nas: final setup

2024-10-22 23:39:02 +08:00 · 2023-09-10 14:53:59 +08:00 · 2023-09-10 14:53:59 +08:00 · e7df638e35
commit e7df638e35
parent eba953b7ad
3 changed files with 27 additions and 22 deletions
--- a/.sops.yaml
+++ b/.sops.yaml
@ -5,6 +5,7 @@ keys: # cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age
  - &vps7 age137x7csalutwvfygvvzpemlsywvdxj3j4z93a50z2sjx03w6zau8q3r5902
  - &yoga age1qrea4twxdhd7fnvlq5v45528c90qy6hp2wa55kghsxzgut6n6fxs7w6u42
  - &pe age1cahahn9hp265dkhduaec65vugk8fct2vt9ur6y54m4mgmyx4v4fq0etjhv
+  - &nas age19lhcwk37jmvn6z0v4dpdfh0k4u23f76twdjknc0p7atktf37rd7s4t4wj3
 creation_rules:
  - path_regex: secrets/pc\.yaml$
    key_groups:
@ -29,6 +30,7 @@ creation_rules:
    key_groups:
    - age:
      - *chn
+      - *nas
  - path_regex: secrets/xmupc1\.yaml$
    key_groups:
    - age:
--- a/flake.nix
+++ b/flake.nix
@ -406,29 +406,23 @@
                {
                  mount =
                  {
+                    vfat."/dev/disk/by-uuid/13BC-F0C9" = "/boot/efi";
                    btrfs =
                    {
-                      "/dev/disk/by-uuid/a6460ff0-b6aa-4c1c-a546-8ad0d495bcf8"."/boot" = "/boot";
-                      "/dev/mapper/root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
+                      "/dev/disk/by-uuid/0e184f3b-af6c-4f5d-926a-2559f2dc3063"."/boot" = "/boot";
+                      "/dev/mapper/root1" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
                    };
                  };
-                  decrypt.manual =
+                  decrypt.auto =
                  {
-                    enable = true;
-                    devices."/dev/disk/by-uuid/46e59fc7-7bb1-4534-bbe4-b948a9a8eeda" = { mapper = "root"; ssd = true; };
-                    delayedMount = [ "/" ];
+                    "/dev/disk/by-uuid/5cf1d19d-b4a5-4e67-8e10-f63f0d5bb649".mapper = "root1";
+                    "/dev/disk/by-uuid/aa684baf-fd8a-459c-99ba-11eb7636cb0d".mapper = "root2";
                  };
-                  swap = [ "/nix/swap/swap" ];
-                  rollingRootfs = { device = "/dev/mapper/root"; path = "/nix/rootfs"; };
+                  rollingRootfs = { device = "/dev/mapper/root1"; path = "/nix/rootfs"; };
                };
-                grub.installDevice = "/dev/disk/by-path/pci-0000:00:04.0";
+                grub.installDevice = "efi";
                nixpkgs.march = "silvermont";
                nix.substituters = [ "https://cache.nixos.org/" "https://nix-store.chn.moe" ];
-                initrd =
-                {
-                  network.enable = true;
-                  sshd = { enable = true; hostKeys = [ "/nix/persistent/etc/ssh/initrd_ssh_host_ed25519_key" ]; };
-                };
                kernel.patches = [ "preempt" ];
                impermanence.enable = true;
                networking.hostname = "nas";
--- a/secrets/nas.yaml
+++ b/secrets/nas.yaml
@ -1,5 +1,5 @@
 xray-client:
-    uuid: ENC[AES256_GCM,data:0q37D3FVH95eSmw1KPuQSbt6zgzdt9iyO6Mnsk/CiDtp36BR,iv:V0sZLD4VAPF6LQg+mrWxpvnKfkCwQlmwGuJ86XEe8Ik=,tag:UEQAcpkv1LmuIBF50PL0lQ==,type:str]
+    uuid: ENC[AES256_GCM,data:97aX07G5FPumdWcDxnYOs6fRgljXWuwyNXGg1d7zdbUUfNnb,iv:+wAC/DZXsg+evYFA4DMfLw5Ut3ExQl1RgZ/2AsNQDpo=,tag:ebD77muITHof+FQMydWobg==,type:str]
 sops:
    kms: []
    gcp_kms: []
@ -9,14 +9,23 @@ sops:
        - recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArbFR2bHMrRmdXWVVHTTlJ
-            VVFoMXNBWUU0MGkrOWl0bEphb3JlSTlsN25nCjE1NTZwTHM1b09ZeS9GQ09pRFB0
-            TFRPcW5MTGI1dTk0YXFsVmI1ZmVnTlUKLS0tIEpZNW1YMi9Gc0laRkxYbEw2TGd2
-            MVRPMDVCeHVlOTBnWVNJZ21kcmlBTFkKKbyR6MGaKRvk23toLEdD9s7deQN2Dp9U
-            fYn/X4SC7Wfm4atiDbLR3Jz6FhjRAN+s//lrojRb4yqoipa2AN5tPA==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3aWJSUVUwMnYwN01vSEJO
+            cHV3Ylkzb1Z6Z1E3a2NwZXdIVlpacHJDNWhBCkZXZWx5M21HKy94WkhuaDhkVEFL
+            M01MdUlza0VmK1hKTExmeFdUWDllbTAKLS0tIE8wR1F6ZVZPNVYwU1Y3ZFJaUkhT
+            a3B1UzdQSjlzTmxReVhWMzhTaVdTRDgKG76K16V6NAMaeyfne4LL/zwa5+lfPz/y
+            1SX1JOaWNpXqfOIGflZUF88lxCLR8ttEFea391x2vhoKPZKCvIDGHw==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-08-23T12:21:23Z"
-    mac: ENC[AES256_GCM,data:sUfKYYu4aQYa2hO09aRXDdlrxY9T8ePb4sMTf8hfHHZLRaxLubWy7JkzVdxlTDpCHEZIW5J5zpbcjpvE8ZC5G/m45iCLwJIqAM5teSoG5FW/hR2uzfSuRsF/5vh1xFREsGtMLYskBobvf9mssBwRXgaKOv4zAHzlBmEhTLTBFLg=,iv:TmjRAHISDSK1+M1WtrMYF20cdCPCqu05VhHl6/ipKB4=,tag:jwMdzZoFu1IOB3sg2/kxlg==,type:str]
+        - recipient: age19lhcwk37jmvn6z0v4dpdfh0k4u23f76twdjknc0p7atktf37rd7s4t4wj3
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4eXhkb1B3WXhGTTBLTDk2
+            ZmhTUDltWGk4ZU1PUk8vYkVaUkx0MDFEWUZNCjl2R25JR3Z0U3NKWWwzbjVsMXVq
+            NXMxOThGaFVHQ1ZacU4yUXVBVXNBNUkKLS0tIFkyUjhzMzlMVkM2WFZ1VUw5Zlcy
+            by9Rd0U0bzNiK21BQTNxN1RuQ09DQVkKJmSlzV5ppEkZFljsS17ZWmoI++fz4tJh
+            kTdoAStG1zsKASHyZTsmdm3RBDO3qV1KhQC2gC7d4EiwNZngxOOZJg==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2023-09-10T06:53:19Z"
+    mac: ENC[AES256_GCM,data:dBmJUijAS2iD86kHTzW4o6hs2DimDDWtq7Xtx9JWo+c8jTqeOMw40/4UeXSyS6uzK9s8tQiM5+IclKHxn/fjQa+vOJh94VkBa9zFgGGQB2PtCaoJi3BaMP7xJZgI5LUhxy0N0UYSAIYJcaqm9uWiuFm50r0/EDZzuxYX8JMnGIk=,iv:rrRJxXsgnBH69f3Wal/YakJRP+p0NfbxfuDttXIEUkE=,tag:iuL9kT6V8xkoUSVy2MNLyg==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.7.3