diff --git a/doc/src/module/disks.md b/doc/src/module/disks.md index 65e4047..7febccb 100644 --- a/doc/src/module/disks.md +++ b/doc/src/module/disks.md @@ -36,13 +36,13 @@ The disks module can be used by importing `inputs.self.nixosModules.malobeo.disk - **Type:** `string` - **Default:** `""` - **Description:** - The device name (e.g., `/dev/sda`) for the root filesystem. + The device name (beginning after `/dev/` e.g., `sda`) for the root filesystem. #### `cfg.disk1` (string) - **Type:** `string` - **Default:** `""` - **Description:** - The device name (e.g., `/dev/sdb`) for the optional mirror disk of the root filesystem. + The device name (beginning after `/dev/` e.g., `sdb`) for the optional mirror disk of the root filesystem. #### `cfg.swap` (string) - **Type:** `string` diff --git a/machines/.sops.yaml b/machines/.sops.yaml index f9aa3cc..6b73de0 100644 --- a/machines/.sops.yaml +++ b/machines/.sops.yaml @@ -50,3 +50,10 @@ creation_rules: - *admin_kalipso_dsktp age: - *admin_atlan + - path_regex: fanny/disk.key + key_groups: + - pgp: + - *admin_kalipso + - *admin_kalipso_dsktp + age: + - *admin_atlan diff --git a/machines/fanny/configuration.nix b/machines/fanny/configuration.nix index 5964770..c2b7ab1 100644 --- a/machines/fanny/configuration.nix +++ b/machines/fanny/configuration.nix @@ -1,5 +1,7 @@ { inputs, pkgs, ... }: - +let + sshKeys = import ../ssh_keys.nix; +in { imports = [ # Include the results of the hardware scan. @@ -20,23 +22,26 @@ cacheurl = "https://cache.dynamicdiscord.de"; }; - boot.initrd.systemd.enable = true; - boot.loader.systemd-boot.enable = true; - nix.settings.experimental-features = [ "nix-command" "flakes" ]; malobeo.disks = { enable = true; - hostId = "1312acab"; + hostId = "a3c3101f"; root = { - disk0 = "sda"; + disk0 = "disk/by-id/ata-SAMSUNG_MZ7LN256HCHP-000L7_S20HNAAH200381"; }; storage = { - disks = ["sdb" "sdc"]; + disks = ["disk/by-id/wwn-0x50014ee265b53b60" "disk/by-id/wwn-0x50014ee2bb0a194a"]; mirror = true; }; }; + malobeo.initssh = { + enable = true; + authorizedKeys = sshKeys.admins; + ethernetDrivers = ["r8169"]; + }; + services.tor = { enable = true; client.enable = true; diff --git a/machines/fanny/disk.key b/machines/fanny/disk.key new file mode 100644 index 0000000..7a30f5e --- /dev/null +++ b/machines/fanny/disk.key @@ -0,0 +1,31 @@ +{ + "data": "ENC[AES256_GCM,data:1I8fN241VOaW4GaNUe/OVr+1HQKmtYL1GSuIfsE=,iv:aHdgEUj5QhusEavG9mVgtTQ4uqLJD2ozQ/kVVtFakYY=,tag:JJUbt4kgpa4hVD3HjLXGOg==,type:str]", + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": [ + { + "recipient": "age1ljpdczmg5ctqyeezn739hv589fwhssjjnuqf7276fqun6kc62v3qmhkd0c", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEUGpORk5zWXU1OVpqc2hT\nVW5PYlNLT3lKQVpTdCtMT1M3YlZ3Uno5bVJjCkJXR3I2Y3lDT0dJNThCcDN1NXYr\nK3VucjRKU0dac3BtQmV5ZFdrZXkrS1EKLS0tIGRGMGxDM0ZGbzVPTnJQK01GS3VW\nRHpJQWZLU1lrRS9ScXM0L0dyTjhGTGsKJEYq5vKxxYBAgkqUEkBwESur0reNIDPb\nK3rtflNi3dUYYZdLFNFV5rQX5q8aDnM6fO/zYPkzfBn7Ewq3jbBIIg==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-01-05T19:35:48Z", + "mac": "ENC[AES256_GCM,data:z7elJ0+3r0bWc/H6h4rI36xC7Uj0NS04VssjPDNVZM17LeN4ansSOfcOKPaUMziV/z5Aq8RVLROR+FImzxBZGaZm37frCoN1OP3WjeDnP6AsoY9dY+S/aYmErVEsQEIi8T4RAdQP2c3BUt1oKZ9Nki2pu3IBRabBlFhaTI0bspc=,iv:8Nn8r9ancHwBJOaJSsv8Vj3s+d0UvRmKIeCDNzx1qRg=,tag:BSO2yu70H2wjen3BCGC4Gw==,type:str]", + "pgp": [ + { + "created_at": "2025-01-05T19:32:11Z", + "enc": "-----BEGIN PGP MESSAGE-----\n\nhQGMA5HdvEwzh/H7AQv+JpNwP+BLJf4+0pSr17TToviCo0yWmcaP1dIUqClBSoDO\nI3ZzqHdImAj4QgExif2zsuzz1+WC+sjvFqEmX5pBKza/e30qCZirkelz9mzc0mhG\nLhTzfhqC6fLbV5f+pDp6N40ommu+LX1pIz6nViCUjqBdnAkCb+tqLU4eQJQqVmlz\n7BToLsvYomPK1nJ6f4rt1nTR9wkBI68AYM/K0SgCJXjwj1LpZ/+3yElkiCqZ9uZB\n1jrDKX+QPySlZ7OERL70UT7Eh8DTUNzFnozvliBnyxe00wwiiucCgrC94TmaKCmh\ni/FOdS6Izm3QwcWB0eMCX6GQBvlUWpjSz5xF4+YODJe9tGNz/sNxpk6B8xG5NuG2\n61nohMHoml6X3Z9dOwu/Svl+eS8SV/r278W/F9miE8YeayyLlPxHF3DXjd6WeDhZ\n20NExQUJYIRf6w/XQPQZ+E39NkIHxz8v+P29ncmSsRPWS6d2MK0Yj+UW0vT0u1vJ\n+lAs24xYofbu5tmBbnK10lgBrZMXDJM2nQbKMKSkVVjzbzmOe5jzMBxuWLX+ykeI\npaj32wQDWvfBqLPH1Kwvy5nqHvy375jPZ7RTzT7W0d4jKQf7xapbi4CEepHHfxCF\nD0HIEi8RUlXJ\n=KVUJ\n-----END PGP MESSAGE-----", + "fp": "c4639370c41133a738f643a591ddbc4c3387f1fb" + }, + { + "created_at": "2025-01-05T19:32:11Z", + "enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMA98TrrsQEbXUARAAqowFMavIniFheNvt03EH1iEn64xNmExotYcDt2L0bR39\nXQdLvg7cJ/Jh7EuZ44mHTs21mpbYIlygMs6kimqQ8iO30vGTEcn5bt/eUEoGHciM\nYVHktWNR81ZgjvKCcmTUK3ld+DMKmg2BABr4auUOYLu4ToSnFb1fv+fvZG0D3iQs\nm6LJuafH+4utM16Vnkp9+ziY/ieMPYfbOFuSFq0UWxGK9P+koSYVGnYhH55Lksyf\nBb/esEGCY671/Jl/qHw8so4TELeRsW/v/xAcNqbE1Msdeas7WJy/B6WqXQgK/Y+J\nPsyZ2XHKhPRitN77/eDJXVBi0mKBTE/RCzDzMYxKA7IQm28v8+u+wpdCajewnyF4\ns2HACaYs/TWRpIUzqxRlznc0nMpk8xUaeVb0N7nrtSDEBF8ETOGOcPk1AmdKMR4M\nsy0vu+K2oJ9L7e/o1ntpejKHN7t2Lzq+CvszBYKmyw/KgxeqY0hx4cJTUDsdgLjI\nMTrs6bySVXDyRaw3rHo7OvA+5c8dLfnWJd1R78nZTx89CYCvjJeMo7PNvN6C9HxK\nJoCOCnZo6a3j4NqJvXD5GNqGSP6m1lqBRWYQUIhWaOfz8aTY1Z3EXX0/4tv5C+A/\nknhc694ujtmBXio4XgDIrSz3jr9G8+ZLvig88xV12HTJfsatypQdHVIZj08EeR/S\nWAG872Q/DVD/aDmhaOlq/o/QBoEyrnJdkRHT9NX8iBboQ81wezfJxWUWlWyHaXVq\n5YBLFQvQAZLz3h05EBkMOiS2dHUa8OnNImj8txnCePAlcUdv7LIVxHA=\n=9APA\n-----END PGP MESSAGE-----", + "fp": "aef8d6c7e4761fc297cda833df13aebb1011b5d4" + } + ], + "unencrypted_suffix": "_unencrypted", + "version": "3.9.2" + } +} \ No newline at end of file diff --git a/machines/testvm/default.nix b/machines/testvm/default.nix index d0cf0b2..b338fbc 100644 --- a/machines/testvm/default.nix +++ b/machines/testvm/default.nix @@ -14,6 +14,8 @@ in ]; + boot.initrd.systemd.enable = true; + boot.loader.systemd-boot.enable = true; malobeo.initssh = { enable = true; authorizedKeys = sshKeys.admins; @@ -48,7 +50,7 @@ in services.acpid.enable = true; - networking.hostName = "fanny"; + networking.hostName = "testvm"; networking.networkmanager.enable = true; time.timeZone = "Europe/Berlin";