diff options
author | Gregor Kleen <gkleen@yggdrasil.li> | 2024-07-30 15:22:50 +0200 |
---|---|---|
committer | Gregor Kleen <gkleen@yggdrasil.li> | 2024-07-30 15:22:50 +0200 |
commit | bf329299d3c412bdbe6d1145b0947e6950c5c548 (patch) | |
tree | ced74c587ea71ad41df5258255fae7415a4a682e /hosts/sif | |
parent | cd3c763cadbe887d5918f91619a836227d9e3846 (diff) | |
download | nixos-bf329299d3c412bdbe6d1145b0947e6950c5c548.tar nixos-bf329299d3c412bdbe6d1145b0947e6950c5c548.tar.gz nixos-bf329299d3c412bdbe6d1145b0947e6950c5c548.tar.bz2 nixos-bf329299d3c412bdbe6d1145b0947e6950c5c548.tar.xz nixos-bf329299d3c412bdbe6d1145b0947e6950c5c548.zip |
...
Diffstat (limited to 'hosts/sif')
-rw-r--r-- | hosts/sif/default.nix | 8 | ||||
-rw-r--r-- | hosts/sif/gkleen-rclone.yaml | 34 | ||||
-rw-r--r-- | hosts/sif/hw.nix | 76 | ||||
-rw-r--r-- | hosts/sif/mail/secrets.yaml | 34 |
4 files changed, 94 insertions, 58 deletions
diff --git a/hosts/sif/default.nix b/hosts/sif/default.nix index 319dccd9..87c0f3bf 100644 --- a/hosts/sif/default.nix +++ b/hosts/sif/default.nix | |||
@@ -13,7 +13,7 @@ in { | |||
13 | imports = with flake.nixosModules.systemProfiles; [ | 13 | imports = with flake.nixosModules.systemProfiles; [ |
14 | ./hw.nix | 14 | ./hw.nix |
15 | 15 | ||
16 | initrd-all-crypto-modules default-locale openssh rebuild-machines | 16 | tmpfs-root bcachefs initrd-all-crypto-modules default-locale openssh rebuild-machines |
17 | networkmanager | 17 | networkmanager |
18 | ]; | 18 | ]; |
19 | 19 | ||
@@ -35,8 +35,8 @@ in { | |||
35 | emergencyAccess = config.users.users.root.hashedPassword; | 35 | emergencyAccess = config.users.users.root.hashedPassword; |
36 | }; | 36 | }; |
37 | luks.devices = { | 37 | luks.devices = { |
38 | nvm0 = { device = "/dev/disk/by-uuid/fe641e81-0812-4181-a5f6-382ebba509bb"; bypassWorkqueues = true; }; | 38 | nvm0 = { device = "/dev/disk/by-uuid/bef17e86-d929-4a60-97cb-6bfa133face7"; bypassWorkqueues = true; }; |
39 | nvm1 = { device = "/dev/disk/by-uuid/43df1ba8-1728-4193-8855-920a82d4494a"; bypassWorkqueues = true; }; | 39 | nvm1 = { device = "/dev/disk/by-uuid/2884e98d-5afd-4965-91c9-88ffb5ec58bc"; bypassWorkqueues = true; }; |
40 | }; | 40 | }; |
41 | availableKernelModules = [ "drbg" "nvme" "xhci_pci" "usb_storage" "sd_mod" "sr_mod" "rtsx_pci_sdmmc" ]; | 41 | availableKernelModules = [ "drbg" "nvme" "xhci_pci" "usb_storage" "sd_mod" "sr_mod" "rtsx_pci_sdmmc" ]; |
42 | kernelModules = [ "dm-raid" "dm-integrity" "dm-snapshot" "dm-thin-pool" "dm-mod" "dm-crypt" ]; | 42 | kernelModules = [ "dm-raid" "dm-integrity" "dm-snapshot" "dm-thin-pool" "dm-mod" "dm-crypt" ]; |
@@ -655,6 +655,6 @@ in { | |||
655 | in [ gtk-portal ]; | 655 | in [ gtk-portal ]; |
656 | }; | 656 | }; |
657 | 657 | ||
658 | system.stateVersion = "20.03"; | 658 | system.stateVersion = "24.11"; |
659 | }; | 659 | }; |
660 | } | 660 | } |
diff --git a/hosts/sif/gkleen-rclone.yaml b/hosts/sif/gkleen-rclone.yaml index 4bc07556..f0430f71 100644 --- a/hosts/sif/gkleen-rclone.yaml +++ b/hosts/sif/gkleen-rclone.yaml | |||
@@ -5,28 +5,26 @@ sops: | |||
5 | azure_kv: [] | 5 | azure_kv: [] |
6 | hc_vault: [] | 6 | hc_vault: [] |
7 | age: | 7 | age: |
8 | - recipient: age1ure0athvtnaqqw48pe0y3upqdzmkaen9h70yggd9va4hva6avd8qqm6s4d | 8 | - recipient: age1rmmhetcmllq0ahl5qznlr0eya2zdxwl9h6y5wnl97d2wtyx5t99sm2u866 |
9 | enc: | | 9 | enc: | |
10 | -----BEGIN AGE ENCRYPTED FILE----- | 10 | -----BEGIN AGE ENCRYPTED FILE----- |
11 | YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhazlZcFRyY2ZxZ2dLb00v | 11 | YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxZU1MY0JCRkdPK0JIWEs4 |
12 | SzZmM3paanI1b090NW8za1FKa3Q0bWlKeTJNCllhRGo2bDNaMkxpMHlweEZGU3FQ | 12 | MnVQYWN1cklPSFJFTkYxVm9nVFpYSjRTUENnClZZaUw0QVYxejMzM0VvYTUzMUlE |
13 | SlFIQmxqK2trWm5TRFp0SEhVRUNNWncKLS0tIHc3OGNqbHF0eFozdWp1V3IvRFJJ | 13 | N0ZVV0laeVJQV3BsUHJzVWlNM0ZZWEUKLS0tIEZvRWtEdzFwVlVMS2FxT2Z3NHRo |
14 | bzd6VTRPT1pqYVFPQ0IyblVQdWt4MUUKtp8FKeOVhZ6DTY0euegOFcmUL6bNYlml | 14 | STZZRWxURnQ1MHE2RlJVQmdiM2VlNVkKpDJSJxij/LKFGUyuy/iAmf/Gq+PhLh4V |
15 | 1DlbDUF47mAMz6HfsvpyoJmLG/uQBCXUVIpP18ignQtJJx043+vnEA== | 15 | DoowTqWMehgKz/x14HCegI6fIuI2Spwk6GVVICQvmk5Y33/kyneOiA== |
16 | -----END AGE ENCRYPTED FILE----- | ||
17 | - recipient: age1fj65apkhfkrwyv5tx6zcs9nkjg8267fy733qph30sc7zfn7vapjqkd5kne | ||
18 | enc: | | ||
19 | -----BEGIN AGE ENCRYPTED FILE----- | ||
20 | YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4c0hoSGE4SVpwRkpBZmgv | ||
21 | SVVDODZmbkN4THNMelJucXZ3aTFrUDlmRmtZCkl3UFlROWJyd0VGakZRK3NGUEty | ||
22 | UUxjMDVZZWc4MXdKQTlKczF4N1gxYUUKLS0tIHRyczNiTzJLYTZaRFduc2RoaXhU | ||
23 | SUpCMXJDd1YwcnpuQ2hHa2Q4TlNGYjgKe3cSIERblN7XbI8mBWWSKhdLs6J8LT6t | ||
24 | 3Q2gz8LZhtEJvROOYiVjcnZG9iOLLkgsy/mI34Y0evcKZrvvsPyQ1g== | ||
16 | -----END AGE ENCRYPTED FILE----- | 25 | -----END AGE ENCRYPTED FILE----- |
17 | lastmodified: "2022-01-31T18:19:02Z" | 26 | lastmodified: "2022-01-31T18:19:02Z" |
18 | mac: ENC[AES256_GCM,data:E/XAsuv+EqFud686SHuRp6XZ4f8uoXMI2rnPI733lQg/x/zuvCoOil9AtnQpStnu9wchlbee/y53uUDzAdTiYsjBCRqqt+19iAPnRHPZ2eb82SPetIRA8leKhiJFtOpHFTmlPYHCokxVBH6qLDjaJj/1Dx7Iv9xoAB4ECYnWxTo=,iv:wY5p++ixK5KA+Xnpuj0/3YBLMr/CQwIm3Nj3DzQC4II=,tag:f+7rincFHPEJZp+QJ2iiMQ==,type:str] | 27 | mac: ENC[AES256_GCM,data:E/XAsuv+EqFud686SHuRp6XZ4f8uoXMI2rnPI733lQg/x/zuvCoOil9AtnQpStnu9wchlbee/y53uUDzAdTiYsjBCRqqt+19iAPnRHPZ2eb82SPetIRA8leKhiJFtOpHFTmlPYHCokxVBH6qLDjaJj/1Dx7Iv9xoAB4ECYnWxTo=,iv:wY5p++ixK5KA+Xnpuj0/3YBLMr/CQwIm3Nj3DzQC4II=,tag:f+7rincFHPEJZp+QJ2iiMQ==,type:str] |
19 | pgp: | 28 | pgp: [] |
20 | - created_at: "2023-01-30T10:58:04Z" | ||
21 | enc: | | ||
22 | -----BEGIN PGP MESSAGE----- | ||
23 | |||
24 | hF4DXxoViZlp6dISAQdAEEQ+ELalInEqD7WVWPyhz9C2WGOAqYZdW8wHn+i7c3cw | ||
25 | HgPkJXA0JJBawtQ+eqWtVBbmZbabVdiZ7xOAlVQWrVXa7tN7s2y4yY6KESB/5NFo | ||
26 | 0l4BvOF0KdMDkBx9rhVakSfCJ9w/3ZodD2tZ/KgttamnsYg9EwI2xDSsFowK0gUM | ||
27 | 2t7ZnDbDsQCrIR0y/qL5DwFVVKlvbDl5ZGLq5Py/ECMh5WdsEQ0dqBmeytxN44gw | ||
28 | =SxAd | ||
29 | -----END PGP MESSAGE----- | ||
30 | fp: 30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51 | ||
31 | unencrypted_suffix: _unencrypted | 29 | unencrypted_suffix: _unencrypted |
32 | version: 3.7.1 | 30 | version: 3.7.1 |
diff --git a/hosts/sif/hw.nix b/hosts/sif/hw.nix index 3442a93a..bd3aa0de 100644 --- a/hosts/sif/hw.nix +++ b/hosts/sif/hw.nix | |||
@@ -1,25 +1,65 @@ | |||
1 | { config, lib, pkgs, ... }: | 1 | { config, lib, pkgs, ... }: |
2 | 2 | ||
3 | { | 3 | { |
4 | fileSystems."/" = | 4 | fileSystems = { |
5 | { device = "/dev/disk/by-uuid/f094bf06-66f9-40a8-9ab2-2b54d05223d2"; | 5 | "/boot" = |
6 | fsType = "btrfs"; | 6 | { device = "LABEL=boot"; |
7 | }; | 7 | fsType = "vfat"; |
8 | options = [ "fmask=0022" "dmask=0022" ]; | ||
9 | }; | ||
10 | "/.bcachefs" = | ||
11 | { device = "LABEL=sif"; | ||
12 | fsType = "bcachefs"; | ||
13 | neededForBoot = true; | ||
14 | }; | ||
15 | "/nix" = | ||
16 | { device = "/.bcachefs/nix"; | ||
17 | fsType = "none"; | ||
18 | options = [ "bind" ]; | ||
19 | }; | ||
20 | "/root" = | ||
21 | { device = "/.bcachefs/root"; | ||
22 | fsType = "none"; | ||
23 | options = [ "bind" ]; | ||
24 | }; | ||
25 | "/var/log" = | ||
26 | { device = "/.bcachefs/var/log"; | ||
27 | fsType = "none"; | ||
28 | options = [ "bind" ]; | ||
29 | }; | ||
30 | "/var/lib/sops-nix" = | ||
31 | { device = "/.bcachefs/var/lib/sops-nix"; | ||
32 | fsType = "none"; | ||
33 | options = [ "bind" ]; | ||
34 | neededForBoot = true; | ||
35 | }; | ||
36 | "/var/lib/nixos" = | ||
37 | { device = "/.bcachefs/var/lib/nixos"; | ||
38 | fsType = "none"; | ||
39 | options = [ "bind" ]; | ||
40 | neededForBoot = true; | ||
41 | }; | ||
42 | "/var/lib/chrony" = | ||
43 | { device = "/.bcachefs/var/lib/chrony"; | ||
44 | fsType = "none"; | ||
45 | options = [ "bind" ]; | ||
46 | }; | ||
47 | "/var/lib/systemd" = | ||
48 | { device = "/.bcachefs/var/lib/systemd"; | ||
49 | fsType = "none"; | ||
50 | options = [ "bind" ]; | ||
51 | neededForBoot = true; | ||
52 | }; | ||
53 | "/home" = | ||
54 | { device = "/.bcachefs/home"; | ||
55 | fsType = "none"; | ||
56 | options = [ "bind" ]; | ||
57 | }; | ||
58 | }; | ||
8 | 59 | ||
9 | fileSystems."/boot" = | 60 | swapDevices = [ |
10 | { device = "/dev/disk/by-uuid/B3A2-D029"; | 61 | { device = "LABEL=swap"; } |
11 | fsType = "vfat"; | 62 | ]; |
12 | }; | ||
13 | |||
14 | fileSystems."/home" = | ||
15 | { device = "/dev/disk/by-uuid/9e932072-3c56-4a9c-8da7-3163d2a8bf28"; | ||
16 | fsType = "btrfs"; | ||
17 | }; | ||
18 | |||
19 | fileSystems."/var/media" = | ||
20 | { device = "/dev/disk/by-uuid/437eca70-d017-4d52-a1fa-2f4c7a87f096"; | ||
21 | fsType = "btrfs"; | ||
22 | }; | ||
23 | 63 | ||
24 | nix.settings.max-jobs = 12; | 64 | nix.settings.max-jobs = 12; |
25 | # High-DPI console | 65 | # High-DPI console |
diff --git a/hosts/sif/mail/secrets.yaml b/hosts/sif/mail/secrets.yaml index 5ac36cc6..3c74b710 100644 --- a/hosts/sif/mail/secrets.yaml +++ b/hosts/sif/mail/secrets.yaml | |||
@@ -5,28 +5,26 @@ sops: | |||
5 | azure_kv: [] | 5 | azure_kv: [] |
6 | hc_vault: [] | 6 | hc_vault: [] |
7 | age: | 7 | age: |
8 | - recipient: age1ure0athvtnaqqw48pe0y3upqdzmkaen9h70yggd9va4hva6avd8qqm6s4d | 8 | - recipient: age1rmmhetcmllq0ahl5qznlr0eya2zdxwl9h6y5wnl97d2wtyx5t99sm2u866 |
9 | enc: | | 9 | enc: | |
10 | -----BEGIN AGE ENCRYPTED FILE----- | 10 | -----BEGIN AGE ENCRYPTED FILE----- |
11 | YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEYkM2VWRIZzZCQUVYeThv | 11 | YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1MVYrR1ZrUXVhYVIvdTdS |
12 | eWhHZE5GVFVOSUtLcDBXQmhtdFhuTThBdTF3ClNVcDl3SUdRMGJXOENyNWdSb21z | 12 | OUxoOGhRZ3p2dFhCYkxta1REYy9FWTFEZVNJCjhpQ0VMcWdkWWQ1blZyVVpGWk81 |
13 | OXY1QUNwUjRrbU00b2hHS3pJM3diTFkKLS0tIEFxV2JSbWphdEEzbE8xbkd2cXBz | 13 | UVBTZzNKSis2ZVVNdFA4TldvL05oMWcKLS0tIEl0TU8xQUhkTk83dDhzYU5aeCtR |
14 | dEhFSDVKbFJJZWRPY3o2am94ZURJL2cKwJkjD9jarS3zdcNBVpx3cIjh8XmXCL+C | 14 | OVcrdFRaeGxZL2kxT3VzUnBtWEI1Y1UK8LwKTus25P/nQrMJG5MOuR/lD2PCgeLC |
15 | AN1T7DQjzQpD65Mdbj9QqXx1p0HmjO/sqr1yNQopub8oQneLbtx8Gg== | 15 | WYBIbFusX//mwr1nymyWnHXkfXf8uHzpc6rJGFoa+TuOVU3elYB/Pg== |
16 | -----END AGE ENCRYPTED FILE----- | ||
17 | - recipient: age1fj65apkhfkrwyv5tx6zcs9nkjg8267fy733qph30sc7zfn7vapjqkd5kne | ||
18 | enc: | | ||
19 | -----BEGIN AGE ENCRYPTED FILE----- | ||
20 | YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQcUs2OGp6WWN5cm9IVDdx | ||
21 | TFRpZTJXQjBXeGp3RytPaFdjR3UyVURnYmhZCnh3SDNYR0J1US9vcEhTbmJCNm5r | ||
22 | emJReml2QTNkTC93M0lpYlpNbTc4TGsKLS0tIGZ4YkE4STQ2dmh4akJVcnZOUVhT | ||
23 | MTNrOGxqZmFWSnl0U3lVTnllbEFTN28KKv/W6tk2YlNQV8fotfjSLg1HOs6OdMj4 | ||
24 | GkZ30jQYfwmFYEA8YPn9JXbVNpprXd0d6ufLl/tAQckT6lsqGhwzeg== | ||
16 | -----END AGE ENCRYPTED FILE----- | 25 | -----END AGE ENCRYPTED FILE----- |
17 | lastmodified: "2022-02-02T14:45:23Z" | 26 | lastmodified: "2022-02-02T14:45:23Z" |
18 | mac: ENC[AES256_GCM,data:UdM/VmdfqhYm1aFCHaO0mbJA/oyV/J2oKVVmGDa0Co3MWq9aWMqP726O+rLk36W0HOG4fmue//R1Q524au2hMW9bZUFzrubfQt2V78tZRZeHCJSRmOmi1D1EDdfPz9J3oWDvIEgIIsAk5H5EuuH0j6FILye6tzcomNGDAKZbwuc=,iv:a7dJAqkcroLp01gkGKV5gm6gTIIMa/9P8qJn44ISrw0=,tag:R9/6X6mgfVSLK7bmoWRnfQ==,type:str] | 27 | mac: ENC[AES256_GCM,data:UdM/VmdfqhYm1aFCHaO0mbJA/oyV/J2oKVVmGDa0Co3MWq9aWMqP726O+rLk36W0HOG4fmue//R1Q524au2hMW9bZUFzrubfQt2V78tZRZeHCJSRmOmi1D1EDdfPz9J3oWDvIEgIIsAk5H5EuuH0j6FILye6tzcomNGDAKZbwuc=,iv:a7dJAqkcroLp01gkGKV5gm6gTIIMa/9P8qJn44ISrw0=,tag:R9/6X6mgfVSLK7bmoWRnfQ==,type:str] |
19 | pgp: | 28 | pgp: [] |
20 | - created_at: "2023-01-30T10:58:14Z" | ||
21 | enc: | | ||
22 | -----BEGIN PGP MESSAGE----- | ||
23 | |||
24 | hF4DXxoViZlp6dISAQdAYwW96YVgfK1Y3Ue1EA3qbE3zw4k4gdTnzWeBB2Ljux4w | ||
25 | urG4pwe47rkuq3e1TMdZxxDeZe0OvLwaZBVfD+eFVUrnLYbkrm4shvrq+6xv70Zm | ||
26 | 0l4BvG9W6VvUXNyKR0Bl65K/hqm8A7GOBPfB35npsY+1ufeJJYdmxX6n7dL94SX5 | ||
27 | he4m9JRuiyPrRxomudU5nrWLQwKQk8WtavExfVq6zIlnkhlGerKbxDVEIsFaDleT | ||
28 | =7IFo | ||
29 | -----END PGP MESSAGE----- | ||
30 | fp: 30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51 | ||
31 | unencrypted_suffix: _unencrypted | 29 | unencrypted_suffix: _unencrypted |
32 | version: 3.7.1 | 30 | version: 3.7.1 |