auto: bootstrapping sparky
This commit is contained in:
parent
15291a162d
commit
7bb5689128
|
|
@ -228,11 +228,11 @@
|
||||||
"nix-secrets": {
|
"nix-secrets": {
|
||||||
"flake": false,
|
"flake": false,
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1716725770,
|
"lastModified": 1716726210,
|
||||||
"narHash": "sha256-8dyp5ZjwGUVRpyUMbmc51a/YR6mP2kqXt4gWGwaiNqA=",
|
"narHash": "sha256-usCA/GuvvERo5tcSIYFet5sF0GhKdewcbHfJNNsnNrw=",
|
||||||
"ref": "refs/heads/master",
|
"ref": "refs/heads/master",
|
||||||
"rev": "e79bdf9bdf923f57e1598637c39b2411f43e4388",
|
"rev": "2cead67c686ddfb8c5c450ab5b56c545b661005c",
|
||||||
"revCount": 38,
|
"revCount": 39,
|
||||||
"type": "git",
|
"type": "git",
|
||||||
"url": "ssh://git@git.bitlab21.com/sam/nix-secrets.git"
|
"url": "ssh://git@git.bitlab21.com/sam/nix-secrets.git"
|
||||||
},
|
},
|
||||||
|
|
|
||||||
|
|
@ -3,6 +3,7 @@ let
|
||||||
pubKeys = lib.filesystem.listFilesRecursive (../common/users/keys);
|
pubKeys = lib.filesystem.listFilesRecursive (../common/users/keys);
|
||||||
secretsDirectory = builtins.toString inputs.nix-secrets;
|
secretsDirectory = builtins.toString inputs.nix-secrets;
|
||||||
secretsFile = "${secretsDirectory}/secrets.yaml";
|
secretsFile = "${secretsDirectory}/secrets.yaml";
|
||||||
|
sopsHashedPasswordFile = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."passwords/root".path;
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
imports =
|
imports =
|
||||||
|
|
@ -10,7 +11,7 @@ in
|
||||||
# Disk configuration
|
# Disk configuration
|
||||||
inputs.sops-nix.nixosModules.sops
|
inputs.sops-nix.nixosModules.sops
|
||||||
inputs.disko.nixosModules.disko
|
inputs.disko.nixosModules.disko
|
||||||
(import ../common/disks/luks-btrfs-subvolumes.nix { device = "/dev/vda"; })
|
(import ../common/disks/luks-btrfs-subvolumes.nix { device = "/dev/vda"; keyFile = "${sopsHashedPasswordFile}"; })
|
||||||
../common/optional/btrfs-impermanence.nix
|
../common/optional/btrfs-impermanence.nix
|
||||||
inputs.impermanence.nixosModules.impermanence
|
inputs.impermanence.nixosModules.impermanence
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,5 @@
|
||||||
{lib, inputs, config, device ? throw "Must define a device, e.g. /dev/sda", ...}:
|
{device ? throw "Must define a device, e.g. /dev/sda", keyFile ? throw "LUKS password file not specified"}:
|
||||||
let
|
let
|
||||||
sopsHashedPasswordFile = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."passwords/root".path;
|
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
disko.devices = {
|
disko.devices = {
|
||||||
|
|
@ -32,7 +31,7 @@ in
|
||||||
#passwordFile = "/tmp/secret.key"; # Interactive
|
#passwordFile = "/tmp/secret.key"; # Interactive
|
||||||
settings = {
|
settings = {
|
||||||
allowDiscards = true;
|
allowDiscards = true;
|
||||||
keyFile = "${sopsHashedPasswordFile}";
|
inherit keyFile;
|
||||||
};
|
};
|
||||||
content = {
|
content = {
|
||||||
type = "btrfs";
|
type = "btrfs";
|
||||||
|
|
|
||||||
|
|
@ -1,10 +1,10 @@
|
||||||
{ inputs, config, lib, pkgs, outputs,... }:
|
{ inputs, config, lib, pkgs, outputs,... }:
|
||||||
let
|
let
|
||||||
dev = "/dev/vda";
|
dev = "/dev/vda";
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
imports =
|
imports =
|
||||||
[
|
[
|
||||||
# Disk configuration
|
# Disk configuration
|
||||||
inputs.disko.nixosModules.disko
|
inputs.disko.nixosModules.disko
|
||||||
(import ../common/disks/std-disk-config.nix { device = dev; })
|
(import ../common/disks/std-disk-config.nix { device = dev; })
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue