deploy key added in hosts
This commit is contained in:
parent
91eda4f7cd
commit
0f83b32f2b
26
flake.lock
26
flake.lock
|
@ -278,11 +278,11 @@
|
||||||
"nix-secrets": {
|
"nix-secrets": {
|
||||||
"flake": false,
|
"flake": false,
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1719333598,
|
"lastModified": 1719345965,
|
||||||
"narHash": "sha256-f587IOaoY3UYHzXzVPsfexkZ82N3UXPTNQths8+a8TA=",
|
"narHash": "sha256-ZxnKEatJu/wVxLy0M7UnCVvemU3P5vVvVoueAR289fk=",
|
||||||
"ref": "refs/heads/master",
|
"ref": "refs/heads/master",
|
||||||
"rev": "53dcdfe690d3393a16c3e110c1c183d0ec1d6711",
|
"rev": "24db3bffa6b914d0389ff801c054dd48535872a4",
|
||||||
"revCount": 116,
|
"revCount": 121,
|
||||||
"type": "git",
|
"type": "git",
|
||||||
"url": "ssh://git@git.bitlab21.com/sam/nix-secrets.git"
|
"url": "ssh://git@git.bitlab21.com/sam/nix-secrets.git"
|
||||||
},
|
},
|
||||||
|
@ -340,11 +340,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs-unstable": {
|
"nixpkgs-unstable": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1719075281,
|
"lastModified": 1719254875,
|
||||||
"narHash": "sha256-CyyxvOwFf12I91PBWz43iGT1kjsf5oi6ax7CrvaMyAo=",
|
"narHash": "sha256-ECni+IkwXjusHsm9Sexdtq8weAq/yUyt1TWIemXt3Ko=",
|
||||||
"owner": "nixos",
|
"owner": "nixos",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "a71e967ef3694799d0c418c98332f7ff4cc5f6af",
|
"rev": "2893f56de08021cffd9b6b6dfc70fd9ccd51eb60",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -368,11 +368,11 @@
|
||||||
"treefmt-nix": "treefmt-nix"
|
"treefmt-nix": "treefmt-nix"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1719131261,
|
"lastModified": 1719340721,
|
||||||
"narHash": "sha256-rtcRg/aaZ72Fb7NCFz87ATvmS7LyHKbkY9gwJRqhJK8=",
|
"narHash": "sha256-SfjI1Ir3Zs7w5lXXsmJ/MhB3V1Z1gHl9K2dFaEiy/GM=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "nixvim",
|
"repo": "nixvim",
|
||||||
"rev": "066485bf4c4cd83f01a75d46556ba2037e716604",
|
"rev": "1fdbf40c177fc2edfcd3c63fadf4a6f596edc6af",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -384,11 +384,11 @@
|
||||||
},
|
},
|
||||||
"nur": {
|
"nur": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1719326701,
|
"lastModified": 1719344711,
|
||||||
"narHash": "sha256-IDEPbakCvjk61uX19cnmSB8fsdFTmMe5Wt4bCyIUGdA=",
|
"narHash": "sha256-k389PPp1HG9xk3yXn4Q/eAY/K+qm/+kbHLq9hfo+m14=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "NUR",
|
"repo": "NUR",
|
||||||
"rev": "a331f41142ed524ce58ed0df1c72a7d0b13ec867",
|
"rev": "85596df878b1b71a54e1de3835ac6135c1bb8744",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
|
@ -29,5 +29,5 @@
|
||||||
libqalculate
|
libqalculate
|
||||||
;
|
;
|
||||||
};
|
};
|
||||||
home.stateVersion = "24.04";
|
home.stateVersion = "24.05";
|
||||||
}
|
}
|
||||||
|
|
|
@ -8,7 +8,6 @@
|
||||||
|
|
||||||
# Import optional
|
# Import optional
|
||||||
./common/optional/git.nix
|
./common/optional/git.nix
|
||||||
./common/optional/sops.nix
|
|
||||||
|
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{device ? throw "Must define a device, e.g. /dev/sda"}:
|
{device ? throw "Must define a devices, e.g. /dev/sda"}:
|
||||||
{
|
{
|
||||||
disko.devices = {
|
disko.devices = {
|
||||||
disk = {
|
disk = {
|
||||||
|
|
|
@ -0,0 +1,76 @@
|
||||||
|
{device ? throw "Must define a devices, e.g. /dev/sda"}:
|
||||||
|
{
|
||||||
|
disko.devices = {
|
||||||
|
disk = {
|
||||||
|
b = {
|
||||||
|
type = "disk";
|
||||||
|
device = "/dev/vdb";
|
||||||
|
content = {
|
||||||
|
type = "gpt";
|
||||||
|
partitions = {
|
||||||
|
zfs = {
|
||||||
|
size = "100%";
|
||||||
|
content = {
|
||||||
|
type = "zfs";
|
||||||
|
pool = "zroot";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
c = {
|
||||||
|
type = "disk";
|
||||||
|
device = "/dev/vdc";
|
||||||
|
content = {
|
||||||
|
type = "gpt";
|
||||||
|
partitions = {
|
||||||
|
zfs = {
|
||||||
|
size = "100%";
|
||||||
|
content = {
|
||||||
|
type = "zfs";
|
||||||
|
pool = "zroot";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
zpool = {
|
||||||
|
zroot = {
|
||||||
|
type = "zpool";
|
||||||
|
mode = "mirror";
|
||||||
|
rootFsOptions = {
|
||||||
|
compression = "zstd";
|
||||||
|
"com.sun:auto-snapshot" = "false";
|
||||||
|
};
|
||||||
|
mountpoint = "/";
|
||||||
|
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot@blank$' || zfs snapshot zroot@blank";
|
||||||
|
|
||||||
|
datasets = {
|
||||||
|
zfs_fs = {
|
||||||
|
type = "zfs_fs";
|
||||||
|
mountpoint = "/zfs_fs";
|
||||||
|
options."com.sun:auto-snapshot" = "true";
|
||||||
|
};
|
||||||
|
encrypted = {
|
||||||
|
type = "zfs_fs";
|
||||||
|
options = {
|
||||||
|
mountpoint = "none";
|
||||||
|
encryption = "aes-256-gcm";
|
||||||
|
keyformat = "passphrase";
|
||||||
|
keylocation = "file:///tmp/secret.key";
|
||||||
|
};
|
||||||
|
# use this to read the key during boot
|
||||||
|
# postCreateHook = ''
|
||||||
|
# zfs set keylocation="prompt" "zroot/$name";
|
||||||
|
# '';
|
||||||
|
};
|
||||||
|
"encrypted/test" = {
|
||||||
|
type = "zfs_fs";
|
||||||
|
mountpoint = "/zfs_crypted";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -15,14 +15,9 @@ in
|
||||||
hashedPasswordFile = sopsHashedPasswordFile;
|
hashedPasswordFile = sopsHashedPasswordFile;
|
||||||
openssh.authorizedKeys.keys = lib.lists.forEach pubKeys (key: builtins.readFile key);
|
openssh.authorizedKeys.keys = lib.lists.forEach pubKeys (key: builtins.readFile key);
|
||||||
|
|
||||||
extraGroups =
|
extraGroups = ["wheel"];
|
||||||
[
|
|
||||||
"wheel"
|
|
||||||
];
|
|
||||||
|
|
||||||
packages = with pkgs; [
|
packages = with pkgs; [
|
||||||
flatpak
|
|
||||||
gnome.gnome-software
|
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -41,6 +36,11 @@ in
|
||||||
mode = "0644";
|
mode = "0644";
|
||||||
owner = "${username}";
|
owner = "${username}";
|
||||||
};
|
};
|
||||||
|
"ssh_keys/deploy_key/id_ed25519" = {
|
||||||
|
path = "/home/${username}/.ssh/deploy_key-ssh-ed25519";
|
||||||
|
mode = "0644";
|
||||||
|
owner = "${username}";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
programs.zsh.enable = true;
|
programs.zsh.enable = true;
|
||||||
|
|
Loading…
Reference in New Issue