = (final.callPackage ./package/zsh-histdb/package.nix { });
          })
        ];
      }
    ]
  );
--- a/nix/configuration/roles/zsh/package/zsh-histdb/package.nix
+++ b/nix/configuration/roles/zsh/package/zsh-histdb/package.nix
--- a/nix/yubipi/.gitignore
+++ b/nix/yubipi/.gitignore
@@ -0,0 +1 @@
 result
--- a/nix/yubipi/configuration.nix
+++ b/nix/yubipi/configuration.nix
@@ -0,0 +1,177 @@
 {
  config,
  lib,
  pkgs,
  modulesPath,
  ...
 }:
 {
  imports = [
    "${modulesPath}/installer/sd-card/sd-image.nix"
    ./roles/image_based_appliance
    ./roles/optimized_build
    ./roles/raspberry_pi_sd_image
    ./roles/reset
    # ./util/install_files
    ./util/unfree_polyfill
  ];
  nix.settings.experimental-features = [
    "nix-command"
    "flakes"
  ];
  nix.settings.trusted-users = [ "@wheel" ];
  hardware.enableRedistributableFirmware = true;
  # Keep outputs so we can build offline.
  nix.extraOptions = ''
    keep-outputs = true
    keep-derivations = true
    substitute = false
  '';
  # Technically only needed when building the ISO because nix detects ZFS in the filesystem list normally. I basically always want this so I'm just setting it to always be on.
  boot.supportedFilesystems.zfs = true;
  # TODO: Is this different from boot.supportedFilesystems = [ "zfs" ]; ?
  services.getty = {
    autologinUser = "talexander";
    autologinOnce = true;
  };
  users.mutableUsers = false;
  users.users.talexander = {
    isNormalUser = true;
    createHome = true; # https://github.com/NixOS/nixpkgs/issues/6481
    group = "talexander";
    extraGroups = [ "wheel" ];
    uid = 11235;
    packages = with pkgs; [
      tree
    ];
    # Generate with `mkpasswd -m scrypt`
    hashedPassword = "$7$CU..../....VXvNQ8za3wSGpdzGXNT50/$HcFtn/yvwPMCw4888BelpiAPLAxe/zU87fD.d/N6U48";
    openssh.authorizedKeys.keys = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID0+4zi26M3eYWnIrciR54kOlGxzfgCXG+o4ea1zpzrk openpgp:0x7FF123C8"
      "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEI6mu6I5Jp+Ib0vJxapGHbEShZjyvzV8jz5DnzDrI39AAAABHNzaDo="
      "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIAFNcSXwvy+brYTOGo56G93Ptuq2MmZsjvRWAfMqbmMLAAAABHNzaDo="
    ];
  };
  users.groups.talexander.gid = 11235;
  # Automatic garbage collection
  nix.gc = lib.mkIf (!config.me.image_based_appliance.enable) {
    # Runs nix-collect-garbage --delete-older-than 5d
    automatic = true;
    persistent = true;
    dates = "monthly";
    # randomizedDelaySec = "14m";
    options = "--delete-older-than 30d";
  };
  nix.settings.auto-optimise-store = true;
  nix.settings.substituters = lib.mkForce [ ];
  # Use doas instead of sudo
  security.doas.enable = true;
  security.doas.wheelNeedsPassword = false;
  security.sudo.enable = false;
  security.doas.extraRules = [
    {
      # Retain environment (for example NIX_PATH)
      keepEnv = true;
      persist = true; # Only ask for a password the first time.
    }
  ];
  environment.systemPackages = with pkgs; [
    # wget
    # mg
    # rsync
    # libinput
    # htop
    # tmux
    # file
    # usbutils # for lsusb
    # pciutils # for lspci
    # ripgrep
    # strace
    # # ltrace # Disabled because it uses more than 48GB of /tmp space during test phase.
    # trace-cmd # ftrace
    # tcpdump
    # git-crypt
    # gnumake
    # ncdu
    # nix-tree
    # libarchive # bsdtar
    # lsof
    # doas-sudo-shim # To support --sudo for remote builds
    # dmidecode # Read SMBIOS information.
    # ipcalc
    # gptfdisk # for cgdisk
    # nix-output-monitor # For better view into nixos-rebuild
    # nix-serve-ng # Serve nix store over http
  ];
  services.openssh = {
    enable = true;
    settings = {
      PasswordAuthentication = false;
      KbdInteractiveAuthentication = false;
    };
    hostKeys = [
      {
        path = "/persist/ssh/ssh_host_ed25519_key";
        type = "ed25519";
      }
      {
        path = "/persist/ssh/ssh_host_rsa_key";
        type = "rsa";
        bits = 4096;
      }
    ];
  };
  boot.initrd.kernelModules = [
    # "vc4"
    # "bcm2835_dma"
    # "i2c_bcm2835"
  ];
  # Compressing through emulation is slow and we're just going to decompress the image anyway.
  sdImage.compressImage = false;
  # Write a list of the currently installed packages to /etc/current-system-packages
  environment.etc."current-system-packages".text =
    let
      packages = builtins.map (p: "${p.name}") config.environment.systemPackages;
      sortedUnique = builtins.sort builtins.lessThan (lib.unique packages);
      formatted = builtins.concatStringsSep "\n" sortedUnique;
    in
    formatted;
  nixpkgs.overlays = [
    (final: prev: {
      efivar = throw "foo";
    })
  ];
  # This option defines the first version of NixOS you have installed on this particular machine,
  # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
  #
  # Most users should NEVER change this value after the initial install, for any reason,
  # even if you've upgraded your system to a new NixOS release.
  #
  # This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
  # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how
  # to actually do that.
  #
  # This value being lower than the current NixOS release does NOT mean your system is
  # out of date, out of support, or vulnerable.
  #
  # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
  # and migrated your data accordingly.
  #
  # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
  system.stateVersion = "25.11"; # Did you read the comment?
 }
--- a/nix/yubipi/flake.lock
+++ b/nix/yubipi/flake.lock
@@ -0,0 +1,44 @@
 {
  "nodes": {
    "nixpkgs": {
      "locked": {
        "lastModified": 1759381078,
        "narHash": "sha256-gTrEEp5gEspIcCOx9PD8kMaF1iEmfBcTbO0Jag2QhQs=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "7df7ff7d8e00218376575f0acdcc5d66741351ee",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "ref": "nixos-unstable",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nixpkgs-unoptimized": {
      "locked": {
        "lastModified": 1759381078,
        "narHash": "sha256-gTrEEp5gEspIcCOx9PD8kMaF1iEmfBcTbO0Jag2QhQs=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "7df7ff7d8e00218376575f0acdcc5d66741351ee",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "ref": "nixos-unstable",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "root": {
      "inputs": {
        "nixpkgs": "nixpkgs",
        "nixpkgs-unoptimized": "nixpkgs-unoptimized"
      }
    }
  },
  "root": "root",
  "version": 7
 }
--- a/nix/yubipi/flake.nix
+++ b/nix/yubipi/flake.nix
@@ -0,0 +1,43 @@
 {
  description = "My system configuration";
  inputs = {
    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
    nixpkgs-unoptimized.url = "github:NixOS/nixpkgs/nixos-unstable";
  };
  outputs =
    {
      self,
      nixpkgs,
      nixpkgs-unoptimized,
      ...
    }@inputs:
    let
      base_armv6l_linux = rec {
        system = "armv6l-linux-linux";
        specialArgs = {
          pkgs-unoptimized = import nixpkgs-unoptimized {
            inherit system;
            hostPlatform.gcc.arch = "default";
            hostPlatform.gcc.tune = "default";
          };
        };
        modules = [
          ./configuration.nix
        ];
      };
      systems = {
        yubipi = rec {
          main = base_armv6l_linux // {
            modules = base_armv6l_linux.modules ++ [
              ./hosts/yubipi
            ];
          };
        };
      };
    in
    {
      nixosConfigurations.yubipi = nixpkgs.lib.nixosSystem systems.yubipi.main;
    };
 }
--- a/nix/yubipi/hosts/yubipi/ISO
+++ b/nix/yubipi/hosts/yubipi/ISO
@@ -0,0 +1,9 @@
 #!/usr/bin/env bash
 #
 set -euo pipefail
 IFS=$'\n\t'
 DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 : "${JOBS:="1"}"
 nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#nixosConfigurations.yubipi.config.system.build.sdImage" --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
--- a/nix/yubipi/hosts/yubipi/default.nix
+++ b/nix/yubipi/hosts/yubipi/default.nix
@@ -0,0 +1,46 @@
 {
  config,
  lib,
  pkgs,
  ...
 }:
 {
  imports = [
    ./hardware-configuration.nix
    ./wrapped-disk-config.nix
  ];
  config = {
    # Generate with `head -c4 /dev/urandom | od -A none -t x4`
    networking.hostId = "61f81c12";
    networking.hostName = "yubipi"; # Define your hostname.
    time.timeZone = "America/New_York";
    i18n.defaultLocale = "en_US.UTF-8";
    me.optimizations = {
      enable = true;
      arch = "armv6";
      system_features = [
        "gccarch-armv6l"
        "benchmark"
        "big-parallel"
        "kvm"
        "nixos-test"
      ];
    };
    # Early KMS
    boot.initrd.kernelModules = [ ];
    # Mount tmpfs at /tmp
    boot.tmp.useTmpfs = true;
    # Enable TRIM
    services.fstrim.enable = lib.mkDefault true;
    me.image_based_appliance.enable = true;
    me.raspberry_pi_sd_image.enable = true;
  };
 }
--- a/nix/yubipi/hosts/yubipi/disk-config.nix
+++ b/nix/yubipi/hosts/yubipi/disk-config.nix
@@ -0,0 +1,12 @@
 {
  fileSystems = {
    "/" = {
      device = "/dev/disk/by-label/NIXOS_SD";
      fsType = "ext4";
      options = [
        "noatime"
        "norelatime"
      ];
    };
  };
 }
--- a/nix/yubipi/hosts/yubipi/hardware-configuration.nix
+++ b/nix/yubipi/hosts/yubipi/hardware-configuration.nix
@@ -0,0 +1,28 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 {
  config,
  lib,
  pkgs,
  modulesPath,
  ...
 }:
 {
  imports = [
    (modulesPath + "/installer/scan/not-detected.nix")
  ];
  boot.initrd.availableKernelModules = [
    "nvme"
    "xhci_pci"
    "thunderbolt"
  ];
  boot.initrd.kernelModules = [ ];
  boot.kernelModules = [ ];
  boot.extraModulePackages = [ ];
  nixpkgs.hostPlatform = lib.mkDefault "armv6l-linux";
  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 }
--- a/nix/yubipi/hosts/yubipi/wrapped-disk-config.nix
+++ b/nix/yubipi/hosts/yubipi/wrapped-disk-config.nix
@@ -0,0 +1,8 @@
 {
  config,
  lib,
  pkgs,
  ...
 }:
 (import ./disk-config.nix)
--- a/nix/yubipi/roles/blank/default.nix
+++ b/nix/yubipi/roles/blank/default.nix
@@ -0,0 +1,30 @@
 {
  config,
  lib,
  pkgs,
  ...
 }:
 {
  imports = [ ];
  options.me = {
    blank.enable = lib.mkOption {
      type = lib.types.bool;
      default = false;
      example = true;
      description = "Whether we want to install blank.";
    };
  };
  config = lib.mkIf config.me.blank.enable (
    lib.mkMerge [
      {
        environment.systemPackages = with pkgs; [
        ];
      }
      (lib.mkIf config.me.graphical {
      })
    ]
  );
 }
--- a/nix/yubipi/roles/image_based_appliance/default.nix
+++ b/nix/yubipi/roles/image_based_appliance/default.nix
@@ -0,0 +1,30 @@
 {
  config,
  lib,
  pkgs,
  ...
 }:
 {
  imports = [ ];
  options.me = {
    image_based_appliance.enable = lib.mkOption {
      type = lib.types.bool;
      default = false;
      example = true;
      description = "Whether we want to install image_based_appliance.";
    };
  };
  config = lib.mkIf config.me.image_based_appliance.enable (
    lib.mkMerge [
      {
        # Do not install nix. A full new image must be built to update
        # the machine.
        nix.enable = false;
        system.switch.enable = false;
      }
    ]
  );
 }
--- a/nix/yubipi/roles/optimized_build/default.nix
+++ b/nix/yubipi/roles/optimized_build/default.nix
@@ -0,0 +1,78 @@
 {
  config,
  lib,
  pkgs,
  pkgs-unoptimized,
  ...
 }:
 {
  imports = [ ];
  options.me = {
    optimizations.enable = lib.mkOption {
      type = lib.types.bool;
      default = false;
      example = true;
      description = "Whether we want to enable CPU optimizations (will trigger a rebuild from source).";
    };
    optimizations.arch = lib.mkOption {
      type = lib.types.str;
      default = null;
      example = "znver4";
      description = "The CPU arch for which programs should be optimized.";
    };
    optimizations.system_features = lib.mkOption {
      type = lib.types.listOf lib.types.str;
      default = [ ];
      example = [
        "gccarch-armv6l"
        "benchmark"
        "big-parallel"
        "kvm"
        "nixos-test"
      ];
      description = "The list of CPU features that should be enabled on this machine.";
    };
  };
  config = lib.mkMerge [
    (lib.mkIf (!config.me.optimizations.enable) (
      lib.mkMerge [
        {
        }
      ]
    ))
    (lib.mkIf config.me.optimizations.enable (
      lib.mkMerge [
        {
          nixpkgs.config.allowUnsupportedSystem = true;
          nixpkgs.hostPlatform = {
            gcc.arch = config.me.optimizations.arch;
            gcc.tune = config.me.optimizations.arch;
            system = "armv6l-linux";
          };
          # Uncomment on of these to enable cross compiling:
          # nixpkgs.buildPlatform = builtins.currentSystem;
          # nixpkgs.buildPlatform = {
          #   gcc.arch = "znver4";
          #   gcc.tune = "znver4";
          #   system = "x86_64-linux";
          # };
        }
      ]
    ))
    (lib.mkIf (config.me.optimizations.system_features != [ ]) (
      lib.mkMerge [
        {
          nix.settings.system-features = lib.mkForce config.me.optimizations.system_features;
        }
      ]
    ))
  ];
 }
--- a/nix/yubipi/roles/raspberry_pi_sd_image/default.nix
+++ b/nix/yubipi/roles/raspberry_pi_sd_image/default.nix
@@ -0,0 +1,62 @@
 {
  config,
  lib,
  pkgs,
  ...
 }:
 {
  imports = [ ];
  options.me = {
    raspberry_pi_sd_image.enable = lib.mkOption {
      type = lib.types.bool;
      default = false;
      example = true;
      description = "Whether we want to install raspberry_pi_sd_image.";
    };
  };
  config = lib.mkIf config.me.raspberry_pi_sd_image.enable (
    lib.mkMerge [
      {
        boot.loader.grub.enable = false;
        boot.loader.generic-extlinux-compatible.enable = true;
        boot.consoleLogLevel = lib.mkDefault 7;
        boot.kernelPackages = pkgs.linuxKernel.packages.linux_rpi1;
        sdImage = {
          populateFirmwareCommands =
            let
              configTxt = pkgs.writeText "config.txt" ''
                # u-boot refuses to start (gets stuck at rainbow polygon) without this,
                # at least on Raspberry Pi 0.
                enable_uart=1
                # Prevent the firmware from smashing the framebuffer setup done by the mainline kernel
                # when attempting to show low-voltage or overtemperature warnings.
                avoid_warnings=1
                [pi0]
                kernel=u-boot-rpi0.bin
                [pi1]
                kernel=u-boot-rpi1.bin
              '';
            in
            ''
              (cd ${pkgs.raspberrypifw}/share/raspberrypi/boot && cp bootcode.bin fixup*.dat start*.elf *.dtb $NIX_BUILD_TOP/firmware/)
              cp ${pkgs.ubootRaspberryPiZero}/u-boot.bin firmware/u-boot-rpi0.bin
              cp ${pkgs.ubootRaspberryPi}/u-boot.bin firmware/u-boot-rpi1.bin
              cp ${configTxt} firmware/config.txt
            '';
          populateRootCommands = ''
            mkdir -p ./files/boot
            ${config.boot.loader.generic-extlinux-compatible.populateCmd} -c ${config.system.build.toplevel} -d ./files/boot
          '';
        };
      }
    ]
  );
 }
--- a/nix/yubipi/roles/reset/default.nix
+++ b/nix/yubipi/roles/reset/default.nix
@@ -0,0 +1,16 @@
 {
  config,
  lib,
  pkgs,
  ...
 }:
 {
  imports = [ ];
  # Reset some defaults to start from a minimal more-arch-linux-like state. Think of this like a CSS reset sheet.
  config = {
    # Do not use default packages (nixos includes some defaults like nano)
    environment.defaultPackages = lib.mkForce [ ];
  };
 }
--- a/nix/yubipi/util/install_files/default.nix
+++ b/nix/yubipi/util/install_files/default.nix
@@ -0,0 +1,333 @@
 {
  config,
  lib,
  pkgs,
  ...
 }:
 let
  cfg = config.me.install;
  inherit (lib)
    filter
    attrNames
    ;
  get_shell_values =
    target:
    let
      homedir = config.users.users."${target.username}".home;
      group = config.users.users."${target.username}".group;
    in
    {
      source = lib.strings.escapeShellArg "${target.source}";
      destination = lib.strings.escapeShellArg "${homedir}/${target.target}";
      mode = lib.strings.escapeShellArg "${target.mode}";
      dir_mode = lib.strings.escapeShellArg "${target.dir_mode}";
      username = lib.strings.escapeShellArg "${target.username}";
      group = lib.strings.escapeShellArg "${group}";
    };
  install_user_file =
    let
      constructors = {
        "overwrite" = install_user_file_overwrite;
        "symlink" = install_user_file_symlink;
      };
    in
    stage: target: (constructors."${target.method}"."${stage}" target);
  install_user_file_overwrite = {
    "check" = (target: "");
    "install" = (
      target:
      let
        inherit (get_shell_values target)
          source
          destination
          mode
          dir_mode
          username
          group
          ;
        flags = lib.strings.concatStringsSep " " [
          (if mode != "" then "-m ${mode}" else "")
          (if username != "" then "-o ${username}" else "")
          (if group != "" then "-g ${group}" else "")
        ];
        dir_flags = lib.strings.concatStringsSep " " [
          (if dir_mode != "" then "-m ${dir_mode}" else "")
          (if username != "" then "-o ${username}" else "")
          (if group != "" then "-g ${group}" else "")
        ];
      in
      if target.recursive then
        [
          ''
            find ${source} -type f -print0 | while read -r -d "" file; do
                relative_path=$(realpath -s --relative-to ${source} "$file")
                full_dest=${destination}/"$relative_path"
                create_containing_directories "$full_dest" ${dir_flags}
                $DRY_RUN_CMD install $VERBOSE_ARG --compare ${flags} "$file" "$full_dest"
            done
          ''
        ]
      else
        [
          ''
            create_containing_directories ${destination} ${dir_flags}
            $DRY_RUN_CMD install $VERBOSE_ARG --compare ${flags} ${source} ${destination}
          ''
        ]
    );
    "uninstall" = (
      target:
      let
        inherit (get_shell_values target)
          source
          destination
          ;
      in
      if target.recursive then
        [
          ''
            find ${source} -type f -print0 | while read -r -d "" file; do
                relative_path=$(realpath -s --relative-to ${source} "$file")
                full_dest=${destination}/"$relative_path"
                $DRY_RUN_CMD echo rm -f "$full_dest"
            done
          ''
        ]
      else
        [
          ''
            $DRY_RUN_CMD echo rm -f ${destination}
          ''
        ]
    );
  };
  install_user_file_symlink = {
    "check" = (target: "");
    "install" = (
      target:
      let
        inherit (get_shell_values target)
          source
          destination
          mode
          dir_mode
          username
          group
          ;
        owner = lib.strings.concatStringsSep ":" (
          filter (val: val != "") [
            username
            group
          ]
        );
        dir_flags = lib.strings.concatStringsSep " " [
          (if dir_mode != "" then "-m ${dir_mode}" else "")
          (if username != "" then "-o ${username}" else "")
          (if group != "" then "-g ${group}" else "")
        ];
      in
      if target.recursive then
        [
          ''
            find ${source} -type f -print0 | while read -r -d "" file; do
                relative_path=$(realpath -s --relative-to ${source} "$file")
                full_dest=${destination}/"$relative_path"
                create_containing_directories "$full_dest" ${dir_flags}
                $DRY_RUN_CMD ln $VERBOSE_ARG -s "$file" "$full_dest"
                $DRY_RUN_CMD chown $VERBOSE_ARG -h ${owner} "$full_dest"
            done
          ''
        ]
      else
        [
          ''
            create_containing_directories ${destination} ${dir_flags}
            $DRY_RUN_CMD ln $VERBOSE_ARG -s ${source} ${destination}
            $DRY_RUN_CMD chown $VERBOSE_ARG -h ${owner} ${destination}
          ''
        ]
    );
    "uninstall" = (
      target:
      let
        inherit (get_shell_values target)
          source
          destination
          ;
      in
      if target.recursive then
        [
          ''
            find ${source} -type f -print0 | while read -r -d "" file; do
                relative_path=$(realpath -s --relative-to ${source} "$file")
                full_dest=${destination}/"$relative_path"
                $DRY_RUN_CMD echo rm -f "$full_dest"
            done
          ''
        ]
      else
        [
          ''
            $DRY_RUN_CMD echo rm -f ${destination}
          ''
        ]
    );
  };
 in
 {
  imports = [ ];
  options.me.install = {
    user = lib.mkOption {
      type = lib.types.attrsOf (
        lib.types.submodule (
          { name, config, ... }:
          let
            username = name;
          in
          {
            options = {
              enable = lib.mkOption {
                type = lib.types.bool;
                default = true;
                defaultText = "enable";
                example = lib.literalExpression false;
                description = "Whether we want to install files in this user's home directory.";
              };
              file = lib.mkOption {
                type = lib.types.attrsOf (
                  lib.types.submodule (
                    { name, config, ... }:
                    let
                      path = name;
                    in
                    {
                      options = {
                        enable = lib.mkOption {
                          type = lib.types.bool;
                          default = true;
                          defaultText = "enable";
                          example = lib.literalExpression false;
                          description = "Whether we want to install this file in this user's home directory.";
                        };
                        username = lib.mkOption {
                          type = lib.types.str;
                          defaultText = "username";
                          example = "root";
                          description = "The username for the user whose home directory will contain the file.";
                        };
                        target = lib.mkOption {
                          type = lib.types.str;
                          defaultText = "target";
                          example = ".local/share/foo/bar.txt";
                          description = "The path where the file should be written.";
                        };
                        method = lib.mkOption {
                          type = lib.types.enum [
                            "symlink"
                            "overwrite"
                            # "bind_mount" TODO: for directories?
                          ];
                          default = "symlink";
                          defaultText = "me.install.file.‹path›.method";
                          example = "overwrite";
                          description = "The way in which the file should be installed.";
                        };
                        mode = lib.mkOption {
                          type = lib.types.str;
                          default = "0444";
                          defaultText = "me.install.file.‹path›.mode";
                          example = "0750";
                          description = "The read, write, execute permission flags.";
                        };
                        dir_mode = lib.mkOption {
                          type = lib.types.str;
                          default = "0755";
                          defaultText = "dir_mode";
                          example = "0755";
                          description = "The read, write, execute permission flags for any parent directories that need to be created.";
                        };
                        source = lib.mkOption {
                          type = lib.types.path;
                          defaultText = "me.install.file.‹path›.source";
                          example = ./files/foo.txt;
                          description = "The source file to install into the destination.";
                        };
                        recursive = lib.mkOption {
                          type = lib.types.bool;
                          default = false;
                          defaultText = "recursive";
                          example = lib.literalExpression false;
                          description = "Whether we want to recurse through the directory doing individual installs for each file.";
                        };
                      };
                      config = {
                        username = lib.mkDefault username;
                        target = lib.mkDefault path;
                      };
                    }
                  )
                );
              };
            };
          }
        )
      );
    };
  };
  config =
    let
      all_users = builtins.map (username: cfg.user."${username}") (attrNames cfg.user);
      enabled_users = filter (user: user.enable) all_users;
      all_file_targets = lib.flatten (
        builtins.map (user: (builtins.map (path: user.file."${path}") (attrNames user.file))) enabled_users
      );
      enabled_file_targets = filter (target: target.enable) all_file_targets;
      check_commands = lib.flatten (builtins.map (install_user_file "check") enabled_file_targets);
      install_commands = lib.flatten (builtins.map (install_user_file "install") enabled_file_targets);
      uninstall_commands = lib.flatten (
        builtins.map (install_user_file "uninstall") enabled_file_targets
      );
    in
    {
      systemd.services.me-install-file = {
        enable = true;
        description = "me-install-file";
        wantedBy = [ "multi-user.target" ];
        wants = [ "multi-user.target" ];
        before = [ "multi-user.target" ];
        # path = with pkgs; [
        #   zfs
        # ];
        unitConfig.DefaultDependencies = "no";
        serviceConfig = {
          Type = "oneshot";
          RemainAfterExit = "yes";
        };
        script =
          ''
            set -o pipefail
            IFS=$'\n\t'
            source ${./files/lib.bash}
          ''
          + (lib.strings.concatStringsSep "\n" (
            [
            ]
            ++ check_commands
            ++ install_commands
          ));
        preStop =
          ''
            set -o pipefail
            IFS=$'\n\t'
            source ${./files/lib.bash}
          ''
          + (lib.strings.concatStringsSep "\n" uninstall_commands);
      };
    };
 }
--- a/nix/yubipi/util/install_files/files/lib.bash
+++ b/nix/yubipi/util/install_files/files/lib.bash
@@ -0,0 +1,38 @@
 #!/usr/bin/env bash
 #
 ############## Setup #########################
 function die {
    local status_code="$1"
    shift
    (>&2 echo "${@}")
    exit "$status_code"
 }
 function log {
    (>&2 echo "${@}")
 }
 ############## Program #########################
 function create_containing_directories {
    local full_dest="$1"
    shift 1
    local dirs_to_create=()
    local containing_directory="$full_dest"
    while true; do
        containing_directory=$(dirname "$containing_directory")
        if [ -e "$containing_directory" ] || [ "$containing_directory" = "/" ]; then
            break
        fi
        dirs_to_create+=($containing_directory)
    done
    for (( idx=${#dirs_to_create[@]}-1 ; idx>=0 ; idx-- )) ; do
        local containing_directory="${dirs_to_create[idx]}"
        log "Creating $containing_directory"
        $DRY_RUN_CMD install $VERBOSE_ARG -d "${@}" "$containing_directory"
    done
 }
--- a/nix/yubipi/util/unfree_polyfill/default.nix
+++ b/nix/yubipi/util/unfree_polyfill/default.nix
@@ -0,0 +1,15 @@
 { config, lib, ... }:
 let
  inherit (builtins) elem;
  inherit (lib) getName mkOption;
  inherit (lib.types) listOf str;
 in
 {
  # Pending https://github.com/NixOS/nixpkgs/issues/55674
  options.allowedUnfree = mkOption {
    type = listOf str;
    default = [ ];
  };
  config.nixpkgs.config.allowUnfreePredicate = p: elem (getName p) config.allowedUnfree;
 }
Author	SHA1	Message	Date
Tom Alexander	3733e76d18	Add a build for the yubikey management raspberry pi image.	2025-10-08 21:24:44 -04:00
Tom Alexander	3d9513f2c5	Move ansible-sshjail and zsh-histdb into my config instead of living as separate flakes.	2025-10-05 21:37:57 -04:00
Tom Alexander	ae6cce96a2	Support running arm code on x86.	2025-10-05 20:43:04 -04:00
Tom Alexander	3274d1903f	Replace GNU coreutils with uutils.	2025-10-05 20:04:03 -04:00
Tom Alexander	a01b58f6ac	use-remote-sudo has been replaced with sudo.	2025-10-05 15:17:34 -04:00
Tom Alexander	fb7b1322da	Remove hack for turning off wifi power saving from quark shell init.	2025-10-05 14:55:42 -04:00