materus
/
nixos-config
mirror of https://github.com/materusPL/nixos-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

materusPC & Old-materusPC: set "/materus" as needed for boot to fix sops

This commit is contained in:
Mateusz Słodkowicz 2024-04-19 19:54:06 +02:00
parent d90b32d282
commit fd3599f7f3
Signed by: materus
GPG Key ID: 28D140BCA60B4FD1
4 changed files with 13 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
configurations/host/Old-materusPC/hardware-configuration.nix
View File

@ -34,6 +34,8 @@
device = "/dev/disk/by-label/NixOS_Root"; device = "/dev/disk/by-label/NixOS_Root";
fsType = "btrfs"; fsType = "btrfs";
options = [ "subvol=@materus" "noatime" "compress=zstd" "ssd" "space_cache=v2" ]; options = [ "subvol=@materus" "noatime" "compress=zstd" "ssd" "space_cache=v2" ];
neededForBoot = true;
}; };
fileSystems."/nix" = fileSystems."/nix" =
@ -71,6 +73,7 @@
device = "/materus/config/nixos-config"; device = "/materus/config/nixos-config";
fsType = "none"; fsType = "none";
options = [ "bind" ]; options = [ "bind" ];
depends = [ "/materus" ];
}; };

2
configurations/host/materusPC/hardware/filesystem.nix
View File

@ -17,6 +17,7 @@
device = "/materus/config/nixos-config"; device = "/materus/config/nixos-config";
fsType = "none"; fsType = "none";
options = [ "bind" ]; options = [ "bind" ];
depends = [ "/materus" ];
}; };
@ -25,6 +26,7 @@
device = "/dev/disk/by-label/NixOS_Root"; device = "/dev/disk/by-label/NixOS_Root";
fsType = "btrfs"; fsType = "btrfs";
options = [ "subvol=@materus" "noatime" "compress=zstd" "ssd" "space_cache=v2" ]; options = [ "subvol=@materus" "noatime" "compress=zstd" "ssd" "space_cache=v2" ];
neededForBoot = true;
}; };
fileSystems."/" = fileSystems."/" =

10
configurations/host/materusPC/network.nix
View File

@ -1,5 +1,9 @@
{ config, pkgs, lib, materusArg, ... }: { config, pkgs, lib, materusArg, ... }:
{ {
sops.templates."networkmanager.env".content = ''
WIREGUARD_PRIVATEKEY="${config.sops.placeholder.wireguard}"
'';
networking.useDHCP = lib.mkDefault true; networking.useDHCP = lib.mkDefault true;
networking.hostName = "materusPC"; networking.hostName = "materusPC";
networking.wireless.iwd.enable = true; networking.wireless.iwd.enable = true;
@ -13,9 +17,7 @@
[connectivity] [connectivity]
uri=http://nmcheck.gnome.org/check_network_status.txt uri=http://nmcheck.gnome.org/check_network_status.txt
''; '';
sops.templates."networkmanager.env".content = ''
WIREGUARD_PRIVATEKEY="${config.sops.placeholder.wireguard}"
'';
networking.networkmanager.ensureProfiles.environmentFiles = [ networking.networkmanager.ensureProfiles.environmentFiles = [
config.sops.templates."networkmanager.env".path config.sops.templates."networkmanager.env".path
]; ];
@ -34,7 +36,7 @@
allowed-ips = "${materusArg.ip-masks.wireguard.general};"; allowed-ips = "${materusArg.ip-masks.wireguard.general};";
}; };
ipv4 = { ipv4 = {
address1 = "${materusArg.ips.wireguard.materusPC}/23"; address1 = "${materusArg.ips.wireguard.materusPC}/23";
dns = "${materusArg.ips.wireguard.valkyrie};"; dns = "${materusArg.ips.wireguard.valkyrie};";
method = "manual"; method = "manual";
never-default = "true"; never-default = "true";

4
configurations/host/materusPC/secrets/default.nix
View File

@ -8,8 +8,9 @@
sops.age.generateKey = false; sops.age.generateKey = false;
sops.gnupg.home = null; sops.gnupg.home = null;
sops.gnupg.sshKeyPaths = [ ]; sops.gnupg.sshKeyPaths = [ ];
sops.age.sshKeyPaths = [ "/materus/root/ssh_host_ed25519_key" ];
sops.defaultSopsFile = materusCfg.hostPath + "/secrets/secrets.yaml"; sops.defaultSopsFile = materusCfg.hostPath + "/secrets/secrets.yaml";
sops.secrets."users/materus" = { }; sops.secrets."users/materus" = { neededForUsers = true; };
sops.secrets.wireguard = { }; sops.secrets.wireguard = { };
services.openssh.hostKeys = [ services.openssh.hostKeys = [
@ -23,5 +24,4 @@
type = "ed25519"; type = "ed25519";
} }
]; ];
} }