materusPC & Old-materusPC: set "/materus" as needed for boot to fix sops

2024-04-19 19:54:06 +02:00 · 2024-04-19 19:54:06 +02:00 · fd3599f7f3
parent d90b32d282
commit fd3599f7f3
4 changed files with 13 additions and 6 deletions
--- a/configurations/host/Old-materusPC/hardware-configuration.nix
+++ b/configurations/host/Old-materusPC/hardware-configuration.nix
@ -34,6 +34,8 @@
      device = "/dev/disk/by-label/NixOS_Root";
      fsType = "btrfs";
      options = [ "subvol=@materus" "noatime" "compress=zstd" "ssd" "space_cache=v2" ];
+      neededForBoot = true;
+
    };

  fileSystems."/nix" =
@ -71,6 +73,7 @@
      device = "/materus/config/nixos-config";
      fsType = "none";
      options = [ "bind" ];
+      depends = [ "/materus" ];
    };


--- a/configurations/host/materusPC/hardware/filesystem.nix
+++ b/configurations/host/materusPC/hardware/filesystem.nix
@ -17,6 +17,7 @@
      device = "/materus/config/nixos-config";
      fsType = "none";
      options = [ "bind" ];
+      depends = [ "/materus" ];
    };


@ -25,6 +26,7 @@
      device = "/dev/disk/by-label/NixOS_Root";
      fsType = "btrfs";
      options = [ "subvol=@materus" "noatime" "compress=zstd" "ssd" "space_cache=v2" ];
+      neededForBoot = true;
    };

  fileSystems."/" =
--- a/configurations/host/materusPC/network.nix
+++ b/configurations/host/materusPC/network.nix
@ -1,5 +1,9 @@
 { config, pkgs, lib, materusArg, ... }:
 {
+  sops.templates."networkmanager.env".content = ''
+    WIREGUARD_PRIVATEKEY="${config.sops.placeholder.wireguard}"
+  '';
+
  networking.useDHCP = lib.mkDefault true;
  networking.hostName = "materusPC";
  networking.wireless.iwd.enable = true;
@ -13,9 +17,7 @@
    [connectivity]
    uri=http://nmcheck.gnome.org/check_network_status.txt
  '';
-  sops.templates."networkmanager.env".content = ''
-          WIREGUARD_PRIVATEKEY="${config.sops.placeholder.wireguard}"
-  '';
+
  networking.networkmanager.ensureProfiles.environmentFiles = [
    config.sops.templates."networkmanager.env".path
  ];
@ -34,7 +36,7 @@
        allowed-ips = "${materusArg.ip-masks.wireguard.general};";
      };
      ipv4 = {
-        address1 = "${materusArg.ips.wireguard.materusPC}/23"; 
+        address1 = "${materusArg.ips.wireguard.materusPC}/23";
        dns = "${materusArg.ips.wireguard.valkyrie};";
        method = "manual";
        never-default = "true";
--- a/configurations/host/materusPC/secrets/default.nix
+++ b/configurations/host/materusPC/secrets/default.nix
@ -8,8 +8,9 @@
  sops.age.generateKey = false;
  sops.gnupg.home = null;
  sops.gnupg.sshKeyPaths = [ ];
+  sops.age.sshKeyPaths = [ "/materus/root/ssh_host_ed25519_key" ];
  sops.defaultSopsFile = materusCfg.hostPath + "/secrets/secrets.yaml";
-  sops.secrets."users/materus" = { };
+  sops.secrets."users/materus" = { neededForUsers = true; };
  sops.secrets.wireguard = { };

  services.openssh.hostKeys = [
@ -23,5 +24,4 @@
      type = "ed25519";
    }
  ];
-
 }