The Blue Update #1
13
hosts/lacros/system/boot/default.nix
Normal file
13
hosts/lacros/system/boot/default.nix
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
{ ... }:
|
||||||
|
{
|
||||||
|
boot.initrd = {
|
||||||
|
systemd.enable = true;
|
||||||
|
luks.devices = {
|
||||||
|
crypt-mmc = {
|
||||||
|
device = "/dev/disk/by-uuid/5906e176-7ad3-41e5-bc45-ae65664eb10c";
|
||||||
|
preLVM = true;
|
||||||
|
allowDiscards = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -2,6 +2,7 @@
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
./hardware
|
./hardware
|
||||||
|
./boot
|
||||||
|
|
||||||
# Apps and programs
|
# Apps and programs
|
||||||
../../../modules/system
|
../../../modules/system
|
||||||
|
|
|
@ -1,78 +1,66 @@
|
||||||
|
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||||
|
# and may be overwritten by future invocations. Please make changes
|
||||||
|
# to /etc/nixos/configuration.nix instead.
|
||||||
{ config, lib, pkgs, modulesPath, ... }:
|
{ config, lib, pkgs, modulesPath, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
imports = [
|
imports =
|
||||||
(modulesPath + "/installer/scan/not-detected.nix")
|
[ (modulesPath + "/installer/scan/not-detected.nix")
|
||||||
];
|
];
|
||||||
|
|
||||||
boot = {
|
boot.initrd.availableKernelModules = [ "xhci_pci" "sdhci_pci" ];
|
||||||
initrd = {
|
boot.initrd.kernelModules = [ "dm-snapshot" ];
|
||||||
availableKernelModules = [
|
boot.kernelModules = [ "kvm-intel" ];
|
||||||
"xhci_pci"
|
boot.extraModulePackages = [ ];
|
||||||
"usb_storage"
|
|
||||||
"sd_mod"
|
|
||||||
"sdhci_pci"
|
|
||||||
];
|
|
||||||
kernelModules = [
|
|
||||||
"dm-snapshot"
|
|
||||||
"kvm-intel"
|
|
||||||
];
|
|
||||||
|
|
||||||
# Encryption and TPM
|
fileSystems."/" =
|
||||||
systemd.enable = true;
|
{ device = "/dev/disk/by-uuid/e8c9c5a8-4df0-4100-8de6-f08a1a774fad";
|
||||||
luks.devices = {
|
fsType = "btrfs";
|
||||||
crypt-mmc = {
|
options = [ "subvol=@" ];
|
||||||
device = "/dev/disk/by-uuid/5906e176-7ad3-41e5-bc45-ae65664eb10c";
|
|
||||||
preLVM = true;
|
|
||||||
allowDiscards = true;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
|
|
||||||
fileSystems = {
|
fileSystems."/nix" =
|
||||||
"/" = {
|
{ device = "/dev/disk/by-uuid/e8c9c5a8-4df0-4100-8de6-f08a1a774fad";
|
||||||
device = "/dev/disk/by-uuid/e8c9c5a8-4df0-4100-8de6-f08a1a774fad";
|
|
||||||
fsType = "btrfs";
|
fsType = "btrfs";
|
||||||
options = [ "subvol=@" "noatime" "nodiratime" "discard" ];
|
options = [ "subvol=@nix" ];
|
||||||
};
|
};
|
||||||
"/home" = {
|
|
||||||
device = "/dev/disk/by-uuid/e8c9c5a8-4df0-4100-8de6-f08a1a774fad";
|
fileSystems."/var" =
|
||||||
|
{ device = "/dev/disk/by-uuid/e8c9c5a8-4df0-4100-8de6-f08a1a774fad";
|
||||||
fsType = "btrfs";
|
fsType = "btrfs";
|
||||||
options = [ "subvol=@home" "noatime" "nodiratime" "discard" ];
|
options = [ "subvol=@var" ];
|
||||||
};
|
};
|
||||||
"/var" = {
|
|
||||||
device = "/dev/disk/by-uuid/e8c9c5a8-4df0-4100-8de6-f08a1a774fad";
|
fileSystems."/.snapshots" =
|
||||||
|
{ device = "/dev/disk/by-uuid/e8c9c5a8-4df0-4100-8de6-f08a1a774fad";
|
||||||
fsType = "btrfs";
|
fsType = "btrfs";
|
||||||
options = [ "subvol=@var" "noatime" "nodiratime" "discard" ];
|
options = [ "subvol=@snapshots" ];
|
||||||
};
|
};
|
||||||
"/nix" = {
|
|
||||||
device = "/dev/disk/by-uuid/e8c9c5a8-4df0-4100-8de6-f08a1a774fad";
|
fileSystems."/home" =
|
||||||
|
{ device = "/dev/disk/by-uuid/e8c9c5a8-4df0-4100-8de6-f08a1a774fad";
|
||||||
fsType = "btrfs";
|
fsType = "btrfs";
|
||||||
options = [ "subvol=@nix" "noatime" "nodiratime" "discard" ];
|
options = [ "subvol=@home" ];
|
||||||
};
|
};
|
||||||
"/.snapshots" = {
|
|
||||||
device = "/dev/disk/by-uuid/e8c9c5a8-4df0-4100-8de6-f08a1a774fad";
|
fileSystems."/boot" =
|
||||||
fsType = "btrfs";
|
{ device = "/dev/disk/by-uuid/1C76-1006";
|
||||||
options = [ "subvol=@snapshots" "noatime" "nodiratime" "discard" ];
|
|
||||||
};
|
|
||||||
"/boot" = {
|
|
||||||
device = "/dev/disk/by-uuid/1C76-1006";
|
|
||||||
fsType = "vfat";
|
fsType = "vfat";
|
||||||
options = [ "fmask=0022" "dmask=0022" ];
|
options = [ "fmask=0022" "dmask=0022" ];
|
||||||
};
|
};
|
||||||
"/home/jimbo/JimboNFS" = {
|
|
||||||
device = "${config.ips.wgSpan}.1:/export/JimboNFS";
|
|
||||||
fsType = "nfs4";
|
|
||||||
options = ["x-systemd.automount" "_netdev" "nofail" "noauto"];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
swapDevices = [
|
swapDevices =
|
||||||
{ device = "/dev/disk/by-uuid/54a9cc22-4a2c-4e04-a968-313c34481489"; }
|
[ { device = "/dev/disk/by-uuid/54a9cc22-4a2c-4e04-a968-313c34481489"; }
|
||||||
];
|
];
|
||||||
|
|
||||||
|
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||||
|
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||||
|
# still possible to use this option, but it's recommended to use it in conjunction
|
||||||
|
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||||
networking.useDHCP = lib.mkDefault true;
|
networking.useDHCP = lib.mkDefault true;
|
||||||
|
# networking.interfaces.wg0.useDHCP = lib.mkDefault true;
|
||||||
|
# networking.interfaces.wlan0.useDHCP = lib.mkDefault true;
|
||||||
|
|
||||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||||
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,65 +0,0 @@
|
||||||
{ lib, config, ... }:
|
|
||||||
{
|
|
||||||
options.secrets = lib.mkOption {
|
|
||||||
type = lib.types.attrs;
|
|
||||||
default = {};
|
|
||||||
};
|
|
||||||
|
|
||||||
config.secrets = {
|
|
||||||
# Define domains
|
|
||||||
jimDomain = "jimbosfiles.com";
|
|
||||||
|
|
||||||
# User passwords, generated with 'mkpasswd -m sha-512'
|
|
||||||
jimboAccPass = "$6$gYpE.pG/zPXgin06$2kydjDfd0K62Dhf9P0PFvJhRNz6xIC/bHYaf/XYqyKcLyZNzPQpy8uy9tCRcSYlj1wwBhzVtTRyItwajOHCEj0";
|
|
||||||
|
|
||||||
# Cloudflare API key
|
|
||||||
flareApiKey = "ICUi1Zj0e_boCkeUJbXP9dJusv_qX_zhKWQGPcFe";
|
|
||||||
|
|
||||||
# Wireguard keys, generated with the wg command
|
|
||||||
wgServerPriv = "WHxxi53Yp8NRZhT+BQnvC62BckOeG1x2SOvkWlm0tGo=";
|
|
||||||
wgServerPub = "qnOT/lXOJMaQgDUdXpyfGZB2IEyUouRje2m/bCe9ux8=";
|
|
||||||
wgClientPriv = "MK9j0eYlgv+MZ9sSYO6C3lfqScpLPwcBqEckJ7o7tU4=";
|
|
||||||
wgClientPub = "OKUH/h6YSURI4vgeTZKQD15QsqaygdbTn1mAWzQp9S0=";
|
|
||||||
wgPixel9Pub = "dPCtjm67adMZCnyL1O2L+uUOk0RbjA9T/tht1r+qcE4=";
|
|
||||||
wgOraclePub = "ZCKlYHl7uKjDRsvIDH9hLgiMCpxKG8Jn70gjwmtdqRk=";
|
|
||||||
|
|
||||||
# Icecast, plaintext
|
|
||||||
castAdminPass = "Gw9P8tW$omeq#reZA$b^jDy9VN";
|
|
||||||
castSourcePass = "KkFDeM0SHIL*s6!d4x*a4b#bcq";
|
|
||||||
|
|
||||||
# Photoprism, plaintext
|
|
||||||
prismAdminPass = "gr3SkIqSBjDmypyxU!Zj9*CJ4X";
|
|
||||||
|
|
||||||
# Matrix secrets
|
|
||||||
matrixSecret = "bea7db528a95d8225c5fe6bf92614816fe9d31496b510dff78b1608cfb36f82a";
|
|
||||||
discordBotID = "1277874425810915430";
|
|
||||||
discordBotToken = "MTI3Nzg3NDQyNTgxMDkxNTQzMA.GvnfmN.wmNGJs7_lpkoz-XHkIEPhMh47MfsRZmbfFVOT8";
|
|
||||||
|
|
||||||
# Pixelfed secret, must be 32 characters long
|
|
||||||
pixelfedKey = ''APP_KEY=W9qein6055k9GdvwGbdJ6WxQ71Lr51cQ'';
|
|
||||||
|
|
||||||
# Transmission credentials, plaintext
|
|
||||||
transmissionCredFile = ''
|
|
||||||
{
|
|
||||||
"rpc-username": "jimbo",
|
|
||||||
"rpc-password": "w%QbIEZhoi4jh*j*PKaZLkKk96"
|
|
||||||
}
|
|
||||||
'';
|
|
||||||
|
|
||||||
# Email cleartext passwords
|
|
||||||
noreplyPassword = "5mpEp3P^n6A%r3fznJA5";
|
|
||||||
|
|
||||||
# Email account hashes, generated with 'mkpasswd -m bcrypt'
|
|
||||||
noreplyMailHash = "$2b$05$7VibcFKXy5Ff9sUMh3KWBeSXkInXNeaADa71Md/swt5RCk5s7UnM2";
|
|
||||||
jimboMailHash = "$2a$12$vHeFInRpfp.lpfR/k8ptNecs3ztKjkRTr9hae0DP8yEN1ZHKM2sxe";
|
|
||||||
lunaMailHash = "$2y$10$ksBfmuuojCWnzFqpBDoE/OoGZyqfP.Luo2il7wWcqHemHgqhpQdi6";
|
|
||||||
freecornMailHash = "$2b$05$7EF0TV39XzTYPIdWOoMnlegX8qLkcHxUytkvAt5sRDQE1oquAFTqm";
|
|
||||||
tinyMailHash = "$2a$12$beq/ZO3hRz5mmGe9Cvvx8u/sNJcjVHlQQ5axv8IBmdJav60n7fuK6";
|
|
||||||
|
|
||||||
# IPs
|
|
||||||
jimIP1 = "99.247.177.43";
|
|
||||||
jimIP2 = "184.144.76.19";
|
|
||||||
lunaIP = "71.87.124.226";
|
|
||||||
cornIP = "24.66.98.13";
|
|
||||||
};
|
|
||||||
}
|
|
Loading…
Reference in a new issue