auto: bootstrapping sparky

This commit is contained in:
Sam 2024-05-26 13:23:35 +01:00
parent 15291a162d
commit 7bb5689128
4 changed files with 10 additions and 10 deletions

View File

@ -228,11 +228,11 @@
"nix-secrets": { "nix-secrets": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1716725770, "lastModified": 1716726210,
"narHash": "sha256-8dyp5ZjwGUVRpyUMbmc51a/YR6mP2kqXt4gWGwaiNqA=", "narHash": "sha256-usCA/GuvvERo5tcSIYFet5sF0GhKdewcbHfJNNsnNrw=",
"ref": "refs/heads/master", "ref": "refs/heads/master",
"rev": "e79bdf9bdf923f57e1598637c39b2411f43e4388", "rev": "2cead67c686ddfb8c5c450ab5b56c545b661005c",
"revCount": 38, "revCount": 39,
"type": "git", "type": "git",
"url": "ssh://git@git.bitlab21.com/sam/nix-secrets.git" "url": "ssh://git@git.bitlab21.com/sam/nix-secrets.git"
}, },

View File

@ -3,6 +3,7 @@ let
pubKeys = lib.filesystem.listFilesRecursive (../common/users/keys); pubKeys = lib.filesystem.listFilesRecursive (../common/users/keys);
secretsDirectory = builtins.toString inputs.nix-secrets; secretsDirectory = builtins.toString inputs.nix-secrets;
secretsFile = "${secretsDirectory}/secrets.yaml"; secretsFile = "${secretsDirectory}/secrets.yaml";
sopsHashedPasswordFile = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."passwords/root".path;
in in
{ {
imports = imports =
@ -10,7 +11,7 @@ in
# Disk configuration # Disk configuration
inputs.sops-nix.nixosModules.sops inputs.sops-nix.nixosModules.sops
inputs.disko.nixosModules.disko inputs.disko.nixosModules.disko
(import ../common/disks/luks-btrfs-subvolumes.nix { device = "/dev/vda"; }) (import ../common/disks/luks-btrfs-subvolumes.nix { device = "/dev/vda"; keyFile = "${sopsHashedPasswordFile}"; })
../common/optional/btrfs-impermanence.nix ../common/optional/btrfs-impermanence.nix
inputs.impermanence.nixosModules.impermanence inputs.impermanence.nixosModules.impermanence

View File

@ -1,6 +1,5 @@
{lib, inputs, config, device ? throw "Must define a device, e.g. /dev/sda", ...}: {device ? throw "Must define a device, e.g. /dev/sda", keyFile ? throw "LUKS password file not specified"}:
let let
sopsHashedPasswordFile = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."passwords/root".path;
in in
{ {
disko.devices = { disko.devices = {
@ -32,7 +31,7 @@ in
#passwordFile = "/tmp/secret.key"; # Interactive #passwordFile = "/tmp/secret.key"; # Interactive
settings = { settings = {
allowDiscards = true; allowDiscards = true;
keyFile = "${sopsHashedPasswordFile}"; inherit keyFile;
}; };
content = { content = {
type = "btrfs"; type = "btrfs";

View File

@ -1,10 +1,10 @@
{ inputs, config, lib, pkgs, outputs,... }: { inputs, config, lib, pkgs, outputs,... }:
let let
dev = "/dev/vda"; dev = "/dev/vda";
in in
{ {
imports = imports =
[ [
# Disk configuration # Disk configuration
inputs.disko.nixosModules.disko inputs.disko.nixosModules.disko
(import ../common/disks/std-disk-config.nix { device = dev; }) (import ../common/disks/std-disk-config.nix { device = dev; })