From c6f32af795eb54a547ca52207d9b85f4e976427e Mon Sep 17 00:00:00 2001 From: truxnell <19149206+truxnell@users.noreply.github.com> Date: Sat, 23 Mar 2024 20:58:14 +1100 Subject: [PATCH] wip --- .sops.yaml | 4 +- nixos/hosts/citadel/default.nix | 145 ++++++++++++++++++ .../hosts/citadel/hardware-configuration.nix | 38 +++++ .../optional/cloudflare-dyndns.sops.yaml | 57 ++++--- .../common/optional/dnscrypt-proxy2.sops.yaml | 55 ++++--- nixos/hosts/common/optional/maddy.sops.yaml | 55 ++++--- .../rickenbacker/hardware-configuration.nix | 10 +- 7 files changed, 288 insertions(+), 76 deletions(-) create mode 100644 nixos/hosts/citadel/default.nix create mode 100644 nixos/hosts/citadel/hardware-configuration.nix diff --git a/.sops.yaml b/.sops.yaml index 638fb8f..ef7e25c 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -3,7 +3,8 @@ keys: - &nixosvm age1d3qtnwd73k0npgwhqwpwysdpqa2zyyjyyzs463f5rak9swmw45gsxdyjyn - &nixosvm2 age16mwx76r29pa9lnmagujw9adxrpujxmxu38hjfastf6pgw6v66gjs5ugewz - &dns01 age1y399g6q8cg0efzqdywrswp5uugsfeuxg54ptp3vacrvaknl5dunq22wt5x - - &rickenbacker age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk + - &citadel age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk + - &rickenbacker age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc creation_rules: - path_regex: .*\.sops\.yaml$ @@ -12,4 +13,5 @@ creation_rules: - *nixosvm - *nixosvm2 - *dns01 + - *citadel - *rickenbacker diff --git a/nixos/hosts/citadel/default.nix b/nixos/hosts/citadel/default.nix new file mode 100644 index 0000000..3838124 --- /dev/null +++ b/nixos/hosts/citadel/default.nix @@ -0,0 +1,145 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page, on +# https://search.nixos.org/options and in the NixOS manual (`nixos-help`). +{ config +, lib +, pkgs +, ... +}: { + imports = [ + # Host-specific + ./hardware-configuration.nix + + # Common imports + ../common/nixos + ../common/nixos/users/truxnell + ../common/optional/fish.nix + ../common/optional/monitoring.nix + ../common/optional/reboot-required.nix + ../common/optional/gnome.nix + ../common/optional/editors/vscode + ../common/optional/firefox.nix + ../common/optional/sops-nix.nix + + ]; + + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; # Enabled for raspi4 compilation + + networking.hostName = "citadel"; # Define your hostname. + + # Enable OpenGL + hardware.opengl = { + enable = true; + driSupport = true; + driSupport32Bit = true; + }; + + # Load nvidia driver for Xorg and Wayland + services.xserver.videoDrivers = ["nvidia"]; # or "nvidiaLegacy470 etc. + + hardware.nvidia = { + + # Modesetting is required. + modesetting.enable = true; + + # Nvidia power management. Experimental, and can cause sleep/suspend to fail. + # Enable this if you have graphical corruption issues or application crashes after waking + # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead + # of just the bare essentials. + powerManagement.enable = false; + + # Fine-grained power management. Turns off GPU when not in use. + # Experimental and only works on modern Nvidia GPUs (Turing or newer). + powerManagement.finegrained = false; + + # Use the NVidia open source kernel module (not to be confused with the + # independent third-party "nouveau" open source driver). + # Support is limited to the Turing and later architectures. Full list of + # supported GPUs is at: + # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus + # Only available from driver 515.43.04+ + # Currently alpha-quality/buggy, so false is currently the recommended setting. + open = false; + + # Enable the Nvidia settings menu, + # accessible via `nvidia-settings`. + nvidiaSettings = true; + + # Optionally, you may need to select the appropriate driver version for your specific GPU. + package = config.boot.kernelPackages.nvidiaPackages.stable; + }; + + # Pick only one of the below networking options. + # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. + # networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. + + # Configure network proxy if necessary + # networking.proxy.default = "http://user:password@proxy:port/"; + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + + # Select internationalisation properties. + # i18n.defaultLocale = "en_US.UTF-8"; + # console = { + # font = "Lat2-Terminus16"; + # keyMap = "us"; + # useXkbConfig = true; # use xkb.options in tty. + # }; + + # Enable the X11 windowing system. + # services.xserver.enable = true; + + # Configure keymap in X11 + # services.xserver.xkb.layout = "us"; + # services.xserver.xkb.options = "eurosign:e,caps:escape"; + + # Enable CUPS to print documents. + # services.printing.enable = true; + + # Enable sound. + # sound.enable = true; + # hardware.pulseaudio.enable = true; + + # Enable touchpad support (enabled default in most desktopManager). + # services.xserver.libinput.enable = true; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.mtr.enable = true; + # programs.gnupg.agent = { + # enable = true; + # enableSSHSupport = true; + # }; + + # List services that you want to enable: + + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + # Copy the NixOS configuration file and link it from the resulting system + # (/run/current-system/configuration.nix). This is useful in case you + # accidentally delete configuration.nix. + # system.copySystemConfiguration = true; + + # This option defines the first version of NixOS you have installed on this particular machine, + # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. + # + # Most users should NEVER change this value after the initial install, for any reason, + # even if you've upgraded your system to a new NixOS release. + # + # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, + # so changing it will NOT upgrade your system. + # + # This value being lower than the current NixOS release does NOT mean your system is + # out of date, out of support, or vulnerable. + # + # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, + # and migrated your data accordingly. + # + # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . + system.stateVersion = "23.11"; # Did you read the comment? +} diff --git a/nixos/hosts/citadel/hardware-configuration.nix b/nixos/hosts/citadel/hardware-configuration.nix new file mode 100644 index 0000000..09462b7 --- /dev/null +++ b/nixos/hosts/citadel/hardware-configuration.nix @@ -0,0 +1,38 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/701fc943-ede7-41ed-8a53-3cc38fc68fe5"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/C634-F571"; + fsType = "vfat"; + }; + + swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp12s0.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp13s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/nixos/hosts/common/optional/cloudflare-dyndns.sops.yaml b/nixos/hosts/common/optional/cloudflare-dyndns.sops.yaml index 2c545e6..2682311 100644 --- a/nixos/hosts/common/optional/cloudflare-dyndns.sops.yaml +++ b/nixos/hosts/common/optional/cloudflare-dyndns.sops.yaml @@ -1,8 +1,8 @@ system: networking: - #ENC[AES256_GCM,data:pZhhqGtwLJ4JiBm9056d8HQnzvQZeAghKkOButPkbnjXmXxzKWSZVJhbqU0Hc+XBs+EcUOCcvsSDd+Pkue9sxEwJoTmWIc8WzvUTHw==,iv:bKt6g8YBlsMxXcKaPW+5uMNbTh93YxnHxjOW4gwPrhY=,tag:kx7grZBcgSvYn2TBpDiAnQ==,type:comment] + #ENC[AES256_GCM,data:JFRHRwBs7Qdlsjp5cJyPo7xey9vwDKI4lsaWwOVLGuAeSWcIUXmoF6jkZkutKI+txyjQoxqrXtvab+M6DDBG9jCC3/qcQxiljvK6+Q==,iv:tK+9bBVgDe2T5wDArr3IrSuTND16VUdMtsfbQ9OipT8=,tag:baChOJUpTAk05LRSxwNfqQ==,type:comment] cloudflare-dyndns: - apiTokenFile: ENC[AES256_GCM,data:HCPDP3uDBchxKBT0iu5obiLK8echeVyWfhBJ2ejq2cyZV00Uwh/t+usEMzmkrXdBGHUpafMIkUkAcOhCJYa8f9bEFYcJVowbE+nff3GsBtm4rA7Hx0ZVgHOjSyEVo6vPtWgX1y8EwUrAKSZYCoiG7uI/Gg==,iv:BZWwztLfSjg5n57gTsXiVZ5sn9mJzizS15KGkCHnalg=,tag:9INru4xTAH8gMXZcqHS0uA==,type:str] + apiTokenFile: ENC[AES256_GCM,data:CG4KyihV3MQ9/JPmKnRAwUbOQb1IrM9yKtWeIbXtjRDjxENIcJC+tId4S9WnQ0u6WwtyDPIEbjNcZXd4pckL41mBb9E4j8Cap+ocEmuWyP4xOu/a46+yVF+Ai2mzehIx1xzx5+HsHzdh2W0WXq/T5Vi/Tg==,iv:PVQVajn/ZaA0mJEOWp+9aKECkSV0ZuQdd0U2nKw/sHI=,tag:Jj/uotKuagQa9cj7OOrcFg==,type:str] sops: kms: [] gcp_kms: [] @@ -12,41 +12,50 @@ sops: - recipient: age1d3qtnwd73k0npgwhqwpwysdpqa2zyyjyyzs463f5rak9swmw45gsxdyjyn enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOSlhOUWRldTVEaVg2Vk9L - eDVXaExqbWRtSVlaVXBCdXpGek1oVXZ2a0ZzClpOUEtjMEE0KzNobmFCLzg0S0Vh - WnhKeDFUOXdvZ25ndjhuVitWWE0vVlEKLS0tIG9zZzNvWU9KZ2c0SEsxN3oybjFw - Q3RTL1Y2MjYrQW40UnZMZlZVUncwVEkK7Sh4kSeSxgtbclAdQdITzOVpSBbF3t4R - tvUEEun08V5FO01QzyNuTBC9q5geGwRgjvtWSX3lECSD1AaG7VuNCA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxQnZRaVB1eWlBRTlMNlUv + WVZxd0VSMUxlT2prY0hQSllVZWgxSFhXY0Y0CkdBNnpieTdXZ2lWUUNYSTNVUEVk + OEpUaGNHNFVYcFJEVE82RWVFZzl5MUUKLS0tIHQyT3lxZzdHNkpINTNTN3ZwQ0ZM + WVl1aHphTCtiM3FlbzBoMWMyaS9oT1UK73PSRG50mZ8S6FajvllQFt9Ye8BoJJUe + iOw1H2tYr4V7QjHOaE5yCvQJTMUtc4EI+PfkmiiKRtsKbfibO1IylQ== -----END AGE ENCRYPTED FILE----- - recipient: age16mwx76r29pa9lnmagujw9adxrpujxmxu38hjfastf6pgw6v66gjs5ugewz enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPVWsyR2JqSHA2NEQrV3k1 - SkFjV21oMERJR0Vra0pvalpMNlBVVTY3eVRRCnNtOVhiTkpGY1hwYW9RYW83TldX - aWxhZTRWKzNQYy9DWnpwbCtmWWMrbzAKLS0tIGpRazhEZHpRUVVmWFh5QnVlcGVn - citoYmdhRUlNODdlaVdwbmE5ejV2RlkKJh/ZHEnDe5yjY88mzXFHE2rQgIjybEgC - EnbmboDKby/Ns4Rts8M/qS9AUcbk+3B5Ls0IM4zPIGPH1UflKbFbJA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBieUlpT2ZHYXY3bm1TUGc2 + c2NlM1V2V2pZbFI2SjFXdnF6Z2JqS21jblRnCm5hdzJIenB4WXRweEVGV1dsUzY0 + bVZDQjExZzdWVmlkaXdiQzhsaEhRcEkKLS0tIG03aXEzbXB6VWRxcmFZQ2IvK3lR + Q1RRL2pIT0Q4bk4zQUszYkhFTU54MU0KUCr7lwMzu2FNxmDkWsNxpiJ5F/DaAOWj + GhU0TFPJP8jEBDHJKXPJ9IMkXtyLU4F14pZBQGk6cVmQ7Ll7ABAW5g== -----END AGE ENCRYPTED FILE----- - recipient: age1y399g6q8cg0efzqdywrswp5uugsfeuxg54ptp3vacrvaknl5dunq22wt5x enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4ZzdmQXdLZnl1dWhnN3Mv - ZmRtRE85ZFhqYkpGbTQ5ZjRuN3IyWjE5UVJnCnNFT1NqQ0hGMjFHNmlPVmxYOWYx - N3BXOC9Ic09hTTVydHhPYzg5U3NwWTQKLS0tIEw4eFpDc25HeW5GK1NBZUpHYWdL - NEtGMXZabVlzejhMOHRBVDNoeTVkbmcKbx3mHeCwfjWB1RfsGV2fsGgr+A6ObkhG - 4Ki+HkGB1XkU/gkU6PwyAq3/9wF/h7otoGHNcvKuMVZNj8AbtSy15g== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiL1BjMUswTkMrU2kvRDNx + MGYrY25mbS9rWThvQ05lc1VnWExpRk9LQjNZCkF3REt6bGIrZTNKTGpnalZycVdi + R1NSOTNoeGdCcVZCQW0rM1B3cENHT2MKLS0tIFIwQzk5cFIyNkwvZm5rQkNnVU1y + ZEZEaWUydmV6VXVFdEpubkZRcjNvbUkKMuX2cuewaVDQh3WcEvTq3b/OT9D4eLQ8 + dP6e2umiDuWO7xjSDtN2hMvAtwzJ2ac0hpGCl0yVFAcDeCP17O9alA== -----END AGE ENCRYPTED FILE----- - recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBISTF6ZGt5L0dDNHp1cFRK - SUVMVnlmOHFKR2hEMW43OHl2WVc0T0xnOVhNCjFlZHJjUEIvT1NYMHdGSS9xMkNY - dFgyeHQwRWRIbzFPREU2M0Vjb3FObTAKLS0tIGxuSHF3RWtiZE1KZG80K3BlMWh5 - M0x2SzNYa2QvZlJ5aW16UWRGMU1RYU0KTJIhjRj5g5yiSqxHupbPVSUsuasCgmST - OG3iofre+AVi5WfWTaSArfpTCm/y1z2UGbSK+KmJ0SM4xayyTvLbIQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaNjcvMFpXbkJDZnoyT01D + Mmc5L09KMCtxVFhWWW9YWkh2YSs5c1RscnlvCm9BbmJWZkQ0UmFuVWFrSVJMY0da + TFNLUXVKWFV6bzN4RXg3Q3hoaW5UdTAKLS0tIEZzWVd0d1hFZ0xPczE1NUt1SWl4 + Z0hZcTl2OWNsRU9ncWhjMW1CNGtuQUEKDGSbGS4CTWWZuyH2DqcMd+SmH8Mmgn6Z + jqEfzCWcV0eUWN+89ic75I/Yy9JpBPvhyNnTatMeEOk6gypebgk6GQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-03-21T11:56:33Z" - mac: ENC[AES256_GCM,data:afQFkMRxfYsBKPfoAYSH1sNkGWDZRMH51PREmCnBb5UyZ4dEIPaLeZfnnOVY5+91EsJDURpXO7Moks6NV1zm36IdrBBkUG/2kHYQDbsrO7OQ+Lpuqk/e+Mp80oAkisWVIjytEDdzrHH4xs6YVj2/ihbTA2pVnqiBNMViEx2mGN0=,iv:w65sp9n/iqy6c2By90xCEjJKL6KwbZiB8fIb9RsEeAw=,tag:au3SnXULfI2TXsRuYQMNIw==,type:str] + - recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzNHdwTHVGWGNWajdGTHVp + aTdndkl6SlE5TWM4dm5QOVZJMkxiL0VRaFhRCnlOSE1HdCtxbmlEak44VDloa0U4 + ekIzSFV5bldldnZ0eVNnV0t5MzllUjAKLS0tIFdwRjZIT21FR3VDeVV1V3VnRDZu + YjYrckxVRFFQcDNHVDNTNTVjVUZWV2cKkGTwaweH584hootSwsldyoiHfBFYMaNO + K4PuA8SHQMBP5obqljiplFx+ld+cFii10BLKbuNLx97oRJy5WyRqzA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-03-23T09:42:43Z" + mac: ENC[AES256_GCM,data:9B0TsfNaVnt7WrO0jkP4dd37Ys3JKj94d4Js31wCsPw5JZbfb+eC5meqIti1PJhw19xRG1BdpXLXGQ6XEpVPY7mU+BiVNpgaGv9+tYlxibie7+oHuCuVhnQUnqh3/FllDlq1U3jwtwHjXrEkJyKD85afPdegFrkbVozMCoNE7Cg=,iv:8tHw/5A+6IHnFURCDwsw8Kune0vNilN3CBz1e3T7Mpk=,tag:8ZRnkOd/DfoPzkEjwhK+iQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 diff --git a/nixos/hosts/common/optional/dnscrypt-proxy2.sops.yaml b/nixos/hosts/common/optional/dnscrypt-proxy2.sops.yaml index 240acdc..8b354ac 100644 --- a/nixos/hosts/common/optional/dnscrypt-proxy2.sops.yaml +++ b/nixos/hosts/common/optional/dnscrypt-proxy2.sops.yaml @@ -1,7 +1,7 @@ system: networking: dnscrypt-proxy2: - forwarding-rules: ENC[AES256_GCM,data:pQ/4p670nxLQB2aVenFag/Ngk+SgGXDSW8GZJDYCRxsv7A/2qtuhw5qQ+x7Gmx4OonJy9futOg9EsylfztelUnGSve09Yx/KuQUAd5ctnfBnLWqOtX1snpm3oHD0eRYOEzo/UUJlAo26qTwOhn0t56ATv+LemIsn94wCjiWA2mg91T2VuIPWRoHfpZB5JxAV5/9vUfiGdLka4TugxDzsEvFtYAGuta3pJuQJ8Fv3O+idTsF9izU/JZKNTDe1kwngT5paMQTpAi2dqLq0MgjaXbhJsTBpYwctRy7Qs2/Q5AjNvXTfrmtIHy9wo9dD9MWRoYHC27wsMiuMlwrfNSZpt1mMVFddsS+GhpEfTwp1XPub8Cavc74VmYzQLL20e0/2jH4Swjq+mCtBGnnW+qA4ZMCbh/NDpNhm6Am5hPB49d+Vxfdhp/QeNOis55usD1aYAAoM5FFCH9NzOWCHcturqxc=,iv:FmjGnacQU17+/SFHzauuj//R94uKPhTv87rcL4QvVjk=,tag:lGFrCyZ6Dl/n9HIIdZZf4Q==,type:str] + forwarding-rules: ENC[AES256_GCM,data:/Bmttk/FpmpN7IvxUgR2Hv/x0nqXP/YxGVSssYQUEcSIq0P5D5biyXK86yrbEsqUJzhH3kr2SjRHIWnZbJbtcYp/SfvqmktBfACmraYsrwO8uYkZq9dcMjBLO6T+UUeZzbD3nRF6TSgxpFYR7SWCn7P/DejcfSFT8wUJyLCqYMtkkilgOPXIzfYMH+982fmRHxQeswTuMUPXk/iczvAfQ6F85ZhFbJojzvf7eXZ3uxUwkGRE7kjsqguA5GUkYzQXsiXD2Tg2iAco5V2fQqmOEvdK/a0NCPogijIdPxgxJZENG/7ssz7k1U0egToCbPy9DcC/n3FEH+5hCEvHt5ErlrR63QBfwAf8K3TJHygCpWx5qMx//+JIUfPtWsS1y6tzvZ+2eQYscolZBQSIPkgD8KbHjEAkIlUtNqYPgGxwvyGCiucEWWc8BQImUYm+OpZwFiM1tfOAewB0W8v8o7b8PTY=,iv:MBq6w9o8iHQ51C53uLh34D5C7D1wMSGkwXQtb09y3tI=,tag:vZ5SQWmm72ytJr1zOqVgCA==,type:str] sops: kms: [] gcp_kms: [] @@ -11,41 +11,50 @@ sops: - recipient: age1d3qtnwd73k0npgwhqwpwysdpqa2zyyjyyzs463f5rak9swmw45gsxdyjyn enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0TCtBSTMxVGZGbDlqV1JX - V1JtWTRTaXFKdlhvaW9oaXozN2hPanpNdDJzClQ5MVcxcytRMERiZjRGRmZ6MTlK - SWxpQWhGdk5FVVZtUEJMYnpEdFcvRGcKLS0tIDlwc2x2aGdCZkNWM2FIQXBBTzg4 - OFFPeWVIWGI2NWhxMEhjWGtHeVl2bGcKL8r6ktx/OfboZGy8FPJqLXrschvhatMe - BEtT4vbCGw7Zj6KjaZeJoMIdHtIcC1wi7N4sB6oIvCyxBpQajfFfCQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOaUkyWnhXZDNBWUx6VXZx + c1h0S0dJKzVlTkdkVTRsVlg1Z2w3c3pOS2xrCk9TTGpsbyszRUg2N2RzZG4yYWYx + Sk9zaEFCbjJQb082Zm9La1hLN1h0QjgKLS0tIDNmUUcybFdiOVhLZXY2bUlmeXpx + eGRkRDl2MlhJeEJLdXBYcE9XSFgxVnMKx6nlTItqsde0ZzudnNyy3IcWyE9OfyDM + Iq7S1xNyMxFNKoj7ZQ9O+WKpf4/A7nCgB93qdKi8dyFcQsNL+7z2/A== -----END AGE ENCRYPTED FILE----- - recipient: age16mwx76r29pa9lnmagujw9adxrpujxmxu38hjfastf6pgw6v66gjs5ugewz enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhekpvRzZHSkxEcFFPVjZh - b2p4SCtrRnp5UzZlU3NLb04wQzRXY3NWT2pVClJFM0dVNVFDWkErWDdRL2Q5NEth - NThEako2L2JrT3VBajBwdUVJd0Q5Z00KLS0tIGNGekF1Um1xQlJYMmc2Y2c1Mlhl - ak16ZVFMVnBwZ0dJRkNzRFRoanE2L1kKW4Oxl4WniSVQuQTxTfEBwUOY7FBsJKp/ - FZwpti7hhdX6Fc7YAXj59KClyGBzyzOBVboY0bQzMD4XuoRkgd5aDA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4ZnFldVp2Y2NzR0dyQVVZ + b3pxdUExcDExUWg3YkVYZVBOTm1IKzRwYUVZCkxNUitNK0syS1JjU1N6NWNlYVk5 + UFV4Wk55cEd1bWZ2WTJjaHB5NVg3K0UKLS0tIDV2bGtPZ1FhVjNVRUE5VWdQSktQ + aHJEa3hVSy90U3ZicnluS2dxMXU0L2cKGLPwOid+L7IWZtKgQ8lF2pPrAOrxZBFA + ctYXJHi31T0U2MDBrOsarmRhMd1ofvUQnz/lemgIG2F2HxTad7R2Rg== -----END AGE ENCRYPTED FILE----- - recipient: age1y399g6q8cg0efzqdywrswp5uugsfeuxg54ptp3vacrvaknl5dunq22wt5x enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBha0pRZlczNHd3SlJmVDBU - aTZaT29mbW9oZkJGL3hpNDZFbkpsSGk5dmtrCno1aFU1ZGsyYUZETUFtNHBzL2tU - bHpZVE1Jb2R6Z0QxYUc3cGNpR3N1MzQKLS0tIFFUc2VhM2tTNHRSanYxOVZmNVpK - Yi9GemV4c0hMNWRNWnplVnNVcnBjUm8KF3NraIgrWU18VlWpiPC1l2iaUqwrPNkS - L8geWFzOPa16/0tLbFJc22v4z8XJor59msEqZtBHTSjKCk6SrA2mhg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyWTVma1hMN2NHMithazJI + YjNYRHRDcnZ1VnUrOWxnczZ3Q2QrdjNpcHdFClQvb2ZJMDFKRlVabUk0Mmc1NE5E + NjdRcmh3ZG1lN0FrMDJZU2RndW5nM2MKLS0tIE01cnpJMXRZY25waWdaa00wbWxP + RmJWVld2Yyt0OXdZVzRQeFBQTDdQZ0EKewL6evla5/CrqsSoDgK5TbQv2B26Unc/ + /WU+Zi/bo0bd4iDfbUPdtxg9hUqsnP4cjnX0bFR9PP1IHcbTaS3cMw== -----END AGE ENCRYPTED FILE----- - recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1Qk9WK0IwY2hjQkIxMm9F - NWhiQWV4WjlpK2p3Q3NrblBROG5xa0oyYjNNCjVqRys5dGxabkl3eUVWNWNCOHpx - N2RiWThzNGovMFlVcmhrZjVHR09pelkKLS0tIGRFemo3NVh4dGFxNm1JOGM5TXFK - YmVhVU4vT2JWdjJyWkRsL3h0VjJESFEKMVOK8FxLJJyYIPF5i31QoULTJRjq8s+8 - 0T4tZXvJV9WgKG8qWTo4pGfnQDDp6QdqSzb2b02WQJEexmaeR979fw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNbmltMUd4OWpzL3VDVk8y + N202YlIrWXg1QnprdjNJRUtiaXZvVVBOdWlrCitoQnQvbUxLN3E5VEhaZlh0OTln + eXlhV1YzMUFVK0hzNTdyQ2gwSUxzZEkKLS0tIDFaWTU2WUR1aWhxM0M5am9sOFVQ + VjJnbE1SQ285MVJHeExxbnpwV0c3Z0EKZsw0o7hZgswaqVh/K3kDORJiSxkGK9Zr + cJHnA2e7osm7F4wrkc++GXCEsjvdM1V8uXp8bHrrvBwlbBJA4C09HA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-03-21T11:56:33Z" - mac: ENC[AES256_GCM,data:7i10h+RJUJamnPvFIcORQrDukNudtXHLXeNkQqGHCCWsRPnXOtP8Yw8/l0QR9TH5BIxT/u7mjJnz7WfmhghkYSnKPqyHEmYtoLgmq4AsrpSoXUgbBdMDgm6UZr8NqkE2J0EUDI1AhzAH9JCakRBsrO07qRsHyjiH5Q01w0oLYTM=,iv:4gqb0eHHsHkLNLZ0jTqGRp8OGad/49VKmhINLQwlc4M=,tag:13noyAbETQkj7uVSCRD8pg==,type:str] + - recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpdXU5N1FyUHdZNmI1UEhX + NDcwR29UNE9hd2dsMHlDSjV4b0Qyd0lhelZVCjdhd3hnWFZncGlyTVJxdHZabXFN + dExUMmdRSm43UWtIYmhzZ3hTd29WRzgKLS0tIFVjZy9LbGMzR1VJTGs1eFFzZG1B + OUVlYXh5MENVZ1YxempVYlQzeUQwMXMKn5AzTMxMGCbQUGdtsOt9d4yxK1R6Vb0G + +IwgbUNS6+djhuW5TMoW7Avc/b3JbQ3oc6VgXLxTG5X2qBqasKw6Xg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-03-23T09:42:43Z" + mac: ENC[AES256_GCM,data:U7y0kd6xcz2S/1X0/FDqk4kq29K6nGE38WAfnmpgbfYXUQnbbe4dBPTbyo47tKRZiY05baYSi4cqUwYiGU9LX6KvfZSq3bYJRLiqKGrk5AMUyrzygWvceOaO2yYhjRHKU7J0rNq9pbXwtn/vjbKfzDQxXnWkAQ+/SIJbDebMlB8=,iv:5lTN4qd7XaRK0H/S6bYTMQJ3XIRGsoTVS2oK9MDBfOI=,tag:wgdr6/XA1vO3/ZqbvlPVEQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 diff --git a/nixos/hosts/common/optional/maddy.sops.yaml b/nixos/hosts/common/optional/maddy.sops.yaml index c6c2aa7..b4e854e 100644 --- a/nixos/hosts/common/optional/maddy.sops.yaml +++ b/nixos/hosts/common/optional/maddy.sops.yaml @@ -1,7 +1,7 @@ system: mail: maddy: - envFile: ENC[AES256_GCM,data:VFqV/ZqnOlJeJKNZ0YGf1ORPQGn61GFqaSyHnRwh2aH/Xe67FJEsUsY1HW8hsZ3nKssmk5kbvvUZ39kqwUpqQtwhkE//YOhFCdYzW1hsT2nc/Nfm8pSGSiy+VTKehp1/QBsm+p9n4kgvlIwZaneerMQH+Z3B/1d9285wckZWrFuMxWw=,iv:lj9OGG5vEgF1osQIpnxYHEYwVQMAZaeWqSXfES2ESVI=,tag:H1PTFWs3iNwInXUe0e5aFA==,type:str] + envFile: ENC[AES256_GCM,data:Tl3ho1MPmjdoDnCF7it3zFsVpv7l7D9nzFFKWfyqhBYmk41kq8SXIFsHBci0tAc8ON628/zb4D1rwXtj1N3AVcCEQeM8snjwo0wd6pc6yoCLnkf3mRITZAftLEgLPJbAsb/OAtDQY7IKiPYubZwBCDjbsQrWez1ZYMO5WpsPD+2VOTI=,iv:HhZCs4uiJK2iXJiAupMQ0NQq0xs0WRiBJchc19UbgQM=,tag:t1SbqqItK5wX9Wbli2V4Aw==,type:str] sops: kms: [] gcp_kms: [] @@ -11,41 +11,50 @@ sops: - recipient: age1d3qtnwd73k0npgwhqwpwysdpqa2zyyjyyzs463f5rak9swmw45gsxdyjyn enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvWXFWT0ZJaHVwMSt2by9Z - cXEyWDBmb3Q5VEEydlZoMU9PdGt5cFM5TWdJCmg4VC91NXlMdHg2OXFZeGlTK0ZJ - eE5IY1V3N1pNTHRpZGQ4YjlrU1Q3KzAKLS0tIGxFbkdoRU81b0o1UGlHeFJ4eWkr - Q2VjY243REx4ZzlVd2M5TlhFSjBCTm8KlVvxg9WvhEvhhKozS03hCz5doU3YnIal - erRZggFlxzdpG5Nk/tfEaQhGL6HeeF5j8uBO/x9E7DMYpxtMxwA5BA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZZU9rU2JsWVF5OEVsbTBF + QlJLVDFWU3BISzl1SWk4SUUwL3VCNFZQY1VvCk5nTXJlazFQNXo1ZVhJMEpTRnVE + VlNaalRqTUtTUlBVeWVVaTFvMmJKVVUKLS0tIFM5SEIyOURhUWFHa3RrbVBSRFlT + VS9WaGhGUWpMcEJ0UUVsRVR2S2FtR2cKhePhqrlZ9KpD9CQOJ7tObqLOXWCxIxUv + X5jPf2gEsWSPnrVPehSbLjsyAFlMOVCgEcc1o5qec+cFgqwN3HcuAw== -----END AGE ENCRYPTED FILE----- - recipient: age16mwx76r29pa9lnmagujw9adxrpujxmxu38hjfastf6pgw6v66gjs5ugewz enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEREVkRmJGRTdiUlhhMGQ2 - aytPZnM3NnNFcWtrRHJqVWlCZ0FGY29JVDM0CmZSbWhsVlBPTXZxL00wUHl1Q3pn - aHFnQWQzNllZaDF0MUIweVVFVlhoMG8KLS0tIFpaOXl0TU93Z0Nkbng4L08xbU1Z - VzhGdEwzTDh2QVlZVVhJbkYxV1pJbncKcx51Llv2qiX2hTHx9P3+STFYhuG9SKqM - P0JLENehLDU4pYF3qva92dr47msBAEPmnVTs4C4Lj6aycoc4WXhjcA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFSTBWVXlyN1U4dE80MnpR + UWNFYjZycUlFR1FETEJLRDdiNnZ1NzRZOEF3Cnd3QkI4TlBZRkxmL2kwaTl5eUVC + UGNGbnc2T1hPcWxOZjNBTTlrWDdnTTgKLS0tIEFjR3BFMyt1NUhhRUdmMzlMNHow + RVlqSmhZQVZXcXZFOVBhTEdDMVQvTzQK2ZMfPvX7plEopZH1mXLvc1cxa6SD/GM7 + EBaUbiRM4IccKf+6Q9w4Zna/3naHgr2EyDhJnXiNx6C5sMPpx+0Npw== -----END AGE ENCRYPTED FILE----- - recipient: age1y399g6q8cg0efzqdywrswp5uugsfeuxg54ptp3vacrvaknl5dunq22wt5x enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkSnlXSUJ1cFlVNVdobVBQ - Z3lYMW5VY0NKMFlZOC94WWtyWUdDdnZjZFVFCnZJeFUyWlpCbGdzOHpNbzdOcEVF - Uk9XTE92ZjhiVGNuaTN0SDgwU1F4dkkKLS0tIFdVNjl3c3VQaWY5eDUxRG9LT2w3 - Ti9HYmplcW8vQnJObk5zU2VjcXlwRGsKDhUS5CF7CXK8ZxdJ4qpZx2ZV8LAYsiUw - x+W8bmsyUlMRGX6qxi/U834t25k8/49eDWkjQXMHvIO9oYXEUak1iA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwQ2tiTUdTcjcxS3VIdDN0 + NXBqT3Vsc21CaTBxaWRMcDRDOEFhNDIwZXdJCkdtY0VyWGVPTk5VQXhJQXV3RWtt + Wkg0SWI3M0VzclM0TFliNmtBT0U0akkKLS0tIGxWZG9BelVHSzNROVVUQ0VJLzdF + OEphZmdxN0kvc2tpUlJYTXZ0M0ZPem8K3xHBOjygxjQsyXUFh8kK5YPWLDPUAJho + AiVmd5EtWzFJikz4MW9a6P7eeUUzdVEBa4KGI9VdJ8JDFtLGZmmG+A== -----END AGE ENCRYPTED FILE----- - recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0QW5aeEJnY0R5SmNnYldM - UTNZaUZCWDdMMVQ2bWZCWk5TZ29KVEhWa2tzCjdSc1h2K1cycllFbTZqb1VteHhs - N0l1K2hkem51ZGx3TlZDQ1J6SVRDR28KLS0tIG1UaGVBNzl5NUtocFNzYVlUWkUz - K0lDVE10a0hZZ0xQcDljWnZmc1U1L1UKyjf60ujEGDMJ2/RNRjT3y3eot83UOdKY - cbQBKcKrUHs2JeVpcFQk8jy7CaPXSGJePmp8jicArw1nGJvCReaGEQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnN3VrcFZZSXp0eHVaZXpz + R0RWUkpTOXVTb1Z3ZVdRK0N4Q2NsNTE1cmwwCkxWd3BRWDNpYXFrNG52S01paFdh + U2VwSDNVaDdySDh6dTcwQWszU1dBSlUKLS0tIG5XVWkxUFhhZTMvL1pOYnZwdWJI + NE1ldE5lbDRKZzd0clhSMEl0dUM4d1kKa1EJEG5Vs7MAlCjJJN7rE/9u18enxjdM + noJCoHviMHymGL5SR7BccPyrsJ3V3wH6BTEYQ6iVbC5wV2jkRFH+tg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-03-21T11:56:33Z" - mac: ENC[AES256_GCM,data:hJxB91k91sDyZjmIntzCakFnSiLr7+qBPeneV8RmPJBod8Z3cFwHJ0pv5LyO7wIFhleW2kH+NM8b0Go4uiz7G683wfc9QTUxiUh5tR92a4xK5QnoMQ5S/AgDM9FDWYQ2cRWutqIdMA/TbGsfrwNLCdiGli5N4Ie98y3BXlGyuIY=,iv:NldyFeAF/hJEdg4VVymtHEebfbJD/GaxGaP55F/vKY4=,tag:e709To5PwxJJvDPVJhJecw==,type:str] + - recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBveFZjREFtdnFSaWFmdlh1 + OTRhdElyS2l2LzhxK1A3WXVYYUdHanFZVlRnCjIvZ1JkTU1haWVoa3BjUWhyVTQr + ZnFLUnUvVS92N05UYU5KNitDVGVnV3MKLS0tIHJ6TWE1M0NaL2lSOUZEek9STDMr + eUphaFNjN3lBTnBJeFcvTGlMRG1VTVkKA6NMCTagSRvGP9buvAcHrkBlvAH48JDF + bRc92UqgD4PjK4uwjyQX25t81MBMAhcCBcVxSAIQwhRol1WXa2k7ZA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-03-23T09:42:43Z" + mac: ENC[AES256_GCM,data:c9u1+jT/GYCckbdGACGATi9gBRFW5YBjz74vUBMYUkz609BxMG0IQdQSCLNvF/3WM3MDABW6qooxsArVu7Cofq2peD59x5DJVM6Q2Q6SHhqOZAgg1YketI+LFrpuS0eL20EwrgQStRDrbPR0kk5KLlAYyWEfSK4HOqY50IKrPYc=,iv:pzPrtQ2vzyajmGlNqFI+NKrIrqbqoYFsxdAFebSgq0c=,tag:3D7EOXAiV0VWjj3abofyjw==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 diff --git a/nixos/hosts/rickenbacker/hardware-configuration.nix b/nixos/hosts/rickenbacker/hardware-configuration.nix index 09462b7..3e84390 100644 --- a/nixos/hosts/rickenbacker/hardware-configuration.nix +++ b/nixos/hosts/rickenbacker/hardware-configuration.nix @@ -8,18 +8,18 @@ [ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; + boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "usbhid" "usb_storage" "sd_mod" ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ "kvm-amd" ]; boot.extraModulePackages = [ ]; fileSystems."/" = - { device = "/dev/disk/by-uuid/701fc943-ede7-41ed-8a53-3cc38fc68fe5"; + { device = "/dev/disk/by-uuid/fe728106-aaf8-46e6-ab46-1610f1f4398a"; fsType = "ext4"; }; fileSystems."/boot" = - { device = "/dev/disk/by-uuid/C634-F571"; + { device = "/dev/disk/by-uuid/44D0-91EC"; fsType = "vfat"; }; @@ -30,8 +30,8 @@ # still possible to use this option, but it's recommended to use it in conjunction # with explicit per-interface declarations with `networking.interfaces..useDHCP`. networking.useDHCP = lib.mkDefault true; - # networking.interfaces.enp12s0.useDHCP = lib.mkDefault true; - # networking.interfaces.wlp13s0.useDHCP = lib.mkDefault true; + # networking.interfaces.enp2s0.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;