switched to zfs on the thinkpad

This commit is contained in:
Rouven Seifert 2023-01-28 14:53:23 +01:00
parent cb5c8e1717
commit be6057ebf0
Signed by: rouven.seifert
GPG key ID: B95E8FE6B11C4D09
6 changed files with 103 additions and 41 deletions

View file

@ -1,6 +1,6 @@
keys:
- &rouven 116987A8DD3F78FF8601BF4DB95E8FE6B11C4D09
- &thinkpad age1s5aes35ku7d2600mwxu8jndvngqrpuuu2h6yrcetytgstkuzlsvstut3ge
- &thinkpad age1adv7rejxykyve466dx7pykzgdawkgzeneql3wgwv02gx72cyeewqsm3wn6
- &nuc age1930r9v2y57zkwghlxapj348c4rfnmr70de898cdhu5rue5cpagzq74wymk
creation_rules:
- path_regex: secrets/thinkpad\.yaml$

View file

@ -12,8 +12,12 @@
];
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot = {
loader.systemd-boot.enable = true;
loader.efi.canTouchEfiVariables = true;
kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
supportedFilesystems = [ "zfs" ];
};
time.timeZone = "Europe/Berlin";
i18n.defaultLocale = "en_US.UTF-8";

View file

@ -9,20 +9,42 @@
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "usbhid" "sd_mod" "sdhci_pci" ];
boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usbhid" "usb_storage" "sd_mod" "sdhci_pci" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{
device = "/dev/disk/by-uuid/8633a706-bf54-4d29-9fba-dbcffd723ab6";
fsType = "ext4";
device = "rpool/nixos/root";
fsType = "zfs";
options = [ "zfsutil" ];
};
fileSystems."/home" =
{
device = "rpool/nixos/home";
fsType = "zfs";
options = [ "zfsutil" ];
};
fileSystems."/var/lib" =
{
device = "rpool/nixos/var/lib";
fsType = "zfs";
options = [ "zfsutil" ];
};
fileSystems."/var/log" =
{
device = "rpool/nixos/var/log";
fsType = "zfs";
options = [ "zfsutil" ];
};
fileSystems."/boot" =
{
device = "/dev/disk/by-uuid/3A2E-1AB6";
device = "/dev/disk/by-uuid/96DD-4C81";
fsType = "vfat";
};
@ -36,6 +58,7 @@
# networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp9s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

View file

@ -14,6 +14,7 @@
networking = {
useNetworkd = true;
hostName = "thinkpad";
hostId = "79353b92"; # Define your hostname.
firewall.allowedTCPPortRanges = [{ from = 1714; to = 1764; }]; # open ports for kde connect
firewall.allowedUDPPortRanges = [{ from = 1714; to = 1764; }];
wireless = {

View file

@ -1,50 +1,50 @@
wireless-env: ENC[AES256_GCM,data:41kibhCdfuOcBV817pd01I3Rpu0vu1WPOFyKnzGSzQi0i4KbmOrbwWV45RWMzHdLWdPNyqJPb7k8rLdbH/ZKdkK1pyLciHbAwUqIll68TxW4Lk6dPUmOk7OX/AAV2DxBZBZj+BbgGHzVTp5WOp/kEQ8LZa9thM8+qIFAsP42opKD5q6wxqSythebYlJ2zqYdmP0smivF6sqTNSrT/8apW8T8O95+zAoxAWl7ginqyprOWCmcR9X++XOaYwSjr4wCIPrTmSEJ,iv:x3pBK4TNldKa7AkYaZOOCM36Dgn6uDQMfpFGtGT9lZs=,tag:hrw/aOEbcVDhz+e2O4kFTw==,type:str]
wireless-env: ENC[AES256_GCM,data:1WuWUmSe1kJykE9wtZ6UkLxYACUdvr9nTesfJQGM0fNgeRUDaUEAld5jaKb3GzKHx/0Q05xSNcWCCBYN68ZYP94BgGLy8bEHvTqTkp4Ub/HKPLcDSiqZtCRiQjV2eKDC8EsP5MMOuc2F7qxNjrMeEWdVF0HcdVYamhRPP/uDQK3m9iUqpqwwaXQ++V9LjjQ0v6M0f9dCo+7ngSgDWApMlZDeMLIOsUn9vnklVnLc8FyOxD+pNthrBhIOGBN1yTIYVUJaM5nr,iv:QsouKCwdBrVonPgKcnxPy/mZzWsWx8O4AOsAiFheDyI=,tag:R0ZinGNTX0G46ye/AAwJwg==,type:str]
uni:
zih: ENC[AES256_GCM,data:irxq42t4H+7E3YJjqbmyccw=,iv:f0E84HMBQN9TtR1BN56LTU4FLOkVWPFTUysQvu99nzs=,tag:BkNyAJAj+3tPF3Us4Vqg3w==,type:str]
zih: ENC[AES256_GCM,data:XwpN5u2X3YBZqxtb7COASMA=,iv:RmOYmjiNhXjs1iNq5WTZeVYmQArjqNpp6/a+9EkiIfw=,tag:Hcb0ECIM6HB4kM6/JudaMQ==,type:str]
wireguard:
dorm:
private: ENC[AES256_GCM,data:ISK2FjZsBx60Sgag8tJs+SyXSvdIQeIHeqB1V/m3g8RxkgIFBkCBnEjB8/g=,iv:CbDXnT3ERB+OYSa0+Xc4nN8joNj3dtSPTQa0SU5S5xg=,tag:Eap30fSv0MtBzaZvBLWAYA==,type:str]
preshared: ENC[AES256_GCM,data:5Kc/CMoEVpqJO0vyDOKmw5A19P68jJe5N025+kIvdvoOoNs2Knl127EuSAA=,iv:5lX9Kj5hz1GNh3a6Ig701cocuZ1CYr4Ze++wJzu7AAU=,tag:1rVx8EA5N++SgXpv0aMGNg==,type:str]
private: ENC[AES256_GCM,data:iibKc6YvL99Jf9RQA+4YlI65Yw0jtosOCid1q+beUpcn5jA3AOqKB3wjcJM=,iv:N3xAETIeRo7vRq+/3QMdUYJtaZQr7iIgnGoD5rnHsRc=,tag:Fyc12YxfqM/NuDuiyKQpvg==,type:str]
preshared: ENC[AES256_GCM,data:213FbLKK5RQa8uADicr7k/YyLI1L0oUR6vuGYX6PunvylKD619WCTZLoya8=,iv:RVs713dJO79C8vStcvIq9/kAWlE8wpKVJd3NjtTKI+g=,tag:yedynedj8BGaJpISY2y9ww==,type:str]
email:
tu-dresden: ENC[AES256_GCM,data:erIlghjlXWE2kUqMZLEN70c=,iv:hWTA68mBDe92qDPwemlSFR2vV2sL+/GI4WjHbwViVic=,tag:ZZ2/vTxBWiC6lbN33lNr5w==,type:str]
rfive: ENC[AES256_GCM,data:+lYvCL0OxM7o3nLN4fPeeVyMSKUL6O0uEg==,iv:I0KrK6GRkQWyDkp0GxXgHuCbDzDZ0u2gejNJCEzChxo=,tag:bBsG3n7nsb9T/NOCeptSgg==,type:str]
google: ENC[AES256_GCM,data:J97kR5rrJ7GpqIN1XAeVlg==,iv:r6qXU6pGEfeiajWyqq3cVatS2m6omlUcJD7bDTwHDQI=,tag:B/lTvdRVxKjyAsO7TSsXdA==,type:str]
tu-dresden: ENC[AES256_GCM,data:13YAHNUqwmwj1yqOle+M1us=,iv:Ed960kTLUeq2lq0NogRmGXS69yKT2Mwst5XBrd110bY=,tag:6HNlFPTYXNzfsXTlwg1+uQ==,type:str]
rfive: ENC[AES256_GCM,data:dyJEoaq8EKqMD0loWr0H5gXepwptZ8givA==,iv:WAT4LsBbIA/po2xd5R0K5HAsqbw+WigLJWo0T8ftPTE=,tag:Tjs9zETfxXZsS43hC6+13Q==,type:str]
google: ENC[AES256_GCM,data:1BeiGEku2zE9uS8WR3yRgA==,iv:uRaDPblZpxdAH72EaV2Rjho/MZsiVjqFsVSJHzz3GrU=,tag:Vs9GWbwFrdg8vYnLROaOGA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1s5aes35ku7d2600mwxu8jndvngqrpuuu2h6yrcetytgstkuzlsvstut3ge
- recipient: age1adv7rejxykyve466dx7pykzgdawkgzeneql3wgwv02gx72cyeewqsm3wn6
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpbk81MnpjSzRBdmFJNFhV
RE9oZHFuUzd3bWRuNDI3VEpYK2VTMXdBSlNVCkJjS0dnc1NzenpzYWdydkJ0enVB
dGJVU2hTKzV1bDV2VnJ1Y0xBaHVoZW8KLS0tIGtaelVQNFFtMDVndlpoMFpKY3p2
S0NwYWFQcmFtTm5zTEZLVXRtMi91Zk0K3ylHH4OXduJlJxepPz9GxBzVmKGpv9LL
ApkEQxfPL4Bxrb2XOFLOYqJGv2SwxBv1QNYT7eTXRLTEsIXUHR0MGA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnd1UrV1pRSHhzL1dKWTBv
WkM0d0xLL1ErbDMyNmIwRlB5dDU5Sm5DYWxjCnVoVjN5RmRRNURpSm94Z1lKb2pn
dWJLZEpVR3hWeWlrd0hCOW41WWptZHcKLS0tIHJnWUlwV2RxMFZQMFBzQisyeGIz
ZGFKS3ZXR216SXpBK1E2d3IyS2h3WjAK6xFl7yDaLald51Dts1lL+M4IF84bzsgy
1RJiIAGi3/0R4f6GxH7oXaV14zXDk/6lw3VJbwIcgC9FSVcW1FJXIQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-01-27T10:55:24Z"
mac: ENC[AES256_GCM,data:gzQG0cc3x0MYqrafz7VYBC49hcYed9Bfvih1I6jsNvZ2olKLZaOnj4FKhgoDhmOqbbmjl5SCEaMDIgTkRxj5IZvkLlaJwquO8RFDHVZr2wgOzbbxPmo6NIJL7+kOJ2Qr17lr/L0JMD5kHA1srN0K5jNwSeOneHsloZtJsypd/cY=,iv:KOt/CM9+8mv7xVHGjUZMaaCTuU8oD7UVqnNmTA9utm8=,tag:gwTDa1p8O7sY/v6ON71wlw==,type:str]
lastmodified: "2023-01-28T13:13:40Z"
mac: ENC[AES256_GCM,data:DbgaU8iyEVBL8EQKHDXlu0DLoKjKKiHPtX3ugBzdTH3foW+ndQVwaLWa69rqJCaRSteq7GMsoGuodksR8MdOhP8qd9cFyNc34ap6D8EAYI/BlLUo71LryvMfAgBvQ2wuzrMFxWderPcg9tKIGMmbTeMcnK5gyDSBTrTm382Uj0Q=,iv:sMNqSQqlCV3YohSlPSa1f1kGDt3iN37o+7AdKMJdCw8=,tag:3DZ7iSbf7He8B6Xw+8np0A==,type:str]
pgp:
- created_at: "2022-12-27T16:39:15Z"
- created_at: "2023-01-28T13:13:40Z"
enc: |-
-----BEGIN PGP MESSAGE-----
wcFMAzUXo8ZPJwGLAQ/+O6i2iycUhTxUEd+JjpRVOuK2+84ZS5vub8zEdgtvNZlb
+Jokp1pmzWxQ5jqwzJoJ4ALhK4RZWf/WdmUuDK2M7/T99zosPg8ZiADcqna3AACt
Neg/6irkgNfBEkhzKnSkfintE0U2GXcYQeKiQ88qtjJ2MFBrDmnMaTAr63C2u4ng
tiZ4VAgqWwJVpSOQ0lQn/QuZcQKeaXMP+1C8ezbbr/bh3AiOSN5CHNwNgwXVQFOj
JML4yyK+OTYG6STDDX2z18CosjZkrCakybFkW1sgb5KHnFmjouCLOH/eaof2Abea
B1d4TRkSCEHct471oVtFBc7FXuF80JG+OYActBYMviCReanbuQmiI63ngMS6+hkv
fkbRKpdZRYTRkYnKRbQeyOZ4e0+CTbVhNuSNgHF31zC8XUq4dZj67vJn9O0qvOJb
vtkoUAt+tsHeoCJjQsCb0UshjPPo3WAQThZdvE3PDX36qdm2WPkRkk2YYeu7YuPb
8oZIPxF8UWriO5o/C6pqzMwMXqWTjFREz/7tZ7QbxMPSt1VgJGi1t63LMyv0Jw+Q
O87/hfWfoCBXS4juS3UuQGJqAV3M7qa17J1GrsJpOh/gWYIrkW1PQ4bfjY3Vj7P1
arjRyk3QTxAPJy68p+1+p5QKCqWNrlZpZClHV6U9f0d4b+bdy2uaIZ5xHsf54oXS
UQHpLgxNzvTQZLTsMqb8yvFdj/KiQfa1MiOKMh2zMCpMImvkptmc3XtqXSybuCS4
6jPzv4cTvE/kpSxUO7fCOFIGoLleRYMpieYLyYsCrDrP8g==
=hdQ0
wcFMAzUXo8ZPJwGLAQ//X2vlfKYO00ydDER64ca6cIvSTuNvteohKAmPZ+HNGhdy
UaPpmQyXo4hI98yT90/x3E/MWCUJSEeKnNkoga28PHS0Gna+nk8q/t11ITMs7Pcu
PJZreqs+eK2rgimpOx862OEY9ur/9+q8rgAmcRiuxhdwA+B23yrr8I+BcfCaUnTG
kXjv8eFzzoZ6g7vPDHYIcTISdlBvtM06TmikzxZ7TefE/19iFt0tvdmPy/s7YchC
Dk80ULIUI61yg7y4B1fczDPH5k/WWCjO3NfQ/mezkrD2RMmQPkeDnvvpeGrgZtD4
7sV7/TpNchFBjvnhCp5v2BaQN/r4jpCDdmU1rfc0ZfSuwcmUwwSJKS4cd5yb1gC+
hYBevnNNepgiKYv1yXbNT92o4eI0QMe0nS1RnDZN3kTQxzS7Z/BbAj1yDjbl0zIq
t70quVCr4UintGRhm7pdMj8UIItOm2ef+Je+/hgXLPm+Quijt4fJjHS4IyK9neCf
j59iQ3aFUbEp9eu2M8pUI75dnZHM4NX7I+4VRseSD+LAXQoB7q19JWnCyA33rOjG
zXA89pVY0TKnjqNEISzTPqVIn4GF7hxFhY2r04F1lVBBd0uwKrWQttEbj9ndtKGV
HZqnVH+SiPmW5A3Tws3XkoyXstNbYc/ZRxMfmhlaID3T/7IZVweYV+YyCJxqwqTS
UQF93xbqnw11ry/LJ7Q8ShVe/VliZ+ztt+X+Buf7FvZscBus0PnVKVYtQRcy2XqS
KF3FPAEoDAMaB0Az+Io+w1LZLYjoqaFzr8MJrq2GHZ2Daw==
=lpTG
-----END PGP MESSAGE-----
fp: 116987A8DD3F78FF8601BF4DB95E8FE6B11C4D09
unencrypted_suffix: _unencrypted

View file

@ -53,6 +53,11 @@ in
create = "maildir";
expunge = "both";
groups.rfive = {
channels.inbox = {
nearPattern = "INBOX";
farPattern = "INBOX";
extraConfig.Create = "near";
};
channels.trash = {
nearPattern = "Trash";
farPattern = "Gel&APY-schte Elemente";
@ -63,6 +68,11 @@ in
farPattern = "Gesendete Elemente";
extraConfig.Create = "near";
};
channels.junk = {
nearPattern = "Junk";
farPattern = "Junk-E-Mail";
extraConfig.Create = "near";
};
channels.drafts = {
nearPattern = "Drafts";
farPattern = "Entw&APw-rfe";
@ -78,7 +88,7 @@ in
neomutt = {
enable = true;
mailboxName = "--rouven@rfive.de--";
extraMailboxes = [ "Sent" "Trash" "Junk-E-Mail" "Drafts" ];
extraMailboxes = [ "Sent" "Trash" "Junk" "Drafts" ];
};
};
"TU-Dresden" = {
@ -102,6 +112,16 @@ in
create = "maildir";
expunge = "both";
groups.tud = {
channels.inbox = {
nearPattern = "INBOX";
farPattern = "INBOX";
extraConfig.Create = "near";
};
channels.opal = {
nearPattern = "Opal";
farPattern = "Opal";
extraConfig.Create = "near";
};
channels.trash = {
nearPattern = "Trash";
farPattern = "Gel&APY-schte Elemente";
@ -112,6 +132,11 @@ in
farPattern = "Gesendete Elemente";
extraConfig.Create = "near";
};
channels.junk = {
nearPattern = "Junk";
farPattern = "Junk-E-Mail";
extraConfig.Create = "near";
};
channels.drafts = {
nearPattern = "Drafts";
farPattern = "Entw&APw-rfe";
@ -128,8 +153,7 @@ in
neomutt = {
enable = true;
mailboxName = "--TU Dresden-------";
# mbsync can't handle umlauts, crap
extraMailboxes = [ "Opal" "Sent" "Trash" "Junk-E-Mail" "Drafts" ];
extraMailboxes = [ "Opal" "Sent" "Trash" "Junk" "Drafts" ];
};
};
"gmail" = rec {
@ -150,6 +174,11 @@ in
create = "maildir";
expunge = "both";
groups.googlemail = {
channels.inbox = {
nearPattern = "INBOX";
farPattern = "INBOX";
extraConfig.Create = "near";
};
channels.trash = {
nearPattern = "Trash";
farPattern = "[Gmail]/Papierkorb";
@ -160,6 +189,11 @@ in
farPattern = "[Gmail]/Gesendet";
extraConfig.Create = "near";
};
channels.junk = {
nearPattern = "Junk";
farPattern = "[Gmail]/Spam";
extraConfig.Create = "near";
};
channels.drafts = {
nearPattern = "Drafts";
farPattern = "[Gmail]/Entw&APw-rfe";
@ -176,7 +210,7 @@ in
neomutt = {
enable = true;
mailboxName = "--gmail------------";
extraMailboxes = [ "Sent" "Trash" "[Gmail]/Spam" "Drafts" ];
extraMailboxes = [ "Sent" "Trash" "Junk" "Drafts" ];
};
};
};