diff --git a/.sops.yaml b/.sops.yaml index 784e493..ed0ea22 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -3,7 +3,7 @@ keys: # Users - &anthony age12t69fa3kqmnxdx4sca7ecv6lfu3wrfwm95zuuhujcfk3ukcn8dzsk40u6x # Hosts - - &bkp1 age1uvm732gdzuq2v2m97tw5gxerztw6ad3452xrpq5y9ggvg62x7fqse4pzly + - &bkp1 age17rwd9guzrfks7t3q4erdjm860mn0290kmthntw5myjyszvcwz95qkt8gyc - &lga-test1 age1td7hkcms0fmrt438ta2kmxxfmp0lget6gdae7me60apprll543sqr525jy - &e39 age1a4uumamqg8248ntjjl088ppq7m75p6zyhu5r8yyaqjvvk5yjpuksqspeea - &octo age1mntfkg0jyv698z8kg6mlq8mr72ecpyt0dmn8y0skux9r26km4uzsge8h9q diff --git a/nixos/hosts/bkp1/default.nix b/nixos/hosts/bkp1/default.nix index 3ed0719..6b00f49 100644 --- a/nixos/hosts/bkp1/default.nix +++ b/nixos/hosts/bkp1/default.nix @@ -15,6 +15,9 @@ ./hardware-configuration.nix ../../personalities/base ../../personalities/server + ../../personalities/server/syncthing.nix + inputs.disko.nixosModules.disko + ./disks.nix ]; networking.hostName = "bkp1"; networking.domain = "nwk2.rabbito.tech"; diff --git a/nixos/hosts/bkp1/disks.nix b/nixos/hosts/bkp1/disks.nix new file mode 100644 index 0000000..194f559 --- /dev/null +++ b/nixos/hosts/bkp1/disks.nix @@ -0,0 +1,63 @@ +{ + disko.devices = { + disk = { + main = { + type = "disk"; + device = + "/dev/disk/by-id/nvme-Samsung_SSD_970_EVO_Plus_500GB_S4P2NF0M318838M"; + content = { + type = "gpt"; + partitions = { + ESP = { + priority = 1; + name = "ESP"; + start = "1M"; + end = "4096M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ "defaults" "umask=0077" ]; + }; + }; + root = { + size = "100%"; + content = { + type = "btrfs"; + extraArgs = [ "-f" ]; + subvolumes = { + "/rootfs" = { mountpoint = "/"; }; + "/home" = { mountpoint = "/home"; }; + "/nix" = { + mountOptions = [ "compress=zstd" "noatime" ]; + mountpoint = "/nix"; + }; + }; + mountpoint = "/partition-root"; + }; + }; + }; + }; + }; + data = { + type = "disk"; + device = "/dev/disk/by-id/ata-Samsung_SSD_860_EVO_500GB_S3YZNB0M524981D"; + content = { + type = "gpt"; + partitions = { + data = { + size = "100%"; + content = { + type = "btrfs"; + extraArgs = [ "-f" ]; + subvolumes = { "/data" = { mountpoint = "/data"; }; }; + mountpoint = "/partition-data"; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/nixos/hosts/bkp1/hardware-configuration.nix b/nixos/hosts/bkp1/hardware-configuration.nix index c9c5e29..8a93066 100644 --- a/nixos/hosts/bkp1/hardware-configuration.nix +++ b/nixos/hosts/bkp1/hardware-configuration.nix @@ -19,47 +19,6 @@ boot.kernelModules = [ "kvm-intel" ]; boot.extraModulePackages = [ ]; - fileSystems."/" = { - device = "/dev/disk/by-uuid/9b390384-9c28-4d8b-84c9-2edc8f1326ae"; - fsType = "btrfs"; - options = [ "subvol=rootfs" ]; - }; - - fileSystems."/srv" = { - device = "/dev/disk/by-uuid/9b390384-9c28-4d8b-84c9-2edc8f1326ae"; - fsType = "btrfs"; - options = [ "subvol=rootfs/srv" ]; - }; - - fileSystems."/var/lib/portables" = { - device = "/dev/disk/by-uuid/9b390384-9c28-4d8b-84c9-2edc8f1326ae"; - fsType = "btrfs"; - options = [ "subvol=rootfs/var/lib/portables" ]; - }; - - fileSystems."/var/lib/machines" = { - device = "/dev/disk/by-uuid/9b390384-9c28-4d8b-84c9-2edc8f1326ae"; - fsType = "btrfs"; - options = [ "subvol=rootfs/var/lib/machines" ]; - }; - - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/7F84-BB22"; - fsType = "vfat"; - }; - - fileSystems."/nix" = { - device = "/dev/disk/by-uuid/9b390384-9c28-4d8b-84c9-2edc8f1326ae"; - fsType = "btrfs"; - options = [ "subvol=nix" ]; - }; - - fileSystems."/home" = { - device = "/dev/disk/by-uuid/9b390384-9c28-4d8b-84c9-2edc8f1326ae"; - fsType = "btrfs"; - options = [ "subvol=home" ]; - }; - swapDevices = [ ]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking diff --git a/nixos/personalities/server/syncthing.nix b/nixos/personalities/server/syncthing.nix new file mode 100644 index 0000000..f18d3d9 --- /dev/null +++ b/nixos/personalities/server/syncthing.nix @@ -0,0 +1,7 @@ +{ + services.syncthing = { + enable = true; + openDefaultPorts = true; + dataDir = "/data/syncthing"; + }; +} diff --git a/secrets/users.yaml b/secrets/users.yaml index 494ab58..c1fe830 100644 --- a/secrets/users.yaml +++ b/secrets/users.yaml @@ -16,83 +16,83 @@ sops: - recipient: age12t69fa3kqmnxdx4sca7ecv6lfu3wrfwm95zuuhujcfk3ukcn8dzsk40u6x enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBudVlvOWl2Wjg4WWE5T1FP - T1J2THJwVGpQNnNGQXozdzBxYW5zQnBGZHhjCndISms4YTJRWVBjOVRBeHU4MytQ - MnFuNmRCZ0FkZHh3YVZ4b1d5SENyRHMKLS0tIHFvM2lZTkZ0YWw5TldaOFpvYXY4 - eTVubUhPelRaeFpmYzBUNGpsQmg4RE0KuyUICiRpoXbxones3rX8GEl91WGwm9bc - evs02ctVpkJVKz/v7vYQE7x30QU9jJeHRFiJ8PqFaqdrJG/mHE62Kw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6QWJic0tVcWVzK2I3Zm1j + bnBJRjIwclJBS2tNVDYxZmxWRG1VNXVYb1hFCkVJMzBEaEpOWWd2ejVlZHh6L1Ex + ZEFPbWtETTJKRkplZG1IU2JVRkhlVXMKLS0tIDRRblpINEcwMlZtQ3R6T0JQdmZU + aDlsTjZscnBsUW1tRCtIdWxXRkZhLzQKxa0uS8/6YT81pfzEla45gcaej4NwSjqw + HZKVzK2FWa87Gri2r8vQP/W8uBKzbNhmznGP4OsFvuCRxGVYtwdjbQ== -----END AGE ENCRYPTED FILE----- - - recipient: age1uvm732gdzuq2v2m97tw5gxerztw6ad3452xrpq5y9ggvg62x7fqse4pzly + - recipient: age17rwd9guzrfks7t3q4erdjm860mn0290kmthntw5myjyszvcwz95qkt8gyc enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUdFF3cmJ5b3Z2a1Z0RWFp - WStzS2NXTjB5dTBveG5ZL2oyM09VbU5ZZ1RFCmZPbVpQREQyVG90cWYxbHhzSWdz - SUZ0VURKUFdqb3YrdytQOCsyZUt1bU0KLS0tIGkrN0VIcHZoVGw5MzZ1S0ZQbDVU - dHAxblpSRDlsM2MxWGU4MUhhN2c5eEkK4dHzfOfmmc9o3G7Qy3iUFnQKJFLH/dXr - h+lu/AwDMJTggLEIr/BjPPEyP08fW5mp2Fajyz0WHdoCfBbwDDkP+Q== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4L216OURHbDBwRFNkRkww + eStpTk1yMlplYUZ0Ti9QSHZWb1Zna2d6VlZvCjh5UE1QQ3FQRG5pSFhRRXQyM0x6 + N0RCQXVIM0J1M2N0Sk1DWHpDZnVKdzAKLS0tIGk2TmhrVzRTTWpoNEJWK2ZGSWhz + Z25JaFRkVHdsTjZ1SDlSbTR0UkZhNGcKXM5lBh9GVk7inPuCXPcJwTqLa0MwXQQu + g5yVce54uNQBiE9LbPLWphyZvGh/nTwUfEtZkfZnBxQHd9ffvXSuAg== -----END AGE ENCRYPTED FILE----- - recipient: age1td7hkcms0fmrt438ta2kmxxfmp0lget6gdae7me60apprll543sqr525jy enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKbTdSbjRObDhodUJUWWRF - NnRybGdQOXhvbVRIcXQzZUpJNjVtYlIzaXk4ClNtTWo2MVhtUlQ2SCtFZGxUYkts - Mk91OHVPM2cwcEZhVDdMYjhOM0pZRm8KLS0tIGdIU0VqMy9yOWtza00wZStIN0Nr - S1d0NThiODROQTl1L2c5eWxiVVV5MkEK4KnaEaE/ZPHLYp+So20Yxll0y9CB5GvV - cRJRbsQ9UKs/uc0AM4E0CjapCSA9bS1oUtpGO0fH/bxY2yRHSNe8yg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEcnpBMzdSZC8wNG13ZHNY + ZWp4T1dtSlhEdm9Ta0F5dWdyQXdZRzVRL0dZCk5BWVNtN3hPUjBVRWtPVW41LzJ1 + NVZIQnFldVBJQ0F3djl6clJ2ZnZmb1EKLS0tIEdGM0VXcWdqT0ZlYVBOMXluM2hl + V243aU55YTNZMFVHcVEwd2tCSC9YcUUK9yu/6cKBLXgSLr7BYo8H+zmewEyh+Cti + q7wdt8aZI0EDcZPW69nOfM2R5H1IpuSmq86JuD/YwdBcPtdiSX8VIg== -----END AGE ENCRYPTED FILE----- - recipient: age1a4uumamqg8248ntjjl088ppq7m75p6zyhu5r8yyaqjvvk5yjpuksqspeea enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsVGNpSitPSC8zOEw5SzBO - U0VKcE1YQzU5a0tWOXRYSk9NQ2NURG00RWlvCmRtYmtubzdOQjBvRkwrZXduWmht - RDYxTlVrWkFUYUZIWUpGWjh3NXdHL28KLS0tIDRyaWdBK2liTGprUnhWUEJqOGwz - NkxaSkdxVVNBL25mWms3UWlYWU1oWDgKLx+XCMJ52qirR1zedW8QTbM5xCmieEfY - YMNxT/WUP1kKqxNf9d+aq6hnsRowdLhihEqNdNym/VBhXOBCHWgquA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBucWRnOG1ieEZiNXB6Z0sw + TXlJMkVuN3hmWmRXUEJ4RmUzcy94alVTY3hNCkozZnhUMXVZYUlYaFRjdnAwbmNH + eWNnNTEvNHFuSnNtZlY2a0xmWDkwcjgKLS0tIEl2RHFWK3kzZ1A5NVFaOTdRRDk3 + VmY5UEs4b2xKMHpnWmh5WFVUcTZHeVUKjJzf92gNCMdGwCV5mHs1Vzmq5WbWwoTh + HlF/glcR1TBa2ss1hCf6KApoN/pYrus3lX5NHXdUubH9RvOCu8VbHw== -----END AGE ENCRYPTED FILE----- - recipient: age1mntfkg0jyv698z8kg6mlq8mr72ecpyt0dmn8y0skux9r26km4uzsge8h9q enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2RW9tazVVSDZNTDNFSnFV - c2dvSWlCcHd0KzF4UHVFaVdaeGpZVEFna3lFCkNXRVNiUGF3OHJHa3hhSk93WTJH - UEpWNms5eHRtQ0dNeUlFOTZlK2ZMNlEKLS0tIGVYK1VHc29keGtmRlVaeFlKWUt4 - Vkw4Mk5TUktFaUp1Qk5RQ0dCZTEyclkK8jWCSSPRRGUgVzwv3Henod4q8RoBHqy+ - 9BgmSpVrdlbikMBTS3u9TOO+iqwvx0n1rVle3cr4RX5A24je+OCs+A== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzQVpzTlFteVllVWo5S01N + SFI3L0NPZmNwL0kzdzZ2dDBVVEtONDNjUnhjCjdOT2d2YkF4dU15RXJ4L1RuMEh2 + QlZET1dvWndCRHE5TXVPbnhqNndQSnMKLS0tIG12NTNFZWJoTWFaY1VUMlpzTTYw + N0FUZFQxSnBMUDc0cGFCZU5IVU1wNkkKP/z/EW6OVsSeoEsow0XXMW4+F7IQUVWH + C3Zc4tSwb6av7XsUsVK9LpEOYYq2UceFitUHn3xSihrdM9mK4fby5A== -----END AGE ENCRYPTED FILE----- - recipient: age17j2dw9kdpqntanmk9ndfw3gfu2cld22teuwzfuhnu8j7xpm2yf5se8d2f7 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHZUZZWWJaMWRoL2hSMlAx - QS90MVVOMHN3S2ZRcGF3RlFaWk9HUTJJQ3pzClYvT2x3aDQ3YnE5ejN5cnlpWFQz - UlZuOFBzdTRXeHh3bC9McmhUM3dtWTQKLS0tIGpqSUQ5bjM5aW1FalNoRlIrZ2lJ - OWVJT2hTR2dqbXlUbXBoUVlwNHFxb1kKXxHixvLBwyamnsFE5RHd+SJf2CfYo4tu - qLasQ3HThxExEzGuf+jtnaVQQQzHNM/7EX2DCEJW6esqBHu+y6URCQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0cVM5SWJJSSs3MERVYmV0 + b2hrWlRBQ0E1aE5WN295UHpUaWNsbHBxc3lnClRDNVQ5eWhBeUtvY3dadXZqdk0x + WWVoMG5pZU1OektpR0Z6Nm9zV3ZaZ0kKLS0tIGxuMHZvSzhVUXp5aTh2d0s0c1dF + cEVtdm02NVV0MmFaRnE1Zk9EZ2hJOHMKLx2JM+tELcc0n2zc/UgBFO5DX5L19WDz + 0uRTtyDQW94Y6rjN0FSvES+EFiyfktYpbN6HS5sI4CBH+iVTKdTcFQ== -----END AGE ENCRYPTED FILE----- - recipient: age1hfg2qhhgkun0jz3ez383slf3ruldxyhvcr4488nuhn6vuuaje4rqhp0h96 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwN2x4czNHYWdMWWJ5MC8r - ZXAzZXZueDNlOE5qVkY1QjlrdE15ck9sandNCkIzazB5MGxndDJOdEFXaXBCaXJs - VXJpVTNGMEp6eVFIMDh3M2VVWFVTaUEKLS0tIG5USmZSVDViMUlVWHNXOWRnSGh1 - Q1NPeHBVZ2kxRWl0SGkwdWljUHNicTAK2JBEKZcU/Yn0oAWCQ1dTPTPJG6ENgT8F - sEpeUwMuQ/nHWLrkQ/ZavJ34WwDKmZ75dObhLZ5VeBcJFl+3Lq28pA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWWkN4ME5UZlRjRjZVV25I + cVU5NmxpeElYWCtvZmVZK1hQSzVRQkVhMlZJCkpTMjhtRFB4eVNIejBTN0tLM204 + NndFSVpKSUNacFd5SG1YUmkzT2JuTWMKLS0tIHBXTS9vdWttc0VUbEg5OWxaK25s + WlB6VWJhV2RkV010bkV1ZEFhdUVkZXcK4g/1gwBKNRXcBhXL2HYURpAqXDv3M1+B + hb9WmhidtQmzINj9r4wOxoAw+YtpeKhvSNMwWdu9vd3Y+Ba98q0iIA== -----END AGE ENCRYPTED FILE----- - recipient: age1n84nrpcndeduskpx7psc5p3758vcp8ynme5qacdergyrkhhtremsdewm8g enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuc1B1aFZneGQ5dnhsczU4 - Z3pmd1p1d1ZVMHZUcitDQ3V0bVVqbW40OWp3CmdacEtVUW9VeU4yRXAyNWhnSnlQ - Yjl0Zm1PNXdUdHdJd056Zzg5ZnJOWE0KLS0tIHZxNXZaaUprRVZTNmlHK1lNNDJK - S2RvWTZOek8yRG9WanZwak5IMTZwYjQKQkCC/f1w3a7mGBgY099ZIZWFwYh3/NFm - JSY6INN6AugLMNWo4SpkHtTluXjA7A7fK7n8wjTIRfhV2i0WOytn1w== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3MFc0Ynp4N2pPb0hvaDhh + Ykp6Ni9ndDNiTUlTdktIWC94VUF4bUdxamh3CjR2MHEvb3JOcHhvRGlFMTVtZklF + MXpoaW1Rcm53ZnBkUFY2cG9kaHFnSjgKLS0tIGNSWlE2ZU9iUjNReHhkeERIL2VO + ekRKTWdFeUlGdERVcHFSS3k0UG9TbFkKyCw3kehi4Mvg6u7nbIczIivxaMv3wmls + 5kQIHpoQqX6NPhWPmBwV6mL7AXIspXtwHPJgapk8l/hIzc8cbEsq3w== -----END AGE ENCRYPTED FILE----- - recipient: age1w0gxlxdt4p63ggundtdwvhar4kgkl5z09vmxxdg2r94f8hugsegq6nx2gw enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvc1Mva0dHZ2xMYS9YQ093 - WnIvc0Rsa2czNU54U21uLzZrTlBuMEhoTVhzCmVkeTZkc2d6STFLaTJJbXhPd1lh - NWRoczIzWlNsSG8yOEVMVEVLOUZleGsKLS0tIGNzOHA3S3dKN29uMTl4bXgvd3JM - aXVheUlzK3prQWR5bytPcmlWSC9qOFEKmLiEcU0rCyi7HnBlgG/WZESnqC8erjKa - jNXj+pFjHW8bq6DlC8lclufntBiu7GYyX73SAE3Tpa9vMTyooGlv0g== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArVVZBemlORTdzVE1YaWRN + MUsrVGZqTTJKdFhFSXFpY1NtS2FHK3pGVlQwCnFXd2lRRjN4VnM4NVRScUxqUHdz + L1dLU1hTNzVoSVdQNWl3elgrUGUxc0kKLS0tIElnNzNDWURoRUZROURFL1Q3U1Rk + NkhFaS93YU85QjUvNm5tOVhzT1NoeTgKZr7r5PX6h8I1WiHmz9Gk/NYQdSaNKDG0 + ptShwm4bj57MqnqMVBT1flwrEvQXVCtqMY6jUIrVe7u1vSFcujTVNQ== -----END AGE ENCRYPTED FILE----- lastmodified: "2025-01-19T15:26:04Z" mac: ENC[AES256_GCM,data:qU3HChCRp70wbNNfmQtkFoMWNTZQmDFVTATtOMU9PhBUBHF4Kxnyg5qnXgpfhyYtpbjs1kNFd+Gh5IsvRwI8GccsL+Q6dd1UT148ajpnBLNNZnRNS7kLK9Crh1Y0ganPul0WBHWJspzyyNBfRrigk4LMyoBXGnei6/zeRDJMvV4=,iv:BDbhV5kHxydzla3//HTNYllpTDH06CyJbsxYWLhnTHU=,tag:wSBlFyXFWOI8m+xdg8rPpA==,type:str]