SebastianStork/nixos-config
1
0
Fork 0
mirror of https://github.com/SebastianStork/nixos-config.git synced 2026-01-21 16:21:34 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

hosts/srv-private: Reinstall with impermanence

Browse source
This commit is contained in:
SebastianStork 2025-10-06 23:50:34 +02:00
parent 1b9a26c494
commit ef5c7fabf7
4 changed files with 88 additions and 70 deletions
Download patch file Download diff file Expand all files Collapse all files

6
hosts/srv-private/default.nix
View file

@ -1,6 +1,6 @@
{ config, ... }:
{
system.stateVersion = "24.11";
system.stateVersion = "25.05";
meta = {
domains.validate = true;
@ -8,9 +8,11 @@
};
custom = {
impermanence.enable = true;
sops = {
enable = true;
agePublicKey = "age1qz04yg4h4g22wxqca2pd5k0z574223f6m5c9jy5ny37nlgcd6u4styf06t";
agePublicKey = "age1rp7lrakhlnnhzcgjtut8ncamem6wjrtna3e9mgdkt3dqd9dvk3usa5tzk5";
};
boot.loader.systemd-boot.enable = true;

49
hosts/srv-private/disko.nix
View file

@ -1,41 +1,52 @@
{
disko.devices = {
disk.disk1 = {
device = "/dev/vda";
disk.main = {
device = "/dev/sda";
type = "disk";
content = {
type = "gpt";
partitions = {
boot = {
size = "1M";
type = "EF02";
};
ESP = {
type = "EF00";
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "umask=0077" ];
};
};
root = {
size = "100%";
content = {
type = "lvm_pv";
vg = "pool";
};
};
};
};
};
lvm_vg.pool = {
type = "lvm_vg";
lvs.root = {
size = "100%FREE";
nix = {
size = "20G";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
mountOptions = [ "defaults" ];
mountpoint = "/nix";
mountOptions = [ "noatime" ];
};
};
persist = {
size = "100%";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/persist";
mountOptions = [ "noatime" ];
};
};
};
};
};
nodev."/" = {
fsType = "tmpfs";
mountOptions = [
"defaults"
"mode=755"
];
};
};
}

31
hosts/srv-private/hardware.nix
View file

@ -8,11 +8,12 @@
nixpkgs.hostPlatform = "x86_64-linux";
boot.initrd.availableKernelModules = [
"ata_piix"
"uhci_hcd"
"ahci"
"xhci_pci"
"virtio_pci"
"virtio_scsi"
"sd_mod"
"sr_mod"
"virtio_blk"
];
zramSwap.enable = true;
@ -20,23 +21,27 @@
networking.useDHCP = false;
systemd.network = {
enable = true;
networks."10-ens3" = {
matchConfig.Name = "ens3";
networks."10-enp1s0" = {
matchConfig.Name = "enp1s0";
linkConfig.RequiredForOnline = "routable";
networkConfig.DHCP = "no";
address = [
"152.53.85.193/22"
"2a0a:4cc0:c0:23bd::1/64"
"138.199.200.104/32"
"2a01:4f8:1c1a:732c::1/64"
];
routes = [
{ Gateway = "152.53.84.1"; }
{
Gateway = "172.31.1.1";
GatewayOnLink = true;
}
{ Gateway = "fe80::1"; }
];
dns = [
"46.38.225.230"
"46.38.252.230"
"2a03:4000:0:1::e1e6"
"2a03:4000:8000::fce6"
"1.1.1.1"
"8.8.8.8"
"2606:4700:4700::1111"
"2001:4860:4860::8888"
];
linkConfig.RequiredForOnline = "routable";
};
};
}

6
hosts/srv-private/secrets.json
View file

@ -25,11 +25,11 @@
"age": [
{
"recipient": "age1mpq8m4p7dnxh5ze3fh7etd2k6sp85zdnmp9te3e9chcw4pw07pcq960zh5",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmdEtRd2R6YzVUS0xtOUFM\nSmg2L0x0WnhrazN6dlNGK295OWFvNlV4ekY0CnpCQmtRSjErZlk3UUFuR2R3Yy9P\nREtRcEg2Y09WSFJkbWNwcVRJNnpRWVUKLS0tIHdpOWZBVlhrR203Q05tVXR4eTdV\nRzVHRncrdWV2eGtBUnl0SjhDTm1mWWsKH8YnoFLn8GZehS60rpWZ0dTtOKxpMOPM\ny0266elas/kr+w0DRlBH1HdtXv+kwo22KK3t/Q966Fkc5rxCYa++CQ==\n-----END AGE ENCRYPTED FILE-----\n"
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnc2E0amJTa1QxTVloc2Vj\nUUo0VW02ZXUvV0M1VTdCOVh1M0YzeWo5WVJRCnNZN1FNZVA1R2tvSlI5QmJMaURG\nbG9XTEQvYzliREVIUEhzaXFjVUM4bkEKLS0tIEE3VXgyWFZKeDFLc3QxdGZrUWZu\nVWI3Y1R5K1pycE12ZDBkbXVGWVBYTXMKsoiaQZWFHoTnPsDc4zhDrk1ZwzW1KtLn\nFAu58/Goy8YWfcATxXpU+tfauTWkotM/sGzXwyYD+zi4elekHSU/OA==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1qz04yg4h4g22wxqca2pd5k0z574223f6m5c9jy5ny37nlgcd6u4styf06t",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpcGVRNzRrM2RTeFJScDBR\nZUFSOUd2dXhZaGh3TDdVYVdWZVBYYjNDUm5nCnl3RHJBM0F0RUlIWjJ3ZEVRVEVI\neXZMSVkvbU1Qamc0VGZIeW1lekVTeFEKLS0tIHVpTGtoSytuZFlIdzBtNEI0a1lh\naURRQUR4cVBhNmRFOTQ2MFdBN3p3OEkKJjy8KnruglNwYOuOcWIspJZq3+0VqHGx\nV6cldtjSabCks3xtTUYjvb8/mMwHT1ANW/bRkJ/BrBClZGGEM3hZgQ==\n-----END AGE ENCRYPTED FILE-----\n"
"recipient": "age1rp7lrakhlnnhzcgjtut8ncamem6wjrtna3e9mgdkt3dqd9dvk3usa5tzk5",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLMmlwaXZvcTdMWVZ3VzNm\nMTR3TnJxLzNVYUFTUGNDR1Jhc1c3QTBOS0QwCm1NVkFaUSs3LzNGT25pSmVPRVVP\nbUdoTEJCcnNpNjE4aTljeGZoYjQ4cG8KLS0tIG1paitmUlBPekM4YXJwR3Z1Z2VW\nZTR6ZXdWYmVMK01RMVZLUlJyOExBMVkKJ/msnrWYumh1OmB5W2w+bUjAt2m7RrOT\nJVGy7zHKk5HWD7VLoYUCpPGoWWeq2O3dC4BjE0jFOya/2zz3YckF+A==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2025-09-19T16:19:13Z",