tristan/nix
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity

Add new system: nixos-he4

Browse source
This commit is contained in:
Tristan D. 2024-01-11 07:25:57 +01:00
parent 4187e3dc51
commit e488b48675
Signed by: tristan
SSH key fingerprint: SHA256:ZMn464IW7rXrbHpTgo8zEwRNqsMmHVuVMDFHzK99smI
8 changed files with 586 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
ext/ssh/ssh_host_ed25519_key Normal file
View file

@ -0,0 +1,7 @@
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
QyNTUxOQAAACBCgwDhDEWayWT4AMNImT9Mk4Kj/D3fziUpumRH1QFTCgAAAJgHTOqSB0zq
kgAAAAtzc2gtZWQyNTUxOQAAACBCgwDhDEWayWT4AMNImT9Mk4Kj/D3fziUpumRH1QFTCg
AAAEDom/nKVftSAdtd69soT2h3ZsMdhrvFv7CeEEjAvmkZ0UKDAOEMRZrJZPgAw0iZP0yT
gqP8Pd/OJSm6ZEfVAVMKAAAAD3Jvb3RAbml4b3MtZGVzawECAwQFBg==
-----END OPENSSH PRIVATE KEY-----

1
ext/ssh/ssh_host_ed25519_key.pub Normal file
View file

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEKDAOEMRZrJZPgAw0iZP0yTgqP8Pd/OJSm6ZEfVAVMK root@nixos-desk

38
ext/ssh/ssh_host_rsa_key Normal file
View file

@ -0,0 +1,38 @@
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn
NhAAAAAwEAAQAAAYEAspQHnUbpgiyDK/iXDV7NNT/ajABogFtc5IGecEW8BtNTNgDZpoFE
6GQpLHtE8d3WCsZCcqHXeQKyImGPviMF87GqTRYyNThckcu6ae9wk0cZFwhamKM2uD3yOS
pM/JkGvoUs+KlAvbwwbCZ4You1F5NDrClu9jfPzhIJFI1PflLjuTrCUVv/x+z/qWd8ESW4
fik9gB4b+MyzAwjRnpd9wG9RAo9dSR60Tq/dR7EeWDrIQJ0z9yaVjCW3MHH1aEv+nS+/uw
U9dMrWmu+zX0jNeadA4a+jPD8HaSOKgTvrv1zChY/hoLBg2VuFrI8/KhBvib7Zt3pe0MIp
dgLrYFZzem0k3YvfZS56TqjBGu5K11a66yoahoqMwX9ieJMnNgX3W5l9rmxgAK+BVoKjpB
dYsTmPg0g9ofxysgdgX7JPYMqZEaK6eEFdxfXWKAuuHmbahOU2xhmN94dFI7dbhg4hVidz
nfzXz/q/wC/7AimaAHcASCRxWx03bTHKZOYTfVYdAAAFiGQmUrxkJlK8AAAAB3NzaC1yc2
EAAAGBALKUB51G6YIsgyv4lw1ezTU/2owAaIBbXOSBnnBFvAbTUzYA2aaBROhkKSx7RPHd
1grGQnKh13kCsiJhj74jBfOxqk0WMjU4XJHLumnvcJNHGRcIWpijNrg98jkqTPyZBr6FLP
ipQL28MGwmeGKLtReTQ6wpbvY3z84SCRSNT35S47k6wlFb/8fs/6lnfBEluH4pPYAeG/jM
swMI0Z6XfcBvUQKPXUketE6v3UexHlg6yECdM/cmlYwltzBx9WhL/p0vv7sFPXTK1prvs1
9IzXmnQOGvozw/B2kjioE7679cwoWP4aCwYNlbhayPPyoQb4m+2bd6XtDCKXYC62BWc3pt
JN2L32Uuek6owRruStdWuusqGoaKjMF/YniTJzYF91uZfa5sYACvgVaCo6QXWLE5j4NIPa
H8crIHYF+yT2DKmRGiunhBXcX11igLrh5m2oTlNsYZjfeHRSO3W4YOIVYnc53818/6v8Av
+wIpmgB3AEgkcVsdN20xymTmE31WHQAAAAMBAAEAAAGAB3snFIInfyIRPrLT1SYPD7eEls
/fkN0C97msYwSw21JYDo+bjpukwN2NUgU5/q3t7RagKwA3sCSaRNF0faEm+y4Ktd8DrHIX
gq4XuZ9jxm+4j9v0O6e+v5osvxNUFVLt0uZuW15vzWMIXkeATJSQuhObxqcXtG3jIT1lLv
y6g07CpnxdLp5diUkW7shcjLVZVMOyhV79if89Upe4fF3ZUUn4iVRrMoh8Qj2g1gOIA2c3
A2nyhtyRcEUWNwvXHY7tYg2OYOR7VLYltgVCQcfgKtUUZtTrocY8cJvn3wVJrU139lhkPP
essNSLBMQ3JpT4YxxibIJu5IzPucxED57debLWyCjxhr9OhgzOGM5qdOmgxJqpXrdyXUu/
HnrybaMbHa6rkeUtrVHCD30oQRnxfxakoxB3LALLSgaKx0c+GMJGVAWMp15IjhvPtWX+Cu
8tMm1GbURRVhr0Z5e3jyCRYmORez0rCp6Kli6m0WN6xxEfWfBMx/LuG9CMc8Y8gGTbAAAA
wCCxpefD3Mr2O1oD2DNOFXyPLsKB1ftBTGDAV33ZMYIoLEpO5UP9/OZuOqkyIaMcY4KCCQ
eS6nAk5R+osW/Vj+cTehXDq4prWuPeiAfsUt3O1fXjSdGFcp+YNuuyYDpFQIQIa+QYeLES
azZUn5pgvndiaWVMvFP9MA5TR7bz0hyNtNhj6NdIsxI57LZs/pY1geHXANOlANT/9rOFYY
+1w/mb2cSNbPhYk3oLkJqZ295rkPaFwHdpY1Y4FfEFqdnfrgAAAMEA++FtXi3bM5zMp9pk
gYcPzecA+DF2LVa/pdZlUg8i1R4SvCcp0SrTugK9AstA+iyWADXmZCyox6BaBeqb7enVeb
Gw84aJWSRy5Y9y9YIC2hlpofMVHvUlon0ygzYXwHbDV8lqgl7xJ7jEHxnFd9afWogZU7Kt
s7pkcHTZlRnPDJJkYeX1GaOedCwj7a11E5GOWeMM1OLkj7vsJ98ZhQUTN8xV8rclB0Hkat
B49vkWkl5c8e95X5wG+42K0nsh78JzAAAAwQC1f7NXNpCIL9FVyMaiQU2GtdTImDG/tZUf
cLgwgxwgW/C/ifOXxSzZHNelgE5NV/zGlYj9uChaj6wKsYXFmreXnhU5uReaTDThTkD9DB
9lzd/tSI2lDFPMDuBanqpsC5zu/ikIFX3oE0hn7C27aOceRJQw4Uzv/HfTGDWX0pqHv6JE
PTKQvYzucwsduTvkoSmEthc+Nbg9A9orD61Lklromv/xPNBooIBCp9F7wNa9ISF9TvaPgk
2DV9tl+Dp1ES8AAAAPcm9vdEBuaXhvcy1kZXNrAQIDBA==
-----END OPENSSH PRIVATE KEY-----

1
ext/ssh/ssh_host_rsa_key.pub Normal file
View file

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCylAedRumCLIMr+JcNXs01P9qMAGiAW1zkgZ5wRbwG01M2ANmmgUToZCkse0Tx3dYKxkJyodd5ArIiYY++IwXzsapNFjI1OFyRy7pp73CTRxkXCFqYoza4PfI5Kkz8mQa+hSz4qUC9vDBsJnhii7UXk0OsKW72N8/OEgkUjU9+UuO5OsJRW//H7P+pZ3wRJbh+KT2AHhv4zLMDCNGel33Ab1ECj11JHrROr91HsR5YOshAnTP3JpWMJbcwcfVoS/6dL7+7BT10ytaa77NfSM15p0Dhr6M8PwdpI4qBO+u/XMKFj+GgsGDZW4Wsjz8qEG+Jvtm3el7Qwil2AutgVnN6bSTdi99lLnpOqMEa7krXVrrrKhqGiozBf2J4kyc2BfdbmX2ubGAAr4FWgqOkF1ixOY+DSD2h/HKyB2Bfsk9gypkRorp4QV3F9dYoC64eZtqE5TbGGY33h0Ujt1uGDiFWJ3Od/NfP+r/AL/sCKZoAdwBIJHFbHTdtMcpk5hN9Vh0= root@nixos-desk

18
flake.nix
View file

@ -135,10 +135,26 @@
${system} = pkgs.nixpkgs-fmt;
};
diskoConfigurations = {
nixos-pulse = import ./systems/nixos-pulse/disko.nix;
nixos-desk = import ./systems/nixos-desk/disko.nix;
nixos-pulse = import ./systems/nixos-pulse/disko.nix;
nixos-he4 = import ./systems/nixos-he4/disko.nix;
};
nixosConfigurations = {
nixos-he4 = nixpkgs.lib.nixosSystem {
system = system;
specialArgs = args;
modules =
[
./systems/nixos-he4
{
nixpkgs.pkgs = pkgs;
nix.registry.nixpkgs.flake = nixpkgs;
home-manager.sharedModules = hmModules;
home-manager.extraSpecialArgs = args;
}
]
++ osModules;
};
nixos-pulse = nixpkgs.lib.nixosSystem {
system = system;
specialArgs = args;

137
systems/nixos-he4/default.nix Normal file
View file

@ -0,0 +1,137 @@
{ config
, lib
, pkgs
, modulesPath
, system
, inputs
, ...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
../../os-mods/cachix
../../os-mods/common
../../os-mods/netdata
../../os-mods/network
../../os-mods/virt
./disko.nix
];
config = {
system.stateVersion = "23.11";
environment.systemPackages = with pkgs; [
cryptsetup
bcachefs-tools
];
users.users = {
root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHowJtKj3ohrYjyeWwQ8Lj6UMSPI390SwLRuVIlojcGM tristand@nixos-desk"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO4fBDj1/He/uimO97RgjGWZLAimTrLmIlYS2ekD73GC tristan@arch-pulse"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDP8ztBIgQsYh7LefSKtuDRYDWNheZWbmIr51T/Np/jc tristand@nixos-pulse"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ/tkVxnPZB+C6sK9A12pUsB38OhXieMNaij6pC3foSH admin@vault81.de"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMuH8L7mQDg86uJME6jndOu4niwLMASuJKpdbJU8Hfet tristan+desktop@vault81.de"
];
# Define a user account. Don't forget to set a password with passwd.
tristand = {
isNormalUser = true;
description = "tristand";
extraGroups = [ "docker" "networkmanager" "wheel" ];
hashedPassword = "$6$Wj.XY8JgH5EWuog4$HnbtPJXDEqKXFrzkPVEjih3PytcpBCrkfL7TAwkXd0IFced7kGMlZNliNsAqQ3XqfyUzAYiiKTIqoPVJEk.s..";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHowJtKj3ohrYjyeWwQ8Lj6UMSPI390SwLRuVIlojcGM tristand@nixos-desk"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO4fBDj1/He/uimO97RgjGWZLAimTrLmIlYS2ekD73GC tristan@arch-pulse"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDP8ztBIgQsYh7LefSKtuDRYDWNheZWbmIr51T/Np/jc tristand@nixos-pulse"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ/tkVxnPZB+C6sK9A12pUsB38OhXieMNaij6pC3foSH admin@vault81.de"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMuH8L7mQDg86uJME6jndOu4niwLMASuJKpdbJU8Hfet tristan+desktop@vault81.de"
];
};
};
home-manager = {
useUserPackages = true;
useGlobalPkgs = true;
users.tristand = import ../../users/admin-shell.nix {
username = "tristand";
inherit pkgs;
inherit config;
inherit inputs;
inherit system;
inherit lib;
};
};
nix.settings.system-features = [
"benchmark"
"big-parallel"
"kvm"
"nixos-test"
# "gccarch-x86-64-v3"
# "gccarch-znver3"
];
boot = {
kernelPackages = pkgs.linuxPackages_latest;
# kernelPackages = pkgs.pkgsx86_64_v3.linuxPackages_cachyos;
kernelModules = [ "kvm-amd" ];
extraModulePackages = [ ];
kernelParams = [
# "ip=192.168.1.35::192.168.1.1:255.255.255.0:my-server-initrd:eth0:none"
"ip=dhcp"
];
supportedFilesystems = [ "bcachefs" ];
loader = {
systemd-boot = {
enable = true;
configurationLimit = 32;
};
efi.canTouchEfiVariables = true;
};
initrd = {
availableKernelModules = [ "ahci" "nvme" "xhci_pci" "sd_mod" ];
kernelModules = [ "igb" ];
systemd.enable = true;
network = {
enable = true;
ssh = {
enable = true;
port = 2222;
hostKeys = [
/etc/nixos/ext/ssh/ssh_host_ed25519_key
/etc/nixos/ext/ssh/ssh_host_rsa_key
];
# this includes the ssh keys of all users in the wheel group, but you can just specify some keys manually
# authorizedKeys = [ "ssh-rsa ..." ];
authorizedKeys = with lib;
concatLists (mapAttrsToList
(name: user:
if elem "wheel" user.extraGroups
then user.openssh.authorizedKeys.keys
else [ ])
config.users.users);
};
# postCommands = ''
# echo 'cryptsetup-askpass' >> /root/.profile
# '';
};
};
};
# services.btrfs.autoScrub.enable = true;
networking = {
hostName = "nixos-he4";
useDHCP = lib.mkDefault true;
};
hardware = {
cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
};
zramSwap.enable = true;
};
}

367
systems/nixos-he4/disko.nix Normal file
View file

@ -0,0 +1,367 @@
###############################################################################
# WARNING
#
# This is only a tempalte used on system setup
# due to relatively early bachefs support in disko.nix
# everything was partitioned manually, this conf is here for reference
# but not used in the live system
#
###############################################################################
###############################################################################
# sudo nix --experimental-features "nix-command flakes" run github:nix-community/disko -- --mode disko systems/nixos-he4/disko.nix
#
# pci-0000:2c:00.0-nvme-1 -> ../../nmve1n1 -> crypted_ssd0
# pci-0000:2d:00.0-nvme-1 -> ../../nvme0n1 -> crypted_ssd1
# pci-0000:01:00.0-ata-1 -> ../../sda -> crypted_hdd_0
# pci-0000:01:00.0-ata-2 -> ../../sdb -> crypted_hdd_1
# pci-0000:01:00.0-ata-3 -> ../../sdc -> crypted_hdd_2
# pci-0000:01:00.0-ata-4 -> ../../sdd -> crypted_hdd_3
# pci-0000:02:00.1-ata-3 -> ../../sde -> crypted_hdd_4
# pci-0000:02:00.1-ata-4 -> ../../sdf -> crypted_hdd_5
# pci-0000:25:00.0-ata-1 -> ../../sdg -> crypted_hdd_6
# pci-0000:25:00.0-ata-2 -> ../../sdh -> crypted_hdd_7
# pci-0000:25:00.0-ata-3 -> ../../sdi -> crypted_hdd_8
# pci-0000:25:00.0-ata-4 -> ../../sdj -> crypted_hdd_9
#
# FORMAT:
# bcachefs format \
# --label=hdd.hdd0 /dev/mapper/crypted_hdd0 \
# --label=hdd.hdd1 /dev/mapper/crypted_hdd1 \
# --label=hdd.hdd2 /dev/mapper/crypted_hdd2 \
# --label=hdd.hdd3 /dev/mapper/crypted_hdd3 \
# --label=hdd.hdd4 /dev/mapper/crypted_hdd4 \
# --label=hdd.hdd5 /dev/mapper/crypted_hdd5 \
# --label=hdd.hdd6 /dev/mapper/crypted_hdd6 \
# --label=hdd.hdd7 /dev/mapper/crypted_hdd7 \
# --label=hdd.hdd8 /dev/mapper/crypted_hdd8 \
# --label=hdd.hdd9 /dev/mapper/crypted_hdd9 \
# --label=ssd.ssd0 /dev/mapper/crypted_ssd0 \
# --label=ssd.ssd1 /dev/mapper/crypted_ssd1 \
# --replicas=2 \
# --erasure_code \
# --background_compression=zstd \
# --foreground_target=ssd \
# --promote_target=ssd \
# --background_target=hdd
#
##############################
##############################
# MOUNT
#
# mount -t bcachefs \
# /dev/mapper/crypted_ssd0:\
# /dev/mapper/crypted_ssd1:\
# /dev/mapper/crypted_hdd0:\
# /dev/mapper/crypted_hdd1:\
# /dev/mapper/crypted_hdd2:\
# /dev/mapper/crypted_hdd3:\
# /dev/mapper/crypted_hdd4:\
# /dev/mapper/crypted_hdd5:\
# /dev/mapper/crypted_hdd6:\
# /dev/mapper/crypted_hdd7:\
# /dev/mapper/crypted_hdd8:\
# /dev/mapper/crypted_hdd9\
# /mnt
#
##############################
{
# The manual definitions are generated by nixos-generate-config
# the commented out stuff are partitions created by disko
# bcachefs is not handled well by disko so it is handled seperately
fileSystems."/" = {
device = "UUID=22d3e827-0ac1-4c66-ab88-bcd8b1cfd788";
fsType = "bcachefs";
};
# fileSystems."/boot" = {
# device = "/dev/disk/by-uuid/2877-9E1D";
# fsType = "vfat";
# };
#swapDevices = [
# { device = "/dev/disk/by-uuid/82221e84-072a-4f68-a78b-59eb368f684f"; }
# { device = "/dev/disk/by-uuid/cc0792e2-c67c-44af-af28-6645f6e5dda2"; }
# ];
disko.devices = {
disk = {
crypt_ssd0 = {
type = "disk";
device = "/dev/disk/by-path/pci-0000:2c:00.0-nvme-1";
content = {
type = "gpt";
partitions = {
ESP = {
label = "fake_EFI";
name = "fake_ESP";
size = "1024M";
type = "8300";
};
luks = {
end = "-96G";
content = {
type = "luks";
name = "crypted_ssd0";
extraOpenArgs = [ "--allow-discards" ];
passwordFile = "/tmp/secret.key";
additionalKeyFiles = [ ];
};
};
luksSwap = {
end = "-32G";
content = {
type = "luks";
name = "crypted_swap0";
extraOpenArgs = [ "--allow-discards" ];
passwordFile = "/tmp/secret.key";
additionalKeyFiles = [ ];
content = {
type = "swap";
};
};
};
};
};
};
crypt_ssd1 = {
type = "disk";
device = "/dev/disk/by-path/pci-0000:2d:00.0-nvme-1";
content = {
type = "gpt";
partitions = {
ESP = {
label = "real_EFI";
name = "ESP";
size = "1024M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [
"defaults"
];
};
};
luks = {
end = "-96G";
content = {
type = "luks";
name = "crypted_ssd1";
extraOpenArgs = [ "--allow-discards" ];
passwordFile = "/tmp/secret.key";
additionalKeyFiles = [ ];
};
};
luksSwap = {
end = "-32G";
content = {
type = "luks";
name = "crypted_swap1";
extraOpenArgs = [ "--allow-discards " ];
passwordFile = "/tmp/secret.key ";
additionalKeyFiles = [ ];
content = {
type = "swap";
resumeDevice = true;
};
};
};
};
};
};
crypt_hdd0 = {
type = "disk";
device = "/dev/disk/by-path/pci-0000:01:00.0-ata-1";
content = {
type = "gpt";
partitions = {
luks = {
end = "-64G";
content = {
type = "luks";
name = "crypted_hdd0";
extraOpenArgs = [ "--allow-discards" ];
passwordFile = "/tmp/secret.key";
additionalKeyFiles = [ ];
};
};
};
};
};
crypt_hdd1 = {
type = "disk";
device = "/dev/disk/by-path/pci-0000:01:00.0-ata-2";
content = {
type = "gpt";
partitions = {
luks = {
end = "-64G";
content = {
type = "luks";
name = "crypted_hdd1";
extraOpenArgs = [ "--allow-discards" ];
passwordFile = "/tmp/secret.key";
additionalKeyFiles = [ ];
};
};
};
};
};
crypt_hdd2 = {
type = "disk";
device = "/dev/disk/by-path/pci-0000:01:00.0-ata-3";
content = {
type = "gpt";
partitions = {
luks = {
end = "-64G";
content = {
type = "luks";
name = "crypted_hdd2";
extraOpenArgs = [ "--allow-discards" ];
passwordFile = "/tmp/secret.key";
additionalKeyFiles = [ ];
};
};
};
};
};
crypt_hdd3 = {
type = "disk";
device = "/dev/disk/by-path/pci-0000:01:00.0-ata-4";
content = {
type = "gpt";
partitions = {
luks = {
end = "-64G";
content = {
type = "luks";
name = "crypted_hdd3";
extraOpenArgs = [ "--allow-discards" ];
passwordFile = "/tmp/secret.key";
additionalKeyFiles = [ ];
};
};
};
};
};
crypt_hdd4 = {
type = "disk";
device = "/dev/disk/by-path/pci-0000:02:00.1-ata-3";
content = {
type = "gpt";
partitions = {
luks = {
end = "-64G";
content = {
type = "luks";
name = "crypted_hdd4";
extraOpenArgs = [ "--allow-discards" ];
passwordFile = "/tmp/secret.key";
additionalKeyFiles = [ ];
};
};
};
};
};
crypt_hdd5 = {
type = "disk";
device = "/dev/disk/by-path/pci-0000:02:00.1-ata-4";
content = {
type = "gpt";
partitions = {
luks = {
end = "-64G";
content = {
type = "luks";
name = "crypted_hdd5";
extraOpenArgs = [ "--allow-discards" ];
passwordFile = "/tmp/secret.key";
additionalKeyFiles = [ ];
};
};
};
};
};
crypt_hdd6 = {
type = "disk";
device = "/dev/disk/by-path/pci-0000:25:00.0-ata-1";
content = {
type = "gpt";
partitions = {
luks = {
end = "-64G";
content = {
type = "luks";
name = "crypted_hdd6";
extraOpenArgs = [ "--allow-discards" ];
passwordFile = "/tmp/secret.key";
additionalKeyFiles = [ ];
};
};
};
};
};
crypt_hdd7 = {
type = "disk";
device = "/dev/disk/by-path/pci-0000:25:00.0-ata-2";
content = {
type = "gpt";
partitions = {
luks = {
end = "-64G";
content = {
type = "luks";
name = "crypted_hdd7";
extraOpenArgs = [ "--allow-discards" ];
passwordFile = "/tmp/secret.key";
additionalKeyFiles = [ ];
};
};
};
};
};
crypt_hdd8 = {
type = "disk";
device = "/dev/disk/by-path/pci-0000:25:00.0-ata-3";
content = {
type = "gpt";
partitions = {
luks = {
end = "-64G";
content = {
type = "luks";
name = "crypted_hdd8";
extraOpenArgs = [ "--allow-discards" ];
passwordFile = "/tmp/secret.key";
additionalKeyFiles = [ ];
};
};
};
};
};
crypt_hdd9 = {
type = "disk";
device = "/dev/disk/by-path/pci-0000:25:00.0-ata-4";
content = {
type = "gpt";
partitions = {
luks = {
end = "-64G";
content = {
type = "luks";
name = "crypted_hdd9";
extraOpenArgs = [ "--allow-discards" ];
passwordFile = "/tmp/secret.key";
additionalKeyFiles = [ ];
};
};
};
};
};
};
};
}

18
users/admin-shell.nix Normal file
View file

@ -0,0 +1,18 @@
{ pkgs
, config
, inputs
, system
, username
, ...
}: {
imports = [
../home-mods/shell
];
config.home = {
username = username;
homeDirectory = "/home/${username}";
stateVersion = "23.05";
};
}