sam
/
nixos
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

deploy key added in hosts

This commit is contained in:
mrsu 2024-06-25 22:04:28 +01:00
parent 91eda4f7cd
commit 0f83b32f2b
6 changed files with 97 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
flake.lock
View File

@ -278,11 +278,11 @@
"nix-secrets": { "nix-secrets": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1719333598, "lastModified": 1719345965,
"narHash": "sha256-f587IOaoY3UYHzXzVPsfexkZ82N3UXPTNQths8+a8TA=", "narHash": "sha256-ZxnKEatJu/wVxLy0M7UnCVvemU3P5vVvVoueAR289fk=",
"ref": "refs/heads/master", "ref": "refs/heads/master",
"rev": "53dcdfe690d3393a16c3e110c1c183d0ec1d6711", "rev": "24db3bffa6b914d0389ff801c054dd48535872a4",
"revCount": 116, "revCount": 121,
"type": "git", "type": "git",
"url": "ssh://git@git.bitlab21.com/sam/nix-secrets.git" "url": "ssh://git@git.bitlab21.com/sam/nix-secrets.git"
}, },
@ -340,11 +340,11 @@
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1719075281, "lastModified": 1719254875,
"narHash": "sha256-CyyxvOwFf12I91PBWz43iGT1kjsf5oi6ax7CrvaMyAo=", "narHash": "sha256-ECni+IkwXjusHsm9Sexdtq8weAq/yUyt1TWIemXt3Ko=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "a71e967ef3694799d0c418c98332f7ff4cc5f6af", "rev": "2893f56de08021cffd9b6b6dfc70fd9ccd51eb60",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -368,11 +368,11 @@
"treefmt-nix": "treefmt-nix" "treefmt-nix": "treefmt-nix"
}, },
"locked": { "locked": {
"lastModified": 1719131261, "lastModified": 1719340721,
"narHash": "sha256-rtcRg/aaZ72Fb7NCFz87ATvmS7LyHKbkY9gwJRqhJK8=", "narHash": "sha256-SfjI1Ir3Zs7w5lXXsmJ/MhB3V1Z1gHl9K2dFaEiy/GM=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixvim", "repo": "nixvim",
"rev": "066485bf4c4cd83f01a75d46556ba2037e716604", "rev": "1fdbf40c177fc2edfcd3c63fadf4a6f596edc6af",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -384,11 +384,11 @@
}, },
"nur": { "nur": {
"locked": { "locked": {
"lastModified": 1719326701, "lastModified": 1719344711,
"narHash": "sha256-IDEPbakCvjk61uX19cnmSB8fsdFTmMe5Wt4bCyIUGdA=", "narHash": "sha256-k389PPp1HG9xk3yXn4Q/eAY/K+qm/+kbHLq9hfo+m14=",
"owner": "nix-community", "owner": "nix-community",
"repo": "NUR", "repo": "NUR",
"rev": "a331f41142ed524ce58ed0df1c72a7d0b13ec867", "rev": "85596df878b1b71a54e1de3835ac6135c1bb8744",
"type": "github" "type": "github"
}, },
"original": { "original": {

2
home/common/core/default.nix
View File

@ -29,5 +29,5 @@
libqalculate libqalculate
; ;
}; };
home.stateVersion = "24.04"; home.stateVersion = "24.05";
} }

1
home/overseer.nix
View File

@ -8,7 +8,6 @@
# Import optional # Import optional
./common/optional/git.nix ./common/optional/git.nix
./common/optional/sops.nix
]; ];
} }

2
hosts/common/disks/btrfs-luks.nix
View File

@ -1,4 +1,4 @@
{device ? throw "Must define a device, e.g. /dev/sda"}: {device ? throw "Must define a devices, e.g. /dev/sda"}:
{ {
disko.devices = { disko.devices = {
disk = { disk = {

76
hosts/common/disks/zfs.nix Normal file
View File

@ -0,0 +1,76 @@
{device ? throw "Must define a devices, e.g. /dev/sda"}:
{
disko.devices = {
disk = {
b = {
type = "disk";
device = "/dev/vdb";
content = {
type = "gpt";
partitions = {
zfs = {
size = "100%";
content = {
type = "zfs";
pool = "zroot";
};
};
};
};
};
c = {
type = "disk";
device = "/dev/vdc";
content = {
type = "gpt";
partitions = {
zfs = {
size = "100%";
content = {
type = "zfs";
pool = "zroot";
};
};
};
};
};
};
zpool = {
zroot = {
type = "zpool";
mode = "mirror";
rootFsOptions = {
compression = "zstd";
"com.sun:auto-snapshot" = "false";
};
mountpoint = "/";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot@blank$' || zfs snapshot zroot@blank";
datasets = {
zfs_fs = {
type = "zfs_fs";
mountpoint = "/zfs_fs";
options."com.sun:auto-snapshot" = "true";
};
encrypted = {
type = "zfs_fs";
options = {
mountpoint = "none";
encryption = "aes-256-gcm";
keyformat = "passphrase";
keylocation = "file:///tmp/secret.key";
};
# use this to read the key during boot
# postCreateHook = ''
# zfs set keylocation="prompt" "zroot/$name";
# '';
};
"encrypted/test" = {
type = "zfs_fs";
mountpoint = "/zfs_crypted";
};
};
};
};
};
}

12
hosts/common/users/admin/default.nix
View File

@ -15,14 +15,9 @@ in
hashedPasswordFile = sopsHashedPasswordFile; hashedPasswordFile = sopsHashedPasswordFile;
openssh.authorizedKeys.keys = lib.lists.forEach pubKeys (key: builtins.readFile key); openssh.authorizedKeys.keys = lib.lists.forEach pubKeys (key: builtins.readFile key);
extraGroups = extraGroups = ["wheel"];
[
"wheel"
];
packages = with pkgs; [ packages = with pkgs; [
flatpak
gnome.gnome-software
]; ];
}; };
@ -41,6 +36,11 @@ in
mode = "0644"; mode = "0644";
owner = "${username}"; owner = "${username}";
}; };
"ssh_keys/deploy_key/id_ed25519" = {
path = "/home/${username}/.ssh/deploy_key-ssh-ed25519";
mode = "0644";
owner = "${username}";
};
}; };
programs.zsh.enable = true; programs.zsh.enable = true;