From 87466f0ac9106d7728d260be4749c1573620c039 Mon Sep 17 00:00:00 2001 From: clerie <git@clerie.de> Date: Wed, 12 Mar 2025 22:18:10 +0100 Subject: [PATCH] hosts/palladium: Fresh system install --- hosts/palladium/configuration.nix | 31 ++++++++++++++++------ hosts/palladium/hardware-configuration.nix | 25 ++++++++++++----- hosts/palladium/secrets.json | 26 ------------------ hosts/palladium/ssh.pub | 2 +- 4 files changed, 42 insertions(+), 42 deletions(-) delete mode 100644 hosts/palladium/secrets.json diff --git a/hosts/palladium/configuration.nix b/hosts/palladium/configuration.nix index 5b0b3d3..d3bd29e 100644 --- a/hosts/palladium/configuration.nix +++ b/hosts/palladium/configuration.nix @@ -6,8 +6,29 @@ ./hardware-configuration.nix ]; - boot.loader.systemd-boot.enable = true; + boot.kernelParams = [ "console=ttyS0,115200n8" ]; + + boot.loader.grub.enable = true; + boot.loader.grub.device = "nodev"; + boot.loader.grub.efiSupport = true; boot.loader.efi.canTouchEfiVariables = true; + boot.loader.grub.extraConfig = " + serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1 + terminal_input console serial + terminal_output gfxterm serial + "; + + boot.initrd.luks = { + devices.lvm = { + device = "/dev/disk/by-uuid/f5597381-b59b-4f19-94b7-fd69aac43d6f"; + bypassWorkqueues = true; + }; + devices.crypt-storage-palladium = { + device = "/dev/disk/by-uuid/c54396c0-b5d3-4e61-9ef7-483fa2b4a56d"; + }; + }; + + boot.swraid.enable = true; networking.useDHCP = false; networking.interfaces.enp3s0.ipv6.addresses = [ @@ -22,12 +43,6 @@ KERNEL=="sd?[0-9]", ENV{ID_MODEL}=="ST1000DM003-1SB102", ACTION=="add", RUN+="${pkgs.hdparm}/sbin/hdparm -S 24 /dev/%k" ''; - clerie.monitoring = { - enable = true; - id = "206"; - pubkey = "fHOYNZ5I3E2JPrd9dUrNBmu75weX4KbDih5q+GCk8Xk="; - }; - - system.stateVersion = "21.03"; + system.stateVersion = "25.05"; } diff --git a/hosts/palladium/hardware-configuration.nix b/hosts/palladium/hardware-configuration.nix index 6396701..65722f1 100644 --- a/hosts/palladium/hardware-configuration.nix +++ b/hosts/palladium/hardware-configuration.nix @@ -9,26 +9,37 @@ ]; boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "usbhid" "usb_storage" "sd_mod" ]; - boot.initrd.kernelModules = [ ]; + boot.initrd.kernelModules = [ "dm-snapshot" ]; boot.kernelModules = [ "kvm-intel" ]; boot.extraModulePackages = [ ]; fileSystems."/" = - { device = "/dev/disk/by-uuid/b217f1e1-1337-4ef0-bad5-15829ba32c7a"; + { device = "/dev/disk/by-uuid/fbd14cd4-e402-4ad6-b801-8826d6cfc0fb"; fsType = "ext4"; }; fileSystems."/boot" = - { device = "/dev/disk/by-uuid/7A6B-3444"; + { device = "/dev/disk/by-uuid/8B45-EBB4"; fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; }; - fileSystems."/mnt/palladium" = - { device = "/dev/disk/by-uuid/f20d20ca-6be5-4b16-81fe-e66f31ffd108"; + fileSystems."/data" = + { device = "/dev/disk/by-uuid/e7c41c4d-89d8-4083-ac6e-abbccbebf551"; fsType = "ext4"; }; - swapDevices = [ ]; + swapDevices = + [ { device = "/dev/disk/by-uuid/6ca5e48f-9b99-4722-b21b-c6f298610157"; } + ]; - powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp3s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; } diff --git a/hosts/palladium/secrets.json b/hosts/palladium/secrets.json deleted file mode 100644 index beb004f..0000000 --- a/hosts/palladium/secrets.json +++ /dev/null @@ -1,26 +0,0 @@ -{ - "wg-monitoring": "ENC[AES256_GCM,data:ip6L61RXAVxaPqizhNTr6zVvKgd40CAsgeNFoAXMARM1nl146ayHK2q7mhc=,iv:G4WLmcPpJOxTcW0bHuEwWmth6u8fYoH7GmpkMo8Z3TQ=,tag:xJ+wCVEUMdqfXPcwgr9WSw==,type:str]", - "sops": { - "kms": null, - "gcp_kms": null, - "azure_kv": null, - "hc_vault": null, - "age": [ - { - "recipient": "age1tl2cd730ctn6jcgg0vf8c5gg9722umk30zwvcwxhejh26p3gt3ds92msyx", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsNHllOHpoYkNyQXMwL002\nRDR4eFVRemc4bW8vYS9GWHFkcmpRbWFFc2tzCmFjV1ZNTzhOYjM4VWltRGhaQ0RP\naC9vN2hrM3NSTDlSd1ZJTldXamJ4NUUKLS0tIDFuUzRKWWQrUFU1SXNqdEV2R1lM\nWXU1by9rYTBINTVralo0TTJmSEZHMm8KYEggCHnOyMcQSdJ9+Ujf61OANuja0ZIf\n+wa9ugc2OZrOYepkjN5X/bETdKfU33pIAL208N9HcOttfhcZq70yUQ==\n-----END AGE ENCRYPTED FILE-----\n" - } - ], - "lastmodified": "2024-05-10T13:25:28Z", - "mac": "ENC[AES256_GCM,data:fLw0q9h+rlAAiXjtCJeGPi0COEt/UvApRiOpE+ydSrD/jXy+vh2OVW57UZPRBCP1mWtqfUJLiT1BZyOWor7dsPfTvaxCQmYhGcKBLucFEaiUovGgVjxJloD8hDJvSG9SJnlIiDobMsG87MsEWpi70oAbQu3/d4JT1BPSaRpvsjI=,iv:iS7tFqZMa0OzA5ASKPS6CSNTJYYJ0zhjLmBcipjLapg=,tag:Lspazw8Pi5Dxqcrk35A6tA==,type:str]", - "pgp": [ - { - "created_at": "2024-05-10T13:25:16Z", - "enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMA5OzEzXewpmPAQ/+KsEUiNCgfajBMEEFsqHqNG3utLNQSLOd6VX/Rk56CjT9\nUtfiCdZCSzrtyT3Anu72auTJ+PHNAVhhHPcDiUcwY9JYXEXNETzEn0U/byS+kvOD\nNTpcpR1gSxJCj1aDqDDpfQQ02hSpKO4iw0B71gKcekUXcD2AQeeW0Djq60CusWVk\nRgC3odnyTr1CN1+JRtKVZKIa78rfOkyhmFP2G2gvsSHhUBd5RtMhJdfYVUTMIKXO\nQFB2IGCoIzE0zDitCcAZ8q6Dc8lBuAvNSiVkFanJn7e7etU3JwDhYsZKRO7jvNX3\nmjHnQ9vf0idCWAi0oabZQ1OGdwPbtjssxmQkzzR8R/paw+iRB50i1UG3/5ehXTV4\nTp/2rEwrsF8jO1bahTcrJirR7RPLEy2BvJ4ALzmEYrIoEwWuCIexrY+e2C2rXpy5\nK2+9Ch0YCaz8sc700bgO5ZkyvnmnbVJxGCaMGQtT9LXiEWvc36sUXhbEGJ0K782Z\n7uVFRs4xWsrUQHo8lFTfW/vLZDq7FvkGnDf5xnoEJp4BNYvYmMmsFiaygkbbqEdH\n2aHRCam9q5zcuBq+aA40KI1P4adIFgij+fijwQ+019JrfaMEXcmwgtOfkb2OZNOF\nXQ3tRgYLaxSae7BYJA4uTaFq60kpp1c8qgxw3WKPEiHywtl/SaPcx1XD9VJoVTGF\nAgwDvZ9WSAhwutIBD/9O0inQ/HmpwtD1AnE89SuZNuGQty71LVhX2PQQWsUdQOuz\ndKZN1wy6UxIImFGisBodUH+48k1DjbkDjL5cLSAUOt9OhAxW2Ubp6HA6wDJPqWj1\nYQMHKmHlf2zh5G1qTUXV3NNw6hSaWejVDS73WNODv1WfUFXrPN9DVLaPsS/RJo2Q\nAoDG/iedeQhIIBwrLIcQ8ttjv9MTI1GzsNRC/CjxQpDnHabqQzFzenjnVRLDXcmr\nwfw0HeTPeNh+pLYb+sBqzGUP0j1GWui99/6NUeo/TloBWJbIung4wq23gYZbHn+K\nbWJSxSy980mvjCXiRukzXlNJMwLZDVoBlPQSbe/pOApHM9HTScZ+3VcLlYOPjgZk\nhnCvFNm+4/00ZgF+tcvLOugIfqwxvOuqW4gGGhNAycHinJZuSfDHYe6zCfEiqc7t\nnHlbhNvlhC8zDu+fOurC2ju5eGv8LqFiobfsBFVdKpl9Gj7yg00S+QmjBcz0lkE9\n1BftwEQaj+r4EDa4cJHSgP+K76utv4Xzt9hHZZJo7hvii+lGxFI7rBm0xbV5bSuY\ntOhN6d98HH2++AoXufIW5vmnydGk2NXu7O8vi6sQWzoqed84ZHbJDWLQawQ8YQlR\nkbht2PzH4+rq1oOVHbLslxWkYF9WMsQRUef6ALNpys/Dj8N54gEN4RTV+SxIVoUC\nDAM1GWv08EiACgEP/1eiG0aASQogSByxl8ZbRjRg768YVR1fwTa8GG5tE7wfcGiI\njZF2TI+yQWt7gRS4AKNm1gfWEEjCH1tBOj53/Wfwn9ZuGoNqboA2jgsh2rnVVSXR\nOdXK3is/FMh9JREr669be83nnQ8fNP8nIz3snEvKVYVGcdsdkDXBz4GKmJx52NNb\nauL+4w14/0PydCVH/njsFY8FyWqP9lUFgpJU8jHjX28oTB3khwWrDs0THwqilTFn\nhFjgeCy555zeh5rDpBDPdPbLUNd094RB15zaKzn2dC15F8DMCLoA9ASNET7S/+u3\n1SjvI4XnOpxK9hyETcwjzbWJc2gV7U38VqxhQW9Vch3AvXOufMMTm6cobLjiwxjF\nl3XTMJ5GvHDZXCwrGEapy9GbHQjbd9yi0iFgfSGV4nkNmCj1jtAMUngdCqELDVU2\nZe3a8IeJswlTteGlXAM5mwnDaegMsiD/vwsq5Rtl0gs3iI3uIN4RFXuvxP+UeJ/c\ndJWqpF8vcQI4qGN3kxgB30I7mUiz1aggv5uw6nDWRJHTQKLeOkV8ssTq4FLs4XYL\n4z4qmMT5i+8bGu575py/LRDjvXBldeitnQj1jAN2y/uPNVWsZqU3S+OkEosYIgSQ\njAe3N0EyH5k3j7j43x91toYOCAkulAuPkox6GyUKKq4dCPWxg9fqQ8u4PaSN1GYB\nCQIQ3+GP0DNWupTIkTS4Bk1LwbT99lyr2DyExqb2pgXmzn05Qs6CE4+jcIxXnmUQ\nzCl6PLiw+DJ1nq5gKtTrkO96HtHGyfPiUunDZXty1/zNltYjedk7ebkWF3LNXBhE\nK38c6yE=\n=w0Nn\n-----END PGP MESSAGE-----", - "fp": "0C982F87B7AFBA0F504F90A2629E741947C87928" - } - ], - "unencrypted_suffix": "_unencrypted", - "version": "3.8.1" - } -} \ No newline at end of file diff --git a/hosts/palladium/ssh.pub b/hosts/palladium/ssh.pub index aa15027..88fc9c4 100644 --- a/hosts/palladium/ssh.pub +++ b/hosts/palladium/ssh.pub @@ -1 +1 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBc/YTf80MjyVeApOecOlxORIlwCaWtJNWtfggc0B374 +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF0ZrGvZqxqsGEl2+YNnL5JNpeRc3y0DgqZAkuayfeso