I’ve fully realized the “What’s next?” section at the end of my ZFS encryption post, and I now have a full continuous integration / continuous delivery solution for my home lab. 🎉

There were a few humps to get over, many of them self imposed, but I wanted to document them and some thoughts around decisions I made.

KEYID A6C19D1C082670FD will be retired soon. I haven’t been using any public key servers, so this seems like the most appropriate place to post a rotation notification.

Old key hasn’t been leaked or misused. I’m still using it temporarily personally until I’m sure everything is completely settled.

I finally retired my last Yubikey 4, and have moved everything to ed25519 / cv25519 keys. Everything is supporting KDF now too, so that’s a nice bonus.

I’ve started using a ZFS root filesystem on all of my computers now. Various wants on different systems have led to me using ZFS native encryption on some systems, and ZFS on LVM on LUKS on some others. I’ve had a chance to feel out both options, and I’ve learned a bunch in the meantime, so I decided to try something else now.

This post gets into a scheme that allows a single self contained zpool to offer LUKS key managent and unlocking options on NixOS.

I wrote a tab I’m pretty proud of. The song is 林泉吟/Melodies of forest and springs by Raflum | 雨鎖悲秋:

I recent transitoned to using boot.initrd.systemd.enable = true on NixOS. It wasn’t terrible to figure out, but I did have some migrations to figure out for my boot process customizations. This is the blog post I wish I had to read first regardless 😅.

For many system configurations, transitioning to a systemd based initrd process will just work with the one config line above. This post gets into config patterns that typically require migration, what my personal migration looked like, and advice for debugging boot processes for any migration.

I’ve been using linux for quite a while. This has included personal, academic, and professional use. I started using NixOS on my physical machines last year, and I already have a really difficult time imaginging not using NixOS. I wanted to put together a post to talk about what I think is really unique, interesting, and compelling about it.

This gets a bit into some of the internals. I’ll try to keep it general and understandable without prior knowledge of NixOS or the Nix language.

Microsoft is starting to allow external identity providers to act as multi-factor authentication as a part of their authentication flows. This is currently documented as a preview feature on their website.

I worked with a client to implement support for this integration. This post has some thoughts, notes, surprises, and feedback from that experience.

Welcome to blog.decent.id!