rouven.seifert/nixos-config
1
1
Fork 0
mirror of https://git.sr.ht/~rouven/nixos-config synced 2024-11-15 13:23:11 +01:00
Code Issues Packages Projects Releases Wiki Activity

switched to btrfs

Browse source
This commit is contained in:
Rouven Seifert 2023-02-16 22:08:44 +01:00
parent 55611013b7
commit 2751a9750c
Signed by: rouven.seifert
GPG key ID: B95E8FE6B11C4D09
4 changed files with 59 additions and 49 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.sops.yaml
View file

@ -1,6 +1,6 @@
keys: keys:
- &rouven 116987A8DD3F78FF8601BF4DB95E8FE6B11C4D09 - &rouven 116987A8DD3F78FF8601BF4DB95E8FE6B11C4D09
- &thinkpad age1adv7rejxykyve466dx7pykzgdawkgzeneql3wgwv02gx72cyeewqsm3wn6 - &thinkpad age1pwdahgk2yty9w8cw5ht90mral76h0ndp3vkp93xm4g0cttjlsvgqn8vlys
- &nuc age1930r9v2y57zkwghlxapj348c4rfnmr70de898cdhu5rue5cpagzq74wymk - &nuc age1930r9v2y57zkwghlxapj348c4rfnmr70de898cdhu5rue5cpagzq74wymk
creation_rules: creation_rules:
- path_regex: secrets/thinkpad\.yaml$ - path_regex: secrets/thinkpad\.yaml$

6
hosts/thinkpad/default.nix
View file

@ -15,8 +15,7 @@
boot = { boot = {
loader.systemd-boot.enable = true; loader.systemd-boot.enable = true;
loader.efi.canTouchEfiVariables = true; loader.efi.canTouchEfiVariables = true;
kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages; kernelPackages = pkgs.linuxPackages_latest;
supportedFilesystems = [ "zfs" ];
}; };
time.timeZone = "Europe/Berlin"; time.timeZone = "Europe/Berlin";
@ -80,8 +79,7 @@
printing.enable = true; printing.enable = true;
fprintd.enable = true; # log in using fingerprint fprintd.enable = true; # log in using fingerprint
openssh.enable = true; # enabled ssh to have the host keys openssh.enable = true; # enabled ssh to have the host keys
zfs.autoScrub.enable = true; # periodically check filesystem and repair it btrfs.autoScrub.enable = true; # periodically check filesystem and repair it
zfs.trim.enable = true; # weekly ssd trimming
}; };
programs.steam.enable = true; # putting steam in here cause in home manager it doesn't work programs.steam.enable = true; # putting steam in here cause in home manager it doesn't work

38
hosts/thinkpad/hardware-configuration.nix Executable file → Normal file
View file

@ -13,38 +13,50 @@
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ]; boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
boot.initrd.luks.devices."luksroot" = {
device = "/dev/disk/by-uuid/6b89181c-71e0-4e84-8523-2456d3e28400";
allowDiscards = true;
};
fileSystems."/" = fileSystems."/" =
{ {
device = "rpool/nixos/root"; device = "/dev/disk/by-uuid/3d44cde5-17a2-4023-b9ae-3a02ae68aa81";
fsType = "zfs"; fsType = "btrfs";
options = [ "zfsutil" ]; options = [ "subvol=root" "compress=zstd" "discard=async" "noatime" ];
}; };
fileSystems."/home" = fileSystems."/home" =
{ {
device = "rpool/nixos/home"; device = "/dev/disk/by-uuid/3d44cde5-17a2-4023-b9ae-3a02ae68aa81";
fsType = "zfs"; fsType = "btrfs";
options = [ "zfsutil" ]; options = [ "subvol=home" "compress=zstd" "discard=async" "noatime" ];
}; };
fileSystems."/var/lib" = fileSystems."/var/lib" =
{ {
device = "rpool/nixos/var/lib"; device = "/dev/disk/by-uuid/3d44cde5-17a2-4023-b9ae-3a02ae68aa81";
fsType = "zfs"; fsType = "btrfs";
options = [ "zfsutil" ]; options = [ "subvol=lib" "compress=zstd" "discard=async" "noatime" ];
}; };
fileSystems."/var/log" = fileSystems."/var/log" =
{ {
device = "rpool/nixos/var/log"; device = "/dev/disk/by-uuid/3d44cde5-17a2-4023-b9ae-3a02ae68aa81";
fsType = "zfs"; fsType = "btrfs";
options = [ "zfsutil" ]; options = [ "subvol=log" "compress=zstd" "discard=async" "noatime" ];
};
fileSystems."/nix/store" =
{
device = "/dev/disk/by-uuid/3d44cde5-17a2-4023-b9ae-3a02ae68aa81";
fsType = "btrfs";
options = [ "subvol=store" "compress=zstd" "discard=async" "noatime" ];
}; };
fileSystems."/boot" = fileSystems."/boot" =
{ {
device = "/dev/disk/by-uuid/96DD-4C81"; device = "/dev/disk/by-uuid/B174-4DAE";
fsType = "vfat"; fsType = "vfat";
}; };

62
secrets/thinkpad.yaml
View file

@ -1,51 +1,51 @@
wireless-env: ENC[AES256_GCM,data:Ff4K563edWDrcnXmkF61W3dAdXiZHRTDxBAcy0W6EFxy76r7HTc7wXnqQyQiS9LCJd9nBTjHuWKi2xbeewWlnHbVz1OuAoV7FrWuNd27gf6I6e3n8lURIjaGMXX2ttzzVdvoviFmA12ZQzj8diS+MTNGzHrAHR/ZNEmNS3qFLIe8EHWCFAqcByuURB2lw6kIz8GBB//Cu5fAhncorppbMIQbhNj6LX0GRm6177EIeG9hOc/oc3mTMZ6HJEEIjJEQHK5z0UMj9Q==,iv:Rq+MrdCHaIXgUKqSUr/lmrcWPl2K2WRcotKSX5FkiFw=,tag:ijyM4lHrigvI41kyG/WjDw==,type:str] wireless-env: ENC[AES256_GCM,data:BPRubHOwQfJxB6aKh35BDwGlP+0QE9YDSbLJ4jIIKmQGhtJ6S+Haoqr+68Siy+P7ZfISbMk6mEOvpoEl23eB5yODvbCrwhYeffZYPrKCsgLTF0R/KXiXwpHTPNma74n2b+c9/BXfAuoLDmNdV+6+Is3BAyhbjyRJPnJgAEXt+v8sBKsrbwZK0sZERwcQotwwKh5nmwQOyfNOaSnDOEegcC11O76/GwSBP7LC7NVVFUiyOieJjF9hvOoXRrag/A/DCu5INQoJ7g==,iv:uFIGvz7poAOMCcfSmh3dwyEH7o8H7HcDDwQEsRNBmN0=,tag:j9pEBS6onwslgQ4AlqvWZw==,type:str]
uni: uni:
zih: ENC[AES256_GCM,data:XwpN5u2X3YBZqxtb7COASMA=,iv:RmOYmjiNhXjs1iNq5WTZeVYmQArjqNpp6/a+9EkiIfw=,tag:Hcb0ECIM6HB4kM6/JudaMQ==,type:str] zih: ENC[AES256_GCM,data:KoiT/w5SsUEFAC5beCs3R5o=,iv:qQRZfdtbiAIWUAkdgrpdR8AWDdedn9yl9NcRm0ymE2A=,tag:uyhy5n40PgsWuaEofJjmog==,type:str]
wireguard: wireguard:
dorm: dorm:
private: ENC[AES256_GCM,data:iibKc6YvL99Jf9RQA+4YlI65Yw0jtosOCid1q+beUpcn5jA3AOqKB3wjcJM=,iv:N3xAETIeRo7vRq+/3QMdUYJtaZQr7iIgnGoD5rnHsRc=,tag:Fyc12YxfqM/NuDuiyKQpvg==,type:str] private: ENC[AES256_GCM,data:l2SEIEoljGLrEDWEVdfJiVdLafyAmlR4wKzKtz/xsLL6kEGveK/dgsDvjiU=,iv:5YktJB0g/2Agd+0+synPjZUsxxa5JPorFn975Vr/PF4=,tag:c6CmppUVMcjrip4YraBurQ==,type:str]
preshared: ENC[AES256_GCM,data:213FbLKK5RQa8uADicr7k/YyLI1L0oUR6vuGYX6PunvylKD619WCTZLoya8=,iv:RVs713dJO79C8vStcvIq9/kAWlE8wpKVJd3NjtTKI+g=,tag:yedynedj8BGaJpISY2y9ww==,type:str] preshared: ENC[AES256_GCM,data:sb6vHcYO6c+m2jegangICr3v2toTFdSwt/rgCKD7q4UB/qR8U5CaAEjQdXY=,iv:QwQbNxx4+xTL14ID10bS7HWxKWzkoMSV6wHu8qytbEU=,tag:ozsK2gqayY56uOTGZtCNqQ==,type:str]
email: email:
tu-dresden: ENC[AES256_GCM,data:13YAHNUqwmwj1yqOle+M1us=,iv:Ed960kTLUeq2lq0NogRmGXS69yKT2Mwst5XBrd110bY=,tag:6HNlFPTYXNzfsXTlwg1+uQ==,type:str] tu-dresden: ENC[AES256_GCM,data:JRSfF2tnZX6NRPXFdJE5c7Q=,iv:phOzSD2XUcnvSneKtmMmB5zYrnXcZL1PzsurWLsy9gA=,tag:sxC5hLb7Rd4j5/mEi8Zu6A==,type:str]
rfive: ENC[AES256_GCM,data:dyJEoaq8EKqMD0loWr0H5gXepwptZ8givA==,iv:WAT4LsBbIA/po2xd5R0K5HAsqbw+WigLJWo0T8ftPTE=,tag:Tjs9zETfxXZsS43hC6+13Q==,type:str] rfive: ENC[AES256_GCM,data:noHhc37RxE/UZtTcllCb0r57ke7mauZNpQ==,iv:kbhXBDcRigSxbPyQu5HS8xG+WfehEYNi+uGC6lcvHEw=,tag:CPHmf85Fr54P8zj/dShazg==,type:str]
google: ENC[AES256_GCM,data:1BeiGEku2zE9uS8WR3yRgA==,iv:uRaDPblZpxdAH72EaV2Rjho/MZsiVjqFsVSJHzz3GrU=,tag:Vs9GWbwFrdg8vYnLROaOGA==,type:str] google: ENC[AES256_GCM,data:MObdBDErPOyPISOoc8zlQA==,iv:cPJgKjHR838Pm4O+WI52ZO4v4ds4GU351oU0HDSDfsg=,tag:dy+ApExgn26+3Osu5B2kaQ==,type:str]
ifsr: ENC[AES256_GCM,data:yeYK+dZwSaL3oKS0UE8Plmh6dVKWTA==,iv:xrBlx9C6uau6hVHVZDTcdMegI0475QQR4ZCjIwq7kP0=,tag:D4G15DIkswldCRa63P1IgQ==,type:str] ifsr: ENC[AES256_GCM,data:cJT5du8Jwy+rh286H55P2bEIIPtNpg==,iv:1qYzIqSWJ68GTGfl0x0YRZMPQAGAmibI1GKfdDWOrO4=,tag:sbHPs81bL88Ns75Mu+OUnQ==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
azure_kv: [] azure_kv: []
hc_vault: [] hc_vault: []
age: age:
- recipient: age1adv7rejxykyve466dx7pykzgdawkgzeneql3wgwv02gx72cyeewqsm3wn6 - recipient: age1pwdahgk2yty9w8cw5ht90mral76h0ndp3vkp93xm4g0cttjlsvgqn8vlys
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnd1UrV1pRSHhzL1dKWTBv YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCQ243byszWm45UmpialpS
WkM0d0xLL1ErbDMyNmIwRlB5dDU5Sm5DYWxjCnVoVjN5RmRRNURpSm94Z1lKb2pn OVVsTEFQNDZrS3NRdUc1aFBOcTFyclZkenpzCmtXcnlsZGNBOTBhZVJSNFdrck9i
dWJLZEpVR3hWeWlrd0hCOW41WWptZHcKLS0tIHJnWUlwV2RxMFZQMFBzQisyeGIz MHI0WjA4dy9DTFk3cWwydkJvR0h3RmsKLS0tIGxsM0hzUmg4RVBUOTI3QTZMZG4x
ZGFKS3ZXR216SXpBK1E2d3IyS2h3WjAK6xFl7yDaLald51Dts1lL+M4IF84bzsgy d1J5UHJDYjlZWEV1aEVDSmxhWDB0anMKMNzyd465AdMyX0o9NxF+hcLyROcd8xoJ
1RJiIAGi3/0R4f6GxH7oXaV14zXDk/6lw3VJbwIcgC9FSVcW1FJXIQ== 39K5xIDzcqpu6HfoZk1kZ/TT1DS2Xiw0rDuJHWdfpnS8zNe6DL3a7Q==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2023-01-31T14:10:56Z" lastmodified: "2023-02-16T20:53:53Z"
mac: ENC[AES256_GCM,data:bxqaG3QXd1W9rSlcTUYnv+RvScjt53lyteTniLUNbLMmDcYDonTK6E+pudhrq0OWoRGfsKQrfrTWmAQZg4jRWr+M6zLt2IFrLar5b/XYuGdMD9+nEGxnpRfvmOeHDGCFAmG98H1A35Y9YPGA4vEzuxCKRNG5Somk81sPt9x0C7Q=,iv:zNcxle9LiWKE6Zu2xpagR5VFLQsoabpGwswa7FFb3BI=,tag:o9vGc35oofTmCsu2sWHx6Q==,type:str] mac: ENC[AES256_GCM,data:mcQexhVzXr28XF6KyN9MckSpD03q5tJl/IgL1CCeyvBRY4TkxBuTMKld22R9pp46StMfg16A2j2voTc546ayribLgIfn78wxa0sraaYoir+/xaF697EoO8UfthHPdmd8DHru7yoOFx0F4k2jNHGSIEi+FNrflUu+L8PxZ7Kyzms=,iv:HKW9WpufHCpUNSM048g2djj+h1vwB+gnL84hZH1LuJw=,tag:6Hj9ua1wsIvlsIvn5eOvXw==,type:str]
pgp: pgp:
- created_at: "2023-01-28T13:13:40Z" - created_at: "2023-02-16T20:53:51Z"
enc: |- enc: |-
-----BEGIN PGP MESSAGE----- -----BEGIN PGP MESSAGE-----
wcFMAzUXo8ZPJwGLAQ//X2vlfKYO00ydDER64ca6cIvSTuNvteohKAmPZ+HNGhdy wcFMAzUXo8ZPJwGLAQ/+NB4eFL48UlOgU36c4fo5eGFAFCx54wovfOq33S3yc5tx
UaPpmQyXo4hI98yT90/x3E/MWCUJSEeKnNkoga28PHS0Gna+nk8q/t11ITMs7Pcu UewzA5DZ9FECG8vl/CvxDNZdDZcdHWdF8r0MEKtToMMuDgcw4c1oDyZsKPCycWJm
PJZreqs+eK2rgimpOx862OEY9ur/9+q8rgAmcRiuxhdwA+B23yrr8I+BcfCaUnTG /vzVnmQDD1TfS1FoZNLU+IHm1VZ6c51s1A24KhIZc4fre0U4jA9JXv2ZelCJzzOm
kXjv8eFzzoZ6g7vPDHYIcTISdlBvtM06TmikzxZ7TefE/19iFt0tvdmPy/s7YchC 5PqOdItIl/avnDH7Q5iBBsHkebM3exrpq0VzUABaiiR6mjcn8uhh5T11oxgMZgvD
Dk80ULIUI61yg7y4B1fczDPH5k/WWCjO3NfQ/mezkrD2RMmQPkeDnvvpeGrgZtD4 AzP+IsBHh1dkuhy5tV0eUtzD95aYvofuszIFSe6Aj/HX7Iod/C70M5KWQNMQhqXI
7sV7/TpNchFBjvnhCp5v2BaQN/r4jpCDdmU1rfc0ZfSuwcmUwwSJKS4cd5yb1gC+ d2YRZc9VGcrZ0RgYnUyoC15h7k91tO9UHhAbR9IG3j7px5QLs8/JjaUi64wIRbDd
hYBevnNNepgiKYv1yXbNT92o4eI0QMe0nS1RnDZN3kTQxzS7Z/BbAj1yDjbl0zIq EiT+vbmpv3V2aqAdwRGOOd5buWrrdLIyk+2BdmtVqOtI2kOrQr328J3uM7+z1c55
t70quVCr4UintGRhm7pdMj8UIItOm2ef+Je+/hgXLPm+Quijt4fJjHS4IyK9neCf iE5QlS8zZL8zY+5sSCpijmKNPGe4SsJxJ72PLyT+y9DwI4259uNW2fpt+ZsT4yWr
j59iQ3aFUbEp9eu2M8pUI75dnZHM4NX7I+4VRseSD+LAXQoB7q19JWnCyA33rOjG MWv/EvuPuIq774odk5B+ECvucUcufJ2j0R1XoVGVvNc6N8VZiMGpfYx7+w6soEQQ
zXA89pVY0TKnjqNEISzTPqVIn4GF7hxFhY2r04F1lVBBd0uwKrWQttEbj9ndtKGV GDaNJ1ETw4nYOvb19nF+ymKFhRz1fV7w6QRn6vI0tBO3UTGR1bx6+D5oM+OazzgA
HZqnVH+SiPmW5A3Tws3XkoyXstNbYc/ZRxMfmhlaID3T/7IZVweYV+YyCJxqwqTS HcQGrxn/sAVKm/zXri479VNw5w4T4F5qhXaYyYhQmssKGBEpqhm02jzy8NRaUmPS
UQF93xbqnw11ry/LJ7Q8ShVe/VliZ+ztt+X+Buf7FvZscBus0PnVKVYtQRcy2XqS UQEuypPFKDKZhGW5GeToRNYnlrd/txV8n/bvRN2OrhkgHN0D8HLn/X9AW3dd/KnT
KF3FPAEoDAMaB0Az+Io+w1LZLYjoqaFzr8MJrq2GHZ2Daw== FIL5dAFoBIC5GFu0xNGyuA/9MLNWRpwMF7tU3vr2726iTQ==
=lpTG =3Wti
-----END PGP MESSAGE----- -----END PGP MESSAGE-----
fp: 116987A8DD3F78FF8601BF4DB95E8FE6B11C4D09 fp: 116987A8DD3F78FF8601BF4DB95E8FE6B11C4D09
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted