SebastianStork/nixos-config
1
0
Fork 0
mirror of https://github.com/SebastianStork/nixos-config.git synced 2026-01-21 19:51:34 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

hosts/srv-private: Reinstall with impermanence

Browse source
This commit is contained in:
SebastianStork 2025-10-06 23:50:34 +02:00
parent 1b9a26c494
commit ef5c7fabf7
4 changed files with 88 additions and 70 deletions
Download patch file Download diff file Expand all files Collapse all files

6
hosts/srv-private/default.nix
View file

@ -1,6 +1,6 @@
{ config, ... }: { config, ... }:
{ {
system.stateVersion = "24.11"; system.stateVersion = "25.05";
meta = { meta = {
domains.validate = true; domains.validate = true;
@ -8,9 +8,11 @@
}; };
custom = { custom = {
impermanence.enable = true;
sops = { sops = {
enable = true; enable = true;
agePublicKey = "age1qz04yg4h4g22wxqca2pd5k0z574223f6m5c9jy5ny37nlgcd6u4styf06t"; agePublicKey = "age1rp7lrakhlnnhzcgjtut8ncamem6wjrtna3e9mgdkt3dqd9dvk3usa5tzk5";
}; };
boot.loader.systemd-boot.enable = true; boot.loader.systemd-boot.enable = true;

49
hosts/srv-private/disko.nix
View file

@ -1,41 +1,52 @@
{ {
disko.devices = { disko.devices = {
disk.disk1 = { disk.main = {
device = "/dev/vda"; device = "/dev/sda";
type = "disk"; type = "disk";
content = { content = {
type = "gpt"; type = "gpt";
partitions = { partitions = {
boot = {
size = "1M";
type = "EF02";
};
ESP = { ESP = {
type = "EF00";
size = "512M"; size = "512M";
type = "EF00";
content = { content = {
type = "filesystem"; type = "filesystem";
format = "vfat"; format = "vfat";
mountpoint = "/boot"; mountpoint = "/boot";
mountOptions = [ "umask=0077" ];
}; };
}; };
root = { nix = {
size = "100%"; size = "20G";
content = {
type = "lvm_pv";
vg = "pool";
};
};
};
};
};
lvm_vg.pool = {
type = "lvm_vg";
lvs.root = {
size = "100%FREE";
content = { content = {
type = "filesystem"; type = "filesystem";
format = "ext4"; format = "ext4";
mountpoint = "/"; mountpoint = "/nix";
mountOptions = [ "defaults" ]; mountOptions = [ "noatime" ];
}; };
}; };
persist = {
size = "100%";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/persist";
mountOptions = [ "noatime" ];
};
};
};
};
};
nodev."/" = {
fsType = "tmpfs";
mountOptions = [
"defaults"
"mode=755"
];
}; };
}; };
} }

31
hosts/srv-private/hardware.nix
View file

@ -8,11 +8,12 @@
nixpkgs.hostPlatform = "x86_64-linux"; nixpkgs.hostPlatform = "x86_64-linux";
boot.initrd.availableKernelModules = [ boot.initrd.availableKernelModules = [
"ata_piix" "ahci"
"uhci_hcd" "xhci_pci"
"virtio_pci" "virtio_pci"
"virtio_scsi"
"sd_mod"
"sr_mod" "sr_mod"
"virtio_blk"
]; ];
zramSwap.enable = true; zramSwap.enable = true;
@ -20,23 +21,27 @@
networking.useDHCP = false; networking.useDHCP = false;
systemd.network = { systemd.network = {
enable = true; enable = true;
networks."10-ens3" = { networks."10-enp1s0" = {
matchConfig.Name = "ens3"; matchConfig.Name = "enp1s0";
linkConfig.RequiredForOnline = "routable";
networkConfig.DHCP = "no";
address = [ address = [
"152.53.85.193/22" "138.199.200.104/32"
"2a0a:4cc0:c0:23bd::1/64" "2a01:4f8:1c1a:732c::1/64"
]; ];
routes = [ routes = [
{ Gateway = "152.53.84.1"; } {
Gateway = "172.31.1.1";
GatewayOnLink = true;
}
{ Gateway = "fe80::1"; } { Gateway = "fe80::1"; }
]; ];
dns = [ dns = [
"46.38.225.230" "1.1.1.1"
"46.38.252.230" "8.8.8.8"
"2a03:4000:0:1::e1e6" "2606:4700:4700::1111"
"2a03:4000:8000::fce6" "2001:4860:4860::8888"
]; ];
linkConfig.RequiredForOnline = "routable";
}; };
}; };
} }

6
hosts/srv-private/secrets.json
View file

@ -25,11 +25,11 @@
"age": [ "age": [
{ {
"recipient": "age1mpq8m4p7dnxh5ze3fh7etd2k6sp85zdnmp9te3e9chcw4pw07pcq960zh5", "recipient": "age1mpq8m4p7dnxh5ze3fh7etd2k6sp85zdnmp9te3e9chcw4pw07pcq960zh5",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmdEtRd2R6YzVUS0xtOUFM\nSmg2L0x0WnhrazN6dlNGK295OWFvNlV4ekY0CnpCQmtRSjErZlk3UUFuR2R3Yy9P\nREtRcEg2Y09WSFJkbWNwcVRJNnpRWVUKLS0tIHdpOWZBVlhrR203Q05tVXR4eTdV\nRzVHRncrdWV2eGtBUnl0SjhDTm1mWWsKH8YnoFLn8GZehS60rpWZ0dTtOKxpMOPM\ny0266elas/kr+w0DRlBH1HdtXv+kwo22KK3t/Q966Fkc5rxCYa++CQ==\n-----END AGE ENCRYPTED FILE-----\n" "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnc2E0amJTa1QxTVloc2Vj\nUUo0VW02ZXUvV0M1VTdCOVh1M0YzeWo5WVJRCnNZN1FNZVA1R2tvSlI5QmJMaURG\nbG9XTEQvYzliREVIUEhzaXFjVUM4bkEKLS0tIEE3VXgyWFZKeDFLc3QxdGZrUWZu\nVWI3Y1R5K1pycE12ZDBkbXVGWVBYTXMKsoiaQZWFHoTnPsDc4zhDrk1ZwzW1KtLn\nFAu58/Goy8YWfcATxXpU+tfauTWkotM/sGzXwyYD+zi4elekHSU/OA==\n-----END AGE ENCRYPTED FILE-----\n"
}, },
{ {
"recipient": "age1qz04yg4h4g22wxqca2pd5k0z574223f6m5c9jy5ny37nlgcd6u4styf06t", "recipient": "age1rp7lrakhlnnhzcgjtut8ncamem6wjrtna3e9mgdkt3dqd9dvk3usa5tzk5",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpcGVRNzRrM2RTeFJScDBR\nZUFSOUd2dXhZaGh3TDdVYVdWZVBYYjNDUm5nCnl3RHJBM0F0RUlIWjJ3ZEVRVEVI\neXZMSVkvbU1Qamc0VGZIeW1lekVTeFEKLS0tIHVpTGtoSytuZFlIdzBtNEI0a1lh\naURRQUR4cVBhNmRFOTQ2MFdBN3p3OEkKJjy8KnruglNwYOuOcWIspJZq3+0VqHGx\nV6cldtjSabCks3xtTUYjvb8/mMwHT1ANW/bRkJ/BrBClZGGEM3hZgQ==\n-----END AGE ENCRYPTED FILE-----\n" "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLMmlwaXZvcTdMWVZ3VzNm\nMTR3TnJxLzNVYUFTUGNDR1Jhc1c3QTBOS0QwCm1NVkFaUSs3LzNGT25pSmVPRVVP\nbUdoTEJCcnNpNjE4aTljeGZoYjQ4cG8KLS0tIG1paitmUlBPekM4YXJwR3Z1Z2VW\nZTR6ZXdWYmVMK01RMVZLUlJyOExBMVkKJ/msnrWYumh1OmB5W2w+bUjAt2m7RrOT\nJVGy7zHKk5HWD7VLoYUCpPGoWWeq2O3dC4BjE0jFOya/2zz3YckF+A==\n-----END AGE ENCRYPTED FILE-----\n"
} }
], ],
"lastmodified": "2025-09-19T16:19:13Z", "lastmodified": "2025-09-19T16:19:13Z",