deploy key added in hosts

2024-06-25 22:04:28 +01:00 · 2024-06-25 22:04:28 +01:00 · 0f83b32f2b
parent 91eda4f7cd
commit 0f83b32f2b
6 changed files with 97 additions and 22 deletions
--- a/flake.lock
+++ b/flake.lock
@ -278,11 +278,11 @@
    "nix-secrets": {
      "flake": false,
      "locked": {
-        "lastModified": 1719333598,
-        "narHash": "sha256-f587IOaoY3UYHzXzVPsfexkZ82N3UXPTNQths8+a8TA=",
+        "lastModified": 1719345965,
+        "narHash": "sha256-ZxnKEatJu/wVxLy0M7UnCVvemU3P5vVvVoueAR289fk=",
        "ref": "refs/heads/master",
-        "rev": "53dcdfe690d3393a16c3e110c1c183d0ec1d6711",
-        "revCount": 116,
+        "rev": "24db3bffa6b914d0389ff801c054dd48535872a4",
+        "revCount": 121,
        "type": "git",
        "url": "ssh://git@git.bitlab21.com/sam/nix-secrets.git"
      },
@ -340,11 +340,11 @@
    },
    "nixpkgs-unstable": {
      "locked": {
-        "lastModified": 1719075281,
-        "narHash": "sha256-CyyxvOwFf12I91PBWz43iGT1kjsf5oi6ax7CrvaMyAo=",
+        "lastModified": 1719254875,
+        "narHash": "sha256-ECni+IkwXjusHsm9Sexdtq8weAq/yUyt1TWIemXt3Ko=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "a71e967ef3694799d0c418c98332f7ff4cc5f6af",
+        "rev": "2893f56de08021cffd9b6b6dfc70fd9ccd51eb60",
        "type": "github"
      },
      "original": {
@ -368,11 +368,11 @@
        "treefmt-nix": "treefmt-nix"
      },
      "locked": {
-        "lastModified": 1719131261,
-        "narHash": "sha256-rtcRg/aaZ72Fb7NCFz87ATvmS7LyHKbkY9gwJRqhJK8=",
+        "lastModified": 1719340721,
+        "narHash": "sha256-SfjI1Ir3Zs7w5lXXsmJ/MhB3V1Z1gHl9K2dFaEiy/GM=",
        "owner": "nix-community",
        "repo": "nixvim",
-        "rev": "066485bf4c4cd83f01a75d46556ba2037e716604",
+        "rev": "1fdbf40c177fc2edfcd3c63fadf4a6f596edc6af",
        "type": "github"
      },
      "original": {
@ -384,11 +384,11 @@
    },
    "nur": {
      "locked": {
-        "lastModified": 1719326701,
-        "narHash": "sha256-IDEPbakCvjk61uX19cnmSB8fsdFTmMe5Wt4bCyIUGdA=",
+        "lastModified": 1719344711,
+        "narHash": "sha256-k389PPp1HG9xk3yXn4Q/eAY/K+qm/+kbHLq9hfo+m14=",
        "owner": "nix-community",
        "repo": "NUR",
-        "rev": "a331f41142ed524ce58ed0df1c72a7d0b13ec867",
+        "rev": "85596df878b1b71a54e1de3835ac6135c1bb8744",
        "type": "github"
      },
      "original": {
--- a/home/common/core/default.nix
+++ b/home/common/core/default.nix
@ -29,5 +29,5 @@
      libqalculate
      ;
  };
-  home.stateVersion = "24.04";
+  home.stateVersion = "24.05";
 }
--- a/home/overseer.nix
+++ b/home/overseer.nix
@ -8,7 +8,6 @@

    # Import optional
    ./common/optional/git.nix
-    ./common/optional/sops.nix

  ];
 }
--- a/hosts/common/disks/btrfs-luks.nix
+++ b/hosts/common/disks/btrfs-luks.nix
@ -1,4 +1,4 @@
-{device ? throw "Must define a device, e.g. /dev/sda"}:
+{device ? throw "Must define a devices, e.g. /dev/sda"}:
 {
  disko.devices = {
    disk = {
--- a/hosts/common/disks/zfs.nix
+++ b/hosts/common/disks/zfs.nix
@ -0,0 +1,76 @@
+{device ? throw "Must define a devices, e.g. /dev/sda"}:
+{
+  disko.devices = {
+    disk = {
+      b = {
+        type = "disk";
+        device = "/dev/vdb";
+        content = {
+          type = "gpt";
+          partitions = {
+            zfs = {
+              size = "100%";
+              content = {
+                type = "zfs";
+                pool = "zroot";
+              };
+            };
+          };
+        };
+      };
+      c = {
+        type = "disk";
+        device = "/dev/vdc";
+        content = {
+          type = "gpt";
+          partitions = {
+            zfs = {
+              size = "100%";
+              content = {
+                type = "zfs";
+                pool = "zroot";
+              };
+            };
+          };
+        };
+      };
+    };
+    zpool = {
+      zroot = {
+        type = "zpool";
+        mode = "mirror";
+        rootFsOptions = {
+          compression = "zstd";
+          "com.sun:auto-snapshot" = "false";
+        };
+        mountpoint = "/";
+        postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot@blank$' || zfs snapshot zroot@blank";
+
+        datasets = {
+          zfs_fs = {
+            type = "zfs_fs";
+            mountpoint = "/zfs_fs";
+            options."com.sun:auto-snapshot" = "true";
+          };
+          encrypted = {
+            type = "zfs_fs";
+            options = {
+              mountpoint = "none";
+              encryption = "aes-256-gcm";
+              keyformat = "passphrase";
+              keylocation = "file:///tmp/secret.key";
+            };
+            # use this to read the key during boot
+            # postCreateHook = ''
+            #   zfs set keylocation="prompt" "zroot/$name";
+            # '';
+          };
+          "encrypted/test" = {
+            type = "zfs_fs";
+            mountpoint = "/zfs_crypted";
+          };
+        };
+      };
+    };
+  };
+}
--- a/hosts/common/users/admin/default.nix
+++ b/hosts/common/users/admin/default.nix
@ -15,14 +15,9 @@ in
    hashedPasswordFile = sopsHashedPasswordFile;
    openssh.authorizedKeys.keys = lib.lists.forEach pubKeys (key: builtins.readFile key);

-    extraGroups =
-       [  
-         "wheel" 
-       ]; 
+    extraGroups = ["wheel"]; 

    packages = with pkgs; [
-      flatpak
-      gnome.gnome-software
    ];
  };

@ -41,6 +36,11 @@ in
      mode = "0644";
      owner = "${username}";
    };
+    "ssh_keys/deploy_key/id_ed25519" = {
+      path = "/home/${username}/.ssh/deploy_key-ssh-ed25519";
+      mode = "0644";
+      owner = "${username}";
+    };
  };

  programs.zsh.enable = true;