From 4fd3d1c6121ee28f059f8991867e96b60e8d69dd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=9C=BF=20corey?= Date: Fri, 17 Apr 2026 13:57:03 -0700 Subject: [PATCH 1/3] feat(glyph): load i915 for HDMI display output Adds the i915 Intel GPU display driver to boot.kernelModules so the GPU drives the HDMI output. Without this, JetKVM captures a blank screen. hardware.graphics was already enabled for compute/transcoding but does not load the display driver. --- hosts/glyph/hardware.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/glyph/hardware.nix b/hosts/glyph/hardware.nix index dc7ce697..dd406984 100644 --- a/hosts/glyph/hardware.nix +++ b/hosts/glyph/hardware.nix @@ -11,7 +11,7 @@ boot.initrd.availableKernelModules = ["vmd" "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" "sr_mod"]; boot.initrd.kernelModules = []; - boot.kernelModules = ["kvm-intel"]; + boot.kernelModules = ["kvm-intel" "i915"]; boot.extraModulePackages = []; fileSystems."/" = { From 6842d5f1c11479e11d2c42242b78b23812d08d53 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=9C=BF=20corey?= Date: Fri, 17 Apr 2026 13:57:08 -0700 Subject: [PATCH 2/3] feat(glyph): enable TTY login via hashed password secret Stores the mu user's hashed password as an agenix secret so interactive login works at the TTY (e.g. via JetKVM) without exposing the hash in the public repo. Uses neededForUsers = true so the secret is decrypted before user accounts are initialised during boot. --- hosts/glyph/default.nix | 6 +++++- hosts/glyph/secrets/user-password.age | 8 ++++++++ lib/secrets/glyph.nix | 1 + 3 files changed, 14 insertions(+), 1 deletion(-) create mode 100644 hosts/glyph/secrets/user-password.age diff --git a/hosts/glyph/default.nix b/hosts/glyph/default.nix index f5a29752..b4091541 100644 --- a/hosts/glyph/default.nix +++ b/hosts/glyph/default.nix @@ -1,4 +1,4 @@ -{...}: { +{config, ...}: { imports = [ ./hardware.nix ./services @@ -54,5 +54,9 @@ # Beets library database (beets configured in home-manager) rc.backup.paths = ["/home/mu/.config/beets/library.db"]; + age.secrets.user-password.file = ./secrets/user-password.age; + + users.users.mu.hashedPasswordFile = config.age.secrets.user-password.path; + system.stateVersion = "24.05"; } diff --git a/hosts/glyph/secrets/user-password.age b/hosts/glyph/secrets/user-password.age new file mode 100644 index 00000000..2f50f7ee --- /dev/null +++ b/hosts/glyph/secrets/user-password.age @@ -0,0 +1,8 @@ +age-encryption.org/v1 +-> ssh-ed25519 rSr+rA VY2dvp9g6IgtOiJ4dW/TvMOIwJBSlw+0ZIRG8Ag3N3U +KE02vkB09orCWVf48P4a6cU4Clmlqr46xh+NG1oQT5Y +-> ssh-ed25519 3EWhnQ 0KLn5lqM207eDkxOnJz3oUd5JxDhW5NALuL5djhVoxg +VlWK1Nfpruxkq6jFBM1Mbegn7hR58TmavrFHFk1go3g +--- kPA0luugj4TiRFPNQoz3C5A74PfQer4LjVvAib9t9ms +2rN1D#4pIA GQ +ØdeӁXz=i܇$Ja׉=́6HP6g+0\Ǻ+fw \ No newline at end of file diff --git a/lib/secrets/glyph.nix b/lib/secrets/glyph.nix index f72fe182..5611c515 100644 --- a/lib/secrets/glyph.nix +++ b/lib/secrets/glyph.nix @@ -11,4 +11,5 @@ in { "hosts/glyph/secrets/grafana-mcp-token.age".publicKeys = keys; "hosts/glyph/secrets/graphite-auth-token.age".publicKeys = keys; "hosts/glyph/secrets/attic-credentials.age".publicKeys = keys; + "hosts/glyph/secrets/user-password.age".publicKeys = keys; } From f402186ecb4d618d995e7ea370d849d1a7c12461 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=9C=BF=20corey?= Date: Fri, 17 Apr 2026 14:03:39 -0700 Subject: [PATCH 3/3] fix(zsh): use minimal starship prompt on TTY Nerd Font glyphs can't render on the Linux console. Extend the existing _prompt_auto_width check to also switch to starship-minimal.toml when $TERM is "linux", giving a clean prompt when logging in via JetKVM or any raw TTY. --- home/programs/zsh.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home/programs/zsh.nix b/home/programs/zsh.nix index c28c548b..bfde4edb 100644 --- a/home/programs/zsh.nix +++ b/home/programs/zsh.nix @@ -43,7 +43,7 @@ } _prompt_auto_width () { - if [[ $COLUMNS -lt 100 ]]; then + if [[ "$TERM" == "linux" || $COLUMNS -lt 100 ]]; then export STARSHIP_CONFIG=''${XDG_CONFIG_HOME:-$HOME/.config}/starship-minimal.toml else unset STARSHIP_CONFIG