diff --git a/.sops.yaml b/.sops.yaml index 153993e..0ce16ed 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -7,7 +7,7 @@ keys: - &host-la-00 age1fw2sqaa5s9c8ml6ncsexkj8ar4288387ju92ytjys4awf9aw6smqqz94dh - &host-massicot age1jle2auermhswqtehww9gqada8car5aczrx43ztzqf9wtcld0sfmqzaecta - &host-weilite age17r3fxfmt6hgwe984w4lds9u0cnkf5ttq8hnqt800ayfmx7t8t5gqjddyml - - &host-hk-00 age1w3x5mz2g8jc9aq8cajdpg62f8n5p4qr6jgjlxw9seagyw0t0fsuqvkmym0 + - &host-hk-00 age1hrckkydr9yhnyw6qqqptz45yc9suszccu0nd53q2zhlksgy9pqaqmlsdmu creation_rules: - path_regex: machines/calcite/secrets.yaml key_groups: diff --git a/flake.lock b/flake.lock index 50dd949..f6abc8b 100644 --- a/flake.lock +++ b/flake.lock @@ -61,6 +61,26 @@ "type": "github" } }, + "disko": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1732221404, + "narHash": "sha256-fWTyjgGt+BHmkeJ5IxOR4zGF4/uc+ceWmhBjOBSVkgQ=", + "owner": "nix-community", + "repo": "disko", + "rev": "97c0c4d7072f19b598ed332e9f7f8ad562c6885b", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "disko", + "type": "github" + } + }, "flake-compat": { "flake": false, "locked": { @@ -596,6 +616,7 @@ "inputs": { "catppuccin": "catppuccin", "colmena": "colmena", + "disko": "disko", "flake-utils": "flake-utils_2", "home-manager": "home-manager", "my-nixvim": "my-nixvim", diff --git a/flake.nix b/flake.nix index 606276e..ff6509b 100644 --- a/flake.nix +++ b/flake.nix @@ -37,6 +37,11 @@ inputs.nixpkgs.follows = "nixpkgs"; }; + disko = { + url = "github:nix-community/disko"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + nix-index-database = { url = "github:Mic92/nix-index-database"; inputs.nixpkgs.follows = "nixpkgs"; @@ -66,6 +71,7 @@ nix-vscode-extensions, colmena, nix-index-database, + disko, ... }: let @@ -107,6 +113,7 @@ hk-00 = [ ./machines/dolomite/claw.nix ./machines/dolomite/common.nix + disko.nixosModules.disko ]; la-00 = [ ./machines/dolomite/bandwagon.nix diff --git a/garnix.yaml b/garnix.yaml deleted file mode 100644 index 38563a7..0000000 --- a/garnix.yaml +++ /dev/null @@ -1,10 +0,0 @@ -builds: - include: - - '*.x86_64-linux.*' - - defaultPackage.x86_64-linux - - devShell.x86_64-linux - - homeConfigurations.x86_64-linux.* - - homeConfigurations.aarch64-linux.* - - darwinConfigurations.* - - nixosConfigurations.* - diff --git a/machines/dolomite/claw.nix b/machines/dolomite/claw.nix index ead0225..84b3da9 100644 --- a/machines/dolomite/claw.nix +++ b/machines/dolomite/claw.nix @@ -18,6 +18,38 @@ "xen_blkfront" "vmw_pvscsi" ]; + + disko.devices = { + disk = { + main = { + device = "/dev/vda"; + type = "disk"; + content = { + type = "gpt"; + partitions = { + ESP = { + type = "EF00"; + size = "500M"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + }; + root = { + size = "100%"; + content = { + type = "filesystem"; + format = "xfs"; + mountpoint = "/"; + }; + }; + }; + }; + }; + }; + }; + boot.initrd.kernelModules = [ ]; boot.kernelModules = [ ]; boot.extraModulePackages = [ ]; @@ -26,11 +58,6 @@ device = "/dev/vda"; }; - fileSystems."/" = { - device = "/dev/disk/by-uuid/fe563e38-9a57-447a-ba57-c3e53ddd84ee"; - fsType = "ext4"; - }; - swapDevices = [ ]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking diff --git a/machines/dolomite/secrets/hk-00.yaml b/machines/dolomite/secrets/hk-00.yaml index 91d6540..3236479 100644 --- a/machines/dolomite/secrets/hk-00.yaml +++ b/machines/dolomite/secrets/hk-00.yaml @@ -1,5 +1,5 @@ -wg_private_key: ENC[AES256_GCM,data:M4lSTVf5cCbjuPjabYzGV1RQ0ZarM9vP2V8l1MJbLCKPTKGZV5wi9a3IIzA=,iv:M9jU7/xpzHxV3pYIfZqxGnsnbrx8wKN4zKa4qqyL7ak=,tag:+sQMIpmEwqOsBWBnqN6J1Q==,type:str] -wg_ipv6_local_addr: ENC[AES256_GCM,data:mzZDRHo5bD6Vji4LuvE8vEmQR/J5MeCXuS0DVihJcQdBw/NJ5zdATNVD,iv:5OevY9C3oqPhhksnd5itz8TWorFsm/mjs430c2ki+ZM=,tag:/hixvECSasepzvZdBOoO7g==,type:str] +wg_private_key: ENC[AES256_GCM,data:rzWGmeKVKjSaViN7fkgwLXdD7gLwTaNd9dtTdj6POMXqjk6uYNXKhKES/d0=,iv:M9jU7/xpzHxV3pYIfZqxGnsnbrx8wKN4zKa4qqyL7ak=,tag:Pz8P7mq1DpGPVwgTTFmFiw==,type:str] +wg_ipv6_local_addr: ENC[AES256_GCM,data:SuRSCFKW5MM2mtDNNfa3By7hrz66Y+nw/Ij+uO0MHwklAlkydVVKi89D,iv:5OevY9C3oqPhhksnd5itz8TWorFsm/mjs430c2ki+ZM=,tag:DjZjY54Pb1AHIyyzQIlHaw==,type:str] sops: kms: [] gcp_kms: [] @@ -9,23 +9,23 @@ sops: - recipient: age1uw059wcwfvd9xuj0hpqzqpeg7qemecspjrsatg37wc7rs2pumfdsgken0c enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkNmVpY09ZNzhacDdpdVUr - SGc2NGNrRWlMMzE2RVNSN0tHTGNoeVhlWUFRCnpqNy9qMExKUFA0akFnNG1HS0h2 - NXlmWkJMemJkam5oSEFaSENkRTRnczQKLS0tIGNha0RWbGFUWGpROEdoKy9WbC9n - WTUrUjMydHRHODN3TDhyakpHNG1hZjQKR3I8TwUDvvht9ck8YIplCjafhUdvxw7M - VNSjUoacKg0Uu5m777UlBpDdDXBwulrVryFxrKA0Q395+YRJ2Sg0wQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDNXJzOHF2M3RkV2MxeThi + NzFXcHg2QVZzQXZWMlFibE10MnhiekJnSVNzCjJ4TVBXZmk1ZWk5Rjl0WUlHNWc2 + bUdHcCsraEpWb2hqVDAxaVpNdC9SOXMKLS0tIFJ2amxtTXY2VnF2NUlVYXdJZG5R + RHk3SjZIUTQ3VmJpcElmMXd3dFp1RVEKQCe/BYPU9b8aNsTV1z5VKfnesp8KT98T + iRWUz4cuNLEUbmO9H2AuoM2iVtsFmYyPRz2NlSPUMdCHR7MnAGbkFg== -----END AGE ENCRYPTED FILE----- - - recipient: age1w3x5mz2g8jc9aq8cajdpg62f8n5p4qr6jgjlxw9seagyw0t0fsuqvkmym0 + - recipient: age1hrckkydr9yhnyw6qqqptz45yc9suszccu0nd53q2zhlksgy9pqaqmlsdmu enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKZC9GU085TmV6b1FsdGFw - OEFJeVM1WFJib1lFM1luQmlQSGt3Ym1PaVVjCkd4TmhIcVB2Nk4xaHdwSVVHOGJJ - TVErNHZ1ZURKMmk2SzJUajFTV0tJSE0KLS0tIG5jVnZHNm55dncvaDdsWXNidDB1 - TURVTjR3RUJzMmxmNVIyTk5rM0YvMU0KP3R78NlGqbRHmSn2WqanPq8Y9m+olBLO - 2CTJI9QQfPACzz9KoEt5hlpqVpsgQT9CGDpyYEwXrFyxFY4QIh5NPw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArY25mNU1DVnc5eHdPWlpt + a2RtMVRLa3BwRTJQbWIrREcrRGtSdHNsUnpvCkZQN1k0blBON1FLOG5SeFRRalc3 + UTUvNVV6RXpxZmUzVGJlMEVkRzVqUFEKLS0tIHpNYWdaTkMycGp3WW9VNkYrUzZD + NmhOZldZa2lQVEFQQk8zNFI3dm1QaHcKdTuNNHPE/Co4Eg5KWfIFb47w4nt6n7K4 + 7gSrkobL+aZJTGZcEjwh6LsqmxoPbU0jyVk6Lb8cv2I71p1UcF32JA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-10-17T10:52:20Z" - mac: ENC[AES256_GCM,data:lxqZaTqs5d/b/iIZ7BbD2jYJq3fTIbFlbdwKbCAAiXJv8abxN6SjOKuecKEvkJ0Y7qf2e0Cl8lbRwSy5FJb9Wsl9O4LzF0KBu0lssnBtDuZujFldgxJSWB8kQ3vMsPQ+NbmRME3zdKazmuhEwS0h/O6L6KmnfHjtfnDpAjYD+MY=,iv:Xue3R2qGxiw5/hjr9dLiLqeKDTpnwAnx8v9M3qjz5EM=,tag:T67z1oCMoW/ApF6tFJL3dA==,type:str] + lastmodified: "2024-11-22T07:15:56Z" + mac: ENC[AES256_GCM,data:fJcdcoGiqkEPOyINmCjLf+PUc46pCkjZB8q8CE1vxpgLQg+SuaYRByVTuse1xHPVj/ytBiHFHk9btEFcf4F69IyMJl7abuIakTvJctkfs1Y1/lSiDvYBi8+S6n1Oloj63osRX0XKKIabju262zb7KsA6Vyxg9hSJI54dbVRkCqg=,iv:a0dHwBQbQJm1grg9S4T6VMg8177px0sc19GWvvUJYDs=,tag:T1CivleWWnijQQDm/3xP4A==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.1 diff --git a/machines/dolomite/secrets/secrets.yaml b/machines/dolomite/secrets/secrets.yaml index c05a97e..5a33087 100644 --- a/machines/dolomite/secrets/secrets.yaml +++ b/machines/dolomite/secrets/secrets.yaml @@ -1,6 +1,6 @@ sing-box: - password: ENC[AES256_GCM,data:aifvj/rBvmIF6M4SJ6j4rkw0J0oBGUmO,iv:C9KlVngh74z/VjjOGxnlpA4CqFv7TCSD3KSm2l/xGB4=,tag:10zUgbP2exTQ4KK0zeMM2A==,type:str] - uuid: ENC[AES256_GCM,data:ZPEqllAXeLMyVEp/6+9LSL346J2tiuM5tYs404/vp9rnkrvc,iv:Oy/U1c2sW5a2eQQxXAEjqaE85xX5rFapz9k/DtcZR+w=,tag:BHU+ScDBeWnctkDBRnm+4g==,type:str] + password: ENC[AES256_GCM,data:YfMSwvgAu7wBEYCP9/L+FFVdd9dL1Ls3,iv:C9KlVngh74z/VjjOGxnlpA4CqFv7TCSD3KSm2l/xGB4=,tag:/94NFyVHzPIkqn+/NzKTHQ==,type:str] + uuid: ENC[AES256_GCM,data:bDjrhciE0lttJfdL8cvGSf7/gdMRu/Fid+q0yBUqEvWH5ZSm,iv:Oy/U1c2sW5a2eQQxXAEjqaE85xX5rFapz9k/DtcZR+w=,tag:s0HwGkhqvnCQkzfbTEHUWw==,type:str] sops: kms: [] gcp_kms: [] @@ -10,50 +10,50 @@ sops: - recipient: age1uw059wcwfvd9xuj0hpqzqpeg7qemecspjrsatg37wc7rs2pumfdsgken0c enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6dElZTXFjbzhNbE1OYmdP - M0JLVWMyOUpSMnQ1Q2hDc2VXVUxpblhDVUNjCmxGZXRsUmdWWjZPZGFhaDFHNnpx - YVVSWFl1YThwWENSVTdiWkRENlBhdDQKLS0tIGl0OWsrNXljLy9wejd4Q3JmTUFE - WGFaN21vb1EwTDdSOEFVSWlQZWR1Z1kKIy+vG42G/7hTJX9BNYXjy4GNnUEnzUgB - aRoLxgTpkTKezZiKkISQwEuFD8qC7aeQIV1kmGDpNK2uucJfFswvbQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNc0ZvdUIzRXJhVVRuTWZ6 + dkN5OTVDR0tWSXhBZEI1U2srLzJmSnMvOXk4ClhaWk15Wng5WHJPVmtNSTM2OHpF + ZWUrcXNKV21BZ05xMkRwcnFRVkFGd0EKLS0tIGQ1c3psYmV5YXZZR1N6WjZRQndH + TW5WeXVXS2ZtRklPbEs4S1BGYVFxSncKmwg7cINY6Vk8WCWdOEk8quBn67tiieiD + 6bWyq+OQbDoAzwOdZ1Bt6q7YrTWSlrFjs8mk/YWUSFmn2g25grKABg== -----END AGE ENCRYPTED FILE----- - recipient: age13s6rwd3wjk2x5wkn69tdczhl3l5d7mfmlv90efsv4q67jne43qss9tcakx enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvNGE0Sk5lbXVNSjVQUTFF - VFFrVzJKczJwTWJJOEdKTVFhai9RWmJNSkJjCkNKQzRQWmcxTndIcERkMTFubi9K - SXVhbDhEMmRFRCtXdEVqMFdRbjQ3RTgKLS0tIGNIOWYzL0NUeklBRU5paEoyZ211 - NDY5RDdwelMwVjVscHdOaGV2aTMwQUUKZaCo5jFlWxTsELGyQiY4CmcjdUcnBzOU - JzcWDMcODTo/yER/0jdPpdfvUWiGi12voIuqRJkON0x7d3X2d2Sexg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLbUhaSXdmbXJmUGtHb1lr + Sk1GSGJUMHhNQ1lET2VleXlmcDBPd3NodlNNCmRWVUNQOExWVzI0VzR3Wk0vbkp5 + NmV4NlUrbUxNbWdMNGNRdDdvbzhsSmsKLS0tIHgyVFI3REcySGRLai9lVTI2VWpn + enVSUjBoRHN3ekc2ci9oaUhqdnRiVHMKAS+KAsqqF/xm80mucgpHbky2Lw3k/kxH + iQGzhzMsNY3jY/nSARcRjWSRrugDtK5ou+rJySGCOov7U2AlulZl3A== -----END AGE ENCRYPTED FILE----- - recipient: age1t5nw2jx4dw67jkf72uxcxt72j7lq3xyj35lvl09f8kala90h2g2s2a5yvj enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2LzI1M2orSDVyYTRRRnB6 - d25oaHZSMWFUQ2lZTWxtVzFRSkxjd01tNjFZCmJHUWVGd2hYWVlpdk80WUxwM080 - N0V1UW1hUC9GNWlPRCtuYUsxSzdmWUEKLS0tIEhSazVWeEpIVnoweWdnOEU2Q1hT - Yjl6bFRZS2RSRGpPWFdDS2lObCt0MGsKcFXy/2mLLlxY/vP+kCaeaR+9aBRL7ys1 - x+HBAPqvcqvYk3MGBD9TpIW317RthDhEkY57GmtHgqIUsSLWsBgNdw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBha21uc3dQZWZTQmp0Q0pT + WEk5cy9oUm1yN2FxdDU4THIySEk2SDJrMVd3CnZ6c2VneTMwRC8vUG5sM0s1SHNx + dm9mSDdhem1CdkpPQ0dpY2pSbzN0Nk0KLS0tIEpLVGtBSEsyMnpFSk81ekRhVU84 + bTRzTS8wemRHNUJrZWJlc2l0bXFIN3MK8IB0DBkJdTU4evQO41hf/GKGvSm39bWd + CDKCn62RnWLEDlq3xRddqQnr4ogk/6D0lhxvbrN8obCq+Ev1wakAcg== -----END AGE ENCRYPTED FILE----- - recipient: age1fw2sqaa5s9c8ml6ncsexkj8ar4288387ju92ytjys4awf9aw6smqqz94dh enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnL2NXTDNqWkYzQlVvM0xO - ZDk2RTFISHh3TmpTN2cxT3RTVnFUaURpK3dRCmJEVWJnNXdoT0JYYjBvcm4rSkZ0 - QW5WeWhqWnZqaGlLRHphZW5PMUNZTDQKLS0tIGZFc2ZlREgwKysrNEhROUJzbHBU - TzhHdlV1bjduT1hlTVFMTmRtQmN0MFUKhCYQh5uVOjEj2kKSfSUVa8k35mqkDoTk - 3CchebRciIR+w52d6uEsQove0248+OniG6bJ5ykkExLo1RzDQD7pBQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKbEpyNkhrZ0lldU9Bc0lr + Q21ENWFOS0UwK1gzZ1A1SjFKUkRzUTNBV0gwCnBYY0dPakZnaVJWekdlS2hUaXIx + a3J2VjhCalVPMk5qcFkzekpYR0Y2WUEKLS0tIEhYQWUxZjIvTit4R0hHMDYxZXpu + amV1YmxraDRETmdmTmU3ekhQdGlOVjAKzJGI5WomWDMSLHeJZ8Rka4rRv6AEaYnp + NgYpsDF6uhB2a270xzGDHXOUjRFUMhYiz3p+tN/RSzt00Ks/q5SyPg== -----END AGE ENCRYPTED FILE----- - - recipient: age1w3x5mz2g8jc9aq8cajdpg62f8n5p4qr6jgjlxw9seagyw0t0fsuqvkmym0 + - recipient: age1hrckkydr9yhnyw6qqqptz45yc9suszccu0nd53q2zhlksgy9pqaqmlsdmu enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhS0tDdThIRnNaZVZKanZY - bm1uV25nUzZITW5QY2Z2SkZtMFAvY1RVOWdrCnZMZ3F6dHd1TmhCMnZvbFhZYjJK - ZXRVUWNtVXVpOWFYWmdFQ2RZajlTQk0KLS0tIFJSYkxkelFTWkRYMjAvQ2lpTGRQ - bmE0bWg1U1ZkZHR4TEVtR0crbVZxdmcKeVUli/Tt4Xy4XxbUbFj9a4y6c9ZE/NjE - nCKLNYYPsZ/nS6qN3Pdetps4ziajJHUVmxCqNMHD+OoWqT6W8V/O6w== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiRWwwSTd6cGJpZXl6ZjZk + TlJySzdxNXlNMWdjVisrZEUxQWVuNXVqb1NBCklTSkVST092MURDL0JhT1dpWGR1 + QzdJbXROM2ZIRjZUUG5FaFBUVUNHWTgKLS0tIHJycG8vUGJoOVNCcmxwVVlJQ0NO + NlBsZmpCODUwNThCc1RrUkNHMWdQeUUKRHsKHjCRmJ0L5W7Aw5LTf0jlulvBOt4u + IQWkyuw/5Co3cS9DHZ41zlFDKld/+jr1DFpATUSvSTFL+laNcwWwCQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-11-22T05:51:19Z" - mac: ENC[AES256_GCM,data:LPUb7YbELPsgYX+LvfuGdiNG1B5ZrvyRVZL9UiMHoJMDHaWpDGCQkT1bk5jEOewwFh+StK560UsPK4uW0+SqADJO80rmM3xfqlp5Ul2HJ8mU19l5C6FLpv2REIzhCp333rNJJlyhn3H6GZgMaWnjjLSX9XMOVaq1iz6Qt0P76SI=,iv://EdDr5D51RFuucq8gkei2RC7H2bkRYxP/7lerp9dtk=,tag:JrRQ19sZ0OAZouMgOiU/tQ==,type:str] + lastmodified: "2024-11-22T07:16:07Z" + mac: ENC[AES256_GCM,data:ldGU1of+oldDpdgGrlryUSsudUjk2FOKQ/4krY+5fOb07NRl0nvVgWBhVoHbY7JgdFO9EXxJfhLe/vkxjeQ6XxbZQkJFaXBY8MM4S8CPFdUwd2Ebr6e+aNvJR586LtZOfJ0cU8zr/DGm00zIaQParbzXPLq2fvahKgzqv84bM3Y=,iv:ZBzkMkkRRtJ9lIOdrG1fC0YayPZlT7Gsdos7ulFJjD0=,tag:3rSlPFWeVNfeyTIia0hU2w==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.1