loki: Update kernel to 6.4, enable TPM2, open some ports for Sonos

2023-08-19 19:39:23 +02:00 · 2023-08-19 19:39:23 +02:00 · 4f0c66b77b
commit 4f0c66b77b
parent 61dc9b9f5e
1 changed files with 17 additions and 2 deletions
--- a/machines/loki/configuration.nix
+++ b/machines/loki/configuration.nix
@ -95,11 +95,11 @@
    initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
    initrd.kernelModules = [ ];

-    kernelPackages = pkgs.linuxPackages_6_3;
+    kernelPackages = pkgs.linuxPackages_6_4;
    kernelModules = [ "kvm-amd" "apple-mfi-fastcharge" "zenpower" "nf_nat_ftp" ];
    kernelParams = [ "amd_pstate.shared_mem=1" ];
    extraModulePackages = [ ] ++
-      (with config.boot.kernelPackages; [ rtl88x2bu zenpower cpupower ]);
+      (with config.boot.kernelPackages; [ zenpower cpupower ]);

    loader = {
      systemd-boot = {
@ -110,6 +110,17 @@
    };
  };

+  security = {
+    tpm2 = {
+      enable = true; # Broken, see https://github.com/NixOS/nixpkgs/issues/244107
+      pkcs11.enable = true;
+      abrmd.enable = true;
+      tctiEnvironment.enable = true;
+    };
+  };
+
+  users.users.erwin.extraGroups = [ "tss" ];
+
  time.timeZone = "Europe/Amsterdam";

  networking = {
@ -169,11 +180,15 @@
      allowedTCPPortRanges = [
        # Sunshine
        { from = 47984; to = 47990; }
+        # Sonos / noson
+        { from = 1400; to = 1410; }
      ];

      allowedUDPPortRanges = [
        # Sunshine
        { from = 47998; to = 48000; }
+        # Sonos / noson / pulseaudio
+        { from = 1400; to = 1410; }
      ];
    };
  };