auto: bootstrapping sparky
This commit is contained in:
parent
15291a162d
commit
7bb5689128
|
@ -228,11 +228,11 @@
|
|||
"nix-secrets": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1716725770,
|
||||
"narHash": "sha256-8dyp5ZjwGUVRpyUMbmc51a/YR6mP2kqXt4gWGwaiNqA=",
|
||||
"lastModified": 1716726210,
|
||||
"narHash": "sha256-usCA/GuvvERo5tcSIYFet5sF0GhKdewcbHfJNNsnNrw=",
|
||||
"ref": "refs/heads/master",
|
||||
"rev": "e79bdf9bdf923f57e1598637c39b2411f43e4388",
|
||||
"revCount": 38,
|
||||
"rev": "2cead67c686ddfb8c5c450ab5b56c545b661005c",
|
||||
"revCount": 39,
|
||||
"type": "git",
|
||||
"url": "ssh://git@git.bitlab21.com/sam/nix-secrets.git"
|
||||
},
|
||||
|
|
|
@ -3,6 +3,7 @@ let
|
|||
pubKeys = lib.filesystem.listFilesRecursive (../common/users/keys);
|
||||
secretsDirectory = builtins.toString inputs.nix-secrets;
|
||||
secretsFile = "${secretsDirectory}/secrets.yaml";
|
||||
sopsHashedPasswordFile = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."passwords/root".path;
|
||||
in
|
||||
{
|
||||
imports =
|
||||
|
@ -10,7 +11,7 @@ in
|
|||
# Disk configuration
|
||||
inputs.sops-nix.nixosModules.sops
|
||||
inputs.disko.nixosModules.disko
|
||||
(import ../common/disks/luks-btrfs-subvolumes.nix { device = "/dev/vda"; })
|
||||
(import ../common/disks/luks-btrfs-subvolumes.nix { device = "/dev/vda"; keyFile = "${sopsHashedPasswordFile}"; })
|
||||
../common/optional/btrfs-impermanence.nix
|
||||
inputs.impermanence.nixosModules.impermanence
|
||||
|
||||
|
|
|
@ -1,6 +1,5 @@
|
|||
{lib, inputs, config, device ? throw "Must define a device, e.g. /dev/sda", ...}:
|
||||
{device ? throw "Must define a device, e.g. /dev/sda", keyFile ? throw "LUKS password file not specified"}:
|
||||
let
|
||||
sopsHashedPasswordFile = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."passwords/root".path;
|
||||
in
|
||||
{
|
||||
disko.devices = {
|
||||
|
@ -32,7 +31,7 @@ in
|
|||
#passwordFile = "/tmp/secret.key"; # Interactive
|
||||
settings = {
|
||||
allowDiscards = true;
|
||||
keyFile = "${sopsHashedPasswordFile}";
|
||||
inherit keyFile;
|
||||
};
|
||||
content = {
|
||||
type = "btrfs";
|
||||
|
|
Loading…
Reference in New Issue