From e488b4867521e8787c8c040b4dcf3543c85f31b7 Mon Sep 17 00:00:00 2001 From: Tristan Druyen Date: Thu, 11 Jan 2024 07:25:57 +0100 Subject: [PATCH] Add new system: nixos-he4 --- ext/ssh/ssh_host_ed25519_key | 7 + ext/ssh/ssh_host_ed25519_key.pub | 1 + ext/ssh/ssh_host_rsa_key | 38 ++++ ext/ssh/ssh_host_rsa_key.pub | 1 + flake.nix | 18 +- systems/nixos-he4/default.nix | 137 ++++++++++++ systems/nixos-he4/disko.nix | 367 +++++++++++++++++++++++++++++++ users/admin-shell.nix | 18 ++ 8 files changed, 586 insertions(+), 1 deletion(-) create mode 100644 ext/ssh/ssh_host_ed25519_key create mode 100644 ext/ssh/ssh_host_ed25519_key.pub create mode 100644 ext/ssh/ssh_host_rsa_key create mode 100644 ext/ssh/ssh_host_rsa_key.pub create mode 100644 systems/nixos-he4/default.nix create mode 100644 systems/nixos-he4/disko.nix create mode 100644 users/admin-shell.nix diff --git a/ext/ssh/ssh_host_ed25519_key b/ext/ssh/ssh_host_ed25519_key new file mode 100644 index 0000000..1c8fbc4 --- /dev/null +++ b/ext/ssh/ssh_host_ed25519_key @@ -0,0 +1,7 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW +QyNTUxOQAAACBCgwDhDEWayWT4AMNImT9Mk4Kj/D3fziUpumRH1QFTCgAAAJgHTOqSB0zq +kgAAAAtzc2gtZWQyNTUxOQAAACBCgwDhDEWayWT4AMNImT9Mk4Kj/D3fziUpumRH1QFTCg +AAAEDom/nKVftSAdtd69soT2h3ZsMdhrvFv7CeEEjAvmkZ0UKDAOEMRZrJZPgAw0iZP0yT +gqP8Pd/OJSm6ZEfVAVMKAAAAD3Jvb3RAbml4b3MtZGVzawECAwQFBg== +-----END OPENSSH PRIVATE KEY----- diff --git a/ext/ssh/ssh_host_ed25519_key.pub b/ext/ssh/ssh_host_ed25519_key.pub new file mode 100644 index 0000000..780588c --- /dev/null +++ b/ext/ssh/ssh_host_ed25519_key.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEKDAOEMRZrJZPgAw0iZP0yTgqP8Pd/OJSm6ZEfVAVMK root@nixos-desk diff --git a/ext/ssh/ssh_host_rsa_key b/ext/ssh/ssh_host_rsa_key new file mode 100644 index 0000000..38759a7 --- /dev/null +++ b/ext/ssh/ssh_host_rsa_key @@ -0,0 +1,38 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn +NhAAAAAwEAAQAAAYEAspQHnUbpgiyDK/iXDV7NNT/ajABogFtc5IGecEW8BtNTNgDZpoFE +6GQpLHtE8d3WCsZCcqHXeQKyImGPviMF87GqTRYyNThckcu6ae9wk0cZFwhamKM2uD3yOS +pM/JkGvoUs+KlAvbwwbCZ4You1F5NDrClu9jfPzhIJFI1PflLjuTrCUVv/x+z/qWd8ESW4 +fik9gB4b+MyzAwjRnpd9wG9RAo9dSR60Tq/dR7EeWDrIQJ0z9yaVjCW3MHH1aEv+nS+/uw +U9dMrWmu+zX0jNeadA4a+jPD8HaSOKgTvrv1zChY/hoLBg2VuFrI8/KhBvib7Zt3pe0MIp +dgLrYFZzem0k3YvfZS56TqjBGu5K11a66yoahoqMwX9ieJMnNgX3W5l9rmxgAK+BVoKjpB +dYsTmPg0g9ofxysgdgX7JPYMqZEaK6eEFdxfXWKAuuHmbahOU2xhmN94dFI7dbhg4hVidz +nfzXz/q/wC/7AimaAHcASCRxWx03bTHKZOYTfVYdAAAFiGQmUrxkJlK8AAAAB3NzaC1yc2 +EAAAGBALKUB51G6YIsgyv4lw1ezTU/2owAaIBbXOSBnnBFvAbTUzYA2aaBROhkKSx7RPHd +1grGQnKh13kCsiJhj74jBfOxqk0WMjU4XJHLumnvcJNHGRcIWpijNrg98jkqTPyZBr6FLP +ipQL28MGwmeGKLtReTQ6wpbvY3z84SCRSNT35S47k6wlFb/8fs/6lnfBEluH4pPYAeG/jM +swMI0Z6XfcBvUQKPXUketE6v3UexHlg6yECdM/cmlYwltzBx9WhL/p0vv7sFPXTK1prvs1 +9IzXmnQOGvozw/B2kjioE7679cwoWP4aCwYNlbhayPPyoQb4m+2bd6XtDCKXYC62BWc3pt +JN2L32Uuek6owRruStdWuusqGoaKjMF/YniTJzYF91uZfa5sYACvgVaCo6QXWLE5j4NIPa +H8crIHYF+yT2DKmRGiunhBXcX11igLrh5m2oTlNsYZjfeHRSO3W4YOIVYnc53818/6v8Av ++wIpmgB3AEgkcVsdN20xymTmE31WHQAAAAMBAAEAAAGAB3snFIInfyIRPrLT1SYPD7eEls +/fkN0C97msYwSw21JYDo+bjpukwN2NUgU5/q3t7RagKwA3sCSaRNF0faEm+y4Ktd8DrHIX +gq4XuZ9jxm+4j9v0O6e+v5osvxNUFVLt0uZuW15vzWMIXkeATJSQuhObxqcXtG3jIT1lLv +y6g07CpnxdLp5diUkW7shcjLVZVMOyhV79if89Upe4fF3ZUUn4iVRrMoh8Qj2g1gOIA2c3 +A2nyhtyRcEUWNwvXHY7tYg2OYOR7VLYltgVCQcfgKtUUZtTrocY8cJvn3wVJrU139lhkPP +essNSLBMQ3JpT4YxxibIJu5IzPucxED57debLWyCjxhr9OhgzOGM5qdOmgxJqpXrdyXUu/ +HnrybaMbHa6rkeUtrVHCD30oQRnxfxakoxB3LALLSgaKx0c+GMJGVAWMp15IjhvPtWX+Cu +8tMm1GbURRVhr0Z5e3jyCRYmORez0rCp6Kli6m0WN6xxEfWfBMx/LuG9CMc8Y8gGTbAAAA +wCCxpefD3Mr2O1oD2DNOFXyPLsKB1ftBTGDAV33ZMYIoLEpO5UP9/OZuOqkyIaMcY4KCCQ +eS6nAk5R+osW/Vj+cTehXDq4prWuPeiAfsUt3O1fXjSdGFcp+YNuuyYDpFQIQIa+QYeLES +azZUn5pgvndiaWVMvFP9MA5TR7bz0hyNtNhj6NdIsxI57LZs/pY1geHXANOlANT/9rOFYY ++1w/mb2cSNbPhYk3oLkJqZ295rkPaFwHdpY1Y4FfEFqdnfrgAAAMEA++FtXi3bM5zMp9pk +gYcPzecA+DF2LVa/pdZlUg8i1R4SvCcp0SrTugK9AstA+iyWADXmZCyox6BaBeqb7enVeb +Gw84aJWSRy5Y9y9YIC2hlpofMVHvUlon0ygzYXwHbDV8lqgl7xJ7jEHxnFd9afWogZU7Kt +s7pkcHTZlRnPDJJkYeX1GaOedCwj7a11E5GOWeMM1OLkj7vsJ98ZhQUTN8xV8rclB0Hkat +B49vkWkl5c8e95X5wG+42K0nsh78JzAAAAwQC1f7NXNpCIL9FVyMaiQU2GtdTImDG/tZUf +cLgwgxwgW/C/ifOXxSzZHNelgE5NV/zGlYj9uChaj6wKsYXFmreXnhU5uReaTDThTkD9DB +9lzd/tSI2lDFPMDuBanqpsC5zu/ikIFX3oE0hn7C27aOceRJQw4Uzv/HfTGDWX0pqHv6JE +PTKQvYzucwsduTvkoSmEthc+Nbg9A9orD61Lklromv/xPNBooIBCp9F7wNa9ISF9TvaPgk +2DV9tl+Dp1ES8AAAAPcm9vdEBuaXhvcy1kZXNrAQIDBA== +-----END OPENSSH PRIVATE KEY----- diff --git a/ext/ssh/ssh_host_rsa_key.pub b/ext/ssh/ssh_host_rsa_key.pub new file mode 100644 index 0000000..84db4b3 --- /dev/null +++ b/ext/ssh/ssh_host_rsa_key.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCylAedRumCLIMr+JcNXs01P9qMAGiAW1zkgZ5wRbwG01M2ANmmgUToZCkse0Tx3dYKxkJyodd5ArIiYY++IwXzsapNFjI1OFyRy7pp73CTRxkXCFqYoza4PfI5Kkz8mQa+hSz4qUC9vDBsJnhii7UXk0OsKW72N8/OEgkUjU9+UuO5OsJRW//H7P+pZ3wRJbh+KT2AHhv4zLMDCNGel33Ab1ECj11JHrROr91HsR5YOshAnTP3JpWMJbcwcfVoS/6dL7+7BT10ytaa77NfSM15p0Dhr6M8PwdpI4qBO+u/XMKFj+GgsGDZW4Wsjz8qEG+Jvtm3el7Qwil2AutgVnN6bSTdi99lLnpOqMEa7krXVrrrKhqGiozBf2J4kyc2BfdbmX2ubGAAr4FWgqOkF1ixOY+DSD2h/HKyB2Bfsk9gypkRorp4QV3F9dYoC64eZtqE5TbGGY33h0Ujt1uGDiFWJ3Od/NfP+r/AL/sCKZoAdwBIJHFbHTdtMcpk5hN9Vh0= root@nixos-desk diff --git a/flake.nix b/flake.nix index c319014..32f62d1 100644 --- a/flake.nix +++ b/flake.nix @@ -135,10 +135,26 @@ ${system} = pkgs.nixpkgs-fmt; }; diskoConfigurations = { - nixos-pulse = import ./systems/nixos-pulse/disko.nix; nixos-desk = import ./systems/nixos-desk/disko.nix; + nixos-pulse = import ./systems/nixos-pulse/disko.nix; + nixos-he4 = import ./systems/nixos-he4/disko.nix; }; nixosConfigurations = { + nixos-he4 = nixpkgs.lib.nixosSystem { + system = system; + specialArgs = args; + modules = + [ + ./systems/nixos-he4 + { + nixpkgs.pkgs = pkgs; + nix.registry.nixpkgs.flake = nixpkgs; + home-manager.sharedModules = hmModules; + home-manager.extraSpecialArgs = args; + } + ] + ++ osModules; + }; nixos-pulse = nixpkgs.lib.nixosSystem { system = system; specialArgs = args; diff --git a/systems/nixos-he4/default.nix b/systems/nixos-he4/default.nix new file mode 100644 index 0000000..f5ded73 --- /dev/null +++ b/systems/nixos-he4/default.nix @@ -0,0 +1,137 @@ +{ config +, lib +, pkgs +, modulesPath +, system +, inputs +, ... +}: { + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ../../os-mods/cachix + ../../os-mods/common + ../../os-mods/netdata + ../../os-mods/network + ../../os-mods/virt + ./disko.nix + ]; + + config = { + system.stateVersion = "23.11"; + environment.systemPackages = with pkgs; [ + cryptsetup + bcachefs-tools + ]; + + users.users = { + root.openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHowJtKj3ohrYjyeWwQ8Lj6UMSPI390SwLRuVIlojcGM tristand@nixos-desk" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO4fBDj1/He/uimO97RgjGWZLAimTrLmIlYS2ekD73GC tristan@arch-pulse" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDP8ztBIgQsYh7LefSKtuDRYDWNheZWbmIr51T/Np/jc tristand@nixos-pulse" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ/tkVxnPZB+C6sK9A12pUsB38OhXieMNaij6pC3foSH admin@vault81.de" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMuH8L7mQDg86uJME6jndOu4niwLMASuJKpdbJU8Hfet tristan+desktop@vault81.de" + ]; + + # Define a user account. Don't forget to set a password with ‘passwd’. + tristand = { + isNormalUser = true; + description = "tristand"; + extraGroups = [ "docker" "networkmanager" "wheel" ]; + hashedPassword = "$6$Wj.XY8JgH5EWuog4$HnbtPJXDEqKXFrzkPVEjih3PytcpBCrkfL7TAwkXd0IFced7kGMlZNliNsAqQ3XqfyUzAYiiKTIqoPVJEk.s.."; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHowJtKj3ohrYjyeWwQ8Lj6UMSPI390SwLRuVIlojcGM tristand@nixos-desk" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO4fBDj1/He/uimO97RgjGWZLAimTrLmIlYS2ekD73GC tristan@arch-pulse" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDP8ztBIgQsYh7LefSKtuDRYDWNheZWbmIr51T/Np/jc tristand@nixos-pulse" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ/tkVxnPZB+C6sK9A12pUsB38OhXieMNaij6pC3foSH admin@vault81.de" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMuH8L7mQDg86uJME6jndOu4niwLMASuJKpdbJU8Hfet tristan+desktop@vault81.de" + ]; + }; + }; + + home-manager = { + useUserPackages = true; + useGlobalPkgs = true; + users.tristand = import ../../users/admin-shell.nix { + username = "tristand"; + + inherit pkgs; + inherit config; + inherit inputs; + inherit system; + inherit lib; + }; + }; + + nix.settings.system-features = [ + "benchmark" + "big-parallel" + "kvm" + "nixos-test" + # "gccarch-x86-64-v3" + # "gccarch-znver3" + ]; + boot = { + kernelPackages = pkgs.linuxPackages_latest; + # kernelPackages = pkgs.pkgsx86_64_v3.linuxPackages_cachyos; + kernelModules = [ "kvm-amd" ]; + extraModulePackages = [ ]; + kernelParams = [ + # "ip=192.168.1.35::192.168.1.1:255.255.255.0:my-server-initrd:eth0:none" + "ip=dhcp" + ]; + + supportedFilesystems = [ "bcachefs" ]; + + loader = { + systemd-boot = { + enable = true; + configurationLimit = 32; + }; + efi.canTouchEfiVariables = true; + }; + + initrd = { + availableKernelModules = [ "ahci" "nvme" "xhci_pci" "sd_mod" ]; + kernelModules = [ "igb" ]; + systemd.enable = true; + + network = { + enable = true; + ssh = { + enable = true; + port = 2222; + hostKeys = [ + /etc/nixos/ext/ssh/ssh_host_ed25519_key + /etc/nixos/ext/ssh/ssh_host_rsa_key + ]; + # this includes the ssh keys of all users in the wheel group, but you can just specify some keys manually + # authorizedKeys = [ "ssh-rsa ..." ]; + authorizedKeys = with lib; + concatLists (mapAttrsToList + (name: user: + if elem "wheel" user.extraGroups + then user.openssh.authorizedKeys.keys + else [ ]) + config.users.users); + }; + # postCommands = '' + # echo 'cryptsetup-askpass' >> /root/.profile + # ''; + }; + }; + }; + + # services.btrfs.autoScrub.enable = true; + + networking = { + hostName = "nixos-he4"; + useDHCP = lib.mkDefault true; + }; + + hardware = { + cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + }; + + zramSwap.enable = true; + }; +} diff --git a/systems/nixos-he4/disko.nix b/systems/nixos-he4/disko.nix new file mode 100644 index 0000000..68704a2 --- /dev/null +++ b/systems/nixos-he4/disko.nix @@ -0,0 +1,367 @@ +############################################################################### +# WARNING +# +# This is only a tempalte used on system setup +# due to relatively early bachefs support in disko.nix +# everything was partitioned manually, this conf is here for reference +# but not used in the live system +# +############################################################################### +############################################################################### +# sudo nix --experimental-features "nix-command flakes" run github:nix-community/disko -- --mode disko systems/nixos-he4/disko.nix +# +# pci-0000:2c:00.0-nvme-1 -> ../../nmve1n1 -> crypted_ssd0 +# pci-0000:2d:00.0-nvme-1 -> ../../nvme0n1 -> crypted_ssd1 +# pci-0000:01:00.0-ata-1 -> ../../sda -> crypted_hdd_0 +# pci-0000:01:00.0-ata-2 -> ../../sdb -> crypted_hdd_1 +# pci-0000:01:00.0-ata-3 -> ../../sdc -> crypted_hdd_2 +# pci-0000:01:00.0-ata-4 -> ../../sdd -> crypted_hdd_3 +# pci-0000:02:00.1-ata-3 -> ../../sde -> crypted_hdd_4 +# pci-0000:02:00.1-ata-4 -> ../../sdf -> crypted_hdd_5 +# pci-0000:25:00.0-ata-1 -> ../../sdg -> crypted_hdd_6 +# pci-0000:25:00.0-ata-2 -> ../../sdh -> crypted_hdd_7 +# pci-0000:25:00.0-ata-3 -> ../../sdi -> crypted_hdd_8 +# pci-0000:25:00.0-ata-4 -> ../../sdj -> crypted_hdd_9 +# +# FORMAT: +# bcachefs format \ +# --label=hdd.hdd0 /dev/mapper/crypted_hdd0 \ +# --label=hdd.hdd1 /dev/mapper/crypted_hdd1 \ +# --label=hdd.hdd2 /dev/mapper/crypted_hdd2 \ +# --label=hdd.hdd3 /dev/mapper/crypted_hdd3 \ +# --label=hdd.hdd4 /dev/mapper/crypted_hdd4 \ +# --label=hdd.hdd5 /dev/mapper/crypted_hdd5 \ +# --label=hdd.hdd6 /dev/mapper/crypted_hdd6 \ +# --label=hdd.hdd7 /dev/mapper/crypted_hdd7 \ +# --label=hdd.hdd8 /dev/mapper/crypted_hdd8 \ +# --label=hdd.hdd9 /dev/mapper/crypted_hdd9 \ +# --label=ssd.ssd0 /dev/mapper/crypted_ssd0 \ +# --label=ssd.ssd1 /dev/mapper/crypted_ssd1 \ +# --replicas=2 \ +# --erasure_code \ +# --background_compression=zstd \ +# --foreground_target=ssd \ +# --promote_target=ssd \ +# --background_target=hdd +# +############################## +############################## +# MOUNT +# +# mount -t bcachefs \ +# /dev/mapper/crypted_ssd0:\ +# /dev/mapper/crypted_ssd1:\ +# /dev/mapper/crypted_hdd0:\ +# /dev/mapper/crypted_hdd1:\ +# /dev/mapper/crypted_hdd2:\ +# /dev/mapper/crypted_hdd3:\ +# /dev/mapper/crypted_hdd4:\ +# /dev/mapper/crypted_hdd5:\ +# /dev/mapper/crypted_hdd6:\ +# /dev/mapper/crypted_hdd7:\ +# /dev/mapper/crypted_hdd8:\ +# /dev/mapper/crypted_hdd9\ +# /mnt +# +############################## +{ + + # The manual definitions are generated by nixos-generate-config + # the commented out stuff are partitions created by disko + # bcachefs is not handled well by disko so it is handled seperately + + fileSystems."/" = { + device = "UUID=22d3e827-0ac1-4c66-ab88-bcd8b1cfd788"; + fsType = "bcachefs"; + }; + + # fileSystems."/boot" = { + # device = "/dev/disk/by-uuid/2877-9E1D"; + # fsType = "vfat"; + # }; + + #swapDevices = [ + # { device = "/dev/disk/by-uuid/82221e84-072a-4f68-a78b-59eb368f684f"; } + # { device = "/dev/disk/by-uuid/cc0792e2-c67c-44af-af28-6645f6e5dda2"; } + # ]; + + disko.devices = { + disk = { + crypt_ssd0 = { + type = "disk"; + device = "/dev/disk/by-path/pci-0000:2c:00.0-nvme-1"; + content = { + type = "gpt"; + partitions = { + ESP = { + label = "fake_EFI"; + name = "fake_ESP"; + size = "1024M"; + type = "8300"; + }; + luks = { + end = "-96G"; + content = { + type = "luks"; + name = "crypted_ssd0"; + extraOpenArgs = [ "--allow-discards" ]; + passwordFile = "/tmp/secret.key"; + additionalKeyFiles = [ ]; + }; + }; + luksSwap = { + end = "-32G"; + content = { + type = "luks"; + name = "crypted_swap0"; + extraOpenArgs = [ "--allow-discards" ]; + passwordFile = "/tmp/secret.key"; + additionalKeyFiles = [ ]; + content = { + type = "swap"; + }; + }; + }; + }; + }; + }; + crypt_ssd1 = { + type = "disk"; + device = "/dev/disk/by-path/pci-0000:2d:00.0-nvme-1"; + content = { + type = "gpt"; + partitions = { + ESP = { + label = "real_EFI"; + name = "ESP"; + size = "1024M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ + "defaults" + ]; + }; + }; + luks = { + end = "-96G"; + content = { + type = "luks"; + name = "crypted_ssd1"; + extraOpenArgs = [ "--allow-discards" ]; + passwordFile = "/tmp/secret.key"; + additionalKeyFiles = [ ]; + }; + }; + luksSwap = { + end = "-32G"; + content = { + type = "luks"; + name = "crypted_swap1"; + extraOpenArgs = [ "--allow-discards " ]; + passwordFile = "/tmp/secret.key "; + additionalKeyFiles = [ ]; + content = { + type = "swap"; + resumeDevice = true; + }; + }; + }; + }; + }; + }; + crypt_hdd0 = { + type = "disk"; + device = "/dev/disk/by-path/pci-0000:01:00.0-ata-1"; + content = { + type = "gpt"; + partitions = { + luks = { + end = "-64G"; + content = { + type = "luks"; + name = "crypted_hdd0"; + extraOpenArgs = [ "--allow-discards" ]; + passwordFile = "/tmp/secret.key"; + additionalKeyFiles = [ ]; + }; + }; + }; + }; + }; + crypt_hdd1 = { + type = "disk"; + device = "/dev/disk/by-path/pci-0000:01:00.0-ata-2"; + content = { + type = "gpt"; + partitions = { + luks = { + end = "-64G"; + content = { + type = "luks"; + name = "crypted_hdd1"; + extraOpenArgs = [ "--allow-discards" ]; + passwordFile = "/tmp/secret.key"; + additionalKeyFiles = [ ]; + }; + }; + }; + }; + }; + crypt_hdd2 = { + type = "disk"; + device = "/dev/disk/by-path/pci-0000:01:00.0-ata-3"; + content = { + type = "gpt"; + partitions = { + luks = { + end = "-64G"; + content = { + type = "luks"; + name = "crypted_hdd2"; + extraOpenArgs = [ "--allow-discards" ]; + passwordFile = "/tmp/secret.key"; + additionalKeyFiles = [ ]; + }; + }; + }; + }; + }; + crypt_hdd3 = { + type = "disk"; + device = "/dev/disk/by-path/pci-0000:01:00.0-ata-4"; + content = { + type = "gpt"; + partitions = { + luks = { + end = "-64G"; + content = { + type = "luks"; + name = "crypted_hdd3"; + extraOpenArgs = [ "--allow-discards" ]; + passwordFile = "/tmp/secret.key"; + additionalKeyFiles = [ ]; + }; + }; + }; + }; + }; + crypt_hdd4 = { + type = "disk"; + device = "/dev/disk/by-path/pci-0000:02:00.1-ata-3"; + content = { + type = "gpt"; + partitions = { + luks = { + end = "-64G"; + content = { + type = "luks"; + name = "crypted_hdd4"; + extraOpenArgs = [ "--allow-discards" ]; + passwordFile = "/tmp/secret.key"; + additionalKeyFiles = [ ]; + }; + }; + }; + }; + }; + crypt_hdd5 = { + type = "disk"; + device = "/dev/disk/by-path/pci-0000:02:00.1-ata-4"; + content = { + type = "gpt"; + partitions = { + luks = { + end = "-64G"; + content = { + type = "luks"; + name = "crypted_hdd5"; + extraOpenArgs = [ "--allow-discards" ]; + passwordFile = "/tmp/secret.key"; + additionalKeyFiles = [ ]; + }; + }; + }; + }; + }; + crypt_hdd6 = { + type = "disk"; + device = "/dev/disk/by-path/pci-0000:25:00.0-ata-1"; + content = { + type = "gpt"; + partitions = { + luks = { + end = "-64G"; + content = { + type = "luks"; + name = "crypted_hdd6"; + extraOpenArgs = [ "--allow-discards" ]; + passwordFile = "/tmp/secret.key"; + additionalKeyFiles = [ ]; + }; + }; + }; + }; + }; + crypt_hdd7 = { + type = "disk"; + device = "/dev/disk/by-path/pci-0000:25:00.0-ata-2"; + content = { + type = "gpt"; + partitions = { + luks = { + end = "-64G"; + content = { + type = "luks"; + name = "crypted_hdd7"; + extraOpenArgs = [ "--allow-discards" ]; + passwordFile = "/tmp/secret.key"; + additionalKeyFiles = [ ]; + }; + }; + }; + }; + }; + crypt_hdd8 = { + type = "disk"; + device = "/dev/disk/by-path/pci-0000:25:00.0-ata-3"; + content = { + type = "gpt"; + partitions = { + luks = { + end = "-64G"; + content = { + type = "luks"; + name = "crypted_hdd8"; + extraOpenArgs = [ "--allow-discards" ]; + passwordFile = "/tmp/secret.key"; + additionalKeyFiles = [ ]; + }; + }; + }; + }; + }; + crypt_hdd9 = { + type = "disk"; + device = "/dev/disk/by-path/pci-0000:25:00.0-ata-4"; + content = { + type = "gpt"; + partitions = { + luks = { + end = "-64G"; + content = { + type = "luks"; + name = "crypted_hdd9"; + extraOpenArgs = [ "--allow-discards" ]; + passwordFile = "/tmp/secret.key"; + additionalKeyFiles = [ ]; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/users/admin-shell.nix b/users/admin-shell.nix new file mode 100644 index 0000000..1fdf865 --- /dev/null +++ b/users/admin-shell.nix @@ -0,0 +1,18 @@ +{ pkgs +, config +, inputs +, system +, username +, ... +}: { + imports = [ + ../home-mods/shell + ]; + + config.home = { + username = username; + homeDirectory = "/home/${username}"; + + stateVersion = "23.05"; + }; +}