diff --git a/nixos/hosts/varda/default.nix b/nixos/hosts/varda/default.nix index 9b331eb..d8364a3 100644 --- a/nixos/hosts/varda/default.nix +++ b/nixos/hosts/varda/default.nix @@ -1,9 +1,15 @@ -{ pkgs, ... }: +{ pkgs, config, ... }: { imports = [ ./resources/prune-backup.nix ]; networking.hostId = "cdab8473"; networking.hostName = "varda"; # Define your hostname. + + # Add required CIFS support + environment.systemPackages = with pkgs; [ + cifs-utils + ]; + fileSystems = { "/" = { device = "rpool/root"; @@ -19,10 +25,32 @@ device = "/dev/disk/by-uuid/8091-E7F2"; fsType = "vfat"; }; + + "/mnt/storagebox" = { + device = "//u370253-sub2.your-storagebox.de/u370253-sub2"; + fsType = "cifs"; + + options = + let + automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s,user,vers=3"; + in + [ + "${automount_opts},credentials=${config.sops.secrets.sambaCredentials.path},uid=994,gid=993" # evaluated and deployed from another machine + ]; + }; }; swapDevices = [ ]; + # sops + sops = { + secrets = { + "sambaCredentials" = { + sopsFile = ./secrets.sops.yaml; + }; + }; + }; + # System settings and services. mySystem = { purpose = "Production"; diff --git a/nixos/hosts/varda/secrets.sops.yaml b/nixos/hosts/varda/secrets.sops.yaml new file mode 100644 index 0000000..3b48d58 --- /dev/null +++ b/nixos/hosts/varda/secrets.sops.yaml @@ -0,0 +1,84 @@ +sambaCredentials: ENC[AES256_GCM,data:/Ghze4VQ0RKyTKZAh9T5rX37c2l+W44bayusTSHzU9jBviThWYHJBhPwgnpGaqw=,iv:3PvwXwTpQTsdKL/jqbOs0z6ErnWjY9YW5yQylUwtBMA=,tag:ecaNKAytyCC+eveQHiOtaA==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1d9p83j52m2xg0vh9k7q0uwlxwhs3y6tlv68yg9s2h9mdw2fmmsqshddz5m + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5WXpsV2xYNVdWMkNWZ2NK + bUhCaXhpZG5GeWVXakdySzZhNjdnbmVFNFY4CmZiZEZDaDJSdmFCS1dQZ053V1lF + Z1ZBa0dWRy9jMVZkYXJlLy9WRmIrREEKLS0tIFFLbEhxaTI5OXQyRFJ2bWF1dU9U + WGZxd2dSZGhOVnBLSUNwaEZlMEFydzQKVG18nJUQgS0w69l+x2XD6BA9IEYra4E7 + Wr7GURRrSnS19eqpJR3NTcVBhRO4wUxaj8Xq+nJ54Duik13X1XXdkw== + -----END AGE ENCRYPTED FILE----- + - recipient: age1m83ups8xn2jy4ayr8gw0pyn34smr0huqc5v76e4887az4vsl4yzsj0dlhd + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0NDdTNHlnSkZaT2s2TTVs + MnlSSXJFMUdtQ256LzIyZVJ6eFluejMyYmlNCnp5UzFjelN5bXlqRCttMTNiLzg2 + Z0xzWGZmK2U2Y0xzMlF6QnUzWmRidWcKLS0tIFB4YmJ0bDYzS2llN1RFT1Y5RE40 + KzhXQ1NtbVBWbGxGZjVMRUsvVnI1aTAKxdac0X3IX2HcKtuGHfqJn0MXhxU8bdGw + D1RbcNR1R+uTwZ1IYLG8l6YHXSYV0U6wtv9BuFA7k6ayTA/PmziI6g== + -----END AGE ENCRYPTED FILE----- + - recipient: age18kj3xhlvgjeg2awwku3r8d95w360uysu0w5ejghnp4kh8qmtge5qwa2vjp + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5U0FjbjFrOVd0Rkp1TDJJ + RTgrb0Q4cENjcEljTEJZOEI3NHZWVVI3S1dJCjVnS0JpL0dFbmdSN3Bnc3J1cXd5 + TE1uai92QVEwZFZKU0VUUEwyK3dyNG8KLS0tIEhZTG1kOWgzU2lCbkcxUTc2NHZH + VjdjaEsyT1B6RjdsZWpVK3BJaU1EMlEKvOxJ5TyUYfpvCwpGNQpL+munayzBye2+ + aWKwNfbJS/0gZy+YpdDRwSliiOMh+DKa0rUHCDt/t79+Bhq/1FEpjA== + -----END AGE ENCRYPTED FILE----- + - recipient: age1lp6rrlvmytp9ka6q89m0e0am26222kwrn7aqd45hu07s3a6jv3gqty86eu + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDL2pSS2JQeDVDa2EvMFhx + OEFOT0RvUXdpT2ZYcHFNcmVxYzM1TS9lWkJvCmMvRE1ueUp0akxhVWxtY1dLTmRC + M1U0ajdjT3ppZS81Y1llQll1UGg1emMKLS0tIFFMTEhHRmZrS1hVTjByS3ZmYjJJ + Y2VtanY0RU51N2FFRlM1cVhQWktuSFkKRHc3kH4vvDFgFETVDSWZLES5lfWRcwVW + eQs/glxlPh6yUhCutuEvrIy/fGwNbVaJsuud8jqFMemggt7x981DWg== + -----END AGE ENCRYPTED FILE----- + - recipient: age1e4sd6jjd4uxxsh9xmhdsnu6mqd5h8c4zz4gwme7lkw9ee949fc9q4px9df + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBreXVOaSsvQlBsTXB2dlUy + VlNNMHhNTVFEamJBMTI0dDl4ZlBDSVNlZVg4CjhCNTlIMmdxUjJ0cHJuYUJUT0dV + UWFLNnZwTzVrbitFZTRXVjREYWVlSjQKLS0tIGMvZ25UNkttRTU1dmE1NThBVUR1 + eWdMcy9rejNncEQ0T282QXpsUU1RWHcKJ5b/n751BlLzhsJNxRjAhMuCOD8ed630 + urmj6eX8piCSGOgChviahqEpyrlhrs0WJJxlJyiYWjQ4e0HRgHZaMg== + -----END AGE ENCRYPTED FILE----- + - recipient: age19jm7uuam7gkacm3kh2v7uqgkvmmx0slmm9zwdjhd2ln9r60xzd7qh78c5a + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXZDMwKzlLUnVJdW8zbU1L + ZDBBMm1zV0tWSWxZSU51NU8yS3JNaDk0T1hrCnpFcy8rVUViODNHT0pJR210WUhR + aXp5ZlNENzEyRjI0TXducXpKN1ZsK1EKLS0tIC9HZW9OTnd4WjYxeXNuNDVQeTZx + LytvMjhzTk9NUVFUckJ1MVJhK2MyeWsKJALG7c/heYITQb/EBTAAQCCr4YovGqsH + Y6FhDlwUsPn8SHmHwsi0haAoc7tlMKN6Mtv4MyJ6rSbCBo+c6H0n5A== + -----END AGE ENCRYPTED FILE----- + - recipient: age1nwnqxjuaxlt5g7fe8rnspvn2c36uuef4hzwuwa6cfjfalz2lrd4q4n5fpl + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlRU56YlJCcHdxQUZ5enJE + VGd5cnlKUFpvdGMwVXRDd1B5VmUvVlFUeno4CmF5RVRiSUVTQVJYS2lDdnpFbGgy + OTgzMkVHSWdsTWl6MWtxck5nTU41V1EKLS0tIFpZencxelRCd3R5c2dFSGNRV29l + aU5kS1BnYjNXSC92bFdvV21kRER6TmMK6uKyU0iINdkRXwGfxxFjg+DzowkAFVFa + vsZAbx1Q7V6prwldJwQz516CfvByqLi8s3GYDU7/s99TjK/V+MPqSw== + -----END AGE ENCRYPTED FILE----- + - recipient: age1a8z3p24v32l9yxm5z2l8h7rpc3nhacyfv4jvetk2lenrvsdstd3sdu2kaf + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHNnBWSklCT3RFSExsSDRO + V2hPNmtiUGl5bjdaVU13dVFKVW5wL1hGOTBrClBKcG1YS0x5aGFyNGt5dkhPSDVC + VWNDRFd5VHNjTHVWOEZSNEIwdFNNSUUKLS0tIE9abWUwZDdDUmIybnJ2aVJKbEcw + c3dRV3NmMTFFbUlRUjF4dWZscEV0b3cKgXYOPwLnUyIBOkB2hIlnM42e3TQXXSIf + GpaLKqOVw1fMSC0u7l/sTz7c2tAWVAfSXyOFcyUGpV7VAIKPjXj4og== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-01-03T20:11:27Z" + mac: ENC[AES256_GCM,data:UFU5bQg2/OuCTkqV5efbGh8VPKqJWmyld0r01j97M7+CQGwyWoXlDmaMR+27xSjSDQPxwAhb+ejQue5585VNcztdBoaH0F8wOWgkdlzxiHMvQRC5TXjao4anxNRnedf07+YHQZ74udUa9Qf8UXZqIwb6HNCDmebrNi38GOWfoS0=,iv:YQ8gGj5LgMvaZqwTD3Vtj3tSjaAlmTaCFKaWkgM5WDA=,tag:K2tbaECleS8Rn0uIfL7x9w==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.2