auto: bootstrapping sparky

This commit is contained in:
Sam 2024-05-26 13:23:35 +01:00
parent 15291a162d
commit 7bb5689128
4 changed files with 10 additions and 10 deletions

View File

@ -228,11 +228,11 @@
"nix-secrets": {
"flake": false,
"locked": {
"lastModified": 1716725770,
"narHash": "sha256-8dyp5ZjwGUVRpyUMbmc51a/YR6mP2kqXt4gWGwaiNqA=",
"lastModified": 1716726210,
"narHash": "sha256-usCA/GuvvERo5tcSIYFet5sF0GhKdewcbHfJNNsnNrw=",
"ref": "refs/heads/master",
"rev": "e79bdf9bdf923f57e1598637c39b2411f43e4388",
"revCount": 38,
"rev": "2cead67c686ddfb8c5c450ab5b56c545b661005c",
"revCount": 39,
"type": "git",
"url": "ssh://git@git.bitlab21.com/sam/nix-secrets.git"
},

View File

@ -3,6 +3,7 @@ let
pubKeys = lib.filesystem.listFilesRecursive (../common/users/keys);
secretsDirectory = builtins.toString inputs.nix-secrets;
secretsFile = "${secretsDirectory}/secrets.yaml";
sopsHashedPasswordFile = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."passwords/root".path;
in
{
imports =
@ -10,7 +11,7 @@ in
# Disk configuration
inputs.sops-nix.nixosModules.sops
inputs.disko.nixosModules.disko
(import ../common/disks/luks-btrfs-subvolumes.nix { device = "/dev/vda"; })
(import ../common/disks/luks-btrfs-subvolumes.nix { device = "/dev/vda"; keyFile = "${sopsHashedPasswordFile}"; })
../common/optional/btrfs-impermanence.nix
inputs.impermanence.nixosModules.impermanence

View File

@ -1,6 +1,5 @@
{lib, inputs, config, device ? throw "Must define a device, e.g. /dev/sda", ...}:
{device ? throw "Must define a device, e.g. /dev/sda", keyFile ? throw "LUKS password file not specified"}:
let
sopsHashedPasswordFile = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."passwords/root".path;
in
{
disko.devices = {
@ -32,7 +31,7 @@ in
#passwordFile = "/tmp/secret.key"; # Interactive
settings = {
allowDiscards = true;
keyFile = "${sopsHashedPasswordFile}";
inherit keyFile;
};
content = {
type = "btrfs";