loki: Update kernel to 6.4, enable TPM2, open some ports for Sonos

machines/loki/configuration.nix

@@ -95,11 +95,11 @@
     initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
     initrd.kernelModules = [ ];
 
-    kernelPackages = pkgs.linuxPackages_6_3;
+    kernelPackages = pkgs.linuxPackages_6_4;
     kernelModules = [ "kvm-amd" "apple-mfi-fastcharge" "zenpower" "nf_nat_ftp" ];
     kernelParams = [ "amd_pstate.shared_mem=1" ];
     extraModulePackages = [ ] ++
-      (with config.boot.kernelPackages; [ rtl88x2bu zenpower cpupower ]);
+      (with config.boot.kernelPackages; [ zenpower cpupower ]);
 
     loader = {
       systemd-boot = {
@@ -110,6 +110,17 @@
     };
   };
 
+  security = {
+    tpm2 = {
+      enable = true; # Broken, see https://github.com/NixOS/nixpkgs/issues/244107
+      pkcs11.enable = true;
+      abrmd.enable = true;
+      tctiEnvironment.enable = true;
+    };
+  };
+
+  users.users.erwin.extraGroups = [ "tss" ];
+
   time.timeZone = "Europe/Amsterdam";
 
   networking = {
@@ -169,11 +180,15 @@
       allowedTCPPortRanges = [
         # Sunshine
         { from = 47984; to = 47990; }
+        # Sonos / noson
+        { from = 1400; to = 1410; }
       ];
 
       allowedUDPPortRanges = [
         # Sunshine
         { from = 47998; to = 48000; }
+        # Sonos / noson / pulseaudio
+        { from = 1400; to = 1410; }
       ];
     };
   };