From fd3599f7f3c1a0ae283e6c9f20837273f6f3468a Mon Sep 17 00:00:00 2001 From: materus Date: Fri, 19 Apr 2024 19:54:06 +0200 Subject: [PATCH] materusPC & Old-materusPC: set "/materus" as needed for boot to fix sops --- .../host/Old-materusPC/hardware-configuration.nix | 3 +++ configurations/host/materusPC/hardware/filesystem.nix | 2 ++ configurations/host/materusPC/network.nix | 10 ++++++---- configurations/host/materusPC/secrets/default.nix | 4 ++-- 4 files changed, 13 insertions(+), 6 deletions(-) diff --git a/configurations/host/Old-materusPC/hardware-configuration.nix b/configurations/host/Old-materusPC/hardware-configuration.nix index de1c6c1..f29f9bc 100755 --- a/configurations/host/Old-materusPC/hardware-configuration.nix +++ b/configurations/host/Old-materusPC/hardware-configuration.nix @@ -34,6 +34,8 @@ device = "/dev/disk/by-label/NixOS_Root"; fsType = "btrfs"; options = [ "subvol=@materus" "noatime" "compress=zstd" "ssd" "space_cache=v2" ]; + neededForBoot = true; + }; fileSystems."/nix" = @@ -71,6 +73,7 @@ device = "/materus/config/nixos-config"; fsType = "none"; options = [ "bind" ]; + depends = [ "/materus" ]; }; diff --git a/configurations/host/materusPC/hardware/filesystem.nix b/configurations/host/materusPC/hardware/filesystem.nix index 34a1349..14f76f7 100644 --- a/configurations/host/materusPC/hardware/filesystem.nix +++ b/configurations/host/materusPC/hardware/filesystem.nix @@ -17,6 +17,7 @@ device = "/materus/config/nixos-config"; fsType = "none"; options = [ "bind" ]; + depends = [ "/materus" ]; }; @@ -25,6 +26,7 @@ device = "/dev/disk/by-label/NixOS_Root"; fsType = "btrfs"; options = [ "subvol=@materus" "noatime" "compress=zstd" "ssd" "space_cache=v2" ]; + neededForBoot = true; }; fileSystems."/" = diff --git a/configurations/host/materusPC/network.nix b/configurations/host/materusPC/network.nix index 10a0a56..a90f42a 100644 --- a/configurations/host/materusPC/network.nix +++ b/configurations/host/materusPC/network.nix @@ -1,5 +1,9 @@ { config, pkgs, lib, materusArg, ... }: { + sops.templates."networkmanager.env".content = '' + WIREGUARD_PRIVATEKEY="${config.sops.placeholder.wireguard}" + ''; + networking.useDHCP = lib.mkDefault true; networking.hostName = "materusPC"; networking.wireless.iwd.enable = true; @@ -13,9 +17,7 @@ [connectivity] uri=http://nmcheck.gnome.org/check_network_status.txt ''; - sops.templates."networkmanager.env".content = '' - WIREGUARD_PRIVATEKEY="${config.sops.placeholder.wireguard}" - ''; + networking.networkmanager.ensureProfiles.environmentFiles = [ config.sops.templates."networkmanager.env".path ]; @@ -34,7 +36,7 @@ allowed-ips = "${materusArg.ip-masks.wireguard.general};"; }; ipv4 = { - address1 = "${materusArg.ips.wireguard.materusPC}/23"; + address1 = "${materusArg.ips.wireguard.materusPC}/23"; dns = "${materusArg.ips.wireguard.valkyrie};"; method = "manual"; never-default = "true"; diff --git a/configurations/host/materusPC/secrets/default.nix b/configurations/host/materusPC/secrets/default.nix index 0f5657e..8cfcae1 100644 --- a/configurations/host/materusPC/secrets/default.nix +++ b/configurations/host/materusPC/secrets/default.nix @@ -8,8 +8,9 @@ sops.age.generateKey = false; sops.gnupg.home = null; sops.gnupg.sshKeyPaths = [ ]; + sops.age.sshKeyPaths = [ "/materus/root/ssh_host_ed25519_key" ]; sops.defaultSopsFile = materusCfg.hostPath + "/secrets/secrets.yaml"; - sops.secrets."users/materus" = { }; + sops.secrets."users/materus" = { neededForUsers = true; }; sops.secrets.wireguard = { }; services.openssh.hostKeys = [ @@ -23,5 +24,4 @@ type = "ed25519"; } ]; - }