summaryrefslogtreecommitdiff
path: root/hosts/sif
diff options
context:
space:
mode:
authorGregor Kleen <gkleen@yggdrasil.li>2024-07-30 15:22:50 +0200
committerGregor Kleen <gkleen@yggdrasil.li>2024-07-30 15:22:50 +0200
commitbf329299d3c412bdbe6d1145b0947e6950c5c548 (patch)
treeced74c587ea71ad41df5258255fae7415a4a682e /hosts/sif
parentcd3c763cadbe887d5918f91619a836227d9e3846 (diff)
downloadnixos-bf329299d3c412bdbe6d1145b0947e6950c5c548.tar
nixos-bf329299d3c412bdbe6d1145b0947e6950c5c548.tar.gz
nixos-bf329299d3c412bdbe6d1145b0947e6950c5c548.tar.bz2
nixos-bf329299d3c412bdbe6d1145b0947e6950c5c548.tar.xz
nixos-bf329299d3c412bdbe6d1145b0947e6950c5c548.zip
...
Diffstat (limited to 'hosts/sif')
-rw-r--r--hosts/sif/default.nix8
-rw-r--r--hosts/sif/gkleen-rclone.yaml34
-rw-r--r--hosts/sif/hw.nix76
-rw-r--r--hosts/sif/mail/secrets.yaml34
4 files changed, 94 insertions, 58 deletions
diff --git a/hosts/sif/default.nix b/hosts/sif/default.nix
index 319dccd9..87c0f3bf 100644
--- a/hosts/sif/default.nix
+++ b/hosts/sif/default.nix
@@ -13,7 +13,7 @@ in {
13 imports = with flake.nixosModules.systemProfiles; [ 13 imports = with flake.nixosModules.systemProfiles; [
14 ./hw.nix 14 ./hw.nix
15 ./mail 15 ./mail
16 initrd-all-crypto-modules default-locale openssh rebuild-machines 16 tmpfs-root bcachefs initrd-all-crypto-modules default-locale openssh rebuild-machines
17 networkmanager 17 networkmanager
18 ]; 18 ];
19 19
@@ -35,8 +35,8 @@ in {
35 emergencyAccess = config.users.users.root.hashedPassword; 35 emergencyAccess = config.users.users.root.hashedPassword;
36 }; 36 };
37 luks.devices = { 37 luks.devices = {
38 nvm0 = { device = "/dev/disk/by-uuid/fe641e81-0812-4181-a5f6-382ebba509bb"; bypassWorkqueues = true; }; 38 nvm0 = { device = "/dev/disk/by-uuid/bef17e86-d929-4a60-97cb-6bfa133face7"; bypassWorkqueues = true; };
39 nvm1 = { device = "/dev/disk/by-uuid/43df1ba8-1728-4193-8855-920a82d4494a"; bypassWorkqueues = true; }; 39 nvm1 = { device = "/dev/disk/by-uuid/2884e98d-5afd-4965-91c9-88ffb5ec58bc"; bypassWorkqueues = true; };
40 }; 40 };
41 availableKernelModules = [ "drbg" "nvme" "xhci_pci" "usb_storage" "sd_mod" "sr_mod" "rtsx_pci_sdmmc" ]; 41 availableKernelModules = [ "drbg" "nvme" "xhci_pci" "usb_storage" "sd_mod" "sr_mod" "rtsx_pci_sdmmc" ];
42 kernelModules = [ "dm-raid" "dm-integrity" "dm-snapshot" "dm-thin-pool" "dm-mod" "dm-crypt" ]; 42 kernelModules = [ "dm-raid" "dm-integrity" "dm-snapshot" "dm-thin-pool" "dm-mod" "dm-crypt" ];
@@ -655,6 +655,6 @@ in {
655 in [ gtk-portal ]; 655 in [ gtk-portal ];
656 }; 656 };
657 657
658 system.stateVersion = "20.03"; 658 system.stateVersion = "24.11";
659 }; 659 };
660} 660}
diff --git a/hosts/sif/gkleen-rclone.yaml b/hosts/sif/gkleen-rclone.yaml
index 4bc07556..f0430f71 100644
--- a/hosts/sif/gkleen-rclone.yaml
+++ b/hosts/sif/gkleen-rclone.yaml
@@ -5,28 +5,26 @@ sops:
5 azure_kv: [] 5 azure_kv: []
6 hc_vault: [] 6 hc_vault: []
7 age: 7 age:
8 - recipient: age1ure0athvtnaqqw48pe0y3upqdzmkaen9h70yggd9va4hva6avd8qqm6s4d 8 - recipient: age1rmmhetcmllq0ahl5qznlr0eya2zdxwl9h6y5wnl97d2wtyx5t99sm2u866
9 enc: | 9 enc: |
10 -----BEGIN AGE ENCRYPTED FILE----- 10 -----BEGIN AGE ENCRYPTED FILE-----
11 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhazlZcFRyY2ZxZ2dLb00v 11 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxZU1MY0JCRkdPK0JIWEs4
12 SzZmM3paanI1b090NW8za1FKa3Q0bWlKeTJNCllhRGo2bDNaMkxpMHlweEZGU3FQ 12 MnVQYWN1cklPSFJFTkYxVm9nVFpYSjRTUENnClZZaUw0QVYxejMzM0VvYTUzMUlE
13 SlFIQmxqK2trWm5TRFp0SEhVRUNNWncKLS0tIHc3OGNqbHF0eFozdWp1V3IvRFJJ 13 N0ZVV0laeVJQV3BsUHJzVWlNM0ZZWEUKLS0tIEZvRWtEdzFwVlVMS2FxT2Z3NHRo
14 bzd6VTRPT1pqYVFPQ0IyblVQdWt4MUUKtp8FKeOVhZ6DTY0euegOFcmUL6bNYlml 14 STZZRWxURnQ1MHE2RlJVQmdiM2VlNVkKpDJSJxij/LKFGUyuy/iAmf/Gq+PhLh4V
15 1DlbDUF47mAMz6HfsvpyoJmLG/uQBCXUVIpP18ignQtJJx043+vnEA== 15 DoowTqWMehgKz/x14HCegI6fIuI2Spwk6GVVICQvmk5Y33/kyneOiA==
16 -----END AGE ENCRYPTED FILE-----
17 - recipient: age1fj65apkhfkrwyv5tx6zcs9nkjg8267fy733qph30sc7zfn7vapjqkd5kne
18 enc: |
19 -----BEGIN AGE ENCRYPTED FILE-----
20 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4c0hoSGE4SVpwRkpBZmgv
21 SVVDODZmbkN4THNMelJucXZ3aTFrUDlmRmtZCkl3UFlROWJyd0VGakZRK3NGUEty
22 UUxjMDVZZWc4MXdKQTlKczF4N1gxYUUKLS0tIHRyczNiTzJLYTZaRFduc2RoaXhU
23 SUpCMXJDd1YwcnpuQ2hHa2Q4TlNGYjgKe3cSIERblN7XbI8mBWWSKhdLs6J8LT6t
24 3Q2gz8LZhtEJvROOYiVjcnZG9iOLLkgsy/mI34Y0evcKZrvvsPyQ1g==
16 -----END AGE ENCRYPTED FILE----- 25 -----END AGE ENCRYPTED FILE-----
17 lastmodified: "2022-01-31T18:19:02Z" 26 lastmodified: "2022-01-31T18:19:02Z"
18 mac: ENC[AES256_GCM,data:E/XAsuv+EqFud686SHuRp6XZ4f8uoXMI2rnPI733lQg/x/zuvCoOil9AtnQpStnu9wchlbee/y53uUDzAdTiYsjBCRqqt+19iAPnRHPZ2eb82SPetIRA8leKhiJFtOpHFTmlPYHCokxVBH6qLDjaJj/1Dx7Iv9xoAB4ECYnWxTo=,iv:wY5p++ixK5KA+Xnpuj0/3YBLMr/CQwIm3Nj3DzQC4II=,tag:f+7rincFHPEJZp+QJ2iiMQ==,type:str] 27 mac: ENC[AES256_GCM,data:E/XAsuv+EqFud686SHuRp6XZ4f8uoXMI2rnPI733lQg/x/zuvCoOil9AtnQpStnu9wchlbee/y53uUDzAdTiYsjBCRqqt+19iAPnRHPZ2eb82SPetIRA8leKhiJFtOpHFTmlPYHCokxVBH6qLDjaJj/1Dx7Iv9xoAB4ECYnWxTo=,iv:wY5p++ixK5KA+Xnpuj0/3YBLMr/CQwIm3Nj3DzQC4II=,tag:f+7rincFHPEJZp+QJ2iiMQ==,type:str]
19 pgp: 28 pgp: []
20 - created_at: "2023-01-30T10:58:04Z"
21 enc: |
22 -----BEGIN PGP MESSAGE-----
23
24 hF4DXxoViZlp6dISAQdAEEQ+ELalInEqD7WVWPyhz9C2WGOAqYZdW8wHn+i7c3cw
25 HgPkJXA0JJBawtQ+eqWtVBbmZbabVdiZ7xOAlVQWrVXa7tN7s2y4yY6KESB/5NFo
26 0l4BvOF0KdMDkBx9rhVakSfCJ9w/3ZodD2tZ/KgttamnsYg9EwI2xDSsFowK0gUM
27 2t7ZnDbDsQCrIR0y/qL5DwFVVKlvbDl5ZGLq5Py/ECMh5WdsEQ0dqBmeytxN44gw
28 =SxAd
29 -----END PGP MESSAGE-----
30 fp: 30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51
31 unencrypted_suffix: _unencrypted 29 unencrypted_suffix: _unencrypted
32 version: 3.7.1 30 version: 3.7.1
diff --git a/hosts/sif/hw.nix b/hosts/sif/hw.nix
index 3442a93a..bd3aa0de 100644
--- a/hosts/sif/hw.nix
+++ b/hosts/sif/hw.nix
@@ -1,25 +1,65 @@
1{ config, lib, pkgs, ... }: 1{ config, lib, pkgs, ... }:
2 2
3{ 3{
4 fileSystems."/" = 4 fileSystems = {
5 { device = "/dev/disk/by-uuid/f094bf06-66f9-40a8-9ab2-2b54d05223d2"; 5 "/boot" =
6 fsType = "btrfs"; 6 { device = "LABEL=boot";
7 }; 7 fsType = "vfat";
8 options = [ "fmask=0022" "dmask=0022" ];
9 };
10 "/.bcachefs" =
11 { device = "LABEL=sif";
12 fsType = "bcachefs";
13 neededForBoot = true;
14 };
15 "/nix" =
16 { device = "/.bcachefs/nix";
17 fsType = "none";
18 options = [ "bind" ];
19 };
20 "/root" =
21 { device = "/.bcachefs/root";
22 fsType = "none";
23 options = [ "bind" ];
24 };
25 "/var/log" =
26 { device = "/.bcachefs/var/log";
27 fsType = "none";
28 options = [ "bind" ];
29 };
30 "/var/lib/sops-nix" =
31 { device = "/.bcachefs/var/lib/sops-nix";
32 fsType = "none";
33 options = [ "bind" ];
34 neededForBoot = true;
35 };
36 "/var/lib/nixos" =
37 { device = "/.bcachefs/var/lib/nixos";
38 fsType = "none";
39 options = [ "bind" ];
40 neededForBoot = true;
41 };
42 "/var/lib/chrony" =
43 { device = "/.bcachefs/var/lib/chrony";
44 fsType = "none";
45 options = [ "bind" ];
46 };
47 "/var/lib/systemd" =
48 { device = "/.bcachefs/var/lib/systemd";
49 fsType = "none";
50 options = [ "bind" ];
51 neededForBoot = true;
52 };
53 "/home" =
54 { device = "/.bcachefs/home";
55 fsType = "none";
56 options = [ "bind" ];
57 };
58 };
8 59
9 fileSystems."/boot" = 60 swapDevices = [
10 { device = "/dev/disk/by-uuid/B3A2-D029"; 61 { device = "LABEL=swap"; }
11 fsType = "vfat"; 62 ];
12 };
13
14 fileSystems."/home" =
15 { device = "/dev/disk/by-uuid/9e932072-3c56-4a9c-8da7-3163d2a8bf28";
16 fsType = "btrfs";
17 };
18
19 fileSystems."/var/media" =
20 { device = "/dev/disk/by-uuid/437eca70-d017-4d52-a1fa-2f4c7a87f096";
21 fsType = "btrfs";
22 };
23 63
24 nix.settings.max-jobs = 12; 64 nix.settings.max-jobs = 12;
25 # High-DPI console 65 # High-DPI console
diff --git a/hosts/sif/mail/secrets.yaml b/hosts/sif/mail/secrets.yaml
index 5ac36cc6..3c74b710 100644
--- a/hosts/sif/mail/secrets.yaml
+++ b/hosts/sif/mail/secrets.yaml
@@ -5,28 +5,26 @@ sops:
5 azure_kv: [] 5 azure_kv: []
6 hc_vault: [] 6 hc_vault: []
7 age: 7 age:
8 - recipient: age1ure0athvtnaqqw48pe0y3upqdzmkaen9h70yggd9va4hva6avd8qqm6s4d 8 - recipient: age1rmmhetcmllq0ahl5qznlr0eya2zdxwl9h6y5wnl97d2wtyx5t99sm2u866
9 enc: | 9 enc: |
10 -----BEGIN AGE ENCRYPTED FILE----- 10 -----BEGIN AGE ENCRYPTED FILE-----
11 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEYkM2VWRIZzZCQUVYeThv 11 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1MVYrR1ZrUXVhYVIvdTdS
12 eWhHZE5GVFVOSUtLcDBXQmhtdFhuTThBdTF3ClNVcDl3SUdRMGJXOENyNWdSb21z 12 OUxoOGhRZ3p2dFhCYkxta1REYy9FWTFEZVNJCjhpQ0VMcWdkWWQ1blZyVVpGWk81
13 OXY1QUNwUjRrbU00b2hHS3pJM3diTFkKLS0tIEFxV2JSbWphdEEzbE8xbkd2cXBz 13 UVBTZzNKSis2ZVVNdFA4TldvL05oMWcKLS0tIEl0TU8xQUhkTk83dDhzYU5aeCtR
14 dEhFSDVKbFJJZWRPY3o2am94ZURJL2cKwJkjD9jarS3zdcNBVpx3cIjh8XmXCL+C 14 OVcrdFRaeGxZL2kxT3VzUnBtWEI1Y1UK8LwKTus25P/nQrMJG5MOuR/lD2PCgeLC
15 AN1T7DQjzQpD65Mdbj9QqXx1p0HmjO/sqr1yNQopub8oQneLbtx8Gg== 15 WYBIbFusX//mwr1nymyWnHXkfXf8uHzpc6rJGFoa+TuOVU3elYB/Pg==
16 -----END AGE ENCRYPTED FILE-----
17 - recipient: age1fj65apkhfkrwyv5tx6zcs9nkjg8267fy733qph30sc7zfn7vapjqkd5kne
18 enc: |
19 -----BEGIN AGE ENCRYPTED FILE-----
20 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQcUs2OGp6WWN5cm9IVDdx
21 TFRpZTJXQjBXeGp3RytPaFdjR3UyVURnYmhZCnh3SDNYR0J1US9vcEhTbmJCNm5r
22 emJReml2QTNkTC93M0lpYlpNbTc4TGsKLS0tIGZ4YkE4STQ2dmh4akJVcnZOUVhT
23 MTNrOGxqZmFWSnl0U3lVTnllbEFTN28KKv/W6tk2YlNQV8fotfjSLg1HOs6OdMj4
24 GkZ30jQYfwmFYEA8YPn9JXbVNpprXd0d6ufLl/tAQckT6lsqGhwzeg==
16 -----END AGE ENCRYPTED FILE----- 25 -----END AGE ENCRYPTED FILE-----
17 lastmodified: "2022-02-02T14:45:23Z" 26 lastmodified: "2022-02-02T14:45:23Z"
18 mac: ENC[AES256_GCM,data:UdM/VmdfqhYm1aFCHaO0mbJA/oyV/J2oKVVmGDa0Co3MWq9aWMqP726O+rLk36W0HOG4fmue//R1Q524au2hMW9bZUFzrubfQt2V78tZRZeHCJSRmOmi1D1EDdfPz9J3oWDvIEgIIsAk5H5EuuH0j6FILye6tzcomNGDAKZbwuc=,iv:a7dJAqkcroLp01gkGKV5gm6gTIIMa/9P8qJn44ISrw0=,tag:R9/6X6mgfVSLK7bmoWRnfQ==,type:str] 27 mac: ENC[AES256_GCM,data:UdM/VmdfqhYm1aFCHaO0mbJA/oyV/J2oKVVmGDa0Co3MWq9aWMqP726O+rLk36W0HOG4fmue//R1Q524au2hMW9bZUFzrubfQt2V78tZRZeHCJSRmOmi1D1EDdfPz9J3oWDvIEgIIsAk5H5EuuH0j6FILye6tzcomNGDAKZbwuc=,iv:a7dJAqkcroLp01gkGKV5gm6gTIIMa/9P8qJn44ISrw0=,tag:R9/6X6mgfVSLK7bmoWRnfQ==,type:str]
19 pgp: 28 pgp: []
20 - created_at: "2023-01-30T10:58:14Z"
21 enc: |
22 -----BEGIN PGP MESSAGE-----
23
24 hF4DXxoViZlp6dISAQdAYwW96YVgfK1Y3Ue1EA3qbE3zw4k4gdTnzWeBB2Ljux4w
25 urG4pwe47rkuq3e1TMdZxxDeZe0OvLwaZBVfD+eFVUrnLYbkrm4shvrq+6xv70Zm
26 0l4BvG9W6VvUXNyKR0Bl65K/hqm8A7GOBPfB35npsY+1ufeJJYdmxX6n7dL94SX5
27 he4m9JRuiyPrRxomudU5nrWLQwKQk8WtavExfVq6zIlnkhlGerKbxDVEIsFaDleT
28 =7IFo
29 -----END PGP MESSAGE-----
30 fp: 30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51
31 unencrypted_suffix: _unencrypted 29 unencrypted_suffix: _unencrypted
32 version: 3.7.1 30 version: 3.7.1