diff --git a/flake.nix b/flake.nix
index 0d6b9e2..a5ce04f 100644
--- a/flake.nix
+++ b/flake.nix
@@ -131,37 +131,7 @@
packages = nixpkgs.lib.genAttrs [ "x86_64-linux" "aarch64-linux" ] (system: let
pkgs = localNixpkgs.${system};
- in {
- inherit (pkgs)
- clerie-backup
- clerie-keys
- clerie-system-remote-install
- clerie-system-upgrade
- clerie-merge-nixfiles-update
- clerie-update-nixfiles
- clerie-sops
- clerie-sops-config
- clerie-sops-edit
- chromium-incognito
- factorio-launcher
- git-checkout-github-pr
- git-diff-word
- git-pp
- git-show-link
- harmonia
- iot-data
- nix-remove-result-links
- nixfiles-auto-install
- nixfiles-generate-config
- nixfiles-generate-backup-secrets
- nixfiles-update-ssh-host-keys
- print-afra
- run-with-docker-group
- ssh-gpg
- update-from-hydra
- uptimestatus
- xmppc;
- });
+ in builtins.mapAttrs (name: value: pkgs."${name}") (import ./pkgs/pkgs.nix));
inherit lib self;
diff --git a/hosts/palladium/backup-scripts.nix b/hosts/palladium/backup-scripts.nix
deleted file mode 100644
index b2ccfdf..0000000
--- a/hosts/palladium/backup-scripts.nix
+++ /dev/null
@@ -1,44 +0,0 @@
-{ pkgs, ... }:
-
-let
- cb-mount = pkgs.writeScriptBin "cb-mount" ''
- #!${pkgs.bash}/bin/bash
-
- DEVICE=/dev/disk/by-path/pci-0000:00:12.0-ata-2-part1
-
- ${pkgs.cryptsetup}/bin/cryptsetup luksOpen ''${DEVICE} external-drive
- mkdir -p /mnt/external-drive
- mount /dev/mapper/external-drive /mnt/external-drive
-
- mkdir -p /mnt/external-drive/clerie-backup
- chown borg:borg -R /mnt/external-drive/clerie-backup
- '';
-
- cb-unmount = pkgs.writeScriptBin "cb-unmount" ''
- #!${pkgs.bash}/bin/bash
-
- umount /mnt/external-drive
- ${pkgs.cryptsetup}/bin/cryptsetup luksClose external-drive
- '';
-
- cb-prepare = pkgs.writeScriptBin "cb-prepare" ''
- echo "Formatting disk"
- sgdisk -Z /dev/disk/by-path/pci-0000:00:12.0-ata-2
- sgdisk -N 1 /dev/disk/by-path/pci-0000:00:12.0-ata-2
- partprobe /dev/disk/by-path/pci-0000:00:12.0-ata-2
-
- echo "Creating encrypted partition"
- ${pkgs.cryptsetup}/bin/cryptsetup luksFormat -c aes-xts-plain64 --hash=sha256 -s 256 /dev/disk/by-path/pci-0000:00:12.0-ata-2-part1
-
- echo "Opening encrypted partition"
- ${pkgs.cryptsetup}/bin/cryptsetup luksOpen /dev/disk/by-path/pci-0000:00:12.0-ata-2-part1 external-drive
-
- echo "Creating file system"
- mkfs.ext4 /dev/mapper/external-drive
-
- echo "Closing encrypted partition"
- ${pkgs.cryptsetup}/bin/cryptsetup luksClose external-drive
- '';
-in {
- environment.systemPackages = [ cb-mount cb-unmount cb-prepare ];
-}
diff --git a/hosts/palladium/configuration.nix b/hosts/palladium/configuration.nix
index 2a47953..d3bd29e 100644
--- a/hosts/palladium/configuration.nix
+++ b/hosts/palladium/configuration.nix
@@ -4,12 +4,31 @@
imports =
[
./hardware-configuration.nix
-
- ./backup-scripts.nix
];
- boot.loader.systemd-boot.enable = true;
+ boot.kernelParams = [ "console=ttyS0,115200n8" ];
+
+ boot.loader.grub.enable = true;
+ boot.loader.grub.device = "nodev";
+ boot.loader.grub.efiSupport = true;
boot.loader.efi.canTouchEfiVariables = true;
+ boot.loader.grub.extraConfig = "
+ serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1
+ terminal_input console serial
+ terminal_output gfxterm serial
+ ";
+
+ boot.initrd.luks = {
+ devices.lvm = {
+ device = "/dev/disk/by-uuid/f5597381-b59b-4f19-94b7-fd69aac43d6f";
+ bypassWorkqueues = true;
+ };
+ devices.crypt-storage-palladium = {
+ device = "/dev/disk/by-uuid/c54396c0-b5d3-4e61-9ef7-483fa2b4a56d";
+ };
+ };
+
+ boot.swraid.enable = true;
networking.useDHCP = false;
networking.interfaces.enp3s0.ipv6.addresses = [
@@ -24,33 +43,6 @@
KERNEL=="sd?[0-9]", ENV{ID_MODEL}=="ST1000DM003-1SB102", ACTION=="add", RUN+="${pkgs.hdparm}/sbin/hdparm -S 24 /dev/%k"
'';
- services.borgbackup.repos = {
- clerie-backup = {
- path = "/mnt/palladium/clerie-backup";
- authorizedKeysAppendOnly = [
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFyk716RnbenPMkhLolyIkU8ywUSg8x7hjsXFFQoJx4I root@clerie-backup"
- ];
- };
- external-drive = {
- path = "/mnt/external-drive/clerie-backup";
- authorizedKeysAppendOnly = [
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPuh74Esdp8JPgIZzM372DaCwtAl2QNtRratnIFG0NRB root@clerie-backup"
- ];
- };
- };
-
- # Disable automatic directory creation for external-drive repo
- # The directory gets created by the disk formatting script
- # Correct permissons will be set right after mounting
- # This prevents borg from filling up the root drive when no drive is mounted
- systemd.services.borgbackup-repo-external-drive.enable = false;
-
- clerie.monitoring = {
- enable = true;
- id = "206";
- pubkey = "fHOYNZ5I3E2JPrd9dUrNBmu75weX4KbDih5q+GCk8Xk=";
- };
-
- system.stateVersion = "21.03";
+ system.stateVersion = "25.05";
}
diff --git a/hosts/palladium/hardware-configuration.nix b/hosts/palladium/hardware-configuration.nix
index 6396701..65722f1 100644
--- a/hosts/palladium/hardware-configuration.nix
+++ b/hosts/palladium/hardware-configuration.nix
@@ -9,26 +9,37 @@
];
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "usbhid" "usb_storage" "sd_mod" ];
- boot.initrd.kernelModules = [ ];
+ boot.initrd.kernelModules = [ "dm-snapshot" ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
- { device = "/dev/disk/by-uuid/b217f1e1-1337-4ef0-bad5-15829ba32c7a";
+ { device = "/dev/disk/by-uuid/fbd14cd4-e402-4ad6-b801-8826d6cfc0fb";
fsType = "ext4";
};
fileSystems."/boot" =
- { device = "/dev/disk/by-uuid/7A6B-3444";
+ { device = "/dev/disk/by-uuid/8B45-EBB4";
fsType = "vfat";
+ options = [ "fmask=0022" "dmask=0022" ];
};
- fileSystems."/mnt/palladium" =
- { device = "/dev/disk/by-uuid/f20d20ca-6be5-4b16-81fe-e66f31ffd108";
+ fileSystems."/data" =
+ { device = "/dev/disk/by-uuid/e7c41c4d-89d8-4083-ac6e-abbccbebf551";
fsType = "ext4";
};
- swapDevices = [ ];
+ swapDevices =
+ [ { device = "/dev/disk/by-uuid/6ca5e48f-9b99-4722-b21b-c6f298610157"; }
+ ];
- powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
+ # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+ # (the default) this is the recommended approach. When using systemd-networkd it's
+ # still possible to use this option, but it's recommended to use it in conjunction
+ # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+ networking.useDHCP = lib.mkDefault true;
+ # networking.interfaces.enp3s0.useDHCP = lib.mkDefault true;
+
+ nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+ hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}
diff --git a/hosts/palladium/secrets.json b/hosts/palladium/secrets.json
deleted file mode 100644
index beb004f..0000000
--- a/hosts/palladium/secrets.json
+++ /dev/null
@@ -1,26 +0,0 @@
-{
- "wg-monitoring": "ENC[AES256_GCM,data:ip6L61RXAVxaPqizhNTr6zVvKgd40CAsgeNFoAXMARM1nl146ayHK2q7mhc=,iv:G4WLmcPpJOxTcW0bHuEwWmth6u8fYoH7GmpkMo8Z3TQ=,tag:xJ+wCVEUMdqfXPcwgr9WSw==,type:str]",
- "sops": {
- "kms": null,
- "gcp_kms": null,
- "azure_kv": null,
- "hc_vault": null,
- "age": [
- {
- "recipient": "age1tl2cd730ctn6jcgg0vf8c5gg9722umk30zwvcwxhejh26p3gt3ds92msyx",
- "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsNHllOHpoYkNyQXMwL002\nRDR4eFVRemc4bW8vYS9GWHFkcmpRbWFFc2tzCmFjV1ZNTzhOYjM4VWltRGhaQ0RP\naC9vN2hrM3NSTDlSd1ZJTldXamJ4NUUKLS0tIDFuUzRKWWQrUFU1SXNqdEV2R1lM\nWXU1by9rYTBINTVralo0TTJmSEZHMm8KYEggCHnOyMcQSdJ9+Ujf61OANuja0ZIf\n+wa9ugc2OZrOYepkjN5X/bETdKfU33pIAL208N9HcOttfhcZq70yUQ==\n-----END AGE ENCRYPTED FILE-----\n"
- }
- ],
- "lastmodified": "2024-05-10T13:25:28Z",
- "mac": "ENC[AES256_GCM,data:fLw0q9h+rlAAiXjtCJeGPi0COEt/UvApRiOpE+ydSrD/jXy+vh2OVW57UZPRBCP1mWtqfUJLiT1BZyOWor7dsPfTvaxCQmYhGcKBLucFEaiUovGgVjxJloD8hDJvSG9SJnlIiDobMsG87MsEWpi70oAbQu3/d4JT1BPSaRpvsjI=,iv:iS7tFqZMa0OzA5ASKPS6CSNTJYYJ0zhjLmBcipjLapg=,tag:Lspazw8Pi5Dxqcrk35A6tA==,type:str]",
- "pgp": [
- {
- "created_at": "2024-05-10T13:25:16Z",
- "enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMA5OzEzXewpmPAQ/+KsEUiNCgfajBMEEFsqHqNG3utLNQSLOd6VX/Rk56CjT9\nUtfiCdZCSzrtyT3Anu72auTJ+PHNAVhhHPcDiUcwY9JYXEXNETzEn0U/byS+kvOD\nNTpcpR1gSxJCj1aDqDDpfQQ02hSpKO4iw0B71gKcekUXcD2AQeeW0Djq60CusWVk\nRgC3odnyTr1CN1+JRtKVZKIa78rfOkyhmFP2G2gvsSHhUBd5RtMhJdfYVUTMIKXO\nQFB2IGCoIzE0zDitCcAZ8q6Dc8lBuAvNSiVkFanJn7e7etU3JwDhYsZKRO7jvNX3\nmjHnQ9vf0idCWAi0oabZQ1OGdwPbtjssxmQkzzR8R/paw+iRB50i1UG3/5ehXTV4\nTp/2rEwrsF8jO1bahTcrJirR7RPLEy2BvJ4ALzmEYrIoEwWuCIexrY+e2C2rXpy5\nK2+9Ch0YCaz8sc700bgO5ZkyvnmnbVJxGCaMGQtT9LXiEWvc36sUXhbEGJ0K782Z\n7uVFRs4xWsrUQHo8lFTfW/vLZDq7FvkGnDf5xnoEJp4BNYvYmMmsFiaygkbbqEdH\n2aHRCam9q5zcuBq+aA40KI1P4adIFgij+fijwQ+019JrfaMEXcmwgtOfkb2OZNOF\nXQ3tRgYLaxSae7BYJA4uTaFq60kpp1c8qgxw3WKPEiHywtl/SaPcx1XD9VJoVTGF\nAgwDvZ9WSAhwutIBD/9O0inQ/HmpwtD1AnE89SuZNuGQty71LVhX2PQQWsUdQOuz\ndKZN1wy6UxIImFGisBodUH+48k1DjbkDjL5cLSAUOt9OhAxW2Ubp6HA6wDJPqWj1\nYQMHKmHlf2zh5G1qTUXV3NNw6hSaWejVDS73WNODv1WfUFXrPN9DVLaPsS/RJo2Q\nAoDG/iedeQhIIBwrLIcQ8ttjv9MTI1GzsNRC/CjxQpDnHabqQzFzenjnVRLDXcmr\nwfw0HeTPeNh+pLYb+sBqzGUP0j1GWui99/6NUeo/TloBWJbIung4wq23gYZbHn+K\nbWJSxSy980mvjCXiRukzXlNJMwLZDVoBlPQSbe/pOApHM9HTScZ+3VcLlYOPjgZk\nhnCvFNm+4/00ZgF+tcvLOugIfqwxvOuqW4gGGhNAycHinJZuSfDHYe6zCfEiqc7t\nnHlbhNvlhC8zDu+fOurC2ju5eGv8LqFiobfsBFVdKpl9Gj7yg00S+QmjBcz0lkE9\n1BftwEQaj+r4EDa4cJHSgP+K76utv4Xzt9hHZZJo7hvii+lGxFI7rBm0xbV5bSuY\ntOhN6d98HH2++AoXufIW5vmnydGk2NXu7O8vi6sQWzoqed84ZHbJDWLQawQ8YQlR\nkbht2PzH4+rq1oOVHbLslxWkYF9WMsQRUef6ALNpys/Dj8N54gEN4RTV+SxIVoUC\nDAM1GWv08EiACgEP/1eiG0aASQogSByxl8ZbRjRg768YVR1fwTa8GG5tE7wfcGiI\njZF2TI+yQWt7gRS4AKNm1gfWEEjCH1tBOj53/Wfwn9ZuGoNqboA2jgsh2rnVVSXR\nOdXK3is/FMh9JREr669be83nnQ8fNP8nIz3snEvKVYVGcdsdkDXBz4GKmJx52NNb\nauL+4w14/0PydCVH/njsFY8FyWqP9lUFgpJU8jHjX28oTB3khwWrDs0THwqilTFn\nhFjgeCy555zeh5rDpBDPdPbLUNd094RB15zaKzn2dC15F8DMCLoA9ASNET7S/+u3\n1SjvI4XnOpxK9hyETcwjzbWJc2gV7U38VqxhQW9Vch3AvXOufMMTm6cobLjiwxjF\nl3XTMJ5GvHDZXCwrGEapy9GbHQjbd9yi0iFgfSGV4nkNmCj1jtAMUngdCqELDVU2\nZe3a8IeJswlTteGlXAM5mwnDaegMsiD/vwsq5Rtl0gs3iI3uIN4RFXuvxP+UeJ/c\ndJWqpF8vcQI4qGN3kxgB30I7mUiz1aggv5uw6nDWRJHTQKLeOkV8ssTq4FLs4XYL\n4z4qmMT5i+8bGu575py/LRDjvXBldeitnQj1jAN2y/uPNVWsZqU3S+OkEosYIgSQ\njAe3N0EyH5k3j7j43x91toYOCAkulAuPkox6GyUKKq4dCPWxg9fqQ8u4PaSN1GYB\nCQIQ3+GP0DNWupTIkTS4Bk1LwbT99lyr2DyExqb2pgXmzn05Qs6CE4+jcIxXnmUQ\nzCl6PLiw+DJ1nq5gKtTrkO96HtHGyfPiUunDZXty1/zNltYjedk7ebkWF3LNXBhE\nK38c6yE=\n=w0Nn\n-----END PGP MESSAGE-----",
- "fp": "0C982F87B7AFBA0F504F90A2629E741947C87928"
- }
- ],
- "unencrypted_suffix": "_unencrypted",
- "version": "3.8.1"
- }
-}
\ No newline at end of file
diff --git a/hosts/palladium/ssh.pub b/hosts/palladium/ssh.pub
index aa15027..88fc9c4 100644
--- a/hosts/palladium/ssh.pub
+++ b/hosts/palladium/ssh.pub
@@ -1 +1 @@
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBc/YTf80MjyVeApOecOlxORIlwCaWtJNWtfggc0B374
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF0ZrGvZqxqsGEl2+YNnL5JNpeRc3y0DgqZAkuayfeso
diff --git a/pkgs/overlay.nix b/pkgs/overlay.nix
index 7caa76c..f2ab5dc 100644
--- a/pkgs/overlay.nix
+++ b/pkgs/overlay.nix
@@ -1,31 +1 @@
-final: prev: {
- clerie-backup = final.callPackage ./clerie-backup {};
- clerie-keys = final.callPackage ./clerie-keys {};
- clerie-system-remote-install = final.callPackage ./clerie-system-remote-install {};
- clerie-system-upgrade = final.callPackage ./clerie-system-upgrade/clerie-system-upgrade.nix {};
- clerie-merge-nixfiles-update = final.callPackage ./clerie-update-nixfiles/clerie-merge-nixfiles-update.nix {};
- clerie-sops = final.callPackage ./clerie-sops/clerie-sops.nix {};
- clerie-sops-config = final.callPackage ./clerie-sops/clerie-sops-config.nix {};
- clerie-sops-edit = final.callPackage ./clerie-sops/clerie-sops-edit.nix {};
- clerie-update-nixfiles = final.callPackage ./clerie-update-nixfiles/clerie-update-nixfiles.nix {};
- chromium-incognito = final.callPackage ./chromium-incognito {};
- factorio-launcher = final.callPackage ./factorio-launcher {};
- feeds-dir = final.callPackage ./feeds-dir {};
- git-checkout-github-pr = final.callPackage ./git-checkout-github-pr {};
- git-diff-word = final.callPackage ./git-diff-word {};
- git-pp = final.callPackage ./git-pp {};
- git-show-link = final.callPackage ./git-show-link {};
- iot-data = final.python3.pkgs.callPackage ./iot-data {};
- nix-remove-result-links = final.callPackage ./nix-remove-result-links {};
- nixfiles-auto-install = final.callPackage ./nixfiles/nixfiles-auto-install.nix {};
- nixfiles-generate-config = final.callPackage ./nixfiles/nixfiles-generate-config.nix {};
- nixfiles-generate-backup-secrets = final.callPackage ./nixfiles/nixfiles-generate-backup-secrets.nix {};
- nixfiles-update-ssh-host-keys = final.callPackage ./nixfiles/nixfiles-update-ssh-host-keys.nix {};
- print-afra = final.callPackage ./print-afra {};
- run-with-docker-group = final.callPackage ./run-with-docker-group {};
- ssh-gpg = final.callPackage ./ssh-gpg {};
- update-from-hydra = final.callPackage ./update-from-hydra {};
- uptimestatus = final.python3.pkgs.callPackage ./uptimestatus {};
-
- xmppc = import ./overrides/xmppc.nix final prev;
-}
+final: prev: builtins.mapAttrs (name: value: value final prev) (import ./pkgs.nix)
diff --git a/pkgs/pkgs.nix b/pkgs/pkgs.nix
new file mode 100644
index 0000000..2b70d54
--- /dev/null
+++ b/pkgs/pkgs.nix
@@ -0,0 +1,31 @@
+{
+ clerie-backup = final: prev: final.callPackage ./clerie-backup {};
+ clerie-keys = final: prev: final.callPackage ./clerie-keys {};
+ clerie-system-remote-install = final: prev: final.callPackage ./clerie-system-remote-install {};
+ clerie-system-upgrade = final: prev: final.callPackage ./clerie-system-upgrade/clerie-system-upgrade.nix {};
+ clerie-merge-nixfiles-update = final: prev: final.callPackage ./clerie-update-nixfiles/clerie-merge-nixfiles-update.nix {};
+ clerie-sops = final: prev: final.callPackage ./clerie-sops/clerie-sops.nix {};
+ clerie-sops-config = final: prev: final.callPackage ./clerie-sops/clerie-sops-config.nix {};
+ clerie-sops-edit = final: prev: final.callPackage ./clerie-sops/clerie-sops-edit.nix {};
+ clerie-update-nixfiles = final: prev: final.callPackage ./clerie-update-nixfiles/clerie-update-nixfiles.nix {};
+ chromium-incognito = final: prev: final.callPackage ./chromium-incognito {};
+ factorio-launcher = final: prev: final.callPackage ./factorio-launcher {};
+ feeds-dir = final: prev: final.callPackage ./feeds-dir {};
+ git-checkout-github-pr = final: prev: final.callPackage ./git-checkout-github-pr {};
+ git-diff-word = final: prev: final.callPackage ./git-diff-word {};
+ git-pp = final: prev: final.callPackage ./git-pp {};
+ git-show-link = final: prev: final.callPackage ./git-show-link {};
+ iot-data = final: prev: final.python3.pkgs.callPackage ./iot-data {};
+ nix-remove-result-links = final: prev: final.callPackage ./nix-remove-result-links {};
+ nixfiles-auto-install = final: prev: final.callPackage ./nixfiles/nixfiles-auto-install.nix {};
+ nixfiles-generate-config = final: prev: final.callPackage ./nixfiles/nixfiles-generate-config.nix {};
+ nixfiles-generate-backup-secrets = final: prev: final.callPackage ./nixfiles/nixfiles-generate-backup-secrets.nix {};
+ nixfiles-update-ssh-host-keys = final: prev: final.callPackage ./nixfiles/nixfiles-update-ssh-host-keys.nix {};
+ print-afra = final: prev: final.callPackage ./print-afra {};
+ run-with-docker-group = final: prev: final.callPackage ./run-with-docker-group {};
+ ssh-gpg = final: prev: final.callPackage ./ssh-gpg {};
+ update-from-hydra = final: prev: final.callPackage ./update-from-hydra {};
+ uptimestatus = final: prev: final.python3.pkgs.callPackage ./uptimestatus {};
+
+ xmppc = final: prev: import ./overrides/xmppc.nix final prev;
+}