From 9de2a5d853ede16840c48a62a9c1f13724d9224f Mon Sep 17 00:00:00 2001 From: SebastianStork Date: Sun, 7 Sep 2025 23:04:19 +0200 Subject: [PATCH] hosts/observer: Reinstall with impermanence --- hosts/observer/default.nix | 6 +++-- hosts/observer/disko.nix | 44 +++++++++++++++++++++++++------------ hosts/observer/secrets.json | 6 ++--- 3 files changed, 37 insertions(+), 19 deletions(-) diff --git a/hosts/observer/default.nix b/hosts/observer/default.nix index 94cbff8..2904212 100644 --- a/hosts/observer/default.nix +++ b/hosts/observer/default.nix @@ -1,6 +1,6 @@ { config, ... }: { - system.stateVersion = "24.11"; + system.stateVersion = "25.05"; meta = { domains.validate = true; @@ -8,9 +8,11 @@ }; custom = { + impermanence.enable = true; + sops = { enable = true; - agePublicKey = "age1dnru7l0agvnw3t9kmx60u4vh5u4tyd49xdve53zspxkznnp9f34qtec9dl"; + agePublicKey = "age1f5hav97datm0s687ew5dnhtaderr6xu0hn0e60jgdkms3tfk84mq263qpe"; }; boot.loader.grub.enable = true; diff --git a/hosts/observer/disko.nix b/hosts/observer/disko.nix index f61c8c6..3a0e0ca 100644 --- a/hosts/observer/disko.nix +++ b/hosts/observer/disko.nix @@ -10,27 +10,43 @@ size = "1M"; type = "EF02"; }; - root = { + ESP = { + size = "512M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ "umask=0077" ]; + }; + }; + nix = { + size = "10G"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/nix"; + mountOptions = [ "noatime" ]; + }; + }; + persist = { size = "100%"; content = { - type = "lvm_pv"; - vg = "pool"; + type = "filesystem"; + format = "ext4"; + mountpoint = "/persist"; + mountOptions = [ "noatime" ]; }; }; }; }; }; - lvm_vg.pool = { - type = "lvm_vg"; - lvs.root = { - size = "100%FREE"; - content = { - type = "filesystem"; - format = "ext4"; - mountpoint = "/"; - mountOptions = [ "defaults" ]; - }; - }; + nodev."/" = { + fsType = "tmpfs"; + mountOptions = [ + "defaults" + "mode=755" + ]; }; }; } diff --git a/hosts/observer/secrets.json b/hosts/observer/secrets.json index 2918dcb..b296c22 100644 --- a/hosts/observer/secrets.json +++ b/hosts/observer/secrets.json @@ -14,11 +14,11 @@ "age": [ { "recipient": "age1mpq8m4p7dnxh5ze3fh7etd2k6sp85zdnmp9te3e9chcw4pw07pcq960zh5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvd29MSnZKanp3OXZxNHhv\nVks2ajgwb25qVnVDSWIvZWh1MytGTFBHL1dvCmhDNEF2R3Zac29HVHdLdXljYjJs\nalZYZDF2MjR2cWdBNWZYQXh1OElSWTgKLS0tIHY0eDJhRlVqbUtJQkFSTUh6cFor\nTWhBRXFNb3p1NU5udW9SU1Q4L2YyaVUKUMopZJ68KwiAknBFvz01X0TvBVH+1amz\nPxhHWvrcY54s8vfw9gk6LiN3o4vlZVCSfzHGLGoXxFeylc6RTM4CIw==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoV013SDRBb0FuQldMRXFr\nRU14amtVZ292dDVFcXJ3ZFYvQ210b1ZGWnc4ClVVaStUaDEwdWljeGRxRlZ5M0pi\nUlpNeklCbStST3NsUERmYkY0alV3elUKLS0tIEtZNGZOMlZUVGtRVTZ1Y240MS9p\nMlZ3RGVsZFcwNGJOZE1sWExvZ1NSWUkKG9yOZR+8j0+3KZ8LtJHwh/1S8vhMTyy3\ncebIfg9BIhf6EWnGV6ltK89p+g5a28wgshlswIQO/nQ29s8c/IEMbA==\n-----END AGE ENCRYPTED FILE-----\n" }, { - "recipient": "age1dnru7l0agvnw3t9kmx60u4vh5u4tyd49xdve53zspxkznnp9f34qtec9dl", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhSDhRQmpXaGdocDMvaS9u\na0ZyOEtNT2N4bG01NERFQTErc1hFaE1xWFFVClA4YjBwdGVhbTZ3dE9ZSFV2M1Zu\nZCtuVHN4R0NMQU16UXFRdVVqQlJLazgKLS0tIDdmWVc4ejFNRWVhY1piSTBXU0cx\nV1F2cjlmRWNKWkN1U3hwNWl6U2lEb1kKgsj22mpgxpgA5oXTXhoA5DtkySqqcn17\nOrpUiZmfOABXEZ0b5pnkAD06aW+7j2SqajYpvguxIrD9x1w562FmZA==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1f5hav97datm0s687ew5dnhtaderr6xu0hn0e60jgdkms3tfk84mq263qpe", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByczNyTzlPSXVZZ1hmbm1W\nM0l2c1ZXcXVxdGpNSUVZZzBtaktBVWo4cFYwCmU1bVdpNktiWCtlWFpOZ3UzOWhY\nY2NlS1g4dXhaNmRLVFhSR3BBQ1IvNnMKLS0tIEFZRGhzQ3dKV2pWUWpSbmRkaWFO\nMFcwWXlsTVJsSk1vZ1E3NGx5ZVBieGsKaz0euqXQzjqwVExTcg37uyiM0bPl3Pkh\n943SCEiQ/nWrhaLl0jQ4Xvoh2d8ylkDWLa79hz/e1s6NtuoJYjj40g==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-08-17T19:05:59Z",