From e7df638e357481e49e094bc35ca587bcae432ce4 Mon Sep 17 00:00:00 2001
From: chn <chn@chn.moe>
Date: Sun, 10 Sep 2023 14:53:59 +0800
Subject: [PATCH] nas: final setup

---
 .sops.yaml       |  2 ++
 flake.nix        | 22 ++++++++--------------
 secrets/nas.yaml | 25 +++++++++++++++++--------
 3 files changed, 27 insertions(+), 22 deletions(-)

diff --git a/.sops.yaml b/.sops.yaml
index 0b3c9b53..cf46d8a6 100644
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -5,6 +5,7 @@ keys: # cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age
   - &vps7 age137x7csalutwvfygvvzpemlsywvdxj3j4z93a50z2sjx03w6zau8q3r5902
   - &yoga age1qrea4twxdhd7fnvlq5v45528c90qy6hp2wa55kghsxzgut6n6fxs7w6u42
   - &pe age1cahahn9hp265dkhduaec65vugk8fct2vt9ur6y54m4mgmyx4v4fq0etjhv
+  - &nas age19lhcwk37jmvn6z0v4dpdfh0k4u23f76twdjknc0p7atktf37rd7s4t4wj3
 creation_rules:
   - path_regex: secrets/pc\.yaml$
     key_groups:
@@ -29,6 +30,7 @@ creation_rules:
     key_groups:
     - age:
       - *chn
+      - *nas
   - path_regex: secrets/xmupc1\.yaml$
     key_groups:
     - age:
diff --git a/flake.nix b/flake.nix
index dee6f9fa..f2760495 100644
--- a/flake.nix
+++ b/flake.nix
@@ -406,29 +406,23 @@
                 {
                   mount =
                   {
+                    vfat."/dev/disk/by-uuid/13BC-F0C9" = "/boot/efi";
                     btrfs =
                     {
-                      "/dev/disk/by-uuid/a6460ff0-b6aa-4c1c-a546-8ad0d495bcf8"."/boot" = "/boot";
-                      "/dev/mapper/root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
+                      "/dev/disk/by-uuid/0e184f3b-af6c-4f5d-926a-2559f2dc3063"."/boot" = "/boot";
+                      "/dev/mapper/root1" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
                     };
                   };
-                  decrypt.manual =
+                  decrypt.auto =
                   {
-                    enable = true;
-                    devices."/dev/disk/by-uuid/46e59fc7-7bb1-4534-bbe4-b948a9a8eeda" = { mapper = "root"; ssd = true; };
-                    delayedMount = [ "/" ];
+                    "/dev/disk/by-uuid/5cf1d19d-b4a5-4e67-8e10-f63f0d5bb649".mapper = "root1";
+                    "/dev/disk/by-uuid/aa684baf-fd8a-459c-99ba-11eb7636cb0d".mapper = "root2";
                   };
-                  swap = [ "/nix/swap/swap" ];
-                  rollingRootfs = { device = "/dev/mapper/root"; path = "/nix/rootfs"; };
+                  rollingRootfs = { device = "/dev/mapper/root1"; path = "/nix/rootfs"; };
                 };
-                grub.installDevice = "/dev/disk/by-path/pci-0000:00:04.0";
+                grub.installDevice = "efi";
                 nixpkgs.march = "silvermont";
                 nix.substituters = [ "https://cache.nixos.org/" "https://nix-store.chn.moe" ];
-                initrd =
-                {
-                  network.enable = true;
-                  sshd = { enable = true; hostKeys = [ "/nix/persistent/etc/ssh/initrd_ssh_host_ed25519_key" ]; };
-                };
                 kernel.patches = [ "preempt" ];
                 impermanence.enable = true;
                 networking.hostname = "nas";
diff --git a/secrets/nas.yaml b/secrets/nas.yaml
index 09dc348c..34db1319 100644
--- a/secrets/nas.yaml
+++ b/secrets/nas.yaml
@@ -1,5 +1,5 @@
 xray-client:
-    uuid: ENC[AES256_GCM,data:0q37D3FVH95eSmw1KPuQSbt6zgzdt9iyO6Mnsk/CiDtp36BR,iv:V0sZLD4VAPF6LQg+mrWxpvnKfkCwQlmwGuJ86XEe8Ik=,tag:UEQAcpkv1LmuIBF50PL0lQ==,type:str]
+    uuid: ENC[AES256_GCM,data:97aX07G5FPumdWcDxnYOs6fRgljXWuwyNXGg1d7zdbUUfNnb,iv:+wAC/DZXsg+evYFA4DMfLw5Ut3ExQl1RgZ/2AsNQDpo=,tag:ebD77muITHof+FQMydWobg==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -9,14 +9,23 @@ sops:
         - recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArbFR2bHMrRmdXWVVHTTlJ
-            VVFoMXNBWUU0MGkrOWl0bEphb3JlSTlsN25nCjE1NTZwTHM1b09ZeS9GQ09pRFB0
-            TFRPcW5MTGI1dTk0YXFsVmI1ZmVnTlUKLS0tIEpZNW1YMi9Gc0laRkxYbEw2TGd2
-            MVRPMDVCeHVlOTBnWVNJZ21kcmlBTFkKKbyR6MGaKRvk23toLEdD9s7deQN2Dp9U
-            fYn/X4SC7Wfm4atiDbLR3Jz6FhjRAN+s//lrojRb4yqoipa2AN5tPA==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3aWJSUVUwMnYwN01vSEJO
+            cHV3Ylkzb1Z6Z1E3a2NwZXdIVlpacHJDNWhBCkZXZWx5M21HKy94WkhuaDhkVEFL
+            M01MdUlza0VmK1hKTExmeFdUWDllbTAKLS0tIE8wR1F6ZVZPNVYwU1Y3ZFJaUkhT
+            a3B1UzdQSjlzTmxReVhWMzhTaVdTRDgKG76K16V6NAMaeyfne4LL/zwa5+lfPz/y
+            1SX1JOaWNpXqfOIGflZUF88lxCLR8ttEFea391x2vhoKPZKCvIDGHw==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-08-23T12:21:23Z"
-    mac: ENC[AES256_GCM,data:sUfKYYu4aQYa2hO09aRXDdlrxY9T8ePb4sMTf8hfHHZLRaxLubWy7JkzVdxlTDpCHEZIW5J5zpbcjpvE8ZC5G/m45iCLwJIqAM5teSoG5FW/hR2uzfSuRsF/5vh1xFREsGtMLYskBobvf9mssBwRXgaKOv4zAHzlBmEhTLTBFLg=,iv:TmjRAHISDSK1+M1WtrMYF20cdCPCqu05VhHl6/ipKB4=,tag:jwMdzZoFu1IOB3sg2/kxlg==,type:str]
+        - recipient: age19lhcwk37jmvn6z0v4dpdfh0k4u23f76twdjknc0p7atktf37rd7s4t4wj3
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4eXhkb1B3WXhGTTBLTDk2
+            ZmhTUDltWGk4ZU1PUk8vYkVaUkx0MDFEWUZNCjl2R25JR3Z0U3NKWWwzbjVsMXVq
+            NXMxOThGaFVHQ1ZacU4yUXVBVXNBNUkKLS0tIFkyUjhzMzlMVkM2WFZ1VUw5Zlcy
+            by9Rd0U0bzNiK21BQTNxN1RuQ09DQVkKJmSlzV5ppEkZFljsS17ZWmoI++fz4tJh
+            kTdoAStG1zsKASHyZTsmdm3RBDO3qV1KhQC2gC7d4EiwNZngxOOZJg==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2023-09-10T06:53:19Z"
+    mac: ENC[AES256_GCM,data:dBmJUijAS2iD86kHTzW4o6hs2DimDDWtq7Xtx9JWo+c8jTqeOMw40/4UeXSyS6uzK9s8tQiM5+IclKHxn/fjQa+vOJh94VkBa9zFgGGQB2PtCaoJi3BaMP7xJZgI5LUhxy0N0UYSAIYJcaqm9uWiuFm50r0/EDZzuxYX8JMnGIk=,iv:rrRJxXsgnBH69f3Wal/YakJRP+p0NfbxfuDttXIEUkE=,tag:iuL9kT6V8xkoUSVy2MNLyg==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.7.3