diff --git a/devices/vps4/default.nix b/devices/vps4/default.nix index 37f70dde..11f14968 100644 --- a/devices/vps4/default.nix +++ b/devices/vps4/default.nix @@ -12,19 +12,25 @@ inputs: { btrfs = { - "/dev/disk/by-uuid/24577c0e-d56b-45ba-8b36-95a848228600"."/boot" = "/boot"; + "/dev/disk/by-uuid/403fe853-8648-4c16-b2b5-3dfa88aee351"."/boot" = "/boot"; "/dev/mapper/root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; }; }; }; + decrypt.manual = + { + enable = true; + devices."/dev/disk/by-uuid/bf7646f9-496c-484e-ada0-30335da57068" = { mapper = "root"; ssd = true; }; + delayedMount = [ "/" ]; + }; swap = [ "/nix/swap/swap" ]; rollingRootfs = {}; }; - grub.installDevice = "/dev/disk/by-path/pci-0000:00:05.0-scsi-0:0:0:0"; + grub.installDevice = "/dev/disk/by-path/pci-0000:00:04.0"; nixpkgs.march = "znver2"; nix.substituters = [ "https://cache.nixos.org/" "https://nix-store.chn.moe" ]; initrd.sshd.enable = true; networking = { hostname = "vps4"; networkd = {}; }; - kernel.variant = "cachyos-server"; + kernel.variant = "xanmod-latest"; }; services = { diff --git a/modules/system/fileSystems/vps4.key b/modules/system/fileSystems/vps4.key new file mode 100644 index 00000000..7ca24f61 Binary files /dev/null and b/modules/system/fileSystems/vps4.key differ diff --git a/modules/user/chn/default.nix b/modules/user/chn/default.nix index 92fa4953..2b876558 100644 --- a/modules/user/chn/default.nix +++ b/modules/user/chn/default.nix @@ -61,6 +61,7 @@ inputs: cat = "${inputs.pkgs.coreutils}/bin/cat"; gpg = "${inputs.pkgs.gnupg}/bin/gpg"; ssh = "${inputs.pkgs.openssh}/bin/ssh"; + # generate using echo -n key | gpg --encrypt --recipient chn > xxx.key in inputs.pkgs.writeShellScriptBin "remote-decrypt" (builtins.concatStringsSep "\n" ( (builtins.map (system: builtins.concatStringsSep "\n"