From 03a62ea382b70fa95a563bb36e82eb9ca12d5bbf Mon Sep 17 00:00:00 2001
From: SebastianStork <sebastian.stork@pm.me>
Date: Wed, 1 Oct 2025 00:30:19 +0200
Subject: [PATCH] hosts/srv-public: Reinstall on new vps

---
 hosts/srv-public/default.nix  |  6 +++--
 hosts/srv-public/disko.nix    | 44 ++++++++++++++++++++++++-----------
 hosts/srv-public/hardware.nix |  4 ++--
 hosts/srv-public/secrets.json |  6 ++---
 4 files changed, 39 insertions(+), 21 deletions(-)

diff --git a/hosts/srv-public/default.nix b/hosts/srv-public/default.nix
index b1721f2..8f97fff 100644
--- a/hosts/srv-public/default.nix
+++ b/hosts/srv-public/default.nix
@@ -1,6 +1,6 @@
 { config, ... }:
 {
-  system.stateVersion = "24.11";
+  system.stateVersion = "25.05";
 
   meta = {
     domains.validate = true;
@@ -8,9 +8,11 @@
   };
 
   custom = {
+    impermanence.enable = true;
+
     sops = {
       enable = true;
-      agePublicKey = "age1g9fm9w3j2ep7qrqmq9wx09p3ynn3xm7elp36eursj2fvh6yw5q6st448jz";
+      agePublicKey = "age1tfgn62qe9264yzsw5svdppz57e3dhlzfcf043ecpg82mgny88gwsdxg9vz";
     };
 
     boot.loader.grub.enable = true;
diff --git a/hosts/srv-public/disko.nix b/hosts/srv-public/disko.nix
index f61c8c6..ead84f6 100644
--- a/hosts/srv-public/disko.nix
+++ b/hosts/srv-public/disko.nix
@@ -10,27 +10,43 @@
             size = "1M";
             type = "EF02";
           };
-          root = {
+          ESP = {
+            size = "512M";
+            type = "EF00";
+            content = {
+              type = "filesystem";
+              format = "vfat";
+              mountpoint = "/boot";
+              mountOptions = [ "umask=0077" ];
+            };
+          };
+          nix = {
+            size = "20G";
+            content = {
+              type = "filesystem";
+              format = "ext4";
+              mountpoint = "/nix";
+              mountOptions = [ "noatime" ];
+            };
+          };
+          persist = {
             size = "100%";
             content = {
-              type = "lvm_pv";
-              vg = "pool";
+              type = "filesystem";
+              format = "ext4";
+              mountpoint = "/persist";
+              mountOptions = [ "noatime" ];
             };
           };
         };
       };
     };
-    lvm_vg.pool = {
-      type = "lvm_vg";
-      lvs.root = {
-        size = "100%FREE";
-        content = {
-          type = "filesystem";
-          format = "ext4";
-          mountpoint = "/";
-          mountOptions = [ "defaults" ];
-        };
-      };
+    nodev."/" = {
+      fsType = "tmpfs";
+      mountOptions = [
+        "defaults"
+        "mode=755"
+      ];
     };
   };
 }
diff --git a/hosts/srv-public/hardware.nix b/hosts/srv-public/hardware.nix
index 1e905e3..57f8ad5 100644
--- a/hosts/srv-public/hardware.nix
+++ b/hosts/srv-public/hardware.nix
@@ -26,8 +26,8 @@
       linkConfig.RequiredForOnline = "routable";
       networkConfig.DHCP = "no";
       address = [
-        "91.99.70.118/32"
-        "2a01:4f8:1c1b:ffc7::1/64"
+        "91.107.212.241/32"
+        "2a01:4f8:1c17:5597::1/64"
       ];
       routes = [
         {
diff --git a/hosts/srv-public/secrets.json b/hosts/srv-public/secrets.json
index 8d6cb7c..a17e6dc 100644
--- a/hosts/srv-public/secrets.json
+++ b/hosts/srv-public/secrets.json
@@ -34,11 +34,11 @@
     "age": [
       {
         "recipient": "age1mpq8m4p7dnxh5ze3fh7etd2k6sp85zdnmp9te3e9chcw4pw07pcq960zh5",
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTOEl3dWhrVHI0cHlUMjB3\nYzFFd0xyZUtnTTM4UGRsWTE5eDl5TVJEeVd3CklvNldORkZ0bURLT1UvdWQxc2Er\nbkl5ZHZ1aTZGK1kzZE1ac0pTLy90TDgKLS0tIDNDb0FWcU1LT3NXRW9rdEcxRm9Y\nTEdmMVJYSVdPQ2oxVnR5aVJxVTROTFkKMYZ+gH9w1F/gmOtP/pQJ5dVc0SXu08Uz\n4kqYnyM2URWNqT0quHybKRu1421LKXfU2N/ImVZptz9SRtCDaRK1YA==\n-----END AGE ENCRYPTED FILE-----\n"
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwbXkzdUdQQUZML09QbGlU\nZEUvUmVSQ0Y0SFRkZ054Wk9ITXpQblFTOVNNCktNVFAyOFVPNTNQdEc5eEtjK3J4\nM25JWHNiT3JQb2pwUXFjNk5jbDBxOVEKLS0tIEsxM2J1OGVXME9xOU93clRBalFu\na3JhU3I5ZXZBVWxyUTdmWkxBdmlyNTQK+0N88y3r45jjxjC+4eT9+BnIPZgtVyBd\ngNYOKPxoa+KoKk66TSMoVcFJzyVgmLBKeomyNKw/D0gz/ZTU7J9Hag==\n-----END AGE ENCRYPTED FILE-----\n"
       },
       {
-        "recipient": "age1g9fm9w3j2ep7qrqmq9wx09p3ynn3xm7elp36eursj2fvh6yw5q6st448jz",
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4OGcxUHFrNW5PMlZVL0hF\naUtvZzRZTEs0SjRUKythaTB6WUdOODJKODI4ClNuVjVqdGlSMTdGSW9GMCtpbUxn\ncnZvckxkWDBNV3hQQnpnZ0xkeWJ1K0EKLS0tIDBGdTZINTVoeFNMQmpsZVg5S2xv\nbXF5M0FJOCs3b1dqcGF6bXJsd3dyc2sKIpq/yiNubX/yMt/Kj7TYThm3/Kj6we+X\ngvijkVVdddCyO0TH2GZQM5rIQvSq299GwcECDHh7QSUVhEAerJA3qw==\n-----END AGE ENCRYPTED FILE-----\n"
+        "recipient": "age1tfgn62qe9264yzsw5svdppz57e3dhlzfcf043ecpg82mgny88gwsdxg9vz",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGUERmY3A4Z2pGclBmdEtB\neGV5dVk3TTJKclc3YlFlNUFJbEVKZ3Ric1J3CktiWUlsUlNrV2g4UGRjREljM254\nV3RjSjNLOWw1V0hUa0RES01POUphK28KLS0tIDVpdmZmMmgvYmhGamV2QjNLK0Rk\nbDd3N3M3UHo3Qnc1dy9BdW4rRWlFbU0KUSJmiNwH31TGNatEAc5Wpzalnm4f8YeY\nNyA1k2/QJzhYYFm5KBEGo9TLpJJ59IjInW2MCGuBeFh4Xzi+HiNxfA==\n-----END AGE ENCRYPTED FILE-----\n"
       }
     ],
     "lastmodified": "2025-09-22T19:09:21Z",